Accept DOM when calling checkSignature

elbuo8 · elbuo8 · commit 0817e460302d · 2025-04-22T10:54:00.000-04:00
diff --git a/src/signed-xml.ts b/src/signed-xml.ts
@@ -245,26 +245,25 @@ export class SignedXml {
    * @returns `true` if the signature is valid
    * @throws Error if no key info resolver is provided.
    */
-  checkSignature(xml: string): boolean;
+  checkSignature(xml: Document | string): boolean;
   /**
    * Validates the signature of the provided XML document synchronously using the configured key info provider.
    *
    * @param xml The XML document containing the signature to be validated.
    * @param callback Callback function to handle the validation result asynchronously.
    * @throws Error if the last parameter is provided and is not a function, or if no key info resolver is provided.
    */
-  checkSignature(xml: string, callback: (error: Error | null, isValid?: boolean) => void): void;
+  checkSignature(xml: Document | string, callback: (error: Error | null, isValid?: boolean) => void): void;
   checkSignature(
-    xml: string,
+    xml: Document | string,
     callback?: (error: Error | null, isValid?: boolean) => void,
   ): unknown {
     if (callback != null && typeof callback !== "function") {
       throw new Error("Last parameter must be a callback function");
     }
 
-    this.signedXml = xml;
-
-    const doc = new xmldom.DOMParser().parseFromString(xml);
+    const doc = typeof xml === "string" ? new xmldom.DOMParser().parseFromString(xml) : xml;
+    this.signedXml = doc.toString();
 
     // Reset the references as only references from our re-parsed signedInfo node can be trusted
     this.references = [];
@@ -347,7 +346,7 @@ export class SignedXml {
 
     // Check the signature verification to know whether to reset signature value or not.
     const sigRes = signer.verifySignature(unverifiedSignedInfoCanon, key, this.signatureValue);
-    if (sigRes === true) {
+    if (sigRes) {
       if (callback) {
         callback(null, true);
       } else {
diff --git a/test/signature-unit-tests.spec.ts b/test/signature-unit-tests.spec.ts
@@ -873,7 +873,7 @@ describe("Signature unit tests", function () {
           return fs.readFileSync("./test/static/client.pem", "latin1");
         };
 
-        const checkedSignature = sig.checkSignature(xml);
+        const checkedSignature = sig.checkSignature(toString ? doc.toString() : doc );
         expect(checkedSignature).to.be.true;
 
         /* eslint-disable-next-line deprecation/deprecation */
@@ -931,7 +931,6 @@ describe("Signature unit tests", function () {
         const sig = new SignedXml({ idMode });
         sig.publicCert = fs.readFileSync("./test/static/client_public.pem");
         sig.loadSignature(node);
-
         return sig;
       }
 
@@ -955,8 +954,9 @@ describe("Signature unit tests", function () {
       function throwsValidatingSignature(file: string, idMode?: "wssecurity") {
         const xml = fs.readFileSync(file).toString();
         const sig = loadSignature(xml, idMode);
+        const doc = new xmldom.DOMParser().parseFromString(xml);
         expect(
-          () => sig.checkSignature(xml),
+          () => sig.checkSignature(doc),
           "expected an error to be thrown because signatures couldn't be checked for validity",
         ).to.throw();
         expect(sig.getSignedReferences().length).to.equal(0);
