How to use xml-crypto - 10 common examples

To help you get started, we’ve selected a few xml-crypto examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github AzureAD / passport-azure-ad / lib / saml.js View on Github external
SAML.prototype.validateSignature = function validSignature(xml, cert) {
  const doc = new xmldom.DOMParser().parseFromString(xml);
  const xpathExpression = '//*[local-name(.)="Signature" and namespace-uri(.)="http: //www.w3.org/2000/09/xmldsig#"]';
  const signature = xmlCrypto.xpath(doc, xpathExpression)[0];
  const sig = new xmlCrypto.SignedXml();
  sig.keyInfoProvider = {
    getKeyInfo: () => {
      return '';
    },
    getKey: () => {
      // should I use the key in keyInfo or in cert?
      return pem.certToPEM(cert);
    },
  };
  sig.loadSignature(signature.toString());
  return sig.checkSignature(xml);
};
github socialtables / saml-protocol / lib / util / signing.js View on Github external
function signXML(xml, signatureLocation, signedXPath, credentials, options) {

	options = options || {};

	// create and configure xml-crypto SignedXml instance
	const signatureAlgorithm = resolveSignatureAlgorithm(options.signatureAlgorithm);
	const signer = new SignedXml(null, {
		signatureAlgorithm: signatureAlgorithm
	});

	signer.keyInfoProvider = new CertKeyInfo(credentials.certificate);
	signer.signingKey = pemFormatting.addPEMHeaders("RSA PRIVATE KEY", credentials.privateKey);

	signer.addReference(signedXPath, [
		"http://www.w3.org/2000/09/xmldsig#enveloped-signature",
		"http://www.w3.org/2001/10/xml-exc-c14n#"
	]);

	// compute signature and return signed XML document string
	signer.computeSignature(xml, {
		prefix: options.prefix || "ds",
		location: signatureLocation || ""
	});
github auth0 / node-saml / lib / saml20.js View on Github external
if (!options.cert)
    throw new Error('Expect a public key cert in pem format');

  options.signatureAlgorithm = options.signatureAlgorithm || 'rsa-sha256';
  options.digestAlgorithm = options.digestAlgorithm || 'sha256';

  options.includeAttributeNameFormat = (typeof options.includeAttributeNameFormat !== 'undefined') ? options.includeAttributeNameFormat : true;
  options.typedAttributes = (typeof options.typedAttributes !== 'undefined') ? options.typedAttributes : true;

  // 0.10.1 added prefix, but we want to name it signatureNamespacePrefix - This is just to keep supporting prefix
  options.signatureNamespacePrefix = options.signatureNamespacePrefix || options.prefix;
  options.signatureNamespacePrefix = typeof options.signatureNamespacePrefix === 'string' ? options.signatureNamespacePrefix : '' ; 

  var cert = utils.pemToCert(options.cert);

  var sig = new SignedXml(null, { signatureAlgorithm: algorithms.signature[options.signatureAlgorithm], idAttribute: 'ID' });
  sig.addReference("//*[local-name(.)='Assertion']",
                  ["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"],
                  algorithms.digest[options.digestAlgorithm]);

  sig.signingKey = options.key;
  
  sig.keyInfoProvider = {
    getKeyInfo: function (key, prefix) {
      prefix = prefix ? prefix + ':' : prefix;
      return "<" + prefix + "X509Data><" + prefix + "X509Certificate>" + cert + "";
    }
  };

  var doc;
  try {
    doc = new Parser().parseFromString(saml20.toString());
github RocketChat / Rocket.Chat / app / meteor-accounts-saml / server / saml_utils.js View on Github external
SAML.prototype.validateSignature = function(xml, cert) {
	const self = this;

	const doc = new xmldom.DOMParser().parseFromString(xml);
	const signature = xmlCrypto.xpath(doc, '//*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0];

	const sig = new xmlCrypto.SignedXml();

	sig.keyInfoProvider = {
		getKeyInfo(/* key*/) {
			return '';
		},
		getKey(/* keyInfo*/) {
			return self.certToPEM(cert);
		},
	};

	sig.loadSignature(signature);

	return sig.checkSignature(xml);
};
github tngan / samlify / lib / SamlLib.js View on Github external
verifySignature: function verifySignature(xml, signature, opts) {
      var options = opts || {};
      var refXPath = options.referenceXPath;
      var signatureAlgorithm = options.signatureAlgorithm || signatureAlgorithms.RSA_SHA1; // SS1.1
      var sig = new SignedXml();
      sig.signatureAlgorithm = signatureAlgorithm; // SS1.1
      // Add assertion sections as reference
      if(options.keyFile) {
        sig.keyInfoProvider = new FileKeyInfo(options.keyFile);
      } else if(options.cert) {
        sig.keyInfoProvider = new this.getKeyInfo(options.cert.getX509Certificate(certUsage.SIGNING));
      } else {
        throw new Error('Undefined certificate or keyfile in \'opts\' object');
      }
      sig.loadSignature(signature.toString());
      var res = sig.checkSignature(xml);
      if (!res) {
        throw new Error(sig.validationErrors);
      } else {
        return true;
      }
github RocketChat / Rocket.Chat / app / meteor-accounts-saml / server / saml_utils.js View on Github external
SAML.prototype.validateSignature = function(xml, cert) {
	const self = this;

	const doc = new xmldom.DOMParser().parseFromString(xml);
	const signature = xmlCrypto.xpath(doc, '//*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0];

	const sig = new xmlCrypto.SignedXml();

	sig.keyInfoProvider = {
		getKeyInfo(/* key*/) {
			return '';
		},
		getKey(/* keyInfo*/) {
			return self.certToPEM(cert);
		},
	};

	sig.loadSignature(signature);

	return sig.checkSignature(xml);
};
github auth0 / node-samlp / lib / signers.js View on Github external
module.exports.validateXmlEmbeddedSignature = function (xml, options) {
  var calculatedThumbprint = '';
  var signature = xmlCrypto.xpath(xml, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
  if (!signature){
    return ['Signature is missing'];
  }

  if (options.thumprints){
    // Make sure thumprints is an array for the validation 
    options.thumbprints = options.thumbprints instanceof Array ? options.thumbprints : [options.thumbprints];
  }

  var sig = new SignedXml();

  sig.keyInfoProvider = {
    getKeyInfo: function () {
      return "";
    },
    getKey: function (keyInfo) {
github tngan / samlify / src / libsaml.ts View on Github external
selection.forEach(signatureNode => {
        sig.signatureAlgorithm = opts.signatureAlgorithm;
        if (opts.keyFile) {
          sig.keyInfoProvider = new FileKeyInfo(opts.keyFile);
        } else if (opts.cert) {

          const certificateNode = select(".//*[local-name(.)='X509Certificate']", signatureNode) as any;

          // certificate in metadata
          let metadataCert: any = opts.cert.getX509Certificate(certUse.signing);
          if (typeof metadataCert === 'string') {
            metadataCert = [metadataCert];
          } else if (metadataCert instanceof Array) {
            // flattens the nested array of Certificates from each KeyDescriptor
            metadataCert = flattenDeep(metadataCert);
          }
          metadataCert = metadataCert.map(utility.normalizeCerString);

          // use the first
          let selectedCert = metadataCert[0];
github tngan / samlify / lib / SamlLib.js View on Github external
verifySignature: function verifySignature(xml, signature, opts) {
      var options = opts || {};
      var refXPath = options.referenceXPath;
      var signatureAlgorithm = options.signatureAlgorithm || signatureAlgorithms.RSA_SHA1; // SS1.1
      var sig = new SignedXml();
      sig.signatureAlgorithm = signatureAlgorithm; // SS1.1
      // Add assertion sections as reference
      if(options.keyFile) {
        sig.keyInfoProvider = new FileKeyInfo(options.keyFile);
      } else if(options.cert) {
        sig.keyInfoProvider = new this.getKeyInfo(options.cert.getX509Certificate(certUsage.SIGNING));
      } else {
        throw new Error('Undefined certificate or keyfile in \'opts\' object');
      }
      sig.loadSignature(signature.toString());
      var res = sig.checkSignature(xml);
      if (!res) {
        throw new Error(sig.validationErrors);
      } else {
        return true;
      }
    },
    /**
github node-ebics / node-ebics-client / lib / orders / H004 / signer.js View on Github external
const sign = (doc, key) => {
	const nodeSignatureValue = doc.getElementsByTagName('ds:SignatureValue')[0];

	if (nodeSignatureValue) {
		const select = xpath.useNamespaces({ ds: 'http://www.w3.org/2000/09/xmldsig#' });
		const contentToSign = (new C14n().process(select('//ds:SignedInfo', doc)[0])).replace('xmlns:ds="http://www.w3.org/2000/09/xmldsig#"', 'xmlns="urn:org:ebics:H004" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"');

		nodeSignatureValue.textContent = Crypto.privateSign(key, contentToSign); // this.keys.x().key.sign(contentToSign, 'base64');
	}

	return doc;
};

xml-crypto

Xml digital signature and encryption library for Node.js

MIT
Latest version published 11 months ago

Package Health Score

79 / 100
Full package analysis