How to use xml-crypto - 10 common examples
To help you get started, we’ve selected a few xml-crypto examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
AzureAD / passport-azure-ad / lib / saml.js View on Github 
SAML.prototype.validateSignature = function validSignature(xml, cert) {
const doc = new xmldom.DOMParser().parseFromString(xml);
const xpathExpression = '//*[local-name(.)="Signature" and namespace-uri(.)="http: //www.w3.org/2000/09/xmldsig#"]';
const signature = xmlCrypto.xpath(doc, xpathExpression)[0];
const sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
getKeyInfo: () => {
return '';
},
getKey: () => {
// should I use the key in keyInfo or in cert?
return pem.certToPEM(cert);
},
};
sig.loadSignature(signature.toString());
return sig.checkSignature(xml);
};function signXML(xml, signatureLocation, signedXPath, credentials, options) {
options = options || {};
// create and configure xml-crypto SignedXml instance
const signatureAlgorithm = resolveSignatureAlgorithm(options.signatureAlgorithm);
const signer = new SignedXml(null, {
signatureAlgorithm: signatureAlgorithm
});
signer.keyInfoProvider = new CertKeyInfo(credentials.certificate);
signer.signingKey = pemFormatting.addPEMHeaders("RSA PRIVATE KEY", credentials.privateKey);
signer.addReference(signedXPath, [
"http://www.w3.org/2000/09/xmldsig#enveloped-signature",
"http://www.w3.org/2001/10/xml-exc-c14n#"
]);
// compute signature and return signed XML document string
signer.computeSignature(xml, {
prefix: options.prefix || "ds",
location: signatureLocation || ""
});if (!options.cert)
throw new Error('Expect a public key cert in pem format');
options.signatureAlgorithm = options.signatureAlgorithm || 'rsa-sha256';
options.digestAlgorithm = options.digestAlgorithm || 'sha256';
options.includeAttributeNameFormat = (typeof options.includeAttributeNameFormat !== 'undefined') ? options.includeAttributeNameFormat : true;
options.typedAttributes = (typeof options.typedAttributes !== 'undefined') ? options.typedAttributes : true;
// 0.10.1 added prefix, but we want to name it signatureNamespacePrefix - This is just to keep supporting prefix
options.signatureNamespacePrefix = options.signatureNamespacePrefix || options.prefix;
options.signatureNamespacePrefix = typeof options.signatureNamespacePrefix === 'string' ? options.signatureNamespacePrefix : '' ;
var cert = utils.pemToCert(options.cert);
var sig = new SignedXml(null, { signatureAlgorithm: algorithms.signature[options.signatureAlgorithm], idAttribute: 'ID' });
sig.addReference("//*[local-name(.)='Assertion']",
["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"],
algorithms.digest[options.digestAlgorithm]);
sig.signingKey = options.key;
sig.keyInfoProvider = {
getKeyInfo: function (key, prefix) {
prefix = prefix ? prefix + ':' : prefix;
return "<" + prefix + "X509Data><" + prefix + "X509Certificate>" + cert + "";
}
};
var doc;
try {
doc = new Parser().parseFromString(saml20.toString());SAML.prototype.validateSignature = function(xml, cert) {
const self = this;
const doc = new xmldom.DOMParser().parseFromString(xml);
const signature = xmlCrypto.xpath(doc, '//*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0];
const sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
getKeyInfo(/* key*/) {
return '';
},
getKey(/* keyInfo*/) {
return self.certToPEM(cert);
},
};
sig.loadSignature(signature);
return sig.checkSignature(xml);
};verifySignature: function verifySignature(xml, signature, opts) {
var options = opts || {};
var refXPath = options.referenceXPath;
var signatureAlgorithm = options.signatureAlgorithm || signatureAlgorithms.RSA_SHA1; // SS1.1
var sig = new SignedXml();
sig.signatureAlgorithm = signatureAlgorithm; // SS1.1
// Add assertion sections as reference
if(options.keyFile) {
sig.keyInfoProvider = new FileKeyInfo(options.keyFile);
} else if(options.cert) {
sig.keyInfoProvider = new this.getKeyInfo(options.cert.getX509Certificate(certUsage.SIGNING));
} else {
throw new Error('Undefined certificate or keyfile in \'opts\' object');
}
sig.loadSignature(signature.toString());
var res = sig.checkSignature(xml);
if (!res) {
throw new Error(sig.validationErrors);
} else {
return true;
}SAML.prototype.validateSignature = function(xml, cert) {
const self = this;
const doc = new xmldom.DOMParser().parseFromString(xml);
const signature = xmlCrypto.xpath(doc, '//*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0];
const sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
getKeyInfo(/* key*/) {
return '';
},
getKey(/* keyInfo*/) {
return self.certToPEM(cert);
},
};
sig.loadSignature(signature);
return sig.checkSignature(xml);
};module.exports.validateXmlEmbeddedSignature = function (xml, options) {
var calculatedThumbprint = '';
var signature = xmlCrypto.xpath(xml, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
if (!signature){
return ['Signature is missing'];
}
if (options.thumprints){
// Make sure thumprints is an array for the validation
options.thumbprints = options.thumbprints instanceof Array ? options.thumbprints : [options.thumbprints];
}
var sig = new SignedXml();
sig.keyInfoProvider = {
getKeyInfo: function () {
return "";
},
getKey: function (keyInfo) {selection.forEach(signatureNode => {
sig.signatureAlgorithm = opts.signatureAlgorithm;
if (opts.keyFile) {
sig.keyInfoProvider = new FileKeyInfo(opts.keyFile);
} else if (opts.cert) {
const certificateNode = select(".//*[local-name(.)='X509Certificate']", signatureNode) as any;
// certificate in metadata
let metadataCert: any = opts.cert.getX509Certificate(certUse.signing);
if (typeof metadataCert === 'string') {
metadataCert = [metadataCert];
} else if (metadataCert instanceof Array) {
// flattens the nested array of Certificates from each KeyDescriptor
metadataCert = flattenDeep(metadataCert);
}
metadataCert = metadataCert.map(utility.normalizeCerString);
// use the first
let selectedCert = metadataCert[0];verifySignature: function verifySignature(xml, signature, opts) {
var options = opts || {};
var refXPath = options.referenceXPath;
var signatureAlgorithm = options.signatureAlgorithm || signatureAlgorithms.RSA_SHA1; // SS1.1
var sig = new SignedXml();
sig.signatureAlgorithm = signatureAlgorithm; // SS1.1
// Add assertion sections as reference
if(options.keyFile) {
sig.keyInfoProvider = new FileKeyInfo(options.keyFile);
} else if(options.cert) {
sig.keyInfoProvider = new this.getKeyInfo(options.cert.getX509Certificate(certUsage.SIGNING));
} else {
throw new Error('Undefined certificate or keyfile in \'opts\' object');
}
sig.loadSignature(signature.toString());
var res = sig.checkSignature(xml);
if (!res) {
throw new Error(sig.validationErrors);
} else {
return true;
}
},
/**const sign = (doc, key) => {
const nodeSignatureValue = doc.getElementsByTagName('ds:SignatureValue')[0];
if (nodeSignatureValue) {
const select = xpath.useNamespaces({ ds: 'http://www.w3.org/2000/09/xmldsig#' });
const contentToSign = (new C14n().process(select('//ds:SignedInfo', doc)[0])).replace('xmlns:ds="http://www.w3.org/2000/09/xmldsig#"', 'xmlns="urn:org:ebics:H004" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"');
nodeSignatureValue.textContent = Crypto.privateSign(key, contentToSign); // this.keys.x().key.sign(contentToSign, 'base64');
}
return doc;
};xml-crypto
Xml digital signature and encryption library for Node.js
