-
Notifications
You must be signed in to change notification settings - Fork 89
Expand file tree
/
Copy pathsign.js
More file actions
131 lines (116 loc) · 3.82 KB
/
sign.js
File metadata and controls
131 lines (116 loc) · 3.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
const utils = require('../utils');
const SignedXml = require('xml-crypto').SignedXml;
const algorithms = {
signature: {
'rsa-sha256': 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
'rsa-sha1': 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
},
digest: {
'sha256': 'http://www.w3.org/2001/04/xmlenc#sha256',
'sha1': 'http://www.w3.org/2000/09/xmldsig#sha1'
}
};
exports.fromSignXmlOptions = function (options) {
if (!options.key)
throw new Error('Expect a private key in pem format');
if (!options.cert)
throw new Error('Expect a public key cert in pem format');
if (!options.xpathToNodeBeforeSignature)
throw new Error('xpathToNodeBeforeSignature is required')
const key = options.key;
const pem = options.cert;
const signatureAlgorithm = options.signatureAlgorithm || 'rsa-sha256';
const digestAlgorithm = options.digestAlgorithm || 'sha256';
const signatureNamespacePrefix = (function (prefix) {
// 0.10.1 added prefix, but we want to name it signatureNamespacePrefix - This is just to keep supporting prefix
return typeof prefix === 'string' ? prefix : '';
})(options.signatureNamespacePrefix || options.prefix);
const xpathToNodeBeforeSignature = options.xpathToNodeBeforeSignature;
const idAttribute = options.signatureIdAttribute;
/**
* @param {Document} doc
* @param {Function} [callback]
* @return {string}
*/
return function signXmlDocument(doc, callback) {
function sign(key, signCallback) {
const unsigned = exports.unsigned(doc);
const cert = utils.pemToCert(pem);
const sig = new SignedXml(null, {
signatureAlgorithm: algorithms.signature[signatureAlgorithm],
idAttribute: idAttribute
});
sig.addReference("//*[local-name(.)='Assertion']",
["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"],
algorithms.digest[digestAlgorithm]);
sig.signingKey = key;
sig.keyInfoProvider = {
getKeyInfo: function (key, prefix) {
prefix = prefix ? prefix + ':' : prefix;
return "<" + prefix + "X509Data><" + prefix + "X509Certificate>" + cert + "</" + prefix + "X509Certificate></" + prefix + "X509Data>";
}
};
if (signCallback == null) {
sig.computeSignature(unsigned, {
location: {reference: xpathToNodeBeforeSignature, action: 'after'},
prefix: signatureNamespacePrefix
});
return sig.getSignedXml();
} else {
sig.computeSignature(unsigned, {
location: {reference: xpathToNodeBeforeSignature, action: 'after'},
prefix: signatureNamespacePrefix
}, function (err) {
if (err != null) {
signCallback(err, null)
} else {
signCallback(null, sig.getSignedXml())
}
});
}
}
if (callback != null) {
sign(key, function(err, signed) {
if (err != null) {
sign(utils.fixPemFormatting(key), function(err, signed) {
setImmediate(callback, err, signed);
})
return;
}
setImmediate(callback, null, signed);
})
} else {
let signed
try {
try {
signed = sign(key)
} catch (err) {
signed = sign(utils.fixPemFormatting(key))
}
if (callback) {
setImmediate(callback, null, signed);
} else {
return signed;
}
} catch (e) {
if (callback) {
setImmediate(callback, e)
}
throw e
}
}
};
};
/**
* @param {Document} doc
* @param {Function} [callback]
* @return {string}
*/
exports.unsigned = function (doc, callback) {
const xml = utils.removeWhitespace(doc.toString());
if (callback) {
setImmediate(callback, null, xml)
} else {
return xml;
}
}