How to use the xml-crypto.FileKeyInfo function in xml-crypto
To help you get started, we’ve selected a few xml-crypto examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
tngan / samlify / src / libsaml.ts View on Github 
selection.forEach(signatureNode => {
sig.signatureAlgorithm = opts.signatureAlgorithm;
if (opts.keyFile) {
sig.keyInfoProvider = new FileKeyInfo(opts.keyFile);
} else if (opts.cert) {
const certificateNode = select(".//*[local-name(.)='X509Certificate']", signatureNode) as any;
// certificate in metadata
let metadataCert: any = opts.cert.getX509Certificate(certUse.signing);
if (typeof metadataCert === 'string') {
metadataCert = [metadataCert];
} else if (metadataCert instanceof Array) {
// flattens the nested array of Certificates from each KeyDescriptor
metadataCert = flattenDeep(metadataCert);
}
metadataCert = metadataCert.map(utility.normalizeCerString);
// use the first
let selectedCert = metadataCert[0];verifySignature: function verifySignature(xml, signature, opts) {
var options = opts || {};
var refXPath = options.referenceXPath;
var signatureAlgorithm = options.signatureAlgorithm || signatureAlgorithms.RSA_SHA1; // SS1.1
var sig = new SignedXml();
sig.signatureAlgorithm = signatureAlgorithm; // SS1.1
// Add assertion sections as reference
if(options.keyFile) {
sig.keyInfoProvider = new FileKeyInfo(options.keyFile);
} else if(options.cert) {
sig.keyInfoProvider = new this.getKeyInfo(options.cert.getX509Certificate(certUsage.SIGNING));
} else {
throw new Error('Undefined certificate or keyfile in \'opts\' object');
}
sig.loadSignature(signature.toString());
var res = sig.checkSignature(xml);
if (!res) {
throw new Error(sig.validationErrors);
} else {
return true;
}
},
/**function createMockSignature(test, file) {
var callback = function(ctx, reqDoc, response_callback) {
ctx.response = fs.readFileSync(file)
response_callback(ctx)
}
var res = createSignature(test, callback)
res.security.options.responseKeyInfoProvider = new FileKeyInfo("./examples/server_public.pem")
return res
}"sign body, timestamp, wsa": function(test) {
var x509 = new X509BinarySecurityToken(
{ "key": fs.readFileSync("./examples/client.pem").toString()})
var signature = new ws.Signature(x509)
signature.addReference("//*[local-name(.)='Body']")
signature.addReference("//*[local-name(.)='Timestamp']")
signature.addReference("//*[local-name(.)!='Address' and namespace-uri(.)='http://www.w3.org/2005/08/addressing']")
var sec = new ws.Security({"validateResponseSignature": true},
[ x509,
signature
])
sec.options.responseKeyInfoProvider = new FileKeyInfo("./examples/server_public.pem")
var handlers = [ new ws.Addr("http://www.w3.org/2005/08/addressing"),
sec,
new ws.Http()
]
utils.soapTest.call(this, test, "sign_body_timestamp_wsa", "soap11", handlers )
}function validateXml(xml, key)
{
var doc = new dom().parseFromString(xml)
var signature = select(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0]
var sig = new SignedXml()
sig.keyInfoProvider = new FileKeyInfo(key)
sig.loadSignature(signature.toString())
var res = sig.checkSignature(xml)
if (!res) console.log(sig.validationErrors)
return res;
}var signature = select(doc, "//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
var sig = new SignedXml();
//Hack to check non-standard transbank SignedInfo node
sig.__proto__.validateSignatureValue = function() {
var signedInfo = select(doc, "//*[local-name(.)='SignedInfo']");
if (signedInfo.length==0) throw new Error("could not find SignedInfo element in the message");
var signedInfoCanon = this.getCanonXml([this.canonicalizationAlgorithm], signedInfo[0]);
signedInfoCanon = signedInfoCanon.toString().replace("xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"", "xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"");
var signer = this.findSignatureAlgorithm(this.signatureAlgorithm);
var res = signer.verifySignature(signedInfoCanon, this.signingKey, this.signatureValue);
if (!res) this.validationErrors.push("invalid signature: the signature value " + this.signatureValue + " is incorrect");
return res
};
sig.keyInfoProvider = new FileKeyInfo(this.config.WEBPAY_KEY);
sig.loadSignature(signature);
var res = sig.checkSignature(xml);
if (!res) console.log(sig.validationErrors);
return res;
};function validateXml(xml, key)
{
var doc = new dom().parseFromString(xml)
var signature = select("/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']", doc)[0]
var sig = new SignedXml()
sig.keyInfoProvider = new FileKeyInfo(key)
sig.loadSignature(signature.toString())
var res = sig.checkSignature(xml)
if (!res) console.log(sig.validationErrors)
return res;
}var x509 = new X509BinarySecurityToken(
{ "key": fs.readFileSync("client.pem").toString()})
var signature = new ws.Signature(x509)
signature.addReference("//*[local-name(.)='Body']")
signature.addReference("//*[local-name(.)='Timestamp']")
//validateResponseSignature determines if we should validate any incoming signature.
var sec = new ws.Security({"validateResponseSignature": true},
[ x509,
signature
])
//only required if you specified validateResponseSignature as true
sec.options.responseKeyInfoProvider = new FileKeyInfo("server_public.pem")
var handlers =
[ new ws.Addr("http://www.w3.org/2005/08/addressing")
, sec
, new ws.Http()
]
request = "" +
"<header>" +
"" +
"" +
"123" +
"" +
"" +
""
</header>xml-crypto
Xml digital signature and encryption library for Node.js
