Skip to content

Commit

Permalink
Rename signingCert -> publicCert and signingKey -> privateKey (
Browse files Browse the repository at this point in the history
  • Loading branch information
cjbarth authored Jun 18, 2023
1 parent c2b83f9 commit 78329fb
Show file tree
Hide file tree
Showing 11 changed files with 86 additions and 86 deletions.
26 changes: 13 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ _Signature Algorithm:_ RSA-SHA1 http://www.w3.org/2000/09/xmldsig#rsa-sha1

When signing a xml document you can specify the following properties on a `SignedXml` instance to customize the signature process:

- `sign.signingKey` - **[required]** a `Buffer` or pem encoded `String` containing your private key
- `sign.privateKey` - **[required]** a `Buffer` or pem encoded `String` containing your private key
- `sign.signatureAlgorithm` - **[optional]** one of the supported [signature algorithms](#signature-algorithms). Ex: `sign.signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"`
- `sign.canonicalizationAlgorithm` - **[optional]** one of the supported [canonicalization algorithms](#canonicalization-and-transformation-algorithms). Ex: `sign.canonicalizationAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"`

Expand All @@ -81,7 +81,7 @@ var xml = "<library>" + "<book>" + "<name>Harry Potter</name>" + "</book>" + "</

var sig = new SignedXml();
sig.addReference("//*[local-name(.)='book']");
sig.signingKey = fs.readFileSync("client.pem");
sig.privateKey = fs.readFileSync("client.pem");
sig.computeSignature(xml);
fs.writeFileSync("signed.xml", sig.getSignedXml());
```
Expand Down Expand Up @@ -118,9 +118,9 @@ To generate a `<X509Data></X509Data>` element in the signature you must provide

When verifying a xml document you must specify the following properties on a ``SignedXml` instance:

- `sign.signingCert` - **[optional]** your certificate as a string, a string of multiple certs in PEM format, or a Buffer, see [customizing algorithms](#customizing-algorithms) for an implementation example
- `sign.publicCert` - **[optional]** your certificate as a string, a string of multiple certs in PEM format, or a Buffer, see [customizing algorithms](#customizing-algorithms) for an implementation example

The certificate that will be used to check the signature will first be determined by calling `.getCertFromKeyInfo()`, which function you can customize as you see fit. If that returns `null`, then `.signingCert` is used. If that is `null`, then `.signingKey` is used (for symmetrical signing applications).
The certificate that will be used to check the signature will first be determined by calling `.getCertFromKeyInfo()`, which function you can customize as you see fit. If that returns `null`, then `.publicCert` is used. If that is `null`, then `.privateKey` is used (for symmetrical signing applications).

You can use any dom parser you want in your code (or none, depending on your usage). This sample uses [xmldom](https://github.com/jindw/xmldom) so you should install it first:

Expand All @@ -144,7 +144,7 @@ var signature = select(
"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']"
)[0];
var sig = new SignedXml();
sig.signingCert = new FileKeyInfo("client_public.pem");
sig.publicCert = new FileKeyInfo("client_public.pem");
sig.loadSignature(signature);
var res = sig.checkSignature(xml);
if (!res) console.log(sig.validationErrors);
Expand Down Expand Up @@ -179,7 +179,7 @@ If you keep failing verification, it is worth trying to guess such a hidden tran
```javascript
var option = { implicitTransforms: ["http://www.w3.org/TR/2001/REC-xml-c14n-20010315"] };
var sig = new SignedXml(null, option);
sig.signingCert = new FileKeyInfo("client_public.pem");
sig.publicCert = new FileKeyInfo("client_public.pem");
sig.loadSignature(signature);
var res = sig.checkSignature(xml);
```
Expand Down Expand Up @@ -272,7 +272,7 @@ A custom signing algorithm. The default is RSA-SHA1.
```javascript
function MySignatureAlgorithm() {
/*sign the given SignedInfo using the key. return base64 signature value*/
this.getSignature = function (signedInfo, signingKey) {
this.getSignature = function (signedInfo, privateKey) {
return "signature of signedInfo as base64...";
};

Expand Down Expand Up @@ -333,15 +333,15 @@ function signXml(xml, xpath, key, dest) {

/*configure the signature object to use the custom algorithms*/
sig.signatureAlgorithm = "http://mySignatureAlgorithm";
sig.signingCert = fs.readFileSync("my_public_cert.pem", "latin1");
sig.publicCert = fs.readFileSync("my_public_cert.pem", "latin1");
sig.canonicalizationAlgorithm = "http://MyCanonicalization";
sig.addReference(
"//*[local-name(.)='x']",
["http://MyTransformation"],
"http://myDigestAlgorithm"
);

sig.signingKey = fs.readFileSync(key);
sig.privateKey = fs.readFileSync(key);
sig.addReference(xpath);
sig.computeSignature(xml);
fs.writeFileSync(dest, sig.getSignedXml());
Expand All @@ -361,10 +361,10 @@ If the private key is not stored locally and you wish to use a signing server or

```javascript
function AsyncSignatureAlgorithm() {
this.getSignature = function (signedInfo, signingKey, callback) {
this.getSignature = function (signedInfo, privateKey, callback) {
var signer = crypto.createSign("RSA-SHA1");
signer.update(signedInfo);
var res = signer.sign(signingKey, "base64");
var res = signer.sign(privateKey, "base64");
//Do some asynchronous things here
callback(null, res);
};
Expand Down Expand Up @@ -427,7 +427,7 @@ var xml = "<library>" + "<book>" + "<name>Harry Potter</name>" + "</book>" + "</

var sig = new SignedXml();
sig.addReference("//*[local-name(.)='book']");
sig.signingKey = fs.readFileSync("client.pem");
sig.privateKey = fs.readFileSync("client.pem");
sig.computeSignature(xml, {
prefix: "ds",
});
Expand All @@ -451,7 +451,7 @@ var xml = "<library>" + "<book>" + "<name>Harry Potter</name>" + "</book>" + "</

var sig = new SignedXml();
sig.addReference("//*[local-name(.)='book']");
sig.signingKey = fs.readFileSync("client.pem");
sig.privateKey = fs.readFileSync("client.pem");
sig.computeSignature(xml, {
location: { reference: "//*[local-name(.)='book']", action: "after" }, //This will place the signature after the book element
});
Expand Down
4 changes: 2 additions & 2 deletions example/example.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ const fs = require("fs");

function signXml(xml, xpath, key, dest) {
const sig = new SignedXml();
sig.signingKey = fs.readFileSync(key);
sig.privateKey = fs.readFileSync(key);
sig.addReference(xpath);
sig.computeSignature(xml);
fs.writeFileSync(dest, sig.getSignedXml());
Expand All @@ -20,7 +20,7 @@ function validateXml(xml, key) {
doc
)[0];
const sig = new SignedXml();
sig.signingCert = key;
sig.publicCert = key;
sig.loadSignature(signature.toString());
const res = sig.checkSignature(xml);
if (!res) {
Expand Down
8 changes: 4 additions & 4 deletions index.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ export interface HashAlgorithm {
export interface SignatureAlgorithm {
getAlgorithmName(): SignatureAlgorithmType;

getSignature(signedInfo: Node, signingKey: Buffer): string;
getSignature(signedInfo: Node, privateKey: Buffer): string;
}

/** Implement this to create a new TransformAlgorithm */
Expand All @@ -110,8 +110,8 @@ export interface TransformAlgorithm {
/**
* ### Sign
* #### Properties
* - {@link SignedXml#signingKey} [required]
* - {@link SignedXml#keyInfoProvider} [optional]
* - {@link SignedXml#privateKey} [required]
* - {@link SignedXml#publicCert} [optional]
* - {@link SignedXml#signatureAlgorithm} [optional]
* - {@link SignedXml#canonicalizationAlgorithm} [optional]
* #### Api
Expand All @@ -123,7 +123,7 @@ export interface TransformAlgorithm {
*
* ### Verify
* #### Properties
* - {@link SignedXml#keyInfoProvider} [required]
* - {@link SignedXml#publicCert} [optional]
* #### Api
* - {@link SignedXml#loadSignature}
* - {@link SignedXml#checkSignature}
Expand Down
26 changes: 13 additions & 13 deletions lib/signed-xml.js
Original file line number Diff line number Diff line change
Expand Up @@ -58,10 +58,10 @@ function RSASHA1() {
* Sign the given string using the given key
*
*/
this.getSignature = function (signedInfo, signingKey, callback) {
this.getSignature = function (signedInfo, privateKey, callback) {
const signer = crypto.createSign("RSA-SHA1");
signer.update(signedInfo);
const res = signer.sign(signingKey, "base64");
const res = signer.sign(privateKey, "base64");
if (callback) {
callback(null, res);
}
Expand Down Expand Up @@ -96,10 +96,10 @@ function RSASHA256() {
* Sign the given string using the given key
*
*/
this.getSignature = function (signedInfo, signingKey, callback) {
this.getSignature = function (signedInfo, privateKey, callback) {
const signer = crypto.createSign("RSA-SHA256");
signer.update(signedInfo);
const res = signer.sign(signingKey, "base64");
const res = signer.sign(privateKey, "base64");
if (callback) {
callback(null, res);
}
Expand Down Expand Up @@ -134,10 +134,10 @@ function RSASHA512() {
* Sign the given string using the given key
*
*/
this.getSignature = function (signedInfo, signingKey, callback) {
this.getSignature = function (signedInfo, privateKey, callback) {
const signer = crypto.createSign("RSA-SHA512");
signer.update(signedInfo);
const res = signer.sign(signingKey, "base64");
const res = signer.sign(privateKey, "base64");
if (callback) {
callback(null, res);
}
Expand Down Expand Up @@ -175,8 +175,8 @@ function HMACSHA1() {
return "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
};

this.getSignature = function (signedInfo, signingKey) {
const verifier = crypto.createHmac("SHA1", signingKey);
this.getSignature = function (signedInfo, privateKey) {
const verifier = crypto.createHmac("SHA1", privateKey);
verifier.update(signedInfo);
const res = verifier.digest("base64");
return res;
Expand Down Expand Up @@ -311,8 +311,8 @@ function SignedXml(idMode, options) {
this.idMode = idMode;
this.references = [];
this.id = 0;
this.signingKey = null;
this.signingCert = null;
this.privateKey = null;
this.publicCert = null;
this.signatureAlgorithm =
this.options.signatureAlgorithm || "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
this.canonicalizationAlgorithm =
Expand Down Expand Up @@ -504,7 +504,7 @@ SignedXml.prototype.validateSignatureValue = function (doc, callback) {
const signer = this.findSignatureAlgorithm(this.signatureAlgorithm);
const res = signer.verifySignature(
signedInfoCanon,
this.getCertFromKeyInfo(this.keyInfo) || this.signingCert || this.signingKey,
this.getCertFromKeyInfo(this.keyInfo) || this.publicCert || this.privateKey,
this.signatureValue,
callback
);
Expand All @@ -519,7 +519,7 @@ SignedXml.prototype.validateSignatureValue = function (doc, callback) {
SignedXml.prototype.calculateSignatureValue = function (doc, callback) {
const signedInfoCanon = this.getCanonSignedInfoXml(doc);
const signer = this.findSignatureAlgorithm(this.signatureAlgorithm);
this.signatureValue = signer.getSignature(signedInfoCanon, this.signingKey, callback);
this.signatureValue = signer.getSignature(signedInfoCanon, this.privateKey, callback);
};

SignedXml.prototype.findSignatureAlgorithm = function (name) {
Expand Down Expand Up @@ -954,7 +954,7 @@ SignedXml.prototype.getKeyInfo = function (prefix) {
keyInfoAttrs += " " + name + '="' + this.keyInfoAttributes[name] + '"';
});
}
const keyInfoContent = this.getKeyInfoContent({ publicCert: this.signingCert, prefix });
const keyInfoContent = this.getKeyInfoContent({ publicCert: this.publicCert, prefix });
if (keyInfoAttrs !== "" || keyInfoContent != null) {
res += "<" + currentPrefix + "KeyInfo" + keyInfoAttrs + ">";
res += keyInfoContent;
Expand Down
4 changes: 2 additions & 2 deletions test/document-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ describe("Document tests", function () {
.toString()
);
const sig = new crypto.SignedXml();
sig.signingCert = fs.readFileSync("./test/static/feide_public.pem");
sig.publicCert = fs.readFileSync("./test/static/feide_public.pem");
sig.loadSignature(signature);
const result = sig.checkSignature(xml);

Expand All @@ -37,7 +37,7 @@ describe("Document tests", function () {
);
const sig = new crypto.SignedXml();
const feidePublicCert = fs.readFileSync("./test/static/feide_public.pem");
sig.signingCert = feidePublicCert;
sig.publicCert = feidePublicCert;
sig.loadSignature(signature);
const result = sig.checkSignature(xml);

Expand Down
8 changes: 4 additions & 4 deletions test/hmac-tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ describe("HMAC tests", function () {
)[0];
const sig = new crypto.SignedXml();
sig.enableHMAC();
sig.signingCert = fs.readFileSync("./test/static/hmac.key");
sig.publicCert = fs.readFileSync("./test/static/hmac.key");
sig.loadSignature(signature);
const result = sig.checkSignature(xml);

Expand All @@ -31,7 +31,7 @@ describe("HMAC tests", function () {
)[0];
const sig = new crypto.SignedXml();
sig.enableHMAC();
sig.signingCert = fs.readFileSync("./test/static/hmac-foobar.key");
sig.publicCert = fs.readFileSync("./test/static/hmac-foobar.key");
sig.loadSignature(signature);
const result = sig.checkSignature(xml);

Expand All @@ -42,7 +42,7 @@ describe("HMAC tests", function () {
const xml = "<library>" + "<book>" + "<name>Harry Potter</name>" + "</book>" + "</library>";
const sig = new crypto.SignedXml();
sig.enableHMAC();
sig.signingKey = fs.readFileSync("./test/static/hmac.key");
sig.privateKey = fs.readFileSync("./test/static/hmac.key");
sig.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
sig.addReference("//*[local-name(.)='book']");
sig.computeSignature(xml);
Expand All @@ -54,7 +54,7 @@ describe("HMAC tests", function () {
)[0];
const verify = new crypto.SignedXml();
verify.enableHMAC();
verify.signingCert = fs.readFileSync("./test/static/hmac.key");
verify.publicCert = fs.readFileSync("./test/static/hmac.key");
verify.loadSignature(signature);
const result = verify.checkSignature(sig.getSignedXml());

Expand Down
8 changes: 4 additions & 4 deletions test/key-info-tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ describe("KeyInfo tests", function () {
it("adds X509Certificate element during signature", function () {
const xml = "<root><x /></root>";
const sig = new SignedXml();
sig.signingKey = fs.readFileSync("./test/static/client.pem");
sig.signingCert = fs.readFileSync("./test/static/client_public.pem");
sig.privateKey = fs.readFileSync("./test/static/client.pem");
sig.publicCert = fs.readFileSync("./test/static/client_public.pem");
sig.computeSignature(xml);
const signedXml = sig.getSignedXml();
const doc = new xmldom.DOMParser().parseFromString(signedXml);
Expand All @@ -22,8 +22,8 @@ describe("KeyInfo tests", function () {
it("make sure private hmac key is not leaked due to key confusion", function () {
const xml = "<library>" + "<book>" + "<name>Harry Potter</name>" + "</book>" + "</library>";
const sig = new crypto.SignedXml();
sig.signingKey = fs.readFileSync("./test/static/hmac.key");
sig.signingCert = fs.readFileSync("./test/static/hmac.key");
sig.privateKey = fs.readFileSync("./test/static/hmac.key");
sig.publicCert = fs.readFileSync("./test/static/hmac.key");
sig.signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
sig.enableHMAC();
sig.addReference("//*[local-name(.)='book']");
Expand Down
10 changes: 5 additions & 5 deletions test/saml-response-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ describe("SAML response tests", function () {
doc
)[0];
const sig = new crypto.SignedXml();
sig.signingCert = fs.readFileSync("./test/static/feide_public.pem");
sig.publicCert = fs.readFileSync("./test/static/feide_public.pem");
sig.loadSignature(signature);
const result = sig.checkSignature(xml);

Expand All @@ -29,7 +29,7 @@ describe("SAML response tests", function () {
assertion
)[0];
const sig = new crypto.SignedXml();
sig.signingCert = fs.readFileSync("./test/static/feide_public.pem");
sig.publicCert = fs.readFileSync("./test/static/feide_public.pem");
sig.loadSignature(signature);
expect(function () {
sig.checkSignature(xml);
Expand All @@ -46,7 +46,7 @@ describe("SAML response tests", function () {
doc
)[0];
const sig = new crypto.SignedXml();
sig.signingCert = fs.readFileSync("./test/static/saml_external_ns.pem");
sig.publicCert = fs.readFileSync("./test/static/saml_external_ns.pem");
sig.loadSignature(signature);
const result = sig.checkSignature(xml);
expect(result).to.be.true;
Expand All @@ -61,7 +61,7 @@ describe("SAML response tests", function () {
assertion
)[0];
const sig = new crypto.SignedXml();
sig.signingCert = fs.readFileSync("./test/static/feide_public.pem");
sig.publicCert = fs.readFileSync("./test/static/feide_public.pem");
sig.loadSignature(signature);
expect(function () {
sig.checkSignature(xml);
Expand All @@ -76,7 +76,7 @@ describe("SAML response tests", function () {
doc
)[0];
const sig = new crypto.SignedXml();
sig.signingCert = fs.readFileSync("./test/static/feide_public.pem");
sig.publicCert = fs.readFileSync("./test/static/feide_public.pem");
sig.loadSignature(signature);
const result = sig.checkSignature(xml);
// This doesn't matter, just want to make sure that we don't fail due to unknown algorithm
Expand Down
Loading

0 comments on commit 78329fb

Please sign in to comment.