Refactor classes into their own files

node-saml · Jun 21, 2023 · c0987cf · c0987cf
1 parent 41502e9
commit c0987cf
Show file tree

Hide file tree

Showing 6 changed files with 370 additions and 332 deletions.
diff --git a/index.d.ts b/index.d.ts
@@ -6,6 +6,7 @@
 /// <reference types="node" />
 
 import { SelectedValue } from "xpath";
+import * as crypto from "crypto";
 
 type CanonicalizationAlgorithmType =
   | "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
@@ -87,21 +88,35 @@ export interface Reference {
 }
 
 /** Implement this to create a new HashAlgorithm */
-export interface HashAlgorithm {
+export class HashAlgorithm {
   getAlgorithmName(): HashAlgorithmType;
 
   getHash(xml: string): string;
 }
 
 /** Implement this to create a new SignatureAlgorithm */
-export interface SignatureAlgorithm {
+export class SignatureAlgorithm {
   getAlgorithmName(): SignatureAlgorithmType;
 
-  getSignature(signedInfo: Node, privateKey: Buffer): string;
+  getSignature(
+    signedInfo: crypto.BinaryLike,
+    privateKey: crypto.KeyLike,
+    callback?: (err: Error, signedInfo: string) => never
+  ): string;
+
+  /**
+   * @param key a public cert, public key, or private key can be passed here
+   */
+  verifySignature(
+    material: string,
+    key: crypto.KeyLike,
+    signatureValue: string,
+    callback?: (err: Error, verified: boolean) => never
+  ): boolean;
 }
 
 /** Implement this to create a new TransformAlgorithm */
-export interface TransformAlgorithm {
+export class TransformAlgorithm {
   getAlgorithmName(): TransformAlgorithmType;
 
   process(node: Node): string;
@@ -159,9 +174,10 @@ export class SignedXml {
   // One of the supported signature algorithms. See {@link SignatureAlgorithmType}
   signatureAlgorithm: SignatureAlgorithmType;
   // A {@link Buffer} or pem encoded {@link String} containing your private key
-  privateKey: Buffer | string;
+  privateKey: crypto.KeyLike;
   // Contains validation errors (if any) after {@link checkSignature} method is called
   validationErrors: string[];
+  publicCert: crypto.KeyLike;
 
   /**
    * The SignedXml constructor provides an abstraction for sign and verify xml documents. The object is constructed using

diff --git a/lib/hash-algorithms.js b/lib/hash-algorithms.js
@@ -0,0 +1,61 @@
+const crypto = require("crypto");
+
+/**
+ * @type { import("../index.d.ts").HashAlgorithm}
+ */
+class Sha1 {
+  constructor() {
+    this.getHash = function (xml) {
+      const shasum = crypto.createHash("sha1");
+      shasum.update(xml, "utf8");
+      const res = shasum.digest("base64");
+      return res;
+    };
+
+    this.getAlgorithmName = function () {
+      return "http://www.w3.org/2000/09/xmldsig#sha1";
+    };
+  }
+}
+
+/**
+ * @type { import("../index.d.ts").HashAlgorithm}
+ */
+class Sha256 {
+  constructor() {
+    this.getHash = function (xml) {
+      const shasum = crypto.createHash("sha256");
+      shasum.update(xml, "utf8");
+      const res = shasum.digest("base64");
+      return res;
+    };
+
+    this.getAlgorithmName = function () {
+      return "http://www.w3.org/2001/04/xmlenc#sha256";
+    };
+  }
+}
+
+/**
+ * @type { import("../index.d.ts").HashAlgorithm}
+ */
+class Sha512 {
+  constructor() {
+    this.getHash = function (xml) {
+      const shasum = crypto.createHash("sha512");
+      shasum.update(xml, "utf8");
+      const res = shasum.digest("base64");
+      return res;
+    };
+
+    this.getAlgorithmName = function () {
+      return "http://www.w3.org/2001/04/xmlenc#sha512";
+    };
+  }
+}
+
+module.exports = {
+  Sha1,
+  Sha256,
+  Sha512,
+};
diff --git a/lib/signature-algorithms.js b/lib/signature-algorithms.js
@@ -0,0 +1,134 @@
+const crypto = require("crypto");
+
+/**
+ * @type { import("../index.d.ts").SignatureAlgorithm}
+ */
+class RsaSha1 {
+  constructor() {
+    /**
+     * Sign the given string using the given key
+     *
+     */
+    this.getSignature = function (signedInfo, privateKey, callback) {
+      const signer = crypto.createSign("RSA-SHA1");
+      signer.update(signedInfo);
+      const res = signer.sign(privateKey, "base64");
+      if (callback) {
+        callback(null, res);
+      }
+      return res;
+    };
+
+    /**
+     * Verify the given signature of the given string using key
+     *
+     */
+    this.verifySignature = function (str, key, signatureValue, callback) {
+      const verifier = crypto.createVerify("RSA-SHA1");
+      verifier.update(str);
+      const res = verifier.verify(key, signatureValue, "base64");
+      if (callback) {
+        callback(null, res);
+      }
+      return res;
+    };
+
+    this.getAlgorithmName = function () {
+      return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+    };
+  }
+}
+
+/**
+ * @type { import("../index.d.ts").SignatureAlgorithm} SignatureAlgorithm
+ */
+class RsaSha256 {
+  constructor() {
+    this.getSignature = function (signedInfo, privateKey, callback) {
+      const signer = crypto.createSign("RSA-SHA256");
+      signer.update(signedInfo);
+      const res = signer.sign(privateKey, "base64");
+      if (callback) {
+        callback(null, res);
+      }
+      return res;
+    };
+
+    this.verifySignature = function (str, key, signatureValue, callback) {
+      const verifier = crypto.createVerify("RSA-SHA256");
+      verifier.update(str);
+      const res = verifier.verify(key, signatureValue, "base64");
+      if (callback) {
+        callback(null, res);
+      }
+      return res;
+    };
+
+    this.getAlgorithmName = function () {
+      return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+    };
+  }
+}
+
+/**
+ * @type { import("../index.d.ts").SignatureAlgorithm}
+ */
+class RsaSha512 {
+  constructor() {
+    this.getSignature = function (signedInfo, privateKey, callback) {
+      const signer = crypto.createSign("RSA-SHA512");
+      signer.update(signedInfo);
+      const res = signer.sign(privateKey, "base64");
+      if (callback) {
+        callback(null, res);
+      }
+      return res;
+    };
+
+    this.verifySignature = function (str, key, signatureValue, callback) {
+      const verifier = crypto.createVerify("RSA-SHA512");
+      verifier.update(str);
+      const res = verifier.verify(key, signatureValue, "base64");
+      if (callback) {
+        callback(null, res);
+      }
+      return res;
+    };
+
+    this.getAlgorithmName = function () {
+      return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
+    };
+  }
+}
+
+/**
+ * @type { import("../index.d.ts").SignatureAlgorithm}
+ */
+class HmacSha1 {
+  constructor() {
+    this.verifySignature = function (str, key, signatureValue) {
+      const verifier = crypto.createHmac("SHA1", key);
+      verifier.update(str);
+      const res = verifier.digest("base64");
+      return res === signatureValue;
+    };
+
+    this.getAlgorithmName = function () {
+      return "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+    };
+
+    this.getSignature = function (signedInfo, privateKey) {
+      const verifier = crypto.createHmac("SHA1", privateKey);
+      verifier.update(signedInfo);
+      const res = verifier.digest("base64");
+      return res;
+    };
+  }
+}
+
+module.exports = {
+  RsaSha1,
+  RsaSha256,
+  RsaSha512,
+  HmacSha1,
+};