Dive into secure and efficient coding practices with our curated list of the top 10 examples showcasing 'xml-crypto' in functional components in JavaScript. Our advanced machine learning engine meticulously scans each line of code, cross-referencing millions of open source libraries to ensure your implementation is not just functional, but also robust and secure. Elevate your React applications to new heights by mastering the art of handling side effects, API calls, and asynchronous operations with confidence and precision.
SAML.prototype.validateSignature = function validSignature(xml, cert) {
const doc = new xmldom.DOMParser().parseFromString(xml);
const xpathExpression = '//*[local-name(.)="Signature" and namespace-uri(.)="http: //www.w3.org/2000/09/xmldsig#"]';
const signature = xmlCrypto.xpath(doc, xpathExpression)[0];
const sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
getKeyInfo: () => {
return '';
},
getKey: () => {
// should I use the key in keyInfo or in cert?
return pem.certToPEM(cert);
},
};
sig.loadSignature(signature.toString());
return sig.checkSignature(xml);
};
function signXML(xml, signatureLocation, signedXPath, credentials, options) {
options = options || {};
// create and configure xml-crypto SignedXml instance
const signatureAlgorithm = resolveSignatureAlgorithm(options.signatureAlgorithm);
const signer = new SignedXml(null, {
signatureAlgorithm: signatureAlgorithm
});
signer.keyInfoProvider = new CertKeyInfo(credentials.certificate);
signer.signingKey = pemFormatting.addPEMHeaders("RSA PRIVATE KEY", credentials.privateKey);
signer.addReference(signedXPath, [
"http://www.w3.org/2000/09/xmldsig#enveloped-signature",
"http://www.w3.org/2001/10/xml-exc-c14n#"
]);
// compute signature and return signed XML document string
signer.computeSignature(xml, {
prefix: options.prefix || "ds",
location: signatureLocation || ""
});
if (!options.cert)
throw new Error('Expect a public key cert in pem format');
options.signatureAlgorithm = options.signatureAlgorithm || 'rsa-sha256';
options.digestAlgorithm = options.digestAlgorithm || 'sha256';
options.includeAttributeNameFormat = (typeof options.includeAttributeNameFormat !== 'undefined') ? options.includeAttributeNameFormat : true;
options.typedAttributes = (typeof options.typedAttributes !== 'undefined') ? options.typedAttributes : true;
// 0.10.1 added prefix, but we want to name it signatureNamespacePrefix - This is just to keep supporting prefix
options.signatureNamespacePrefix = options.signatureNamespacePrefix || options.prefix;
options.signatureNamespacePrefix = typeof options.signatureNamespacePrefix === 'string' ? options.signatureNamespacePrefix : '' ;
var cert = utils.pemToCert(options.cert);
var sig = new SignedXml(null, { signatureAlgorithm: algorithms.signature[options.signatureAlgorithm], idAttribute: 'ID' });
sig.addReference("//*[local-name(.)='Assertion']",
["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"],
algorithms.digest[options.digestAlgorithm]);
sig.signingKey = options.key;
sig.keyInfoProvider = {
getKeyInfo: function (key, prefix) {
prefix = prefix ? prefix + ':' : prefix;
return "<" + prefix + "X509Data><" + prefix + "X509Certificate>" + cert + "";
}
};
var doc;
try {
doc = new Parser().parseFromString(saml20.toString());
SAML.prototype.validateSignature = function(xml, cert) {
const self = this;
const doc = new xmldom.DOMParser().parseFromString(xml);
const signature = xmlCrypto.xpath(doc, '//*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0];
const sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
getKeyInfo(/* key*/) {
return '';
},
getKey(/* keyInfo*/) {
return self.certToPEM(cert);
},
};
sig.loadSignature(signature);
return sig.checkSignature(xml);
};
verifySignature: function verifySignature(xml, signature, opts) {
var options = opts || {};
var refXPath = options.referenceXPath;
var signatureAlgorithm = options.signatureAlgorithm || signatureAlgorithms.RSA_SHA1; // SS1.1
var sig = new SignedXml();
sig.signatureAlgorithm = signatureAlgorithm; // SS1.1
// Add assertion sections as reference
if(options.keyFile) {
sig.keyInfoProvider = new FileKeyInfo(options.keyFile);
} else if(options.cert) {
sig.keyInfoProvider = new this.getKeyInfo(options.cert.getX509Certificate(certUsage.SIGNING));
} else {
throw new Error('Undefined certificate or keyfile in \'opts\' object');
}
sig.loadSignature(signature.toString());
var res = sig.checkSignature(xml);
if (!res) {
throw new Error(sig.validationErrors);
} else {
return true;
}
SAML.prototype.validateSignature = function(xml, cert) {
const self = this;
const doc = new xmldom.DOMParser().parseFromString(xml);
const signature = xmlCrypto.xpath(doc, '//*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0];
const sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
getKeyInfo(/* key*/) {
return '';
},
getKey(/* keyInfo*/) {
return self.certToPEM(cert);
},
};
sig.loadSignature(signature);
return sig.checkSignature(xml);
};
module.exports.validateXmlEmbeddedSignature = function (xml, options) {
var calculatedThumbprint = '';
var signature = xmlCrypto.xpath(xml, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
if (!signature){
return ['Signature is missing'];
}
if (options.thumprints){
// Make sure thumprints is an array for the validation
options.thumbprints = options.thumbprints instanceof Array ? options.thumbprints : [options.thumbprints];
}
var sig = new SignedXml();
sig.keyInfoProvider = {
getKeyInfo: function () {
return "";
},
getKey: function (keyInfo) {
selection.forEach(signatureNode => {
sig.signatureAlgorithm = opts.signatureAlgorithm;
if (opts.keyFile) {
sig.keyInfoProvider = new FileKeyInfo(opts.keyFile);
} else if (opts.cert) {
const certificateNode = select(".//*[local-name(.)='X509Certificate']", signatureNode) as any;
// certificate in metadata
let metadataCert: any = opts.cert.getX509Certificate(certUse.signing);
if (typeof metadataCert === 'string') {
metadataCert = [metadataCert];
} else if (metadataCert instanceof Array) {
// flattens the nested array of Certificates from each KeyDescriptor
metadataCert = flattenDeep(metadataCert);
}
metadataCert = metadataCert.map(utility.normalizeCerString);
// use the first
let selectedCert = metadataCert[0];
verifySignature: function verifySignature(xml, signature, opts) {
var options = opts || {};
var refXPath = options.referenceXPath;
var signatureAlgorithm = options.signatureAlgorithm || signatureAlgorithms.RSA_SHA1; // SS1.1
var sig = new SignedXml();
sig.signatureAlgorithm = signatureAlgorithm; // SS1.1
// Add assertion sections as reference
if(options.keyFile) {
sig.keyInfoProvider = new FileKeyInfo(options.keyFile);
} else if(options.cert) {
sig.keyInfoProvider = new this.getKeyInfo(options.cert.getX509Certificate(certUsage.SIGNING));
} else {
throw new Error('Undefined certificate or keyfile in \'opts\' object');
}
sig.loadSignature(signature.toString());
var res = sig.checkSignature(xml);
if (!res) {
throw new Error(sig.validationErrors);
} else {
return true;
}
},
/**
const sign = (doc, key) => {
const nodeSignatureValue = doc.getElementsByTagName('ds:SignatureValue')[0];
if (nodeSignatureValue) {
const select = xpath.useNamespaces({ ds: 'http://www.w3.org/2000/09/xmldsig#' });
const contentToSign = (new C14n().process(select('//ds:SignedInfo', doc)[0])).replace('xmlns:ds="http://www.w3.org/2000/09/xmldsig#"', 'xmlns="urn:org:ebics:H004" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"');
nodeSignatureValue.textContent = Crypto.privateSign(key, contentToSign); // this.keys.x().key.sign(contentToSign, 'base64');
}
return doc;
};