Comments (7)
@giulianoifollow i share with you a keyInfo implementation that i use in production
i use the module node-forge because it has a certificate parser, i could have replaced with another tiny module but i'm too lazy :)
'use strict';
var forge = require('node-forge'),
pki = forge.pki;
function KeyInfoProvider(certificatePEM) {
if (!this instanceof KeyInfoProvider) {
return new KeyInfoProvider();
}
if (Buffer.isBuffer(certificatePEM)) {
certificatePEM = certificatePEM.toString('ascii');
}
if (certificatePEM == null || typeof certificatePEM !== 'string') {
throw new Error('certificatePEM must be a valid certificate in PEM format');
}
this._certificatePEM = certificatePEM;
this.getKeyInfo = function(key, prefix) {
var keyInfoXml,
certObj,
certBodyInB64;
prefix = prefix || '';
prefix = prefix ? prefix + ':' : prefix;
certBodyInB64 = forge.util.encode64(forge.pem.decode(this._certificatePEM)[0].body);
certObj = pki.certificateFromPem(this._certificatePEM);
keyInfoXml = '<' + prefix + 'X509Data>';
keyInfoXml += '<' + prefix + 'X509SubjectName>';
keyInfoXml += getSubjectName(certObj);
keyInfoXml += '</' + prefix + 'X509SubjectName>';
keyInfoXml += '<' + prefix + 'X509Certificate>';
keyInfoXml += certBodyInB64;
keyInfoXml += '</' + prefix + 'X509Certificate>';
keyInfoXml += '</' + prefix + 'X509Data>';
return keyInfoXml;
};
this.getKey = function() {
return this._certificatePEM;
};
}
function getSubjectName(certObj) {
var subjectFields,
fields = ['CN', 'OU', 'O', 'L', 'ST', 'C'];
if (certObj.subject) {
subjectFields = fields.reduce(function(subjects, fieldName) {
var certAttr = certObj.subject.getField(fieldName);
if (certAttr) {
subjects.push(fieldName + '=' + certAttr.value);
}
return subjects;
}, []);
}
return Array.isArray(subjectFields) ? subjectFields.join(',') : '';
}
module.exports = KeyInfoProvider;
from xml-crypto.
Old thread but if someone needs it still:
sig.keyInfoProvider = {
getKeyInfo: (key, prefix) => {
return `<X509Data><X509SubjectName>${
variable_with_your_subject
}</X509SubjectName><X509Certificate>${var_with_base64_public_key_without_BEGIN_END_CERTIFICTATE}</X509Certificate></X509Data>`;
}
};
from xml-crypto.
@QAnders tks man
from xml-crypto.
xml-crypto automatically puts them for you in the signature. If you want to add them in a different format you can implement your own 'key info provider' (the readme contains explanation).
from xml-crypto.
Hi,
I have the same info on xml output but when follow your example (README) nothing happens. I'm trying like this:
function MyKeyInfo() {
this.getKeyInfo = function(key) {
return "<X509Data></X509Data>"
};
this.getKey = function(keyInfo) {
return fs.readFileSync("file.pub", 'utf-8');
};
}
var xml = fs.readFileSync('./nfse/xml.xml', 'utf8');
var sig = new SignedXml();
sig.keyInfoProvider = new MyKeyInfo();
sig.addReference("//*[local-name(.)='InfNfse']");
sig.signingKey = fs.readFileSync("file.pem");
sig.computeSignature(xml);
fs.writeFileSync("signed.xml", sig.getSignedXml());
With code above we get:
<KeyInfo>
<X509Data/>
</KeyInfo>
But need somehing like:
<KeyInfo>
<X509Data>
<X509Certificate>
MIIIWjCCBkKgAwIBAgIQZWsH7xnbsvLrhvPOQQeIKzANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE2MDQGA1UECxMtU2VjcmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwgZG8gQnJhc2lsIC0gUkZCMRwwGgYDVQQDExNBQyBDZXJ0aXNpZ24gUkZCIEc0MB4XDTE1MDEwNjAwMDAwMFoXDTE2MDEwNTIzNTk1OVowgfExCzAJBgNVBAYTAkJSMRMwEQYDVQQKFApJQ1AtQnJhc2lsMQswCQYDVQQIEwJSUzEVMBMGA1UEBxQMUG9ydG8gQWxlZ3JlMTYwNAYDVQQLFC1TZWNyZXRhcmlhIGRhIFJlY2VpdGEgRmVkZXJhbCBkbyBCcmFzaWwgLSBSRkIxFjAUBgNVBAsUDVJGQiBlLUNOUEogQTExJjAkBgNVBAsUHUF1dGVudGljYWRvIHBvciBBUiBCREkgQnJhc2lsMTEwLwYDVQQDEyhNVU5JQ0lQSU8gREUgUE9SVE8gQUxFR1JFOjkyOTYzNTYwMDAwMTYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOjUFzmmGowLglM+OBz+uonXJBZBpX5MRM1mFhFBJHbWFa3H8pdopOhwjx28WYj2v+tefTyDHjT+TwlEJ90LzfvXOGdARsDJd5YXxLTd15r7KB+9cojJk2LtDHqmVO5MHhECDBXJiBenYEtWTXWB6dioyg1H6gqNwOUlMKh9vGwSEC5+TmBTVixk7cjiA39P3BTCxtmweJODcgJmTJNBH8Xd+INGqegBdz5iSZCdTzMz8B3xUYIEHYj1zMhRltx89IfLrGtSuo7B3QtjLeKNGp8OZ8ObyZX1/0BSMienc/dRe7kZO7xJmETd4GTIMC/3JJHb8iJvFLSXy6d6lnOA8QIDAQABo4IDZDCCA2AwgckGA1UdEQSBwTCBvqA9BgVgTAEDBKA0BDIyNDEwMTk1NTIwMDQzNDY1MDcyMDAwMDAwMDAwMDAwMDAwMDEwMDU4ODg5MjhDTkhSU6AmBgVgTAEDAqAdBBtKT1NFIEFMQkVSVE8gUkVVUyBGT1JUVU5BVEmgGQYFYEwBAwOgEAQOOTI5NjM1NjAwMDAxNjCgFwYFYEwBAwegDgQMMDAwMDAwMDAwMDAwgSFhZHJpYW5hLnJvZHJpZ3Vlc0Bwcm9jZW1wYS5jb20uYnIwCQYDVR0TBAIwADAfBgNVHSMEGDAWgBQukerWbeWyWYLcOIUpdjQWVjzQPjAOBgNVHQ8BAf8EBAMCBeAwfwYDVR0gBHgwdjB0BgZgTAECAQwwajBoBggrBgEFBQcCARZcaHR0cDovL2ljcC1icmFzaWwuY2VydGlzaWduLmNvbS5ici9yZXBvc2l0b3Jpby9kcGMvQUNfQ2VydGlzaWduX1JGQi9EUENfQUNfQ2VydGlzaWduX1JGQi5wZGYwggEWBgNVHR8EggENMIIBCTBXoFWgU4ZRaHR0cDovL2ljcC1icmFzaWwuY2VydGlzaWduLmNvbS5ici9yZXBvc2l0b3Jpby9sY3IvQUNDZXJ0aXNpZ25SRkJHNC9MYXRlc3RDUkwuY3JsMFagVKBShlBodHRwOi8vaWNwLWJyYXNpbC5vdXRyYWxjci5jb20uYnIvcmVwb3NpdG9yaW8vbGNyL0FDQ2VydGlzaWduUkZCRzQvTGF0ZXN0Q1JMLmNybDBWoFSgUoZQaHR0cDovL3JlcG9zaXRvcmlvLmljcGJyYXNpbC5nb3YuYnIvbGNyL0NlcnRpc2lnbi9BQ0NlcnRpc2lnblJGQkc0L0xhdGVzdENSTC5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMIGbBggrBgEFBQcBAQSBjjCBizBfBggrBgEFBQcwAoZTaHR0cDovL2ljcC1icmFzaWwuY2VydGlzaWduLmNvbS5ici9yZXBvc2l0b3Jpby9jZXJ0aWZpY2Fkb3MvQUNfQ2VydGlzaWduX1JGQl9HNC5wN2MwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmNlcnRpc2lnbi5jb20uYnIwDQYJKoZIhvcNAQELBQADggIBADz3+QOBPSA9lNk12bTciNhr1d+8HrGT92LxL96vcdWEZQ95UbGQhBA2xKYgblscnZ2YPrAlDP2sn/MwNZ59DgOIOrdPWIoTvovjCv58sU5K3iCKxAqEG7HD5RjJ0nDY25uNz5n1dbAFzv/InpLHdPGHvZRbqyKzD4WCZaqh0pAF4t8MQZLeI92yQ2AVe8gGbqFQA2iqQFdpaUi9yWGgVyrnkF/KK/M0Ja0cGXzeTNk1vgDyXtGNxHmaVTTAtAIah43ZA1+kFxtVCWQhulwXjlS4PbRH2Zq3lVb3L0FzZnhbjmysfmW/GWUxmW4Jzc140lPHvi2GlLLrYhorFesxSOR4SL69sph/xRfzRUi9/ypr8lmXYa0xLorNzgO6Mysn2wanE/6rCDmx8hvBKT1gWLlAUXaF6SCAGVjrn9aU5ftFrrYCRJV4kFEqvvQGRFq8kwshJg4npu/May3Ka/KzPAqiSvPPZ7XiUcRsk+pr9KByc1/FRHkr7gQUg6GaSKwB6CbSveiVvdh1TYvarpeS2IDCYl09KwqfYAE17j14MYvuqMXcd0Lu52jYvJKsR/1WuzaEwp4PJBY4hmI9BytU4su22SSkKrTzITc2XJvbxPYU0qgYw1slv23H9iJHdFJVw/K+4mnU3Tss4ZMwdoBY4i1JtYu9USKryAiBHJ89mKUk
</X509Certificate>
</X509Data>
</KeyInfo>
What's wrong?
from xml-crypto.
@giulianoifollow Did you find a way to fix that problem?
from xml-crypto.
The same problem here... :(
from xml-crypto.
Related Issues (20)
- Make releases with `release-it`
- `xpath.js` Dependency HOT 1
- HMAC key usage in KeyInfo HOT 2
- A Proposal for Moving Forward HOT 1
- refactor: deprecate `SignedXml.signingKey` in favor of `SignedXml.publicKey` and `SignedXml.privateKey` HOT 1
- `xpath` dependency "problem" HOT 10
- [ENHANCEMENT]: Signature compliant to http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 HOT 5
- [ENHANCEMENT]: Export `C14nCanonicalization`, `ExclusiveCanonicalization` HOT 1
- [ENHANCEMENT]: Remove files, folders not needed on the release HOT 2
- Add Reference for the KeyInfo node
- [BUG]: keyInfo usage HOT 4
- invalid signature: for uri calculated digest is '*' but the xml to validate supplies digest '*' HOT 9
- Issue with Signature Verification When 'Transforms' Tag is Absent in 'Reference' Element HOT 5
- How to sign a SAML assertion? HOT 1
- Potentially unsafe default impl for `getKeyInfo()` HOT 2
- [BUG?]: duplicate reference in signature HOT 6
- The declared digest does not match the actual calculated digest HOT 3
- Bug/Outdated README: unclear whether signatureAlgorithm required or not HOT 2
- [ENHANCEMENT]: AddObject to SignedXml instance HOT 4
- [ENHANCEMENT]: wssecurity - getCertFromKeyInfo not possible HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xml-crypto.