Comments (13)
this is all you have in module export
module.exports = require('./lib/signed-xml')
module.exports.xpath = require('xpath.js')
can you please also add
module.exports = require('./lib/signed-xml')
module.exports.xpath = require('xpath.js')
module.exports.exclusivecanonicalization. = require('./lib/exclusive-canonicalization')
...
??
I ended doing this
xmlCrypto.SignedXml.CanonicalizationAlgorithms['http://www.w3.org/TR/2001/REC-xml-c14n-20010315'] =
xmlCrypto.SignedXml.CanonicalizationAlgorithms['http://www.w3.org/2001/10/xml-exc-c14n#'];
but I'm not sure if will work correct.
from xml-crypto.
Here is XML I need to parse with
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<?xml version="1.0" encoding="UTF-8"?>
<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_04b8c30f-b89c-4d01-a569-67883a78d05d" Version="2.0" IssueInstant="2016-02-09T04:05:50.6492946Z" Destination="http://localhost:5000/sso/callback">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://internal.zzz.com/idp</Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_04b8c30f-b89c-4d01-a569-67883a78d05d">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>a/BxxUeoPDZGbxqZ+eHadGh2q8M=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>RvOwXnebic/xfpUGt2kMscZEGNig5ibw2Og9SG1B9rfD9n6/pAfmTKwYWIMOxHjjBlveyIt9Ui3jB60MZRD1q5TZXY0+v+mjuYw36FHVBYrqBj8tA3a53JGFMP+63LO27dmy2dgzYsEabkG1RA1aNEX/jJUHpn78U49J5Cb3dg0=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIBqzC.............Eq0cEItLlrhifbv838=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</Status>
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_a6f80e9d-6adc-4354-b643-c47e57cd95d2" IssueInstant="2016-02-09T04:05:50.6512329Z">
<Issuer>https://internal.zzz.com/idp</Issuer>
<Subject>
<NameID NameQualifier="https://zzz.exrrrrr.com/saml/sp" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">6200005628</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData NotOnOrAfter="2016-02-09T04:10:50.6522489Z" Recipient="http://localhost:5000/sso/callback" />
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2016-02-09T03:15:50.6512329Z" NotOnOrAfter="2016-02-09T04:55:50.6512329Z">
<AudienceRestriction>
<Audience>https://zzz.exeqweqwe.com/saml/sp</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement AuthnInstant="2016-02-09T04:05:50.6512329Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
<AttributeStatement>
<Attribute Name="Lang" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue xsi:type="xsd:string">En</AttributeValue>
</Attribute>
<Attribute Name="ReturnedD" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue xsi:type="xsd:string">www1.ssss.com</AttributeValue>
</Attribute>
<Attribute Name="OFMSID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue xsi:type="xsd:string">1200000055</AttributeValue>
</Attribute>
<Attribute Name="CenterCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue xsi:type="xsd:string">OCC</AttributeValue>
</Attribute>
</AttributeStatement>
</Assertion>
</Response>
from xml-crypto.
That commit is not enough to support xml c14n, exclusive c14n (exc14n) is mostly identical to c14n but have some extra details. It could work on some cases but it not spec compliant
from xml-crypto.
my project is really depends on it to be available. What can I do to make this feature available in module? Maybe it's stupid question but Is it a lot of work to add this support?
from xml-crypto.
If you need to fake the support for c14n (just like that commit) you can register a custom transformation algorithm that uses the exc14n that is implemented in xml-crypto.
FYI We have plans to support c14n but we need to find the time to work on it
from xml-crypto.
when do you think you may have time? Is it a week or a month? I can wait some time :)
from xml-crypto.
@cherchyk for c14n support what it needs to be done is basically read the W3C spec of c14n compare it against the exc14n spec (implemented in xml-crypto), identify the required changes and based on the ExclusiceCanonicalization code just support it
from xml-crypto.
probably it sounds easy to you but for me it's a new universe I will need to discover...
from xml-crypto.
@cherchyk hahaha it is not easy for me too, i've spend the last week reading the c14n spec.. Trying to understand it, xml things are not my specialty
from xml-crypto.
I'm going to close this because it is a duplicate of #68 , feel free to keep comment on that issue
from xml-crypto.
I agree you can get the same effect with something like:
SignedXml.CanonicalizationAlgorithms['http://www.w3.org/TR/2001/REC-xml-c14n-20010315'] = SignedXml.ExclusiveCanonicalization
from xml-crypto.
thanks very much !
from xml-crypto.
Yes, this should have the same effect.
from xml-crypto.
Related Issues (20)
- HMAC key usage in KeyInfo HOT 2
- A Proposal for Moving Forward HOT 1
- refactor: deprecate `SignedXml.signingKey` in favor of `SignedXml.publicKey` and `SignedXml.privateKey` HOT 1
- `xpath` dependency "problem" HOT 10
- [ENHANCEMENT]: Signature compliant to http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 HOT 5
- [ENHANCEMENT]: Export `C14nCanonicalization`, `ExclusiveCanonicalization` HOT 1
- [ENHANCEMENT]: Remove files, folders not needed on the release HOT 2
- Add Reference for the KeyInfo node
- [BUG]: keyInfo usage HOT 4
- invalid signature: for uri calculated digest is '*' but the xml to validate supplies digest '*' HOT 9
- Issue with Signature Verification When 'Transforms' Tag is Absent in 'Reference' Element HOT 5
- How to sign a SAML assertion? HOT 1
- Potentially unsafe default impl for `getKeyInfo()` HOT 2
- [BUG?]: duplicate reference in signature HOT 6
- The declared digest does not match the actual calculated digest HOT 3
- Bug/Outdated README: unclear whether signatureAlgorithm required or not HOT 2
- [ENHANCEMENT]: AddObject to SignedXml instance HOT 4
- [ENHANCEMENT]: wssecurity - getCertFromKeyInfo not possible HOT 1
- [ENHANCEMENT]: Improve experience of adding a `Reference` to the `Signature`.
- [ENHANCEMENT]: Making the signature wrap the content that it's signing HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xml-crypto.