Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KeyInfo element is optional in spec but enforced in project #38

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

KeyInfo element is optional in spec but enforced in project #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
33cf76b
Changes to make options.pem optional, as per XML Encryption spec.
cam-buildit Nov 20, 2017
89d0ca5
Added tests for missing optional x509 cert
cam-buildit Nov 20, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions lib/templates/keyinfo.tpl.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,7 @@
<e:EncryptionMethod Algorithm="<%= keyEncryptionMethod %>">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</e:EncryptionMethod>
<KeyInfo>
<%- encryptionPublicCert %>
</KeyInfo>
<%- encryptionPublicCert %>
<e:CipherData>
<e:CipherValue><%= encryptedKey %></e:CipherValue>
</e:CipherData>
Expand Down
8 changes: 2 additions & 6 deletions lib/xmlenc.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ function encryptKeyInfoWithScheme(symmetricKey, options, scheme, callback) {

var params = {
encryptedKey: base64EncodedEncryptedKey,
encryptionPublicCert: '<X509Data><X509Certificate>' + utils.pemToCert(options.pem.toString()) + '</X509Certificate></X509Data>',
encryptionPublicCert: options.pem ? ('<KeyInfo><X509Data><X509Certificate>' + utils.pemToCert(options.pem.toString()) + '</X509Certificate></X509Data></KeyInfo>') : '',
keyEncryptionMethod: options.keyEncryptionAlgorighm
};

Expand All @@ -29,8 +29,6 @@ function encryptKeyInfo(symmetricKey, options, callback) {
return callback(new Error('must provide options'));
if (!options.rsa_pub)
return callback(new Error('must provide options.rsa_pub with public key RSA'));
if (!options.pem)
return callback(new Error('must provide options.pem with certificate'));

if (!options.keyEncryptionAlgorighm)
return callback(new Error('encryption without encrypted key is not supported yet'));
Expand All @@ -54,8 +52,6 @@ function encrypt(content, options, callback) {
return callback(new Error('must provide content to encrypt'));
if (!options.rsa_pub)
return callback(new Error('rsa_pub option is mandatory and you should provide a valid RSA public key'));
if (!options.pem)
return callback(new Error('pem option is mandatory and you should provide a valid x509 certificate encoded as PEM'));

options.input_encoding = options.input_encoding || 'utf8';

Expand Down Expand Up @@ -119,7 +115,7 @@ function decrypt(xml, options, callback) {
if (!options)
return callback(new Error('must provide options'));
if (!xml)
return callback(new Error('must provide XML to encrypt'));
return callback(new Error('must provide XML to decrypt'));
if (!options.key)
return callback(new Error('key option is mandatory and you should provide a valid RSA private key'));

Expand Down
26 changes: 26 additions & 0 deletions test/xmlenc.encryptedkey.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,17 @@ describe('encrypt', function() {
_shouldEncryptAndDecrypt('content to encrypt', algorithm.encryptionOptions, done);
});

it('should encrypt and decrypt xml when no x509 cert present', function (done) {
_shouldEncryptAndDecryptNoX509('content to encrypt', algorithm.encryptionOptions, done);
});

it('should encrypt and decrypt xml with utf8 chars', function (done) {
_shouldEncryptAndDecrypt('Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge', algorithm.encryptionOptions, done);
});

it('should encrypt and decrypt xml with utf8 chars when no x509 cert present', function (done) {
_shouldEncryptAndDecryptNoX509('Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge', algorithm.encryptionOptions, done);
});
});
});

Expand All @@ -58,6 +66,24 @@ describe('encrypt', function() {
});
}

function _shouldEncryptAndDecryptNoX509(content, options, done) {
// cert created with:
// openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/CN=auth0.auth0.com/O=Auth0 LLC/C=US/ST=Washington/L=Redmond' -keyout auth0.key -out auth0.pem
// pub key extracted from (only the RSA public key between BEGIN PUBLIC KEY and END PUBLIC KEY)
// openssl x509 -in "test-auth0.pem" -pubkey

options.rsa_pub = fs.readFileSync(__dirname + '/test-auth0_rsa.pub'),
// options.pem = fs.readFileSync(__dirname + '/test-auth0.pem'),
options.key = fs.readFileSync(__dirname + '/test-auth0.key'),

xmlenc.encrypt(content, options, function(err, result) {
xmlenc.decrypt(result, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function (err, decrypted) {
assert.equal(decrypted, content);
done();
});
});
}

it('should encrypt and decrypt keyinfo', function (done) {
var options = {
rsa_pub: fs.readFileSync(__dirname + '/test-auth0_rsa.pub'),
Expand Down