xml-crypto-next 7.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +22 -0
- package/README.md +592 -0
- package/lib/c14n-canonicalization.d.ts +39 -0
- package/lib/c14n-canonicalization.js +230 -0
- package/lib/c14n-canonicalization.js.map +1 -0
- package/lib/enveloped-signature.d.ts +7 -0
- package/lib/enveloped-signature.js +43 -0
- package/lib/enveloped-signature.js.map +1 -0
- package/lib/exclusive-canonicalization.d.ts +38 -0
- package/lib/exclusive-canonicalization.js +246 -0
- package/lib/exclusive-canonicalization.js.map +1 -0
- package/lib/hash-algorithms.d.ts +13 -0
- package/lib/hash-algorithms.js +47 -0
- package/lib/hash-algorithms.js.map +1 -0
- package/lib/index.d.ts +5 -0
- package/lib/index.js +28 -0
- package/lib/index.js.map +1 -0
- package/lib/signature-algorithms.d.ts +104 -0
- package/lib/signature-algorithms.js +242 -0
- package/lib/signature-algorithms.js.map +1 -0
- package/lib/signed-xml.d.ts +236 -0
- package/lib/signed-xml.js +1040 -0
- package/lib/signed-xml.js.map +1 -0
- package/lib/types.d.ts +144 -0
- package/lib/types.js +56 -0
- package/lib/types.js.map +1 -0
- package/lib/utils.d.ts +65 -0
- package/lib/utils.js +271 -0
- package/lib/utils.js.map +1 -0
- package/package.json +73 -0
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { HashAlgorithm } from "./types";
|
|
2
|
+
export declare class Sha1 implements HashAlgorithm {
|
|
3
|
+
getHash: (xml: any) => string;
|
|
4
|
+
getAlgorithmName: () => string;
|
|
5
|
+
}
|
|
6
|
+
export declare class Sha256 implements HashAlgorithm {
|
|
7
|
+
getHash: (xml: any) => string;
|
|
8
|
+
getAlgorithmName: () => string;
|
|
9
|
+
}
|
|
10
|
+
export declare class Sha512 implements HashAlgorithm {
|
|
11
|
+
getHash: (xml: any) => string;
|
|
12
|
+
getAlgorithmName: () => string;
|
|
13
|
+
}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.Sha512 = exports.Sha256 = exports.Sha1 = void 0;
|
|
4
|
+
const crypto = require("crypto");
|
|
5
|
+
class Sha1 {
|
|
6
|
+
constructor() {
|
|
7
|
+
this.getHash = function (xml) {
|
|
8
|
+
const shasum = crypto.createHash("sha1");
|
|
9
|
+
shasum.update(xml, "utf8");
|
|
10
|
+
const res = shasum.digest("base64");
|
|
11
|
+
return res;
|
|
12
|
+
};
|
|
13
|
+
this.getAlgorithmName = function () {
|
|
14
|
+
return "http://www.w3.org/2000/09/xmldsig#sha1";
|
|
15
|
+
};
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
exports.Sha1 = Sha1;
|
|
19
|
+
class Sha256 {
|
|
20
|
+
constructor() {
|
|
21
|
+
this.getHash = function (xml) {
|
|
22
|
+
const shasum = crypto.createHash("sha256");
|
|
23
|
+
shasum.update(xml, "utf8");
|
|
24
|
+
const res = shasum.digest("base64");
|
|
25
|
+
return res;
|
|
26
|
+
};
|
|
27
|
+
this.getAlgorithmName = function () {
|
|
28
|
+
return "http://www.w3.org/2001/04/xmlenc#sha256";
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
exports.Sha256 = Sha256;
|
|
33
|
+
class Sha512 {
|
|
34
|
+
constructor() {
|
|
35
|
+
this.getHash = function (xml) {
|
|
36
|
+
const shasum = crypto.createHash("sha512");
|
|
37
|
+
shasum.update(xml, "utf8");
|
|
38
|
+
const res = shasum.digest("base64");
|
|
39
|
+
return res;
|
|
40
|
+
};
|
|
41
|
+
this.getAlgorithmName = function () {
|
|
42
|
+
return "http://www.w3.org/2001/04/xmlenc#sha512";
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
exports.Sha512 = Sha512;
|
|
47
|
+
//# sourceMappingURL=hash-algorithms.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hash-algorithms.js","sourceRoot":"","sources":["../src/hash-algorithms.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AAGjC,MAAa,IAAI;IAAjB;QACE,YAAO,GAAG,UAAU,GAAG;YACrB,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACpC,OAAO,GAAG,CAAC;QACb,CAAC,CAAC;QAEF,qBAAgB,GAAG;YACjB,OAAO,wCAAwC,CAAC;QAClD,CAAC,CAAC;IACJ,CAAC;CAAA;AAXD,oBAWC;AAED,MAAa,MAAM;IAAnB;QACE,YAAO,GAAG,UAAU,GAAG;YACrB,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACpC,OAAO,GAAG,CAAC;QACb,CAAC,CAAC;QAEF,qBAAgB,GAAG;YACjB,OAAO,yCAAyC,CAAC;QACnD,CAAC,CAAC;IACJ,CAAC;CAAA;AAXD,wBAWC;AAED,MAAa,MAAM;IAAnB;QACE,YAAO,GAAG,UAAU,GAAG;YACrB,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACpC,OAAO,GAAG,CAAC;QACb,CAAC,CAAC;QAEF,qBAAgB,GAAG;YACjB,OAAO,yCAAyC,CAAC;QACnD,CAAC,CAAC;IACJ,CAAC;CAAA;AAXD,wBAWC","sourcesContent":["import * as crypto from \"crypto\";\r\nimport type { HashAlgorithm } from \"./types\";\r\n\r\nexport class Sha1 implements HashAlgorithm {\r\n getHash = function (xml) {\r\n const shasum = crypto.createHash(\"sha1\");\r\n shasum.update(xml, \"utf8\");\r\n const res = shasum.digest(\"base64\");\r\n return res;\r\n };\r\n\r\n getAlgorithmName = function () {\r\n return \"http://www.w3.org/2000/09/xmldsig#sha1\";\r\n };\r\n}\r\n\r\nexport class Sha256 implements HashAlgorithm {\r\n getHash = function (xml) {\r\n const shasum = crypto.createHash(\"sha256\");\r\n shasum.update(xml, \"utf8\");\r\n const res = shasum.digest(\"base64\");\r\n return res;\r\n };\r\n\r\n getAlgorithmName = function () {\r\n return \"http://www.w3.org/2001/04/xmlenc#sha256\";\r\n };\r\n}\r\n\r\nexport class Sha512 implements HashAlgorithm {\r\n getHash = function (xml) {\r\n const shasum = crypto.createHash(\"sha512\");\r\n shasum.update(xml, \"utf8\");\r\n const res = shasum.digest(\"base64\");\r\n return res;\r\n };\r\n\r\n getAlgorithmName = function () {\r\n return \"http://www.w3.org/2001/04/xmlenc#sha512\";\r\n };\r\n}\r\n"]}
|
package/lib/index.d.ts
ADDED
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export { C14nCanonicalization, C14nCanonicalizationWithComments } from "./c14n-canonicalization";
|
|
2
|
+
export { ExclusiveCanonicalization, ExclusiveCanonicalizationWithComments, } from "./exclusive-canonicalization";
|
|
3
|
+
export { SignedXml } from "./signed-xml";
|
|
4
|
+
export * from "./types";
|
|
5
|
+
export * from "./utils";
|
package/lib/index.js
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
exports.SignedXml = exports.ExclusiveCanonicalizationWithComments = exports.ExclusiveCanonicalization = exports.C14nCanonicalizationWithComments = exports.C14nCanonicalization = void 0;
|
|
18
|
+
var c14n_canonicalization_1 = require("./c14n-canonicalization");
|
|
19
|
+
Object.defineProperty(exports, "C14nCanonicalization", { enumerable: true, get: function () { return c14n_canonicalization_1.C14nCanonicalization; } });
|
|
20
|
+
Object.defineProperty(exports, "C14nCanonicalizationWithComments", { enumerable: true, get: function () { return c14n_canonicalization_1.C14nCanonicalizationWithComments; } });
|
|
21
|
+
var exclusive_canonicalization_1 = require("./exclusive-canonicalization");
|
|
22
|
+
Object.defineProperty(exports, "ExclusiveCanonicalization", { enumerable: true, get: function () { return exclusive_canonicalization_1.ExclusiveCanonicalization; } });
|
|
23
|
+
Object.defineProperty(exports, "ExclusiveCanonicalizationWithComments", { enumerable: true, get: function () { return exclusive_canonicalization_1.ExclusiveCanonicalizationWithComments; } });
|
|
24
|
+
var signed_xml_1 = require("./signed-xml");
|
|
25
|
+
Object.defineProperty(exports, "SignedXml", { enumerable: true, get: function () { return signed_xml_1.SignedXml; } });
|
|
26
|
+
__exportStar(require("./types"), exports);
|
|
27
|
+
__exportStar(require("./utils"), exports);
|
|
28
|
+
//# sourceMappingURL=index.js.map
|
package/lib/index.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,iEAAiG;AAAxF,6HAAA,oBAAoB,OAAA;AAAE,yIAAA,gCAAgC,OAAA;AAC/D,2EAGsC;AAFpC,uIAAA,yBAAyB,OAAA;AACzB,mJAAA,qCAAqC,OAAA;AAEvC,2CAAyC;AAAhC,uGAAA,SAAS,OAAA;AAClB,0CAAwB;AACxB,0CAAwB","sourcesContent":["export { C14nCanonicalization, C14nCanonicalizationWithComments } from \"./c14n-canonicalization\";\r\nexport {\r\n ExclusiveCanonicalization,\r\n ExclusiveCanonicalizationWithComments,\r\n} from \"./exclusive-canonicalization\";\r\nexport { SignedXml } from \"./signed-xml\";\r\nexport * from \"./types\";\r\nexport * from \"./utils\";\r\n"]}
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
import * as crypto from "crypto";
|
|
2
|
+
import { type SignatureAlgorithm } from "./types";
|
|
3
|
+
export declare class RsaSha1 implements SignatureAlgorithm {
|
|
4
|
+
getSignature: {
|
|
5
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string;
|
|
6
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike, args_2: import("./types").ErrorFirstCallback<string>): void;
|
|
7
|
+
};
|
|
8
|
+
verifySignature: {
|
|
9
|
+
(material: string, key: crypto.KeyLike, signatureValue: string): boolean;
|
|
10
|
+
(material: string, key: crypto.KeyLike, signatureValue: string, args_3: import("./types").ErrorFirstCallback<boolean>): void;
|
|
11
|
+
};
|
|
12
|
+
getAlgorithmName: () => string;
|
|
13
|
+
}
|
|
14
|
+
export declare class RsaSha256 implements SignatureAlgorithm {
|
|
15
|
+
getSignature: {
|
|
16
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string;
|
|
17
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike, args_2: import("./types").ErrorFirstCallback<string>): void;
|
|
18
|
+
};
|
|
19
|
+
verifySignature: {
|
|
20
|
+
(material: string, key: crypto.KeyLike, signatureValue: string): boolean;
|
|
21
|
+
(material: string, key: crypto.KeyLike, signatureValue: string, args_3: import("./types").ErrorFirstCallback<boolean>): void;
|
|
22
|
+
};
|
|
23
|
+
getAlgorithmName: () => string;
|
|
24
|
+
}
|
|
25
|
+
export declare class RsaSha256Mgf1 implements SignatureAlgorithm {
|
|
26
|
+
getSignature: {
|
|
27
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string;
|
|
28
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike, args_2: import("./types").ErrorFirstCallback<string>): void;
|
|
29
|
+
};
|
|
30
|
+
verifySignature: {
|
|
31
|
+
(material: string, key: crypto.KeyLike, signatureValue: string): boolean;
|
|
32
|
+
(material: string, key: crypto.KeyLike, signatureValue: string, args_3: import("./types").ErrorFirstCallback<boolean>): void;
|
|
33
|
+
};
|
|
34
|
+
getAlgorithmName: () => string;
|
|
35
|
+
}
|
|
36
|
+
export declare class RsaSha384 implements SignatureAlgorithm {
|
|
37
|
+
getSignature: {
|
|
38
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string;
|
|
39
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike, args_2: import("./types").ErrorFirstCallback<string>): void;
|
|
40
|
+
};
|
|
41
|
+
verifySignature: {
|
|
42
|
+
(material: string, key: crypto.KeyLike, signatureValue: string): boolean;
|
|
43
|
+
(material: string, key: crypto.KeyLike, signatureValue: string, args_3: import("./types").ErrorFirstCallback<boolean>): void;
|
|
44
|
+
};
|
|
45
|
+
getAlgorithmName: () => string;
|
|
46
|
+
}
|
|
47
|
+
export declare class RsaSha384Mgf1 implements SignatureAlgorithm {
|
|
48
|
+
getSignature: {
|
|
49
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string;
|
|
50
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike, args_2: import("./types").ErrorFirstCallback<string>): void;
|
|
51
|
+
};
|
|
52
|
+
verifySignature: {
|
|
53
|
+
(material: string, key: crypto.KeyLike, signatureValue: string): boolean;
|
|
54
|
+
(material: string, key: crypto.KeyLike, signatureValue: string, args_3: import("./types").ErrorFirstCallback<boolean>): void;
|
|
55
|
+
};
|
|
56
|
+
getAlgorithmName: () => string;
|
|
57
|
+
}
|
|
58
|
+
export declare class RsaSha512 implements SignatureAlgorithm {
|
|
59
|
+
getSignature: {
|
|
60
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string;
|
|
61
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike, args_2: import("./types").ErrorFirstCallback<string>): void;
|
|
62
|
+
};
|
|
63
|
+
verifySignature: {
|
|
64
|
+
(material: string, key: crypto.KeyLike, signatureValue: string): boolean;
|
|
65
|
+
(material: string, key: crypto.KeyLike, signatureValue: string, args_3: import("./types").ErrorFirstCallback<boolean>): void;
|
|
66
|
+
};
|
|
67
|
+
getAlgorithmName: () => string;
|
|
68
|
+
}
|
|
69
|
+
export declare class RsaSha512Mgf1 implements SignatureAlgorithm {
|
|
70
|
+
getSignature: {
|
|
71
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string;
|
|
72
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike, args_2: import("./types").ErrorFirstCallback<string>): void;
|
|
73
|
+
};
|
|
74
|
+
verifySignature: {
|
|
75
|
+
(material: string, key: crypto.KeyLike, signatureValue: string): boolean;
|
|
76
|
+
(material: string, key: crypto.KeyLike, signatureValue: string, args_3: import("./types").ErrorFirstCallback<boolean>): void;
|
|
77
|
+
};
|
|
78
|
+
getAlgorithmName: () => string;
|
|
79
|
+
}
|
|
80
|
+
export declare class Ed25519 implements SignatureAlgorithm {
|
|
81
|
+
getSignature: {
|
|
82
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string;
|
|
83
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike, args_2: import("./types").ErrorFirstCallback<string>): void;
|
|
84
|
+
};
|
|
85
|
+
verifySignature: {
|
|
86
|
+
(material: string, key: crypto.KeyLike, signatureValue: string): boolean;
|
|
87
|
+
(material: string, key: crypto.KeyLike, signatureValue: string, args_3: import("./types").ErrorFirstCallback<boolean>): void;
|
|
88
|
+
};
|
|
89
|
+
getAlgorithmName: () => string;
|
|
90
|
+
}
|
|
91
|
+
declare module "crypto" {
|
|
92
|
+
function BinaryLikeToBuffer(data: crypto.BinaryLike): Buffer;
|
|
93
|
+
}
|
|
94
|
+
export declare class HmacSha1 implements SignatureAlgorithm {
|
|
95
|
+
getSignature: {
|
|
96
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string;
|
|
97
|
+
(signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike, args_2: import("./types").ErrorFirstCallback<string>): void;
|
|
98
|
+
};
|
|
99
|
+
verifySignature: {
|
|
100
|
+
(material: string, key: crypto.KeyLike, signatureValue: string): boolean;
|
|
101
|
+
(material: string, key: crypto.KeyLike, signatureValue: string, args_3: import("./types").ErrorFirstCallback<boolean>): void;
|
|
102
|
+
};
|
|
103
|
+
getAlgorithmName: () => string;
|
|
104
|
+
}
|
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HmacSha1 = exports.Ed25519 = exports.RsaSha512Mgf1 = exports.RsaSha512 = exports.RsaSha384Mgf1 = exports.RsaSha384 = exports.RsaSha256Mgf1 = exports.RsaSha256 = exports.RsaSha1 = void 0;
|
|
4
|
+
const crypto = require("crypto");
|
|
5
|
+
const types_1 = require("./types");
|
|
6
|
+
class RsaSha1 {
|
|
7
|
+
constructor() {
|
|
8
|
+
this.getSignature = (0, types_1.createOptionalCallbackFunction)((signedInfo, privateKey) => {
|
|
9
|
+
const signer = crypto.createSign("RSA-SHA1");
|
|
10
|
+
signer.update(signedInfo);
|
|
11
|
+
const res = signer.sign(privateKey, "base64");
|
|
12
|
+
return res;
|
|
13
|
+
});
|
|
14
|
+
this.verifySignature = (0, types_1.createOptionalCallbackFunction)((material, key, signatureValue) => {
|
|
15
|
+
const verifier = crypto.createVerify("RSA-SHA1");
|
|
16
|
+
verifier.update(material);
|
|
17
|
+
const res = verifier.verify(key, signatureValue, "base64");
|
|
18
|
+
return res;
|
|
19
|
+
});
|
|
20
|
+
this.getAlgorithmName = () => {
|
|
21
|
+
return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
|
|
22
|
+
};
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
exports.RsaSha1 = RsaSha1;
|
|
26
|
+
class RsaSha256 {
|
|
27
|
+
constructor() {
|
|
28
|
+
this.getSignature = (0, types_1.createOptionalCallbackFunction)((signedInfo, privateKey) => {
|
|
29
|
+
const signer = crypto.createSign("RSA-SHA256");
|
|
30
|
+
signer.update(signedInfo);
|
|
31
|
+
const res = signer.sign(privateKey, "base64");
|
|
32
|
+
return res;
|
|
33
|
+
});
|
|
34
|
+
this.verifySignature = (0, types_1.createOptionalCallbackFunction)((material, key, signatureValue) => {
|
|
35
|
+
const verifier = crypto.createVerify("RSA-SHA256");
|
|
36
|
+
verifier.update(material);
|
|
37
|
+
const res = verifier.verify(key, signatureValue, "base64");
|
|
38
|
+
return res;
|
|
39
|
+
});
|
|
40
|
+
this.getAlgorithmName = () => {
|
|
41
|
+
return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
|
|
42
|
+
};
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
exports.RsaSha256 = RsaSha256;
|
|
46
|
+
class RsaSha256Mgf1 {
|
|
47
|
+
constructor() {
|
|
48
|
+
this.getSignature = (0, types_1.createOptionalCallbackFunction)((signedInfo, privateKey) => {
|
|
49
|
+
if (!(typeof privateKey === "string" || Buffer.isBuffer(privateKey))) {
|
|
50
|
+
throw new Error("keys must be strings or buffers");
|
|
51
|
+
}
|
|
52
|
+
const signer = crypto.createSign("RSA-SHA256");
|
|
53
|
+
signer.update(signedInfo);
|
|
54
|
+
const res = signer.sign({
|
|
55
|
+
key: privateKey,
|
|
56
|
+
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
|
|
57
|
+
saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,
|
|
58
|
+
}, "base64");
|
|
59
|
+
return res;
|
|
60
|
+
});
|
|
61
|
+
this.verifySignature = (0, types_1.createOptionalCallbackFunction)((material, key, signatureValue) => {
|
|
62
|
+
if (!(typeof key === "string" || Buffer.isBuffer(key))) {
|
|
63
|
+
throw new Error("keys must be strings or buffers");
|
|
64
|
+
}
|
|
65
|
+
const verifier = crypto.createVerify("RSA-SHA256");
|
|
66
|
+
verifier.update(material);
|
|
67
|
+
const res = verifier.verify({
|
|
68
|
+
key: key,
|
|
69
|
+
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
|
|
70
|
+
saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,
|
|
71
|
+
}, signatureValue, "base64");
|
|
72
|
+
return res;
|
|
73
|
+
});
|
|
74
|
+
this.getAlgorithmName = () => {
|
|
75
|
+
return "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1";
|
|
76
|
+
};
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
exports.RsaSha256Mgf1 = RsaSha256Mgf1;
|
|
80
|
+
class RsaSha384 {
|
|
81
|
+
constructor() {
|
|
82
|
+
this.getSignature = (0, types_1.createOptionalCallbackFunction)((signedInfo, privateKey) => {
|
|
83
|
+
const signer = crypto.createSign("RSA-SHA384");
|
|
84
|
+
signer.update(signedInfo);
|
|
85
|
+
const res = signer.sign(privateKey, "base64");
|
|
86
|
+
return res;
|
|
87
|
+
});
|
|
88
|
+
this.verifySignature = (0, types_1.createOptionalCallbackFunction)((material, key, signatureValue) => {
|
|
89
|
+
const verifier = crypto.createVerify("RSA-SHA384");
|
|
90
|
+
verifier.update(material);
|
|
91
|
+
const res = verifier.verify(key, signatureValue, "base64");
|
|
92
|
+
return res;
|
|
93
|
+
});
|
|
94
|
+
this.getAlgorithmName = () => {
|
|
95
|
+
return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
exports.RsaSha384 = RsaSha384;
|
|
100
|
+
class RsaSha384Mgf1 {
|
|
101
|
+
constructor() {
|
|
102
|
+
this.getSignature = (0, types_1.createOptionalCallbackFunction)((signedInfo, privateKey) => {
|
|
103
|
+
if (!(typeof privateKey === "string" || Buffer.isBuffer(privateKey))) {
|
|
104
|
+
throw new Error("keys must be strings or buffers");
|
|
105
|
+
}
|
|
106
|
+
const signer = crypto.createSign("RSA-SHA384");
|
|
107
|
+
signer.update(signedInfo);
|
|
108
|
+
const res = signer.sign({
|
|
109
|
+
key: privateKey,
|
|
110
|
+
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
|
|
111
|
+
saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,
|
|
112
|
+
}, "base64");
|
|
113
|
+
return res;
|
|
114
|
+
});
|
|
115
|
+
this.verifySignature = (0, types_1.createOptionalCallbackFunction)((material, key, signatureValue) => {
|
|
116
|
+
if (!(typeof key === "string" || Buffer.isBuffer(key))) {
|
|
117
|
+
throw new Error("keys must be strings or buffers");
|
|
118
|
+
}
|
|
119
|
+
const verifier = crypto.createVerify("RSA-SHA384");
|
|
120
|
+
verifier.update(material);
|
|
121
|
+
const res = verifier.verify({
|
|
122
|
+
key: key,
|
|
123
|
+
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
|
|
124
|
+
saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,
|
|
125
|
+
}, signatureValue, "base64");
|
|
126
|
+
return res;
|
|
127
|
+
});
|
|
128
|
+
this.getAlgorithmName = () => {
|
|
129
|
+
return "http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1";
|
|
130
|
+
};
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
exports.RsaSha384Mgf1 = RsaSha384Mgf1;
|
|
134
|
+
class RsaSha512 {
|
|
135
|
+
constructor() {
|
|
136
|
+
this.getSignature = (0, types_1.createOptionalCallbackFunction)((signedInfo, privateKey) => {
|
|
137
|
+
const signer = crypto.createSign("RSA-SHA512");
|
|
138
|
+
signer.update(signedInfo);
|
|
139
|
+
const res = signer.sign(privateKey, "base64");
|
|
140
|
+
return res;
|
|
141
|
+
});
|
|
142
|
+
this.verifySignature = (0, types_1.createOptionalCallbackFunction)((material, key, signatureValue) => {
|
|
143
|
+
const verifier = crypto.createVerify("RSA-SHA512");
|
|
144
|
+
verifier.update(material);
|
|
145
|
+
const res = verifier.verify(key, signatureValue, "base64");
|
|
146
|
+
return res;
|
|
147
|
+
});
|
|
148
|
+
this.getAlgorithmName = () => {
|
|
149
|
+
return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
|
|
150
|
+
};
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
exports.RsaSha512 = RsaSha512;
|
|
154
|
+
class RsaSha512Mgf1 {
|
|
155
|
+
constructor() {
|
|
156
|
+
this.getSignature = (0, types_1.createOptionalCallbackFunction)((signedInfo, privateKey) => {
|
|
157
|
+
if (!(typeof privateKey === "string" || Buffer.isBuffer(privateKey))) {
|
|
158
|
+
throw new Error("keys must be strings or buffers");
|
|
159
|
+
}
|
|
160
|
+
const signer = crypto.createSign("RSA-SHA512");
|
|
161
|
+
signer.update(signedInfo);
|
|
162
|
+
const res = signer.sign({
|
|
163
|
+
key: privateKey,
|
|
164
|
+
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
|
|
165
|
+
saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,
|
|
166
|
+
}, "base64");
|
|
167
|
+
return res;
|
|
168
|
+
});
|
|
169
|
+
this.verifySignature = (0, types_1.createOptionalCallbackFunction)((material, key, signatureValue) => {
|
|
170
|
+
if (!(typeof key === "string" || Buffer.isBuffer(key))) {
|
|
171
|
+
throw new Error("keys must be strings or buffers");
|
|
172
|
+
}
|
|
173
|
+
const verifier = crypto.createVerify("RSA-SHA512");
|
|
174
|
+
verifier.update(material);
|
|
175
|
+
const res = verifier.verify({
|
|
176
|
+
key: key,
|
|
177
|
+
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
|
|
178
|
+
saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,
|
|
179
|
+
}, signatureValue, "base64");
|
|
180
|
+
return res;
|
|
181
|
+
});
|
|
182
|
+
this.getAlgorithmName = () => {
|
|
183
|
+
return "http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1";
|
|
184
|
+
};
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
exports.RsaSha512Mgf1 = RsaSha512Mgf1;
|
|
188
|
+
class Ed25519 {
|
|
189
|
+
constructor() {
|
|
190
|
+
this.getSignature = (0, types_1.createOptionalCallbackFunction)((signedInfo, privateKey) => {
|
|
191
|
+
if (!(typeof privateKey === "string" || Buffer.isBuffer(privateKey))) {
|
|
192
|
+
throw new Error("keys must be strings or buffers");
|
|
193
|
+
}
|
|
194
|
+
// 使用 crypto.sign() 一次性签名 (Ed25519 不支持流式处理)
|
|
195
|
+
const signature = crypto.sign(null, signedInfo, privateKey);
|
|
196
|
+
return signature.toString('base64');
|
|
197
|
+
});
|
|
198
|
+
this.verifySignature = (0, types_1.createOptionalCallbackFunction)((material, key, signatureValue) => {
|
|
199
|
+
if (!(typeof key === "string" || Buffer.isBuffer(key))) {
|
|
200
|
+
throw new Error("keys must be strings or buffers");
|
|
201
|
+
}
|
|
202
|
+
// 将 Base64 签名转换为 Buffer
|
|
203
|
+
const signature = Buffer.from(signatureValue, 'base64');
|
|
204
|
+
// 使用 crypto.verify() 验证签名
|
|
205
|
+
// @ts-ignore
|
|
206
|
+
return crypto.verify(null, material, key, signature);
|
|
207
|
+
});
|
|
208
|
+
this.getAlgorithmName = () => {
|
|
209
|
+
return "http://www.w3.org/2007/05/xmldsig-more#eddsa-ed25519";
|
|
210
|
+
};
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
exports.Ed25519 = Ed25519;
|
|
214
|
+
class HmacSha1 {
|
|
215
|
+
constructor() {
|
|
216
|
+
this.getSignature = (0, types_1.createOptionalCallbackFunction)((signedInfo, privateKey) => {
|
|
217
|
+
const signer = crypto.createHmac("SHA1", privateKey);
|
|
218
|
+
signer.update(signedInfo);
|
|
219
|
+
const res = signer.digest("base64");
|
|
220
|
+
return res;
|
|
221
|
+
});
|
|
222
|
+
this.verifySignature = (0, types_1.createOptionalCallbackFunction)((material, key, signatureValue) => {
|
|
223
|
+
const verifier = crypto.createHmac("SHA1", key);
|
|
224
|
+
verifier.update(material);
|
|
225
|
+
const res = verifier.digest("base64");
|
|
226
|
+
// Use constant-time comparison to prevent timing attacks (CWE-208)
|
|
227
|
+
// See: https://github.com/node-saml/xml-crypto/issues/522
|
|
228
|
+
try {
|
|
229
|
+
return crypto.timingSafeEqual(Buffer.from(res, "base64"), Buffer.from(signatureValue, "base64"));
|
|
230
|
+
}
|
|
231
|
+
catch (e) {
|
|
232
|
+
// timingSafeEqual throws if buffer lengths don't match
|
|
233
|
+
return false;
|
|
234
|
+
}
|
|
235
|
+
});
|
|
236
|
+
this.getAlgorithmName = () => {
|
|
237
|
+
return "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
|
|
238
|
+
};
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
exports.HmacSha1 = HmacSha1;
|
|
242
|
+
//# sourceMappingURL=signature-algorithms.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"signature-algorithms.js","sourceRoot":"","sources":["../src/signature-algorithms.ts"],"names":[],"mappings":";;;AAAA,iCAAiC;AACjC,mCAAkF;AAElF,MAAa,OAAO;IAApB;QACE,iBAAY,GAAG,IAAA,sCAA8B,EAC3C,CAAC,UAA6B,EAAE,UAA0B,EAAU,EAAE;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC7C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAE9C,OAAO,GAAG,CAAC;QACb,CAAC,CACF,CAAC;QAEF,oBAAe,GAAG,IAAA,sCAA8B,EAC9C,CAAC,QAAgB,EAAE,GAAmB,EAAE,cAAsB,EAAW,EAAE;YACzE,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YACjD,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;YAE3D,OAAO,GAAG,CAAC;QACb,CAAC,CACF,CAAC;QAEF,qBAAgB,GAAG,GAAG,EAAE;YACtB,OAAO,4CAA4C,CAAC;QACtD,CAAC,CAAC;IACJ,CAAC;CAAA;AAxBD,0BAwBC;AAED,MAAa,SAAS;IAAtB;QACE,iBAAY,GAAG,IAAA,sCAA8B,EAC3C,CAAC,UAA6B,EAAE,UAA0B,EAAU,EAAE;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAE9C,OAAO,GAAG,CAAC;QACb,CAAC,CACF,CAAC;QAEF,oBAAe,GAAG,IAAA,sCAA8B,EAC9C,CAAC,QAAgB,EAAE,GAAmB,EAAE,cAAsB,EAAW,EAAE;YACzE,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YACnD,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;YAE3D,OAAO,GAAG,CAAC;QACb,CAAC,CACF,CAAC;QAEF,qBAAgB,GAAG,GAAG,EAAE;YACtB,OAAO,mDAAmD,CAAC;QAC7D,CAAC,CAAC;IACJ,CAAC;CAAA;AAxBD,8BAwBC;AAED,MAAa,aAAa;IAA1B;QACE,iBAAY,GAAG,IAAA,sCAA8B,EAC3C,CAAC,UAA6B,EAAE,UAA0B,EAAU,EAAE;YACpE,IAAI,CAAC,CAAC,OAAO,UAAU,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;gBACrE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CACrB;gBACE,GAAG,EAAE,UAAU;gBACf,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,qBAAqB;gBAC/C,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,sBAAsB;aACpD,EACD,QAAQ,CACT,CAAC;YAEF,OAAO,GAAG,CAAC;QACb,CAAC,CACF,CAAC;QAEF,oBAAe,GAAG,IAAA,sCAA8B,EAC9C,CAAC,QAAgB,EAAE,GAAmB,EAAE,cAAsB,EAAW,EAAE;YACzE,IAAI,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACvD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YACnD,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CACzB;gBACE,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,qBAAqB;gBAC/C,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,sBAAsB;aACpD,EACD,cAAc,EACd,QAAQ,CACT,CAAC;YAEF,OAAO,GAAG,CAAC;QACb,CAAC,CACF,CAAC;QAEF,qBAAgB,GAAG,GAAG,EAAE;YACtB,OAAO,wDAAwD,CAAC;QAClE,CAAC,CAAC;IACJ,CAAC;CAAA;AA7CD,sCA6CC;AACD,MAAa,SAAS;IAAtB;QACI,iBAAY,GAAG,IAAA,sCAA8B,EACzC,CAAC,UAA6B,EAAE,UAA0B,EAAU,EAAE;YAClE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAE9C,OAAO,GAAG,CAAC;QACf,CAAC,CACJ,CAAC;QAEF,oBAAe,GAAG,IAAA,sCAA8B,EAC5C,CAAC,QAAgB,EAAE,GAAmB,EAAE,cAAsB,EAAW,EAAE;YACvE,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YACnD,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;YAE3D,OAAO,GAAG,CAAC;QACf,CAAC,CACJ,CAAC;QAEF,qBAAgB,GAAG,GAAG,EAAE;YACpB,OAAO,mDAAmD,CAAC;QAC/D,CAAC,CAAC;IACN,CAAC;CAAA;AAxBD,8BAwBC;AAED,MAAa,aAAa;IAA1B;QACI,iBAAY,GAAG,IAAA,sCAA8B,EACzC,CAAC,UAA6B,EAAE,UAA0B,EAAU,EAAE;YAClE,IAAI,CAAC,CAAC,OAAO,UAAU,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;gBACnE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACvD,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CACnB;gBACI,GAAG,EAAE,UAAU;gBACf,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,qBAAqB;gBAC/C,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,sBAAsB;aACtD,EACD,QAAQ,CACX,CAAC;YAEF,OAAO,GAAG,CAAC;QACf,CAAC,CACJ,CAAC;QAEF,oBAAe,GAAG,IAAA,sCAA8B,EAC5C,CAAC,QAAgB,EAAE,GAAmB,EAAE,cAAsB,EAAW,EAAE;YACvE,IAAI,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACrD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACvD,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YACnD,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CACvB;gBACI,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,qBAAqB;gBAC/C,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,sBAAsB;aACtD,EACD,cAAc,EACd,QAAQ,CACX,CAAC;YAEF,OAAO,GAAG,CAAC;QACf,CAAC,CACJ,CAAC;QAEF,qBAAgB,GAAG,GAAG,EAAE;YACpB,OAAO,wDAAwD,CAAC;QACpE,CAAC,CAAC;IACN,CAAC;CAAA;AA7CD,sCA6CC;AACD,MAAa,SAAS;IAAtB;QACE,iBAAY,GAAG,IAAA,sCAA8B,EAC3C,CAAC,UAA6B,EAAE,UAA0B,EAAU,EAAE;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAE9C,OAAO,GAAG,CAAC;QACb,CAAC,CACF,CAAC;QAEF,oBAAe,GAAG,IAAA,sCAA8B,EAC9C,CAAC,QAAgB,EAAE,GAAmB,EAAE,cAAsB,EAAW,EAAE;YACzE,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YACnD,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;YAE3D,OAAO,GAAG,CAAC;QACb,CAAC,CACF,CAAC;QAEF,qBAAgB,GAAG,GAAG,EAAE;YACtB,OAAO,mDAAmD,CAAC;QAC7D,CAAC,CAAC;IACJ,CAAC;CAAA;AAxBD,8BAwBC;AACD,MAAa,aAAa;IAA1B;QACI,iBAAY,GAAG,IAAA,sCAA8B,EACzC,CAAC,UAA6B,EAAE,UAA0B,EAAU,EAAE;YAClE,IAAI,CAAC,CAAC,OAAO,UAAU,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;gBACnE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACvD,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CACnB;gBACI,GAAG,EAAE,UAAU;gBACf,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,qBAAqB;gBAC/C,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,sBAAsB;aACtD,EACD,QAAQ,CACX,CAAC;YAEF,OAAO,GAAG,CAAC;QACf,CAAC,CACJ,CAAC;QAEF,oBAAe,GAAG,IAAA,sCAA8B,EAC5C,CAAC,QAAgB,EAAE,GAAmB,EAAE,cAAsB,EAAW,EAAE;YACvE,IAAI,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACrD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACvD,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YACnD,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CACvB;gBACI,GAAG,EAAE,GAAG;gBACR,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,qBAAqB;gBAC/C,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,sBAAsB;aACtD,EACD,cAAc,EACd,QAAQ,CACX,CAAC;YAEF,OAAO,GAAG,CAAC;QACf,CAAC,CACJ,CAAC;QAEF,qBAAgB,GAAG,GAAG,EAAE;YACpB,OAAO,wDAAwD,CAAC;QACpE,CAAC,CAAC;IACN,CAAC;CAAA;AA7CD,sCA6CC;AACD,MAAa,OAAO;IAApB;QACI,iBAAY,GAAG,IAAA,sCAA8B,EACzC,CAAC,UAA6B,EAAE,UAA0B,EAAU,EAAE;YAClE,IAAI,CAAC,CAAC,OAAO,UAAU,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;gBACnE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACvD,CAAC;YACD,2CAA2C;YAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAA8U,UAAU,EAAE,UAAU,CAAC,CAAC;YACxY,OAAO,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC,CACJ,CAAC;QAEF,oBAAe,GAAG,IAAA,sCAA8B,EAC5C,CAAC,QAAgB,EAAE,GAAmB,EAAE,cAAsB,EAAW,EAAE;YACvE,IAAI,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACrD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACvD,CAAC;YACD,wBAAwB;YACxB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;YACxD,0BAA0B;YAC1B,aAAa;YACb,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;QACzD,CAAC,CACJ,CAAC;QAEF,qBAAgB,GAAG,GAAG,EAAE;YACpB,OAAO,sDAAsD,CAAC;QAClE,CAAC,CAAC;IACN,CAAC;CAAA;AA5BD,0BA4BC;AAQD,MAAa,QAAQ;IAArB;QACE,iBAAY,GAAG,IAAA,sCAA8B,EAC3C,CAAC,UAA6B,EAAE,UAA0B,EAAU,EAAE;YACpE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAEpC,OAAO,GAAG,CAAC;QACb,CAAC,CACF,CAAC;QAEF,oBAAe,GAAG,IAAA,sCAA8B,EAC9C,CAAC,QAAgB,EAAE,GAAmB,EAAE,cAAsB,EAAW,EAAE;YACzE,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAChD,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAEtC,mEAAmE;YACnE,0DAA0D;YAC1D,IAAI,CAAC;gBACH,OAAO,MAAM,CAAC,eAAe,CAC3B,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,EAC1B,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CACtC,CAAC;YACJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,uDAAuD;gBACvD,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC,CACF,CAAC;QAEF,qBAAgB,GAAG,GAAG,EAAE;YACtB,OAAO,6CAA6C,CAAC;QACvD,CAAC,CAAC;IACJ,CAAC;CAAA;AAlCD,4BAkCC","sourcesContent":["import * as crypto from \"crypto\";\r\nimport { type SignatureAlgorithm, createOptionalCallbackFunction } from \"./types\";\r\n\r\nexport class RsaSha1 implements SignatureAlgorithm {\r\n getSignature = createOptionalCallbackFunction(\r\n (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {\r\n const signer = crypto.createSign(\"RSA-SHA1\");\r\n signer.update(signedInfo);\r\n const res = signer.sign(privateKey, \"base64\");\r\n\r\n return res;\r\n },\r\n );\r\n\r\n verifySignature = createOptionalCallbackFunction(\r\n (material: string, key: crypto.KeyLike, signatureValue: string): boolean => {\r\n const verifier = crypto.createVerify(\"RSA-SHA1\");\r\n verifier.update(material);\r\n const res = verifier.verify(key, signatureValue, \"base64\");\r\n\r\n return res;\r\n },\r\n );\r\n\r\n getAlgorithmName = () => {\r\n return \"http://www.w3.org/2000/09/xmldsig#rsa-sha1\";\r\n };\r\n}\r\n\r\nexport class RsaSha256 implements SignatureAlgorithm {\r\n getSignature = createOptionalCallbackFunction(\r\n (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {\r\n const signer = crypto.createSign(\"RSA-SHA256\");\r\n signer.update(signedInfo);\r\n const res = signer.sign(privateKey, \"base64\");\r\n\r\n return res;\r\n },\r\n );\r\n\r\n verifySignature = createOptionalCallbackFunction(\r\n (material: string, key: crypto.KeyLike, signatureValue: string): boolean => {\r\n const verifier = crypto.createVerify(\"RSA-SHA256\");\r\n verifier.update(material);\r\n const res = verifier.verify(key, signatureValue, \"base64\");\r\n\r\n return res;\r\n },\r\n );\r\n\r\n getAlgorithmName = () => {\r\n return \"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\";\r\n };\r\n}\r\n\r\nexport class RsaSha256Mgf1 implements SignatureAlgorithm {\r\n getSignature = createOptionalCallbackFunction(\r\n (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {\r\n if (!(typeof privateKey === \"string\" || Buffer.isBuffer(privateKey))) {\r\n throw new Error(\"keys must be strings or buffers\");\r\n }\r\n const signer = crypto.createSign(\"RSA-SHA256\");\r\n signer.update(signedInfo);\r\n const res = signer.sign(\r\n {\r\n key: privateKey,\r\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\r\n saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,\r\n },\r\n \"base64\",\r\n );\r\n\r\n return res;\r\n },\r\n );\r\n\r\n verifySignature = createOptionalCallbackFunction(\r\n (material: string, key: crypto.KeyLike, signatureValue: string): boolean => {\r\n if (!(typeof key === \"string\" || Buffer.isBuffer(key))) {\r\n throw new Error(\"keys must be strings or buffers\");\r\n }\r\n const verifier = crypto.createVerify(\"RSA-SHA256\");\r\n verifier.update(material);\r\n const res = verifier.verify(\r\n {\r\n key: key,\r\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\r\n saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,\r\n },\r\n signatureValue,\r\n \"base64\",\r\n );\r\n\r\n return res;\r\n },\r\n );\r\n\r\n getAlgorithmName = () => {\r\n return \"http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1\";\r\n };\r\n}\r\nexport class RsaSha384 implements SignatureAlgorithm {\r\n getSignature = createOptionalCallbackFunction(\r\n (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {\r\n const signer = crypto.createSign(\"RSA-SHA384\");\r\n signer.update(signedInfo);\r\n const res = signer.sign(privateKey, \"base64\");\r\n\r\n return res;\r\n },\r\n );\r\n\r\n verifySignature = createOptionalCallbackFunction(\r\n (material: string, key: crypto.KeyLike, signatureValue: string): boolean => {\r\n const verifier = crypto.createVerify(\"RSA-SHA384\");\r\n verifier.update(material);\r\n const res = verifier.verify(key, signatureValue, \"base64\");\r\n\r\n return res;\r\n },\r\n );\r\n\r\n getAlgorithmName = () => {\r\n return \"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384\";\r\n };\r\n}\r\n\r\nexport class RsaSha384Mgf1 implements SignatureAlgorithm {\r\n getSignature = createOptionalCallbackFunction(\r\n (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {\r\n if (!(typeof privateKey === \"string\" || Buffer.isBuffer(privateKey))) {\r\n throw new Error(\"keys must be strings or buffers\");\r\n }\r\n const signer = crypto.createSign(\"RSA-SHA384\");\r\n signer.update(signedInfo);\r\n const res = signer.sign(\r\n {\r\n key: privateKey,\r\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\r\n saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,\r\n },\r\n \"base64\",\r\n );\r\n\r\n return res;\r\n },\r\n );\r\n\r\n verifySignature = createOptionalCallbackFunction(\r\n (material: string, key: crypto.KeyLike, signatureValue: string): boolean => {\r\n if (!(typeof key === \"string\" || Buffer.isBuffer(key))) {\r\n throw new Error(\"keys must be strings or buffers\");\r\n }\r\n const verifier = crypto.createVerify(\"RSA-SHA384\");\r\n verifier.update(material);\r\n const res = verifier.verify(\r\n {\r\n key: key,\r\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\r\n saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,\r\n },\r\n signatureValue,\r\n \"base64\",\r\n );\r\n\r\n return res;\r\n },\r\n );\r\n\r\n getAlgorithmName = () => {\r\n return \"http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1\";\r\n };\r\n}\r\nexport class RsaSha512 implements SignatureAlgorithm {\r\n getSignature = createOptionalCallbackFunction(\r\n (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {\r\n const signer = crypto.createSign(\"RSA-SHA512\");\r\n signer.update(signedInfo);\r\n const res = signer.sign(privateKey, \"base64\");\r\n\r\n return res;\r\n },\r\n );\r\n\r\n verifySignature = createOptionalCallbackFunction(\r\n (material: string, key: crypto.KeyLike, signatureValue: string): boolean => {\r\n const verifier = crypto.createVerify(\"RSA-SHA512\");\r\n verifier.update(material);\r\n const res = verifier.verify(key, signatureValue, \"base64\");\r\n\r\n return res;\r\n },\r\n );\r\n\r\n getAlgorithmName = () => {\r\n return \"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512\";\r\n };\r\n}\r\nexport class RsaSha512Mgf1 implements SignatureAlgorithm {\r\n getSignature = createOptionalCallbackFunction(\r\n (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {\r\n if (!(typeof privateKey === \"string\" || Buffer.isBuffer(privateKey))) {\r\n throw new Error(\"keys must be strings or buffers\");\r\n }\r\n const signer = crypto.createSign(\"RSA-SHA512\");\r\n signer.update(signedInfo);\r\n const res = signer.sign(\r\n {\r\n key: privateKey,\r\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\r\n saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,\r\n },\r\n \"base64\",\r\n );\r\n\r\n return res;\r\n },\r\n );\r\n\r\n verifySignature = createOptionalCallbackFunction(\r\n (material: string, key: crypto.KeyLike, signatureValue: string): boolean => {\r\n if (!(typeof key === \"string\" || Buffer.isBuffer(key))) {\r\n throw new Error(\"keys must be strings or buffers\");\r\n }\r\n const verifier = crypto.createVerify(\"RSA-SHA512\");\r\n verifier.update(material);\r\n const res = verifier.verify(\r\n {\r\n key: key,\r\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\r\n saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST,\r\n },\r\n signatureValue,\r\n \"base64\",\r\n );\r\n\r\n return res;\r\n },\r\n );\r\n\r\n getAlgorithmName = () => {\r\n return \"http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1\";\r\n };\r\n}\r\nexport class Ed25519 implements SignatureAlgorithm {\r\n getSignature = createOptionalCallbackFunction(\r\n (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {\r\n if (!(typeof privateKey === \"string\" || Buffer.isBuffer(privateKey))) {\r\n throw new Error(\"keys must be strings or buffers\");\r\n }\r\n // 使用 crypto.sign() 一次性签名 (Ed25519 不支持流式处理)\r\n const signature = crypto.sign(null, <Uint8Array<ArrayBuffer> | Uint8ClampedArray<ArrayBuffer> | Uint16Array<ArrayBuffer> | Uint32Array<ArrayBuffer> | Int8Array<ArrayBuffer> | Int16Array<ArrayBuffer> | Int32Array<ArrayBuffer> | BigUint64Array<ArrayBuffer> | BigInt64Array<ArrayBuffer> | Float32Array<ArrayBuffer> | Float64Array<ArrayBuffer> | DataView<ArrayBufferLike>>signedInfo, privateKey);\r\n return signature.toString('base64');\r\n },\r\n );\r\n\r\n verifySignature = createOptionalCallbackFunction(\r\n (material: string, key: crypto.KeyLike, signatureValue: string): boolean => {\r\n if (!(typeof key === \"string\" || Buffer.isBuffer(key))) {\r\n throw new Error(\"keys must be strings or buffers\");\r\n }\r\n // 将 Base64 签名转换为 Buffer\r\n const signature = Buffer.from(signatureValue, 'base64');\r\n // 使用 crypto.verify() 验证签名\r\n // @ts-ignore\r\n return crypto.verify(null, material, key, signature);\r\n },\r\n );\r\n\r\n getAlgorithmName = () => {\r\n return \"http://www.w3.org/2007/05/xmldsig-more#eddsa-ed25519\";\r\n };\r\n}\r\n\r\n// 添加辅助函数将 BinaryLike 转换为 Buffer\r\ndeclare module \"crypto\" {\r\n export function BinaryLikeToBuffer(data: crypto.BinaryLike): Buffer;\r\n}\r\n\r\n\r\nexport class HmacSha1 implements SignatureAlgorithm {\r\n getSignature = createOptionalCallbackFunction(\r\n (signedInfo: crypto.BinaryLike, privateKey: crypto.KeyLike): string => {\r\n const signer = crypto.createHmac(\"SHA1\", privateKey);\r\n signer.update(signedInfo);\r\n const res = signer.digest(\"base64\");\r\n\r\n return res;\r\n },\r\n );\r\n\r\n verifySignature = createOptionalCallbackFunction(\r\n (material: string, key: crypto.KeyLike, signatureValue: string): boolean => {\r\n const verifier = crypto.createHmac(\"SHA1\", key);\r\n verifier.update(material);\r\n const res = verifier.digest(\"base64\");\r\n\r\n // Use constant-time comparison to prevent timing attacks (CWE-208)\r\n // See: https://github.com/node-saml/xml-crypto/issues/522\r\n try {\r\n return crypto.timingSafeEqual(\r\n Buffer.from(res, \"base64\"),\r\n Buffer.from(signatureValue, \"base64\"),\r\n );\r\n } catch (e) {\r\n // timingSafeEqual throws if buffer lengths don't match\r\n return false;\r\n }\r\n },\r\n );\r\n\r\n getAlgorithmName = () => {\r\n return \"http://www.w3.org/2000/09/xmldsig#hmac-sha1\";\r\n };\r\n}\r\n"]}
|