From 3b7df1ddceffc2d9341b33fb5efb99782dbe806e Mon Sep 17 00:00:00 2001
From: Somdeep Jana <42708746+somdeepjana@users.noreply.github.com>
Date: Sat, 14 Sep 2024 14:23:01 +0530
Subject: [PATCH 1/2] WSSecurity KeyInfo tag wrapped around
SecurityTokenReference
---
src/security/WSSecurityCert.ts | 9 +++++++--
test/security/WSSecurityCert.js | 2 ++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/security/WSSecurityCert.ts b/src/security/WSSecurityCert.ts
index 98e02a2d..16235981 100644
--- a/src/security/WSSecurityCert.ts
+++ b/src/security/WSSecurityCert.ts
@@ -58,6 +58,7 @@ export class WSSecurityCert implements ISecurity {
private publicP12PEM: string;
private signer: any;
private signerOptions: IXmlSignerOptions = {};
+ private keyInfoId: string;
private x509Id: string;
private hasTimeStamp: boolean;
private signatureTransformations: string[];
@@ -111,15 +112,19 @@ export class WSSecurityCert implements ISecurity {
key: privatePEM,
passphrase: password,
};
+ this.keyInfoId = `KI-${generateId()}`;
this.x509Id = `x509-${generateId()}`;
this.hasTimeStamp = typeof options.hasTimeStamp === 'undefined' ? true : !!options.hasTimeStamp;
this.signatureTransformations = Array.isArray(options.signatureTransformations) ? options.signatureTransformations
: ['http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#'];
this.signer.getKeyInfo = (key) => {
- return `` +
+ const prefix = !key || key === '' ? '' : `${key}:`;
+ return `<${prefix}KeyInfo Id="${this.keyInfoId}">` +
+ `` +
`` +
- ``;
+ `` +
+ ``;
};
}
diff --git a/test/security/WSSecurityCert.js b/test/security/WSSecurityCert.js
index 165e9f87..69faff66 100644
--- a/test/security/WSSecurityCert.js
+++ b/test/security/WSSecurityCert.js
@@ -54,6 +54,7 @@ describe('WSSecurityCert', function () {
xml.should.containEql('');
xml.should.containEql('');
xml.should.containEql(instance.publicP12PEM);
xml.should.containEql(instance.signer.getSignatureXml());
@@ -186,6 +187,7 @@ describe('WSSecurityCert', function () {
xml.should.containEql('');
xml.should.containEql('');
+ xml.should.containEql('');
});
it('should add attributes to the security tag', function () {
From 5e4a70eaac2126309ac46bb9a24175046a36f70f Mon Sep 17 00:00:00 2001
From: Somdeep Jana <42708746+somdeepjana@users.noreply.github.com>
Date: Tue, 17 Sep 2024 15:59:53 +0530
Subject: [PATCH 2/2] WSSecurityCert used getKeyInfoContent from xml-crypto
instead
---
src/security/WSSecurityCert.ts | 11 +++--------
test/security/WSSecurityCert.js | 4 +++-
2 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/security/WSSecurityCert.ts b/src/security/WSSecurityCert.ts
index 16235981..bf6673ad 100644
--- a/src/security/WSSecurityCert.ts
+++ b/src/security/WSSecurityCert.ts
@@ -58,7 +58,6 @@ export class WSSecurityCert implements ISecurity {
private publicP12PEM: string;
private signer: any;
private signerOptions: IXmlSignerOptions = {};
- private keyInfoId: string;
private x509Id: string;
private hasTimeStamp: boolean;
private signatureTransformations: string[];
@@ -112,19 +111,15 @@ export class WSSecurityCert implements ISecurity {
key: privatePEM,
passphrase: password,
};
- this.keyInfoId = `KI-${generateId()}`;
this.x509Id = `x509-${generateId()}`;
this.hasTimeStamp = typeof options.hasTimeStamp === 'undefined' ? true : !!options.hasTimeStamp;
this.signatureTransformations = Array.isArray(options.signatureTransformations) ? options.signatureTransformations
: ['http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#'];
- this.signer.getKeyInfo = (key) => {
- const prefix = !key || key === '' ? '' : `${key}:`;
- return `<${prefix}KeyInfo Id="${this.keyInfoId}">` +
- `` +
+ this.signer.getKeyInfoContent = (key) => {
+ return `` +
`` +
- `` +
- ``;
+ ``;
};
}
diff --git a/test/security/WSSecurityCert.js b/test/security/WSSecurityCert.js
index 69faff66..8ffb92e0 100644
--- a/test/security/WSSecurityCert.js
+++ b/test/security/WSSecurityCert.js
@@ -54,7 +54,8 @@ describe('WSSecurityCert', function () {
xml.should.containEql('');
xml.should.containEql('');
+ xml.should.containEql('');
xml.should.containEql('ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>');
xml.should.containEql(instance.publicP12PEM);
xml.should.containEql(instance.signer.getSignatureXml());
@@ -187,6 +188,7 @@ describe('WSSecurityCert', function () {
xml.should.containEql('');
xml.should.containEql('');
+ xml.should.containEql('');
xml.should.containEql('');
});