xmlenc.encryptedkey.js
3.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
var assert = require('assert');
var fs = require('fs');
var xmlenc = require('../lib');
var xpath = require('xpath');
describe('encrypt', function() {
var algorithms = [{
name: 'aes-256-cbc',
encryptionOptions: {
encryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
keyEncryptionAlgorighm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
}
}, {
name: 'aes-128-cbc',
encryptionOptions: {
encryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#aes128-cbc',
keyEncryptionAlgorighm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
}
}, {
name: 'des-ede3-cbc',
encryptionOptions: {
encryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc',
keyEncryptionAlgorighm: 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'
}
}];
algorithms.forEach(function (algorithm) {
describe(algorithm.name, function () {
it('should encrypt and decrypt xml', function (done) {
_shouldEncryptAndDecrypt('content to encrypt', algorithm.encryptionOptions, done);
});
it('should encrypt and decrypt xml with utf8 chars', function (done) {
_shouldEncryptAndDecrypt('Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge', algorithm.encryptionOptions, done);
});
});
});
function _shouldEncryptAndDecrypt(content, options, done) {
// cert created with:
// openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/CN=auth0.auth0.com/O=Auth0 LLC/C=US/ST=Washington/L=Redmond' -keyout auth0.key -out auth0.pem
// pub key extracted from (only the RSA public key between BEGIN PUBLIC KEY and END PUBLIC KEY)
// openssl x509 -in "test-auth0.pem" -pubkey
options.rsa_pub = fs.readFileSync(__dirname + '/test-auth0_rsa.pub'),
options.pem = fs.readFileSync(__dirname + '/test-auth0.pem'),
options.key = fs.readFileSync(__dirname + '/test-auth0.key'),
xmlenc.encrypt(content, options, function(err, result) {
xmlenc.decrypt(result, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function (err, decrypted) {
assert.equal(decrypted, content);
done();
});
});
}
it('should encrypt and decrypt keyinfo', function (done) {
var options = {
rsa_pub: fs.readFileSync(__dirname + '/test-auth0_rsa.pub'),
pem: fs.readFileSync(__dirname + '/test-auth0.pem'),
keyEncryptionAlgorighm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
};
var plaintext = 'The quick brown fox jumps over the lazy dog';
xmlenc.encryptKeyInfo(plaintext, options, function(err, encryptedKeyInfo) {
if (err) return done(err);
var decryptedKeyInfo = xmlenc.decryptKeyInfo(
encryptedKeyInfo,
{key: fs.readFileSync(__dirname + '/test-auth0.key')}
);
assert.equal(decryptedKeyInfo.toString(), plaintext);
done();
});
});
it('should decrypt xml with odd padding (aes256-cbc)', function (done) {
var encryptedContent = fs.readFileSync(__dirname + '/test-cbc256-padding.xml').toString()
xmlenc.decrypt(encryptedContent, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) {
assert.ifError(err);
assert.equal(decrypted, 'content');
done();
});
});
it('should catch error if padding length > 16', function (done) {
var encryptedContent = fs.readFileSync(__dirname + '/test-padding-length.xml').toString();
xmlenc.decrypt(encryptedContent, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) {
assert(err);
done();
});
});
});