Skip to content

Instantly share code, notes, and snippets.

@hprobotic
Created June 12, 2023 14:23
Show Gist options
  • Save hprobotic/3bf477077ca0feda2824ed5e50d901cf to your computer and use it in GitHub Desktop.
Save hprobotic/3bf477077ca0feda2824ed5e50d901cf to your computer and use it in GitHub Desktop.
const fs = require('fs');
const xmlcrypto = require('xml-crypto');
const PAYLOAD = '<?xml version="1.0" encoding="UTF-8"?><oAuthToken xmlns="http://com.citi.citiconnect/services/types/oauthtoken/v1"><grantType>client_credentials</grantType><scope>/authenticationservices/v1</scope><sourceApplication>CCF</sourceApplication></oAuthToken>';
const SIGNATURE_PRIVATE_KEY_PATH = './citi/reap-encrypt-private.key';
const ENCRYPTION_PUB_CERT_PATH = './citi/reap-encrypt-public.pem';
const CITI_PUB_CERT_PATH = './citi/citigroupsoauat.dsig.citigroup.com.cer';
const signDocument = (payload, privSigKeyPath, elementToSign) => {
var sig = new xmlcrypto.SignedXml();
sig.canonicalizationAlgorithm = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
// sig.signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
sig.signatureAlgorithm = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
sig.addReference(
"//*[local-name(.)='" + elementToSign + "']",
['http://www.w3.org/2000/09/xmldsig#enveloped-signature'
,'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
],
['http://www.w3.org/2000/09/xmldsig#sha1']
);
sig.signingKey = fs.readFileSync(privSigKeyPath)
sig.computeSignature(payload, {prefix : 'ds'})
return sig.getSignedXml();
}
const encryptXml = async(payload, publicKey) => {
const xmlenc = require('xml-encryption');
var options = {
rsa_pub: publicKey, //fs.readFileSync(publicKeyPath),
pem: publicKey, //fs.readFileSync(publicKeyPath),
encryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc',
keyEncryptionAlgorithm : 'http://www.w3.org/2001/04/xmlenc#rsa-1_5',
disallowEncryptionWithInsecureAlgorithm: false,
warnInsecureAlgorithm: true
};
return new Promise((resolve, reject) => {
xmlenc.encrypt(payload, options, (err, result) => {
if (err) reject(err);
else resolve(result);
});
});
}
const main = async () => {
let signedDoc = signDocument(PAYLOAD, SIGNATURE_PRIVATE_KEY_PATH, 'oAuthToken');
let encryptedDoc = await encryptXml(signedDoc, fs.readFileSync(CITI_PUB_CERT_PATH));
console.log('################ encryptedDoc: ');
encryptedDoc = encryptedDoc.replace(/e:/g, 'xenc:')
encryptedDoc = encryptedDoc.replace(/KeyInfo/g, 'ds:KeyInfo')
encryptedDoc = encryptedDoc.replace(/ds\:KeyInfo xmlns/g, 'ds:KeyInfo xmlns:ds')
console.log(encryptedDoc);
}
main();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment