hprobotic/citi-encrypt.js

## citi-encrypt.js
const fs = require('fs');
const xmlcrypto = require('xml-crypto');

const PAYLOAD = '<?xml version="1.0" encoding="UTF-8"?><oAuthToken xmlns="http://com.citi.citiconnect/services/types/oauthtoken/v1"><grantType>client_credentials</grantType><scope>/authenticationservices/v1</scope><sourceApplication>CCF</sourceApplication></oAuthToken>';
const SIGNATURE_PRIVATE_KEY_PATH = './citi/reap-encrypt-private.key';
const ENCRYPTION_PUB_CERT_PATH = './citi/reap-encrypt-public.pem';
const CITI_PUB_CERT_PATH = './citi/citigroupsoauat.dsig.citigroup.com.cer';


const signDocument = (payload, privSigKeyPath, elementToSign) => {
	var sig = new xmlcrypto.SignedXml();
    sig.canonicalizationAlgorithm = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
    // sig.signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
    sig.signatureAlgorithm = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
	sig.addReference(
        "//*[local-name(.)='" + elementToSign + "']",
        ['http://www.w3.org/2000/09/xmldsig#enveloped-signature'
            ,'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
        ],
        ['http://www.w3.org/2000/09/xmldsig#sha1']
        );
	sig.signingKey = fs.readFileSync(privSigKeyPath)
	sig.computeSignature(payload, {prefix : 'ds'})
    return sig.getSignedXml();
}


const encryptXml = async(payload, publicKey) => {
    const xmlenc = require('xml-encryption');
    var options = {
        rsa_pub: publicKey, //fs.readFileSync(publicKeyPath),
        pem: publicKey, //fs.readFileSync(publicKeyPath),
        encryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc',
        keyEncryptionAlgorithm : 'http://www.w3.org/2001/04/xmlenc#rsa-1_5',
        disallowEncryptionWithInsecureAlgorithm: false,
        warnInsecureAlgorithm: true
      };

      return new Promise((resolve, reject) => {
        xmlenc.encrypt(payload, options, (err, result) => {
            if (err) reject(err);
            else resolve(result);
        });
      });
}


const main = async () => {

    let signedDoc = signDocument(PAYLOAD, SIGNATURE_PRIVATE_KEY_PATH, 'oAuthToken');
    let encryptedDoc = await encryptXml(signedDoc, fs.readFileSync(CITI_PUB_CERT_PATH));


    console.log('################ encryptedDoc: ');
    encryptedDoc = encryptedDoc.replace(/e:/g, 'xenc:')
    encryptedDoc = encryptedDoc.replace(/KeyInfo/g, 'ds:KeyInfo')
    encryptedDoc = encryptedDoc.replace(/ds\:KeyInfo xmlns/g, 'ds:KeyInfo xmlns:ds')
    console.log(encryptedDoc);
}
main();
	const fs = require('fs');
	const xmlcrypto = require('xml-crypto');

	const PAYLOAD = '<?xml version="1.0" encoding="UTF-8"?><oAuthToken xmlns="http://com.citi.citiconnect/services/types/oauthtoken/v1"><grantType>client_credentials</grantType><scope>/authenticationservices/v1</scope><sourceApplication>CCF</sourceApplication></oAuthToken>';
	const SIGNATURE_PRIVATE_KEY_PATH = './citi/reap-encrypt-private.key';
	const ENCRYPTION_PUB_CERT_PATH = './citi/reap-encrypt-public.pem';
	const CITI_PUB_CERT_PATH = './citi/citigroupsoauat.dsig.citigroup.com.cer';


	const signDocument = (payload, privSigKeyPath, elementToSign) => {
	var sig = new xmlcrypto.SignedXml();
	sig.canonicalizationAlgorithm = 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
	// sig.signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
	sig.signatureAlgorithm = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
	sig.addReference(
	"//*[local-name(.)='" + elementToSign + "']",
	['http://www.w3.org/2000/09/xmldsig#enveloped-signature'
	,'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
	],
	['http://www.w3.org/2000/09/xmldsig#sha1']
	);
	sig.signingKey = fs.readFileSync(privSigKeyPath)
	sig.computeSignature(payload, {prefix : 'ds'})
	return sig.getSignedXml();
	}



	const encryptXml = async(payload, publicKey) => {
	const xmlenc = require('xml-encryption');
	var options = {
	rsa_pub: publicKey, //fs.readFileSync(publicKeyPath),
	pem: publicKey, //fs.readFileSync(publicKeyPath),
	encryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc',
	keyEncryptionAlgorithm : 'http://www.w3.org/2001/04/xmlenc#rsa-1_5',
	disallowEncryptionWithInsecureAlgorithm: false,
	warnInsecureAlgorithm: true
	};

	return new Promise((resolve, reject) => {
	xmlenc.encrypt(payload, options, (err, result) => {
	if (err) reject(err);
	else resolve(result);
	});
	});
	}


	const main = async () => {

	let signedDoc = signDocument(PAYLOAD, SIGNATURE_PRIVATE_KEY_PATH, 'oAuthToken');
	let encryptedDoc = await encryptXml(signedDoc, fs.readFileSync(CITI_PUB_CERT_PATH));


	console.log('################ encryptedDoc: ');
	encryptedDoc = encryptedDoc.replace(/e:/g, 'xenc:')
	encryptedDoc = encryptedDoc.replace(/KeyInfo/g, 'ds:KeyInfo')
	encryptedDoc = encryptedDoc.replace(/ds\:KeyInfo xmlns/g, 'ds:KeyInfo xmlns:ds')
	console.log(encryptedDoc);
	}
	main();