yaronn/xml-crypto enveloped signature

## xml-crypto enveloped signature
//sign
var SignedXml = require('xml-crypto').SignedXml
  , fs = require('fs');

var xml = fs.readFileSync("./x.xml").toString();
var sig = new SignedXml();

sig.addReference("//*[local-name(.)='EntityDescriptor']", ["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"], "http://www.w3.org/2000/09/xmldsig#sha1", "", "", "", true)

sig.signingKey = fs.readFileSync("./client.pem");
sig.computeSignature(xml);
fs.writeFileSync("signed.xml", sig.getSignedXml());


//validate
var select = require('xml-crypto').xpath
  , dom = require('xmldom-fork-fixed').DOMParser
  , SignedXml = require('xml-crypto').SignedXml
  , FileKeyInfo = require('xml-crypto').FileKeyInfo
  , fs = require('fs');


function validateXml(xml, key){
   var doc = new dom({ignoreWhiteSpace: true}).parseFromString(xml);
   xml = doc.toString();
    //console.log(xml);
    //fs.writeFileSync("signed_bad.xml", xml);
    var signature = select(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0]
   //console.log(signature);
    var sig = new SignedXml();
    sig.keyInfoProvider = new FileKeyInfo(key);
    sig.loadSignature(signature.toString());
    var res = sig.checkSignature(xml);
    if (!res) console.log(sig.validationErrors);
    return res;
}

var signedXml = fs.readFileSync("./signed.xml").toString()
console.log("validating signature...")

if (validateXml(signedXml, "./client_public.pem"))
  console.log("signature is valid")
else
  console.log("signature not valid")


//xml
<?xml version="1.0"?><EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="http://111.111.11.111:8000" Id="_0"><SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><KeyDescriptor><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDrzCCApegAwIBAgIJAKvU9k8+fs5uMA0GCSqGSIb3DQEBCwUAMG4xCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UEBwwEUm9tZTENMAsGA1UECgwETWFuYTEQMA4GA1UEAwwHd2hpcnA3ODEfMB0GCSqGSIb3DQEJARYQd2hpcnBAdGlzY2FsaS5pdDAeFw0xNTAzMDIxNTA1NDVaFw0xNjAzMDExNTA1NDVaMG4xCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UEBwwEUm9tZTENMAsGA1UECgwETWFuYTEQMA4GA1UEAwwHd2hpcnA3ODEfMB0GCSqGSIb3DQEJARYQd2hpcnBAdGlzY2FsaS5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmrPSdtgQ72Xdac/8rg1QyRESSMuDrs9Fuy+7cOJ13aYuiEnqSA1mMFJ29ELrA7BeNg7seLaUBtB0FJqlZnLoy+sqLwOVCgqO24wxJbnUsaWqAQu9Ao0mFgz784dcs0x6MiQ9E8EjDIICrxA8wEe+aqkRGc5GH8TG5A0arEeno9LuPYQKhU33t5o7eU4E7lEw658dau5hlk5Uye7o16mbMd7hak8Z+AazcO1oFDiXaDjexOP2L6TvbCKMBgUa5ZevKpy2Sr0QgARc5MU/5TznjnUCEXNuoVMwzHqeIa8VO8OWGSkVlj/eY73pj1C98lD/pH1osdkIDDfZaZRn7469kCAwEAAaNQME4wHQYDVR0OBBYEFIOo56J1khErXQKTsrt6PBwz1g1DMB8GA1UdIwQYMBaAFIOo56J1khErXQKTsrt6PBwz1g1DMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC/ZkZXCqmbmtFki/4lJV6pa0TNeiCdSgis+pnleDhuLWbJNbvXjebXuXmipS7erhSHwyIZ4JBei6kUGw/o6Wkn3W+snQNm+5e0arFjQgg1BTdvef2m61FXqenApH7S5dN3ssNcuDoF0kCmkVZLMYJhcWHSaaF9qgcyYQH0sDO4+pH7ndT95R5XEfX1HepwfSYqc5oK+ISpwGQdIxchm3KKhr1BMW4i9OlIGCd75tQr2VVZnlSkKfS6zuFAHpn7ffJrS15OnucImnebJSXnTVeKzVI1/mkO0HJYkOQUMSMqzbZNYpXJxYM9DBwl5UETFbzeV7ua57K+XfVvpiqWiTGw=</ds:X509Certificate></ds:X509Data></ds:KeyInfo><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/></KeyDescriptor><NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat><AssertionConsumerService index="1" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://111.111.11.111:8000/saml/callback"/></SPSSODescriptor></EntityDescriptor>
	//sign
	var SignedXml = require('xml-crypto').SignedXml
	, fs = require('fs');

	var xml = fs.readFileSync("./x.xml").toString();
	var sig = new SignedXml();

	sig.addReference("//*[local-name(.)='EntityDescriptor']", ["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"], "http://www.w3.org/2000/09/xmldsig#sha1", "", "", "", true)

	sig.signingKey = fs.readFileSync("./client.pem");
	sig.computeSignature(xml);
	fs.writeFileSync("signed.xml", sig.getSignedXml());


	//validate
	var select = require('xml-crypto').xpath
	, dom = require('xmldom-fork-fixed').DOMParser
	, SignedXml = require('xml-crypto').SignedXml
	, FileKeyInfo = require('xml-crypto').FileKeyInfo
	, fs = require('fs');


	function validateXml(xml, key){
	var doc = new dom({ignoreWhiteSpace: true}).parseFromString(xml);
	xml = doc.toString();
	//console.log(xml);
	//fs.writeFileSync("signed_bad.xml", xml);
	var signature = select(doc, "//[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0]
	//console.log(signature);
	var sig = new SignedXml();
	sig.keyInfoProvider = new FileKeyInfo(key);
	sig.loadSignature(signature.toString());
	var res = sig.checkSignature(xml);
	if (!res) console.log(sig.validationErrors);
	return res;
	}

	var signedXml = fs.readFileSync("./signed.xml").toString()
	console.log("validating signature...")

	if (validateXml(signedXml, "./client_public.pem"))
	console.log("signature is valid")
	else
	console.log("signature not valid")


	//xml
	<?xml version="1.0"?><EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="http://111.111.11.111:8000" Id="_0"><SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><KeyDescriptor><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDrzCCApegAwIBAgIJAKvU9k8+fs5uMA0GCSqGSIb3DQEBCwUAMG4xCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UEBwwEUm9tZTENMAsGA1UECgwETWFuYTEQMA4GA1UEAwwHd2hpcnA3ODEfMB0GCSqGSIb3DQEJARYQd2hpcnBAdGlzY2FsaS5pdDAeFw0xNTAzMDIxNTA1NDVaFw0xNjAzMDExNTA1NDVaMG4xCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UEBwwEUm9tZTENMAsGA1UECgwETWFuYTEQMA4GA1UEAwwHd2hpcnA3ODEfMB0GCSqGSIb3DQEJARYQd2hpcnBAdGlzY2FsaS5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmrPSdtgQ72Xdac/8rg1QyRESSMuDrs9Fuy+7cOJ13aYuiEnqSA1mMFJ29ELrA7BeNg7seLaUBtB0FJqlZnLoy+sqLwOVCgqO24wxJbnUsaWqAQu9Ao0mFgz784dcs0x6MiQ9E8EjDIICrxA8wEe+aqkRGc5GH8TG5A0arEeno9LuPYQKhU33t5o7eU4E7lEw658dau5hlk5Uye7o16mbMd7hak8Z+AazcO1oFDiXaDjexOP2L6TvbCKMBgUa5ZevKpy2Sr0QgARc5MU/5TznjnUCEXNuoVMwzHqeIa8VO8OWGSkVlj/eY73pj1C98lD/pH1osdkIDDfZaZRn7469kCAwEAAaNQME4wHQYDVR0OBBYEFIOo56J1khErXQKTsrt6PBwz1g1DMB8GA1UdIwQYMBaAFIOo56J1khErXQKTsrt6PBwz1g1DMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC/ZkZXCqmbmtFki/4lJV6pa0TNeiCdSgis+pnleDhuLWbJNbvXjebXuXmipS7erhSHwyIZ4JBei6kUGw/o6Wkn3W+snQNm+5e0arFjQgg1BTdvef2m61FXqenApH7S5dN3ssNcuDoF0kCmkVZLMYJhcWHSaaF9qgcyYQH0sDO4+pH7ndT95R5XEfX1HepwfSYqc5oK+ISpwGQdIxchm3KKhr1BMW4i9OlIGCd75tQr2VVZnlSkKfS6zuFAHpn7ffJrS15OnucImnebJSXnTVeKzVI1/mkO0HJYkOQUMSMqzbZNYpXJxYM9DBwl5UETFbzeV7ua57K+XfVvpiqWiTGw=</ds:X509Certificate></ds:X509Data></ds:KeyInfo><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/></KeyDescriptor><NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat><AssertionConsumerService index="1" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://111.111.11.111:8000/saml/callback"/></SPSSODescriptor></EntityDescriptor>