xml-crypto - npm Package Compare versions

Comparing version 0.7.0 to 0.8.0

lib/signed-xml.js

@@ -63,3 +63,17 @@ var select = require('xpath.js')
 
+function SHA512() {
 
+  this.getHash = function(xml) {
+    var shasum = crypto.createHash('sha512')
+    shasum.update(xml, 'utf8')
+    var res = shasum.digest('base64')
+    return res
+  }
+
+  this.getAlgorithmName = function() {
+    return "http://www.w3.org/2001/04/xmlenc#sha512"
+  }
+}
+
+
 /**
@@ -220,3 +234,4 @@ * Signature algorithm implementation
   'http://www.w3.org/2000/09/xmldsig#sha1': SHA1,
-  'http://www.w3.org/2001/04/xmlenc#sha256': SHA256
+  'http://www.w3.org/2001/04/xmlenc#sha256': SHA256,
+  'http://www.w3.org/2001/04/xmlenc#sha512': SHA512
 }
@@ -223,0 +238,0 @@

package.json

 {
   "name": "xml-crypto",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "description": "Xml digital signature and encryption library for Node.js",
@@ -5,0 +5,0 @@ "engines": {

README.md

@@ -25,2 +25,3 @@ ## xml-crypto
 * SHA256 digests http://www.w3.org/2001/04/xmlenc#sha256
+* SHA512 digests http://www.w3.org/2001/04/xmlenc#sha512
 
@@ -32,3 +33,3 @@ ### Signature Algorithms
 * RSA-SHA512 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
-* HMAC-SHA1 http://www.w3.org/2000/09/xmldsig#hmac-sha1 
+* HMAC-SHA1 http://www.w3.org/2000/09/xmldsig#hmac-sha1
 
@@ -100,3 +101,3 @@ by default the following algorithms are used:
 
-Note: 
+Note:
 
@@ -137,3 +138,3 @@ To generate a `<X509Data></X509Data>` element in the signature you must provide a key info implementation, see [customizing algorithms](#customizing-algorithms) for an example.
 
-Note: 
+Note:
 
@@ -163,4 +164,4 @@ The xml-crypto api requires you to supply it separately the xml signature ("&lt;Signature&gt;...&lt;/Signature&gt;", in loadSignature) and the signed xml (in checkSignature). The signed xml may or may not contain the signature in it, but you are still required to supply the signature separately.
     - `xpath` - a string containing a XPath expression referencing a xml element
-    - `transforms` - an array of [transform algorithms](#canonicalization-and-transformation-algorithms), the referenced element will be transformed for each value in the array 
-    - `digestAlgorithm` - one of the supported [hashing algorithms](#hashing algorithms)
+    - `transforms` - an array of [transform algorithms](#canonicalization-and-transformation-algorithms), the referenced element will be transformed for each value in the array
+    - `digestAlgorithm` - one of the supported [hashing algorithms](#hashing-algorithms)
 - `computeSignature(xml, [options])` - compute the signature of the given xml where:
@@ -204,3 +205,3 @@ - `xml` - a string containing a xml document
 
-Now define the extension point you want to implement. You can choose one ore more.
+Now define the extension point you want to implement. You can choose one or more.
 
@@ -241,3 +242,3 @@ A key info provider is used to extract and construct the key and the KeyInfo xml section.
 A custom signing algorithm. The default is RSA-SHA1
-`````javascript	
+`````javascript
 	function MySignatureAlgorithm() {
@@ -259,5 +260,5 @@
 
-`````javascript	
+`````javascript
 	function MyTransformation() {
-	  
+
 	  /*given a node (from the xmldom module) return its canonical representation (as string)*/
@@ -327,5 +328,5 @@ this.process = function(node) {
 
-	signXml(xml, 
-	  "//*[local-name(.)='book']", 
-	  "client.pem", 
+	signXml(xml,
+	  "//*[local-name(.)='book']",
+	  "client.pem",
 	  "result.xml")
@@ -332,0 +333,0 @@ `````

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Number of lines in readme file

369

increased by0.27%

Number of low supply chain risk alerts

2

decreased by-85.71%

Worsened metrics

Total package byte prevSize

50295

decreased by-85.13%

Number of package files

13

decreased by-82.67%

Lines of code

866

decreased by-63.67%

No dependency changes