diff --git a/lib/templates/keyinfo.tpl.xml b/lib/templates/keyinfo.tpl.xml
index 0e8f482..0893ac4 100644
--- a/lib/templates/keyinfo.tpl.xml
+++ b/lib/templates/keyinfo.tpl.xml
@@ -3,9 +3,7 @@
-
- <%- encryptionPublicCert %>
-
+ <%- encryptionPublicCert %>
<%= encryptedKey %>
diff --git a/lib/xmlenc.js b/lib/xmlenc.js
index 4eb04fb..b6e8070 100644
--- a/lib/xmlenc.js
+++ b/lib/xmlenc.js
@@ -13,7 +13,7 @@ function encryptKeyInfoWithScheme(symmetricKey, options, scheme, callback) {
var params = {
encryptedKey: base64EncodedEncryptedKey,
- encryptionPublicCert: '' + utils.pemToCert(options.pem.toString()) + '',
+ encryptionPublicCert: options.pem ? ('' + utils.pemToCert(options.pem.toString()) + '') : '',
keyEncryptionMethod: options.keyEncryptionAlgorighm
};
@@ -29,8 +29,6 @@ function encryptKeyInfo(symmetricKey, options, callback) {
return callback(new Error('must provide options'));
if (!options.rsa_pub)
return callback(new Error('must provide options.rsa_pub with public key RSA'));
- if (!options.pem)
- return callback(new Error('must provide options.pem with certificate'));
if (!options.keyEncryptionAlgorighm)
return callback(new Error('encryption without encrypted key is not supported yet'));
@@ -54,8 +52,6 @@ function encrypt(content, options, callback) {
return callback(new Error('must provide content to encrypt'));
if (!options.rsa_pub)
return callback(new Error('rsa_pub option is mandatory and you should provide a valid RSA public key'));
- if (!options.pem)
- return callback(new Error('pem option is mandatory and you should provide a valid x509 certificate encoded as PEM'));
options.input_encoding = options.input_encoding || 'utf8';
@@ -119,7 +115,7 @@ function decrypt(xml, options, callback) {
if (!options)
return callback(new Error('must provide options'));
if (!xml)
- return callback(new Error('must provide XML to encrypt'));
+ return callback(new Error('must provide XML to decrypt'));
if (!options.key)
return callback(new Error('key option is mandatory and you should provide a valid RSA private key'));
diff --git a/test/xmlenc.encryptedkey.js b/test/xmlenc.encryptedkey.js
index 7017826..30667b9 100644
--- a/test/xmlenc.encryptedkey.js
+++ b/test/xmlenc.encryptedkey.js
@@ -34,9 +34,17 @@ describe('encrypt', function() {
_shouldEncryptAndDecrypt('content to encrypt', algorithm.encryptionOptions, done);
});
+ it('should encrypt and decrypt xml when no x509 cert present', function (done) {
+ _shouldEncryptAndDecryptNoX509('content to encrypt', algorithm.encryptionOptions, done);
+ });
+
it('should encrypt and decrypt xml with utf8 chars', function (done) {
_shouldEncryptAndDecrypt('Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge', algorithm.encryptionOptions, done);
});
+
+ it('should encrypt and decrypt xml with utf8 chars when no x509 cert present', function (done) {
+ _shouldEncryptAndDecryptNoX509('Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge Gnügge', algorithm.encryptionOptions, done);
+ });
});
});
@@ -58,6 +66,24 @@ describe('encrypt', function() {
});
}
+ function _shouldEncryptAndDecryptNoX509(content, options, done) {
+ // cert created with:
+ // openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/CN=auth0.auth0.com/O=Auth0 LLC/C=US/ST=Washington/L=Redmond' -keyout auth0.key -out auth0.pem
+ // pub key extracted from (only the RSA public key between BEGIN PUBLIC KEY and END PUBLIC KEY)
+ // openssl x509 -in "test-auth0.pem" -pubkey
+
+ options.rsa_pub = fs.readFileSync(__dirname + '/test-auth0_rsa.pub'),
+ // options.pem = fs.readFileSync(__dirname + '/test-auth0.pem'),
+ options.key = fs.readFileSync(__dirname + '/test-auth0.key'),
+
+ xmlenc.encrypt(content, options, function(err, result) {
+ xmlenc.decrypt(result, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function (err, decrypted) {
+ assert.equal(decrypted, content);
+ done();
+ });
+ });
+ }
+
it('should encrypt and decrypt keyinfo', function (done) {
var options = {
rsa_pub: fs.readFileSync(__dirname + '/test-auth0_rsa.pub'),