support RetrievalMethod

siacomuzzi · siacomuzzi · commit 8278c8ed31ed · 2016-04-29T18:58:38.000-03:00
diff --git a/lib/xmlenc.js b/lib/xmlenc.js
@@ -126,15 +126,15 @@ function decrypt(xml, options, callback) {
   var decrypted;
 
   try {
-    var doc = new xmldom.DOMParser().parseFromString(xml);
+    var doc = typeof xml === 'string' ? new xmldom.DOMParser().parseFromString(xml) : xml;
 
     var symmetricKey = decryptKeyInfo(doc, options);
-    var encryptionMethod = xpath.select("/*[local-name(.)='EncryptedData']/*[local-name(.)='EncryptionMethod']", doc)[0];
+    var encryptionMethod = xpath.select("//*[local-name(.)='EncryptedData']/*[local-name(.)='EncryptionMethod']", doc)[0];
     var encryptionAlgorithm = encryptionMethod.getAttribute('Algorithm');
 
     var decipher;
     var padding;
-    var encryptedContent = xpath.select("/*[local-name(.)='EncryptedData']/*[local-name(.)='CipherData']/*[local-name(.)='CipherValue']", doc)[0];
+    var encryptedContent = xpath.select("//*[local-name(.)='EncryptedData']/*[local-name(.)='CipherData']/*[local-name(.)='CipherValue']", doc)[0];
     
     var encrypted = new Buffer(encryptedContent.textContent, 'base64');
     
@@ -190,10 +190,24 @@ function decrypt(xml, options, callback) {
 function decryptKeyInfo(doc, options) {
   if (typeof doc === 'string') doc = new xmldom.DOMParser().parseFromString(doc);
 
+  var keyRetrievalMethodUri;
   var keyInfo = xpath.select("//*[local-name(.)='KeyInfo' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']", doc)[0];
   var keyEncryptionMethod = xpath.select("//*[local-name(.)='KeyInfo']/*[local-name(.)='EncryptedKey']/*[local-name(.)='EncryptionMethod']", doc)[0];
+  
+  if (!keyEncryptionMethod) { // try with EncryptedData->KeyInfo->RetrievalMethod
+    var keyRetrievalMethod = xpath.select("//*[local-name(.)='EncryptedData']/*[local-name(.)='KeyInfo']/*[local-name(.)='RetrievalMethod']", doc)[0];
+    keyRetrievalMethodUri = keyRetrievalMethod ? keyRetrievalMethod.getAttribute('URI') : null;
+    keyEncryptionMethod = keyRetrievalMethodUri ? xpath.select("//*[local-name(.)='EncryptedKey' and @Id='" + keyRetrievalMethodUri.substring(1) + "']/*[local-name(.)='EncryptionMethod']", doc)[0] : null;
+  }
+
+  if (!keyEncryptionMethod) {
+    throw new Error('cant find encryption algorithm');
+  }
+
   var keyEncryptionAlgorighm = keyEncryptionMethod.getAttribute('Algorithm');
-  var encryptedKey = xpath.select("//*[local-name(.)='CipherValue']", keyInfo)[0];
+  var encryptedKey = keyRetrievalMethodUri ?
+    xpath.select("//*[local-name(.)='EncryptedKey' and @Id='" + keyRetrievalMethodUri.substring(1) + "']/*[local-name(.)='CipherData']/*[local-name(.)='CipherValue']", keyInfo)[0] :
+    xpath.select("//*[local-name(.)='CipherValue']", keyInfo)[0];
 
   switch (keyEncryptionAlgorighm) {
     case 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p':
