sso

node_modules/xml-encryption/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Auth0, Inc. <support@auth0.com> (http://auth0.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

node_modules/xml-encryption/README.md

@@ -0,0 +1,103 @@
+[![Build Status](https://travis-ci.org/auth0/node-xml-encryption.png)](https://travis-ci.org/auth0/node-xml-encryption)
+
+W3C XML Encryption implementation for node.js (http://www.w3.org/TR/xmlenc-core/)
+
+Supports node >= 8
+
+## Usage
+
+    npm install xml-encryption
+
+### encrypt
+
+~~~js
+var xmlenc = require('xml-encryption');
+
+var options = {
+  rsa_pub: fs.readFileSync(__dirname + '/your_rsa.pub'),
+  pem: fs.readFileSync(__dirname + '/your_public_cert.pem'),
+  encryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
+  keyEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
+  disallowEncryptionWithInsecureAlgorithm: true,
+  warnInsecureAlgorithm: true
+};
+
+xmlenc.encrypt('content to encrypt', options, function(err, result) {
+    console.log(result);
+}
+~~~
+
+Result:
+~~~xml
+<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+  <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes-256-cbc" />
+    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+      <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
+        <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+          <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+        </e:EncryptionMethod>
+        <KeyInfo>
+          <X509Data><X509Certificate>MIIEDzCCAveg... base64 cert... q3uaLvlAUo=</X509Certificate></X509Data>
+        </KeyInfo>
+        <e:CipherData>
+          <e:CipherValue>sGH0hhzkjmLWYYY0gyQMampDM... encrypted symmetric key ...gewHMbtZafk1MHh9A==</e:CipherValue>
+        </e:CipherData>
+      </e:EncryptedKey>
+    </KeyInfo>
+    <xenc:CipherData>
+        <xenc:CipherValue>V3Vb1vDl055Lp92zvK..... encrypted content.... kNzP6xTu7/L9EMAeU</xenc:CipherValue>
+    </xenc:CipherData>
+</xenc:EncryptedData>
+~~~
+
+### decrypt
+
+~~~js
+var options = {
+    key: fs.readFileSync(__dirname + '/your_private_key.key'),
+    disallowDecryptionWithInsecureAlgorithm: true,
+    warnInsecureAlgorithm: true
+};
+
+xmlenc.decrypt('<xenc:EncryptedData ..... </xenc:EncryptedData>', options, function(err, result) {
+    console.log(result);
+}
+
+// result
+
+decrypted content
+~~~
+
+## Supported algorithms
+
+Currently the library supports:
+
+* EncryptedKey to transport symmetric key using:
+  * http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
+  * http://www.w3.org/2001/04/xmlenc#rsa-1_5 (Insecure Algorithm)
+
+* EncryptedData using:
+  * http://www.w3.org/2001/04/xmlenc#aes128-cbc
+  * http://www.w3.org/2001/04/xmlenc#aes256-cbc
+  * http://www.w3.org/2009/xmlenc11#aes128-gcm
+  * http://www.w3.org/2009/xmlenc11#aes256-gcm
+  * http://www.w3.org/2001/04/xmlenc#tripledes-cbc (Insecure Algorithm)
+
+Insecure Algorithms can be disabled via `disallowEncryptionWithInsecureAlgorithm`/`disallowDecryptionWithInsecureAlgorithm` flags when encrypting/decrypting. This flag is off by default in 0.x versions.
+
+A warning will be piped to `stderr` using console.warn() by default when the aforementioned algorithms are used. This can be disabled via the `warnInsecureAlgorithm` flag.
+
+## Issue Reporting
+
+If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
+
+## Author
+
+[Auth0](auth0.com)
+
+## License
+
+This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.
+
+## Releases
+Release notes may be found under github release page: https://github.com/auth0/node-xml-encryption/releases

node_modules/xml-encryption/lib/index.js

@@ -0,0 +1 @@
+exports = module.exports = require('./xmlenc');

node_modules/xml-encryption/lib/templates/encrypted-key.tpl.xml.js

@@ -0,0 +1,12 @@
+var escapehtml = require('escape-html');
+
+module.exports = ({ contentEncryptionMethod, keyInfo, encryptedContent }) => `
+<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+  <xenc:EncryptionMethod Algorithm="${escapehtml(contentEncryptionMethod)}" />
+  ${keyInfo}
+  <xenc:CipherData>
+    <xenc:CipherValue>${escapehtml(encryptedContent)}</xenc:CipherValue>
+  </xenc:CipherData>
+</xenc:EncryptedData>
+`;
+

node_modules/xml-encryption/lib/templates/keyinfo.tpl.xml.js

@@ -0,0 +1,18 @@
+var escapehtml = require('escape-html');
+
+module.exports = ({ encryptionPublicCert, encryptedKey, keyEncryptionMethod }) => `
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+  <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
+    <e:EncryptionMethod Algorithm="${escapehtml(keyEncryptionMethod)}">
+      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+    </e:EncryptionMethod>
+    <KeyInfo>
+      ${encryptionPublicCert}
+    </KeyInfo>
+    <e:CipherData>
+      <e:CipherValue>${escapehtml(encryptedKey)}</e:CipherValue>
+    </e:CipherData>
+  </e:EncryptedKey>
+</KeyInfo>
+`;
+

node_modules/xml-encryption/lib/utils.js

@@ -0,0 +1,32 @@
+var path = require('path'),
+    fs = require('fs');
+
+var templates = {
+  'encrypted-key': require('./templates/encrypted-key.tpl.xml'),
+  'keyinfo': require('./templates/keyinfo.tpl.xml'),
+};
+
+function renderTemplate(file, data) {
+  return templates[file](data);
+}
+
+function pemToCert(pem) {
+  var cert = /-----BEGIN CERTIFICATE-----([^-]*)-----END CERTIFICATE-----/g.exec(pem);
+  if (cert.length > 0) {
+    return cert[1].replace(/[\n|\r\n]/g, '');
+  }
+
+  return null;
+};
+
+function warnInsecureAlgorithm(algorithm, enabled = true) {
+  if (enabled) {
+    console.warn(algorithm + " is no longer recommended due to security reasons. Please deprecate its use as soon as possible.")
+  }
+}
+
+module.exports = {
+  renderTemplate: renderTemplate,
+  pemToCert: pemToCert,
+  warnInsecureAlgorithm: warnInsecureAlgorithm
+};

node_modules/xml-encryption/lib/xmlenc.js

@@ -0,0 +1,302 @@
+var crypto  = require('crypto');
+var xmldom  = require('@xmldom/xmldom');
+var xpath   = require('xpath');
+var utils   = require('./utils');
+var pki     = require('node-forge').pki;
+
+const insecureAlgorithms = [
+  //https://www.w3.org/TR/xmlenc-core1/#rsav15note
+  'http://www.w3.org/2001/04/xmlenc#rsa-1_5',
+  //https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA
+  'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'];
+function encryptKeyInfoWithScheme(symmetricKey, options, scheme, callback) {
+  try {
+    var rsa_pub = pki.publicKeyFromPem(options.rsa_pub);
+    var encrypted = rsa_pub.encrypt(symmetricKey.toString('binary'), scheme);
+    var base64EncodedEncryptedKey = Buffer.from(encrypted, 'binary').toString('base64');
+
+    var params = {
+      encryptedKey:  base64EncodedEncryptedKey,
+      encryptionPublicCert: '<X509Data><X509Certificate>' + utils.pemToCert(options.pem.toString()) + '</X509Certificate></X509Data>',
+      keyEncryptionMethod: options.keyEncryptionAlgorithm
+    };
+
+    var result = utils.renderTemplate('keyinfo', params);
+    callback(null, result);
+  } catch (e) {
+    callback(e);
+  }
+}
+
+function encryptKeyInfo(symmetricKey, options, callback) {
+  if (!options)
+    return callback(new Error('must provide options'));
+  if (!options.rsa_pub)
+    return callback(new Error('must provide options.rsa_pub with public key RSA'));
+  if (!options.pem)
+    return callback(new Error('must provide options.pem with certificate'));
+
+  if (!options.keyEncryptionAlgorithm)
+    return callback(new Error('encryption without encrypted key is not supported yet'));
+  if (options.disallowEncryptionWithInsecureAlgorithm
+    && insecureAlgorithms.indexOf(options.keyEncryptionAlgorithm) >= 0) {
+    return callback(new Error('encryption algorithm ' + options.keyEncryptionAlgorithm + 'is not secure'));
+  }
+  switch (options.keyEncryptionAlgorithm) {
+    case 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p':
+      return encryptKeyInfoWithScheme(symmetricKey, options, 'RSA-OAEP', callback);
+
+    case 'http://www.w3.org/2001/04/xmlenc#rsa-1_5':
+      utils.warnInsecureAlgorithm(options.keyEncryptionAlgorithm, options.warnInsecureAlgorithm);
+      return encryptKeyInfoWithScheme(symmetricKey, options, 'RSAES-PKCS1-V1_5', callback);
+
+    default:
+      return callback(new Error('encryption key algorithm not supported'));
+  }
+}
+
+function encrypt(content, options, callback) {
+  if (!options)
+    return callback(new Error('must provide options'));
+  if (!content)
+    return callback(new Error('must provide content to encrypt'));
+  if (!options.rsa_pub)
+    return callback(new Error('rsa_pub option is mandatory and you should provide a valid RSA public key'));
+  if (!options.pem)
+    return callback(new Error('pem option is mandatory and you should provide a valid x509 certificate encoded as PEM'));
+  if (options.disallowEncryptionWithInsecureAlgorithm
+    && (insecureAlgorithms.indexOf(options.keyEncryptionAlgorithm) >= 0
+      || insecureAlgorithms.indexOf(options.encryptionAlgorithm) >= 0)) {
+    return callback(new Error('encryption algorithm ' + options.keyEncryptionAlgorithm + ' is not secure'));
+  }
+  options.input_encoding = options.input_encoding || 'utf8';
+
+  function generate_symmetric_key(cb) {
+    switch (options.encryptionAlgorithm) {
+      case 'http://www.w3.org/2001/04/xmlenc#aes128-cbc':
+        crypto.randomBytes(16, cb); // generate a symmetric random key 16 bytes length
+        break;
+      case 'http://www.w3.org/2001/04/xmlenc#aes256-cbc':
+        crypto.randomBytes(32, cb); // generate a symmetric random key 32 bytes length
+        break;
+      case 'http://www.w3.org/2009/xmlenc11#aes128-gcm':
+        crypto.randomBytes(16, cb); // generate a symmetric random key 16 bytes length
+        break;
+      case 'http://www.w3.org/2009/xmlenc11#aes256-gcm':
+        crypto.randomBytes(32, cb); // generate a symmetric random key 32 bytes length
+        break;
+      case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc':
+        utils.warnInsecureAlgorithm(options.encryptionAlgorithm, options.warnInsecureAlgorithm);
+        crypto.randomBytes(24, cb); // generate a symmetric random key 24 bytes (192 bits) length
+        break;
+      default:
+        crypto.randomBytes(32, cb); // generate a symmetric random key 32 bytes length
+    }
+  }
+
+  function encrypt_content(symmetricKey, cb) {
+    switch (options.encryptionAlgorithm) {
+      case 'http://www.w3.org/2001/04/xmlenc#aes128-cbc':
+        encryptWithAlgorithm('aes-128-cbc', symmetricKey, 16, content, options.input_encoding, function (err, encryptedContent) {
+          if (err) return cb(err);
+          cb(null, encryptedContent);
+        });
+        break;
+      case 'http://www.w3.org/2001/04/xmlenc#aes256-cbc':
+        encryptWithAlgorithm('aes-256-cbc', symmetricKey, 16, content, options.input_encoding, function (err, encryptedContent) {
+          if (err) return cb(err);
+          cb(null, encryptedContent);
+        });
+        break;
+      case 'http://www.w3.org/2009/xmlenc11#aes128-gcm':
+        encryptWithAlgorithm('aes-128-gcm', symmetricKey, 12, content, options.input_encoding, function (err, encryptedContent) {
+          if (err) return cb(err);
+          cb(null, encryptedContent);
+        });
+        break;
+      case 'http://www.w3.org/2009/xmlenc11#aes256-gcm':
+        encryptWithAlgorithm('aes-256-gcm', symmetricKey, 12, content, options.input_encoding, function (err, encryptedContent) {
+          if (err) return cb(err);
+          cb(null, encryptedContent);
+        });
+        break;
+      case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc':
+        utils.warnInsecureAlgorithm(options.encryptionAlgorithm, options.warnInsecureAlgorithm);
+        encryptWithAlgorithm('des-ede3-cbc', symmetricKey, 8, content, options.input_encoding, function (err, encryptedContent) {
+          if (err) return cb(err);
+          cb(null, encryptedContent);
+        });
+        break;
+      default:
+        cb(new Error('encryption algorithm not supported'));
+    }
+  }
+
+  function encrypt_key(symmetricKey, encryptedContent, cb) {
+    encryptKeyInfo(symmetricKey, options, function(err, keyInfo) {
+      if (err) return cb(err);
+      var result = utils.renderTemplate('encrypted-key', {
+        encryptedContent: encryptedContent.toString('base64'),
+        keyInfo: keyInfo,
+        contentEncryptionMethod: options.encryptionAlgorithm
+      });
+
+      cb(null, result);
+    });
+  }
+
+
+  generate_symmetric_key(function (genKeyError, symmetricKey) {
+    if (genKeyError) {
+      return callback(genKeyError);
+    }
+
+    encrypt_content(symmetricKey, function(encryptContentError, encryptedContent) {
+      if (encryptContentError) {
+        return callback(encryptContentError);
+      }
+
+      encrypt_key(symmetricKey, encryptedContent, function (encryptKeyError, result) {
+        if (encryptKeyError) {
+          return callback(encryptKeyError);
+        }
+
+        callback(null, result);
+      });
+
+    });
+
+  });
+}
+
+function decrypt(xml, options, callback) {
+  if (!options)
+    return callback(new Error('must provide options'));
+  if (!xml)
+    return callback(new Error('must provide XML to encrypt'));
+  if (!options.key)
+    return callback(new Error('key option is mandatory and you should provide a valid RSA private key'));
+  try {
+    var doc = typeof xml === 'string' ? new xmldom.DOMParser().parseFromString(xml) : xml;
+
+    var symmetricKey = decryptKeyInfo(doc, options);
+    var encryptionMethod = xpath.select("//*[local-name(.)='EncryptedData']/*[local-name(.)='EncryptionMethod']", doc)[0];
+    var encryptionAlgorithm = encryptionMethod.getAttribute('Algorithm');
+
+    if (options.disallowDecryptionWithInsecureAlgorithm
+      && insecureAlgorithms.indexOf(encryptionAlgorithm) >= 0) {
+      return callback(new Error('encryption algorithm ' + encryptionAlgorithm + ' is not secure, fail to decrypt'));
+    }
+    var encryptedContent = xpath.select("//*[local-name(.)='EncryptedData']/*[local-name(.)='CipherData']/*[local-name(.)='CipherValue']", doc)[0];
+
+    var encrypted = Buffer.from(encryptedContent.textContent, 'base64');
+    switch (encryptionAlgorithm) {
+      case 'http://www.w3.org/2001/04/xmlenc#aes128-cbc':
+        return callback(null, decryptWithAlgorithm('aes-128-cbc', symmetricKey, 16, encrypted));
+      case 'http://www.w3.org/2001/04/xmlenc#aes256-cbc':
+        return callback(null, decryptWithAlgorithm('aes-256-cbc', symmetricKey, 16, encrypted));
+      case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc':
+        utils.warnInsecureAlgorithm(encryptionAlgorithm, options.warnInsecureAlgorithm);
+        return callback(null, decryptWithAlgorithm('des-ede3-cbc', symmetricKey, 8, encrypted));
+      case 'http://www.w3.org/2009/xmlenc11#aes128-gcm':
+        return callback(null, decryptWithAlgorithm('aes-128-gcm', symmetricKey, 12, encrypted));
+      case 'http://www.w3.org/2009/xmlenc11#aes256-gcm':
+        return callback(null, decryptWithAlgorithm('aes-256-gcm', symmetricKey, 12, encrypted));
+      default:
+        return callback(new Error('encryption algorithm ' + encryptionAlgorithm + ' not supported'));
+    }
+  } catch (e) {
+    return callback(e);
+  }
+}
+
+function decryptKeyInfo(doc, options) {
+  if (typeof doc === 'string') doc = new xmldom.DOMParser().parseFromString(doc);
+
+  var keyRetrievalMethodUri;
+  var keyInfo = xpath.select("//*[local-name(.)='KeyInfo' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']", doc)[0];
+  var keyEncryptionMethod = xpath.select("//*[local-name(.)='KeyInfo']/*[local-name(.)='EncryptedKey']/*[local-name(.)='EncryptionMethod']", doc)[0];
+
+  if (!keyEncryptionMethod) { // try with EncryptedData->KeyInfo->RetrievalMethod
+    var keyRetrievalMethod = xpath.select("//*[local-name(.)='EncryptedData']/*[local-name(.)='KeyInfo']/*[local-name(.)='RetrievalMethod']", doc)[0];
+    keyRetrievalMethodUri = keyRetrievalMethod ? keyRetrievalMethod.getAttribute('URI') : null;
+    keyEncryptionMethod = keyRetrievalMethodUri ? xpath.select("//*[local-name(.)='EncryptedKey' and @Id='" + keyRetrievalMethodUri.substring(1) + "']/*[local-name(.)='EncryptionMethod']", doc)[0] : null;
+  }
+
+  if (!keyEncryptionMethod) {
+    throw new Error('cant find encryption algorithm');
+  }
+
+  var keyEncryptionAlgorithm = keyEncryptionMethod.getAttribute('Algorithm');
+  if (options.disallowDecryptionWithInsecureAlgorithm
+    && insecureAlgorithms.indexOf(keyEncryptionAlgorithm) >= 0) {
+    throw new Error('encryption algorithm ' + keyEncryptionAlgorithm + ' is not secure, fail to decrypt');
+  }
+  var encryptedKey = keyRetrievalMethodUri ?
+    xpath.select("//*[local-name(.)='EncryptedKey' and @Id='" + keyRetrievalMethodUri.substring(1) + "']/*[local-name(.)='CipherData']/*[local-name(.)='CipherValue']", keyInfo)[0] :
+    xpath.select("//*[local-name(.)='CipherValue']", keyInfo)[0];
+
+  switch (keyEncryptionAlgorithm) {
+    case 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p':
+      return decryptKeyInfoWithScheme(encryptedKey, options, 'RSA-OAEP');
+    case 'http://www.w3.org/2001/04/xmlenc#rsa-1_5':
+      utils.warnInsecureAlgorithm(keyEncryptionAlgorithm, options.warnInsecureAlgorithm);
+      return decryptKeyInfoWithScheme(encryptedKey, options, 'RSAES-PKCS1-V1_5');
+    default:
+      throw new Error('key encryption algorithm ' + keyEncryptionAlgorithm + ' not supported');
+  }
+}
+
+function decryptKeyInfoWithScheme(encryptedKey, options, scheme) {
+  var key = Buffer.from(encryptedKey.textContent, 'base64').toString('binary');
+  var private_key = pki.privateKeyFromPem(options.key);
+  var decrypted = private_key.decrypt(key, scheme);
+  return Buffer.from(decrypted, 'binary');
+}
+
+function encryptWithAlgorithm(algorithm, symmetricKey, ivLength, content, encoding, callback) {
+  // create a random iv for algorithm
+  crypto.randomBytes(ivLength, function(err, iv) {
+    if (err) return callback(err);
+
+    var cipher = crypto.createCipheriv(algorithm, symmetricKey, iv);
+    // encrypted content
+    var encrypted = cipher.update(content, encoding, 'binary') + cipher.final('binary');
+    var authTag = algorithm.slice(-3) === "gcm" ? cipher.getAuthTag() : Buffer.from("");
+    //Format mentioned: https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
+    var r = Buffer.concat([iv, Buffer.from(encrypted, 'binary'), authTag]);
+    return callback(null, r);
+  });
+}
+
+function decryptWithAlgorithm(algorithm, symmetricKey, ivLength, content) {
+  var decipher = crypto.createDecipheriv(algorithm, symmetricKey, content.slice(0,ivLength));
+  decipher.setAutoPadding(false);
+
+  if (algorithm.slice(-3) === "gcm") {
+    decipher.setAuthTag(content.slice(-16));
+    content = content.slice(0,-16);
+  }
+  var decrypted = decipher.update(content.slice(ivLength), null, 'binary') + decipher.final('binary');
+
+if (algorithm.slice(-3) !== "gcm") {
+  // Remove padding bytes equal to the value of the last byte of the returned data.
+  // Padding for GCM not required per: https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
+  var padding = decrypted.charCodeAt(decrypted.length - 1);
+  if (1 <= padding && padding <= ivLength) {
+    decrypted = decrypted.substr(0, decrypted.length - padding);
+  } else {
+    callback(new Error('padding length invalid'));
+    return;
+  }
+}
+
+  return Buffer.from(decrypted, 'binary').toString('utf8');
+}
+
+exports = module.exports = {
+  decrypt: decrypt,
+  encrypt: encrypt,
+  encryptKeyInfo: encryptKeyInfo,
+  decryptKeyInfo: decryptKeyInfo
+};

node_modules/xml-encryption/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "xml-encryption",
+  "version": "1.3.0",
+  "devDependencies": {
+    "mocha": "^7.1.2",
+    "should": "^11.2.1",
+    "sinon": "^9.0.2"
+  },
+  "main": "./lib",
+  "repository": "https://github.com/auth0/node-xml-encryption",
+  "keywords": [
+    "xml",
+    "encryption",
+    "xmlenc"
+  ],
+  "author": "Matias Woloski (Auth0)",
+  "contributors": [
+    "Jose F. Romaniello <jfromaniello@gmail.com> (http://joseoncode.com)",
+    "Tommi Pisto <tommi@pistogroup.com> (http://pasm.pis.to)"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "@xmldom/xmldom": "^0.7.0",
+    "escape-html": "^1.0.3",
+    "node-forge": "^0.10.0",
+    "xpath": "0.0.32"
+  },
+  "files": [
+    "lib",
+    "package-lock.json"
+  ],
+  "scripts": {
+    "test": "mocha"
+  },
+  "engines": {
+    "node": ">=8"
+  }
+}