add rsa-sha256 support for WSSecurityCert (#1052)

* add rsa-sha256 support for WSSecurityCert
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

src/security/WSSecurityCert.ts

@@ -34,6 +34,7 @@ const oasisBaseUri = 'http://docs.oasis-open.org/wss/2004/01';
 export interface IWSSecurityCertOptions {
   hasTimeStamp?: boolean;
   signatureTransformations?: string[];
+  signatureAlgorithm?: string;
 }
 
 export class WSSecurityCert implements ISecurity {
@@ -53,6 +54,14 @@ export class WSSecurityCert implements ISecurity {
       .replace(/(\r\n|\n|\r)/gm, '');
 
     this.signer = new SignedXml();
+    if (options.signatureAlgorithm === 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256') {
+      this.signer.signatureAlgorithm = options.signatureAlgorithm;
+      this.signer.addReference(
+        '//*[name(.)="soap:Body"]',
+        ['http://www.w3.org/2001/10/xml-exc-c14n#'],
+        'http://www.w3.org/2001/04/xmlenc#sha256',
+      );
+    }
     this.signer.signingKey = {
       key: privatePEM,
       passphrase: password,

test/security/WSSecurityCert.js

@@ -109,4 +109,10 @@ describe('WSSecurityCert', function() {
     xml.should.not.containEql('<Created>' + instance.created);
     xml.should.not.containEql('<Expires>' + instance.expires);
   });
+
+  it('should use rsa-sha256 signature method when the signatureAlgorithm option is set to WSSecurityCert', function() {
+    var instance = new WSSecurityCert(key, cert, '', { hasTimeStamp: false, signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' });
+    var xml = instance.postProcess('<soap:Header></soap:Header><soap:Body><Body></Body></soap:Body>', 'soap');
+    xml.should.containEql('SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"');
+  });
 });