canonix 0.1.1

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Andrew Ferk
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,19 @@
+= xmlcanonicalizer
+
+XML Canonicalizer for Ruby >= 1.92
+
+This is taken from XMLCanonicalizer/WSS4R and http://github.com/borisnadion/xml-canonicalizer
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 Andrew Ferk. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,55 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "canonix"
+    gem.summary = %Q{XML Canonicalizer for Ruby >= 1.92}
+    gem.description = %Q{This is based on andrewferk's rewrite for Ruby 1.9 compatibility, but applies 
+      relevance's fix to ensure proper canonicalisation. It is intended that this be the new official 
+      Ruby Canonicaliser as the other project seems to be abandoned.}
+    gem.email = "brendon@spike.net.nz"
+    gem.homepage = "http://github.com/brendon/canonix"
+    gem.authors = ["Brendon Muir"]
+    gem.add_development_dependency "thoughtbot-shoulda", ">= 0"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+task :test => :check_dependencies
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "canonix #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.1

data/canonix.gemspec

@@ -0,0 +1,55 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{canonix}
+  s.version = "0.1.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = [%q{Brendon Muir}]
+  s.date = %q{2011-06-16}
+  s.description = %q{This is based on andrewferk's rewrite for Ruby 1.9 compatibility, but applies 
+      relevance's fix to ensure proper canonicalisation. It is intended that this be the new official 
+      Ruby Canonicaliser as the other project seems to be abandoned.}
+  s.email = %q{brendon@spike.net.nz}
+  s.extra_rdoc_files = [
+    "LICENSE",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    "LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "canonix.gemspec",
+    "lib/xml/util/xmlcanonicalizer.rb",
+    "lib/xmlcanonicalizer.rb",
+    "test/complex.xml",
+    "test/expected.xml",
+    "test/helper.rb",
+    "test/saml_assertion.xml",
+    "test/saml_expected_canonical_form.xml",
+    "test/test_xmlcanonicalizer.rb",
+    "tests.watchr"
+  ]
+  s.homepage = %q{http://github.com/brendon/canonix}
+  s.require_paths = [%q{lib}]
+  s.rubygems_version = %q{1.8.5}
+  s.summary = %q{XML Canonicalizer for Ruby >= 1.92}
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+    else
+      s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+  end
+end
+

data/lib/xml/util/xmlcanonicalizer.rb

@@ -0,0 +1,426 @@
+#require "rexml/document"
+#require "base64"
+#require "log4r"
+
+#include REXML
+#include Log4r
+
+require "rexml/document"
+require "base64"
+
+module XML
+  include REXML
+
+  module Util
+      
+      class REXML::Instruction
+        def write(writer, indent=-1, transitive=false, ie_hack=false)
+          indent(writer, indent)
+          writer << START.sub(/\\/u, '')
+          writer << @target
+          writer << ' '
+          writer << @content if @content != nil
+          writer << STOP.sub(/\\/u, '')
+        end
+      end
+      
+      class REXML::Attribute
+        def <=>(a2)
+          if (self === a2)
+            return 0
+          elsif (self == nil)
+            return -1
+          elsif (a2 == nil)
+            return 1
+          elsif (self.prefix() == a2.prefix())
+            return self.name()<=>a2.name()
+          end
+          if (self.prefix() == nil)
+            return -1
+          elsif (a2.prefix() == nil)
+            return 1
+          end
+          ret = self.namespace()<=>a2.namespace()
+          if (ret == 0)
+            ret = self.prefix()<=>a2.prefix()
+          end
+          return ret
+        end
+      end
+      
+      class REXML::Element
+        def search_namespace(prefix)
+          if (self.namespace(prefix) == nil)
+            return (self.parent().search_namespace(prefix)) if (self.parent() != nil)
+          else
+            return self.namespace(prefix)
+          end
+        end
+      def rendered=(rendered)
+			@rendered = rendered
+		end
+		def rendered?()
+			return @rendered
+		end
+        def node_namespaces()
+          ns = Array.new()
+          ns.push(self.prefix())
+          self.attributes().each_attribute{|a|
+            if (a.prefix() != nil)
+              ns.push(a.prefix())
+            end
+            if (a.prefix() == "" && a.local_name() == "xmlns")
+              ns.push("xmlns")
+            end
+          }
+          ns
+        end
+      end
+      
+      class NamespaceNode
+        attr_reader :prefix, :uri	
+        def initialize(prefix, uri)
+          @prefix = prefix
+          @uri = uri
+        end
+      end
+      
+      class XmlCanonicalizer
+        attr_accessor :prefix_list, :logger
+        
+        BEFORE_DOC_ELEMENT = 0
+        INSIDE_DOC_ELEMENT = 1
+        AFTER_DOC_ELEMENT  = 2
+        
+        NODE_TYPE_ATTRIBUTE  = 3
+        NODE_TYPE_WHITESPACE = 4
+        NODE_TYPE_COMMENT    = 5
+        NODE_TYPE_PI         = 6
+        NODE_TYPE_TEXT       = 7
+        
+        
+        def initialize(with_comments, excl_c14n)
+          @with_comments = with_comments
+          @exclusive = excl_c14n
+          @res = ""
+          @state = BEFORE_DOC_ELEMENT
+          @xnl = Array.new()
+          @prevVisibleNamespacesStart = 0
+          @prevVisibleNamespacesEnd = 0
+          @visibleNamespaces = Array.new()
+			 @inclusive_namespaces = Array.new()
+          @prefix_list = nil
+        end
+        
+        def add_inclusive_namespaces(prefix_list, element, visible_namespaces)
+          namespaces = element.attributes()
+          namespaces.each_attribute{|ns|
+            if (ns.prefix=="xmlns")
+              if (prefix_list.include?(ns.local_name()))
+                visible_namespaces.push(NamespaceNode.new("xmlns:"+ns.local_name(), ns.value()))
+              end
+            end
+          }
+          parent = element.parent()
+          add_inclusive_namespaces(prefix_list, parent, visible_namespaces) if (parent)
+          visible_namespaces
+        end
+        
+        def canonicalize(document)
+          write_document_node(document)
+          @res
+        end
+        
+        def canonicalize_element(element, logging = true)
+          @inclusive_namespaces = add_inclusive_namespaces(@prefix_list, element, @inclusive_namespaces) if (@prefix_list)
+          @preserve_document = element.document()
+          tmp_parent = element.parent()
+          body_string = remove_whitespace(element.to_s().gsub("\n","").gsub("\t","").gsub("\r",""))
+          document = Document.new(body_string)
+          tmp_parent.delete_element(element)
+          element = tmp_parent.add_element(document.root())
+          @preserve_element = element
+          document = Document.new(element.to_s())
+          ns = element.namespace(element.prefix())
+          document.root().add_namespace(element.prefix(), ns)
+          write_document_node(document)
+          @res
+        end
+        
+        def write_document_node(document)
+          @state = BEFORE_DOC_ELEMENT
+          if (document.class().to_s() == "REXML::Element")
+            write_node(document)
+          else
+            document.each_child{|child|
+              write_node(child)
+            }
+          end
+          @res
+        end
+        
+        def write_node(node)
+          visible = is_node_visible(node)
+          if ((node.node_type() == :text) && white_text?(node.value()))
+            res = node.value()
+            res.gsub("\r\n","\n")
+            #res = res.delete(" ").delete("\t")
+            res.delete("\r")
+            @res = @res + res
+            #write_text_node(node,visible) if (@state == INSIDE_DOC_ELEMENT)
+            return
+          end
+          if (node.node_type() == :text)
+            write_text_node(node, visible)
+            return
+          end		
+          if (node.node_type() == :element)
+            write_element_node(node, visible) if (!node.rendered?())
+				node.rendered=(true)
+          end
+          if (node.node_type() == :processing_instruction)
+          end
+          if (node.node_type() == :comment)
+          end
+        end
+        
+        def write_element_node(node, visible)
+          savedPrevVisibleNamespacesStart = @prevVisibleNamespacesStart
+          savedPrevVisibleNamespacesEnd = @prevVisibleNamespacesEnd
+          savedVisibleNamespacesSize = @visibleNamespaces.size()
+          state = @state
+          state = INSIDE_DOC_ELEMENT if (visible && state == BEFORE_DOC_ELEMENT)
+          @res = @res + "<" + node.expanded_name() if (visible)
+          write_namespace_axis(node, visible)
+          write_attribute_axis(node)
+          @res = @res + ">" if (visible)
+          node.each_child{|child|
+			 	write_node(child)
+			 }
+          @res = @res + "</" +node.expanded_name() + ">" if (visible)
+          @state = AFTER_DOC_ELEMENT if (visible && state == BEFORE_DOC_ELEMENT)
+          @prevVisibleNamespacesStart = savedPrevVisibleNamespacesStart
+          @prevVisibleNamespacesEnd = savedPrevVisibleNamespacesEnd
+          @visibleNamespaces.slice!(savedVisibleNamespacesSize, @visibleNamespaces.size() - savedVisibleNamespacesSize) 		if (@visibleNamespaces.size() > savedVisibleNamespacesSize)
+        end
+        
+        def write_namespace_axis(node, visible)
+          doc = node.document()
+          has_empty_namespace = false
+          list = Array.new()
+          cur = node
+          #while ((cur != nil) && (cur != doc) && (cur.node_type() != :document)) 
+          namespaces = cur.node_namespaces()
+          namespaces.each{|prefix|
+            next if ((prefix == "xmlns") && (node.namespace(prefix) == "")) 
+            namespace = cur.namespace(prefix)
+            next if (is_namespace_node(namespace))
+            next if (node.namespace(prefix) != cur.namespace(prefix))
+            next if (prefix == "xml" && namespace == "http://www.w3.org/XML/1998/namespace")
+            next if (!is_node_visible(cur))
+            rendered = is_namespace_rendered(prefix, namespace)
+            @visibleNamespaces.push(NamespaceNode.new("xmlns:"+prefix,namespace)) if (visible)
+            if ((!rendered) && !list.include?(prefix))
+              list.push(prefix)
+            end
+            has_empty_namespace = true if (prefix == nil)
+          }
+          if (visible && !has_empty_namespace && !is_namespace_rendered(nil, nil)) 
+            @res = @res + ' xmlns=""'
+          end
+          #TODO: ns of inclusive_list
+#=begin
+          if ((@prefix_list) && (node.to_s() == node.parent().to_s()))
+            #list.push(node.prefix())
+            @inclusive_namespaces.each{|ns|
+              prefix = ns.prefix().split(":")[1]
+              list.push(prefix) if (!list.include?(prefix) && (!node.attributes.prefixes.include?(prefix))) 
+            }
+				@prefix_list = nil
+          end
+#=end
+          list.sort!()
+          list.each{|prefix|
+            next if (prefix == "")
+            ns = node.namespace(prefix)
+            ns = @preserve_element.namespace(prefix) if (ns == nil)
+            @res = @res + normalize_string(" " + prefix + '="' + ns + '"', NODE_TYPE_TEXT) if (prefix == "xmlns")
+            @res = @res + normalize_string(" xmlns:" + prefix + '="' + ns + '"', NODE_TYPE_TEXT) if (prefix != nil && prefix != "xmlns")
+          }
+          if (visible)
+            @prevVisibleNamespacesStart = @prevVisibleNamespacesEnd
+            @prevVisibleNamespacesEnd = @visibleNamespaces.size()	
+          end
+        end
+        
+        def write_attribute_axis(node)
+          list = Array.new()
+          node.attributes.keys.sort.each{|key|
+            attr = node.attributes.get_attribute(key)
+            list.push(attr) if (!is_namespace_node(attr.value()) && !is_namespace_decl(attr))
+          }
+          if (!@exclusive && node.parent() != nil && node.parent().parent() != nil)
+            cur = node.parent()
+            while (cur != nil)
+              #next if (cur.attributes() == nil)
+              cur.each_attribute{|attribute|
+                next if (attribute.prefix() != "xml")
+                next if (attribute.prefix().index("xmlns") == 0)
+                next if (node.namespace(attribute.prefix()) == attribute.value())
+                found = true
+                list.each{|n|
+                  if (n.prefix() == "xml" && n.value() == attritbute.value())
+                    found = true
+                    break
+                  end
+                }
+                next if (found)
+                list.push(attribute)
+              }
+            end
+          end
+          list.each{|attribute|
+            if (attribute != nil)
+              if (attribute.name() != "xmlns")
+                @res = @res + " " + normalize_string(attribute.to_string(), NODE_TYPE_ATTRIBUTE).gsub("'",'"')
+              end
+              #	else
+              #	@res = @res + " " + normalize_string(attribute.name()+'="'+attribute.to_s()+'"', NODE_TYPE_ATTRIBUTE).gsub("'",'"')
+              #end
+            end
+          }
+        end
+        
+        def is_namespace_node(namespace_uri)
+          return (namespace_uri == "http://www.w3.org/2000/xmlns/")
+        end
+        
+        def is_namespace_rendered(prefix, uri)
+          is_empty_ns = prefix == nil && uri == nil
+          if (is_empty_ns)
+            start = 0
+          else
+            start = @prevVisibleNamespacesStart
+          end
+          @visibleNamespaces.each{|ns|
+            if (ns.prefix() == "xmlns:"+prefix.to_s() && ns.uri() == uri)
+              return true
+            end
+          }
+          return is_empty_ns
+          #(@visibleNamespaces.size()-1).downto(start) {|i|
+          #   ns = @visibleNamespaces[i]
+          #	return true if (ns.prefix() == "xmlns:"+prefix.to_s() && ns.uri() == uri)
+          #	#p = ns.prefix() if (ns.prefix().index("xmlns") == 0) 
+          #	#return ns.uri() == uri if (p == prefix) 
+          #}
+          #return is_empty_ns
+        end
+        
+        def is_node_visible(node)
+          return true if (@xnl.size() == 0)
+          @xnl.each{|element|
+            return true if (element == node)
+          }
+          return false
+        end
+        
+        def normalize_string(input, type)
+          sb = ""
+          return input
+        end
+        #input.each_byte{|b|
+        #	if (b ==60 && (type == NODE_TYPE_ATTRIBUTE || is_text_node(type)))
+        #		sb = sb + "&lt;"
+        #	elsif (b == 62 && is_text_node(type))
+        #		sb = sb + "&gt;"
+        #	elsif (b == 38 && (is_text_node(type) || is_text_node(type))) #Ampersand
+        #		sb = sb + "&amp;"
+        #	elsif (b == 34 && is_text_node(type)) #Quote
+        #		sb = sb + "&quot;"
+        #	elsif (b == 9 && is_text_node(type)) #Tabulator
+        #		sb = sb + "&#x9;"
+        #	elsif (b == 11 && is_text_node(type)) #CR
+        #		sb = sb + "&#xA;"
+        #	elsif (b == 13 && (type == NODE_TYPE_ATTRIBUTE || (is_text_node(type) && type != NODE_TYPE_WHITESPACE) || type == NODE_TYPE_COMMENT || type == NODE_TYPE_PI))
+        #		sb = sb + "&#xD;"
+        #	elsif (b == 13)
+        #		next
+        #	else
+        #		sb = sb.concat(b)
+        #	end
+        #}
+        #sb
+        #end
+        
+        def write_text_node(node, visible)
+          if (visible)
+            @res = @res + normalize_string(node.value(), node.node_type())
+          end
+        end
+        
+        def white_text?(text)
+          return true if ((text.strip() == "") || (text.strip() == nil))
+          return false
+        end
+        
+        def is_namespace_decl(attribute)
+          #return true if (attribute.name() == "xmlns")
+          return true if (attribute.prefix().index("xmlns") == 0)
+          return false
+        end
+        
+        def is_text_node(type)
+          return true if (type == NODE_TYPE_TEXT || type == NODE_TYPE_CDATA || type == NODE_TYPE_WHITESPACE)
+          return false
+        end
+        
+        def remove_whitespace(string)
+          new_string = ""
+          in_white = false
+          string.each_byte{|b|
+            #if (in_white && b == 32)
+            #else
+            if !(in_white && b == 32)
+              new_string = new_string + b.chr()
+            end
+            if (b == 62) #>
+              in_white = true
+            end
+            if (b == 60) #<
+              in_white = false
+            end
+          }
+          new_string
+        end
+      end
+    end #Util
+end #XML
+
+
+if __FILE__ == $0
+  document = Document.new(File.new(ARGV[0]))
+  body = nil
+  c = WSS4R::Security::Util::XmlCanonicalizer.new(false, true)
+  
+  if (ARGV.size() == 3) 
+    body = ARGV[2]
+    if (body == "true")
+      element = XPath.match(document, "/soap:Envelope/soap:Body")[0]
+      element = XPath.first(document, "/soap:Envelope/soap:Header/wsse:Security/Signature/SignedInfo")
+      result = c.canonicalize_element(element)
+      puts("-----")
+      puts(result)
+      puts("-----")
+      puts(result.size())			
+      puts("-----")
+      puts(CryptHash.new().digest_b64(result))
+    end
+  else 
+    result = c.canonicalize(document)
+  end
+  
+  file = File.new(ARGV[1], "wb")
+  file.write(result)
+  file.close()
+end

data/lib/xmlcanonicalizer.rb

@@ -0,0 +1 @@
+require 'xml/util/xmlcanonicalizer'

data/test/complex.xml

@@ -0,0 +1,23 @@
+<samlp:ArtifactResponse IssueInstant='2010-09-10T00:00:50-05:00' Version='2.0' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol' ID='122401A9D1742640618954CDD50CEC459150836A' xmlns='urn:oasis:names:tc:SAML:2.0:assertion'><samlp:Status><samlp:StatusCode ID='A6B45394506685EAD93131AD335775015C49B52C' Value='urn:oasis:names:tc:SAML:2.0:status:Failure'/></samlp:Status><samlp:Assertion IssueInstant='2010-09-10T00:00:50-05:00' ID='11B542652811C7A1AC8B8265D92AB293CCA66B26'><Issuer>example.net</Issuer><Subject><NameID Format='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'/><SubjectConfirmation Method='urn:oasis:names:tc:SAML:2.0:cm:bearer'/></Subject><Conditions NotBefore='2010-09-10T00:00:50-05:00' NotOnOrAfter='2010-09-10T12:00:50-05:00'/><AuthnStatement AuthnInstant='2010-09-10T00:00:50-05:00'><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthnContextClassRef></AuthnContext></AuthnStatement><AttributeStatement><Attribute Name='urn:example:profiles'><AttributeValue FriendlyName='type' type='example:profile:attribute'>Person</AttributeValue><AttributeValue FriendlyName='SessionID' type='example:profile:attribute'>02b5e2df689b97067dc51a0cd2029510</AttributeValue><AttributeValue FriendlyName='Role' type='example:profile:role'>Public</AttributeValue></Attribute></AttributeStatement></samlp:Assertion><ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'><ds:SignedInfo><ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/><ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/><ds:Reference URI='122401A9D1742640618954CDD50CEC459150836A'><ds:Transforms><ds:Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature'/><ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'><InclusiveNamespaces PrefixList='#default saml ds xs xsi'/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/><ds:DigestValue>dQskOs0c6N7GbFJ13SbozqhEQTM=
+</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>d2rgUtclTSl7q68kZTkaFo8/rBZk/NEmkeKT7qM5doiVhHF4FrMuv7NdQVbQ
+Vi//wyYk6i9u8s13tsYnliSo+4xGbWl112LrAp8U2E8pLjMxqLYQHXw6qV3h
+TLhKw/k8sYS54nOye9t7M0VxHl+sKfX+YZFr8EI3ST2/BKFqm5c=
+</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDFTCCAn4CAQAwDQYJKoZIhvcNAQEEBQAwgdIxCzAJBgNVBAYTAlVTMRIw
+EAYDVQQIEwlNaW5uZXNvdGExEjAQBgNVBAcTCVJvY2hlc3RlcjElMCMGA1UE
+ChMcQ29ycG9yYXRlIFdlYiBTZXJ2aWNlcywgSW5jLjFAMD4GA1UECxM3TWF5
+byBNZWRpY2FsIExhYm9yYXRvcmllcyBQcm9maWxlIE1hbmFnZXIgSG9zdGVk
+IGJ5IENXUzEVMBMGA1UEAxMMbWF5by5jd3MubmV0MRswGQYJKoZIhvcNAQkB
+FgxseWxlQGN3cy5uZXQwHhcNMDcwODAxMTg1ODUzWhcNMzIwNzI1MTg1ODUz
+WjCB0jELMAkGA1UEBhMCVVMxEjAQBgNVBAgTCU1pbm5lc290YTESMBAGA1UE
+BxMJUm9jaGVzdGVyMSUwIwYDVQQKExxDb3Jwb3JhdGUgV2ViIFNlcnZpY2Vz
+LCBJbmMuMUAwPgYDVQQLEzdNYXlvIE1lZGljYWwgTGFib3JhdG9yaWVzIFBy
+b2ZpbGUgTWFuYWdlciBIb3N0ZWQgYnkgQ1dTMRUwEwYDVQQDEwxtYXlvLmN3
+cy5uZXQxGzAZBgkqhkiG9w0BCQEWDGx5bGVAY3dzLm5ldDCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA2+1yxxQTeBR+/ducTSVj7eR8krq/OI2LnYxh
+un18kVplOiDwUauqxZZL+ItZhC19/48k3f9YyGsRS1r2YNgOvWKXT8/GEMyI
+/Wk44l/7aUbNeVvdtXBdGdexy972RYH9jOkp4LRWQoJ4l6y1Bt7XesU8p/8Q
+Yd1V/LqUNHQmcq0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQAdSKl3LDTh6Z/p
+P31zMKHOx5VEHnyUmzfd5vl0tfB8a6uMv3NKe2knwHjx7vwwGboVsCS7X6Uu
+x+scXbkA8Rod34PyMQAKqzN8ePTlWywPrtbFJzRROj/7Du2uz83osacuW0bv
+0AoM/vII4Xbyc/f1OTZvI1ygIVlnbmGI+xJATQ==
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></samlp:ArtifactResponse>

data/test/expected.xml

@@ -0,0 +1,23 @@
+<samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="122401A9D1742640618954CDD50CEC459150836A" IssueInstant="2010-09-10T00:00:50-05:00" Version="2.0"><samlp:Status><samlp:StatusCode ID="A6B45394506685EAD93131AD335775015C49B52C" Value="urn:oasis:names:tc:SAML:2.0:status:Failure"></samlp:StatusCode></samlp:Status><samlp:Assertion ID="11B542652811C7A1AC8B8265D92AB293CCA66B26" IssueInstant="2010-09-10T00:00:50-05:00"><Issuer>example.net</Issuer><Subject><NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"></NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"></SubjectConfirmation></Subject><Conditions NotBefore="2010-09-10T00:00:50-05:00" NotOnOrAfter="2010-09-10T12:00:50-05:00"></Conditions><AuthnStatement AuthnInstant="2010-09-10T00:00:50-05:00"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthnContextClassRef></AuthnContext></AuthnStatement><AttributeStatement><Attribute Name="urn:example:profiles"><AttributeValue FriendlyName="type" type="example:profile:attribute">Person</AttributeValue><AttributeValue FriendlyName="SessionID" type="example:profile:attribute">02b5e2df689b97067dc51a0cd2029510</AttributeValue><AttributeValue FriendlyName="Role" type="example:profile:role">Public</AttributeValue></Attribute></AttributeStatement></samlp:Assertion><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="122401A9D1742640618954CDD50CEC459150836A"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default saml ds xs xsi"></InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>dQskOs0c6N7GbFJ13SbozqhEQTM=
+</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>d2rgUtclTSl7q68kZTkaFo8/rBZk/NEmkeKT7qM5doiVhHF4FrMuv7NdQVbQ
+Vi//wyYk6i9u8s13tsYnliSo+4xGbWl112LrAp8U2E8pLjMxqLYQHXw6qV3h
+TLhKw/k8sYS54nOye9t7M0VxHl+sKfX+YZFr8EI3ST2/BKFqm5c=
+</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDFTCCAn4CAQAwDQYJKoZIhvcNAQEEBQAwgdIxCzAJBgNVBAYTAlVTMRIw
+EAYDVQQIEwlNaW5uZXNvdGExEjAQBgNVBAcTCVJvY2hlc3RlcjElMCMGA1UE
+ChMcQ29ycG9yYXRlIFdlYiBTZXJ2aWNlcywgSW5jLjFAMD4GA1UECxM3TWF5
+byBNZWRpY2FsIExhYm9yYXRvcmllcyBQcm9maWxlIE1hbmFnZXIgSG9zdGVk
+IGJ5IENXUzEVMBMGA1UEAxMMbWF5by5jd3MubmV0MRswGQYJKoZIhvcNAQkB
+FgxseWxlQGN3cy5uZXQwHhcNMDcwODAxMTg1ODUzWhcNMzIwNzI1MTg1ODUz
+WjCB0jELMAkGA1UEBhMCVVMxEjAQBgNVBAgTCU1pbm5lc290YTESMBAGA1UE
+BxMJUm9jaGVzdGVyMSUwIwYDVQQKExxDb3Jwb3JhdGUgV2ViIFNlcnZpY2Vz
+LCBJbmMuMUAwPgYDVQQLEzdNYXlvIE1lZGljYWwgTGFib3JhdG9yaWVzIFBy
+b2ZpbGUgTWFuYWdlciBIb3N0ZWQgYnkgQ1dTMRUwEwYDVQQDEwxtYXlvLmN3
+cy5uZXQxGzAZBgkqhkiG9w0BCQEWDGx5bGVAY3dzLm5ldDCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA2+1yxxQTeBR+/ducTSVj7eR8krq/OI2LnYxh
+un18kVplOiDwUauqxZZL+ItZhC19/48k3f9YyGsRS1r2YNgOvWKXT8/GEMyI
+/Wk44l/7aUbNeVvdtXBdGdexy972RYH9jOkp4LRWQoJ4l6y1Bt7XesU8p/8Q
+Yd1V/LqUNHQmcq0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQAdSKl3LDTh6Z/p
+P31zMKHOx5VEHnyUmzfd5vl0tfB8a6uMv3NKe2knwHjx7vwwGboVsCS7X6Uu
+x+scXbkA8Rod34PyMQAKqzN8ePTlWywPrtbFJzRROj/7Du2uz83osacuW0bv
+0AoM/vII4Xbyc/f1OTZvI1ygIVlnbmGI+xJATQ==
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></samlp:ArtifactResponse>

data/test/helper.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'test/unit'
+require 'shoulda'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'xmlcanonicalizer'
+
+class Test::Unit::TestCase
+end

data/test/saml_assertion.xml

@@ -0,0 +1,10 @@
+<saml:Assertion ID='s272db1ff577ed4463edc408a3d7f3571aebf1696a' IssueInstant='2010-10-28T13:35:36Z' Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>
+<saml:Issuer>http://dev.example.com:8080/opensso</saml:Issuer><saml:Subject>
+<saml:NameID Format='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' NameQualifier='http://dev.example.com:8080/opensso'>person@example.com</saml:NameID><saml:SubjectConfirmation Method='urn:oasis:names:tc:SAML:2.0:cm:bearer'>
+<saml:SubjectConfirmationData InResponseTo='294e5540-c4c6-012d-1a98-0017f2dcb387' NotOnOrAfter='2010-10-28T13:45:36Z' Recipient='http://localhost:3000/auth/authenticate'/></saml:SubjectConfirmation>
+</saml:Subject><saml:Conditions NotBefore='2010-10-28T13:25:36Z' NotOnOrAfter='2010-10-28T13:45:36Z'>
+<saml:AudienceRestriction>
+<saml:Audience>saml-example</saml:Audience>
+</saml:AudienceRestriction>
+</saml:Conditions>
+<saml:AuthnStatement AuthnInstant='2010-10-28T13:35:36Z' SessionIndex='s2eddbcf944c22056cec33d0ea24a54217a164f601'><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name='name'><saml:AttributeValue xsi:type='xs:string' xmlns:xs='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'>happy</saml:AttributeValue></saml:Attribute><saml:Attribute Name='uuid'><saml:AttributeValue xsi:type='xs:string' xmlns:xs='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'>3c678d50-c357-012d-1a87-0017f2dcb387</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>

data/test/saml_expected_canonical_form.xml

@@ -0,0 +1,10 @@
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s272db1ff577ed4463edc408a3d7f3571aebf1696a" IssueInstant="2010-10-28T13:35:36Z" Version="2.0">
+<saml:Issuer>http://dev.example.com:8080/opensso</saml:Issuer><saml:Subject>
+<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="http://dev.example.com:8080/opensso">person@example.com</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+<saml:SubjectConfirmationData InResponseTo="294e5540-c4c6-012d-1a98-0017f2dcb387" NotOnOrAfter="2010-10-28T13:45:36Z" Recipient="http://localhost:3000/auth/authenticate"></saml:SubjectConfirmationData></saml:SubjectConfirmation>
+</saml:Subject><saml:Conditions NotBefore="2010-10-28T13:25:36Z" NotOnOrAfter="2010-10-28T13:45:36Z">
+<saml:AudienceRestriction>
+<saml:Audience>saml-example</saml:Audience>
+</saml:AudienceRestriction>
+</saml:Conditions>
+<saml:AuthnStatement AuthnInstant="2010-10-28T13:35:36Z" SessionIndex="s2eddbcf944c22056cec33d0ea24a54217a164f601"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="name"><saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">happy</saml:AttributeValue></saml:Attribute><saml:Attribute Name="uuid"><saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">3c678d50-c357-012d-1a87-0017f2dcb387</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>

data/test/test_xmlcanonicalizer.rb

@@ -0,0 +1,58 @@
+require File.dirname(File.expand_path(__FILE__))+'/helper'
+
+class TestXmlcanonicalizer < Test::Unit::TestCase
+  
+  should "canonicalize a simple xml file" do
+    xml_canonicalizer = XML::Util::XmlCanonicalizer.new(true,true)
+    xml = "<foo bar='test'/>";
+    rexml = REXML::Document.new(xml);
+    xml_canonicalized = xml_canonicalizer.canonicalize(rexml);
+    xml_expect = "<foo bar=\"test\"></foo>";
+    assert_equal xml_expect, xml_canonicalized
+  end
+  
+  should "canonicalize a complex xml file" do
+    fp = File.new(File.dirname(File.expand_path(__FILE__))+'/complex.xml','r')
+    xml = ''
+    while (l = fp.gets)
+      xml += l
+    end
+    fp.close
+    
+    xml_canonicalizer = XML::Util::XmlCanonicalizer.new(true,true)
+    rexml = REXML::Document.new(xml);
+    xml_canonicalized = xml_canonicalizer.canonicalize(rexml);
+    
+    fp = File.new(File.dirname(File.expand_path(__FILE__))+'/expected.xml','r')
+    xml_expect = ''
+    while (l = fp.gets)
+      xml_expect += l
+    end
+    fp.close
+    
+    assert_equal xml_expect, xml_canonicalized
+  end
+
+  should "canonicalize a saml xml file correctly" do
+    fp = File.new(File.dirname(File.expand_path(__FILE__))+'/saml_assertion.xml','r')
+    xml = ''
+    while (l = fp.gets)
+      xml += l
+    end
+    fp.close
+    
+    xml_canonicalizer = XML::Util::XmlCanonicalizer.new(false,true)
+    rexml = REXML::Document.new(xml);
+    xml_canonicalized = xml_canonicalizer.canonicalize(rexml);
+    
+    fp = File.new(File.dirname(File.expand_path(__FILE__))+'/saml_expected_canonical_form.xml','r')
+    xml_expect = ''
+    while (l = fp.gets)
+      xml_expect += l
+    end
+    fp.close
+    
+    assert_equal xml_expect, xml_canonicalized
+  end
+
+end

data/tests.watchr

@@ -0,0 +1,62 @@
+# Run me with:
+#
+#   $ watchr specs.watchr
+
+# --------------------------------------------------
+# Convenience Methods
+# --------------------------------------------------
+def all_test_files
+  Dir['test/**/test_*.rb']
+end
+
+def run_test_matching(thing_to_match)
+  matches = all_test_files.grep(/#{thing_to_match}/i)
+  if matches.empty?
+    puts "Sorry, thanks for playing, but there were no matches for #{thing_to_match}"  
+  else
+    run matches.join(' ')
+  end
+end
+
+def run(files_to_run)
+  puts("Running: #{files_to_run}")
+  system("ruby -Ilib -Itest #{files_to_run}")
+  no_int_for_you
+end
+
+def run_all_tests
+  run(all_test_files.join(' '))
+end
+
+# --------------------------------------------------
+# Watchr Rules
+# --------------------------------------------------
+watch('^test/test_(.*)\.rb'  )          { |m| run_test_matching(m[1]) }
+#watch('^app/(.*)\.rb'               )   { |m| run_test_matching(m[1]) }
+#watch('^app/views/(.*)/(.*)')           { |m| run_test_matching(m[1]) }
+watch('^lib/(.*)\.rb'               )   { |m| run_test_matching(m[1]) }
+watch('^lib/xml/util/xmlcanonicalizer.rb') { run('test/test_xmlcanonicalizer.rb')}
+
+# --------------------------------------------------
+# Signal Handling
+# --------------------------------------------------
+
+def no_int_for_you
+  @sent_an_int = nil
+end
+
+Signal.trap 'INT' do
+  if @sent_an_int then      
+    puts "   A second INT?  Ok, I get the message.  Shutting down now."
+    exit
+  else
+    puts "   Did you just send me an INT? Ugh.  I'll quit for real if you do it again."
+    @sent_an_int = true
+    Kernel.sleep 1.5
+    run_all_tests
+  end
+end
+
+puts "Save a file to get watchr's attention."
+
+# vim:ft=ruby

metadata

@@ -0,0 +1,96 @@
+--- !ruby/object:Gem::Specification 
+name: canonix
+version: !ruby/object:Gem::Version 
+  hash: 25
+  prerelease: 
+  segments: 
+  - 0
+  - 1
+  - 1
+  version: 0.1.1
+platform: ruby
+authors: 
+- Brendon Muir
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-06-16 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: thoughtbot-shoulda
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+description: |-
+  This is based on andrewferk's rewrite for Ruby 1.9 compatibility, but applies 
+        relevance's fix to ensure proper canonicalisation. It is intended that this be the new official 
+        Ruby Canonicaliser as the other project seems to be abandoned.
+email: brendon@spike.net.nz
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- .document
+- LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- canonix.gemspec
+- lib/xml/util/xmlcanonicalizer.rb
+- lib/xmlcanonicalizer.rb
+- test/complex.xml
+- test/expected.xml
+- test/helper.rb
+- test/saml_assertion.xml
+- test/saml_expected_canonical_form.xml
+- test/test_xmlcanonicalizer.rb
+- tests.watchr
+homepage: http://github.com/brendon/canonix
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.8.5
+signing_key: 
+specification_version: 3
+summary: XML Canonicalizer for Ruby >= 1.92
+test_files: []
+