RubyGems - nokogiri-xmlsec-ap - Versions diffs - 0.0.5 - Mend

nokogiri-xmlsec-ap 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

checksums.yaml +7 -0
data/.gitignore +21 -0
data/.rspec +2 -0
data/Gemfile +4 -0
data/Guardfile +13 -0
data/LICENSE.txt +22 -0
data/README.md +121 -0
data/Rakefile +30 -0
data/ext/nokogiri_ext_xmlsec/extconf.rb +20 -0
data/ext/nokogiri_ext_xmlsec/init.c +46 -0
data/ext/nokogiri_ext_xmlsec/nokogiri_decrypt_with_key.c +124 -0
data/ext/nokogiri_ext_xmlsec/nokogiri_encrypt_with_key.c +177 -0
data/ext/nokogiri_ext_xmlsec/nokogiri_helpers_set_attribute_id.c +43 -0
data/ext/nokogiri_ext_xmlsec/nokogiri_init.c +32 -0
data/ext/nokogiri_ext_xmlsec/nokogiri_sign_certificate.c +143 -0
data/ext/nokogiri_ext_xmlsec/nokogiri_sign_rsa.c +95 -0
data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_certificates.c +96 -0
data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_named_keys.c +106 -0
data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_rsa.c +56 -0
data/ext/nokogiri_ext_xmlsec/shutdown.c +12 -0
data/ext/nokogiri_ext_xmlsec/xmlsecrb.h +39 -0
data/lib/nokogiri-xmlsec.rb +1 -0
data/lib/xmlsec.rb +110 -0
data/lib/xmlsec/version.rb +3 -0
data/nokogiri-xmlsec.gemspec +36 -0
data/spec/fixtures/cert/server.crt +14 -0
data/spec/fixtures/cert/server.csr +11 -0
data/spec/fixtures/cert/server.key.decrypted +15 -0
data/spec/fixtures/cert/server.key.encrypted +18 -0
data/spec/fixtures/rsa.pem +15 -0
data/spec/fixtures/rsa.pub +6 -0
data/spec/fixtures/sign2-doc.xml +6 -0
data/spec/fixtures/sign2-result.xml +24 -0
data/spec/fixtures/sign3-result.xml +37 -0
data/spec/lib/nokogiri/xml/document/encryption_and_decryption_spec.rb +28 -0
data/spec/lib/nokogiri/xml/document/signing_and_verifying_spec.rb +70 -0
data/spec/spec_helper.rb +10 -0
metadata +197 -0

data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_rsa.c ADDED Viewed

@@ -0,0 +1,56 @@
+#include "xmlsecrb.h"
+VALUE verify_signature_with_rsa_key(VALUE self, VALUE rb_rsa_key) {
+  xmlDocPtr doc;
+  xmlNodePtr node = NULL;
+  xmlSecDSigCtxPtr dsigCtx = NULL;
+  char *rsaKey;
+  unsigned int rsaKeyLength;
+  VALUE result = Qfalse;
+  Data_Get_Struct(self, xmlDoc, doc);
+  rsaKey = RSTRING_PTR(rb_rsa_key);
+  rsaKeyLength = RSTRING_LEN(rb_rsa_key);
+  // find start node
+  node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+  if(node == NULL) {
+    rb_raise(rb_eVerificationError, "start node not found");
+    goto done;
+  }
+  // create signature context, we don't need keys manager in this example
+  dsigCtx = xmlSecDSigCtxCreate(NULL);
+  if(dsigCtx == NULL) {
+    rb_raise(rb_eVerificationError, "failed to create signature context");
+    goto done;
+  }
+  // load public key
+  dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)rsaKey,
+                                                  rsaKeyLength,
+                                                  xmlSecKeyDataFormatPem,
+                                                  NULL, // password
+                                                  NULL, NULL);
+  if(dsigCtx->signKey == NULL) {
+    rb_raise(rb_eVerificationError, "failed to load public pem key");
+    goto done;
+  }
+  // verify signature
+  if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+    rb_raise(rb_eVerificationError, "signature could not be verified");
+    goto done;
+  }
+  if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+    result = Qtrue;
+  }
+done:
+  if(dsigCtx != NULL) {
+    xmlSecDSigCtxDestroy(dsigCtx);
+  }
+  return result;
+}

data/ext/nokogiri_ext_xmlsec/shutdown.c ADDED Viewed

@@ -0,0 +1,12 @@
+#include "xmlsecrb.h"
+/* not actually called anywhere right now, but here for posterity */
+void Shutdown_xmlsecrb() {
+  xmlSecCryptoShutdown();
+  xmlSecCryptoAppShutdown();
+  xmlSecShutdown();
+  xsltCleanupGlobals();
+  #ifndef XMLSEC_NO_XSLT
+    xsltCleanupGlobals();
+  #endif /* XMLSEC_NO_XSLT */
+}

data/ext/nokogiri_ext_xmlsec/xmlsecrb.h ADDED Viewed

@@ -0,0 +1,39 @@
+#ifndef XMLSECRB_H
+#define XMLSECRB_H
+#include <ruby.h>
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+#include <libxml/xmlstring.h>
+#include <libxslt/xslt.h>
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/templates.h>
+#include <xmlsec/crypto.h>
+#include <xmlsec/dl.h>
+VALUE sign_with_key(VALUE self, VALUE rb_key_name, VALUE rb_rsa_key);
+VALUE sign_with_certificate(VALUE self, VALUE rb_key_name, VALUE rb_rsa_key, VALUE rb_cert, VALUE rb_cert_issuer_name, VALUE rb_cert_serial_number);
+VALUE verify_signature_with_rsa_key(VALUE self, VALUE rb_rsa_key);
+VALUE verify_signature_with_named_keys(VALUE self, VALUE rb_keys);
+VALUE verify_signature_with_certificates(VALUE self, VALUE rb_certs);
+VALUE encrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key);
+VALUE decrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key);
+VALUE set_id_attribute(VALUE self, VALUE rb_attr_name);
+void Init_Nokogiri_ext(void);
+extern VALUE rb_cNokogiri_XML_Document;
+extern VALUE rb_eSigningError;
+extern VALUE rb_eVerificationError;
+extern VALUE rb_eKeystoreError;
+extern VALUE rb_eEncryptionError;
+extern VALUE rb_eDecryptionError;
+#endif // XMLSECRB_H

data/lib/nokogiri-xmlsec.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require 'xmlsec'

data/lib/xmlsec.rb ADDED Viewed

@@ -0,0 +1,110 @@
+require "xmlsec/version"
+require 'nokogiri'
+require 'nokogiri_ext_xmlsec'
+class Nokogiri::XML::Document
+  # Signs this document, and then returns it.
+  #
+  # Examples:
+  #
+  #     doc.sign! key: 'rsa-private-key'
+  #     doc.sign! key: 'rsa-private-key', name: 'key-name'
+  #     doc.sign! x509: 'x509 certificate', key: 'cert private key'
+  #     doc.sign! x509: 'x509 certificate', key: 'cert private key',
+  #               name: 'key-name'
+  #
+  # You can also use `:cert` or `:certificate` as aliases for `:x509`.
+  #
+  def sign! opts
+    if (cert = opts[:x509]) || (cert = opts[:cert]) || (cert = opts[:certificate])
+      raise "need a private :key" unless opts[:key]
+      sign_with_certificate opts[:name].to_s, opts[:key], cert, opts[:issuer_name].to_s, opts[:serial_number].to_s
+    elsif opts[:key]
+      sign_with_key opts[:name].to_s, opts[:key]
+    else
+      raise "No private :key was given"
+    end
+    self
+  end
+  # Verifies the signature on the current document.
+  #
+  # Returns `true` if the signature is valid, `false` otherwise.
+  #
+  # Examples:
+  #
+  #     # Try to validate with the given public or private key
+  #     doc.verify_with key: 'rsa-key'
+  #
+  #     # Try to validate with a set of keys. It will try to match
+  #     # based on the contents of the `KeyName` element.
+  #     doc.verify_with({
+  #       'key-name'         => 'x509 certificate',
+  #       'another-key-name' => 'rsa-public-key'
+  #     })
+  #
+  #     # Try to validate with a trusted certificate
+  #     doc.verify_with(x509: 'certificate')
+  #
+  #     # Try to validate with a set of certificates, any one of which
+  #     # can match
+  #     doc.verify_with(x509: ['cert1', 'cert2'])
+  #
+  # You can also use `:cert` or `:certificate` or `:certs` or
+  # `:certificates` as aliases for `:x509`.
+  #
+  def verify_with opts_or_keys
+    if (certs = opts_or_keys[:x509]) ||
+       (certs = opts_or_keys[:cert]) ||
+       (certs = opts_or_keys[:certs]) ||
+       (certs = opts_or_keys[:certificate]) ||
+       (certs = opts_or_keys[:certificates])
+      certs = [certs] unless certs.kind_of?(Array)
+      verify_with_certificates certs
+    elsif opts_or_keys[:key]
+      verify_with_rsa_key opts_or_keys[:key]
+    else
+      verify_with_named_keys opts_or_keys
+    end
+  end
+  # Attempts to verify the signature of this document using only certificates
+  # installed on the system. This is equivalent to calling
+  # `verify_with certificates: []` (that is, an empty array).
+  #
+  def verify_signature
+    verify_with_certificates []
+  end
+  # Encrypts the current document, then returns it.
+  #
+  # Examples:
+  #
+  #     # encrypt with a public key and optional key name
+  #     doc.encrypt! key: 'public-key', name: 'name'
+  #
+  def encrypt! opts
+    if opts[:key]
+      encrypt_with_key opts[:name].to_s, opts[:key]
+    else
+      raise "public :key is required for encryption"
+    end
+    self
+  end
+  # Decrypts the current document, then returns it.
+  #
+  # Examples:
+  #
+  #     # decrypt with a specific private key
+  #     doc.decrypt! key: 'private-key'
+  #
+  def decrypt! opts
+    if opts[:key]
+      decrypt_with_key opts[:name].to_s, opts[:key]
+    else
+      raise 'inadequate options specified for decryption'
+    end
+    self
+  end
+end

data/lib/xmlsec/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Xmlsec
+  VERSION = '0.0.5'
+end

data/nokogiri-xmlsec.gemspec ADDED Viewed

@@ -0,0 +1,36 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'xmlsec/version'
+Gem::Specification.new do |spec|
+  spec.name          = "nokogiri-xmlsec-ap"
+  spec.version       = Xmlsec::VERSION
+  spec.authors       = ["Colin MacKenzie IV", "Justin Feng"]
+  spec.email         = ["justin.feng@afterpay.com"]
+  spec.description   = %q{Adds support to Ruby for encrypting, decrypting,
+    signing and validating the signatures of XML documents, according to the
+    [XML Encryption Syntax and Processing](http://www.w3.org/TR/xmlenc-core/)
+    standard, by wrapping around the [xmlsec](http://www.aleksey.com/xmlsec) C
+    library and adding relevant methods to `Nokogiri::XML::Document`.}
+  spec.summary       = %q{Wrapper around http://www.aleksey.com/xmlsec to
+    support XML encryption, decryption, signing and signature validation in
+    Ruby}
+  spec.homepage      = "https://github.com/justinfeng-ap/xmlsec"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.extensions = %w{ext/nokogiri_ext_xmlsec/extconf.rb}
+  spec.add_dependency 'nokogiri'
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rake-compiler"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "guard-rspec"
+  spec.add_development_dependency "guard-rake"
+end

data/spec/fixtures/cert/server.crt ADDED Viewed

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICLzCCAZgCCQCVuhhQ38rw0TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJV
+UzEQMA4GA1UECAwHR2VvcmdpYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTAgFw0xMzA1MjUxODQwMDRa
+GA8zMDEyMDkyNTE4NDAwNFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3Jn
+aWExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwO
+d3d3Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSql
+eymfHtzOeY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii
+3fqGBiHMkZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQ
+gSVEWpEpCSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAEwDQYJKoZIhvcNAQEFBQAD
+gYEATyK/RlfpohUVimgFkycTF2hyusjctseXoZDCctgg/STMsL8iA0P9YB6k91GC
+kWpwevuiwarD1MfSUV6goPINFkIBvfK+5R9lpHaTqqs615z8T9R5VJgaLcFe3tWd
+7oq3V2q5Nl6MrZfXj2N07qe6/9zfdauxYO26vAEKCvIkbMo=
+-----END CERTIFICATE-----

data/spec/fixtures/cert/server.csr ADDED Viewed

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExITAf
+BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOd3d3Lmdv
+b2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSqleymfHtzO
+eY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii3fqGBiHM
+kZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQgSVEWpEp
+CSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQB6
+8K0q16EAkGoYLFHvVHxpqk+annbB8ZqpbV43T12Ngx7KiMsdTjrgho0lP/OllHcr
+3vQ0yHnI1K1EeV9Q+/lXqaRl9ws3PL1QMOFm4XD1uIEPG+umRYgrjuZhFab+2Zfs
+rgyILF2yRSy0oVeTBxVK5igV6qYcXFFBRIj7nnV8Jg==
+-----END CERTIFICATE REQUEST-----

data/spec/fixtures/cert/server.key.decrypted ADDED Viewed

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCxOKEqpXspnx7cznmPOlsr37I2Zms9l5yKPXc2bCu9cjBCpIL1
+0J52MvaStDWmHBtAdIXIot36hgYhzJGWNgThlsAgv8DpiQsy6vaunGj1lLO9WZKP
+oefS2qlfd78w5mWl2HxaEIElRFqRKQkqOetMdJkri5yWHUEM2fy+sb8WdQIDAQAB
+AoGAB1d8PcMLPicsZSNcn9VgD4o93MkTakLMpmFzfdqvWTLQ0wHztvFEj0r/Mgar
+Lk19x4bMQAqXPZitylqqMVndi9U8squvAvkZcgYL57MNQRgmLtjSMfk4wCY9ieDa
+newt4cP7nGN/ZkU5R0lRMGExKSrMZW8HAkK4WJpbfnOpwGECQQDkoggBRH4aFlaj
+Xhw+mSIxOpmzFBhXZ0z+bvoCipPKIhbnwKt0dupn0xAwatNmakBt0p46SFOgW8QQ
+TV51G/bdAkEAxm8yEod77IM6bhLL+3h/nsGOGsA0xs22U6FBrz34Nvd4gwmICMcF
+t4P3iHYzJfUt+Z2zv5ucX2tuD4uoWsqIeQJAercdZNDGfmoPBpC0yESZPaMebCgV
+CJTBlq8qMcL/oDa75Jhdbp2FI0T+I36zCP1up4OsucuoVyHqEnX0hRcFYQJAD3Nz
+E6xHAviI4S9HgNI2JbduiDi1I1G7Q7HHuox5ulX0pUdlt0E/+bUl3hNOEkOQC+Ky
+r1W/jFKCJGW8ey1QCQJAYDh1BmlLswafEnkNmwydNz4gVflHJvsF8A1c2wJVytkT
+3HVWvwOAfcumDNDNkSUJ+0DQs17qgOMCDwFgFzUb+Q==
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/cert/server.key.encrypted ADDED Viewed

@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6F8CC52C2E211FF4
+T5g21oYrsS435g2GRNBFs+IwpKYAsF0RDt9SNuCXp6hD2MbcF3q8Su/wvj9inAZi
+S7V8Qp8mmBsjo+vh0oTggVFmk7/fyTAa6ltQL+1UH7b8vecgGFKSBV8TG3+k9S4C
+ZgXyR9pTgzQx+8M5LrnOnM8fpf638xouHvMo7zTFPhimehIMrMcXAyRZaRfcDhlg
+YR+JRvSa0Q9vxhsC19fjfnlU7FdV8B9Ypo/+23TNmKpfU99oV6oPNoiWzkziKtvZ
+mwYjrYw6r91ANFCRIux5+CjfOqVxissxzmZ5vyV89LoXjLAEDVmv2vJ+8w2b8zAN
+FAXtcx74MutSQQBrG4xffwwRJwf0uPhzMohRoiholOoaMFSOFBasA+phn7hr7m9a
+JWj4icCRVZlm+rztbbiapBUtm4ER1tdBGr84TgqasM5CK/qhXt9CCnUBRaimIwad
+9dib2jnkzuqlyrdzLyaFU0IRSq+GQAK7sgya/V2q96lWdzejMGx/07hL6lvPY/h7
+o8puMwpCK4XKYantqXL26oCxSgcrlA2nlR+SfmRKhwDwy8rPsTBm55BxwGr8Jj+9
+6bY6VOR+vZkjSVDKNBOq8gUJvPksQV0CK0eSgPTli0ncCInzFPeLGISIa90rFD7I
+97w/ZzTywVnTWO9DhedliwqDSOOYTdVoRfygQfpaFoa1aqR9tKWoc30kbqXvgvUR
+mlDwiY1zxpKsTHKu7omf0bp5m8dlW4EarWgTsTRQ8EOHoIucgjdaSxPEDDi8WGOW
+Nbqb2ZZz7wsIL71XgC13A+va1C0F709PK/Xnd5IwRf8=
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/rsa.pem ADDED Viewed

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQC15La+LSmHNUs/yqzSuzKdBUED1OfaOZpBp8zxAAQy7VlTrqRh
+/eiJH3VSeRRZEygORvtLgi/teF2P+z/mfJ6IHIdCdkn8MF4CCCQKkjm7JKRrKfK5
+fOUp1NZF22oP8x0L4j67NYCtR9F6KIkV5A6FPAZGI8nsHnyJzRwqmG2xbQIDAQAB
+AoGBAJDT2UW3g/dqUc4rPExWTUiFJG0+mpVBhDd+ukmyL6W1Iojk53I2z25PJAVU
+7wS1ohEsJ27J7Aty6Vx5Ozn0Q+zYVaKRSxcazNeGbwS0UaGrN0lMvWDs7RmVGCdx
+bI2LUTQ88Bl94dW4QObAub+wMOL6xmVEVrJssZnm+CIqS2UBAkEA49QDNB//oHmi
+iqD4SFotE8Lz80qBGHN15YIm80TKUR2k1LusZl6R5+2nYTF2vPsG+HGXPbkGhqTn
+JL9GMBv7TQJBAMxinne8+bKTvOl/hhdAohFs7aHUBZhZOEuXIf1jYENASk2weYC6
+95SlHvWcwPHfqVbpwt83sGL8aDm8CCPYPqECQQDEFRQQx72GC0oG0FYAR4RmbrLx
+YN1NAwqkVmlZlIogWEgmQ8Q0cw5Ws+cMMrtEGTU9nN4TZGymc8TwjqNFAsA9AkEA
+ol8Cp/uQn6cxIIt4Gsb1OkTAcJ0BKOxQhfT2QtiNJEBSB3BYxsVCZWvcsaGrwzw9
+yteBQlZ6odkGcD+Kc/eaoQJAH+0a7jlHDu2VCHI63OiNZQJ8J9oxaPvWZyKYSaCO
+iGvon/Z6KGQhXMedPDaCH7UjeMle5AVhjSrSvF6OglgZ9g==
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/rsa.pub ADDED Viewed

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC15La+LSmHNUs/yqzSuzKdBUED
+1OfaOZpBp8zxAAQy7VlTrqRh/eiJH3VSeRRZEygORvtLgi/teF2P+z/mfJ6IHIdC
+dkn8MF4CCCQKkjm7JKRrKfK5fOUp1NZF22oP8x0L4j67NYCtR9F6KIkV5A6FPAZG
+I8nsHnyJzRwqmG2xbQIDAQAB
+-----END PUBLIC KEY-----

data/spec/fixtures/sign2-doc.xml ADDED Viewed

@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<Envelope xmlns="urn:envelope">
+  <Data>
+  Hello, World!
+  </Data>
+</Envelope>

data/spec/fixtures/sign2-result.xml ADDED Viewed

@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<Envelope xmlns="urn:envelope">
+  <Data>
+  Hello, World!
+  </Data>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<Reference>
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<DigestValue>Te51eBcV78RHrLH5Dv0P24r8vW8=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>DPwu/iB8Sx21tywM69YUztjuMbKdAsfwOniDWlabk2jmEgbtwPlKFgZ9A5wdZbFj
+D+SGQrv0y0d0UV8SBV5zeAeyyX7uwpm45iEbtQjirC6oaJ5Eu9caBCRqbcxNSTdR
+yKGnO1r+dK/9T/MFANce39wBaeOUzo2qJe2128iWal4=</SignatureValue>
+<KeyInfo>
+<KeyName>test</KeyName>
+</KeyInfo>
+</Signature></Envelope>

data/spec/fixtures/sign3-result.xml ADDED Viewed

@@ -0,0 +1,37 @@
+<?xml version="1.0"?>
+<Envelope xmlns="urn:envelope">
+  <Data>
+  Hello, World!
+  </Data>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<Reference>
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<DigestValue>Te51eBcV78RHrLH5Dv0P24r8vW8=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>FNY3KHaZF2vVo/WKCRftatol0c22ozKn7S6Uw+GGjfAodlZwSPU5yq6rbfEBpMIi
+igz6OFpeB5fFOIJM7n428uT+tcE48AnmHvh2Dd+THs5NgGxIrogfYQGyzvX/GHox
+bmLwCVE/mRMHEG3UY67WctjP5DaSk0VCANpMnBnn+g4=</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>MIICLzCCAZgCCQCVuhhQ38rw0TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJV
+UzEQMA4GA1UECAwHR2VvcmdpYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTAgFw0xMzA1MjUxODQwMDRa
+GA8zMDEyMDkyNTE4NDAwNFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3Jn
+aWExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwO
+d3d3Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSql
+eymfHtzOeY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii
+3fqGBiHMkZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQ
+gSVEWpEpCSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAEwDQYJKoZIhvcNAQEFBQAD
+gYEATyK/RlfpohUVimgFkycTF2hyusjctseXoZDCctgg/STMsL8iA0P9YB6k91GC
+kWpwevuiwarD1MfSUV6goPINFkIBvfK+5R9lpHaTqqs615z8T9R5VJgaLcFe3tWd
+7oq3V2q5Nl6MrZfXj2N07qe6/9zfdauxYO26vAEKCvIkbMo=</X509Certificate>
+</X509Data>
+</KeyInfo>
+</Signature></Envelope>

data/spec/lib/nokogiri/xml/document/encryption_and_decryption_spec.rb ADDED Viewed

@@ -0,0 +1,28 @@
+require 'spec_helper'
+describe "encryption and decryption:" do
+  subject do
+    Nokogiri::XML(fixture('sign2-doc.xml'))
+  end
+  describe 'encrypting with an RSA public key' do
+    before do
+      @original = subject.to_s
+      subject.encrypt! key: fixture('rsa.pub'), name: 'test'
+    end
+    # it generates a new key every time so will never match the fixture
+    specify { subject.to_s.should_not == @original }
+    specify { subject.to_s.should_not =~ /Hello.*World/i }
+    # specify { subject.to_s.should == fixture('encrypt2-result.xml') }
+    describe 'decrypting with the RSA private key' do
+      before do
+        subject.decrypt! key: fixture('rsa.pem'), name: 'test'
+      end
+      specify { subject.to_s.should == fixture('sign2-doc.xml') }
+    end
+  end
+end