nokogiri-xmlsec-instructure 0.10.3 → 0.11.0

data/ext/nokogiri_ext_xmlsec/nokogiri_sign.c

@@ -1,254 +0,0 @@
-#include "xmlsecrb.h"
-
-#include "options.h"
-#include "util.h"
-
-// Appends an xmlsig <dsig:Signature> node to document stored in |self|
-// with a signature based on the given key and cert.
-//
-// Expects a ruby hash for the signing arguments.
-// Hash parameters:
-//   :key - A PEM encoded rsa key for signing.
-//   :cert - The public cert to include with the signature.
-//   :signature_alg - Algorithm identified by the URL fragment. Supported algorithms
-//             taken from http://www.w3.org/TR/xmldsig-core
-//   :digest_alg - Algorithm identified by the URL fragment. Supported algorithms
-//             taken from http://www.w3.org/TR/xmldsig-core
-//   :name - [optional] String with name of the rsa key.
-//   :uri - [optional] The URI attribute for the <Reference> node in the
-//          signature.
-//   :store_references - [optional] If true, the options hash will be modified,
-//             and this value will be replaced with pre-digest buffer for
-//             debugging purposes
-VALUE sign(VALUE self, VALUE rb_opts) {
-  VALUE rb_exception_result = Qnil;
-  const char* exception_message = NULL;
-
-  xmlDocPtr doc = NULL;
-  xmlNodePtr envelopeNode = NULL;
-  xmlNodePtr signNode = NULL;
-  xmlNodePtr refNode = NULL;
-  xmlNodePtr keyInfoNode = NULL;
-  xmlSecDSigCtxPtr dsigCtx = NULL;
-  char *keyName = NULL;
-  char *certificate = NULL;
-  char *rsaKey = NULL;
-  char *refUri = NULL;
-  unsigned int rsaKeyLength = 0;
-  unsigned int certificateLength = 0;
-  VALUE rb_references = Qnil;
-  int store_references = 0;
-  VALUE rb_pre_digest_buffer_sym, rb_reference, rb_pre_digest_buffer;
-  xmlSecSize pos;
-
-  VALUE rb_rsa_key = rb_hash_aref(rb_opts, ID2SYM(rb_intern("key")));
-  VALUE rb_cert = rb_hash_aref(rb_opts, ID2SYM(rb_intern("cert")));
-  VALUE rb_signature_alg = rb_hash_aref(rb_opts, ID2SYM(rb_intern("signature_alg")));
-  VALUE rb_digest_alg = rb_hash_aref(rb_opts, ID2SYM(rb_intern("digest_alg")));
-  VALUE rb_uri = rb_hash_aref(rb_opts, ID2SYM(rb_intern("uri")));
-  VALUE rb_key_name = rb_hash_aref(rb_opts, ID2SYM(rb_intern("name")));
-  VALUE rb_store_references = rb_hash_aref(rb_opts, ID2SYM(rb_intern("store_references")));
-
-  resetXmlSecError();
-
-  Check_Type(rb_rsa_key, T_STRING);
-  Check_Type(rb_signature_alg, T_STRING);
-  Check_Type(rb_digest_alg, T_STRING);
-
-  rsaKey = RSTRING_PTR(rb_rsa_key);
-  rsaKeyLength = RSTRING_LEN(rb_rsa_key);
-
-  if (!NIL_P(rb_cert)) {
-    Check_Type(rb_cert, T_STRING);
-    certificate = RSTRING_PTR(rb_cert);
-    certificateLength = RSTRING_LEN(rb_cert);
-  }
-  if (!NIL_P(rb_key_name))  {
-    Check_Type(rb_key_name, T_STRING);
-    keyName = StringValueCStr(rb_key_name);
-  }
-  if (!NIL_P(rb_uri)) {
-    Check_Type(rb_uri, T_STRING);
-    refUri = StringValueCStr(rb_uri);
-  }
-  switch (TYPE(rb_store_references)) {
-    case T_TRUE:
-      store_references = 1;
-      break;
-    case T_FALSE:
-    case T_NIL:
-      break;
-    default:
-      Check_Type(rb_store_references, T_TRUE);
-      break;
-  }
-
-  xmlSecTransformId signature_algorithm = GetSignatureMethod(rb_signature_alg,
-      &rb_exception_result, &exception_message);
-  if (signature_algorithm == xmlSecTransformIdUnknown) {
-    // Propagate exception.
-    goto done;
-  }
-
-  Noko_Node_Get_Struct(self, xmlNode, envelopeNode);
-  doc = envelopeNode->doc;
-  // create signature template for enveloped signature.
-  signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
-                                       signature_algorithm, NULL);
-  if (signNode == NULL) {
-    rb_exception_result = rb_eSigningError;
-    exception_message = "failed to create signature template";
-    goto done;
-  }
-
-  // add <dsig:Signature/> node to the doc
-  xmlAddChild(envelopeNode, signNode);
-
-  // add reference
-  xmlSecTransformId digest_algorithm = GetDigestMethod(rb_digest_alg,
-      &rb_exception_result, &exception_message);
-  if (digest_algorithm == xmlSecTransformIdUnknown) {
-    // Propagate exception.
-    goto done;
-  }
-  refNode = xmlSecTmplSignatureAddReference(signNode, digest_algorithm,
-                                            NULL, (const xmlChar *)refUri, NULL);
-  if(refNode == NULL) {
-    rb_exception_result = rb_eSigningError;
-    exception_message = "failed to add reference to signature template";
-    goto done;
-  }
-
-  // add enveloped transform
-  if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
-    rb_exception_result = rb_eSigningError;
-    exception_message = "failed to add enveloped transform to reference";
-    goto done;
-  }
-
-  if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformExclC14NId) == NULL) {
-    rb_exception_result = rb_eSigningError;
-    exception_message = "failed to add canonicalization transform to reference";
-    goto done;
-  }
-
-  // add <dsig:KeyInfo/>
-  keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
-  if(keyInfoNode == NULL) {
-    rb_exception_result = rb_eSigningError;
-    exception_message = "failed to add key info";
-    goto done;
-  }
-
-  if(certificate) {
-    // add <dsig:X509Data/>
-    if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
-      rb_exception_result = rb_eSigningError;
-      exception_message = "failed to add X509Data node";
-      goto done;
-    }
-  }
-
-  if(keyName) {
-    // add <dsig:KeyName/>
-    if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
-      rb_exception_result = rb_eSigningError;
-      exception_message = "failed to add key name";
-      goto done;
-    }
-  }
-
-  // create signature context, we don't need keys manager in this example
-  dsigCtx = createDSigContext(NULL);
-  if(dsigCtx == NULL) {
-    rb_exception_result = rb_eSigningError;
-    exception_message = "failed to create signature context";
-    goto done;
-  }
-  if (store_references) {
-    dsigCtx->flags |= XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES |
-      XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES;
-  }
-
-  // load private key, assuming that there is not password
-  dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)rsaKey,
-                                                  rsaKeyLength,
-                                                  xmlSecKeyDataFormatPem,
-                                                  NULL, // password
-                                                  NULL,
-                                                  NULL);
-  if(dsigCtx->signKey == NULL) {
-    rb_exception_result = rb_eSigningError;
-    exception_message = "failed to load private key";
-    goto done;
-  }
-  
-  if(keyName) {
-    // set key name
-    if(xmlSecKeySetName(dsigCtx->signKey, (xmlSecByte *)keyName) < 0) {
-      rb_exception_result = rb_eSigningError;
-      exception_message = "failed to set key name";
-      goto done;
-    }
-  }
-
-  if(certificate) {
-    // load certificate and add to the key
-    if(xmlSecCryptoAppKeyCertLoadMemory(dsigCtx->signKey,
-                                        (xmlSecByte *)certificate,
-                                        certificateLength,
-                                        xmlSecKeyDataFormatPem) < 0) {
-      rb_exception_result = rb_eSigningError;
-      exception_message = "failed to load certificate";
-      goto done;
-    }
-  }
-
-  // sign the template
-  if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) {
-    rb_exception_result = rb_eSigningError;
-    exception_message = "signature failed";
-    goto done;
-  }
-  if (store_references) {
-    rb_pre_digest_buffer_sym = ID2SYM(rb_intern("pre_digest_buffer"));
-    rb_references = rb_ary_new2(xmlSecPtrListGetSize(&dsigCtx->signedInfoReferences));
-    rb_hash_aset(rb_opts, ID2SYM(rb_intern("references")), rb_references);
-
-    for(pos = 0; pos < xmlSecPtrListGetSize(&dsigCtx->signedInfoReferences); ++pos) {
-      rb_reference = rb_hash_new();
-      rb_ary_push(rb_references, rb_reference);
-      xmlSecDSigReferenceCtxPtr dsigRefCtx = (xmlSecDSigReferenceCtxPtr)xmlSecPtrListGetItem(&dsigCtx->signedInfoReferences, pos);
-      xmlSecBufferPtr pre_digest_buffer = xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx);
-      if (pre_digest_buffer && xmlSecBufferGetData(pre_digest_buffer)) {
-        rb_pre_digest_buffer = rb_str_new((const char *)xmlSecBufferGetData(pre_digest_buffer), xmlSecBufferGetSize(pre_digest_buffer));
-        rb_hash_aset(rb_reference, rb_pre_digest_buffer_sym, rb_pre_digest_buffer);
-      }
-    }
-  }
-
-done:
-  if(dsigCtx != NULL) {
-    xmlSecDSigCtxDestroy(dsigCtx);
-  }
-
-  xmlSecErrorsSetCallback(xmlSecErrorsDefaultCallback);
-
-  if(rb_exception_result != Qnil) {
-    // remove the signature node before raising an exception, so that
-    // the document is untouched
-    if (signNode != NULL) {
-      xmlUnlinkNode(signNode);
-      xmlFreeNode(signNode);
-    }
-
-    if (hasXmlSecLastError()) {
-      rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,
-               getXmlSecLastError());
-    } else {
-      rb_raise(rb_exception_result, "%s", exception_message);
-    }
-  }
-
-  return Qnil;
-}

data/ext/nokogiri_ext_xmlsec/nokogiri_verify_with.c

@@ -1,261 +0,0 @@
-#include "xmlsecrb.h"
-#include "util.h"
-
-// Constructs a xmlSecKeysMngrPtr and adds all the certs included in |rb_certs|
-// array as trusted certificates.
-static xmlSecKeysMngrPtr createKeyManagerWithRbCertArray(
-    VALUE rb_certs,
-    VALUE* rb_exception_result_out,
-    const char** exception_message_out) {
-  VALUE rb_exception_result = Qnil;
-  const char* exception_message = NULL;
-
-  int i = 0;
-  int numCerts = RARRAY_LEN(rb_certs);
-  xmlSecKeysMngrPtr keyManager = xmlSecKeysMngrCreate();
-  VALUE rb_cert = Qnil;
-  char *cert = NULL;
-  unsigned int certLength = 0;
-  int numSuccessful = 0;
-
-  if (keyManager == NULL) {
-    rb_exception_result = rb_eDecryptionError;
-    exception_message = "failed to create keys manager.";
-    goto done;
-  }
-
-  if (xmlSecCryptoAppDefaultKeysMngrInit(keyManager) < 0) {
-    rb_exception_result = rb_eKeystoreError;
-    exception_message = "could not initialize key manager";
-    goto done;
-  }
-
-  for (i = 0; i < numCerts; i++) {
-    rb_cert = RARRAY_PTR(rb_certs)[i];
-    rb_cert = rb_obj_as_string(rb_cert);
-    Check_Type(rb_cert, T_STRING);
-    cert = RSTRING_PTR(rb_cert);
-    certLength = RSTRING_LEN(rb_cert);
-
-    if(xmlSecCryptoAppKeysMngrCertLoadMemory(keyManager,
-                                             (xmlSecByte *)cert,
-                                             certLength,
-                                             xmlSecKeyDataFormatPem,
-                                             xmlSecKeyDataTypeTrusted) < 0) {
-      rb_warn("failed to load certificate at index %d", i);
-    } else {
-      numSuccessful++;
-    }
-  }
-
-  // note, numCerts could be zero, meaning that we should use system SSL certs
-  if (numSuccessful == 0 && numCerts != 0) {
-    rb_exception_result = rb_eKeystoreError;
-    exception_message = "Could not load any of the specified certificates for signature verification";
-    goto done;
-  }
-
-done:
-  if (!NIL_P(rb_exception_result)) {
-    if (keyManager) {
-      xmlSecKeysMngrDestroy(keyManager);
-      keyManager = NULL;
-    }
-  }
-
-  *rb_exception_result_out = rb_exception_result;
-  *exception_message_out = exception_message;
-  return keyManager;
-}
-
-static int addRubyKeyToManager(VALUE rb_key, VALUE rb_value, VALUE rb_manager) {
-  xmlSecKeysMngrPtr keyManager = (xmlSecKeysMngrPtr)rb_manager;
-  char *keyName, *keyData;
-  unsigned int keyDataLength;
-  xmlSecKeyPtr key;
-
-  Check_Type(rb_key, T_STRING);
-  Check_Type(rb_value, T_STRING);
-  keyName = RSTRING_PTR(rb_key);
-  keyData = RSTRING_PTR(rb_value);
-  keyDataLength = RSTRING_LEN(rb_value);
-
-  // load key
-  key = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)keyData,
-                                     keyDataLength,
-                                     xmlSecKeyDataFormatPem,
-                                     NULL, // password
-                                     NULL, NULL);
-  if (key == NULL) {
-    rb_warn("failed to load '%s' public or private pem key", keyName);
-    return ST_CONTINUE;
-  }
-
-  // set key name
-  if (xmlSecKeySetName(key, BAD_CAST keyName) < 0) {
-    rb_warn("failed to set key name for key '%s'", keyName);
-    return ST_CONTINUE;
-  }
-
-  // add key to key manager; from now on the manager is responsible for
-  // destroying the key
-  if (xmlSecCryptoAppDefaultKeysMngrAdoptKey(keyManager, key) < 0) {
-    rb_warn("failed to add key '%s' to key manager", keyName);
-    return ST_CONTINUE;
-  }
-
-  return ST_CONTINUE;
-}
-
-// Constructs a xmlSecKeysMngr and adds all the named to key mappings
-// specified by the |rb_hash| to the key manager.
-//
-// Caller takes ownership. Free with xmlSecKeysMngrDestroy().
-static xmlSecKeysMngrPtr createKeyManagerFromNamedKeys(
-    VALUE rb_hash,
-    VALUE* rb_exception_result_out,
-    const char** exception_message_out) {
-  xmlSecKeysMngrPtr keyManager = xmlSecKeysMngrCreate();
-  if (keyManager == NULL) return NULL;
-  if (xmlSecCryptoAppDefaultKeysMngrInit(keyManager) < 0) {
-    *rb_exception_result_out = rb_eKeystoreError;
-    *exception_message_out = "could not initialize key manager";
-    xmlSecKeysMngrDestroy(keyManager);
-    return NULL;
-  }
-
-  rb_hash_foreach(rb_hash, addRubyKeyToManager, (VALUE)keyManager);
-
-  return keyManager;
-}
-
-VALUE verify_with(VALUE self, VALUE rb_opts) {
-  VALUE rb_exception_result = Qnil;
-  const char* exception_message = NULL;
-
-  xmlNodePtr node = NULL;
-  xmlSecDSigCtxPtr dsigCtx = NULL;
-  xmlSecKeysMngrPtr keyManager = NULL;
-  VALUE rb_certs, rb_cert;
-  VALUE rb_rsa_key;
-  VALUE rb_verification_time, rb_verification_depth, rb_verify_certificates;
-  char *rsa_key = NULL;
-  unsigned int rsa_key_length = 0;
-  VALUE result = Qfalse;
-
-  resetXmlSecError();
-
-  Check_Type(rb_opts, T_HASH);
-  Noko_Node_Get_Struct(self, xmlNode, node);
-
-  // verify start node
-  if(!xmlSecCheckNodeName(node, xmlSecNodeSignature, xmlSecDSigNs)) {
-    rb_exception_result = rb_eVerificationError;
-    exception_message = "Can only verify a Signature node";
-    goto done;
-  }
-
-  rb_certs = rb_hash_aref(rb_opts, ID2SYM(rb_intern("cert")));
-  if (NIL_P(rb_certs)) {
-    rb_certs = rb_hash_aref(rb_opts, ID2SYM(rb_intern("certs")));
-  }
-
-  rb_verification_depth = rb_hash_aref(rb_opts, ID2SYM(rb_intern("verification_depth")));
-  rb_verification_time = rb_hash_aref(rb_opts, ID2SYM(rb_intern("verification_time")));
-  rb_verify_certificates = rb_hash_aref(rb_opts, ID2SYM(rb_intern("verify_certificates")));
-
-  if (!NIL_P(rb_certs)) {
-    if(TYPE(rb_certs) != T_ARRAY) {
-      rb_cert = rb_certs;
-      rb_certs = rb_ary_new();
-      rb_ary_push(rb_certs, rb_cert);
-    }
-
-    keyManager = createKeyManagerWithRbCertArray(rb_certs, &rb_exception_result,
-                                                 &exception_message);
-    if (keyManager == NULL) {
-      // Propagate exception.
-      goto done;
-    }
-  } else if (!NIL_P(rb_rsa_key = rb_hash_aref(rb_opts, ID2SYM(rb_intern("key"))))) {
-    Check_Type(rb_rsa_key,  T_STRING);
-    rsa_key = RSTRING_PTR(rb_rsa_key);
-    rsa_key_length = RSTRING_LEN(rb_rsa_key);
-  } else {
-    keyManager = createKeyManagerFromNamedKeys(rb_opts, &rb_exception_result,
-                                               &exception_message);
-    if (keyManager == NULL) {
-      // Propagate exception.
-      goto done;
-    }
-  }
-
-  // Create signature context.
-  dsigCtx = createDSigContext(keyManager);
-  if(dsigCtx == NULL) {
-    rb_exception_result = rb_eVerificationError;
-    exception_message = "failed to create signature context";
-    goto done;
-  }
-
-  if(!NIL_P(rb_verification_time)) {
-    rb_verification_time = rb_Integer(rb_verification_time);
-    dsigCtx->keyInfoReadCtx.certsVerificationTime = (time_t)NUM2LONG(rb_verification_time);
-  }
-
-  if(rb_verify_certificates == Qfalse) {
-    dsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
-  }
-
-  if(!NIL_P(rb_verification_depth)) {
-    rb_verification_depth = rb_Integer(rb_verification_depth);
-    dsigCtx->keyInfoReadCtx.certsVerificationDepth = (time_t)NUM2LONG(rb_verification_depth);
-  }
-
-  if(rsa_key) {
-    // load public key
-    dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)rsa_key,
-                                                    rsa_key_length,
-                                                    xmlSecKeyDataFormatPem,
-                                                    NULL, // password
-                                                    NULL, NULL);
-    if(dsigCtx->signKey == NULL) {
-      rb_exception_result = rb_eVerificationError;
-      exception_message = "failed to load public pem key";
-      goto done;
-    }
-  }
-
-  // verify signature
-  if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
-    rb_exception_result = rb_eVerificationError;
-    exception_message = "error occurred during signature verification";
-    goto done;
-  }
-      
-  if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
-    result = Qtrue;
-  }    
-
-done:
-  if(dsigCtx != NULL) {
-    xmlSecDSigCtxDestroy(dsigCtx);
-  }
-
-  if (keyManager != NULL) {
-    xmlSecKeysMngrDestroy(keyManager);
-  }
-
-  xmlSecErrorsSetCallback(xmlSecErrorsDefaultCallback);
-
-  if(!NIL_P(rb_exception_result)) {
-    if (hasXmlSecLastError()) {
-      rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,
-               getXmlSecLastError());
-    } else {
-      rb_raise(rb_exception_result, "%s", exception_message);
-    }
-  }
-
-  return result;
-}

data/ext/nokogiri_ext_xmlsec/options.c

@@ -1,166 +0,0 @@
-#include "options.h"
-
-#include "common.h"
-
-#if (XMLSEC_VERSION_MAJOR > 1) || (XMLSEC_VERSION_MAJOR == 1 && (XMLSEC_VERSION_MINOR > 2 || (XMLSEC_VERSION_MINOR == 2 && XMLSEC_VERSION_SUBMINOR >= 20)))
-# define HAS_ECDSA 1
-#else
-# define HAS_ECDSA 0
-#endif
-
-// Key Transport Strings.
-static const char RSA1_5[] = "rsa-1_5";
-static const char RSA_OAEP_MGF1P[] = "rsa-oaep-mgf1p";
-
-// Block Encryption Strings.
-static const char TRIPLEDES_CBC[] = "tripledes-cbc";
-static const char AES128_CBC[] = "aes128-cbc";
-static const char AES256_CBC[] = "aes256-cbc";
-static const char AES192_CBC[] = "aes192-cbc";
-
-// Supported signature algorithms taken from #6 of
-// http://www.w3.org/TR/xmldsig-core1/
-static const char RSA_SHA1[] = "rsa-sha1";
-static const char RSA_SHA224[] = "rsa-sha224";
-static const char RSA_SHA256[] = "rsa-sha256";
-static const char RSA_SHA384[] = "rsa-sha384";
-static const char RSA_SHA512[] = "rsa-sha512";
-static const char DSA_SHA1[] = "dsa-sha1";
-
-#if HAS_ECDSA
-static const char ECDSA_SHA1[] = "ecdsa-sha1";
-static const char ECDSA_SHA224[] = "ecdsa-sha224";
-static const char ECDSA_SHA256[] = "ecdsa-sha256";
-static const char ECDSA_SHA384[] = "ecdsa-sha384";
-static const char ECDSA_SHA512[] = "ecdsa-sha512";
-static const char DSA_SHA256[] = "dsa-sha256";
-#endif  // HAS_ECDSA
-
-// Supported digest algorithms taken from #6 of
-// http://www.w3.org/TR/xmldsig-core1/
-static const char DIGEST_SHA1[] = "sha1";
-static const char DIGEST_SHA224[] = "sha224";
-static const char DIGEST_SHA256[] = "sha256";
-static const char DIGEST_SHA384[] = "sha384";
-static const char DIGEST_SHA512[] = "sha512";
-
-BOOL GetXmlEncOptions(VALUE rb_opts,
-                      XmlEncOptions* options,
-                      VALUE* rb_exception_result,
-                      const char** exception_message) {
-  VALUE rb_block_encryption = rb_hash_aref(rb_opts, ID2SYM(rb_intern("block_encryption")));
-  VALUE rb_key_transport = rb_hash_aref(rb_opts, ID2SYM(rb_intern("key_transport")));
-  memset(options, 0, sizeof(XmlEncOptions));
-
-  if (NIL_P(rb_block_encryption) ||
-      TYPE(rb_block_encryption) != T_STRING ||
-      NIL_P(rb_key_transport) ||
-      TYPE(rb_key_transport) != T_STRING) {
-    *rb_exception_result = rb_eArgError;
-    *exception_message = "Must supply :block_encryption & :key_transport";
-    return FALSE;
-  }
-
-  char* blockEncryptionValue = RSTRING_PTR(rb_block_encryption);
-  int blockEncryptionLen = RSTRING_LEN(rb_block_encryption);
-  char* keyTransportValue = RSTRING_PTR(rb_key_transport);
-  int keyTransportLen = RSTRING_LEN(rb_key_transport);
-
-  if (strncmp(AES256_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
-    options->block_encryption = xmlSecTransformAes256CbcId;
-    options->key_type = "aes";
-    options->key_bits = 256;
-  } else if (strncmp(AES128_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
-    options->block_encryption = xmlSecTransformAes128CbcId;
-    options->key_type = "aes";
-    options->key_bits = 128;
-  } else if (strncmp(AES192_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
-    options->block_encryption = xmlSecTransformAes192CbcId;
-    options->key_type = "aes";
-    options->key_bits = 192;
-  } else if (strncmp(TRIPLEDES_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
-    options->block_encryption = xmlSecTransformDes3CbcId;
-    options->key_type = "des";
-    options->key_bits = 192;
-  } else {
-    *rb_exception_result = rb_eArgError;
-    *exception_message = "Unknown :block_encryption value";
-    return FALSE;
-  }
-
-  if (strncmp(RSA1_5, keyTransportValue, keyTransportLen) == 0) {
-    options->key_transport = xmlSecTransformRsaPkcs1Id;
-  } else if (strncmp(RSA_OAEP_MGF1P, keyTransportValue, keyTransportLen) == 0) {
-    options->key_transport = xmlSecTransformRsaOaepId;
-  } else {
-    *rb_exception_result = rb_eArgError;
-    *exception_message = "Unknown :key_transport value";
-    return FALSE;
-  }
-
-  return TRUE;
-}
-
-xmlSecTransformId GetSignatureMethod(VALUE rb_signature_alg,
-                                     VALUE* rb_exception_result,
-                                     const char** exception_message) {
-  const char* signatureAlgorithm = RSTRING_PTR(rb_signature_alg);
-  unsigned int signatureAlgorithmLength = RSTRING_LEN(rb_signature_alg);
-
-  if (strncmp(RSA_SHA1, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformRsaSha1Id;
-  } else if (strncmp(RSA_SHA224, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformRsaSha224Id;
-  } else if (strncmp(RSA_SHA256, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformRsaSha256Id;
-  } else if (strncmp(RSA_SHA384, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformRsaSha384Id;
-  } else if (strncmp(RSA_SHA512, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformRsaSha512Id;
-
-  }
-#if HAS_ECDSA
-  else if (strncmp(ECDSA_SHA1, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformEcdsaSha1Id;
-  } else if (strncmp(ECDSA_SHA224, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformEcdsaSha224Id;
-  } else if (strncmp(ECDSA_SHA256, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformEcdsaSha256Id;
-  } else if (strncmp(ECDSA_SHA384, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformEcdsaSha384Id;
-  } else if (strncmp(ECDSA_SHA512, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformEcdsaSha512Id;
-  } else if (strncmp(DSA_SHA1, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformDsaSha1Id;
-  } else if (strncmp(DSA_SHA256, signatureAlgorithm, signatureAlgorithmLength) == 0) {
-    return xmlSecTransformDsaSha256Id;
-  }
-#endif  // HAS_ECDSA
-
-  *rb_exception_result = rb_eArgError;
-  *exception_message = "Unknown :signature_alg";
-  return xmlSecTransformIdUnknown;
-}
-
-xmlSecTransformId GetDigestMethod(VALUE rb_digest_alg,
-                                  VALUE* rb_exception_result,
-                                  const char** exception_message) {
-  const char* digestAlgorithm = RSTRING_PTR(rb_digest_alg);
-  unsigned int digestAlgorithmLength = RSTRING_LEN(rb_digest_alg);
-
-  if (strncmp(DIGEST_SHA1, digestAlgorithm, digestAlgorithmLength) == 0) {
-    return xmlSecTransformSha1Id;
-  } else if (strncmp(DIGEST_SHA224, digestAlgorithm, digestAlgorithmLength) == 0) {
-    return xmlSecTransformSha224Id;
-  } else if (strncmp(DIGEST_SHA256, digestAlgorithm, digestAlgorithmLength) == 0) {
-    return xmlSecTransformSha256Id;
-  } else if (strncmp(DIGEST_SHA384, digestAlgorithm, digestAlgorithmLength) == 0) {
-    return xmlSecTransformSha384Id;
-  } else if (strncmp(DIGEST_SHA512, digestAlgorithm, digestAlgorithmLength) == 0) {
-    return xmlSecTransformSha512Id;
-  }
-
-  *rb_exception_result = rb_eArgError;
-  *exception_message = "Unknown :digest_algorithm";
-  return xmlSecTransformIdUnknown;
-}