nokogiri-xmlsec-instructure 0.10.3 → 0.11.0

data/ext/nokogiri_ext_xmlsec/options.h

@@ -1,36 +0,0 @@
-#ifndef NOKOGIRI_EXT_XMLSEC_OPTIONS_H
-#define NOKOGIRI_EXT_XMLSEC_OPTIONS_H
-
-#include "common.h"
-
-#include <ruby.h>
-#include <xmlsec/crypto.h>
-
-typedef struct {
-  // From :block_encryption
-  xmlSecTransformId block_encryption;
-  const char* key_type;
-  int key_bits;
-
-  // From :key_transport
-  xmlSecTransformId key_transport;
-} XmlEncOptions;
-
-// Supported algorithms taken from #5.1 of
-// http://www.w3.org/TR/xmlenc-core
-//
-// For options, only use the URL fragment (stuff post #)
-// since that's unique enough and it removes a lot of typing.
-BOOL GetXmlEncOptions(VALUE rb_opts, XmlEncOptions* options,
-                      VALUE* rb_exception_result,
-                      const char** exception_message);
-
-// XML DSIG helpers.
-xmlSecTransformId GetSignatureMethod(VALUE rb_method,
-                                     VALUE* rb_exception_result,
-                                     const char** exception_message);
-xmlSecTransformId GetDigestMethod(VALUE rb_digest_method,
-                                  VALUE* rb_exception_result,
-                                  const char** exception_message);
-
-#endif  // NOKOGIRI_EXT_XMLSEC_OPTIONS_H

data/ext/nokogiri_ext_xmlsec/shutdown.c

@@ -1,12 +0,0 @@
-#include "xmlsecrb.h"
-
-/* not actually called anywhere right now, but here for posterity */
-void Shutdown_xmlsecrb() {
-  xmlSecCryptoShutdown();
-  xmlSecCryptoAppShutdown();
-  xmlSecShutdown();
-  xsltCleanupGlobals();
-  #ifndef XMLSEC_NO_XSLT
-    xsltCleanupGlobals();            
-  #endif /* XMLSEC_NO_XSLT */
-}

data/ext/nokogiri_ext_xmlsec/util.c

@@ -1,140 +0,0 @@
-#include "util.h"
-
-#include <xmlsec/errors.h>
-
-xmlSecKeysMngrPtr createKeyManagerWithSingleKey(
-    char* keyStr,
-    unsigned int keyLength,
-    char *keyName,
-    VALUE* rb_exception_result_out,
-    const char** exception_message_out) {
-  VALUE rb_exception_result = Qnil;
-  const char* exception_message = NULL;
-  xmlSecKeysMngrPtr mngr = NULL;
-  xmlSecKeyPtr key = NULL;
-  
-  /* create and initialize keys manager, we use a simple list based
-   * keys manager, implement your own xmlSecKeysStore klass if you need
-   * something more sophisticated 
-   */
-  mngr = xmlSecKeysMngrCreate();
-  if(mngr == NULL) {
-    rb_exception_result = rb_eDecryptionError;
-    exception_message = "failed to create keys manager.";
-    goto done;
-  }
-  if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
-    rb_exception_result = rb_eDecryptionError;
-    exception_message = "failed to initialize keys manager.";
-    goto done;
-  }    
-  
-  /* load private RSA key */
-  key = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)keyStr,
-                                     keyLength,
-                                     xmlSecKeyDataFormatPem,
-                                     NULL, // the key file password
-                                     NULL, // the key password callback
-                                     NULL);// the user context for password callback
-  if(key == NULL) {
-    rb_exception_result = rb_eDecryptionError;
-    exception_message = "failed to load rsa key";
-    goto done;
-  }
-
-  if(xmlSecKeySetName(key, BAD_CAST keyName) < 0) {
-    rb_exception_result = rb_eDecryptionError;
-    exception_message = "failed to set key name";
-    goto done;
-  }
-
-  /* add key to keys manager, from now on keys manager is responsible 
-   * for destroying key 
-   */
-  if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
-    rb_exception_result = rb_eDecryptionError;
-    exception_message = "failed to add key to keys manager";
-    goto done;
-  }
-
-done:
-  if(rb_exception_result != Qnil) {
-    if (key) {
-      xmlSecKeyDestroy(key);
-    }
-
-    if (mngr) {
-      xmlSecKeysMngrDestroy(mngr);
-      mngr = NULL;
-    }
-  }
-
-  *rb_exception_result_out = rb_exception_result;
-  *exception_message_out = exception_message;
-  return mngr;
-}
-
-xmlSecDSigCtxPtr createDSigContext(xmlSecKeysMngrPtr keyManager) {
-  xmlSecDSigCtxPtr dsigCtx = xmlSecDSigCtxCreate(keyManager);
-  if (!dsigCtx) {
-    return NULL;
-  }
-
-  // Restrict ReferenceUris to same document or empty to avoid XXE attacks.
-  dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty |
-                                  xmlSecTransformUriTypeSameDocument;
-
-  return dsigCtx;
-}
-
-#define ERROR_STACK_SIZE      4096
-static char g_errorStack[ERROR_STACK_SIZE];
-static size_t g_errorStackPos;
-
-char* getXmlSecLastError() {
-  return g_errorStack;
-}
-
-int hasXmlSecLastError() {
-  return g_errorStack[0] != '\0';
-}
-
-void resetXmlSecError() {
-  g_errorStack[0] = '\0';
-  g_errorStackPos = 0;
-  xmlSecErrorsSetCallback(storeErrorCallback);
-}
-
-void storeErrorCallback(const char *file,
-                        int line,
-                        const char *func,
-                        const char *errorObject,
-                        const char *errorSubject,
-                        int reason,
-                        const char *msg) {
-  int i = 0;
-  const char* error_msg = NULL;
-  int amt = 0;
-  if (g_errorStackPos >= ERROR_STACK_SIZE) {
-    // Just bail. Earlier errors are more interesting usually anyway.
-    return;
-  }
-
-  for(i = 0; (i < XMLSEC_ERRORS_MAX_NUMBER) && (xmlSecErrorsGetMsg(i) != NULL); ++i) {
-    if(xmlSecErrorsGetCode(i) == reason) {
-      error_msg = xmlSecErrorsGetMsg(i);
-      break;
-    }
-  }
-
-  amt = snprintf(
-      &g_errorStack[g_errorStackPos],
-      ERROR_STACK_SIZE - g_errorStackPos,
-      "func=%s:file=%s:line=%d:obj=%s:subj=%s:error=%d:%s:%s\n",
-      func, file, line, errorObject, errorSubject, reason,
-      error_msg ? error_msg : "", msg);
-
-  if (amt > 0) {
-    g_errorStackPos += amt;
-  }
-}

data/ext/nokogiri_ext_xmlsec/util.h

@@ -1,42 +0,0 @@
-#ifndef NOKOGIRI_EXT_XMLSEC_UTIL_H
-#define NOKOGIRI_EXT_XMLSEC_UTIL_H
-
-#include "xmlsecrb.h"
-
-// Constructs a xmlSecKeysMngr and adds the given named key to the manager.
-//
-// Caller takes ownership. Free with xmlSecKeysMngrDestroy().
-xmlSecKeysMngrPtr createKeyManagerWithSingleKey(
-    char* keyStr,
-    unsigned int keyLength,
-    char *keyName,
-    VALUE* rb_exception_result_out,
-    const char** exception_message_out);
-
-// Creates a xmlSecDSigCtx with defaults locked down to prevent XXE.
-//
-// Caller takes ownership of the context. Free with xmlSecDSigCtxDestroy().
-xmlSecDSigCtxPtr createDSigContext(xmlSecKeysMngrPtr keyManager);
-
-// Retrieves the recorded error strings from libxmlsec1. Ensure resetXmlSecError()
-// is called at the start of the range of error collection.
-char* getXmlSecLastError();
-
-// Reset the recording of errors. After this getXmlSecLastError() will return
-// an empty string. Call at the start of a logical interaction with libxmlsec.
-void resetXmlSecError();
-
-// Return false if there are no errors. If false, getXmlSecLastError() will
-// return an empty string.
-int hasXmlSecLastError();
-
-// Error reporting hooks to redirect Xmlsec1 library errors away from stdout.
-void storeErrorCallback(const char *file,
-                        int line,
-                        const char *func,
-                        const char *errorObject,
-                        const char *errorSubject,
-                        int reason,
-                        const char *msg);
-
-#endif  // NOKOGIRI_EXT_XMLSEC_UTIL_H

data/ext/nokogiri_ext_xmlsec/xmlsecrb.h

@@ -1,49 +0,0 @@
-#ifndef NOKOGIRI_EXT_XMLSEC_XMLSECRB_H
-#define NOKOGIRI_EXT_XMLSEC_XMLSECRB_H
-
-#include "common.h"
-
-#include <ruby.h>
-
-#include <libxml/tree.h>
-#include <libxml/xmlmemory.h>
-#include <libxml/parser.h>
-#include <libxml/xmlstring.h>
-
-#include <libxslt/xslt.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/xmltree.h>
-#include <xmlsec/xmldsig.h>
-#include <xmlsec/xmlenc.h>
-#include <xmlsec/templates.h>
-#include <xmlsec/crypto.h>
-#include <xmlsec/errors.h>
-
-#include <nokogiri.h>
-// Lifted from modern nokogiri.h
-#ifndef Noko_Node_Get_Struct
-  #define Noko_Node_Get_Struct(obj,type,sval) ((sval) = (type*)DATA_PTR(obj))
-#endif
-
-// TODO(awong): Support non-gcc and non-clang compilers.
-#define EXTENSION_EXPORT __attribute__((visibility("default")))
-
-VALUE sign(VALUE self, VALUE rb_opts);
-VALUE verify_with(VALUE self, VALUE rb_opts);
-VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
-                       VALUE rb_opts);
-VALUE decrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key);
-VALUE set_id_attribute(VALUE self, VALUE rb_attr_name);
-VALUE get_id(VALUE self, VALUE rb_id);
-
-void Init_Nokogiri_ext(void);
-
-extern VALUE rb_cNokogiri_XML_Document;
-extern VALUE rb_eSigningError;
-extern VALUE rb_eVerificationError;
-extern VALUE rb_eKeystoreError;
-extern VALUE rb_eEncryptionError;
-extern VALUE rb_eDecryptionError;
-
-#endif // NOKOGIRI_EXT_XMLSEC_XMLSECRB_H

data/gemfiles/nokogiri_12.5.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "nokogiri", "1.12.5"
-
-gemspec path: "../"

data/gemfiles/nokogiri_13.10.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "nokogiri", "1.13.10"
-
-gemspec path: "../"

data/nokogiri-xmlsec-instructure.gemspec

@@ -1,41 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'xmlsec/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "nokogiri-xmlsec-instructure"
-  spec.version       = Xmlsec::VERSION
-  spec.authors       = ["Albert J. Wong", "Cody Cutrer"]
-  spec.email         = ["awong.dev@gmail.com", "cody@instructure.com"]
-  spec.description   = %q{Adds support to Ruby for encrypting, decrypting,
-    signing and validating the signatures of XML documents, according to the
-    [XML Encryption Syntax and Processing](http://www.w3.org/TR/xmlenc-core/)
-    standard, and the [XML Signature Syntax and Processing](http://www.w3.org/TR/xmldsig-core/)
-    standard by wrapping around the [xmlsec](http://www.aleksey.com/xmlsec) C
-    library and adding relevant methods to `Nokogiri::XML::Document`.
-    Implementation is based off nokogiri-xmlsec by Colin MacKenzie IV with
-    very heavy modifications.}
-  spec.summary       = %q{Wrapper around http://www.aleksey.com/xmlsec to
-    support XML encryption, decryption, signing and signature validation in
-    Ruby}
-  spec.homepage      = "https://github.com/instructure/nokogiri-xmlsec-instructure"
-  spec.license       = "MIT"
-
-  spec.files         = `git ls-files`.split($/)
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
-  spec.extensions = %w{ext/nokogiri_ext_xmlsec/extconf.rb}
-
-  spec.add_dependency 'nokogiri', '>= 1.11.2'
-
-  spec.add_development_dependency "appraisal"
-  spec.add_development_dependency "bundler", "~> 2.1"
-  spec.add_development_dependency "byebug"
-  spec.add_development_dependency "rake"
-  spec.add_development_dependency "rake-compiler"
-  spec.add_development_dependency "rspec"
-  spec.add_development_dependency "guard-rspec"
-  spec.add_development_dependency "guard-rake"
-end

data/spec/fixtures/cert/server.crt

@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICLzCCAZgCCQCVuhhQ38rw0TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJV
-UzEQMA4GA1UECAwHR2VvcmdpYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTAgFw0xMzA1MjUxODQwMDRa
-GA8zMDEyMDkyNTE4NDAwNFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3Jn
-aWExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwO
-d3d3Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSql
-eymfHtzOeY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii
-3fqGBiHMkZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQ
-gSVEWpEpCSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAEwDQYJKoZIhvcNAQEFBQAD
-gYEATyK/RlfpohUVimgFkycTF2hyusjctseXoZDCctgg/STMsL8iA0P9YB6k91GC
-kWpwevuiwarD1MfSUV6goPINFkIBvfK+5R9lpHaTqqs615z8T9R5VJgaLcFe3tWd
-7oq3V2q5Nl6MrZfXj2N07qe6/9zfdauxYO26vAEKCvIkbMo=
------END CERTIFICATE-----

data/spec/fixtures/cert/server.csr

@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExITAf
-BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOd3d3Lmdv
-b2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSqleymfHtzO
-eY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii3fqGBiHM
-kZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQgSVEWpEp
-CSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQB6
-8K0q16EAkGoYLFHvVHxpqk+annbB8ZqpbV43T12Ngx7KiMsdTjrgho0lP/OllHcr
-3vQ0yHnI1K1EeV9Q+/lXqaRl9ws3PL1QMOFm4XD1uIEPG+umRYgrjuZhFab+2Zfs
-rgyILF2yRSy0oVeTBxVK5igV6qYcXFFBRIj7nnV8Jg==
------END CERTIFICATE REQUEST-----

data/spec/fixtures/cert/server.key.decrypted

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCxOKEqpXspnx7cznmPOlsr37I2Zms9l5yKPXc2bCu9cjBCpIL1
-0J52MvaStDWmHBtAdIXIot36hgYhzJGWNgThlsAgv8DpiQsy6vaunGj1lLO9WZKP
-oefS2qlfd78w5mWl2HxaEIElRFqRKQkqOetMdJkri5yWHUEM2fy+sb8WdQIDAQAB
-AoGAB1d8PcMLPicsZSNcn9VgD4o93MkTakLMpmFzfdqvWTLQ0wHztvFEj0r/Mgar
-Lk19x4bMQAqXPZitylqqMVndi9U8squvAvkZcgYL57MNQRgmLtjSMfk4wCY9ieDa
-newt4cP7nGN/ZkU5R0lRMGExKSrMZW8HAkK4WJpbfnOpwGECQQDkoggBRH4aFlaj
-Xhw+mSIxOpmzFBhXZ0z+bvoCipPKIhbnwKt0dupn0xAwatNmakBt0p46SFOgW8QQ
-TV51G/bdAkEAxm8yEod77IM6bhLL+3h/nsGOGsA0xs22U6FBrz34Nvd4gwmICMcF
-t4P3iHYzJfUt+Z2zv5ucX2tuD4uoWsqIeQJAercdZNDGfmoPBpC0yESZPaMebCgV
-CJTBlq8qMcL/oDa75Jhdbp2FI0T+I36zCP1up4OsucuoVyHqEnX0hRcFYQJAD3Nz
-E6xHAviI4S9HgNI2JbduiDi1I1G7Q7HHuox5ulX0pUdlt0E/+bUl3hNOEkOQC+Ky
-r1W/jFKCJGW8ey1QCQJAYDh1BmlLswafEnkNmwydNz4gVflHJvsF8A1c2wJVytkT
-3HVWvwOAfcumDNDNkSUJ+0DQs17qgOMCDwFgFzUb+Q==
------END RSA PRIVATE KEY-----

data/spec/fixtures/cert/server.key.encrypted

@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,6F8CC52C2E211FF4
-
-T5g21oYrsS435g2GRNBFs+IwpKYAsF0RDt9SNuCXp6hD2MbcF3q8Su/wvj9inAZi
-S7V8Qp8mmBsjo+vh0oTggVFmk7/fyTAa6ltQL+1UH7b8vecgGFKSBV8TG3+k9S4C
-ZgXyR9pTgzQx+8M5LrnOnM8fpf638xouHvMo7zTFPhimehIMrMcXAyRZaRfcDhlg
-YR+JRvSa0Q9vxhsC19fjfnlU7FdV8B9Ypo/+23TNmKpfU99oV6oPNoiWzkziKtvZ
-mwYjrYw6r91ANFCRIux5+CjfOqVxissxzmZ5vyV89LoXjLAEDVmv2vJ+8w2b8zAN
-FAXtcx74MutSQQBrG4xffwwRJwf0uPhzMohRoiholOoaMFSOFBasA+phn7hr7m9a
-JWj4icCRVZlm+rztbbiapBUtm4ER1tdBGr84TgqasM5CK/qhXt9CCnUBRaimIwad
-9dib2jnkzuqlyrdzLyaFU0IRSq+GQAK7sgya/V2q96lWdzejMGx/07hL6lvPY/h7
-o8puMwpCK4XKYantqXL26oCxSgcrlA2nlR+SfmRKhwDwy8rPsTBm55BxwGr8Jj+9
-6bY6VOR+vZkjSVDKNBOq8gUJvPksQV0CK0eSgPTli0ncCInzFPeLGISIa90rFD7I
-97w/ZzTywVnTWO9DhedliwqDSOOYTdVoRfygQfpaFoa1aqR9tKWoc30kbqXvgvUR
-mlDwiY1zxpKsTHKu7omf0bp5m8dlW4EarWgTsTRQ8EOHoIucgjdaSxPEDDi8WGOW
-Nbqb2ZZz7wsIL71XgC13A+va1C0F709PK/Xnd5IwRf8=
------END RSA PRIVATE KEY-----

data/spec/fixtures/hate.xml

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE FrackinDocType [
- <!ELEMENT i-hate-xml (#PCDATA)>
- <!ATTLIST i-hate-xml ur_id_for_intra_doc_ref_test ID #IMPLIED>
- ]>
-<i-hate-xml ur_id_for_intra_doc_ref_test="some_frackin_id">
-</i-hate-xml>

data/spec/fixtures/pwned.xml

@@ -1 +0,0 @@
-<pwned id="iminurdocreadinurfilez" />

data/spec/fixtures/rsa.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQC15La+LSmHNUs/yqzSuzKdBUED1OfaOZpBp8zxAAQy7VlTrqRh
-/eiJH3VSeRRZEygORvtLgi/teF2P+z/mfJ6IHIdCdkn8MF4CCCQKkjm7JKRrKfK5
-fOUp1NZF22oP8x0L4j67NYCtR9F6KIkV5A6FPAZGI8nsHnyJzRwqmG2xbQIDAQAB
-AoGBAJDT2UW3g/dqUc4rPExWTUiFJG0+mpVBhDd+ukmyL6W1Iojk53I2z25PJAVU
-7wS1ohEsJ27J7Aty6Vx5Ozn0Q+zYVaKRSxcazNeGbwS0UaGrN0lMvWDs7RmVGCdx
-bI2LUTQ88Bl94dW4QObAub+wMOL6xmVEVrJssZnm+CIqS2UBAkEA49QDNB//oHmi
-iqD4SFotE8Lz80qBGHN15YIm80TKUR2k1LusZl6R5+2nYTF2vPsG+HGXPbkGhqTn
-JL9GMBv7TQJBAMxinne8+bKTvOl/hhdAohFs7aHUBZhZOEuXIf1jYENASk2weYC6
-95SlHvWcwPHfqVbpwt83sGL8aDm8CCPYPqECQQDEFRQQx72GC0oG0FYAR4RmbrLx
-YN1NAwqkVmlZlIogWEgmQ8Q0cw5Ws+cMMrtEGTU9nN4TZGymc8TwjqNFAsA9AkEA
-ol8Cp/uQn6cxIIt4Gsb1OkTAcJ0BKOxQhfT2QtiNJEBSB3BYxsVCZWvcsaGrwzw9
-yteBQlZ6odkGcD+Kc/eaoQJAH+0a7jlHDu2VCHI63OiNZQJ8J9oxaPvWZyKYSaCO
-iGvon/Z6KGQhXMedPDaCH7UjeMle5AVhjSrSvF6OglgZ9g==
------END RSA PRIVATE KEY-----

data/spec/fixtures/rsa.pub

@@ -1,6 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC15La+LSmHNUs/yqzSuzKdBUED
-1OfaOZpBp8zxAAQy7VlTrqRh/eiJH3VSeRRZEygORvtLgi/teF2P+z/mfJ6IHIdC
-dkn8MF4CCCQKkjm7JKRrKfK5fOUp1NZF22oP8x0L4j67NYCtR9F6KIkV5A6FPAZG
-I8nsHnyJzRwqmG2xbQIDAQAB
------END PUBLIC KEY-----

data/spec/fixtures/sign2-doc.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0"?>
-<Envelope xmlns="urn:envelope">
-  <Data>
-  Hello, World!
-  </Data>
-</Envelope>

data/spec/fixtures/sign2-result.xml

@@ -1,25 +0,0 @@
-<?xml version="1.0"?>
-<Envelope xmlns="urn:envelope">
-  <Data>
-  Hello, World!
-  </Data>
-<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
-<SignedInfo>
-<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
-<Reference>
-<Transforms>
-<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-</Transforms>
-<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-<DigestValue>Gx8CGUsbi2qvBLd15VCmwELbDMND8F4vY3jPOc7/FJ0=</DigestValue>
-</Reference>
-</SignedInfo>
-<SignatureValue>T2c7nqOw55P8hcP1qhvfPCwOSEAuo8HstZf9shlrggcarxfgWTKhA6UdrF4McfrS
-XtcgHA7zy0Yzd2cgeGkKA2jgI+9QRhoQsifOMuI55sE5r+fpBs+goaxC57gmcBXj
-XnuwIiWf7nfpF4hYZ841HzYd2HcpQKPTdbhvZUprvx8=</SignatureValue>
-<KeyInfo>
-<KeyName>test</KeyName>
-</KeyInfo>
-</Signature></Envelope>

data/spec/fixtures/sign3-result.xml

@@ -1,39 +0,0 @@
-<?xml version="1.0"?>
-<Envelope xmlns="urn:envelope">
-  <Data>
-  Hello, World!
-  </Data>
-<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
-<SignedInfo>
-<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
-<Reference>
-<Transforms>
-<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-</Transforms>
-<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-<DigestValue>Gx8CGUsbi2qvBLd15VCmwELbDMND8F4vY3jPOc7/FJ0=</DigestValue>
-</Reference>
-</SignedInfo>
-<SignatureValue>TGJ9fCzjppp3LgG4fiBJx+0R34wRa7il9XKKZ+kkOAdKkcW0PIAYKmjn0Tn8krGd
-Gw6qtFFqjdohXfhkKmajXAFunEtd3J0kHFkf3obIwRB1qdsYmKXVFxUx3GqcIlph
-vt9v/9FC12JAxwAiJXHuY2xN5uo3xSDER4+tCCy3/AI=</SignatureValue>
-<KeyInfo>
-<X509Data>
-<X509Certificate>MIICLzCCAZgCCQCVuhhQ38rw0TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJV
-UzEQMA4GA1UECAwHR2VvcmdpYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
-dHkgTHRkMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTAgFw0xMzA1MjUxODQwMDRa
-GA8zMDEyMDkyNTE4NDAwNFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3Jn
-aWExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwO
-d3d3Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSql
-eymfHtzOeY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii
-3fqGBiHMkZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQ
-gSVEWpEpCSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAEwDQYJKoZIhvcNAQEFBQAD
-gYEATyK/RlfpohUVimgFkycTF2hyusjctseXoZDCctgg/STMsL8iA0P9YB6k91GC
-kWpwevuiwarD1MfSUV6goPINFkIBvfK+5R9lpHaTqqs615z8T9R5VJgaLcFe3tWd
-7oq3V2q5Nl6MrZfXj2N07qe6/9zfdauxYO26vAEKCvIkbMo=
-</X509Certificate>
-</X509Data>
-</KeyInfo>
-</Signature></Envelope>

data/spec/lib/nokogiri/xml/document/encryption_and_decryption_spec.rb

@@ -1,55 +0,0 @@
-require 'spec_helper'
-
-describe "encryption and decryption:" do
-  subject do
-    Nokogiri::XML(fixture('sign2-doc.xml'))
-  end
-
-  [ 'aes128-cbc', 'aes192-cbc', 'aes256-cbc', 'tripledes-cbc' ].each do |block_encryption|
-    [ 'rsa-1_5', 'rsa-oaep-mgf1p' ].each do |key_transport|
-      describe "encrypting with an RSA public key with #{block_encryption} #{key_transport}" do
-        before do
-          @original = subject.to_s
-          subject.encrypt!(
-            key: fixture('rsa.pub'), name: 'test',
-            block_encryption: block_encryption, key_transport: key_transport)
-        end
-
-        # it generates a new key every time so will never match the fixture
-        specify { expect(subject.to_s == @original).to be_falsey }
-        specify { expect(subject.to_s =~ /Hello.*World/i).to be_falsey }
-        # specify { subject.to_s.should == fixture('encrypt2-result.xml') }
-
-        describe 'decrypting with the RSA private key' do
-          before do
-            subject.decrypt! key: fixture('rsa.pem')
-          end
-
-          specify { expect(subject.to_s == fixture('sign2-doc.xml')).to be_truthy }
-        end
-      end
-    end
-  end
-
-  it "encrypts a single element" do
-    doc = subject
-    original = doc.to_s
-    node = doc.at_xpath('env:Envelope/env:Data', 'env' => 'urn:envelope')
-    node.encrypt_with(key: fixture('rsa.pub'), block_encryption: 'aes128-cbc', key_transport: 'rsa-1_5')
-    expect(doc.root.name).to eq 'Envelope'
-    expect(doc.root.element_children.first.name).to eq 'EncryptedData'
-    encrypted_data = doc.root.element_children.first
-    encrypted_data.decrypt_with(key: fixture('rsa.pem'))
-    expect(doc.to_s).to eq original
-  end
-
-  it "inserts a certificate" do
-    doc = subject
-    doc.encrypt!(key: fixture('cert/server.key.decrypted'),
-                 cert: fixture('cert/server.crt'),
-                 block_encryption: 'aes128-cbc',
-                 key_transport: 'rsa-1_5')
-    expect(doc.to_s).to match(/X509Data/)
-    expect(doc.to_s).not_to match(/X509Data></)
-  end
-end