nokogiri-xmlsec-instructure 0.11.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 843456670b3bea9cf24ae319ed866f9e085dcbf22517d22dc335ea0754f8f1fe
-  data.tar.gz: 58aab0e864beb3d8fc3e9797b9e4de712af966e5ce6600d36f49f5985ca95c2f
+  metadata.gz: 9b9e1360203a6f2ce84bc88abe8d731d657a88a02642d5cc26827f3dac53c6da
+  data.tar.gz: 1d5fa5d3e4570b50716268d2cd65a7159a0170466babb829042169c71c1e20b0
 SHA512:
-  metadata.gz: 571f6b0e616f19ce064737e4513859b46e23cc801d567e82570b7fdfd5e76195a7ce807ba9ff1b4a96aa524d4d2a0f8fd88810788db9f4a09257f0c989cd37de
-  data.tar.gz: 8ee70b09587e4ac79a7202c1798c06e6c6257cdb0c63cc0ebdf20abf223b3fbb22bd95b5af72efb8db081627c53c3b64dbea8471ce5cc2472f8cfc9bb1f2244a
+  metadata.gz: 97d2d274344a10a9be1fe7c7c354882ff1d1d1a56ba38cd28c4ba8f2e1f6e64c4aa4f8ac143361fda0187b1ef69ee2ac8cdec0688164c67a83567aab7a1286be
+  data.tar.gz: 477f5c98388d76e02cbdaf913ff21328c3ed397fd5797c363d7dfc5d9641f25657eea0bf0b027ac599d0620976c8e72f12de5c19aa3a0fcb77bc01bf69ff3de9

data/ext/nokogiri_ext_xmlsec/common.h

@@ -0,0 +1,13 @@
+#ifndef NOKOGIRI_EXT_XMLSEC_COMMON_H
+#define NOKOGIRI_EXT_XMLSEC_COMMON_H
+
+#ifndef TRUE
+#define TRUE 1
+#endif
+#ifndef FALSE
+#define FALSE 0
+#endif
+
+typedef int BOOL;
+
+#endif // NOKOGIRI_EXT_XMLSEC_COMMON_H

data/ext/nokogiri_ext_xmlsec/init.c

@@ -0,0 +1,71 @@
+#include "xmlsecrb.h"
+#include "util.h"
+
+#include <xmlsec/dl.h>
+#include <xmlsec/errors.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+EXTENSION_EXPORT
+void Init_nokogiri_ext_xmlsec() {
+#ifndef XMLSEC_NO_XSLT
+    xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+  /* xmlsec proper */
+  // libxml
+  xmlInitParser();
+  LIBXML_TEST_VERSION
+  xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+  // xslt
+
+#ifndef XMLSEC_NO_XSLT
+  xmlIndentTreeOutput = 1;
+
+  /* Disable all XSLT options that give filesystem and network access. */
+  xsltSecPrefs = xsltNewSecurityPrefs();
+  xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_READ_FILE,        xsltSecurityForbid);
+  xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_WRITE_FILE,       xsltSecurityForbid);
+  xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+  xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_READ_NETWORK,     xsltSecurityForbid);
+  xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_WRITE_NETWORK,    xsltSecurityForbid);
+  xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+  // xmlsec
+
+  if (xmlSecInit() < 0) {
+    rb_raise(rb_eRuntimeError, "xmlsec initialization failed");
+    return;
+  }
+  if (xmlSecCheckVersion() != 1) {
+    rb_raise(rb_eRuntimeError, "xmlsec version is not compatible");
+    return;
+  }
+  // load crypto
+  #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+    if(xmlSecCryptoDLLoadLibrary(NULL) < 0) {
+      rb_raise(rb_eRuntimeError,
+        "Error: unable to load default xmlsec-crypto library. Make sure"
+        "that you have it installed and check shared libraries path\n"
+        "(LD_LIBRARY_PATH) envornment variable.\n");
+      return;
+    }
+  #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+  // init crypto
+  if (xmlSecCryptoAppInit(NULL) < 0) {
+    rb_raise(rb_eRuntimeError, "unable to initialize crypto engine");
+    return;
+  }
+  // init xmlsec-crypto library
+  if (xmlSecCryptoInit() < 0) {
+    rb_raise(rb_eRuntimeError, "xmlsec-crypto initialization failed");
+  }
+
+  /* ruby classes & objects */
+  Init_Nokogiri_ext();
+}
+

data/ext/nokogiri_ext_xmlsec/nokogiri_decrypt_with_key.c

@@ -0,0 +1,89 @@
+#include "xmlsecrb.h"
+#include "util.h"
+
+VALUE decrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key) {
+  VALUE rb_exception_result = Qnil;
+  const char* exception_message = NULL;
+
+  xmlNodePtr node = NULL;
+  xmlSecEncCtxPtr encCtx = NULL;
+  xmlSecKeysMngrPtr keyManager = NULL;
+  char *key = NULL;
+  char *keyName = NULL;
+  unsigned int keyLength = 0;
+
+  resetXmlSecError();
+
+  Check_Type(rb_key,      T_STRING);
+  Check_Type(rb_key_name, T_STRING);
+  Noko_Node_Get_Struct(self, xmlNode, node);
+  key       = RSTRING_PTR(rb_key);
+  keyLength = RSTRING_LEN(rb_key);
+  keyName = StringValueCStr(rb_key_name);
+
+  keyManager = createKeyManagerWithSingleKey(key, keyLength, keyName,
+                                             &rb_exception_result,
+                                             &exception_message);
+  if (keyManager == NULL) {
+    // Propagate the exception.
+    goto done;
+  }
+
+  // create encryption context
+  encCtx = xmlSecEncCtxCreate(keyManager);
+  if(encCtx == NULL) {
+    rb_exception_result = rb_eDecryptionError;
+    exception_message = "failed to create encryption context";
+    goto done;
+  }
+  // don't let xmlsec free the node we're looking at out from under us
+  encCtx->flags |= XMLSEC_ENC_RETURN_REPLACED_NODE;
+
+  #ifdef XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH
+    // Enable lax key search, since xmlsec 1.3.0
+    encCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
+  #endif
+
+  // decrypt the data
+  if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) {
+    rb_exception_result = rb_eDecryptionError;
+    exception_message = "decryption failed";
+    goto done;
+  }
+
+  if(encCtx->resultReplaced == 0) {
+    rb_exception_result = rb_eDecryptionError;
+    exception_message =  "Not implemented: don't know how to handle decrypted, non-XML data yet";
+    goto done;
+  }
+
+done:
+  // cleanup
+  if(encCtx != NULL) {
+    // the replaced node is orphaned, but not freed; let Nokogiri
+    // own it now
+    if(encCtx->replacedNodeList != NULL) {
+      noko_xml_document_pin_node(encCtx->replacedNodeList);
+      // no really, please don't free it
+      encCtx->replacedNodeList = NULL;
+    }
+    xmlSecEncCtxDestroy(encCtx);
+  }
+  
+  if (keyManager != NULL) {
+    xmlSecKeysMngrDestroy(keyManager);
+  }
+
+  xmlSecErrorsSetCallback(xmlSecErrorsDefaultCallback);
+
+  if(rb_exception_result != Qnil) {
+    if (hasXmlSecLastError()) {
+      rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,
+               getXmlSecLastError());
+    } else {
+      rb_raise(rb_exception_result, "%s", exception_message);
+    }
+  }
+
+  return Qnil;
+}

data/ext/nokogiri_ext_xmlsec/nokogiri_encrypt_with_key.c

@@ -0,0 +1,227 @@
+#include "xmlsecrb.h"
+#include "options.h"
+#include "util.h"
+
+// Encrypes the XML Document document using XMLEnc.
+//
+// Expects 3 positional arguments:
+//   rb_rsa_key_name - String with name of the rsa key. May be the empty.
+//   rb_rsa_key - A PEM encoded rsa key for signing.
+//   rb_opts - An ruby hash that configures the encryption options.
+//             See XmlEncOptions struct for possible values.
+VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
+                       VALUE rb_opts) {
+  VALUE rb_exception_result = Qnil;
+  VALUE rb_cert = Qnil;
+  const char* exception_message = NULL;
+
+  xmlDocPtr doc = NULL;
+  xmlNodePtr node = NULL;
+  xmlNodePtr encDataNode = NULL;
+  xmlNodePtr encKeyNode  = NULL;
+  xmlNodePtr keyInfoNode = NULL;
+  xmlSecEncCtxPtr encCtx = NULL;
+  xmlSecKeysMngrPtr keyManager = NULL;
+  char *keyName = NULL;
+  char *key = NULL;
+  char *certificate = NULL;
+  unsigned int keyLength = 0;
+  unsigned int certificateLength = 0;
+
+  resetXmlSecError();
+
+  Check_Type(rb_rsa_key,      T_STRING);
+  Check_Type(rb_opts, T_HASH);
+
+  key       = RSTRING_PTR(rb_rsa_key);
+  keyLength = RSTRING_LEN(rb_rsa_key);
+  if (rb_rsa_key_name != Qnil) {
+    Check_Type(rb_rsa_key_name, T_STRING);
+    keyName = StringValueCStr(rb_rsa_key_name);
+  }
+
+  rb_cert = rb_hash_aref(rb_opts, ID2SYM(rb_intern("cert")));
+  if (!NIL_P(rb_cert)) {
+    Check_Type(rb_cert, T_STRING);
+    certificate = RSTRING_PTR(rb_cert);
+    certificateLength = RSTRING_LEN(rb_cert);
+  }
+
+  XmlEncOptions options;
+  if (!GetXmlEncOptions(rb_opts, &options, &rb_exception_result,
+                        &exception_message)) {
+    goto done;
+  }
+
+  Noko_Node_Get_Struct(self, xmlNode, node);
+  doc = node->doc;
+
+  // create encryption template to encrypt XML file and replace 
+  // its content with encryption result
+  encDataNode = xmlSecTmplEncDataCreate(doc, options.block_encryption, NULL,
+                                        xmlSecTypeEncElement, NULL, NULL);
+  if(encDataNode == NULL) {
+    rb_exception_result = rb_eEncryptionError;
+    exception_message = "failed to create encryption template";
+    goto done;
+  }
+
+  // we want to put encrypted data in the <enc:CipherValue/> node
+  if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
+    rb_exception_result = rb_eEncryptionError;
+    exception_message = "failed to add CipherValue node";
+    goto done;
+  }
+
+  // add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the
+  // signed document
+  keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
+  if(keyInfoNode == NULL) {
+    rb_exception_result = rb_eEncryptionError;
+    exception_message = "failed to add key info";
+    goto done;
+  }
+
+  if(certificate) {
+    // add <dsig:X509Data/>
+    if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
+      rb_exception_result = rb_eSigningError;
+      exception_message = "failed to add X509Data node";
+      goto done;
+    }
+  }
+
+  if(keyName != NULL) {
+    if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+      rb_exception_result = rb_eEncryptionError;
+      exception_message = "failed to add key name";
+      goto done;
+    }
+  }
+
+  if ((keyManager = createKeyManagerWithSingleKey(
+          key, keyLength, keyName,
+          &rb_exception_result,
+          &exception_message)) == NULL) {
+    // Propagate the exception.
+    goto done;
+  }
+
+  // create encryption context, we don't need keys manager in this example
+  encCtx = xmlSecEncCtxCreate(keyManager);
+  if(encCtx == NULL) {
+    rb_exception_result = rb_eEncryptionError;
+    exception_message = "failed to create encryption context";
+    goto done;
+  }
+
+  #ifdef XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH
+    // Enable lax key search, since xmlsec 1.3.0
+    encCtx->keyInfoWriteCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
+  #endif
+
+  // Generate the symmetric key.
+  encCtx->encKey = xmlSecKeyGenerateByName(BAD_CAST options.key_type, options.key_bits,
+                                           xmlSecKeyDataTypeSession);
+
+  if(encCtx->encKey == NULL) {
+    rb_exception_result = rb_eDecryptionError;
+    exception_message = "failed to generate session key";
+    goto done;
+  }
+
+  if(certificate) {
+    // load certificate and add to the key
+    if(xmlSecCryptoAppKeyCertLoadMemory(encCtx->encKey,
+                                        (xmlSecByte *)certificate,
+                                        certificateLength,
+                                        xmlSecKeyDataFormatPem) < 0) {
+      rb_exception_result = rb_eSigningError;
+      exception_message = "failed to load certificate";
+      goto done;
+    }
+  }
+
+  // We don't want xmlsec to free the node we're looking at out from under us,
+  // since it's still referenced from a Ruby object.
+  encCtx->flags |= XMLSEC_ENC_RETURN_REPLACED_NODE;
+
+  // Set key name.
+  if(keyName) {
+    if(xmlSecKeySetName(encCtx->encKey, (xmlSecByte *)keyName) < 0) {
+      rb_exception_result = rb_eEncryptionError;
+      exception_message = "failed to set key name";
+      goto done;
+    }
+  }
+
+  // Add <enc:EncryptedKey/> node to the <dsig:KeyInfo/> tag to include
+  // the session key.
+  encKeyNode = xmlSecTmplKeyInfoAddEncryptedKey(keyInfoNode,
+                                       options.key_transport, // encMethodId encryptionMethod
+                                       NULL, // xmlChar *idAttribute
+                                       NULL, // xmlChar *typeAttribute
+                                       NULL  // xmlChar *recipient
+                                      );
+  if (encKeyNode == NULL) {
+    rb_exception_result = rb_eEncryptionError;
+    exception_message = "failed to add encrypted key node";
+    goto done;
+  }
+  if (xmlSecTmplEncDataEnsureCipherValue(encKeyNode) == NULL) {
+    rb_exception_result = rb_eEncryptionError;
+    exception_message = "failed to add encrypted cipher value";
+    goto done;
+  }
+
+  // encrypt the data
+  if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, node) < 0) {
+    rb_exception_result = rb_eEncryptionError;
+    exception_message = "encryption failed";
+    goto done;
+  }
+  
+  // the template is inserted in the doc, so don't free it
+  encDataNode = NULL;
+  encKeyNode = NULL;
+
+done:
+
+  /* cleanup */
+  if(encCtx != NULL) {
+    // the replaced node is orphaned, but not freed; let Nokogiri
+    // own it now
+    if (encCtx->replacedNodeList != NULL) {
+      noko_xml_document_pin_node(encCtx->replacedNodeList);
+      // no really, please don't free it
+      encCtx->replacedNodeList = NULL;
+    }
+
+    xmlSecEncCtxDestroy(encCtx);
+  }
+
+  if (encKeyNode != NULL) {
+    xmlFreeNode(encKeyNode);
+  }
+
+  if(encDataNode != NULL) {
+    xmlFreeNode(encDataNode);
+  }
+
+  if (keyManager != NULL) {
+    xmlSecKeysMngrDestroy(keyManager);
+  }
+
+  xmlSecErrorsSetCallback(xmlSecErrorsDefaultCallback);
+
+  if(rb_exception_result != Qnil) {
+    if (hasXmlSecLastError()) {
+      rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,
+               getXmlSecLastError());
+    } else {
+      rb_raise(rb_exception_result, "%s", exception_message);
+    }
+  }
+
+  return Qnil;
+}

data/ext/nokogiri_ext_xmlsec/nokogiri_helpers_set_attribute_id.c

@@ -0,0 +1,93 @@
+#include "xmlsecrb.h"
+#include "util.h"
+
+VALUE set_id_attribute(VALUE self, VALUE rb_attr_name) {
+  VALUE rb_exception_result = Qnil;
+  const char* exception_message = NULL;
+
+  xmlNodePtr node = NULL;
+  xmlAttrPtr attr = NULL;
+  xmlAttrPtr tmp = NULL;
+  xmlChar *name = NULL;
+  char *idName = NULL;
+  char *exception_attribute_arg = NULL;
+
+  resetXmlSecError();
+
+  Noko_Node_Get_Struct(self, xmlNode, node);
+  Check_Type(rb_attr_name, T_STRING);
+  idName = StringValueCStr(rb_attr_name);
+
+  // find pointer to id attribute
+  attr = xmlHasProp(node, (const xmlChar* )idName);
+  if((attr == NULL) || (attr->children == NULL)) {
+    rb_exception_result = rb_eRuntimeError;
+    exception_message = "Can't find attribute to add register as id";
+    goto done;
+  }
+
+  // get the attribute (id) value
+  name = xmlNodeListGetString(node->doc, attr->children, 1);
+  if(name == NULL) {
+    rb_exception_result = rb_eRuntimeError;
+    exception_message = "has no value";
+    exception_attribute_arg = idName;
+    goto done;
+  }
+
+  // check that we don't have that id already registered
+  tmp = xmlGetID(node->doc, name);
+  if(tmp != NULL) {
+    rb_exception_result = rb_eRuntimeError;
+    exception_message = "is already an ID";
+    exception_attribute_arg = idName;
+    goto done;
+  }
+
+  // finally register id
+  xmlAddID(NULL, node->doc, name, attr);
+
+done:
+  // and do not forget to cleanup
+  if (name) {
+    xmlFree(name);
+  }
+
+  xmlSecErrorsSetCallback(xmlSecErrorsDefaultCallback);
+
+  if(rb_exception_result != Qnil) {
+    if (exception_attribute_arg) {
+      if (hasXmlSecLastError()) {
+        rb_raise(rb_exception_result, "Attribute %s %s, XmlSec error: %s",
+            exception_attribute_arg, exception_message, getXmlSecLastError());
+      } else {
+        rb_raise(rb_exception_result, "Attribute %s %s",
+            exception_attribute_arg, exception_message);
+      }
+    } else {
+      if (hasXmlSecLastError()) {
+        rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,
+                 getXmlSecLastError());
+      } else {
+        rb_raise(rb_exception_result, "%s", exception_message);
+      }
+    }
+  }
+
+  return Qtrue;
+}
+
+VALUE get_id(VALUE self, VALUE rb_id)
+{
+  xmlAttrPtr prop;
+  xmlDocPtr doc;
+
+  Check_Type(rb_id, T_STRING);
+  Noko_Node_Get_Struct(self, xmlDoc, doc);
+  prop = xmlGetID(doc, (const xmlChar *)StringValueCStr(rb_id));
+  if (prop) {
+    return noko_xml_node_wrap(Qnil, (xmlNodePtr)prop);
+  } else {
+    return Qnil;
+  }
+}

data/ext/nokogiri_ext_xmlsec/nokogiri_init.c

@@ -0,0 +1,30 @@
+#include "xmlsecrb.h"
+
+VALUE rb_cNokogiri_XML_Document = Qnil;
+VALUE rb_cNokogiri_XML_Node = Qnil;
+VALUE rb_eSigningError = Qnil;
+VALUE rb_eVerificationError = Qnil;
+VALUE rb_eKeystoreError = Qnil;
+VALUE rb_eEncryptionError = Qnil;
+VALUE rb_eDecryptionError = Qnil;
+
+void Init_Nokogiri_ext() {
+  VALUE XMLSec = rb_define_module("XMLSec");
+  VALUE Nokogiri = rb_define_module("Nokogiri");
+  VALUE Nokogiri_XML = rb_define_module_under(Nokogiri, "XML");
+  rb_cNokogiri_XML_Document = rb_const_get(Nokogiri_XML, rb_intern("Document"));
+  rb_cNokogiri_XML_Node = rb_const_get(Nokogiri_XML, rb_intern("Node"));
+
+  rb_define_method(rb_cNokogiri_XML_Node,     "sign!",            sign, 1);
+  rb_define_method(rb_cNokogiri_XML_Node,     "verify_with",      verify_with, 1);
+  rb_define_method(rb_cNokogiri_XML_Node,     "encrypt_with_key", encrypt_with_key, 3);
+  rb_define_method(rb_cNokogiri_XML_Node,     "decrypt_with_key", decrypt_with_key, 2);
+  rb_define_method(rb_cNokogiri_XML_Document, "get_id",           get_id, 1);
+  rb_define_method(rb_cNokogiri_XML_Node,     "set_id_attribute", set_id_attribute, 1);
+
+  rb_eSigningError      = rb_define_class_under(XMLSec, "SigningError",      rb_eRuntimeError);
+  rb_eVerificationError = rb_define_class_under(XMLSec, "VerificationError", rb_eRuntimeError);
+  rb_eKeystoreError     = rb_define_class_under(XMLSec, "KeystoreError",     rb_eRuntimeError);
+  rb_eEncryptionError   = rb_define_class_under(XMLSec, "EncryptionError",   rb_eRuntimeError);
+  rb_eDecryptionError   = rb_define_class_under(XMLSec, "DecryptionError",   rb_eRuntimeError);
+}