nokogiri-xmlsec-instructure 0.11.0 → 0.12.0

data/ext/nokogiri_ext_xmlsec/options.c

@@ -0,0 +1,209 @@
+#include "options.h"
+
+#include "common.h"
+
+#if (XMLSEC_VERSION_MAJOR > 1) || (XMLSEC_VERSION_MAJOR == 1 && (XMLSEC_VERSION_MINOR > 2 || (XMLSEC_VERSION_MINOR == 2 && XMLSEC_VERSION_SUBMINOR >= 20)))
+# define HAS_ECDSA 1
+#else
+# define HAS_ECDSA 0
+#endif
+
+// Key Transport Strings.
+static const char RSA1_5[] = "rsa-1_5";
+static const char RSA_OAEP_MGF1P[] = "rsa-oaep-mgf1p";
+
+// Block Encryption Strings.
+static const char TRIPLEDES_CBC[] = "tripledes-cbc";
+static const char AES128_CBC[] = "aes128-cbc";
+static const char AES192_CBC[] = "aes192-cbc";
+static const char AES256_CBC[] = "aes256-cbc";
+static const char GCM128_CBC[] = "aes128-gcm";
+static const char GCM192_CBC[] = "aes192-gcm";
+static const char GCM256_CBC[] = "aes256-gcm";
+
+// Supported signature algorithms taken from #6 of
+// http://www.w3.org/TR/xmldsig-core1/
+static const char RSA_SHA1[] = "rsa-sha1";
+static const char RSA_SHA224[] = "rsa-sha224";
+static const char RSA_SHA256[] = "rsa-sha256";
+static const char RSA_SHA384[] = "rsa-sha384";
+static const char RSA_SHA512[] = "rsa-sha512";
+static const char DSA_SHA1[] = "dsa-sha1";
+
+#if HAS_ECDSA
+static const char ECDSA_SHA1[] = "ecdsa-sha1";
+static const char ECDSA_SHA224[] = "ecdsa-sha224";
+static const char ECDSA_SHA256[] = "ecdsa-sha256";
+static const char ECDSA_SHA384[] = "ecdsa-sha384";
+static const char ECDSA_SHA512[] = "ecdsa-sha512";
+static const char DSA_SHA256[] = "dsa-sha256";
+#endif  // HAS_ECDSA
+
+// Supported digest algorithms taken from #6 of
+// http://www.w3.org/TR/xmldsig-core1/
+static const char DIGEST_SHA1[] = "sha1";
+static const char DIGEST_SHA224[] = "sha224";
+static const char DIGEST_SHA256[] = "sha256";
+static const char DIGEST_SHA384[] = "sha384";
+static const char DIGEST_SHA512[] = "sha512";
+
+// Canonicalization algorithms
+// http://www.w3.org/TR/xmldsig-core1/#sec-Canonicalization
+static const char C14N[] = "c14n";
+static const char C14N_WITH_COMMENTS[] = "c14n-with-comments";
+static const char EXCL_C14N[] = "exc-c14n";
+static const char EXCL_C14N_WITH_COMMENTS[] = "exc-c14n-with-comments";
+
+BOOL GetXmlEncOptions(VALUE rb_opts,
+                      XmlEncOptions* options,
+                      VALUE* rb_exception_result,
+                      const char** exception_message) {
+  VALUE rb_block_encryption = rb_hash_aref(rb_opts, ID2SYM(rb_intern("block_encryption")));
+  VALUE rb_key_transport = rb_hash_aref(rb_opts, ID2SYM(rb_intern("key_transport")));
+  memset(options, 0, sizeof(XmlEncOptions));
+
+  if (NIL_P(rb_block_encryption) ||
+      TYPE(rb_block_encryption) != T_STRING ||
+      NIL_P(rb_key_transport) ||
+      TYPE(rb_key_transport) != T_STRING) {
+    *rb_exception_result = rb_eArgError;
+    *exception_message = "Must supply :block_encryption & :key_transport";
+    return FALSE;
+  }
+
+  char* blockEncryptionValue = RSTRING_PTR(rb_block_encryption);
+  int blockEncryptionLen = RSTRING_LEN(rb_block_encryption);
+  char* keyTransportValue = RSTRING_PTR(rb_key_transport);
+  int keyTransportLen = RSTRING_LEN(rb_key_transport);
+
+  if (strncmp(AES256_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
+    options->block_encryption = xmlSecTransformAes256CbcId;
+    options->key_type = "aes";
+    options->key_bits = 256;
+  } else if (strncmp(AES128_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
+    options->block_encryption = xmlSecTransformAes128CbcId;
+    options->key_type = "aes";
+    options->key_bits = 128;
+  } else if (strncmp(AES192_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
+    options->block_encryption = xmlSecTransformAes192CbcId;
+    options->key_type = "aes";
+    options->key_bits = 192;
+  } else if (strncmp(TRIPLEDES_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
+    options->block_encryption = xmlSecTransformDes3CbcId;
+    options->key_type = "des";
+    options->key_bits = 192;
+  } else if (strncmp(GCM256_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
+    options->block_encryption = xmlSecTransformAes256GcmId;
+    options->key_type = "aes";
+    options->key_bits = 256;
+  } else if (strncmp(GCM128_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
+    options->block_encryption = xmlSecTransformAes128GcmId;
+    options->key_type = "aes";
+    options->key_bits = 128;
+  } else if (strncmp(GCM192_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
+    options->block_encryption = xmlSecTransformAes192GcmId;
+    options->key_type = "aes";
+    options->key_bits = 192;
+  } else {
+    *rb_exception_result = rb_eArgError;
+    *exception_message = "Unknown :block_encryption value";
+    return FALSE;
+  }
+
+  if (strncmp(RSA1_5, keyTransportValue, keyTransportLen) == 0) {
+    options->key_transport = xmlSecTransformRsaPkcs1Id;
+  } else if (strncmp(RSA_OAEP_MGF1P, keyTransportValue, keyTransportLen) == 0) {
+    options->key_transport = xmlSecTransformRsaOaepId;
+  } else {
+    *rb_exception_result = rb_eArgError;
+    *exception_message = "Unknown :key_transport value";
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+xmlSecTransformId GetSignatureMethod(VALUE rb_signature_alg,
+                                     VALUE* rb_exception_result,
+                                     const char** exception_message) {
+  const char* signatureAlgorithm = RSTRING_PTR(rb_signature_alg);
+  unsigned int signatureAlgorithmLength = RSTRING_LEN(rb_signature_alg);
+
+  if (strncmp(RSA_SHA1, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformRsaSha1Id;
+  } else if (strncmp(RSA_SHA224, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformRsaSha224Id;
+  } else if (strncmp(RSA_SHA256, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformRsaSha256Id;
+  } else if (strncmp(RSA_SHA384, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformRsaSha384Id;
+  } else if (strncmp(RSA_SHA512, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformRsaSha512Id;
+
+  }
+#if HAS_ECDSA
+  else if (strncmp(ECDSA_SHA1, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformEcdsaSha1Id;
+  } else if (strncmp(ECDSA_SHA224, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformEcdsaSha224Id;
+  } else if (strncmp(ECDSA_SHA256, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformEcdsaSha256Id;
+  } else if (strncmp(ECDSA_SHA384, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformEcdsaSha384Id;
+  } else if (strncmp(ECDSA_SHA512, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformEcdsaSha512Id;
+  } else if (strncmp(DSA_SHA1, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformDsaSha1Id;
+  } else if (strncmp(DSA_SHA256, signatureAlgorithm, signatureAlgorithmLength) == 0) {
+    return xmlSecTransformDsaSha256Id;
+  }
+#endif  // HAS_ECDSA
+
+  *rb_exception_result = rb_eArgError;
+  *exception_message = "Unknown :signature_alg";
+  return xmlSecTransformIdUnknown;
+}
+
+xmlSecTransformId GetDigestMethod(VALUE rb_digest_alg,
+                                  VALUE* rb_exception_result,
+                                  const char** exception_message) {
+  const char* digestAlgorithm = RSTRING_PTR(rb_digest_alg);
+  unsigned int digestAlgorithmLength = RSTRING_LEN(rb_digest_alg);
+
+  if (strncmp(DIGEST_SHA1, digestAlgorithm, digestAlgorithmLength) == 0) {
+    return xmlSecTransformSha1Id;
+  } else if (strncmp(DIGEST_SHA224, digestAlgorithm, digestAlgorithmLength) == 0) {
+    return xmlSecTransformSha224Id;
+  } else if (strncmp(DIGEST_SHA256, digestAlgorithm, digestAlgorithmLength) == 0) {
+    return xmlSecTransformSha256Id;
+  } else if (strncmp(DIGEST_SHA384, digestAlgorithm, digestAlgorithmLength) == 0) {
+    return xmlSecTransformSha384Id;
+  } else if (strncmp(DIGEST_SHA512, digestAlgorithm, digestAlgorithmLength) == 0) {
+    return xmlSecTransformSha512Id;
+  }
+
+  *rb_exception_result = rb_eArgError;
+  *exception_message = "Unknown :digest_algorithm";
+  return xmlSecTransformIdUnknown;
+}
+
+xmlSecTransformId GetCanonicalizationMethod(VALUE rb_canon_alg,
+                                            VALUE *rb_exception_result,
+                                            const char **exception_message){
+  const char *canonAlgorithm = RSTRING_PTR(rb_canon_alg);
+  unsigned int canonAlgorithmLength = RSTRING_LEN(rb_canon_alg);
+
+  if (strncmp(C14N, canonAlgorithm, canonAlgorithmLength) == 0){
+    return xmlSecTransformInclC14NId;
+  }else if (strncmp(C14N_WITH_COMMENTS, canonAlgorithm, canonAlgorithmLength) == 0){
+    return xmlSecTransformInclC14NWithCommentsId;
+  }else if (strncmp(EXCL_C14N, canonAlgorithm, canonAlgorithmLength) == 0){
+    return xmlSecTransformExclC14NId;
+  } else if (strncmp(EXCL_C14N_WITH_COMMENTS, canonAlgorithm, canonAlgorithmLength) == 0){
+    return xmlSecTransformExclC14NWithCommentsId;
+  }
+
+  *rb_exception_result = rb_eArgError;
+  *exception_message = "Unknown :canon_alg";
+  return xmlSecTransformIdUnknown;
+}

data/ext/nokogiri_ext_xmlsec/options.h

@@ -0,0 +1,38 @@
+#ifndef NOKOGIRI_EXT_XMLSEC_OPTIONS_H
+#define NOKOGIRI_EXT_XMLSEC_OPTIONS_H
+
+#include "common.h"
+
+#include <ruby.h>
+#include <xmlsec/crypto.h>
+
+typedef struct {
+  // From :block_encryption
+  xmlSecTransformId block_encryption;
+  const char* key_type;
+  int key_bits;
+
+  // From :key_transport
+  xmlSecTransformId key_transport;
+} XmlEncOptions;
+
+// Supported algorithms taken from #5.1 of
+// http://www.w3.org/TR/xmlenc-core
+//
+// For options, only use the URL fragment (stuff post #)
+// since that's unique enough and it removes a lot of typing.
+BOOL GetXmlEncOptions(VALUE rb_opts, XmlEncOptions* options,
+                      VALUE* rb_exception_result,
+                      const char** exception_message);
+
+// XML DSIG helpers.
+xmlSecTransformId GetSignatureMethod(VALUE rb_method,
+                                     VALUE* rb_exception_result,
+                                     const char** exception_message);
+xmlSecTransformId GetDigestMethod(VALUE rb_digest_method,
+                                  VALUE *rb_exception_result,
+                                  const char **exception_message);
+xmlSecTransformId GetCanonicalizationMethod(VALUE rb_canonicalization_method,
+                                            VALUE *rb_exception_result,
+                                            const char **exception_message);
+#endif // NOKOGIRI_EXT_XMLSEC_OPTIONS_H

data/ext/nokogiri_ext_xmlsec/shutdown.c

@@ -0,0 +1,12 @@
+#include "xmlsecrb.h"
+
+/* not actually called anywhere right now, but here for posterity */
+void Shutdown_xmlsecrb() {
+  xmlSecCryptoShutdown();
+  xmlSecCryptoAppShutdown();
+  xmlSecShutdown();
+  xsltCleanupGlobals();
+  #ifndef XMLSEC_NO_XSLT
+    xsltCleanupGlobals();            
+  #endif /* XMLSEC_NO_XSLT */
+}

data/ext/nokogiri_ext_xmlsec/util.c

@@ -0,0 +1,140 @@
+#include "util.h"
+
+#include <xmlsec/errors.h>
+
+xmlSecKeysMngrPtr createKeyManagerWithSingleKey(
+    char* keyStr,
+    unsigned int keyLength,
+    char *keyName,
+    VALUE* rb_exception_result_out,
+    const char** exception_message_out) {
+  VALUE rb_exception_result = Qnil;
+  const char* exception_message = NULL;
+  xmlSecKeysMngrPtr mngr = NULL;
+  xmlSecKeyPtr key = NULL;
+  
+  /* create and initialize keys manager, we use a simple list based
+   * keys manager, implement your own xmlSecKeysStore klass if you need
+   * something more sophisticated 
+   */
+  mngr = xmlSecKeysMngrCreate();
+  if(mngr == NULL) {
+    rb_exception_result = rb_eDecryptionError;
+    exception_message = "failed to create keys manager.";
+    goto done;
+  }
+  if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+    rb_exception_result = rb_eDecryptionError;
+    exception_message = "failed to initialize keys manager.";
+    goto done;
+  }    
+  
+  /* load private RSA key */
+  key = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)keyStr,
+                                     keyLength,
+                                     xmlSecKeyDataFormatPem,
+                                     NULL, // the key file password
+                                     NULL, // the key password callback
+                                     NULL);// the user context for password callback
+  if(key == NULL) {
+    rb_exception_result = rb_eDecryptionError;
+    exception_message = "failed to load rsa key";
+    goto done;
+  }
+
+  if(xmlSecKeySetName(key, BAD_CAST keyName) < 0) {
+    rb_exception_result = rb_eDecryptionError;
+    exception_message = "failed to set key name";
+    goto done;
+  }
+
+  /* add key to keys manager, from now on keys manager is responsible 
+   * for destroying key 
+   */
+  if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
+    rb_exception_result = rb_eDecryptionError;
+    exception_message = "failed to add key to keys manager";
+    goto done;
+  }
+
+done:
+  if(rb_exception_result != Qnil) {
+    if (key) {
+      xmlSecKeyDestroy(key);
+    }
+
+    if (mngr) {
+      xmlSecKeysMngrDestroy(mngr);
+      mngr = NULL;
+    }
+  }
+
+  *rb_exception_result_out = rb_exception_result;
+  *exception_message_out = exception_message;
+  return mngr;
+}
+
+xmlSecDSigCtxPtr createDSigContext(xmlSecKeysMngrPtr keyManager) {
+  xmlSecDSigCtxPtr dsigCtx = xmlSecDSigCtxCreate(keyManager);
+  if (!dsigCtx) {
+    return NULL;
+  }
+
+  // Restrict ReferenceUris to same document or empty to avoid XXE attacks.
+  dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty |
+                                  xmlSecTransformUriTypeSameDocument;
+
+  return dsigCtx;
+}
+
+#define ERROR_STACK_SIZE      4096
+static char g_errorStack[ERROR_STACK_SIZE];
+static size_t g_errorStackPos;
+
+char* getXmlSecLastError() {
+  return g_errorStack;
+}
+
+int hasXmlSecLastError() {
+  return g_errorStack[0] != '\0';
+}
+
+void resetXmlSecError() {
+  g_errorStack[0] = '\0';
+  g_errorStackPos = 0;
+  xmlSecErrorsSetCallback(storeErrorCallback);
+}
+
+void storeErrorCallback(const char *file,
+                        int line,
+                        const char *func,
+                        const char *errorObject,
+                        const char *errorSubject,
+                        int reason,
+                        const char *msg) {
+  int i = 0;
+  const char* error_msg = NULL;
+  int amt = 0;
+  if (g_errorStackPos >= ERROR_STACK_SIZE) {
+    // Just bail. Earlier errors are more interesting usually anyway.
+    return;
+  }
+
+  for(i = 0; (i < XMLSEC_ERRORS_MAX_NUMBER) && (xmlSecErrorsGetMsg(i) != NULL); ++i) {
+    if(xmlSecErrorsGetCode(i) == reason) {
+      error_msg = xmlSecErrorsGetMsg(i);
+      break;
+    }
+  }
+
+  amt = snprintf(
+      &g_errorStack[g_errorStackPos],
+      ERROR_STACK_SIZE - g_errorStackPos,
+      "func=%s:file=%s:line=%d:obj=%s:subj=%s:error=%d:%s:%s\n",
+      func, file, line, errorObject, errorSubject, reason,
+      error_msg ? error_msg : "", msg);
+
+  if (amt > 0) {
+    g_errorStackPos += amt;
+  }
+}

data/ext/nokogiri_ext_xmlsec/util.h

@@ -0,0 +1,42 @@
+#ifndef NOKOGIRI_EXT_XMLSEC_UTIL_H
+#define NOKOGIRI_EXT_XMLSEC_UTIL_H
+
+#include "xmlsecrb.h"
+
+// Constructs a xmlSecKeysMngr and adds the given named key to the manager.
+//
+// Caller takes ownership. Free with xmlSecKeysMngrDestroy().
+xmlSecKeysMngrPtr createKeyManagerWithSingleKey(
+    char* keyStr,
+    unsigned int keyLength,
+    char *keyName,
+    VALUE* rb_exception_result_out,
+    const char** exception_message_out);
+
+// Creates a xmlSecDSigCtx with defaults locked down to prevent XXE.
+//
+// Caller takes ownership of the context. Free with xmlSecDSigCtxDestroy().
+xmlSecDSigCtxPtr createDSigContext(xmlSecKeysMngrPtr keyManager);
+
+// Retrieves the recorded error strings from libxmlsec1. Ensure resetXmlSecError()
+// is called at the start of the range of error collection.
+char* getXmlSecLastError();
+
+// Reset the recording of errors. After this getXmlSecLastError() will return
+// an empty string. Call at the start of a logical interaction with libxmlsec.
+void resetXmlSecError();
+
+// Return false if there are no errors. If false, getXmlSecLastError() will
+// return an empty string.
+int hasXmlSecLastError();
+
+// Error reporting hooks to redirect Xmlsec1 library errors away from stdout.
+void storeErrorCallback(const char *file,
+                        int line,
+                        const char *func,
+                        const char *errorObject,
+                        const char *errorSubject,
+                        int reason,
+                        const char *msg);
+
+#endif  // NOKOGIRI_EXT_XMLSEC_UTIL_H

data/ext/nokogiri_ext_xmlsec/xmlsecrb.h

@@ -0,0 +1,49 @@
+#ifndef NOKOGIRI_EXT_XMLSEC_XMLSECRB_H
+#define NOKOGIRI_EXT_XMLSEC_XMLSECRB_H
+
+#include "common.h"
+
+#include <ruby.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+#include <libxml/xmlstring.h>
+
+#include <libxslt/xslt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/templates.h>
+#include <xmlsec/crypto.h>
+#include <xmlsec/errors.h>
+
+#include <nokogiri.h>
+// Lifted from modern nokogiri.h
+#ifndef Noko_Node_Get_Struct
+  #define Noko_Node_Get_Struct(obj,type,sval) ((sval) = (type*)DATA_PTR(obj))
+#endif
+
+// TODO(awong): Support non-gcc and non-clang compilers.
+#define EXTENSION_EXPORT __attribute__((visibility("default")))
+
+VALUE sign(VALUE self, VALUE rb_opts);
+VALUE verify_with(VALUE self, VALUE rb_opts);
+VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
+                       VALUE rb_opts);
+VALUE decrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key);
+VALUE set_id_attribute(VALUE self, VALUE rb_attr_name);
+VALUE get_id(VALUE self, VALUE rb_id);
+
+void Init_Nokogiri_ext(void);
+
+extern VALUE rb_cNokogiri_XML_Document;
+extern VALUE rb_eSigningError;
+extern VALUE rb_eVerificationError;
+extern VALUE rb_eKeystoreError;
+extern VALUE rb_eEncryptionError;
+extern VALUE rb_eDecryptionError;
+
+#endif // NOKOGIRI_EXT_XMLSEC_XMLSECRB_H

data/lib/xmlsec/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Xmlsec
-  VERSION = "0.11.0"
+  VERSION = "0.12.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri-xmlsec-instructure
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Albert J. Wong
 - Cody Cutrer
 bindir: bin
 cert_chain: []
-date: 2025-07-28 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -41,9 +41,22 @@ extensions:
 - ext/nokogiri_ext_xmlsec/extconf.rb
 extra_rdoc_files: []
 files:
+- ext/nokogiri_ext_xmlsec/common.h
 - ext/nokogiri_ext_xmlsec/extconf.rb
+- ext/nokogiri_ext_xmlsec/init.c
+- ext/nokogiri_ext_xmlsec/nokogiri_decrypt_with_key.c
+- ext/nokogiri_ext_xmlsec/nokogiri_encrypt_with_key.c
+- ext/nokogiri_ext_xmlsec/nokogiri_helpers_set_attribute_id.c
+- ext/nokogiri_ext_xmlsec/nokogiri_init.c
+- ext/nokogiri_ext_xmlsec/nokogiri_sign.c
+- ext/nokogiri_ext_xmlsec/nokogiri_verify_with.c
+- ext/nokogiri_ext_xmlsec/options.c
+- ext/nokogiri_ext_xmlsec/options.h
+- ext/nokogiri_ext_xmlsec/shutdown.c
+- ext/nokogiri_ext_xmlsec/util.c
+- ext/nokogiri_ext_xmlsec/util.h
+- ext/nokogiri_ext_xmlsec/xmlsecrb.h
 - lib/nokogiri-xmlsec.rb
-- lib/nokogiri_ext_xmlsec.bundle
 - lib/xmlsec.rb
 - lib/xmlsec/version.rb
 homepage: https://github.com/instructure/nokogiri-xmlsec-instructure
@@ -65,7 +78,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Wrapper around http://www.aleksey.com/xmlsec to support XML encryption, decryption,
   signing and signature validation in Ruby