nokogiri-xmlsec-instructure 0.9.4 → 0.10.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ed59b79032290908cffa12a20deb7b0d5c2195e45a817e430d49bfc404243bee
-  data.tar.gz: b315b63fe30ab7760719bce3e435b36c3565b658eb0ac42d1fb6d6f48c65b974
+  metadata.gz: 72eea7707ea8c4d24e0cb82afc804752be0313d810554ca54f4ea9e4a3f857e9
+  data.tar.gz: 4641d782e76a25aa3f251ff160f04d66198a1c2c3a4020f625dc29f7bbe5e365
 SHA512:
-  metadata.gz: 660d2ff3242177e1e6fd09112afed32ae5507d331c3c2fedd7c920a75cf09b58115ca14d3915fa76297ee7879594b314caacef967b5b90903d3fd1b9b36a4aff
-  data.tar.gz: d96e85677b8f9c34b3df00ae1d878d1de8c8f69d7ed5d78f76a680a504e8afcee4d55c398ccdc6e766a773a1bb45466bbe507985930839c4591dd2c452d8153d
+  metadata.gz: f116055729f4a0bddbee6432c99e9f505aad12a45452121d4fb14414de8eaf613009db60d28d55a7e7c8b7c5678e67e7d3a297741186f4e9eabcf4d08b88385c
+  data.tar.gz: d73b7b9d8ff63621b3162b4d83dfcf8ffd52b253d589fc863ef44d47847801e23ad8a386b4459a933431c5eaef0e377051089e8c4af06cde05522e3d390f4ae3

data/.gitignore

@@ -1,6 +1,7 @@
 *.gem
 *.rbc
 .bundle
+.byebug_history
 .config
 .yardoc
 Gemfile.lock
@@ -9,6 +10,7 @@ _yardoc
 coverage
 doc/
 lib/bundler/man
+lib/nokogiri_ext_xmlsec.bundle
 pkg
 rdoc
 spec/reports

data/README.md

@@ -10,6 +10,14 @@ to `Nokogiri::XML::Document`.
 
 ## Installation
 
+Install this before attempting to install; or else it may fail (tested on CentOS 7) while trying to find -lltdl from the xmlsec1-openssl lib. I'm guessing it's a dependency. Someone else may know more.
+    
+    # CentOS/RHEL
+    yum install libtool-ltdl-devel
+    
+    # Debian/Ubuntu
+    apt install -y libxmlsec1-dev
+
 Add this line to your application's Gemfile:
 
     gem 'nokogiri-xmlsec'

data/ext/nokogiri_ext_xmlsec/init.c

@@ -20,7 +20,6 @@ void Init_nokogiri_ext_xmlsec() {
   xmlInitParser();
   LIBXML_TEST_VERSION
   xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
-  xmlSubstituteEntitiesDefault(1);
   // xslt
 
 #ifndef XMLSEC_NO_XSLT
@@ -66,10 +65,6 @@ void Init_nokogiri_ext_xmlsec() {
     rb_raise(rb_eRuntimeError, "xmlsec-crypto initialization failed");
   }
 
-  // Set Error callback catcher last because various modules also call this.
-  // This way we always win.
-  xmlSecErrorsSetCallback(storeErrorCallback);
-
   /* ruby classes & objects */
   Init_Nokogiri_ext();
 }

data/ext/nokogiri_ext_xmlsec/nokogiri_decrypt_with_key.c

@@ -1,6 +1,11 @@
 #include "xmlsecrb.h"
 #include "util.h"
 
+// technically we should include nokogiri.h, but we don't know
+// how to find it. we _know_ this function will exist at runtime
+// though, so just declare it here
+void noko_xml_document_pin_node(xmlNodePtr);
+
 VALUE decrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key) {
   VALUE rb_exception_result = Qnil;
   const char* exception_message = NULL;
@@ -58,7 +63,7 @@ done:
     // the replaced node is orphaned, but not freed; let Nokogiri
     // own it now
     if(encCtx->replacedNodeList != NULL) {
-      nokogiri_root_node(encCtx->replacedNodeList);
+      noko_xml_document_pin_node(encCtx->replacedNodeList);
       // no really, please don't free it
       encCtx->replacedNodeList = NULL;
     }
@@ -69,6 +74,8 @@ done:
     xmlSecKeysMngrDestroy(keyManager);
   }
 
+  xmlSecErrorsSetCallback(xmlSecErrorsDefaultCallback);
+
   if(rb_exception_result != Qnil) {
     if (hasXmlSecLastError()) {
       rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,

data/ext/nokogiri_ext_xmlsec/nokogiri_encrypt_with_key.c

@@ -12,9 +12,11 @@
 VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
                        VALUE rb_opts) {
   VALUE rb_exception_result = Qnil;
+  VALUE rb_cert = Qnil;
   const char* exception_message = NULL;
 
   xmlDocPtr doc = NULL;
+  xmlNodePtr node = NULL;
   xmlNodePtr encDataNode = NULL;
   xmlNodePtr encKeyNode  = NULL;
   xmlNodePtr keyInfoNode = NULL;
@@ -22,17 +24,28 @@ VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
   xmlSecKeysMngrPtr keyManager = NULL;
   char *keyName = NULL;
   char *key = NULL;
+  char *certificate = NULL;
   unsigned int keyLength = 0;
+  unsigned int certificateLength = 0;
 
   resetXmlSecError();
 
   Check_Type(rb_rsa_key,      T_STRING);
-  Check_Type(rb_rsa_key_name, T_STRING);
   Check_Type(rb_opts, T_HASH);
 
   key       = RSTRING_PTR(rb_rsa_key);
   keyLength = RSTRING_LEN(rb_rsa_key);
-  keyName = StringValueCStr(rb_rsa_key_name);
+  if (rb_rsa_key_name != Qnil) {
+    Check_Type(rb_rsa_key_name, T_STRING);
+    keyName = StringValueCStr(rb_rsa_key_name);
+  }
+
+  rb_cert = rb_hash_aref(rb_opts, ID2SYM(rb_intern("cert")));
+  if (!NIL_P(rb_cert)) {
+    Check_Type(rb_cert, T_STRING);
+    certificate = RSTRING_PTR(rb_cert);
+    certificateLength = RSTRING_LEN(rb_cert);
+  }
 
   XmlEncOptions options;
   if (!GetXmlEncOptions(rb_opts, &options, &rb_exception_result,
@@ -40,7 +53,8 @@ VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
     goto done;
   }
 
-  Data_Get_Struct(self, xmlDoc, doc);
+  Data_Get_Struct(self, xmlNode, node);
+  doc = node->doc;
 
   // create encryption template to encrypt XML file and replace 
   // its content with encryption result
@@ -68,10 +82,21 @@ VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
     goto done;
   }
 
-  if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
-    rb_exception_result = rb_eEncryptionError;
-    exception_message = "failed to add key name";
-    goto done;
+  if(certificate) {
+    // add <dsig:X509Data/>
+    if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
+      rb_exception_result = rb_eSigningError;
+      exception_message = "failed to add X509Data node";
+      goto done;
+    }
+  }
+
+  if(keyName != NULL) {
+    if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+      rb_exception_result = rb_eEncryptionError;
+      exception_message = "failed to add key name";
+      goto done;
+    }
   }
 
   if ((keyManager = createKeyManagerWithSingleKey(
@@ -100,11 +125,25 @@ VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
     goto done;
   }
 
+  if(certificate) {
+    // load certificate and add to the key
+    if(xmlSecCryptoAppKeyCertLoadMemory(encCtx->encKey,
+                                        (xmlSecByte *)certificate,
+                                        certificateLength,
+                                        xmlSecKeyDataFormatPem) < 0) {
+      rb_exception_result = rb_eSigningError;
+      exception_message = "failed to load certificate";
+      goto done;
+    }
+  }
+
   // Set key name.
-  if(xmlSecKeySetName(encCtx->encKey, (xmlSecByte *)keyName) < 0) {
-    rb_exception_result = rb_eEncryptionError;
-    exception_message = "failed to set key name";
-    goto done;
+  if(keyName) {
+    if(xmlSecKeySetName(encCtx->encKey, (xmlSecByte *)keyName) < 0) {
+      rb_exception_result = rb_eEncryptionError;
+      exception_message = "failed to set key name";
+      goto done;
+    }
   }
 
   // Add <enc:EncryptedKey/> node to the <dsig:KeyInfo/> tag to include
@@ -127,7 +166,7 @@ VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
   }
 
   // encrypt the data
-  if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) {
+  if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, node) < 0) {
     rb_exception_result = rb_eEncryptionError;
     exception_message = "encryption failed";
     goto done;
@@ -156,6 +195,8 @@ done:
     xmlSecKeysMngrDestroy(keyManager);
   }
 
+  xmlSecErrorsSetCallback(xmlSecErrorsDefaultCallback);
+
   if(rb_exception_result != Qnil) {
     if (hasXmlSecLastError()) {
       rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,

data/ext/nokogiri_ext_xmlsec/nokogiri_helpers_set_attribute_id.c

@@ -2,7 +2,7 @@
 #include "util.h"
 
 // declaration from Nokogiri proper
-VALUE Nokogiri_wrap_xml_node(VALUE klass, xmlNodePtr node) ;
+VALUE noko_xml_node_wrap(VALUE klass, xmlNodePtr node) ;
 
 VALUE set_id_attribute(VALUE self, VALUE rb_attr_name) {
   VALUE rb_exception_result = Qnil;
@@ -14,7 +14,7 @@ VALUE set_id_attribute(VALUE self, VALUE rb_attr_name) {
   xmlChar *name = NULL;
   char *idName = NULL;
   char *exception_attribute_arg = NULL;
-  
+
   resetXmlSecError();
 
   Data_Get_Struct(self, xmlNode, node);
@@ -28,7 +28,7 @@ VALUE set_id_attribute(VALUE self, VALUE rb_attr_name) {
     exception_message = "Can't find attribute to add register as id";
     goto done;
   }
-  
+
   // get the attribute (id) value
   name = xmlNodeListGetString(node->doc, attr->children, 1);
   if(name == NULL) {
@@ -37,7 +37,7 @@ VALUE set_id_attribute(VALUE self, VALUE rb_attr_name) {
     exception_attribute_arg = idName;
     goto done;
   }
-  
+
   // check that we don't have that id already registered
   tmp = xmlGetID(node->doc, name);
   if(tmp != NULL) {
@@ -46,7 +46,7 @@ VALUE set_id_attribute(VALUE self, VALUE rb_attr_name) {
     exception_attribute_arg = idName;
     goto done;
   }
-  
+
   // finally register id
   xmlAddID(NULL, node->doc, name, attr);
 
@@ -56,6 +56,8 @@ done:
     xmlFree(name);
   }
 
+  xmlSecErrorsSetCallback(xmlSecErrorsDefaultCallback);
+
   if(rb_exception_result != Qnil) {
     if (exception_attribute_arg) {
       if (hasXmlSecLastError()) {
@@ -87,7 +89,7 @@ VALUE get_id(VALUE self, VALUE rb_id)
   Data_Get_Struct(self, xmlDoc, doc);
   prop = xmlGetID(doc, (const xmlChar *)StringValueCStr(rb_id));
   if (prop) {
-    return Nokogiri_wrap_xml_node(Qnil, (xmlNodePtr)prop);
+    return noko_xml_node_wrap(Qnil, (xmlNodePtr)prop);
   } else {
     return Qnil;
   }

data/ext/nokogiri_ext_xmlsec/nokogiri_init.c

@@ -17,7 +17,7 @@ void Init_Nokogiri_ext() {
 
   rb_define_method(rb_cNokogiri_XML_Node,     "sign!",            sign, 1);
   rb_define_method(rb_cNokogiri_XML_Node,     "verify_with",      verify_with, 1);
-  rb_define_method(rb_cNokogiri_XML_Document, "encrypt_with_key", encrypt_with_key, 3);
+  rb_define_method(rb_cNokogiri_XML_Node,     "encrypt_with_key", encrypt_with_key, 3);
   rb_define_method(rb_cNokogiri_XML_Node,     "decrypt_with_key", decrypt_with_key, 2);
   rb_define_method(rb_cNokogiri_XML_Document, "get_id",           get_id, 1);
   rb_define_method(rb_cNokogiri_XML_Node,     "set_id_attribute", set_id_attribute, 1);

data/ext/nokogiri_ext_xmlsec/nokogiri_sign.c

@@ -232,6 +232,8 @@ done:
     xmlSecDSigCtxDestroy(dsigCtx);
   }
 
+  xmlSecErrorsSetCallback(xmlSecErrorsDefaultCallback);
+
   if(rb_exception_result != Qnil) {
     // remove the signature node before raising an exception, so that
     // the document is untouched

data/ext/nokogiri_ext_xmlsec/nokogiri_verify_with.c

@@ -246,6 +246,8 @@ done:
     xmlSecKeysMngrDestroy(keyManager);
   }
 
+  xmlSecErrorsSetCallback(xmlSecErrorsDefaultCallback);
+
   if(!NIL_P(rb_exception_result)) {
     if (hasXmlSecLastError()) {
       rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,

data/ext/nokogiri_ext_xmlsec/util.c

@@ -102,6 +102,7 @@ int hasXmlSecLastError() {
 void resetXmlSecError() {
   g_errorStack[0] = '\0';
   g_errorStackPos = 0;
+  xmlSecErrorsSetCallback(storeErrorCallback);
 }
 
 void storeErrorCallback(const char *file,

data/ext/nokogiri_ext_xmlsec/xmlsecrb.h

@@ -18,6 +18,7 @@
 #include <xmlsec/xmlenc.h>
 #include <xmlsec/templates.h>
 #include <xmlsec/crypto.h>
+#include <xmlsec/errors.h>
 
 // TODO(awong): Support non-gcc and non-clang compilers.
 #define EXTENSION_EXPORT __attribute__((visibility("default")))

data/lib/xmlsec.rb

@@ -61,12 +61,8 @@ class Nokogiri::XML::Document
   #     # encrypt with a public key and optional key name
   #     doc.encrypt! key: 'public-key', name: 'name'
   #
-  def encrypt! opts
-    if opts[:key]
-      encrypt_with_key opts[:name].to_s, opts[:key], opts.select { |key, _| key != :key && key != :name }
-    else
-      raise "public :key is required for encryption"
-    end
+  def encrypt!(key:, name: nil, **opts)
+    root.encrypt_with(key: key, name: name, **opts)
     self
   end
 
@@ -89,6 +85,11 @@ class Nokogiri::XML::Document
 end
 
 class Nokogiri::XML::Node
+  def encrypt_with(key:, name: nil, **opts)
+    raise ArgumentError("public :key is required for encryption") unless key
+    encrypt_with_key(name, key, opts)
+  end
+
   def decrypt_with(opts)
     raise 'inadequate options specified for decryption' unless opts[:key]
 

data/lib/xmlsec/version.rb

@@ -1,3 +1,3 @@
 module Xmlsec
-  VERSION = '0.9.4'
+  VERSION = '0.10.1'
 end

data/nokogiri-xmlsec-instructure.gemspec

@@ -28,9 +28,10 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
   spec.extensions = %w{ext/nokogiri_ext_xmlsec/extconf.rb}
 
-  spec.add_dependency 'nokogiri'
-  
-  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_dependency 'nokogiri', '>= 1.11.2'
+
+  spec.add_development_dependency "bundler", "~> 2.1"
+  spec.add_development_dependency "byebug"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rake-compiler"
   spec.add_development_dependency "rspec"

data/spec/lib/nokogiri/xml/document/encryption_and_decryption_spec.rb

@@ -31,4 +31,25 @@ describe "encryption and decryption:" do
     end
   end
 
+  it "encrypts a single element" do
+    doc = subject
+    original = doc.to_s
+    node = doc.at_xpath('env:Envelope/env:Data', 'env' => 'urn:envelope')
+    node.encrypt_with(key: fixture('rsa.pub'), block_encryption: 'aes128-cbc', key_transport: 'rsa-1_5')
+    expect(doc.root.name).to eq 'Envelope'
+    expect(doc.root.element_children.first.name).to eq 'EncryptedData'
+    encrypted_data = doc.root.element_children.first
+    encrypted_data.decrypt_with(key: fixture('rsa.pem'))
+    expect(doc.to_s).to eq original
+  end
+
+  it "inserts a certificate" do
+    doc = subject
+    doc.encrypt!(key: fixture('cert/server.key.decrypted'),
+                 cert: fixture('cert/server.crt'),
+                 block_encryption: 'aes128-cbc',
+                 key_transport: 'rsa-1_5')
+    expect(doc.to_s).to match(/X509Data/)
+    expect(doc.to_s).not_to match(/X509Data></)
+  end
 end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri-xmlsec-instructure
 version: !ruby/object:Gem::Version
-  version: 0.9.4
+  version: 0.10.1
 platform: ruby
 authors:
 - Albert J. Wong
 - Cody Cutrer
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-02-27 00:00:00.000000000 Z
+date: 2021-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -17,28 +17,42 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.11.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.11.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -172,7 +186,7 @@ homepage: https://github.com/instructure/nokogiri-xmlsec-instructure
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -187,9 +201,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.3
-signing_key: 
+rubygems_version: 3.2.15
+signing_key:
 specification_version: 4
 summary: Wrapper around http://www.aleksey.com/xmlsec to support XML encryption, decryption,
   signing and signature validation in Ruby