nokogiri-xmlsec-instructure 0.9.6 → 0.9.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c07223507738529c34fd27ff24c166210d696fe53cc70abe02f93990a2ae0ff3
-  data.tar.gz: c16cb38b56a47c97f5db81801e1f82523492d3924c6ca529a4123e7301415b85
+  metadata.gz: e62d20498ea2a3a7afe3038145ef752a3cb1472b15cb64651aecf7ae531cc561
+  data.tar.gz: ea744d07e2f148fd72880b4eb6a4e520aac09f5b62cdaa3573b3cbe5323aaf16
 SHA512:
-  metadata.gz: 55e33e2e79a14965296265d4498572c367c2fcae18ff07c82cd39a987a76760f19e988ee3e7e39d47d240b6952feead3e56744f03a0ac3b32cb7684a7848c450
-  data.tar.gz: 8afb1ff7ee7cab8861c3d30f396d7948b8897e2d49dbcc4b83beb8a0b870ef29c1b88361a1a9e915661f0bf3a862d69f7d4bd91e03cf6820406d24f5d745ac0a
+  metadata.gz: b8fb1eb16f65c9e88872a29d186a3b949d71526e871efc444eb397362c3412567a4d736b87dda3bf02bbc7a1db7983bbcb736f809e595a9f9599a2d148ebdcea
+  data.tar.gz: ee60f516c6e91205000743a14ca6c9b958bd172ac8f2be80d27bd649b2843e35991e0f1a4d0ce318a650edce969d95e0216144e56d04bf53b3cc1c403bba2642

data/.gitignore

@@ -1,6 +1,7 @@
 *.gem
 *.rbc
 .bundle
+.byebug_history
 .config
 .yardoc
 Gemfile.lock
@@ -9,6 +10,7 @@ _yardoc
 coverage
 doc/
 lib/bundler/man
+lib/nokogiri_ext_xmlsec.bundle
 pkg
 rdoc
 spec/reports

data/README.md

@@ -10,6 +10,10 @@ to `Nokogiri::XML::Document`.
 
 ## Installation
 
+Install this before attempting to install; or else it may fail (tested on CentOS 7) while trying to find -lltdl from the xmlsec1-openssl lib. I'm guessing it's a dependency. Someone else may know more.
+    
+    yum install libtool-ltdl-devel
+
 Add this line to your application's Gemfile:
 
     gem 'nokogiri-xmlsec'

data/ext/nokogiri_ext_xmlsec/nokogiri_decrypt_with_key.c

@@ -1,6 +1,11 @@
 #include "xmlsecrb.h"
 #include "util.h"
 
+// technically we should include nokogiri.h, but we don't know
+// how to find it. we _know_ this function will exist at runtime
+// though, so just declare it here
+void nokogiri_root_node(xmlNodePtr);
+
 VALUE decrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key) {
   VALUE rb_exception_result = Qnil;
   const char* exception_message = NULL;

data/ext/nokogiri_ext_xmlsec/nokogiri_encrypt_with_key.c

@@ -12,9 +12,11 @@
 VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
                        VALUE rb_opts) {
   VALUE rb_exception_result = Qnil;
+  VALUE rb_cert = Qnil;
   const char* exception_message = NULL;
 
   xmlDocPtr doc = NULL;
+  xmlNodePtr node = NULL;
   xmlNodePtr encDataNode = NULL;
   xmlNodePtr encKeyNode  = NULL;
   xmlNodePtr keyInfoNode = NULL;
@@ -22,17 +24,28 @@ VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
   xmlSecKeysMngrPtr keyManager = NULL;
   char *keyName = NULL;
   char *key = NULL;
+  char *certificate = NULL;
   unsigned int keyLength = 0;
+  unsigned int certificateLength = 0;
 
   resetXmlSecError();
 
   Check_Type(rb_rsa_key,      T_STRING);
-  Check_Type(rb_rsa_key_name, T_STRING);
   Check_Type(rb_opts, T_HASH);
 
   key       = RSTRING_PTR(rb_rsa_key);
   keyLength = RSTRING_LEN(rb_rsa_key);
-  keyName = StringValueCStr(rb_rsa_key_name);
+  if (rb_rsa_key_name != Qnil) {
+    Check_Type(rb_rsa_key_name, T_STRING);
+    keyName = StringValueCStr(rb_rsa_key_name);
+  }
+
+  rb_cert = rb_hash_aref(rb_opts, ID2SYM(rb_intern("cert")));
+  if (!NIL_P(rb_cert)) {
+    Check_Type(rb_cert, T_STRING);
+    certificate = RSTRING_PTR(rb_cert);
+    certificateLength = RSTRING_LEN(rb_cert);
+  }
 
   XmlEncOptions options;
   if (!GetXmlEncOptions(rb_opts, &options, &rb_exception_result,
@@ -40,7 +53,8 @@ VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
     goto done;
   }
 
-  Data_Get_Struct(self, xmlDoc, doc);
+  Data_Get_Struct(self, xmlNode, node);
+  doc = node->doc;
 
   // create encryption template to encrypt XML file and replace 
   // its content with encryption result
@@ -68,10 +82,21 @@ VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
     goto done;
   }
 
-  if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
-    rb_exception_result = rb_eEncryptionError;
-    exception_message = "failed to add key name";
-    goto done;
+  if(certificate) {
+    // add <dsig:X509Data/>
+    if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
+      rb_exception_result = rb_eSigningError;
+      exception_message = "failed to add X509Data node";
+      goto done;
+    }
+  }
+
+  if(keyName != NULL) {
+    if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+      rb_exception_result = rb_eEncryptionError;
+      exception_message = "failed to add key name";
+      goto done;
+    }
   }
 
   if ((keyManager = createKeyManagerWithSingleKey(
@@ -100,11 +125,25 @@ VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
     goto done;
   }
 
+  if(certificate) {
+    // load certificate and add to the key
+    if(xmlSecCryptoAppKeyCertLoadMemory(encCtx->encKey,
+                                        (xmlSecByte *)certificate,
+                                        certificateLength,
+                                        xmlSecKeyDataFormatPem) < 0) {
+      rb_exception_result = rb_eSigningError;
+      exception_message = "failed to load certificate";
+      goto done;
+    }
+  }
+
   // Set key name.
-  if(xmlSecKeySetName(encCtx->encKey, (xmlSecByte *)keyName) < 0) {
-    rb_exception_result = rb_eEncryptionError;
-    exception_message = "failed to set key name";
-    goto done;
+  if(keyName) {
+    if(xmlSecKeySetName(encCtx->encKey, (xmlSecByte *)keyName) < 0) {
+      rb_exception_result = rb_eEncryptionError;
+      exception_message = "failed to set key name";
+      goto done;
+    }
   }
 
   // Add <enc:EncryptedKey/> node to the <dsig:KeyInfo/> tag to include
@@ -127,7 +166,7 @@ VALUE encrypt_with_key(VALUE self, VALUE rb_rsa_key_name, VALUE rb_rsa_key,
   }
 
   // encrypt the data
-  if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) {
+  if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, node) < 0) {
     rb_exception_result = rb_eEncryptionError;
     exception_message = "encryption failed";
     goto done;

data/ext/nokogiri_ext_xmlsec/nokogiri_init.c

@@ -17,7 +17,7 @@ void Init_Nokogiri_ext() {
 
   rb_define_method(rb_cNokogiri_XML_Node,     "sign!",            sign, 1);
   rb_define_method(rb_cNokogiri_XML_Node,     "verify_with",      verify_with, 1);
-  rb_define_method(rb_cNokogiri_XML_Document, "encrypt_with_key", encrypt_with_key, 3);
+  rb_define_method(rb_cNokogiri_XML_Node,     "encrypt_with_key", encrypt_with_key, 3);
   rb_define_method(rb_cNokogiri_XML_Node,     "decrypt_with_key", decrypt_with_key, 2);
   rb_define_method(rb_cNokogiri_XML_Document, "get_id",           get_id, 1);
   rb_define_method(rb_cNokogiri_XML_Node,     "set_id_attribute", set_id_attribute, 1);

data/lib/xmlsec.rb

@@ -61,12 +61,8 @@ class Nokogiri::XML::Document
   #     # encrypt with a public key and optional key name
   #     doc.encrypt! key: 'public-key', name: 'name'
   #
-  def encrypt! opts
-    if opts[:key]
-      encrypt_with_key opts[:name].to_s, opts[:key], opts.select { |key, _| key != :key && key != :name }
-    else
-      raise "public :key is required for encryption"
-    end
+  def encrypt!(key:, name: nil, **opts)
+    root.encrypt_with(key: key, name: name, **opts)
     self
   end
 
@@ -89,6 +85,11 @@ class Nokogiri::XML::Document
 end
 
 class Nokogiri::XML::Node
+  def encrypt_with(key:, name: nil, **opts)
+    raise ArgumentError("public :key is required for encryption") unless key
+    encrypt_with_key(name, key, opts)
+  end
+
   def decrypt_with(opts)
     raise 'inadequate options specified for decryption' unless opts[:key]
 

data/lib/xmlsec/version.rb

@@ -1,3 +1,3 @@
 module Xmlsec
-  VERSION = '0.9.6'
+  VERSION = '0.9.7'
 end

data/nokogiri-xmlsec-instructure.gemspec

@@ -30,7 +30,8 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'nokogiri'
   
-  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "bundler", "~> 2.1"
+  spec.add_development_dependency "byebug"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rake-compiler"
   spec.add_development_dependency "rspec"

data/spec/lib/nokogiri/xml/document/encryption_and_decryption_spec.rb

@@ -31,4 +31,25 @@ describe "encryption and decryption:" do
     end
   end
 
+  it "encrypts a single element" do
+    doc = subject
+    original = doc.to_s
+    node = doc.at_xpath('env:Envelope/env:Data', 'env' => 'urn:envelope')
+    node.encrypt_with(key: fixture('rsa.pub'), block_encryption: 'aes128-cbc', key_transport: 'rsa-1_5')
+    expect(doc.root.name).to eq 'Envelope'
+    expect(doc.root.element_children.first.name).to eq 'EncryptedData'
+    encrypted_data = doc.root.element_children.first
+    encrypted_data.decrypt_with(key: fixture('rsa.pem'))
+    expect(doc.to_s).to eq original
+  end
+
+  it "inserts a certificate" do
+    doc = subject
+    doc.encrypt!(key: fixture('cert/server.key.decrypted'),
+                 cert: fixture('cert/server.crt'),
+                 block_encryption: 'aes128-cbc',
+                 key_transport: 'rsa-1_5')
+    expect(doc.to_s).to match(/X509Data/)
+    expect(doc.to_s).not_to match(/X509Data></)
+  end
 end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri-xmlsec-instructure
 version: !ruby/object:Gem::Version
-  version: 0.9.6
+  version: 0.9.7
 platform: ruby
 authors:
 - Albert J. Wong
 - Cody Cutrer
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-05-10 00:00:00.000000000 Z
+date: 2020-09-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -31,14 +31,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -172,7 +186,7 @@ homepage: https://github.com/instructure/nokogiri-xmlsec-instructure
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -187,9 +201,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Wrapper around http://www.aleksey.com/xmlsec to support XML encryption, decryption,
   signing and signature validation in Ruby