nokogiri-xmlsec-me-harder 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +20 -0
- data/.rspec +2 -0
- data/.travis.yml +3 -0
- data/Gemfile +4 -0
- data/Guardfile +13 -0
- data/LICENSE.txt +22 -0
- data/README.md +123 -0
- data/Rakefile +30 -0
- data/ext/nokogiri_ext_xmlsec/common.h +13 -0
- data/ext/nokogiri_ext_xmlsec/extconf.rb +27 -0
- data/ext/nokogiri_ext_xmlsec/init.c +76 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_decrypt_with_key.c +82 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_encrypt_with_key.c +169 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_helpers_set_attribute_id.c +76 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_init.c +32 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_sign_certificate.c +186 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_sign_rsa.c +167 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_certificates.c +138 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_named_keys.c +133 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_rsa.c +76 -0
- data/ext/nokogiri_ext_xmlsec/options.c +166 -0
- data/ext/nokogiri_ext_xmlsec/options.h +36 -0
- data/ext/nokogiri_ext_xmlsec/shutdown.c +12 -0
- data/ext/nokogiri_ext_xmlsec/util.c +139 -0
- data/ext/nokogiri_ext_xmlsec/util.h +42 -0
- data/ext/nokogiri_ext_xmlsec/xmlsecrb.h +44 -0
- data/lib/nokogiri-xmlsec.rb +1 -0
- data/lib/xmlsec.rb +104 -0
- data/lib/xmlsec/version.rb +3 -0
- data/nokogiri-xmlsec-me-harder.gemspec +39 -0
- data/spec/fixtures/cert/server.crt +14 -0
- data/spec/fixtures/cert/server.csr +11 -0
- data/spec/fixtures/cert/server.key.decrypted +15 -0
- data/spec/fixtures/cert/server.key.encrypted +18 -0
- data/spec/fixtures/hate.xml +7 -0
- data/spec/fixtures/pwned.xml +1 -0
- data/spec/fixtures/rsa.pem +15 -0
- data/spec/fixtures/rsa.pub +6 -0
- data/spec/fixtures/sign2-doc.xml +6 -0
- data/spec/fixtures/sign2-result.xml +25 -0
- data/spec/fixtures/sign3-result.xml +38 -0
- data/spec/lib/nokogiri/xml/document/encryption_and_decryption_spec.rb +34 -0
- data/spec/lib/nokogiri/xml/document/signing_and_verifying_spec.rb +123 -0
- data/spec/lib/nokogiri/xml/document/unsafe_xml_spec.rb +61 -0
- data/spec/spec_helper.rb +10 -0
- metadata +213 -0
@@ -0,0 +1,138 @@
|
|
1
|
+
#include "xmlsecrb.h"
|
2
|
+
#include "util.h"
|
3
|
+
|
4
|
+
// Constructs a xmlSecKeysMngrPtr and adds all the certs included in |rb_certs|
|
5
|
+
// array as trusted certificates.
|
6
|
+
static xmlSecKeysMngrPtr createKeyManagerWithRbCertArray(
|
7
|
+
VALUE rb_certs,
|
8
|
+
VALUE* rb_exception_result_out,
|
9
|
+
const char** exception_message_out) {
|
10
|
+
VALUE rb_exception_result = Qnil;
|
11
|
+
const char* exception_message = NULL;
|
12
|
+
|
13
|
+
int i = 0;
|
14
|
+
int numCerts = RARRAY_LEN(rb_certs);
|
15
|
+
xmlSecKeysMngrPtr keyManager = xmlSecKeysMngrCreate();
|
16
|
+
VALUE rb_cert = Qnil;
|
17
|
+
char *cert = NULL;
|
18
|
+
unsigned int certLength = 0;
|
19
|
+
int numSuccessful = 0;
|
20
|
+
|
21
|
+
if (keyManager == NULL) {
|
22
|
+
rb_exception_result = rb_eDecryptionError;
|
23
|
+
exception_message = "failed to create keys manager.";
|
24
|
+
goto done;
|
25
|
+
}
|
26
|
+
|
27
|
+
if (xmlSecCryptoAppDefaultKeysMngrInit(keyManager) < 0) {
|
28
|
+
rb_exception_result = rb_eKeystoreError;
|
29
|
+
exception_message = "could not initialize key manager";
|
30
|
+
goto done;
|
31
|
+
}
|
32
|
+
|
33
|
+
for (i = 0; i < numCerts; i++) {
|
34
|
+
rb_cert = RARRAY_PTR(rb_certs)[i];
|
35
|
+
Check_Type(rb_cert, T_STRING);
|
36
|
+
cert = RSTRING_PTR(rb_cert);
|
37
|
+
certLength = RSTRING_LEN(rb_cert);
|
38
|
+
|
39
|
+
if(xmlSecCryptoAppKeysMngrCertLoadMemory(keyManager,
|
40
|
+
(xmlSecByte *)cert,
|
41
|
+
certLength,
|
42
|
+
xmlSecKeyDataFormatPem,
|
43
|
+
xmlSecKeyDataTypeTrusted) < 0) {
|
44
|
+
rb_warn("failed to load certificate at index %d", i);
|
45
|
+
} else {
|
46
|
+
numSuccessful++;
|
47
|
+
}
|
48
|
+
}
|
49
|
+
|
50
|
+
// note, numCerts could be zero, meaning that we should use system SSL certs
|
51
|
+
if (numSuccessful == 0 && numCerts != 0) {
|
52
|
+
rb_exception_result = rb_eKeystoreError;
|
53
|
+
exception_message = "Could not load any of the specified certificates for signature verification";
|
54
|
+
goto done;
|
55
|
+
}
|
56
|
+
|
57
|
+
done:
|
58
|
+
if (rb_exception_result != Qnil) {
|
59
|
+
if (keyManager) {
|
60
|
+
xmlSecKeysMngrDestroy(keyManager);
|
61
|
+
keyManager = NULL;
|
62
|
+
}
|
63
|
+
}
|
64
|
+
|
65
|
+
*rb_exception_result_out = rb_exception_result;
|
66
|
+
*exception_message_out = exception_message;
|
67
|
+
return keyManager;
|
68
|
+
}
|
69
|
+
|
70
|
+
VALUE verify_signature_with_certificates(VALUE self, VALUE rb_certs) {
|
71
|
+
VALUE rb_exception_result = Qnil;
|
72
|
+
const char* exception_message = NULL;
|
73
|
+
|
74
|
+
xmlDocPtr doc = NULL;
|
75
|
+
xmlNodePtr node = NULL;
|
76
|
+
xmlSecDSigCtxPtr dsigCtx = NULL;
|
77
|
+
xmlSecKeysMngrPtr keyManager = NULL;
|
78
|
+
VALUE result = Qfalse;
|
79
|
+
|
80
|
+
resetXmlSecError();
|
81
|
+
|
82
|
+
Check_Type(rb_certs, T_ARRAY);
|
83
|
+
Data_Get_Struct(self, xmlDoc, doc);
|
84
|
+
|
85
|
+
// find start node
|
86
|
+
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
|
87
|
+
if(node == NULL) {
|
88
|
+
rb_exception_result = rb_eVerificationError;
|
89
|
+
exception_message = "start node not found";
|
90
|
+
goto done;
|
91
|
+
}
|
92
|
+
|
93
|
+
keyManager = createKeyManagerWithRbCertArray(rb_certs, &rb_exception_result,
|
94
|
+
&exception_message);
|
95
|
+
if (keyManager == NULL) {
|
96
|
+
// Propagate exception.
|
97
|
+
goto done;
|
98
|
+
}
|
99
|
+
|
100
|
+
// Create signature context.
|
101
|
+
dsigCtx = createDSigContext(keyManager);
|
102
|
+
if(dsigCtx == NULL) {
|
103
|
+
rb_exception_result = rb_eVerificationError;
|
104
|
+
exception_message = "failed to create signature context";
|
105
|
+
goto done;
|
106
|
+
}
|
107
|
+
|
108
|
+
// verify signature
|
109
|
+
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
|
110
|
+
rb_exception_result = rb_eVerificationError;
|
111
|
+
exception_message = "error occurred during signature verification";
|
112
|
+
goto done;
|
113
|
+
}
|
114
|
+
|
115
|
+
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
|
116
|
+
result = Qtrue;
|
117
|
+
}
|
118
|
+
|
119
|
+
done:
|
120
|
+
if(dsigCtx != NULL) {
|
121
|
+
xmlSecDSigCtxDestroy(dsigCtx);
|
122
|
+
}
|
123
|
+
|
124
|
+
if (keyManager != NULL) {
|
125
|
+
xmlSecKeysMngrDestroy(keyManager);
|
126
|
+
}
|
127
|
+
|
128
|
+
if(rb_exception_result != Qnil) {
|
129
|
+
if (hasXmlSecLastError()) {
|
130
|
+
rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,
|
131
|
+
getXmlSecLastError());
|
132
|
+
} else {
|
133
|
+
rb_raise(rb_exception_result, "%s", exception_message);
|
134
|
+
}
|
135
|
+
}
|
136
|
+
|
137
|
+
return result;
|
138
|
+
}
|
@@ -0,0 +1,133 @@
|
|
1
|
+
#include "xmlsecrb.h"
|
2
|
+
#include "util.h"
|
3
|
+
|
4
|
+
static int addRubyKeyToManager(VALUE rb_key, VALUE rb_value, VALUE rb_manager) {
|
5
|
+
xmlSecKeysMngrPtr keyManager = (xmlSecKeysMngrPtr)rb_manager;
|
6
|
+
char *keyName, *keyData;
|
7
|
+
unsigned int keyDataLength;
|
8
|
+
xmlSecKeyPtr key;
|
9
|
+
|
10
|
+
Check_Type(rb_key, T_STRING);
|
11
|
+
Check_Type(rb_value, T_STRING);
|
12
|
+
keyName = RSTRING_PTR(rb_key);
|
13
|
+
keyData = RSTRING_PTR(rb_value);
|
14
|
+
keyDataLength = RSTRING_LEN(rb_value);
|
15
|
+
|
16
|
+
// load key
|
17
|
+
key = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)keyData,
|
18
|
+
keyDataLength,
|
19
|
+
xmlSecKeyDataFormatPem,
|
20
|
+
NULL, // password
|
21
|
+
NULL, NULL);
|
22
|
+
if (key == NULL) {
|
23
|
+
rb_warn("failed to load '%s' public or private pem key", keyName);
|
24
|
+
return ST_CONTINUE;
|
25
|
+
}
|
26
|
+
|
27
|
+
// set key name
|
28
|
+
if (xmlSecKeySetName(key, BAD_CAST keyName) < 0) {
|
29
|
+
rb_warn("failed to set key name for key '%s'", keyName);
|
30
|
+
return ST_CONTINUE;
|
31
|
+
}
|
32
|
+
|
33
|
+
// add key to key manager; from now on the manager is responsible for
|
34
|
+
// destroying the key
|
35
|
+
if (xmlSecCryptoAppDefaultKeysMngrAdoptKey(keyManager, key) < 0) {
|
36
|
+
rb_warn("failed to add key '%s' to key manager", keyName);
|
37
|
+
return ST_CONTINUE;
|
38
|
+
}
|
39
|
+
|
40
|
+
return ST_CONTINUE;
|
41
|
+
}
|
42
|
+
|
43
|
+
// Constructs a xmlSecKeysMngr and adds all the named to key mappings
|
44
|
+
// specified by the |rb_hash| to the key manager.
|
45
|
+
//
|
46
|
+
// Caller takes ownership. Free with xmlSecKeysMngrDestroy().
|
47
|
+
static xmlSecKeysMngrPtr createKeyManagerFromNamedKeys(
|
48
|
+
VALUE rb_hash,
|
49
|
+
VALUE* rb_exception_result_out,
|
50
|
+
const char** exception_message_out) {
|
51
|
+
xmlSecKeysMngrPtr keyManager = xmlSecKeysMngrCreate();
|
52
|
+
if (keyManager == NULL) return NULL;
|
53
|
+
if (xmlSecCryptoAppDefaultKeysMngrInit(keyManager) < 0) {
|
54
|
+
*rb_exception_result_out = rb_eKeystoreError;
|
55
|
+
*exception_message_out = "could not initialize key manager";
|
56
|
+
xmlSecKeysMngrDestroy(keyManager);
|
57
|
+
return NULL;
|
58
|
+
}
|
59
|
+
|
60
|
+
rb_hash_foreach(rb_hash, addRubyKeyToManager, (VALUE)keyManager);
|
61
|
+
|
62
|
+
return keyManager;
|
63
|
+
}
|
64
|
+
|
65
|
+
VALUE verify_signature_with_named_keys(VALUE self, VALUE rb_hash) {
|
66
|
+
VALUE rb_exception_result = Qnil;
|
67
|
+
const char* exception_message = NULL;
|
68
|
+
|
69
|
+
xmlDocPtr doc = NULL;
|
70
|
+
xmlNodePtr node = NULL;
|
71
|
+
xmlSecDSigCtxPtr dsigCtx = NULL;
|
72
|
+
xmlSecKeysMngrPtr keyManager = NULL;
|
73
|
+
VALUE result = Qfalse;
|
74
|
+
|
75
|
+
resetXmlSecError();
|
76
|
+
|
77
|
+
Check_Type(rb_hash, T_HASH);
|
78
|
+
Data_Get_Struct(self, xmlDoc, doc);
|
79
|
+
|
80
|
+
// find start node
|
81
|
+
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
|
82
|
+
if(node == NULL) {
|
83
|
+
rb_exception_result = rb_eVerificationError;
|
84
|
+
exception_message = "start node not found";
|
85
|
+
goto done;
|
86
|
+
}
|
87
|
+
|
88
|
+
keyManager = createKeyManagerFromNamedKeys(rb_hash, &rb_exception_result,
|
89
|
+
&exception_message);
|
90
|
+
if (keyManager == NULL) {
|
91
|
+
// Propagate exception.
|
92
|
+
goto done;
|
93
|
+
}
|
94
|
+
|
95
|
+
// create signature context, we don't need keys manager in this example
|
96
|
+
dsigCtx = createDSigContext(keyManager);
|
97
|
+
if(dsigCtx == NULL) {
|
98
|
+
rb_exception_result = rb_eVerificationError;
|
99
|
+
exception_message = "failed to create signature context";
|
100
|
+
goto done;
|
101
|
+
}
|
102
|
+
|
103
|
+
// verify signature
|
104
|
+
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
|
105
|
+
rb_exception_result = rb_eVerificationError;
|
106
|
+
exception_message = "signature could not be verified";
|
107
|
+
goto done;
|
108
|
+
}
|
109
|
+
|
110
|
+
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
|
111
|
+
result = Qtrue;
|
112
|
+
}
|
113
|
+
|
114
|
+
done:
|
115
|
+
if(dsigCtx != NULL) {
|
116
|
+
xmlSecDSigCtxDestroy(dsigCtx);
|
117
|
+
}
|
118
|
+
|
119
|
+
if (keyManager != NULL) {
|
120
|
+
xmlSecKeysMngrDestroy(keyManager);
|
121
|
+
}
|
122
|
+
|
123
|
+
if(rb_exception_result != Qnil) {
|
124
|
+
if (hasXmlSecLastError()) {
|
125
|
+
rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,
|
126
|
+
getXmlSecLastError());
|
127
|
+
} else {
|
128
|
+
rb_raise(rb_exception_result, "%s", exception_message);
|
129
|
+
}
|
130
|
+
}
|
131
|
+
|
132
|
+
return result;
|
133
|
+
}
|
@@ -0,0 +1,76 @@
|
|
1
|
+
#include "xmlsecrb.h"
|
2
|
+
#include "util.h"
|
3
|
+
|
4
|
+
VALUE verify_signature_with_rsa_key(VALUE self, VALUE rb_rsa_key) {
|
5
|
+
VALUE rb_exception_result = Qnil;
|
6
|
+
const char* exception_message = NULL;
|
7
|
+
|
8
|
+
xmlDocPtr doc = NULL;
|
9
|
+
xmlNodePtr node = NULL;
|
10
|
+
xmlSecDSigCtxPtr dsigCtx = NULL;
|
11
|
+
char *rsa_key = NULL;
|
12
|
+
unsigned int rsa_key_length = 0;
|
13
|
+
VALUE result = Qfalse;
|
14
|
+
|
15
|
+
resetXmlSecError();
|
16
|
+
|
17
|
+
Data_Get_Struct(self, xmlDoc, doc);
|
18
|
+
Check_Type(rb_rsa_key, T_STRING);
|
19
|
+
rsa_key = RSTRING_PTR(rb_rsa_key);
|
20
|
+
rsa_key_length = RSTRING_LEN(rb_rsa_key);
|
21
|
+
|
22
|
+
// find start node
|
23
|
+
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
|
24
|
+
if(node == NULL) {
|
25
|
+
rb_exception_result = rb_eVerificationError;
|
26
|
+
exception_message = "start node not found";
|
27
|
+
goto done;
|
28
|
+
}
|
29
|
+
|
30
|
+
// create signature context, we don't need keys manager in this example
|
31
|
+
dsigCtx = createDSigContext(NULL);
|
32
|
+
if(dsigCtx == NULL) {
|
33
|
+
rb_exception_result = rb_eVerificationError;
|
34
|
+
exception_message = "failed to create signature context";
|
35
|
+
goto done;
|
36
|
+
}
|
37
|
+
|
38
|
+
// load public key
|
39
|
+
dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)rsa_key,
|
40
|
+
rsa_key_length,
|
41
|
+
xmlSecKeyDataFormatPem,
|
42
|
+
NULL, // password
|
43
|
+
NULL, NULL);
|
44
|
+
if(dsigCtx->signKey == NULL) {
|
45
|
+
rb_exception_result = rb_eVerificationError;
|
46
|
+
exception_message = "failed to load public pem key";
|
47
|
+
goto done;
|
48
|
+
}
|
49
|
+
|
50
|
+
// verify signature
|
51
|
+
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
|
52
|
+
rb_exception_result = rb_eVerificationError;
|
53
|
+
exception_message = "signature could not be verified";
|
54
|
+
goto done;
|
55
|
+
}
|
56
|
+
|
57
|
+
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
|
58
|
+
result = Qtrue;
|
59
|
+
}
|
60
|
+
|
61
|
+
done:
|
62
|
+
if(dsigCtx != NULL) {
|
63
|
+
xmlSecDSigCtxDestroy(dsigCtx);
|
64
|
+
}
|
65
|
+
|
66
|
+
if(rb_exception_result != Qnil) {
|
67
|
+
if (hasXmlSecLastError()) {
|
68
|
+
rb_raise(rb_exception_result, "%s, XmlSec error: %s", exception_message,
|
69
|
+
getXmlSecLastError());
|
70
|
+
} else {
|
71
|
+
rb_raise(rb_exception_result, "%s", exception_message);
|
72
|
+
}
|
73
|
+
}
|
74
|
+
|
75
|
+
return result;
|
76
|
+
}
|
@@ -0,0 +1,166 @@
|
|
1
|
+
#include "options.h"
|
2
|
+
|
3
|
+
#include "common.h"
|
4
|
+
|
5
|
+
#if (XMLSEC_VERSION_MAJOR > 1) || (XMLSEC_VERSION_MAJOR == 1 && (XMLSEC_VERSION_MINOR > 2 || (XMLSEC_VERSION_MINOR == 2 && XMLSEC_VERSION_SUBMINOR >= 20)))
|
6
|
+
# define HAS_ECDSA 1
|
7
|
+
#else
|
8
|
+
# define HAS_ECDSA 0
|
9
|
+
#endif
|
10
|
+
|
11
|
+
// Key Transport Strings.
|
12
|
+
static const char RSA1_5[] = "rsa-1_5";
|
13
|
+
static const char RSA_OAEP_MGF1P[] = "rsa-oaep-mgf1p";
|
14
|
+
|
15
|
+
// Block Encryption Strings.
|
16
|
+
static const char TRIPLEDES_CBC[] = "tripledes-cbc";
|
17
|
+
static const char AES128_CBC[] = "aes128-cbc";
|
18
|
+
static const char AES256_CBC[] = "aes256-cbc";
|
19
|
+
static const char AES192_CBC[] = "aes192-cbc";
|
20
|
+
|
21
|
+
// Supported signature algorithms taken from #6 of
|
22
|
+
// http://www.w3.org/TR/xmldsig-core1/
|
23
|
+
static const char RSA_SHA1[] = "rsa-sha1";
|
24
|
+
static const char RSA_SHA224[] = "rsa-sha224";
|
25
|
+
static const char RSA_SHA256[] = "rsa-sha256";
|
26
|
+
static const char RSA_SHA384[] = "rsa-sha384";
|
27
|
+
static const char RSA_SHA512[] = "rsa-sha512";
|
28
|
+
static const char DSA_SHA1[] = "dsa-sha1";
|
29
|
+
|
30
|
+
#if HAS_ECDSA
|
31
|
+
static const char ECDSA_SHA1[] = "ecdsa-sha1";
|
32
|
+
static const char ECDSA_SHA224[] = "ecdsa-sha224";
|
33
|
+
static const char ECDSA_SHA256[] = "ecdsa-sha256";
|
34
|
+
static const char ECDSA_SHA384[] = "ecdsa-sha384";
|
35
|
+
static const char ECDSA_SHA512[] = "ecdsa-sha512";
|
36
|
+
static const char DSA_SHA256[] = "dsa-sha256";
|
37
|
+
#endif // HAS_ECDSA
|
38
|
+
|
39
|
+
// Supported digest algorithms taken from #6 of
|
40
|
+
// http://www.w3.org/TR/xmldsig-core1/
|
41
|
+
static const char DIGEST_SHA1[] = "sha1";
|
42
|
+
static const char DIGEST_SHA224[] = "sha224";
|
43
|
+
static const char DIGEST_SHA256[] = "sha256";
|
44
|
+
static const char DIGEST_SHA384[] = "sha384";
|
45
|
+
static const char DIGEST_SHA512[] = "sha512";
|
46
|
+
|
47
|
+
BOOL GetXmlEncOptions(VALUE rb_opts,
|
48
|
+
XmlEncOptions* options,
|
49
|
+
VALUE* rb_exception_result,
|
50
|
+
const char** exception_message) {
|
51
|
+
VALUE rb_block_encryption = rb_hash_aref(rb_opts, ID2SYM(rb_intern("block_encryption")));
|
52
|
+
VALUE rb_key_transport = rb_hash_aref(rb_opts, ID2SYM(rb_intern("key_transport")));
|
53
|
+
memset(options, 0, sizeof(XmlEncOptions));
|
54
|
+
|
55
|
+
if (NIL_P(rb_block_encryption) ||
|
56
|
+
TYPE(rb_block_encryption) != T_STRING ||
|
57
|
+
NIL_P(rb_key_transport) ||
|
58
|
+
TYPE(rb_key_transport) != T_STRING) {
|
59
|
+
*rb_exception_result = rb_eArgError;
|
60
|
+
*exception_message = "Must supply :block_encryption & :key_transport";
|
61
|
+
return FALSE;
|
62
|
+
}
|
63
|
+
|
64
|
+
char* blockEncryptionValue = RSTRING_PTR(rb_block_encryption);
|
65
|
+
int blockEncryptionLen = RSTRING_LEN(rb_block_encryption);
|
66
|
+
char* keyTransportValue = RSTRING_PTR(rb_key_transport);
|
67
|
+
int keyTransportLen = RSTRING_LEN(rb_key_transport);
|
68
|
+
|
69
|
+
if (strncmp(AES256_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
|
70
|
+
options->block_encryption = xmlSecTransformAes256CbcId;
|
71
|
+
options->key_type = "aes";
|
72
|
+
options->key_bits = 256;
|
73
|
+
} else if (strncmp(AES128_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
|
74
|
+
options->block_encryption = xmlSecTransformAes128CbcId;
|
75
|
+
options->key_type = "aes";
|
76
|
+
options->key_bits = 128;
|
77
|
+
} else if (strncmp(AES192_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
|
78
|
+
options->block_encryption = xmlSecTransformAes192CbcId;
|
79
|
+
options->key_type = "aes";
|
80
|
+
options->key_bits = 192;
|
81
|
+
} else if (strncmp(TRIPLEDES_CBC, blockEncryptionValue, blockEncryptionLen) == 0) {
|
82
|
+
options->block_encryption = xmlSecTransformDes3CbcId;
|
83
|
+
options->key_type = "des";
|
84
|
+
options->key_bits = 192;
|
85
|
+
} else {
|
86
|
+
*rb_exception_result = rb_eArgError;
|
87
|
+
*exception_message = "Unknown :block_encryption value";
|
88
|
+
return FALSE;
|
89
|
+
}
|
90
|
+
|
91
|
+
if (strncmp(RSA1_5, keyTransportValue, keyTransportLen) == 0) {
|
92
|
+
options->key_transport = xmlSecTransformRsaPkcs1Id;
|
93
|
+
} else if (strncmp(RSA_OAEP_MGF1P, keyTransportValue, keyTransportLen) == 0) {
|
94
|
+
options->key_transport = xmlSecTransformRsaOaepId;
|
95
|
+
} else {
|
96
|
+
*rb_exception_result = rb_eArgError;
|
97
|
+
*exception_message = "Unknown :key_transport value";
|
98
|
+
return FALSE;
|
99
|
+
}
|
100
|
+
|
101
|
+
return TRUE;
|
102
|
+
}
|
103
|
+
|
104
|
+
xmlSecTransformId GetSignatureMethod(VALUE rb_signature_alg,
|
105
|
+
VALUE* rb_exception_result,
|
106
|
+
const char** exception_message) {
|
107
|
+
const char* signatureAlgorithm = RSTRING_PTR(rb_signature_alg);
|
108
|
+
unsigned int signatureAlgorithmLength = RSTRING_LEN(rb_signature_alg);
|
109
|
+
|
110
|
+
if (strncmp(RSA_SHA1, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
111
|
+
return xmlSecTransformRsaSha1Id;
|
112
|
+
} else if (strncmp(RSA_SHA224, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
113
|
+
return xmlSecTransformRsaSha224Id;
|
114
|
+
} else if (strncmp(RSA_SHA256, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
115
|
+
return xmlSecTransformRsaSha256Id;
|
116
|
+
} else if (strncmp(RSA_SHA384, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
117
|
+
return xmlSecTransformRsaSha384Id;
|
118
|
+
} else if (strncmp(RSA_SHA512, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
119
|
+
return xmlSecTransformRsaSha512Id;
|
120
|
+
|
121
|
+
}
|
122
|
+
#if HAS_ECDSA
|
123
|
+
else if (strncmp(ECDSA_SHA1, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
124
|
+
return xmlSecTransformEcdsaSha1Id;
|
125
|
+
} else if (strncmp(ECDSA_SHA224, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
126
|
+
return xmlSecTransformEcdsaSha224Id;
|
127
|
+
} else if (strncmp(ECDSA_SHA256, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
128
|
+
return xmlSecTransformEcdsaSha256Id;
|
129
|
+
} else if (strncmp(ECDSA_SHA384, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
130
|
+
return xmlSecTransformEcdsaSha384Id;
|
131
|
+
} else if (strncmp(ECDSA_SHA512, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
132
|
+
return xmlSecTransformEcdsaSha512Id;
|
133
|
+
} else if (strncmp(DSA_SHA1, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
134
|
+
return xmlSecTransformDsaSha1Id;
|
135
|
+
} else if (strncmp(DSA_SHA256, signatureAlgorithm, signatureAlgorithmLength) == 0) {
|
136
|
+
return xmlSecTransformDsaSha256Id;
|
137
|
+
}
|
138
|
+
#endif // HAS_ECDSA
|
139
|
+
|
140
|
+
*rb_exception_result = rb_eArgError;
|
141
|
+
*exception_message = "Unknown :signature_alg";
|
142
|
+
return xmlSecTransformIdUnknown;
|
143
|
+
}
|
144
|
+
|
145
|
+
xmlSecTransformId GetDigestMethod(VALUE rb_digest_alg,
|
146
|
+
VALUE* rb_exception_result,
|
147
|
+
const char** exception_message) {
|
148
|
+
const char* digestAlgorithm = RSTRING_PTR(rb_digest_alg);
|
149
|
+
unsigned int digestAlgorithmLength = RSTRING_LEN(rb_digest_alg);
|
150
|
+
|
151
|
+
if (strncmp(DIGEST_SHA1, digestAlgorithm, digestAlgorithmLength) == 0) {
|
152
|
+
return xmlSecTransformSha1Id;
|
153
|
+
} else if (strncmp(DIGEST_SHA224, digestAlgorithm, digestAlgorithmLength) == 0) {
|
154
|
+
return xmlSecTransformSha224Id;
|
155
|
+
} else if (strncmp(DIGEST_SHA256, digestAlgorithm, digestAlgorithmLength) == 0) {
|
156
|
+
return xmlSecTransformSha256Id;
|
157
|
+
} else if (strncmp(DIGEST_SHA384, digestAlgorithm, digestAlgorithmLength) == 0) {
|
158
|
+
return xmlSecTransformSha384Id;
|
159
|
+
} else if (strncmp(DIGEST_SHA512, digestAlgorithm, digestAlgorithmLength) == 0) {
|
160
|
+
return xmlSecTransformSha512Id;
|
161
|
+
}
|
162
|
+
|
163
|
+
*rb_exception_result = rb_eArgError;
|
164
|
+
*exception_message = "Unknown :digest_algorithm";
|
165
|
+
return xmlSecTransformIdUnknown;
|
166
|
+
}
|