nokogiri-xmlsec 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +19 -0
- data/.rspec +2 -0
- data/Gemfile +4 -0
- data/Guardfile +13 -0
- data/LICENSE.txt +22 -0
- data/README.md +121 -0
- data/Rakefile +30 -0
- data/ext/nokogiri_ext_xmlsec/extconf.rb +20 -0
- data/ext/nokogiri_ext_xmlsec/init.c +46 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_decrypt_with_key.c +124 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_encrypt_with_key.c +182 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_init.c +29 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_sign_certificate.c +104 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_sign_rsa.c +95 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_certificates.c +96 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_named_keys.c +106 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_rsa.c +56 -0
- data/ext/nokogiri_ext_xmlsec/shutdown.c +12 -0
- data/ext/nokogiri_ext_xmlsec/xmlsecrb.h +38 -0
- data/lib/nokogiri-xmlsec.rb +1 -0
- data/lib/xmlsec.rb +110 -0
- data/lib/xmlsec/version.rb +3 -0
- data/nokogiri-xmlsec.gemspec +36 -0
- data/spec/fixtures/cert/server.crt +14 -0
- data/spec/fixtures/cert/server.csr +11 -0
- data/spec/fixtures/cert/server.key.decrypted +15 -0
- data/spec/fixtures/cert/server.key.encrypted +18 -0
- data/spec/fixtures/rsa.pem +15 -0
- data/spec/fixtures/rsa.pub +6 -0
- data/spec/fixtures/sign2-doc.xml +6 -0
- data/spec/fixtures/sign2-result.xml +24 -0
- data/spec/fixtures/sign3-result.xml +37 -0
- data/spec/lib/nokogiri/xml/document/encryption_and_decryption_spec.rb +28 -0
- data/spec/lib/nokogiri/xml/document/signing_and_verifying_spec.rb +70 -0
- data/spec/spec_helper.rb +10 -0
- metadata +196 -0
@@ -0,0 +1,12 @@
|
|
1
|
+
#include "xmlsecrb.h"
|
2
|
+
|
3
|
+
/* not actually called anywhere right now, but here for posterity */
|
4
|
+
void Shutdown_xmlsecrb() {
|
5
|
+
xmlSecCryptoShutdown();
|
6
|
+
xmlSecCryptoAppShutdown();
|
7
|
+
xmlSecShutdown();
|
8
|
+
xsltCleanupGlobals();
|
9
|
+
#ifndef XMLSEC_NO_XSLT
|
10
|
+
xsltCleanupGlobals();
|
11
|
+
#endif /* XMLSEC_NO_XSLT */
|
12
|
+
}
|
@@ -0,0 +1,38 @@
|
|
1
|
+
#ifndef XMLSECRB_H
|
2
|
+
#define XMLSECRB_H
|
3
|
+
|
4
|
+
#include <ruby.h>
|
5
|
+
|
6
|
+
#include <libxml/tree.h>
|
7
|
+
#include <libxml/xmlmemory.h>
|
8
|
+
#include <libxml/parser.h>
|
9
|
+
#include <libxml/xmlstring.h>
|
10
|
+
|
11
|
+
#include <libxslt/xslt.h>
|
12
|
+
|
13
|
+
#include <xmlsec/xmlsec.h>
|
14
|
+
#include <xmlsec/xmltree.h>
|
15
|
+
#include <xmlsec/xmldsig.h>
|
16
|
+
#include <xmlsec/xmlenc.h>
|
17
|
+
#include <xmlsec/templates.h>
|
18
|
+
#include <xmlsec/crypto.h>
|
19
|
+
#include <xmlsec/dl.h>
|
20
|
+
|
21
|
+
VALUE sign_with_key(VALUE self, VALUE rb_key_name, VALUE rb_rsa_key);
|
22
|
+
VALUE sign_with_certificate(VALUE self, VALUE rb_key_name, VALUE rb_rsa_key, VALUE rb_cert);
|
23
|
+
VALUE verify_signature_with_rsa_key(VALUE self, VALUE rb_rsa_key);
|
24
|
+
VALUE verify_signature_with_named_keys(VALUE self, VALUE rb_keys);
|
25
|
+
VALUE verify_signature_with_certificates(VALUE self, VALUE rb_certs);
|
26
|
+
VALUE encrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key);
|
27
|
+
VALUE decrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key);
|
28
|
+
|
29
|
+
void Init_Nokogiri_ext(void);
|
30
|
+
|
31
|
+
extern VALUE rb_cNokogiri_XML_Document;
|
32
|
+
extern VALUE rb_eSigningError;
|
33
|
+
extern VALUE rb_eVerificationError;
|
34
|
+
extern VALUE rb_eKeystoreError;
|
35
|
+
extern VALUE rb_eEncryptionError;
|
36
|
+
extern VALUE rb_eDecryptionError;
|
37
|
+
|
38
|
+
#endif // XMLSECRB_H
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'xmlsec'
|
data/lib/xmlsec.rb
ADDED
@@ -0,0 +1,110 @@
|
|
1
|
+
require "xmlsec/version"
|
2
|
+
require 'nokogiri'
|
3
|
+
require 'nokogiri_ext_xmlsec'
|
4
|
+
|
5
|
+
class Nokogiri::XML::Document
|
6
|
+
# Signs this document, and then returns it.
|
7
|
+
#
|
8
|
+
# Examples:
|
9
|
+
#
|
10
|
+
# doc.sign! key: 'rsa-private-key'
|
11
|
+
# doc.sign! key: 'rsa-private-key', name: 'key-name'
|
12
|
+
# doc.sign! x509: 'x509 certificate', key: 'cert private key'
|
13
|
+
# doc.sign! x509: 'x509 certificate', key: 'cert private key',
|
14
|
+
# name: 'key-name'
|
15
|
+
#
|
16
|
+
# You can also use `:cert` or `:certificate` as aliases for `:x509`.
|
17
|
+
#
|
18
|
+
def sign! opts
|
19
|
+
if (cert = opts[:x509]) || (cert = opts[:cert]) || (cert = opts[:certificate])
|
20
|
+
raise "need a private :key" unless opts[:key]
|
21
|
+
sign_with_certificate opts[:name].to_s, opts[:key], cert
|
22
|
+
elsif opts[:key]
|
23
|
+
sign_with_key opts[:name].to_s, opts[:key]
|
24
|
+
else
|
25
|
+
raise "No private :key was given"
|
26
|
+
end
|
27
|
+
self
|
28
|
+
end
|
29
|
+
|
30
|
+
# Verifies the signature on the current document.
|
31
|
+
#
|
32
|
+
# Returns `true` if the signature is valid, `false` otherwise.
|
33
|
+
#
|
34
|
+
# Examples:
|
35
|
+
#
|
36
|
+
# # Try to validate with the given public or private key
|
37
|
+
# doc.verify_with key: 'rsa-key'
|
38
|
+
#
|
39
|
+
# # Try to validate with a set of keys. It will try to match
|
40
|
+
# # based on the contents of the `KeyName` element.
|
41
|
+
# doc.verify_with({
|
42
|
+
# 'key-name' => 'x509 certificate',
|
43
|
+
# 'another-key-name' => 'rsa-public-key'
|
44
|
+
# })
|
45
|
+
#
|
46
|
+
# # Try to validate with a trusted certificate
|
47
|
+
# doc.verify_with(x509: 'certificate')
|
48
|
+
#
|
49
|
+
# # Try to validate with a set of certificates, any one of which
|
50
|
+
# # can match
|
51
|
+
# doc.verify_with(x509: ['cert1', 'cert2'])
|
52
|
+
#
|
53
|
+
# You can also use `:cert` or `:certificate` or `:certs` or
|
54
|
+
# `:certificates` as aliases for `:x509`.
|
55
|
+
#
|
56
|
+
def verify_with opts_or_keys
|
57
|
+
if (certs = opts_or_keys[:x509]) ||
|
58
|
+
(certs = opts_or_keys[:cert]) ||
|
59
|
+
(certs = opts_or_keys[:certs]) ||
|
60
|
+
(certs = opts_or_keys[:certificate]) ||
|
61
|
+
(certs = opts_or_keys[:certificates])
|
62
|
+
certs = [certs] unless certs.kind_of?(Array)
|
63
|
+
verify_with_certificates certs
|
64
|
+
elsif opts_or_keys[:key]
|
65
|
+
verify_with_rsa_key opts_or_keys[:key]
|
66
|
+
else
|
67
|
+
verify_with_named_keys opts_or_keys
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
# Attempts to verify the signature of this document using only certificates
|
72
|
+
# installed on the system. This is equivalent to calling
|
73
|
+
# `verify_with certificates: []` (that is, an empty array).
|
74
|
+
#
|
75
|
+
def verify_signature
|
76
|
+
verify_with_certificates []
|
77
|
+
end
|
78
|
+
|
79
|
+
# Encrypts the current document, then returns it.
|
80
|
+
#
|
81
|
+
# Examples:
|
82
|
+
#
|
83
|
+
# # encrypt with a public key and optional key name
|
84
|
+
# doc.encrypt! key: 'public-key', name: 'name'
|
85
|
+
#
|
86
|
+
def encrypt! opts
|
87
|
+
if opts[:key]
|
88
|
+
encrypt_with_key opts[:name].to_s, opts[:key]
|
89
|
+
else
|
90
|
+
raise "private :key is required for encryption"
|
91
|
+
end
|
92
|
+
self
|
93
|
+
end
|
94
|
+
|
95
|
+
# Decrypts the current document, then returns it.
|
96
|
+
#
|
97
|
+
# Examples:
|
98
|
+
#
|
99
|
+
# # decrypt with a specific private key
|
100
|
+
# doc.decrypt! key: 'private-key'
|
101
|
+
#
|
102
|
+
def decrypt! opts
|
103
|
+
if opts[:key]
|
104
|
+
decrypt_with_key opts[:name].to_s, opts[:key]
|
105
|
+
else
|
106
|
+
raise 'inadequate options specified for decryption'
|
107
|
+
end
|
108
|
+
self
|
109
|
+
end
|
110
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'xmlsec/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "nokogiri-xmlsec"
|
8
|
+
spec.version = Xmlsec::VERSION
|
9
|
+
spec.authors = ["Colin MacKenzie IV"]
|
10
|
+
spec.email = ["sinisterchipmunk@gmail.com"]
|
11
|
+
spec.description = %q{Adds support to Ruby for encrypting, decrypting,
|
12
|
+
signing and validating the signatures of XML documents, according to the
|
13
|
+
[XML Encryption Syntax and Processing](http://www.w3.org/TR/xmlenc-core/)
|
14
|
+
standard, by wrapping around the [xmlsec](http://www.aleksey.com/xmlsec) C
|
15
|
+
library and adding relevant methods to `Nokogiri::XML::Document`.}
|
16
|
+
spec.summary = %q{Wrapper around http://www.aleksey.com/xmlsec to
|
17
|
+
support XML encryption, decryption, signing and signature validation in
|
18
|
+
Ruby}
|
19
|
+
spec.homepage = "https://github.com/sinisterchipmunk/xmlsec"
|
20
|
+
spec.license = "MIT"
|
21
|
+
|
22
|
+
spec.files = `git ls-files`.split($/)
|
23
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
24
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
25
|
+
spec.require_paths = ["lib"]
|
26
|
+
spec.extensions = %w{ext/nokogiri_ext_xmlsec/extconf.rb}
|
27
|
+
|
28
|
+
spec.add_dependency 'nokogiri'
|
29
|
+
|
30
|
+
spec.add_development_dependency "bundler", "~> 1.3"
|
31
|
+
spec.add_development_dependency "rake"
|
32
|
+
spec.add_development_dependency "rake-compiler"
|
33
|
+
spec.add_development_dependency "rspec"
|
34
|
+
spec.add_development_dependency "guard-rspec"
|
35
|
+
spec.add_development_dependency "guard-rake"
|
36
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIICLzCCAZgCCQCVuhhQ38rw0TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJV
|
3
|
+
UzEQMA4GA1UECAwHR2VvcmdpYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
|
4
|
+
dHkgTHRkMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTAgFw0xMzA1MjUxODQwMDRa
|
5
|
+
GA8zMDEyMDkyNTE4NDAwNFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3Jn
|
6
|
+
aWExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwO
|
7
|
+
d3d3Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSql
|
8
|
+
eymfHtzOeY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii
|
9
|
+
3fqGBiHMkZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQ
|
10
|
+
gSVEWpEpCSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAEwDQYJKoZIhvcNAQEFBQAD
|
11
|
+
gYEATyK/RlfpohUVimgFkycTF2hyusjctseXoZDCctgg/STMsL8iA0P9YB6k91GC
|
12
|
+
kWpwevuiwarD1MfSUV6goPINFkIBvfK+5R9lpHaTqqs615z8T9R5VJgaLcFe3tWd
|
13
|
+
7oq3V2q5Nl6MrZfXj2N07qe6/9zfdauxYO26vAEKCvIkbMo=
|
14
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,11 @@
|
|
1
|
+
-----BEGIN CERTIFICATE REQUEST-----
|
2
|
+
MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExITAf
|
3
|
+
BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOd3d3Lmdv
|
4
|
+
b2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSqleymfHtzO
|
5
|
+
eY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii3fqGBiHM
|
6
|
+
kZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQgSVEWpEp
|
7
|
+
CSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQB6
|
8
|
+
8K0q16EAkGoYLFHvVHxpqk+annbB8ZqpbV43T12Ngx7KiMsdTjrgho0lP/OllHcr
|
9
|
+
3vQ0yHnI1K1EeV9Q+/lXqaRl9ws3PL1QMOFm4XD1uIEPG+umRYgrjuZhFab+2Zfs
|
10
|
+
rgyILF2yRSy0oVeTBxVK5igV6qYcXFFBRIj7nnV8Jg==
|
11
|
+
-----END CERTIFICATE REQUEST-----
|
@@ -0,0 +1,15 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIICWwIBAAKBgQCxOKEqpXspnx7cznmPOlsr37I2Zms9l5yKPXc2bCu9cjBCpIL1
|
3
|
+
0J52MvaStDWmHBtAdIXIot36hgYhzJGWNgThlsAgv8DpiQsy6vaunGj1lLO9WZKP
|
4
|
+
oefS2qlfd78w5mWl2HxaEIElRFqRKQkqOetMdJkri5yWHUEM2fy+sb8WdQIDAQAB
|
5
|
+
AoGAB1d8PcMLPicsZSNcn9VgD4o93MkTakLMpmFzfdqvWTLQ0wHztvFEj0r/Mgar
|
6
|
+
Lk19x4bMQAqXPZitylqqMVndi9U8squvAvkZcgYL57MNQRgmLtjSMfk4wCY9ieDa
|
7
|
+
newt4cP7nGN/ZkU5R0lRMGExKSrMZW8HAkK4WJpbfnOpwGECQQDkoggBRH4aFlaj
|
8
|
+
Xhw+mSIxOpmzFBhXZ0z+bvoCipPKIhbnwKt0dupn0xAwatNmakBt0p46SFOgW8QQ
|
9
|
+
TV51G/bdAkEAxm8yEod77IM6bhLL+3h/nsGOGsA0xs22U6FBrz34Nvd4gwmICMcF
|
10
|
+
t4P3iHYzJfUt+Z2zv5ucX2tuD4uoWsqIeQJAercdZNDGfmoPBpC0yESZPaMebCgV
|
11
|
+
CJTBlq8qMcL/oDa75Jhdbp2FI0T+I36zCP1up4OsucuoVyHqEnX0hRcFYQJAD3Nz
|
12
|
+
E6xHAviI4S9HgNI2JbduiDi1I1G7Q7HHuox5ulX0pUdlt0E/+bUl3hNOEkOQC+Ky
|
13
|
+
r1W/jFKCJGW8ey1QCQJAYDh1BmlLswafEnkNmwydNz4gVflHJvsF8A1c2wJVytkT
|
14
|
+
3HVWvwOAfcumDNDNkSUJ+0DQs17qgOMCDwFgFzUb+Q==
|
15
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,18 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
Proc-Type: 4,ENCRYPTED
|
3
|
+
DEK-Info: DES-EDE3-CBC,6F8CC52C2E211FF4
|
4
|
+
|
5
|
+
T5g21oYrsS435g2GRNBFs+IwpKYAsF0RDt9SNuCXp6hD2MbcF3q8Su/wvj9inAZi
|
6
|
+
S7V8Qp8mmBsjo+vh0oTggVFmk7/fyTAa6ltQL+1UH7b8vecgGFKSBV8TG3+k9S4C
|
7
|
+
ZgXyR9pTgzQx+8M5LrnOnM8fpf638xouHvMo7zTFPhimehIMrMcXAyRZaRfcDhlg
|
8
|
+
YR+JRvSa0Q9vxhsC19fjfnlU7FdV8B9Ypo/+23TNmKpfU99oV6oPNoiWzkziKtvZ
|
9
|
+
mwYjrYw6r91ANFCRIux5+CjfOqVxissxzmZ5vyV89LoXjLAEDVmv2vJ+8w2b8zAN
|
10
|
+
FAXtcx74MutSQQBrG4xffwwRJwf0uPhzMohRoiholOoaMFSOFBasA+phn7hr7m9a
|
11
|
+
JWj4icCRVZlm+rztbbiapBUtm4ER1tdBGr84TgqasM5CK/qhXt9CCnUBRaimIwad
|
12
|
+
9dib2jnkzuqlyrdzLyaFU0IRSq+GQAK7sgya/V2q96lWdzejMGx/07hL6lvPY/h7
|
13
|
+
o8puMwpCK4XKYantqXL26oCxSgcrlA2nlR+SfmRKhwDwy8rPsTBm55BxwGr8Jj+9
|
14
|
+
6bY6VOR+vZkjSVDKNBOq8gUJvPksQV0CK0eSgPTli0ncCInzFPeLGISIa90rFD7I
|
15
|
+
97w/ZzTywVnTWO9DhedliwqDSOOYTdVoRfygQfpaFoa1aqR9tKWoc30kbqXvgvUR
|
16
|
+
mlDwiY1zxpKsTHKu7omf0bp5m8dlW4EarWgTsTRQ8EOHoIucgjdaSxPEDDi8WGOW
|
17
|
+
Nbqb2ZZz7wsIL71XgC13A+va1C0F709PK/Xnd5IwRf8=
|
18
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,15 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIICXgIBAAKBgQC15La+LSmHNUs/yqzSuzKdBUED1OfaOZpBp8zxAAQy7VlTrqRh
|
3
|
+
/eiJH3VSeRRZEygORvtLgi/teF2P+z/mfJ6IHIdCdkn8MF4CCCQKkjm7JKRrKfK5
|
4
|
+
fOUp1NZF22oP8x0L4j67NYCtR9F6KIkV5A6FPAZGI8nsHnyJzRwqmG2xbQIDAQAB
|
5
|
+
AoGBAJDT2UW3g/dqUc4rPExWTUiFJG0+mpVBhDd+ukmyL6W1Iojk53I2z25PJAVU
|
6
|
+
7wS1ohEsJ27J7Aty6Vx5Ozn0Q+zYVaKRSxcazNeGbwS0UaGrN0lMvWDs7RmVGCdx
|
7
|
+
bI2LUTQ88Bl94dW4QObAub+wMOL6xmVEVrJssZnm+CIqS2UBAkEA49QDNB//oHmi
|
8
|
+
iqD4SFotE8Lz80qBGHN15YIm80TKUR2k1LusZl6R5+2nYTF2vPsG+HGXPbkGhqTn
|
9
|
+
JL9GMBv7TQJBAMxinne8+bKTvOl/hhdAohFs7aHUBZhZOEuXIf1jYENASk2weYC6
|
10
|
+
95SlHvWcwPHfqVbpwt83sGL8aDm8CCPYPqECQQDEFRQQx72GC0oG0FYAR4RmbrLx
|
11
|
+
YN1NAwqkVmlZlIogWEgmQ8Q0cw5Ws+cMMrtEGTU9nN4TZGymc8TwjqNFAsA9AkEA
|
12
|
+
ol8Cp/uQn6cxIIt4Gsb1OkTAcJ0BKOxQhfT2QtiNJEBSB3BYxsVCZWvcsaGrwzw9
|
13
|
+
yteBQlZ6odkGcD+Kc/eaoQJAH+0a7jlHDu2VCHI63OiNZQJ8J9oxaPvWZyKYSaCO
|
14
|
+
iGvon/Z6KGQhXMedPDaCH7UjeMle5AVhjSrSvF6OglgZ9g==
|
15
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,6 @@
|
|
1
|
+
-----BEGIN PUBLIC KEY-----
|
2
|
+
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC15La+LSmHNUs/yqzSuzKdBUED
|
3
|
+
1OfaOZpBp8zxAAQy7VlTrqRh/eiJH3VSeRRZEygORvtLgi/teF2P+z/mfJ6IHIdC
|
4
|
+
dkn8MF4CCCQKkjm7JKRrKfK5fOUp1NZF22oP8x0L4j67NYCtR9F6KIkV5A6FPAZG
|
5
|
+
I8nsHnyJzRwqmG2xbQIDAQAB
|
6
|
+
-----END PUBLIC KEY-----
|
@@ -0,0 +1,24 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<Envelope xmlns="urn:envelope">
|
3
|
+
<Data>
|
4
|
+
Hello, World!
|
5
|
+
</Data>
|
6
|
+
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
7
|
+
<SignedInfo>
|
8
|
+
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
9
|
+
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
10
|
+
<Reference>
|
11
|
+
<Transforms>
|
12
|
+
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
13
|
+
</Transforms>
|
14
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
15
|
+
<DigestValue>Te51eBcV78RHrLH5Dv0P24r8vW8=</DigestValue>
|
16
|
+
</Reference>
|
17
|
+
</SignedInfo>
|
18
|
+
<SignatureValue>DPwu/iB8Sx21tywM69YUztjuMbKdAsfwOniDWlabk2jmEgbtwPlKFgZ9A5wdZbFj
|
19
|
+
D+SGQrv0y0d0UV8SBV5zeAeyyX7uwpm45iEbtQjirC6oaJ5Eu9caBCRqbcxNSTdR
|
20
|
+
yKGnO1r+dK/9T/MFANce39wBaeOUzo2qJe2128iWal4=</SignatureValue>
|
21
|
+
<KeyInfo>
|
22
|
+
<KeyName>test</KeyName>
|
23
|
+
</KeyInfo>
|
24
|
+
</Signature></Envelope>
|
@@ -0,0 +1,37 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<Envelope xmlns="urn:envelope">
|
3
|
+
<Data>
|
4
|
+
Hello, World!
|
5
|
+
</Data>
|
6
|
+
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
7
|
+
<SignedInfo>
|
8
|
+
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
9
|
+
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
10
|
+
<Reference>
|
11
|
+
<Transforms>
|
12
|
+
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
13
|
+
</Transforms>
|
14
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
15
|
+
<DigestValue>Te51eBcV78RHrLH5Dv0P24r8vW8=</DigestValue>
|
16
|
+
</Reference>
|
17
|
+
</SignedInfo>
|
18
|
+
<SignatureValue>FNY3KHaZF2vVo/WKCRftatol0c22ozKn7S6Uw+GGjfAodlZwSPU5yq6rbfEBpMIi
|
19
|
+
igz6OFpeB5fFOIJM7n428uT+tcE48AnmHvh2Dd+THs5NgGxIrogfYQGyzvX/GHox
|
20
|
+
bmLwCVE/mRMHEG3UY67WctjP5DaSk0VCANpMnBnn+g4=</SignatureValue>
|
21
|
+
<KeyInfo>
|
22
|
+
<X509Data>
|
23
|
+
<X509Certificate>MIICLzCCAZgCCQCVuhhQ38rw0TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJV
|
24
|
+
UzEQMA4GA1UECAwHR2VvcmdpYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
|
25
|
+
dHkgTHRkMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTAgFw0xMzA1MjUxODQwMDRa
|
26
|
+
GA8zMDEyMDkyNTE4NDAwNFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3Jn
|
27
|
+
aWExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwO
|
28
|
+
d3d3Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSql
|
29
|
+
eymfHtzOeY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii
|
30
|
+
3fqGBiHMkZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQ
|
31
|
+
gSVEWpEpCSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAEwDQYJKoZIhvcNAQEFBQAD
|
32
|
+
gYEATyK/RlfpohUVimgFkycTF2hyusjctseXoZDCctgg/STMsL8iA0P9YB6k91GC
|
33
|
+
kWpwevuiwarD1MfSUV6goPINFkIBvfK+5R9lpHaTqqs615z8T9R5VJgaLcFe3tWd
|
34
|
+
7oq3V2q5Nl6MrZfXj2N07qe6/9zfdauxYO26vAEKCvIkbMo=</X509Certificate>
|
35
|
+
</X509Data>
|
36
|
+
</KeyInfo>
|
37
|
+
</Signature></Envelope>
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "encryption and decryption:" do
|
4
|
+
subject do
|
5
|
+
Nokogiri::XML(fixture('sign2-doc.xml'))
|
6
|
+
end
|
7
|
+
|
8
|
+
describe 'encrypting with an RSA public key' do
|
9
|
+
before do
|
10
|
+
@original = subject.to_s
|
11
|
+
subject.encrypt! key: fixture('rsa.pub'), name: 'test'
|
12
|
+
end
|
13
|
+
|
14
|
+
# it generates a new key every time so will never match the fixture
|
15
|
+
specify { subject.to_s.should_not == @original }
|
16
|
+
specify { subject.to_s.should_not =~ /Hello.*World/i }
|
17
|
+
# specify { subject.to_s.should == fixture('encrypt2-result.xml') }
|
18
|
+
|
19
|
+
describe 'decrypting with the RSA private key' do
|
20
|
+
before do
|
21
|
+
subject.decrypt! key: fixture('rsa.pem'), name: 'test'
|
22
|
+
end
|
23
|
+
|
24
|
+
specify { subject.to_s.should == fixture('sign2-doc.xml') }
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
end
|
@@ -0,0 +1,70 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "signing and verifying signatures:" do
|
4
|
+
subject do
|
5
|
+
Nokogiri::XML(fixture('sign2-doc.xml'))
|
6
|
+
end
|
7
|
+
|
8
|
+
describe 'signing a document with an RSA key' do
|
9
|
+
before { subject.sign! key: fixture('rsa.pem'), name: 'test' }
|
10
|
+
|
11
|
+
it 'should produce a signed document' do
|
12
|
+
subject.to_s.should == fixture('sign2-result.xml')
|
13
|
+
end
|
14
|
+
|
15
|
+
describe 'verifying the document with a single public key' do
|
16
|
+
it 'should be valid' do
|
17
|
+
subject.verify_with(key: fixture('rsa.pub')).should == true
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
describe 'verifying the document with a set of keys' do
|
22
|
+
it 'should be valid' do
|
23
|
+
subject.verify_with({
|
24
|
+
'test' => fixture('rsa.pub')
|
25
|
+
}).should == true
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
describe 'signing a document with an RSA key and X509 certificate' do
|
31
|
+
before do
|
32
|
+
subject.sign! key: fixture('cert/server.key.decrypted'),
|
33
|
+
name: 'test',
|
34
|
+
x509: fixture('cert/server.crt')
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'should produce a signed document' do
|
38
|
+
subject.to_s.should == fixture('sign3-result.xml')
|
39
|
+
end
|
40
|
+
|
41
|
+
describe 'verifying the document with an array of X509 certificates' do
|
42
|
+
specify { subject.verify_with(x509: [fixture('cert/server.crt')]).should == true }
|
43
|
+
specify { subject.verify_with(certs: [fixture('cert/server.crt')]).should == true }
|
44
|
+
specify { subject.verify_with(certificates: [fixture('cert/server.crt')]).should == true }
|
45
|
+
|
46
|
+
it 'should verify using system certificates' do
|
47
|
+
# subject.verify_signature.should == true -- sort of.
|
48
|
+
unless subject.verify_signature
|
49
|
+
raise <<-end_error
|
50
|
+
Could not use system certificates to verify the signature.
|
51
|
+
Note that this may not be a failing spec. You should copy
|
52
|
+
or symlink the file `spec/fixtures/cert/server.crt` into
|
53
|
+
the directory shown by running `openssl version -d`. After
|
54
|
+
doing so, run `sudo c_rehash CERT_PATH`, where
|
55
|
+
CERT_PATH is the same directory you copied the certificate
|
56
|
+
into (/usr/lib/ssl/certs by default on Ubuntu). After doing
|
57
|
+
that, run this spec again and see if it passes.
|
58
|
+
end_error
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
describe 'verifying the document with one X509 certificate' do
|
64
|
+
specify { subject.verify_with(x509: fixture('cert/server.crt')).should == true }
|
65
|
+
specify { subject.verify_with(cert: fixture('cert/server.crt')).should == true }
|
66
|
+
specify { subject.verify_with(certificate: fixture('cert/server.crt')).should == true }
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
end
|