nokogiri-xmlsec 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +19 -0
- data/.rspec +2 -0
- data/Gemfile +4 -0
- data/Guardfile +13 -0
- data/LICENSE.txt +22 -0
- data/README.md +121 -0
- data/Rakefile +30 -0
- data/ext/nokogiri_ext_xmlsec/extconf.rb +20 -0
- data/ext/nokogiri_ext_xmlsec/init.c +46 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_decrypt_with_key.c +124 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_encrypt_with_key.c +182 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_init.c +29 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_sign_certificate.c +104 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_sign_rsa.c +95 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_certificates.c +96 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_named_keys.c +106 -0
- data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_rsa.c +56 -0
- data/ext/nokogiri_ext_xmlsec/shutdown.c +12 -0
- data/ext/nokogiri_ext_xmlsec/xmlsecrb.h +38 -0
- data/lib/nokogiri-xmlsec.rb +1 -0
- data/lib/xmlsec.rb +110 -0
- data/lib/xmlsec/version.rb +3 -0
- data/nokogiri-xmlsec.gemspec +36 -0
- data/spec/fixtures/cert/server.crt +14 -0
- data/spec/fixtures/cert/server.csr +11 -0
- data/spec/fixtures/cert/server.key.decrypted +15 -0
- data/spec/fixtures/cert/server.key.encrypted +18 -0
- data/spec/fixtures/rsa.pem +15 -0
- data/spec/fixtures/rsa.pub +6 -0
- data/spec/fixtures/sign2-doc.xml +6 -0
- data/spec/fixtures/sign2-result.xml +24 -0
- data/spec/fixtures/sign3-result.xml +37 -0
- data/spec/lib/nokogiri/xml/document/encryption_and_decryption_spec.rb +28 -0
- data/spec/lib/nokogiri/xml/document/signing_and_verifying_spec.rb +70 -0
- data/spec/spec_helper.rb +10 -0
- metadata +196 -0
@@ -0,0 +1,12 @@
|
|
1
|
+
#include "xmlsecrb.h"
|
2
|
+
|
3
|
+
/* not actually called anywhere right now, but here for posterity */
|
4
|
+
void Shutdown_xmlsecrb() {
|
5
|
+
xmlSecCryptoShutdown();
|
6
|
+
xmlSecCryptoAppShutdown();
|
7
|
+
xmlSecShutdown();
|
8
|
+
xsltCleanupGlobals();
|
9
|
+
#ifndef XMLSEC_NO_XSLT
|
10
|
+
xsltCleanupGlobals();
|
11
|
+
#endif /* XMLSEC_NO_XSLT */
|
12
|
+
}
|
@@ -0,0 +1,38 @@
|
|
1
|
+
#ifndef XMLSECRB_H
|
2
|
+
#define XMLSECRB_H
|
3
|
+
|
4
|
+
#include <ruby.h>
|
5
|
+
|
6
|
+
#include <libxml/tree.h>
|
7
|
+
#include <libxml/xmlmemory.h>
|
8
|
+
#include <libxml/parser.h>
|
9
|
+
#include <libxml/xmlstring.h>
|
10
|
+
|
11
|
+
#include <libxslt/xslt.h>
|
12
|
+
|
13
|
+
#include <xmlsec/xmlsec.h>
|
14
|
+
#include <xmlsec/xmltree.h>
|
15
|
+
#include <xmlsec/xmldsig.h>
|
16
|
+
#include <xmlsec/xmlenc.h>
|
17
|
+
#include <xmlsec/templates.h>
|
18
|
+
#include <xmlsec/crypto.h>
|
19
|
+
#include <xmlsec/dl.h>
|
20
|
+
|
21
|
+
VALUE sign_with_key(VALUE self, VALUE rb_key_name, VALUE rb_rsa_key);
|
22
|
+
VALUE sign_with_certificate(VALUE self, VALUE rb_key_name, VALUE rb_rsa_key, VALUE rb_cert);
|
23
|
+
VALUE verify_signature_with_rsa_key(VALUE self, VALUE rb_rsa_key);
|
24
|
+
VALUE verify_signature_with_named_keys(VALUE self, VALUE rb_keys);
|
25
|
+
VALUE verify_signature_with_certificates(VALUE self, VALUE rb_certs);
|
26
|
+
VALUE encrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key);
|
27
|
+
VALUE decrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key);
|
28
|
+
|
29
|
+
void Init_Nokogiri_ext(void);
|
30
|
+
|
31
|
+
extern VALUE rb_cNokogiri_XML_Document;
|
32
|
+
extern VALUE rb_eSigningError;
|
33
|
+
extern VALUE rb_eVerificationError;
|
34
|
+
extern VALUE rb_eKeystoreError;
|
35
|
+
extern VALUE rb_eEncryptionError;
|
36
|
+
extern VALUE rb_eDecryptionError;
|
37
|
+
|
38
|
+
#endif // XMLSECRB_H
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'xmlsec'
|
data/lib/xmlsec.rb
ADDED
@@ -0,0 +1,110 @@
|
|
1
|
+
require "xmlsec/version"
|
2
|
+
require 'nokogiri'
|
3
|
+
require 'nokogiri_ext_xmlsec'
|
4
|
+
|
5
|
+
class Nokogiri::XML::Document
|
6
|
+
# Signs this document, and then returns it.
|
7
|
+
#
|
8
|
+
# Examples:
|
9
|
+
#
|
10
|
+
# doc.sign! key: 'rsa-private-key'
|
11
|
+
# doc.sign! key: 'rsa-private-key', name: 'key-name'
|
12
|
+
# doc.sign! x509: 'x509 certificate', key: 'cert private key'
|
13
|
+
# doc.sign! x509: 'x509 certificate', key: 'cert private key',
|
14
|
+
# name: 'key-name'
|
15
|
+
#
|
16
|
+
# You can also use `:cert` or `:certificate` as aliases for `:x509`.
|
17
|
+
#
|
18
|
+
def sign! opts
|
19
|
+
if (cert = opts[:x509]) || (cert = opts[:cert]) || (cert = opts[:certificate])
|
20
|
+
raise "need a private :key" unless opts[:key]
|
21
|
+
sign_with_certificate opts[:name].to_s, opts[:key], cert
|
22
|
+
elsif opts[:key]
|
23
|
+
sign_with_key opts[:name].to_s, opts[:key]
|
24
|
+
else
|
25
|
+
raise "No private :key was given"
|
26
|
+
end
|
27
|
+
self
|
28
|
+
end
|
29
|
+
|
30
|
+
# Verifies the signature on the current document.
|
31
|
+
#
|
32
|
+
# Returns `true` if the signature is valid, `false` otherwise.
|
33
|
+
#
|
34
|
+
# Examples:
|
35
|
+
#
|
36
|
+
# # Try to validate with the given public or private key
|
37
|
+
# doc.verify_with key: 'rsa-key'
|
38
|
+
#
|
39
|
+
# # Try to validate with a set of keys. It will try to match
|
40
|
+
# # based on the contents of the `KeyName` element.
|
41
|
+
# doc.verify_with({
|
42
|
+
# 'key-name' => 'x509 certificate',
|
43
|
+
# 'another-key-name' => 'rsa-public-key'
|
44
|
+
# })
|
45
|
+
#
|
46
|
+
# # Try to validate with a trusted certificate
|
47
|
+
# doc.verify_with(x509: 'certificate')
|
48
|
+
#
|
49
|
+
# # Try to validate with a set of certificates, any one of which
|
50
|
+
# # can match
|
51
|
+
# doc.verify_with(x509: ['cert1', 'cert2'])
|
52
|
+
#
|
53
|
+
# You can also use `:cert` or `:certificate` or `:certs` or
|
54
|
+
# `:certificates` as aliases for `:x509`.
|
55
|
+
#
|
56
|
+
def verify_with opts_or_keys
|
57
|
+
if (certs = opts_or_keys[:x509]) ||
|
58
|
+
(certs = opts_or_keys[:cert]) ||
|
59
|
+
(certs = opts_or_keys[:certs]) ||
|
60
|
+
(certs = opts_or_keys[:certificate]) ||
|
61
|
+
(certs = opts_or_keys[:certificates])
|
62
|
+
certs = [certs] unless certs.kind_of?(Array)
|
63
|
+
verify_with_certificates certs
|
64
|
+
elsif opts_or_keys[:key]
|
65
|
+
verify_with_rsa_key opts_or_keys[:key]
|
66
|
+
else
|
67
|
+
verify_with_named_keys opts_or_keys
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
# Attempts to verify the signature of this document using only certificates
|
72
|
+
# installed on the system. This is equivalent to calling
|
73
|
+
# `verify_with certificates: []` (that is, an empty array).
|
74
|
+
#
|
75
|
+
def verify_signature
|
76
|
+
verify_with_certificates []
|
77
|
+
end
|
78
|
+
|
79
|
+
# Encrypts the current document, then returns it.
|
80
|
+
#
|
81
|
+
# Examples:
|
82
|
+
#
|
83
|
+
# # encrypt with a public key and optional key name
|
84
|
+
# doc.encrypt! key: 'public-key', name: 'name'
|
85
|
+
#
|
86
|
+
def encrypt! opts
|
87
|
+
if opts[:key]
|
88
|
+
encrypt_with_key opts[:name].to_s, opts[:key]
|
89
|
+
else
|
90
|
+
raise "private :key is required for encryption"
|
91
|
+
end
|
92
|
+
self
|
93
|
+
end
|
94
|
+
|
95
|
+
# Decrypts the current document, then returns it.
|
96
|
+
#
|
97
|
+
# Examples:
|
98
|
+
#
|
99
|
+
# # decrypt with a specific private key
|
100
|
+
# doc.decrypt! key: 'private-key'
|
101
|
+
#
|
102
|
+
def decrypt! opts
|
103
|
+
if opts[:key]
|
104
|
+
decrypt_with_key opts[:name].to_s, opts[:key]
|
105
|
+
else
|
106
|
+
raise 'inadequate options specified for decryption'
|
107
|
+
end
|
108
|
+
self
|
109
|
+
end
|
110
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'xmlsec/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "nokogiri-xmlsec"
|
8
|
+
spec.version = Xmlsec::VERSION
|
9
|
+
spec.authors = ["Colin MacKenzie IV"]
|
10
|
+
spec.email = ["sinisterchipmunk@gmail.com"]
|
11
|
+
spec.description = %q{Adds support to Ruby for encrypting, decrypting,
|
12
|
+
signing and validating the signatures of XML documents, according to the
|
13
|
+
[XML Encryption Syntax and Processing](http://www.w3.org/TR/xmlenc-core/)
|
14
|
+
standard, by wrapping around the [xmlsec](http://www.aleksey.com/xmlsec) C
|
15
|
+
library and adding relevant methods to `Nokogiri::XML::Document`.}
|
16
|
+
spec.summary = %q{Wrapper around http://www.aleksey.com/xmlsec to
|
17
|
+
support XML encryption, decryption, signing and signature validation in
|
18
|
+
Ruby}
|
19
|
+
spec.homepage = "https://github.com/sinisterchipmunk/xmlsec"
|
20
|
+
spec.license = "MIT"
|
21
|
+
|
22
|
+
spec.files = `git ls-files`.split($/)
|
23
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
24
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
25
|
+
spec.require_paths = ["lib"]
|
26
|
+
spec.extensions = %w{ext/nokogiri_ext_xmlsec/extconf.rb}
|
27
|
+
|
28
|
+
spec.add_dependency 'nokogiri'
|
29
|
+
|
30
|
+
spec.add_development_dependency "bundler", "~> 1.3"
|
31
|
+
spec.add_development_dependency "rake"
|
32
|
+
spec.add_development_dependency "rake-compiler"
|
33
|
+
spec.add_development_dependency "rspec"
|
34
|
+
spec.add_development_dependency "guard-rspec"
|
35
|
+
spec.add_development_dependency "guard-rake"
|
36
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIICLzCCAZgCCQCVuhhQ38rw0TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJV
|
3
|
+
UzEQMA4GA1UECAwHR2VvcmdpYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
|
4
|
+
dHkgTHRkMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTAgFw0xMzA1MjUxODQwMDRa
|
5
|
+
GA8zMDEyMDkyNTE4NDAwNFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3Jn
|
6
|
+
aWExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwO
|
7
|
+
d3d3Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSql
|
8
|
+
eymfHtzOeY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii
|
9
|
+
3fqGBiHMkZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQ
|
10
|
+
gSVEWpEpCSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAEwDQYJKoZIhvcNAQEFBQAD
|
11
|
+
gYEATyK/RlfpohUVimgFkycTF2hyusjctseXoZDCctgg/STMsL8iA0P9YB6k91GC
|
12
|
+
kWpwevuiwarD1MfSUV6goPINFkIBvfK+5R9lpHaTqqs615z8T9R5VJgaLcFe3tWd
|
13
|
+
7oq3V2q5Nl6MrZfXj2N07qe6/9zfdauxYO26vAEKCvIkbMo=
|
14
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,11 @@
|
|
1
|
+
-----BEGIN CERTIFICATE REQUEST-----
|
2
|
+
MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExITAf
|
3
|
+
BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOd3d3Lmdv
|
4
|
+
b2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSqleymfHtzO
|
5
|
+
eY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii3fqGBiHM
|
6
|
+
kZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQgSVEWpEp
|
7
|
+
CSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQB6
|
8
|
+
8K0q16EAkGoYLFHvVHxpqk+annbB8ZqpbV43T12Ngx7KiMsdTjrgho0lP/OllHcr
|
9
|
+
3vQ0yHnI1K1EeV9Q+/lXqaRl9ws3PL1QMOFm4XD1uIEPG+umRYgrjuZhFab+2Zfs
|
10
|
+
rgyILF2yRSy0oVeTBxVK5igV6qYcXFFBRIj7nnV8Jg==
|
11
|
+
-----END CERTIFICATE REQUEST-----
|
@@ -0,0 +1,15 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIICWwIBAAKBgQCxOKEqpXspnx7cznmPOlsr37I2Zms9l5yKPXc2bCu9cjBCpIL1
|
3
|
+
0J52MvaStDWmHBtAdIXIot36hgYhzJGWNgThlsAgv8DpiQsy6vaunGj1lLO9WZKP
|
4
|
+
oefS2qlfd78w5mWl2HxaEIElRFqRKQkqOetMdJkri5yWHUEM2fy+sb8WdQIDAQAB
|
5
|
+
AoGAB1d8PcMLPicsZSNcn9VgD4o93MkTakLMpmFzfdqvWTLQ0wHztvFEj0r/Mgar
|
6
|
+
Lk19x4bMQAqXPZitylqqMVndi9U8squvAvkZcgYL57MNQRgmLtjSMfk4wCY9ieDa
|
7
|
+
newt4cP7nGN/ZkU5R0lRMGExKSrMZW8HAkK4WJpbfnOpwGECQQDkoggBRH4aFlaj
|
8
|
+
Xhw+mSIxOpmzFBhXZ0z+bvoCipPKIhbnwKt0dupn0xAwatNmakBt0p46SFOgW8QQ
|
9
|
+
TV51G/bdAkEAxm8yEod77IM6bhLL+3h/nsGOGsA0xs22U6FBrz34Nvd4gwmICMcF
|
10
|
+
t4P3iHYzJfUt+Z2zv5ucX2tuD4uoWsqIeQJAercdZNDGfmoPBpC0yESZPaMebCgV
|
11
|
+
CJTBlq8qMcL/oDa75Jhdbp2FI0T+I36zCP1up4OsucuoVyHqEnX0hRcFYQJAD3Nz
|
12
|
+
E6xHAviI4S9HgNI2JbduiDi1I1G7Q7HHuox5ulX0pUdlt0E/+bUl3hNOEkOQC+Ky
|
13
|
+
r1W/jFKCJGW8ey1QCQJAYDh1BmlLswafEnkNmwydNz4gVflHJvsF8A1c2wJVytkT
|
14
|
+
3HVWvwOAfcumDNDNkSUJ+0DQs17qgOMCDwFgFzUb+Q==
|
15
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,18 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
Proc-Type: 4,ENCRYPTED
|
3
|
+
DEK-Info: DES-EDE3-CBC,6F8CC52C2E211FF4
|
4
|
+
|
5
|
+
T5g21oYrsS435g2GRNBFs+IwpKYAsF0RDt9SNuCXp6hD2MbcF3q8Su/wvj9inAZi
|
6
|
+
S7V8Qp8mmBsjo+vh0oTggVFmk7/fyTAa6ltQL+1UH7b8vecgGFKSBV8TG3+k9S4C
|
7
|
+
ZgXyR9pTgzQx+8M5LrnOnM8fpf638xouHvMo7zTFPhimehIMrMcXAyRZaRfcDhlg
|
8
|
+
YR+JRvSa0Q9vxhsC19fjfnlU7FdV8B9Ypo/+23TNmKpfU99oV6oPNoiWzkziKtvZ
|
9
|
+
mwYjrYw6r91ANFCRIux5+CjfOqVxissxzmZ5vyV89LoXjLAEDVmv2vJ+8w2b8zAN
|
10
|
+
FAXtcx74MutSQQBrG4xffwwRJwf0uPhzMohRoiholOoaMFSOFBasA+phn7hr7m9a
|
11
|
+
JWj4icCRVZlm+rztbbiapBUtm4ER1tdBGr84TgqasM5CK/qhXt9CCnUBRaimIwad
|
12
|
+
9dib2jnkzuqlyrdzLyaFU0IRSq+GQAK7sgya/V2q96lWdzejMGx/07hL6lvPY/h7
|
13
|
+
o8puMwpCK4XKYantqXL26oCxSgcrlA2nlR+SfmRKhwDwy8rPsTBm55BxwGr8Jj+9
|
14
|
+
6bY6VOR+vZkjSVDKNBOq8gUJvPksQV0CK0eSgPTli0ncCInzFPeLGISIa90rFD7I
|
15
|
+
97w/ZzTywVnTWO9DhedliwqDSOOYTdVoRfygQfpaFoa1aqR9tKWoc30kbqXvgvUR
|
16
|
+
mlDwiY1zxpKsTHKu7omf0bp5m8dlW4EarWgTsTRQ8EOHoIucgjdaSxPEDDi8WGOW
|
17
|
+
Nbqb2ZZz7wsIL71XgC13A+va1C0F709PK/Xnd5IwRf8=
|
18
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,15 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIICXgIBAAKBgQC15La+LSmHNUs/yqzSuzKdBUED1OfaOZpBp8zxAAQy7VlTrqRh
|
3
|
+
/eiJH3VSeRRZEygORvtLgi/teF2P+z/mfJ6IHIdCdkn8MF4CCCQKkjm7JKRrKfK5
|
4
|
+
fOUp1NZF22oP8x0L4j67NYCtR9F6KIkV5A6FPAZGI8nsHnyJzRwqmG2xbQIDAQAB
|
5
|
+
AoGBAJDT2UW3g/dqUc4rPExWTUiFJG0+mpVBhDd+ukmyL6W1Iojk53I2z25PJAVU
|
6
|
+
7wS1ohEsJ27J7Aty6Vx5Ozn0Q+zYVaKRSxcazNeGbwS0UaGrN0lMvWDs7RmVGCdx
|
7
|
+
bI2LUTQ88Bl94dW4QObAub+wMOL6xmVEVrJssZnm+CIqS2UBAkEA49QDNB//oHmi
|
8
|
+
iqD4SFotE8Lz80qBGHN15YIm80TKUR2k1LusZl6R5+2nYTF2vPsG+HGXPbkGhqTn
|
9
|
+
JL9GMBv7TQJBAMxinne8+bKTvOl/hhdAohFs7aHUBZhZOEuXIf1jYENASk2weYC6
|
10
|
+
95SlHvWcwPHfqVbpwt83sGL8aDm8CCPYPqECQQDEFRQQx72GC0oG0FYAR4RmbrLx
|
11
|
+
YN1NAwqkVmlZlIogWEgmQ8Q0cw5Ws+cMMrtEGTU9nN4TZGymc8TwjqNFAsA9AkEA
|
12
|
+
ol8Cp/uQn6cxIIt4Gsb1OkTAcJ0BKOxQhfT2QtiNJEBSB3BYxsVCZWvcsaGrwzw9
|
13
|
+
yteBQlZ6odkGcD+Kc/eaoQJAH+0a7jlHDu2VCHI63OiNZQJ8J9oxaPvWZyKYSaCO
|
14
|
+
iGvon/Z6KGQhXMedPDaCH7UjeMle5AVhjSrSvF6OglgZ9g==
|
15
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,6 @@
|
|
1
|
+
-----BEGIN PUBLIC KEY-----
|
2
|
+
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC15La+LSmHNUs/yqzSuzKdBUED
|
3
|
+
1OfaOZpBp8zxAAQy7VlTrqRh/eiJH3VSeRRZEygORvtLgi/teF2P+z/mfJ6IHIdC
|
4
|
+
dkn8MF4CCCQKkjm7JKRrKfK5fOUp1NZF22oP8x0L4j67NYCtR9F6KIkV5A6FPAZG
|
5
|
+
I8nsHnyJzRwqmG2xbQIDAQAB
|
6
|
+
-----END PUBLIC KEY-----
|
@@ -0,0 +1,24 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<Envelope xmlns="urn:envelope">
|
3
|
+
<Data>
|
4
|
+
Hello, World!
|
5
|
+
</Data>
|
6
|
+
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
7
|
+
<SignedInfo>
|
8
|
+
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
9
|
+
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
10
|
+
<Reference>
|
11
|
+
<Transforms>
|
12
|
+
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
13
|
+
</Transforms>
|
14
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
15
|
+
<DigestValue>Te51eBcV78RHrLH5Dv0P24r8vW8=</DigestValue>
|
16
|
+
</Reference>
|
17
|
+
</SignedInfo>
|
18
|
+
<SignatureValue>DPwu/iB8Sx21tywM69YUztjuMbKdAsfwOniDWlabk2jmEgbtwPlKFgZ9A5wdZbFj
|
19
|
+
D+SGQrv0y0d0UV8SBV5zeAeyyX7uwpm45iEbtQjirC6oaJ5Eu9caBCRqbcxNSTdR
|
20
|
+
yKGnO1r+dK/9T/MFANce39wBaeOUzo2qJe2128iWal4=</SignatureValue>
|
21
|
+
<KeyInfo>
|
22
|
+
<KeyName>test</KeyName>
|
23
|
+
</KeyInfo>
|
24
|
+
</Signature></Envelope>
|
@@ -0,0 +1,37 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<Envelope xmlns="urn:envelope">
|
3
|
+
<Data>
|
4
|
+
Hello, World!
|
5
|
+
</Data>
|
6
|
+
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
7
|
+
<SignedInfo>
|
8
|
+
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
9
|
+
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
10
|
+
<Reference>
|
11
|
+
<Transforms>
|
12
|
+
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
13
|
+
</Transforms>
|
14
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
15
|
+
<DigestValue>Te51eBcV78RHrLH5Dv0P24r8vW8=</DigestValue>
|
16
|
+
</Reference>
|
17
|
+
</SignedInfo>
|
18
|
+
<SignatureValue>FNY3KHaZF2vVo/WKCRftatol0c22ozKn7S6Uw+GGjfAodlZwSPU5yq6rbfEBpMIi
|
19
|
+
igz6OFpeB5fFOIJM7n428uT+tcE48AnmHvh2Dd+THs5NgGxIrogfYQGyzvX/GHox
|
20
|
+
bmLwCVE/mRMHEG3UY67WctjP5DaSk0VCANpMnBnn+g4=</SignatureValue>
|
21
|
+
<KeyInfo>
|
22
|
+
<X509Data>
|
23
|
+
<X509Certificate>MIICLzCCAZgCCQCVuhhQ38rw0TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJV
|
24
|
+
UzEQMA4GA1UECAwHR2VvcmdpYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
|
25
|
+
dHkgTHRkMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTAgFw0xMzA1MjUxODQwMDRa
|
26
|
+
GA8zMDEyMDkyNTE4NDAwNFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3Jn
|
27
|
+
aWExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwO
|
28
|
+
d3d3Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSql
|
29
|
+
eymfHtzOeY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii
|
30
|
+
3fqGBiHMkZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQ
|
31
|
+
gSVEWpEpCSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAEwDQYJKoZIhvcNAQEFBQAD
|
32
|
+
gYEATyK/RlfpohUVimgFkycTF2hyusjctseXoZDCctgg/STMsL8iA0P9YB6k91GC
|
33
|
+
kWpwevuiwarD1MfSUV6goPINFkIBvfK+5R9lpHaTqqs615z8T9R5VJgaLcFe3tWd
|
34
|
+
7oq3V2q5Nl6MrZfXj2N07qe6/9zfdauxYO26vAEKCvIkbMo=</X509Certificate>
|
35
|
+
</X509Data>
|
36
|
+
</KeyInfo>
|
37
|
+
</Signature></Envelope>
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "encryption and decryption:" do
|
4
|
+
subject do
|
5
|
+
Nokogiri::XML(fixture('sign2-doc.xml'))
|
6
|
+
end
|
7
|
+
|
8
|
+
describe 'encrypting with an RSA public key' do
|
9
|
+
before do
|
10
|
+
@original = subject.to_s
|
11
|
+
subject.encrypt! key: fixture('rsa.pub'), name: 'test'
|
12
|
+
end
|
13
|
+
|
14
|
+
# it generates a new key every time so will never match the fixture
|
15
|
+
specify { subject.to_s.should_not == @original }
|
16
|
+
specify { subject.to_s.should_not =~ /Hello.*World/i }
|
17
|
+
# specify { subject.to_s.should == fixture('encrypt2-result.xml') }
|
18
|
+
|
19
|
+
describe 'decrypting with the RSA private key' do
|
20
|
+
before do
|
21
|
+
subject.decrypt! key: fixture('rsa.pem'), name: 'test'
|
22
|
+
end
|
23
|
+
|
24
|
+
specify { subject.to_s.should == fixture('sign2-doc.xml') }
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
end
|
@@ -0,0 +1,70 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "signing and verifying signatures:" do
|
4
|
+
subject do
|
5
|
+
Nokogiri::XML(fixture('sign2-doc.xml'))
|
6
|
+
end
|
7
|
+
|
8
|
+
describe 'signing a document with an RSA key' do
|
9
|
+
before { subject.sign! key: fixture('rsa.pem'), name: 'test' }
|
10
|
+
|
11
|
+
it 'should produce a signed document' do
|
12
|
+
subject.to_s.should == fixture('sign2-result.xml')
|
13
|
+
end
|
14
|
+
|
15
|
+
describe 'verifying the document with a single public key' do
|
16
|
+
it 'should be valid' do
|
17
|
+
subject.verify_with(key: fixture('rsa.pub')).should == true
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
describe 'verifying the document with a set of keys' do
|
22
|
+
it 'should be valid' do
|
23
|
+
subject.verify_with({
|
24
|
+
'test' => fixture('rsa.pub')
|
25
|
+
}).should == true
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
describe 'signing a document with an RSA key and X509 certificate' do
|
31
|
+
before do
|
32
|
+
subject.sign! key: fixture('cert/server.key.decrypted'),
|
33
|
+
name: 'test',
|
34
|
+
x509: fixture('cert/server.crt')
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'should produce a signed document' do
|
38
|
+
subject.to_s.should == fixture('sign3-result.xml')
|
39
|
+
end
|
40
|
+
|
41
|
+
describe 'verifying the document with an array of X509 certificates' do
|
42
|
+
specify { subject.verify_with(x509: [fixture('cert/server.crt')]).should == true }
|
43
|
+
specify { subject.verify_with(certs: [fixture('cert/server.crt')]).should == true }
|
44
|
+
specify { subject.verify_with(certificates: [fixture('cert/server.crt')]).should == true }
|
45
|
+
|
46
|
+
it 'should verify using system certificates' do
|
47
|
+
# subject.verify_signature.should == true -- sort of.
|
48
|
+
unless subject.verify_signature
|
49
|
+
raise <<-end_error
|
50
|
+
Could not use system certificates to verify the signature.
|
51
|
+
Note that this may not be a failing spec. You should copy
|
52
|
+
or symlink the file `spec/fixtures/cert/server.crt` into
|
53
|
+
the directory shown by running `openssl version -d`. After
|
54
|
+
doing so, run `sudo c_rehash CERT_PATH`, where
|
55
|
+
CERT_PATH is the same directory you copied the certificate
|
56
|
+
into (/usr/lib/ssl/certs by default on Ubuntu). After doing
|
57
|
+
that, run this spec again and see if it passes.
|
58
|
+
end_error
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
describe 'verifying the document with one X509 certificate' do
|
64
|
+
specify { subject.verify_with(x509: fixture('cert/server.crt')).should == true }
|
65
|
+
specify { subject.verify_with(cert: fixture('cert/server.crt')).should == true }
|
66
|
+
specify { subject.verify_with(certificate: fixture('cert/server.crt')).should == true }
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
end
|