nokogiri-xmlsec 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +19 -0
  3. data/.rspec +2 -0
  4. data/Gemfile +4 -0
  5. data/Guardfile +13 -0
  6. data/LICENSE.txt +22 -0
  7. data/README.md +121 -0
  8. data/Rakefile +30 -0
  9. data/ext/nokogiri_ext_xmlsec/extconf.rb +20 -0
  10. data/ext/nokogiri_ext_xmlsec/init.c +46 -0
  11. data/ext/nokogiri_ext_xmlsec/nokogiri_decrypt_with_key.c +124 -0
  12. data/ext/nokogiri_ext_xmlsec/nokogiri_encrypt_with_key.c +182 -0
  13. data/ext/nokogiri_ext_xmlsec/nokogiri_init.c +29 -0
  14. data/ext/nokogiri_ext_xmlsec/nokogiri_sign_certificate.c +104 -0
  15. data/ext/nokogiri_ext_xmlsec/nokogiri_sign_rsa.c +95 -0
  16. data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_certificates.c +96 -0
  17. data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_named_keys.c +106 -0
  18. data/ext/nokogiri_ext_xmlsec/nokogiri_verify_signature_rsa.c +56 -0
  19. data/ext/nokogiri_ext_xmlsec/shutdown.c +12 -0
  20. data/ext/nokogiri_ext_xmlsec/xmlsecrb.h +38 -0
  21. data/lib/nokogiri-xmlsec.rb +1 -0
  22. data/lib/xmlsec.rb +110 -0
  23. data/lib/xmlsec/version.rb +3 -0
  24. data/nokogiri-xmlsec.gemspec +36 -0
  25. data/spec/fixtures/cert/server.crt +14 -0
  26. data/spec/fixtures/cert/server.csr +11 -0
  27. data/spec/fixtures/cert/server.key.decrypted +15 -0
  28. data/spec/fixtures/cert/server.key.encrypted +18 -0
  29. data/spec/fixtures/rsa.pem +15 -0
  30. data/spec/fixtures/rsa.pub +6 -0
  31. data/spec/fixtures/sign2-doc.xml +6 -0
  32. data/spec/fixtures/sign2-result.xml +24 -0
  33. data/spec/fixtures/sign3-result.xml +37 -0
  34. data/spec/lib/nokogiri/xml/document/encryption_and_decryption_spec.rb +28 -0
  35. data/spec/lib/nokogiri/xml/document/signing_and_verifying_spec.rb +70 -0
  36. data/spec/spec_helper.rb +10 -0
  37. metadata +196 -0
@@ -0,0 +1,12 @@
1
+ #include "xmlsecrb.h"
2
+
3
+ /* not actually called anywhere right now, but here for posterity */
4
+ void Shutdown_xmlsecrb() {
5
+ xmlSecCryptoShutdown();
6
+ xmlSecCryptoAppShutdown();
7
+ xmlSecShutdown();
8
+ xsltCleanupGlobals();
9
+ #ifndef XMLSEC_NO_XSLT
10
+ xsltCleanupGlobals();
11
+ #endif /* XMLSEC_NO_XSLT */
12
+ }
@@ -0,0 +1,38 @@
1
+ #ifndef XMLSECRB_H
2
+ #define XMLSECRB_H
3
+
4
+ #include <ruby.h>
5
+
6
+ #include <libxml/tree.h>
7
+ #include <libxml/xmlmemory.h>
8
+ #include <libxml/parser.h>
9
+ #include <libxml/xmlstring.h>
10
+
11
+ #include <libxslt/xslt.h>
12
+
13
+ #include <xmlsec/xmlsec.h>
14
+ #include <xmlsec/xmltree.h>
15
+ #include <xmlsec/xmldsig.h>
16
+ #include <xmlsec/xmlenc.h>
17
+ #include <xmlsec/templates.h>
18
+ #include <xmlsec/crypto.h>
19
+ #include <xmlsec/dl.h>
20
+
21
+ VALUE sign_with_key(VALUE self, VALUE rb_key_name, VALUE rb_rsa_key);
22
+ VALUE sign_with_certificate(VALUE self, VALUE rb_key_name, VALUE rb_rsa_key, VALUE rb_cert);
23
+ VALUE verify_signature_with_rsa_key(VALUE self, VALUE rb_rsa_key);
24
+ VALUE verify_signature_with_named_keys(VALUE self, VALUE rb_keys);
25
+ VALUE verify_signature_with_certificates(VALUE self, VALUE rb_certs);
26
+ VALUE encrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key);
27
+ VALUE decrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key);
28
+
29
+ void Init_Nokogiri_ext(void);
30
+
31
+ extern VALUE rb_cNokogiri_XML_Document;
32
+ extern VALUE rb_eSigningError;
33
+ extern VALUE rb_eVerificationError;
34
+ extern VALUE rb_eKeystoreError;
35
+ extern VALUE rb_eEncryptionError;
36
+ extern VALUE rb_eDecryptionError;
37
+
38
+ #endif // XMLSECRB_H
@@ -0,0 +1 @@
1
+ require 'xmlsec'
data/lib/xmlsec.rb ADDED
@@ -0,0 +1,110 @@
1
+ require "xmlsec/version"
2
+ require 'nokogiri'
3
+ require 'nokogiri_ext_xmlsec'
4
+
5
+ class Nokogiri::XML::Document
6
+ # Signs this document, and then returns it.
7
+ #
8
+ # Examples:
9
+ #
10
+ # doc.sign! key: 'rsa-private-key'
11
+ # doc.sign! key: 'rsa-private-key', name: 'key-name'
12
+ # doc.sign! x509: 'x509 certificate', key: 'cert private key'
13
+ # doc.sign! x509: 'x509 certificate', key: 'cert private key',
14
+ # name: 'key-name'
15
+ #
16
+ # You can also use `:cert` or `:certificate` as aliases for `:x509`.
17
+ #
18
+ def sign! opts
19
+ if (cert = opts[:x509]) || (cert = opts[:cert]) || (cert = opts[:certificate])
20
+ raise "need a private :key" unless opts[:key]
21
+ sign_with_certificate opts[:name].to_s, opts[:key], cert
22
+ elsif opts[:key]
23
+ sign_with_key opts[:name].to_s, opts[:key]
24
+ else
25
+ raise "No private :key was given"
26
+ end
27
+ self
28
+ end
29
+
30
+ # Verifies the signature on the current document.
31
+ #
32
+ # Returns `true` if the signature is valid, `false` otherwise.
33
+ #
34
+ # Examples:
35
+ #
36
+ # # Try to validate with the given public or private key
37
+ # doc.verify_with key: 'rsa-key'
38
+ #
39
+ # # Try to validate with a set of keys. It will try to match
40
+ # # based on the contents of the `KeyName` element.
41
+ # doc.verify_with({
42
+ # 'key-name' => 'x509 certificate',
43
+ # 'another-key-name' => 'rsa-public-key'
44
+ # })
45
+ #
46
+ # # Try to validate with a trusted certificate
47
+ # doc.verify_with(x509: 'certificate')
48
+ #
49
+ # # Try to validate with a set of certificates, any one of which
50
+ # # can match
51
+ # doc.verify_with(x509: ['cert1', 'cert2'])
52
+ #
53
+ # You can also use `:cert` or `:certificate` or `:certs` or
54
+ # `:certificates` as aliases for `:x509`.
55
+ #
56
+ def verify_with opts_or_keys
57
+ if (certs = opts_or_keys[:x509]) ||
58
+ (certs = opts_or_keys[:cert]) ||
59
+ (certs = opts_or_keys[:certs]) ||
60
+ (certs = opts_or_keys[:certificate]) ||
61
+ (certs = opts_or_keys[:certificates])
62
+ certs = [certs] unless certs.kind_of?(Array)
63
+ verify_with_certificates certs
64
+ elsif opts_or_keys[:key]
65
+ verify_with_rsa_key opts_or_keys[:key]
66
+ else
67
+ verify_with_named_keys opts_or_keys
68
+ end
69
+ end
70
+
71
+ # Attempts to verify the signature of this document using only certificates
72
+ # installed on the system. This is equivalent to calling
73
+ # `verify_with certificates: []` (that is, an empty array).
74
+ #
75
+ def verify_signature
76
+ verify_with_certificates []
77
+ end
78
+
79
+ # Encrypts the current document, then returns it.
80
+ #
81
+ # Examples:
82
+ #
83
+ # # encrypt with a public key and optional key name
84
+ # doc.encrypt! key: 'public-key', name: 'name'
85
+ #
86
+ def encrypt! opts
87
+ if opts[:key]
88
+ encrypt_with_key opts[:name].to_s, opts[:key]
89
+ else
90
+ raise "private :key is required for encryption"
91
+ end
92
+ self
93
+ end
94
+
95
+ # Decrypts the current document, then returns it.
96
+ #
97
+ # Examples:
98
+ #
99
+ # # decrypt with a specific private key
100
+ # doc.decrypt! key: 'private-key'
101
+ #
102
+ def decrypt! opts
103
+ if opts[:key]
104
+ decrypt_with_key opts[:name].to_s, opts[:key]
105
+ else
106
+ raise 'inadequate options specified for decryption'
107
+ end
108
+ self
109
+ end
110
+ end
@@ -0,0 +1,3 @@
1
+ module Xmlsec
2
+ VERSION = '0.0.3'
3
+ end
@@ -0,0 +1,36 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'xmlsec/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "nokogiri-xmlsec"
8
+ spec.version = Xmlsec::VERSION
9
+ spec.authors = ["Colin MacKenzie IV"]
10
+ spec.email = ["sinisterchipmunk@gmail.com"]
11
+ spec.description = %q{Adds support to Ruby for encrypting, decrypting,
12
+ signing and validating the signatures of XML documents, according to the
13
+ [XML Encryption Syntax and Processing](http://www.w3.org/TR/xmlenc-core/)
14
+ standard, by wrapping around the [xmlsec](http://www.aleksey.com/xmlsec) C
15
+ library and adding relevant methods to `Nokogiri::XML::Document`.}
16
+ spec.summary = %q{Wrapper around http://www.aleksey.com/xmlsec to
17
+ support XML encryption, decryption, signing and signature validation in
18
+ Ruby}
19
+ spec.homepage = "https://github.com/sinisterchipmunk/xmlsec"
20
+ spec.license = "MIT"
21
+
22
+ spec.files = `git ls-files`.split($/)
23
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
24
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
25
+ spec.require_paths = ["lib"]
26
+ spec.extensions = %w{ext/nokogiri_ext_xmlsec/extconf.rb}
27
+
28
+ spec.add_dependency 'nokogiri'
29
+
30
+ spec.add_development_dependency "bundler", "~> 1.3"
31
+ spec.add_development_dependency "rake"
32
+ spec.add_development_dependency "rake-compiler"
33
+ spec.add_development_dependency "rspec"
34
+ spec.add_development_dependency "guard-rspec"
35
+ spec.add_development_dependency "guard-rake"
36
+ end
@@ -0,0 +1,14 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIICLzCCAZgCCQCVuhhQ38rw0TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJV
3
+ UzEQMA4GA1UECAwHR2VvcmdpYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
4
+ dHkgTHRkMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTAgFw0xMzA1MjUxODQwMDRa
5
+ GA8zMDEyMDkyNTE4NDAwNFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3Jn
6
+ aWExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwO
7
+ d3d3Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSql
8
+ eymfHtzOeY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii
9
+ 3fqGBiHMkZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQ
10
+ gSVEWpEpCSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAEwDQYJKoZIhvcNAQEFBQAD
11
+ gYEATyK/RlfpohUVimgFkycTF2hyusjctseXoZDCctgg/STMsL8iA0P9YB6k91GC
12
+ kWpwevuiwarD1MfSUV6goPINFkIBvfK+5R9lpHaTqqs615z8T9R5VJgaLcFe3tWd
13
+ 7oq3V2q5Nl6MrZfXj2N07qe6/9zfdauxYO26vAEKCvIkbMo=
14
+ -----END CERTIFICATE-----
@@ -0,0 +1,11 @@
1
+ -----BEGIN CERTIFICATE REQUEST-----
2
+ MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExITAf
3
+ BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOd3d3Lmdv
4
+ b2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSqleymfHtzO
5
+ eY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii3fqGBiHM
6
+ kZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQgSVEWpEp
7
+ CSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQB6
8
+ 8K0q16EAkGoYLFHvVHxpqk+annbB8ZqpbV43T12Ngx7KiMsdTjrgho0lP/OllHcr
9
+ 3vQ0yHnI1K1EeV9Q+/lXqaRl9ws3PL1QMOFm4XD1uIEPG+umRYgrjuZhFab+2Zfs
10
+ rgyILF2yRSy0oVeTBxVK5igV6qYcXFFBRIj7nnV8Jg==
11
+ -----END CERTIFICATE REQUEST-----
@@ -0,0 +1,15 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIICWwIBAAKBgQCxOKEqpXspnx7cznmPOlsr37I2Zms9l5yKPXc2bCu9cjBCpIL1
3
+ 0J52MvaStDWmHBtAdIXIot36hgYhzJGWNgThlsAgv8DpiQsy6vaunGj1lLO9WZKP
4
+ oefS2qlfd78w5mWl2HxaEIElRFqRKQkqOetMdJkri5yWHUEM2fy+sb8WdQIDAQAB
5
+ AoGAB1d8PcMLPicsZSNcn9VgD4o93MkTakLMpmFzfdqvWTLQ0wHztvFEj0r/Mgar
6
+ Lk19x4bMQAqXPZitylqqMVndi9U8squvAvkZcgYL57MNQRgmLtjSMfk4wCY9ieDa
7
+ newt4cP7nGN/ZkU5R0lRMGExKSrMZW8HAkK4WJpbfnOpwGECQQDkoggBRH4aFlaj
8
+ Xhw+mSIxOpmzFBhXZ0z+bvoCipPKIhbnwKt0dupn0xAwatNmakBt0p46SFOgW8QQ
9
+ TV51G/bdAkEAxm8yEod77IM6bhLL+3h/nsGOGsA0xs22U6FBrz34Nvd4gwmICMcF
10
+ t4P3iHYzJfUt+Z2zv5ucX2tuD4uoWsqIeQJAercdZNDGfmoPBpC0yESZPaMebCgV
11
+ CJTBlq8qMcL/oDa75Jhdbp2FI0T+I36zCP1up4OsucuoVyHqEnX0hRcFYQJAD3Nz
12
+ E6xHAviI4S9HgNI2JbduiDi1I1G7Q7HHuox5ulX0pUdlt0E/+bUl3hNOEkOQC+Ky
13
+ r1W/jFKCJGW8ey1QCQJAYDh1BmlLswafEnkNmwydNz4gVflHJvsF8A1c2wJVytkT
14
+ 3HVWvwOAfcumDNDNkSUJ+0DQs17qgOMCDwFgFzUb+Q==
15
+ -----END RSA PRIVATE KEY-----
@@ -0,0 +1,18 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ Proc-Type: 4,ENCRYPTED
3
+ DEK-Info: DES-EDE3-CBC,6F8CC52C2E211FF4
4
+
5
+ T5g21oYrsS435g2GRNBFs+IwpKYAsF0RDt9SNuCXp6hD2MbcF3q8Su/wvj9inAZi
6
+ S7V8Qp8mmBsjo+vh0oTggVFmk7/fyTAa6ltQL+1UH7b8vecgGFKSBV8TG3+k9S4C
7
+ ZgXyR9pTgzQx+8M5LrnOnM8fpf638xouHvMo7zTFPhimehIMrMcXAyRZaRfcDhlg
8
+ YR+JRvSa0Q9vxhsC19fjfnlU7FdV8B9Ypo/+23TNmKpfU99oV6oPNoiWzkziKtvZ
9
+ mwYjrYw6r91ANFCRIux5+CjfOqVxissxzmZ5vyV89LoXjLAEDVmv2vJ+8w2b8zAN
10
+ FAXtcx74MutSQQBrG4xffwwRJwf0uPhzMohRoiholOoaMFSOFBasA+phn7hr7m9a
11
+ JWj4icCRVZlm+rztbbiapBUtm4ER1tdBGr84TgqasM5CK/qhXt9CCnUBRaimIwad
12
+ 9dib2jnkzuqlyrdzLyaFU0IRSq+GQAK7sgya/V2q96lWdzejMGx/07hL6lvPY/h7
13
+ o8puMwpCK4XKYantqXL26oCxSgcrlA2nlR+SfmRKhwDwy8rPsTBm55BxwGr8Jj+9
14
+ 6bY6VOR+vZkjSVDKNBOq8gUJvPksQV0CK0eSgPTli0ncCInzFPeLGISIa90rFD7I
15
+ 97w/ZzTywVnTWO9DhedliwqDSOOYTdVoRfygQfpaFoa1aqR9tKWoc30kbqXvgvUR
16
+ mlDwiY1zxpKsTHKu7omf0bp5m8dlW4EarWgTsTRQ8EOHoIucgjdaSxPEDDi8WGOW
17
+ Nbqb2ZZz7wsIL71XgC13A+va1C0F709PK/Xnd5IwRf8=
18
+ -----END RSA PRIVATE KEY-----
@@ -0,0 +1,15 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIICXgIBAAKBgQC15La+LSmHNUs/yqzSuzKdBUED1OfaOZpBp8zxAAQy7VlTrqRh
3
+ /eiJH3VSeRRZEygORvtLgi/teF2P+z/mfJ6IHIdCdkn8MF4CCCQKkjm7JKRrKfK5
4
+ fOUp1NZF22oP8x0L4j67NYCtR9F6KIkV5A6FPAZGI8nsHnyJzRwqmG2xbQIDAQAB
5
+ AoGBAJDT2UW3g/dqUc4rPExWTUiFJG0+mpVBhDd+ukmyL6W1Iojk53I2z25PJAVU
6
+ 7wS1ohEsJ27J7Aty6Vx5Ozn0Q+zYVaKRSxcazNeGbwS0UaGrN0lMvWDs7RmVGCdx
7
+ bI2LUTQ88Bl94dW4QObAub+wMOL6xmVEVrJssZnm+CIqS2UBAkEA49QDNB//oHmi
8
+ iqD4SFotE8Lz80qBGHN15YIm80TKUR2k1LusZl6R5+2nYTF2vPsG+HGXPbkGhqTn
9
+ JL9GMBv7TQJBAMxinne8+bKTvOl/hhdAohFs7aHUBZhZOEuXIf1jYENASk2weYC6
10
+ 95SlHvWcwPHfqVbpwt83sGL8aDm8CCPYPqECQQDEFRQQx72GC0oG0FYAR4RmbrLx
11
+ YN1NAwqkVmlZlIogWEgmQ8Q0cw5Ws+cMMrtEGTU9nN4TZGymc8TwjqNFAsA9AkEA
12
+ ol8Cp/uQn6cxIIt4Gsb1OkTAcJ0BKOxQhfT2QtiNJEBSB3BYxsVCZWvcsaGrwzw9
13
+ yteBQlZ6odkGcD+Kc/eaoQJAH+0a7jlHDu2VCHI63OiNZQJ8J9oxaPvWZyKYSaCO
14
+ iGvon/Z6KGQhXMedPDaCH7UjeMle5AVhjSrSvF6OglgZ9g==
15
+ -----END RSA PRIVATE KEY-----
@@ -0,0 +1,6 @@
1
+ -----BEGIN PUBLIC KEY-----
2
+ MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC15La+LSmHNUs/yqzSuzKdBUED
3
+ 1OfaOZpBp8zxAAQy7VlTrqRh/eiJH3VSeRRZEygORvtLgi/teF2P+z/mfJ6IHIdC
4
+ dkn8MF4CCCQKkjm7JKRrKfK5fOUp1NZF22oP8x0L4j67NYCtR9F6KIkV5A6FPAZG
5
+ I8nsHnyJzRwqmG2xbQIDAQAB
6
+ -----END PUBLIC KEY-----
@@ -0,0 +1,6 @@
1
+ <?xml version="1.0"?>
2
+ <Envelope xmlns="urn:envelope">
3
+ <Data>
4
+ Hello, World!
5
+ </Data>
6
+ </Envelope>
@@ -0,0 +1,24 @@
1
+ <?xml version="1.0"?>
2
+ <Envelope xmlns="urn:envelope">
3
+ <Data>
4
+ Hello, World!
5
+ </Data>
6
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
7
+ <SignedInfo>
8
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
9
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
10
+ <Reference>
11
+ <Transforms>
12
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
13
+ </Transforms>
14
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
15
+ <DigestValue>Te51eBcV78RHrLH5Dv0P24r8vW8=</DigestValue>
16
+ </Reference>
17
+ </SignedInfo>
18
+ <SignatureValue>DPwu/iB8Sx21tywM69YUztjuMbKdAsfwOniDWlabk2jmEgbtwPlKFgZ9A5wdZbFj
19
+ D+SGQrv0y0d0UV8SBV5zeAeyyX7uwpm45iEbtQjirC6oaJ5Eu9caBCRqbcxNSTdR
20
+ yKGnO1r+dK/9T/MFANce39wBaeOUzo2qJe2128iWal4=</SignatureValue>
21
+ <KeyInfo>
22
+ <KeyName>test</KeyName>
23
+ </KeyInfo>
24
+ </Signature></Envelope>
@@ -0,0 +1,37 @@
1
+ <?xml version="1.0"?>
2
+ <Envelope xmlns="urn:envelope">
3
+ <Data>
4
+ Hello, World!
5
+ </Data>
6
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
7
+ <SignedInfo>
8
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
9
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
10
+ <Reference>
11
+ <Transforms>
12
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
13
+ </Transforms>
14
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
15
+ <DigestValue>Te51eBcV78RHrLH5Dv0P24r8vW8=</DigestValue>
16
+ </Reference>
17
+ </SignedInfo>
18
+ <SignatureValue>FNY3KHaZF2vVo/WKCRftatol0c22ozKn7S6Uw+GGjfAodlZwSPU5yq6rbfEBpMIi
19
+ igz6OFpeB5fFOIJM7n428uT+tcE48AnmHvh2Dd+THs5NgGxIrogfYQGyzvX/GHox
20
+ bmLwCVE/mRMHEG3UY67WctjP5DaSk0VCANpMnBnn+g4=</SignatureValue>
21
+ <KeyInfo>
22
+ <X509Data>
23
+ <X509Certificate>MIICLzCCAZgCCQCVuhhQ38rw0TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJV
24
+ UzEQMA4GA1UECAwHR2VvcmdpYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
25
+ dHkgTHRkMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTAgFw0xMzA1MjUxODQwMDRa
26
+ GA8zMDEyMDkyNTE4NDAwNFowWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3Jn
27
+ aWExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwO
28
+ d3d3Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALE4oSql
29
+ eymfHtzOeY86WyvfsjZmaz2XnIo9dzZsK71yMEKkgvXQnnYy9pK0NaYcG0B0hcii
30
+ 3fqGBiHMkZY2BOGWwCC/wOmJCzLq9q6caPWUs71Zko+h59LaqV93vzDmZaXYfFoQ
31
+ gSVEWpEpCSo560x0mSuLnJYdQQzZ/L6xvxZ1AgMBAAEwDQYJKoZIhvcNAQEFBQAD
32
+ gYEATyK/RlfpohUVimgFkycTF2hyusjctseXoZDCctgg/STMsL8iA0P9YB6k91GC
33
+ kWpwevuiwarD1MfSUV6goPINFkIBvfK+5R9lpHaTqqs615z8T9R5VJgaLcFe3tWd
34
+ 7oq3V2q5Nl6MrZfXj2N07qe6/9zfdauxYO26vAEKCvIkbMo=</X509Certificate>
35
+ </X509Data>
36
+ </KeyInfo>
37
+ </Signature></Envelope>
@@ -0,0 +1,28 @@
1
+ require 'spec_helper'
2
+
3
+ describe "encryption and decryption:" do
4
+ subject do
5
+ Nokogiri::XML(fixture('sign2-doc.xml'))
6
+ end
7
+
8
+ describe 'encrypting with an RSA public key' do
9
+ before do
10
+ @original = subject.to_s
11
+ subject.encrypt! key: fixture('rsa.pub'), name: 'test'
12
+ end
13
+
14
+ # it generates a new key every time so will never match the fixture
15
+ specify { subject.to_s.should_not == @original }
16
+ specify { subject.to_s.should_not =~ /Hello.*World/i }
17
+ # specify { subject.to_s.should == fixture('encrypt2-result.xml') }
18
+
19
+ describe 'decrypting with the RSA private key' do
20
+ before do
21
+ subject.decrypt! key: fixture('rsa.pem'), name: 'test'
22
+ end
23
+
24
+ specify { subject.to_s.should == fixture('sign2-doc.xml') }
25
+ end
26
+ end
27
+
28
+ end
@@ -0,0 +1,70 @@
1
+ require 'spec_helper'
2
+
3
+ describe "signing and verifying signatures:" do
4
+ subject do
5
+ Nokogiri::XML(fixture('sign2-doc.xml'))
6
+ end
7
+
8
+ describe 'signing a document with an RSA key' do
9
+ before { subject.sign! key: fixture('rsa.pem'), name: 'test' }
10
+
11
+ it 'should produce a signed document' do
12
+ subject.to_s.should == fixture('sign2-result.xml')
13
+ end
14
+
15
+ describe 'verifying the document with a single public key' do
16
+ it 'should be valid' do
17
+ subject.verify_with(key: fixture('rsa.pub')).should == true
18
+ end
19
+ end
20
+
21
+ describe 'verifying the document with a set of keys' do
22
+ it 'should be valid' do
23
+ subject.verify_with({
24
+ 'test' => fixture('rsa.pub')
25
+ }).should == true
26
+ end
27
+ end
28
+ end
29
+
30
+ describe 'signing a document with an RSA key and X509 certificate' do
31
+ before do
32
+ subject.sign! key: fixture('cert/server.key.decrypted'),
33
+ name: 'test',
34
+ x509: fixture('cert/server.crt')
35
+ end
36
+
37
+ it 'should produce a signed document' do
38
+ subject.to_s.should == fixture('sign3-result.xml')
39
+ end
40
+
41
+ describe 'verifying the document with an array of X509 certificates' do
42
+ specify { subject.verify_with(x509: [fixture('cert/server.crt')]).should == true }
43
+ specify { subject.verify_with(certs: [fixture('cert/server.crt')]).should == true }
44
+ specify { subject.verify_with(certificates: [fixture('cert/server.crt')]).should == true }
45
+
46
+ it 'should verify using system certificates' do
47
+ # subject.verify_signature.should == true -- sort of.
48
+ unless subject.verify_signature
49
+ raise <<-end_error
50
+ Could not use system certificates to verify the signature.
51
+ Note that this may not be a failing spec. You should copy
52
+ or symlink the file `spec/fixtures/cert/server.crt` into
53
+ the directory shown by running `openssl version -d`. After
54
+ doing so, run `sudo c_rehash CERT_PATH`, where
55
+ CERT_PATH is the same directory you copied the certificate
56
+ into (/usr/lib/ssl/certs by default on Ubuntu). After doing
57
+ that, run this spec again and see if it passes.
58
+ end_error
59
+ end
60
+ end
61
+ end
62
+
63
+ describe 'verifying the document with one X509 certificate' do
64
+ specify { subject.verify_with(x509: fixture('cert/server.crt')).should == true }
65
+ specify { subject.verify_with(cert: fixture('cert/server.crt')).should == true }
66
+ specify { subject.verify_with(certificate: fixture('cert/server.crt')).should == true }
67
+ end
68
+ end
69
+
70
+ end