nokogiri-xmlsec1 0.0.6

data/ext/nokogiri_ext_xmlsec/init.c

@@ -0,0 +1,46 @@
+#include "xmlsecrb.h"
+
+void Init_nokogiri_ext_xmlsec() {
+  /* xmlsec proper */
+  // libxml
+  xmlInitParser();
+  LIBXML_TEST_VERSION
+  xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+  xmlSubstituteEntitiesDefault(1);
+  // xslt
+  #ifndef XMLSEC_NO_XSLT
+    xmlIndentTreeOutput = 1; 
+  #endif /* XMLSEC_NO_XSLT */
+  // xmlsec
+  if (xmlSecInit() < 0) {
+    rb_raise(rb_eRuntimeError, "xmlsec initialization failed");
+    return;
+  }
+  if (xmlSecCheckVersion() != 1) {
+    rb_raise(rb_eRuntimeError, "xmlsec version is not compatible");
+    return;
+  }
+  // load crypto
+  #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+    if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+      rb_raise(rb_eRuntimeError,
+        "Error: unable to load default xmlsec-crypto library. Make sure"
+        "that you have it installed and check shared libraries path\n"
+        "(LD_LIBRARY_PATH) envornment variable.\n");
+      return;
+    }
+  #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+  // init crypto
+  if (xmlSecCryptoAppInit(NULL) < 0) {
+    rb_raise(rb_eRuntimeError, "unable to initialize crypto engine");
+    return;
+  }
+  // init xmlsec-crypto library
+  if (xmlSecCryptoInit() < 0) {
+    rb_raise(rb_eRuntimeError, "xmlsec-crypto initialization failed");
+  }
+
+  /* ruby classes & objects */
+  Init_Nokogiri_ext();
+}
+

data/ext/nokogiri_ext_xmlsec/nokogiri_decrypt_with_key.c

@@ -0,0 +1,124 @@
+#include "xmlsecrb.h"
+
+static xmlSecKeysMngrPtr getKeyManager(char* keyStr, unsigned int keyLength, char *keyName) {
+  xmlSecKeysMngrPtr mngr;
+  xmlSecKeyPtr key;
+  
+  /* create and initialize keys manager, we use a simple list based
+   * keys manager, implement your own xmlSecKeysStore klass if you need
+   * something more sophisticated 
+   */
+  mngr = xmlSecKeysMngrCreate();
+  if(mngr == NULL) {
+    rb_raise(rb_eDecryptionError, "failed to create keys manager.");
+    return(NULL);
+  }
+  if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+    rb_raise(rb_eDecryptionError, "failed to initialize keys manager.");
+    xmlSecKeysMngrDestroy(mngr);
+    return(NULL);
+  }    
+  
+  /* load private RSA key */
+  // key = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+  key = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)keyStr,
+                                     keyLength,
+                                     xmlSecKeyDataFormatPem,
+                                     NULL, // password
+                                     NULL, NULL);
+  if(key == NULL) {
+    rb_raise(rb_eDecryptionError, "failed to load rsa key");
+    xmlSecKeysMngrDestroy(mngr);
+    return(NULL);
+  }
+
+  /* set key name to the file name, this is just an example! */
+  if(xmlSecKeySetName(key, BAD_CAST keyName) < 0) {
+    rb_raise(rb_eDecryptionError, "failed to set key name");
+    xmlSecKeyDestroy(key);  
+    xmlSecKeysMngrDestroy(mngr);
+    return(NULL);
+  }
+
+  /* add key to keys manager, from now on keys manager is responsible 
+   * for destroying key 
+   */
+  if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
+    rb_raise(rb_eDecryptionError, "failed to add key to keys manager");
+    xmlSecKeyDestroy(key);
+    xmlSecKeysMngrDestroy(mngr);
+    return(NULL);
+  }
+
+  return(mngr);
+}
+
+VALUE decrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key) {
+  xmlDocPtr doc;
+  xmlNodePtr node = NULL;
+  xmlSecEncCtxPtr encCtx = NULL;
+  xmlSecKeysMngrPtr keyManager = NULL;
+  char *key;
+  char *keyName;
+  unsigned int keyLength;
+
+  Check_Type(rb_key,      T_STRING);
+  Check_Type(rb_key_name, T_STRING);
+  Data_Get_Struct(self, xmlDoc, doc);
+  key       = RSTRING_PTR(rb_key);
+  keyLength = RSTRING_LEN(rb_key);
+  keyName   = RSTRING_PTR(rb_key_name);
+
+
+  // find start node
+  node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+  if(node == NULL) {
+      rb_raise(rb_eDecryptionError, "start node not found");
+      goto done;      
+  }
+
+  keyManager = getKeyManager(key, keyLength, keyName);
+  if (keyManager == NULL) {
+    rb_raise(rb_eEncryptionError, "failed to create key manager");
+    goto done;
+  }
+
+  // create encryption context
+  encCtx = xmlSecEncCtxCreate(keyManager);
+  if(encCtx == NULL) {
+    rb_raise(rb_eDecryptionError, "failed to create encryption context");
+    goto done;
+  }
+
+  // decrypt the data
+  if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) {
+    rb_raise(rb_eDecryptionError, "decryption failed");
+    goto done;
+  }
+
+  if(encCtx->resultReplaced == 0) {
+    fprintf(stdout, "Decrypted binary data (%d bytes):", xmlSecBufferGetSize(encCtx->result));
+    if(xmlSecBufferGetData(encCtx->result) != NULL) {
+      fwrite(xmlSecBufferGetData(encCtx->result), 
+             1, 
+             xmlSecBufferGetSize(encCtx->result),
+             stdout);
+      fprintf(stdout, "\n");
+    }
+
+    rb_raise(rb_eDecryptionError, "Not implemented: don't know how to handle decrypted, non-XML data yet");
+    goto done;
+  }
+
+done:    
+  // cleanup
+  if(encCtx != NULL) {
+    xmlSecEncCtxDestroy(encCtx);
+  }
+  
+  if (keyManager != NULL) {
+    xmlSecKeysMngrDestroy(keyManager);
+  }
+
+  return T_NIL;
+}

data/ext/nokogiri_ext_xmlsec/nokogiri_encrypt_with_key.c

@@ -0,0 +1,182 @@
+#include "xmlsecrb.h"
+
+static xmlSecKeysMngrPtr getKeyManager(char* keyStr, unsigned int keyLength, char *keyName) {
+  xmlSecKeysMngrPtr mngr;
+  xmlSecKeyPtr key;
+  
+  /* create and initialize keys manager, we use a simple list based
+   * keys manager, implement your own xmlSecKeysStore klass if you need
+   * something more sophisticated 
+   */
+  mngr = xmlSecKeysMngrCreate();
+  if(mngr == NULL) {
+    rb_raise(rb_eDecryptionError, "failed to create keys manager.");
+    return(NULL);
+  }
+  if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+    rb_raise(rb_eDecryptionError, "failed to initialize keys manager.");
+    xmlSecKeysMngrDestroy(mngr);
+    return(NULL);
+  }    
+  
+  /* load private RSA key */
+  // key = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+  key = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)keyStr,
+                                     keyLength,
+                                     xmlSecKeyDataFormatPem,
+                                     NULL, // password
+                                     NULL, NULL);
+  if(key == NULL) {
+    rb_raise(rb_eDecryptionError, "failed to load rsa key");
+    xmlSecKeysMngrDestroy(mngr);
+    return(NULL);
+  }
+
+  /* set key name to the file name, this is just an example! */
+  if(xmlSecKeySetName(key, BAD_CAST keyName) < 0) {
+    rb_raise(rb_eDecryptionError, "failed to set key name");
+    xmlSecKeyDestroy(key);  
+    xmlSecKeysMngrDestroy(mngr);
+    return(NULL);
+  }
+      
+  /* add key to keys manager, from now on keys manager is responsible 
+   * for destroying key 
+   */
+  if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
+    rb_raise(rb_eDecryptionError, "failed to add key to keys manager");
+    xmlSecKeyDestroy(key);
+    xmlSecKeysMngrDestroy(mngr);
+    return(NULL);
+  }
+
+  return(mngr);
+}
+
+VALUE encrypt_with_key(VALUE self, VALUE rb_key_name, VALUE rb_key) {
+  xmlDocPtr doc;
+  xmlNodePtr encDataNode = NULL;
+  xmlNodePtr encKeyNode  = NULL;
+  xmlNodePtr keyInfoNode = NULL;
+  xmlSecEncCtxPtr encCtx = NULL;
+  xmlSecKeysMngrPtr keyManager = NULL;
+  char *keyName;
+  char *key;
+  unsigned int keyLength;
+
+  Check_Type(rb_key_name, T_STRING);
+  Check_Type(rb_key,      T_STRING);
+  Data_Get_Struct(self, xmlDoc, doc);
+  key       = RSTRING_PTR(rb_key);
+  keyLength = RSTRING_LEN(rb_key);
+  keyName   = RSTRING_PTR(rb_key_name);
+
+  // create encryption template to encrypt XML file and replace 
+  // its content with encryption result
+  encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+                              NULL, xmlSecTypeEncElement, NULL, NULL);
+  if(encDataNode == NULL) {
+    rb_raise(rb_eEncryptionError, "failed to create encryption template");
+    goto done;
+  }
+
+  // we want to put encrypted data in the <enc:CipherValue/> node
+  if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
+    rb_raise(rb_eEncryptionError, "failed to add CipherValue node");
+    goto done;
+  }
+
+  // add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the
+  // signed document
+  keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
+  if(keyInfoNode == NULL) {
+    rb_raise(rb_eEncryptionError, "failed to add key info");
+    goto done;
+  }
+
+  if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+    rb_raise(rb_eEncryptionError, "failed to add key name");
+    goto done;
+  }
+
+  keyManager = getKeyManager(key, keyLength, keyName);
+  if (keyManager == NULL) {
+    rb_raise(rb_eEncryptionError, "failed to create key manager");
+    goto done;
+  }
+
+  // create encryption context, we don't need keys manager in this example
+  encCtx = xmlSecEncCtxCreate(keyManager);
+  if(encCtx == NULL) {
+    rb_raise(rb_eEncryptionError, "failed to create encryption context");
+    goto done;
+  }
+
+  // generate a 3DES key
+  // TODO make a note of this one, it lets us pass in key type and bits from ruby
+  encCtx->encKey = xmlSecKeyGenerateByName((xmlChar *)"des", 192,
+                                           xmlSecKeyDataTypeSession);
+
+  // encCtx->encKey = xmlSecKeyGenerate(xmlSecKeyDataDesId, 192,
+  //                                    xmlSecKeyDataTypeSession);
+  // encCtx->encKey = xmlSecAppCryptoKeyGenerate(xmlSecAppCmdLineParamGetString(&sessionKeyParam),
+  //                               NULL, xmlSecKeyDataTypeSession);
+  if(encCtx->encKey == NULL) {
+    rb_raise(rb_eDecryptionError, "failed to generate session des key");
+    goto done;
+  }
+
+  // set key name
+  if(xmlSecKeySetName(encCtx->encKey, (xmlSecByte *)keyName) < 0) {
+    rb_raise(rb_eEncryptionError, "failed to set key name to '%s'", keyName);
+    goto done;
+  }
+
+  // add <enc:EncryptedKey/> node to the <dsig:KeyInfo/> tag to include
+  // the session key
+  encKeyNode = xmlSecTmplKeyInfoAddEncryptedKey(keyInfoNode,
+                                       xmlSecTransformRsaPkcs1Id, // encMethodId encryptionMethod
+                                       NULL, // xmlChar *idAttribute
+                                       NULL, // xmlChar *typeAttribute
+                                       NULL  // xmlChar *recipient
+                                      );
+  if (encKeyNode == NULL) {
+    rb_raise(rb_eEncryptionError, "failed to add encrypted key node");
+    goto done;
+  }
+  if (xmlSecTmplEncDataEnsureCipherValue(encKeyNode) == NULL) {
+    rb_raise(rb_eEncryptionError, "failed to add encrypted cipher value");
+    goto done;
+  }
+
+  // encrypt the data
+  if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) {
+    rb_raise(rb_eEncryptionError, "encryption failed");
+    goto done;
+  }
+  
+  // the template is inserted in the doc, so don't free it
+  encDataNode = NULL;
+  encKeyNode = NULL;
+
+done:
+
+  /* cleanup */
+  if(encCtx != NULL) {
+    xmlSecEncCtxDestroy(encCtx);
+  }
+
+  if (encKeyNode != NULL) {
+    xmlFreeNode(encKeyNode);
+  }
+
+  if(encDataNode != NULL) {
+    xmlFreeNode(encDataNode);
+  }
+
+  if (keyManager != NULL) {
+    xmlSecKeysMngrDestroy(keyManager);
+  }
+
+  return T_NIL;
+}

data/ext/nokogiri_ext_xmlsec/nokogiri_helpers_set_attribute_id.c

@@ -0,0 +1,43 @@
+#include "xmlsecrb.h"
+
+VALUE set_id_attribute(VALUE self, VALUE rb_attr_name) {
+  xmlNodePtr node;
+  xmlAttrPtr attr;
+  xmlAttrPtr tmp;
+  xmlChar *name;
+  const xmlChar *idName;
+  
+  Data_Get_Struct(self, xmlNode, node);
+  Check_Type(rb_attr_name, T_STRING);
+  idName = (const xmlChar *)RSTRING_PTR(rb_attr_name);
+
+  // find pointer to id attribute
+  attr = xmlHasProp(node, idName);
+  if((attr == NULL) || (attr->children == NULL)) {
+    rb_raise(rb_eRuntimeError, "Can't find attribute to add register as id");
+    return Qfalse;
+  }
+  
+  // get the attribute (id) value
+  name = xmlNodeListGetString(node->doc, attr->children, 1);
+  if(name == NULL) {
+    rb_raise(rb_eRuntimeError, "Attribute %s has no value", idName);
+    return Qfalse;
+  }
+  
+  // check that we don't have that id already registered
+  tmp = xmlGetID(node->doc, name);
+  if(tmp != NULL) {
+    // rb_raise(rb_eRuntimeError, "Attribute %s is already an ID", idName);
+    xmlFree(name);
+    return Qfalse;
+  }
+  
+  // finally register id
+  xmlAddID(NULL, node->doc, name, attr);
+
+  // and do not forget to cleanup
+  xmlFree(name);
+
+  return Qtrue;
+}

data/ext/nokogiri_ext_xmlsec/nokogiri_init.c

@@ -0,0 +1,32 @@
+#include "xmlsecrb.h"
+
+VALUE rb_cNokogiri_XML_Document = T_NIL;
+VALUE rb_cNokogiri_XML_Node = T_NIL;
+VALUE rb_eSigningError = T_NIL;
+VALUE rb_eVerificationError = T_NIL;
+VALUE rb_eKeystoreError = T_NIL;
+VALUE rb_eEncryptionError = T_NIL;
+VALUE rb_eDecryptionError = T_NIL;
+
+void Init_Nokogiri_ext() {
+  VALUE XMLSec = rb_define_module("XMLSec");
+  VALUE Nokogiri = rb_define_module("Nokogiri");
+  VALUE Nokogiri_XML = rb_define_module_under(Nokogiri, "XML");
+  rb_cNokogiri_XML_Document = rb_const_get(Nokogiri_XML, rb_intern("Document"));
+  rb_cNokogiri_XML_Node = rb_const_get(Nokogiri_XML, rb_intern("Node"));
+
+  rb_define_method(rb_cNokogiri_XML_Document, "sign_with_key",            sign_with_key, 2);
+  rb_define_method(rb_cNokogiri_XML_Document, "sign_with_certificate",    sign_with_certificate, 3);
+  rb_define_method(rb_cNokogiri_XML_Document, "verify_with_rsa_key",      verify_signature_with_rsa_key, 1);
+  rb_define_method(rb_cNokogiri_XML_Document, "verify_with_named_keys",   verify_signature_with_named_keys, 1);
+  rb_define_method(rb_cNokogiri_XML_Document, "verify_with_certificates", verify_signature_with_certificates, 1);
+  rb_define_method(rb_cNokogiri_XML_Document, "encrypt_with_key",         encrypt_with_key, 2);
+  rb_define_method(rb_cNokogiri_XML_Document, "decrypt_with_key",         decrypt_with_key, 2);
+  rb_define_method(rb_cNokogiri_XML_Node,     "set_id_attribute",         set_id_attribute, 1);
+
+  rb_eSigningError      = rb_define_class_under(XMLSec, "SigningError",      rb_eRuntimeError);
+  rb_eVerificationError = rb_define_class_under(XMLSec, "VerificationError", rb_eRuntimeError);
+  rb_eKeystoreError     = rb_define_class_under(XMLSec, "KeystoreError",     rb_eRuntimeError);
+  rb_eEncryptionError   = rb_define_class_under(XMLSec, "EncryptionError",   rb_eRuntimeError);
+  rb_eDecryptionError   = rb_define_class_under(XMLSec, "DecryptionError",   rb_eRuntimeError);
+}

data/ext/nokogiri_ext_xmlsec/nokogiri_sign_certificate.c

@@ -0,0 +1,104 @@
+#include "xmlsecrb.h"
+
+VALUE sign_with_certificate(VALUE self, VALUE rb_key_name, VALUE rb_rsa_key, VALUE rb_cert) {
+  xmlDocPtr doc;
+  xmlNodePtr signNode = NULL;
+  xmlNodePtr refNode = NULL;
+  xmlNodePtr keyInfoNode = NULL;
+  xmlSecDSigCtxPtr dsigCtx = NULL;
+  char *keyName;
+  char *certificate;
+  char *rsaKey;
+  unsigned int rsaKeyLength, certificateLength;
+
+  Data_Get_Struct(self, xmlDoc, doc);
+  rsaKey = RSTRING_PTR(rb_rsa_key);
+  rsaKeyLength = RSTRING_LEN(rb_rsa_key);
+  keyName = RSTRING_PTR(rb_key_name);
+  certificate = RSTRING_PTR(rb_cert);
+  certificateLength = RSTRING_LEN(rb_cert);
+
+  // create signature template for RSA-SHA1 enveloped signature
+  signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
+                                         xmlSecTransformRsaSha1Id, NULL);
+  if (signNode == NULL) {
+    rb_raise(rb_eSigningError, "failed to create signature template");
+    goto done;
+  }
+
+  // add <dsig:Signature/> node to the doc
+  xmlAddChild(xmlDocGetRootElement(doc), signNode);
+
+  // add reference
+  refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
+                                        NULL, NULL, NULL);
+  if(refNode == NULL) {
+    rb_raise(rb_eSigningError, "failed to add reference to signature template");
+    goto done;
+  }
+
+  // add enveloped transform
+  if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
+    rb_raise(rb_eSigningError, "failed to add enveloped transform to reference");
+    goto done;
+  }
+
+  // add <dsig:KeyInfo/> and <dsig:X509Data/>
+  keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
+  if(keyInfoNode == NULL) {
+    rb_raise(rb_eSigningError, "failed to add key info");
+    goto done;
+  }
+  
+  if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
+    rb_raise(rb_eSigningError, "failed to add X509Data node");
+    goto done;
+  }
+
+  // create signature context, we don't need keys manager in this example
+  dsigCtx = xmlSecDSigCtxCreate(NULL);
+  if(dsigCtx == NULL) {
+    rb_raise(rb_eSigningError, "failed to create signature context");
+    goto done;
+  }
+
+  // load private key, assuming that there is not password
+  dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)rsaKey,
+                                                  rsaKeyLength,
+                                                  xmlSecKeyDataFormatPem,
+                                                  NULL, // password
+                                                  NULL,
+                                                  NULL);
+  if(dsigCtx->signKey == NULL) {
+    rb_raise(rb_eSigningError, "failed to load private key");
+    goto done;
+  }
+  
+  // load certificate and add to the key
+  if(xmlSecCryptoAppKeyCertLoadMemory(dsigCtx->signKey,
+                                      (xmlSecByte *)certificate,
+                                      certificateLength,
+                                      xmlSecKeyDataFormatPem) < 0) {
+    rb_raise(rb_eSigningError, "failed to load certificate");
+    goto done;
+  }
+
+  // set key name
+  if(xmlSecKeySetName(dsigCtx->signKey, (xmlSecByte *)keyName) < 0) {
+    rb_raise(rb_eSigningError, "failed to set key name");
+    goto done;
+  }
+
+  // sign the template
+  if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) {
+    rb_raise(rb_eSigningError, "signature failed");
+    goto done;
+  }
+
+done:
+  if(dsigCtx != NULL) {
+    xmlSecDSigCtxDestroy(dsigCtx);
+  }
+
+  return T_NIL;
+}