pki_express 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +1 -1
- data/lib/pki_express.rb +11 -0
- data/lib/pki_express/cades_signature.rb +89 -0
- data/lib/pki_express/digest_algorithm.rb +119 -0
- data/lib/pki_express/digest_algorithm_and_value.rb +31 -0
- data/lib/pki_express/oids.rb +31 -0
- data/lib/pki_express/pades_signature.rb +17 -0
- data/lib/pki_express/pades_signature_explorer.rb +31 -0
- data/lib/pki_express/pades_signer_info.rb +10 -0
- data/lib/pki_express/pk_algorithms.rb +158 -0
- data/lib/pki_express/signature_algorithm_and_value.rb +35 -0
- data/lib/pki_express/signature_explorer.rb +75 -0
- data/lib/pki_express/signature_policy_identifier.rb +21 -0
- data/lib/pki_express/validation_item.rb +2 -2
- data/lib/pki_express/validation_results.rb +4 -4
- data/lib/pki_express/version.rb +1 -1
- metadata +13 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 62e8fe6ca919ebd787bc53af1453f8bc5633f6d8437ec678b8dcf421a2da559a
|
4
|
+
data.tar.gz: 12d99c86baf13854de2452e758fea64e88a8f90ef5a76be2bed5e5ca8b994492
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 93d0eb30b2d51e8fe39984adb0c341648d2c7c380e46be338c1aca4586607bf99ec7e6b462bdbac3951da8b0bc51614a3a03238bbdefa49b097e620611837612
|
7
|
+
data.tar.gz: e387615c1393793df5cc6d3cb63f0da8920d9e8379e77587a94877e9f4e77fbfc7b6c584ecfc16744d04fccd710775410ddc00c7cb12f6e35298b1bf36c51d27
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -7,7 +7,7 @@ This library contains classes that encapsulate the calls to PKI Express.
|
|
7
7
|
The recommended way to install **PKI Expresss lib** is through setting in your Gemfile:
|
8
8
|
|
9
9
|
````ruby
|
10
|
-
gem 'pki_express', '~> 1.
|
10
|
+
gem 'pki_express', '~> 1.2.0'
|
11
11
|
````
|
12
12
|
|
13
13
|
And with installing via [Bundler](http://bundler.io/) on your project root folder:
|
data/lib/pki_express.rb
CHANGED
@@ -1,19 +1,25 @@
|
|
1
1
|
require_relative 'pki_express/pki_express_config'
|
2
2
|
require_relative 'pki_express/pki_express_operator'
|
3
3
|
require_relative 'pki_express/enum'
|
4
|
+
require_relative 'pki_express/pk_algorithms'
|
4
5
|
require_relative 'pki_express/base_signer'
|
5
6
|
require_relative 'pki_express/signature_starter'
|
7
|
+
require_relative 'pki_express/signature_explorer'
|
6
8
|
require_relative 'pki_express/signer'
|
7
9
|
require_relative 'pki_express/auth_complete_result'
|
8
10
|
require_relative 'pki_express/auth_start_result'
|
9
11
|
require_relative 'pki_express/authentication'
|
12
|
+
require_relative 'pki_express/cades_signature'
|
10
13
|
require_relative 'pki_express/cades_signature_starter'
|
11
14
|
require_relative 'pki_express/check_service_result'
|
12
15
|
require_relative 'pki_express/command_error'
|
13
16
|
require_relative 'pki_express/commands'
|
17
|
+
require_relative 'pki_express/digest_algorithm'
|
18
|
+
require_relative 'pki_express/digest_algorithm_and_value'
|
14
19
|
require_relative 'pki_express/discovery_service_result'
|
15
20
|
require_relative 'pki_express/error_codes'
|
16
21
|
require_relative 'pki_express/installation_not_found_error'
|
22
|
+
require_relative 'pki_express/oids'
|
17
23
|
require_relative 'pki_express/name'
|
18
24
|
require_relative 'pki_express/pades_certification_level'
|
19
25
|
require_relative 'pki_express/pades_horizontal_align'
|
@@ -21,8 +27,11 @@ require_relative 'pki_express/pades_measurement_units'
|
|
21
27
|
require_relative 'pki_express/pades_page_optimization'
|
22
28
|
require_relative 'pki_express/pades_page_optimization'
|
23
29
|
require_relative 'pki_express/pades_paper_size'
|
30
|
+
require_relative 'pki_express/pades_signature'
|
31
|
+
require_relative 'pki_express/pades_signature_explorer'
|
24
32
|
require_relative 'pki_express/pades_signature_starter'
|
25
33
|
require_relative 'pki_express/pades_signer'
|
34
|
+
require_relative 'pki_express/pades_signer_info'
|
26
35
|
require_relative 'pki_express/pades_size'
|
27
36
|
require_relative 'pki_express/pades_text_horizontal_align'
|
28
37
|
require_relative 'pki_express/pades_vertical_align'
|
@@ -38,7 +47,9 @@ require_relative 'pki_express/pki_brazil_certificate_fields'
|
|
38
47
|
require_relative 'pki_express/pki_brazil_certificate_types'
|
39
48
|
require_relative 'pki_express/pki_italy_certificate_fields'
|
40
49
|
require_relative 'pki_express/pki_italy_certificate_types'
|
50
|
+
require_relative 'pki_express/signature_algorithm_and_value'
|
41
51
|
require_relative 'pki_express/signature_finisher'
|
52
|
+
require_relative 'pki_express/signature_policy_identifier'
|
42
53
|
require_relative 'pki_express/signature_start_result'
|
43
54
|
require_relative 'pki_express/standard_signature_policies'
|
44
55
|
require_relative 'pki_express/timestamp_authority'
|
@@ -0,0 +1,89 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
class CadesSignature
|
3
|
+
attr_accessor :encapsulated_content_type, :has_encapsulated_content, :signers
|
4
|
+
|
5
|
+
def initialize(model)
|
6
|
+
@encapsulated_content_type = nil
|
7
|
+
@has_encapsulated_content = nil
|
8
|
+
@signers = []
|
9
|
+
|
10
|
+
unless model.nil?
|
11
|
+
@encapsulated_content_type = model.fetch(:encapsulatedContentType)
|
12
|
+
@has_encapsulated_content = model.fetch(:hasEncapsulatedContent)
|
13
|
+
|
14
|
+
signers = model.fetch(:signers)
|
15
|
+
if signers
|
16
|
+
@signers = signers.map { |s| CadesSignerInfo.new(s) }
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
|
23
|
+
class CadesTimestamp < CadesSignature
|
24
|
+
attr_accessor :gen_time, :serial_number, :message_imprint
|
25
|
+
|
26
|
+
def initialize(model)
|
27
|
+
super(model)
|
28
|
+
@gen_time = nil
|
29
|
+
@serial_number = nil
|
30
|
+
@message_imprint = nil
|
31
|
+
@gen_time = model.fetch(:genTime)
|
32
|
+
@serial_number = model.fetch(:serialNumber)
|
33
|
+
@message_imprint = model.fetch(:messageImprint)
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
|
38
|
+
class CadesSignerInfo
|
39
|
+
attr_accessor :signing_time, :certified_date_reference, :message_digest
|
40
|
+
attr_accessor :signature, :certificate, :signature_policy, :timestamps
|
41
|
+
attr_accessor :validation_results
|
42
|
+
|
43
|
+
def initialize(model)
|
44
|
+
@signing_time = nil
|
45
|
+
@certified_date_reference = nil
|
46
|
+
@message_digest = nil
|
47
|
+
@signature = nil
|
48
|
+
@certificate = nil
|
49
|
+
@signature_policy = nil
|
50
|
+
@timestamps = []
|
51
|
+
@validation_results = nil
|
52
|
+
|
53
|
+
unless model.nil?
|
54
|
+
@certified_date_reference = model.fetch(:certifiedDateReference)
|
55
|
+
@signing_time = model.fetch(:signingTime)
|
56
|
+
|
57
|
+
message_digest = model.fetch(:messageDigest)
|
58
|
+
if message_digest
|
59
|
+
@message_digest = DigestAlgorithmAndValue.new(message_digest)
|
60
|
+
end
|
61
|
+
|
62
|
+
signature = model.fetch(:signature)
|
63
|
+
if signature
|
64
|
+
@signature = SignatureAlgorithmAndValue.new(signature)
|
65
|
+
end
|
66
|
+
|
67
|
+
certificate = model.fetch(:certificate)
|
68
|
+
if certificate
|
69
|
+
@certificate = PKCertificate.new(certificate)
|
70
|
+
end
|
71
|
+
|
72
|
+
signature_policy = model.fetch(:signaturePolicy)
|
73
|
+
if signature_policy
|
74
|
+
@signature_policy = SignaturePolicyIdentifier.new(signature_policy)
|
75
|
+
end
|
76
|
+
|
77
|
+
timestamps = model.fetch(:timestamps)
|
78
|
+
if timestamps
|
79
|
+
@timestamps = timestamps.map { |t| CadesTimestamp.new(t) }
|
80
|
+
end
|
81
|
+
|
82
|
+
validation_results = model.fetch(:validationResults)
|
83
|
+
if validation_results
|
84
|
+
@validation_results = ValidationResults.new(validation_results)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
@@ -0,0 +1,119 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
class DigestAlgorithms < Enum
|
3
|
+
MD5 = 'MD5'
|
4
|
+
SHA1 = 'SHA1'
|
5
|
+
SHA256 = 'SHA256'
|
6
|
+
SHA384 = 'SHA384'
|
7
|
+
SHA512 = 'SHA512'
|
8
|
+
end
|
9
|
+
|
10
|
+
class DigestAlgorithm
|
11
|
+
attr_accessor :byte_length, :api_model, :xml_uri, :oid, :name
|
12
|
+
def initialize(name, oid, byte_length, api_model, xml_uri)
|
13
|
+
@name = name
|
14
|
+
@oid = oid
|
15
|
+
@byte_length = byte_length
|
16
|
+
@api_model = api_model
|
17
|
+
@xml_uri = xml_uri
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.md5
|
21
|
+
unless @md5
|
22
|
+
@md5 = new(
|
23
|
+
DigestAlgorithms::MD5,
|
24
|
+
Oids::MD5,
|
25
|
+
16,
|
26
|
+
'md5',
|
27
|
+
'http://www.w3.org/2001/04/xmldsig-more#md5')
|
28
|
+
end
|
29
|
+
@md5
|
30
|
+
end
|
31
|
+
|
32
|
+
def self.sha1
|
33
|
+
unless @sha1
|
34
|
+
@sha1 = new(
|
35
|
+
DigestAlgorithms::SHA1,
|
36
|
+
Oids::SHA1,
|
37
|
+
20,
|
38
|
+
'sha1',
|
39
|
+
'http://www.w3.org/2000/09/xmldsig#sha1')
|
40
|
+
end
|
41
|
+
@sha1
|
42
|
+
end
|
43
|
+
|
44
|
+
def self.sha256
|
45
|
+
unless @sha256
|
46
|
+
@sha256 = new(
|
47
|
+
DigestAlgorithms::SHA256,
|
48
|
+
Oids::SHA256,
|
49
|
+
32,
|
50
|
+
'sha256',
|
51
|
+
'http://www.w3.org/2001/04/xmlenc#sha256')
|
52
|
+
end
|
53
|
+
@sha256
|
54
|
+
end
|
55
|
+
|
56
|
+
def self.sha384
|
57
|
+
unless @sha384
|
58
|
+
@sha384 = new(
|
59
|
+
DigestAlgorithms::SHA384,
|
60
|
+
Oids::SHA384,
|
61
|
+
48,
|
62
|
+
'sha384',
|
63
|
+
'http://www.w3.org/2001/04/xmldsig-more#sha384')
|
64
|
+
end
|
65
|
+
@sha384
|
66
|
+
end
|
67
|
+
|
68
|
+
def self.sha512
|
69
|
+
unless @sha512
|
70
|
+
@sha512 = new(
|
71
|
+
DigestAlgorithms::SHA512,
|
72
|
+
Oids::SHA512,
|
73
|
+
64,
|
74
|
+
'sha512',
|
75
|
+
'http://www.w3.org/2001/04/xmlenc#sha512')
|
76
|
+
end
|
77
|
+
@sha512
|
78
|
+
end
|
79
|
+
|
80
|
+
def self.get_algorithms
|
81
|
+
return [md5, sha1, sha256, sha384, sha512]
|
82
|
+
end
|
83
|
+
private_class_method :get_algorithms, :new
|
84
|
+
|
85
|
+
class << DigestAlgorithm
|
86
|
+
def get_instance_by_name(name)
|
87
|
+
algorithms = get_algorithms
|
88
|
+
unless algorithms.select{|v| v.name == name}.empty?
|
89
|
+
return algorithms.select{|v| v.name == name}.first
|
90
|
+
end
|
91
|
+
raise 'Unrecognized digest algorithm name: ' + name
|
92
|
+
end
|
93
|
+
|
94
|
+
def get_instance_by_oid(oid)
|
95
|
+
algorithms = get_algorithms
|
96
|
+
unless algorithms.select{|v| v.oid == oid}.empty?
|
97
|
+
return algorithms.select{|v| v.oid == oid}.first
|
98
|
+
end
|
99
|
+
raise 'Unrecognized digest algorithm oid: ' + oid
|
100
|
+
end
|
101
|
+
|
102
|
+
def get_instance_by_xml_uri(xml_uri)
|
103
|
+
algorithms = get_algorithms
|
104
|
+
unless algorithms.select{|v| v.xml_uri == xml_uri}.empty?
|
105
|
+
return algorithms.select{|v| v.xml_uri == xml_uri}.first
|
106
|
+
end
|
107
|
+
raise 'Unrecognized digest algorithm XML URI: ' + xml_uri
|
108
|
+
end
|
109
|
+
|
110
|
+
def get_instance_by_api_model(api_model)
|
111
|
+
algorithms = get_algorithms
|
112
|
+
unless algorithms.select{|v| v.api_model.downcase == api_model.downcase}.empty?
|
113
|
+
return algorithms.select{|v| v.api_model.downcase == api_model.downcase}.first
|
114
|
+
end
|
115
|
+
raise 'Unrecognized digest algorithm: ' + api_model
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
class DigestAlgorithmAndValue
|
3
|
+
attr_accessor :algorithm, :value
|
4
|
+
def initialize(model)
|
5
|
+
@algorithm = nil
|
6
|
+
@value = nil
|
7
|
+
|
8
|
+
unless model.nil?
|
9
|
+
value = model.fetch(:value)
|
10
|
+
algorithm = model.fetch(:algorithm)
|
11
|
+
if value.nil?
|
12
|
+
raise 'The value was not set'
|
13
|
+
end
|
14
|
+
if algorithm.nil?
|
15
|
+
raise 'The algorithm was not set'
|
16
|
+
end
|
17
|
+
|
18
|
+
@value = Base64.decode64(value).bytes
|
19
|
+
@algorithm = DigestAlgorithm.get_instance_by_api_model(algorithm)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
def hex_value
|
24
|
+
@value.map { |b| b.to_s(16).rjust(2,'0') }.join.upcase
|
25
|
+
end
|
26
|
+
|
27
|
+
def hex_value=(value)
|
28
|
+
@value = [value].pack('H*').unpack('C*')
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
|
3
|
+
class Oids < Enum
|
4
|
+
# region Digest Algorithms
|
5
|
+
MD5 = '1.2.840.113549.2.5'
|
6
|
+
SHA1 = '1.3.14.3.2.26'
|
7
|
+
# SHA224 = '2.16.840.1.101.3.4.2.4', # RFC 3874 section 4
|
8
|
+
SHA256 = '2.16.840.1.101.3.4.2.1'
|
9
|
+
SHA384 = '2.16.840.1.101.3.4.2.2'
|
10
|
+
SHA512 = '2.16.840.1.101.3.4.2.3'
|
11
|
+
# endregion
|
12
|
+
|
13
|
+
# region Signature Algorithms
|
14
|
+
MD2_WITH_RSA = '1.2.840.113549.1.1.2'
|
15
|
+
MD5_WITH_RSA = '1.2.840.113549.1.1.4'
|
16
|
+
SHA1_WITH_RSA = '1.2.840.113549.1.1.5'
|
17
|
+
SHA256_WITH_RSA = '1.2.840.113549.1.1.11'
|
18
|
+
SHA384_WITH_RSA = '1.2.840.113549.1.1.12'
|
19
|
+
SHA512_WITH_RSA = '1.2.840.113549.1.1.13'
|
20
|
+
|
21
|
+
SHA1_WITH_DSA = '1.2.840.10040.4.3' # RFC 3279 section 2.2.2
|
22
|
+
# SHA224_WITH_DSA = '2.16.840.1.101.3.4.3.1' # RFC 5758 section 3.1
|
23
|
+
SHA256_WITH_DSA = '2.16.840.1.101.3.4.3.2' # RFC 5758 section 3.1
|
24
|
+
# endregion
|
25
|
+
|
26
|
+
# region Asymmetric Algorithms
|
27
|
+
RSA = '1.2.840.113549.1.1.1' # RFC 3279 section 2.3.1
|
28
|
+
DSA = '1.2.840.10040.4.1' # RFC 3279 section 2.3.2
|
29
|
+
# endregion
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
class PadesSignature
|
3
|
+
attr_accessor :signers
|
4
|
+
|
5
|
+
def initialize(model)
|
6
|
+
@signers = []
|
7
|
+
|
8
|
+
unless model.nil?
|
9
|
+
signers = model.fetch(:signers)
|
10
|
+
if signers
|
11
|
+
@signers = signers.map { |s| PadesSignerInfo.new(s) }
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
class PadesSignatureExplorer < SignatureExplorer
|
3
|
+
|
4
|
+
def initialize(config=PkiExpressConfig.new)
|
5
|
+
super(config)
|
6
|
+
end
|
7
|
+
|
8
|
+
def open()
|
9
|
+
if @signature_file_path.nil?
|
10
|
+
raise 'The signature file was not set'
|
11
|
+
end
|
12
|
+
|
13
|
+
args = [@signature_file_path]
|
14
|
+
|
15
|
+
# Verify and add common options
|
16
|
+
verify_and_add_common_options(args)
|
17
|
+
|
18
|
+
# This operation can only be used on versions greater
|
19
|
+
# than 1.3 of the PKI Express.
|
20
|
+
@version_manager.require_version('1.3')
|
21
|
+
|
22
|
+
# Invoke command.
|
23
|
+
result = invoke(Commands::OPEN_PADES, args)
|
24
|
+
|
25
|
+
# Parse output and return model.
|
26
|
+
model = parse_output(result)
|
27
|
+
PadesSignature.new(model)
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,10 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
class PadesSignerInfo < CadesSignerInfo
|
3
|
+
attr_accessor :is_document_timestamp, :signature_file_name
|
4
|
+
def initialize(model)
|
5
|
+
super(model)
|
6
|
+
@is_document_timestamp = model.fetch(:isDocumentTimestamp)
|
7
|
+
@signature_field_name = model.fetch(:signatureFieldName)
|
8
|
+
end
|
9
|
+
end
|
10
|
+
end
|
@@ -0,0 +1,158 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
class SignatureAlgorithms < Enum
|
3
|
+
MD5_WITH_RSA = 'MD5WithRSA'
|
4
|
+
SHA1_WITH_RSA = 'SHA1WithRSA'
|
5
|
+
SHA256_WITH_RSA = 'SHA256WithRSA'
|
6
|
+
SHA384_WITH_RSA = 'SHA384WithRSA'
|
7
|
+
SHA512_WITH_RSA = 'SHA512WithRSA'
|
8
|
+
end
|
9
|
+
|
10
|
+
class PKAlgorithms < Enum
|
11
|
+
RSA = 'RSA'
|
12
|
+
end
|
13
|
+
|
14
|
+
class SignatureAlgorithm
|
15
|
+
attr_accessor :name, :oid, :xml_uri, :digest_algorithm, :pk_algorithm
|
16
|
+
|
17
|
+
def initialize(name, oid, xml_uri, digest_algorithm, pk_algorithm)
|
18
|
+
@name = name
|
19
|
+
@oid = oid
|
20
|
+
@xml_uri = xml_uri
|
21
|
+
@digest_algorithm = digest_algorithm
|
22
|
+
@pk_algorithm = pk_algorithm
|
23
|
+
end
|
24
|
+
|
25
|
+
def md5_with_rsa
|
26
|
+
unless @md5_with_rsa
|
27
|
+
@md5_with_rsa = RSASignatureAlgorithm.new(DigestAlgorithm.md5)
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
def sha1_with_rsa
|
32
|
+
unless @sha1_with_rsa
|
33
|
+
@sha1_with_rsa = RSASignatureAlgorithm.new(DigestAlgorithm.sha1)
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
def sha256_with_rsa
|
38
|
+
unless @sha256_with_rsa
|
39
|
+
@sha256_with_rsa = RSASignatureAlgorithm.new(DigestAlgorithm.sha256)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def sha384_with_rsa
|
44
|
+
unless @sha384_with_rsa
|
45
|
+
@sha384_with_rsa = RSASignatureAlgorithm.new(DigestAlgorithm.sha384)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def sha512_with_rsa
|
50
|
+
unless @sha512_with_rsa
|
51
|
+
@sha512_with_rsa = RSASignatureAlgorithm.new(DigestAlgorithm.sha512)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def self.algorithms
|
56
|
+
return [md5_with_rsa, sha1_with_rsa, sha256_with_rsa, sha384_with_rsa, sha512_with_rsa]
|
57
|
+
end
|
58
|
+
|
59
|
+
def self.safe_algorithms
|
60
|
+
return [sha1_with_rsa, sha256_with_rsa, sha384_with_rsa, sha512_with_rsa]
|
61
|
+
end
|
62
|
+
private_class_method :algorithms, :safe_algorithms, :new
|
63
|
+
|
64
|
+
class << SignatureAlgorithm
|
65
|
+
def get_instance_by_name(name)
|
66
|
+
algorithms
|
67
|
+
unless @algorithms.select{|v| v.name == name}.empty?
|
68
|
+
return @algorithms.select{|v| v.name == name}.first
|
69
|
+
end
|
70
|
+
raise 'Unrecognized signature algorithm name: ' + name
|
71
|
+
end
|
72
|
+
|
73
|
+
def get_instance_by_oid(oid)
|
74
|
+
algorithms
|
75
|
+
unless @algorithms.select{|v| v.oid == oid}.empty?
|
76
|
+
return @algorithms.select{|v| v.oid == oid}.first
|
77
|
+
end
|
78
|
+
raise 'Unrecognized signature algorithm oid: ' + oid
|
79
|
+
end
|
80
|
+
|
81
|
+
def get_instance_by_xml_uri(xml_uri)
|
82
|
+
algorithms
|
83
|
+
unless @algorithms.select{|v| v.xml_uri == xml_uri}.empty?
|
84
|
+
return @algorithms.select{|v| v.xml_uri == xml_uri}.first
|
85
|
+
end
|
86
|
+
raise 'Unrecognized signature algorithm XML URI: ' + xml_uri
|
87
|
+
end
|
88
|
+
|
89
|
+
def get_instance_by_api_model(api_model)
|
90
|
+
algorithms
|
91
|
+
unless @algorithms.select{|v| v.api_model.downcase == api_model.downcase}.empty?
|
92
|
+
return @algorithms.select{|v| v.api_model.downcase == api_model.downcase}.first
|
93
|
+
end
|
94
|
+
raise 'Unrecognized signature algorithm: ' + api_model
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
class RSASignatureAlgorithm < SignatureAlgorithm
|
100
|
+
def initialize(digest_algorithm)
|
101
|
+
case digest_algorithm
|
102
|
+
when DigestAlgorithm.md5
|
103
|
+
xml_uri = xml_uri = 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5'
|
104
|
+
oid = Oids::MD5_WITH_RSA
|
105
|
+
when DigestAlgorithm.sha1
|
106
|
+
xml_uri = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
|
107
|
+
oid = Oids::SHA1_WITH_RSA
|
108
|
+
when DigestAlgorithm.sha256
|
109
|
+
xml_uri = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
|
110
|
+
oid = Oids::SHA256_WITH_RSA
|
111
|
+
when DigestAlgorithm.sha384
|
112
|
+
xml_uri = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
|
113
|
+
oid = Oids::SHA384_WITH_RSA
|
114
|
+
when DigestAlgorithm.sha512
|
115
|
+
xml_uri = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
|
116
|
+
oid = Oids::SHA512_WITH_RSA
|
117
|
+
else
|
118
|
+
raise 'Unsupported digest algorithms: ' + digest_algorithm.oid
|
119
|
+
end
|
120
|
+
|
121
|
+
super(
|
122
|
+
digest_algorithm.name + " with RSA",
|
123
|
+
oid,
|
124
|
+
xml_uri,
|
125
|
+
digest_algorithm,
|
126
|
+
PKAlgorithms::RSA)
|
127
|
+
end
|
128
|
+
end
|
129
|
+
|
130
|
+
class PKAlgorithm
|
131
|
+
attr_accessor :name, :oid
|
132
|
+
|
133
|
+
def initialize(name, oid)
|
134
|
+
@name = name
|
135
|
+
@oid = oid
|
136
|
+
end
|
137
|
+
|
138
|
+
def rsa
|
139
|
+
RSAPKAlgorithm.new
|
140
|
+
end
|
141
|
+
|
142
|
+
def self.algorithms
|
143
|
+
return [rsa]
|
144
|
+
end
|
145
|
+
private_class_method :new, :algorithms
|
146
|
+
end
|
147
|
+
|
148
|
+
class RSAPKAlgorithm < PKAlgorithm
|
149
|
+
def initialize
|
150
|
+
super(PKAlgorithms::RSA, Oids::RSA)
|
151
|
+
end
|
152
|
+
class << RSAPKAlgorithm
|
153
|
+
def get_signature_algorithm(digest_algorithm)
|
154
|
+
RSASignatureAlgorithm.new(digest_algorithm)
|
155
|
+
end
|
156
|
+
end
|
157
|
+
end
|
158
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
|
3
|
+
class SignatureAlgorithmAndValue
|
4
|
+
attr_accessor :algorithm, :value
|
5
|
+
def initialize(model)
|
6
|
+
@algorithm = nil
|
7
|
+
@value = nil
|
8
|
+
algorithm_identifier = nil
|
9
|
+
|
10
|
+
unless model.nil?
|
11
|
+
value = model.fetch(:value)
|
12
|
+
if value.nil?
|
13
|
+
raise 'The value was not set'
|
14
|
+
end
|
15
|
+
@value = Base64.decode64(value).bytes
|
16
|
+
|
17
|
+
algorithm_identifier = model.fetch(:algorithmIdentifier)
|
18
|
+
if algorithm_identifier.nil?
|
19
|
+
algorithm = model.fetch(:algorithm)
|
20
|
+
unless algorithm.nil?
|
21
|
+
@algorithm = DigestAlgorithm.get_instance_by_api_model(algorithm)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def hex_value
|
28
|
+
@value.map { |b| b.to_s(16).rjust(2,'0') }.join.upcase
|
29
|
+
end
|
30
|
+
|
31
|
+
def hex_value=(value)
|
32
|
+
@value = [value].pack('H*').unpack('C*')
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
class SignatureExplorer < PkiExpressOperator
|
3
|
+
attr_accessor :validate
|
4
|
+
|
5
|
+
def initialize(config=PkiExpressConfig.new)
|
6
|
+
super(config)
|
7
|
+
@signature_file_path = nil
|
8
|
+
@validate = nil
|
9
|
+
end
|
10
|
+
|
11
|
+
# region The "signature_file" accessors
|
12
|
+
|
13
|
+
def signature_file=(content_raw)
|
14
|
+
_set_signature_file(content_raw)
|
15
|
+
end
|
16
|
+
|
17
|
+
def _set_signature_file(content_raw)
|
18
|
+
unless content_raw
|
19
|
+
raise 'The provided "signature_file" is not valid'
|
20
|
+
end
|
21
|
+
|
22
|
+
temp_file_path = self.create_temp_file
|
23
|
+
File.open(temp_file_path, 'wb') do |f|
|
24
|
+
f.write(content_raw)
|
25
|
+
end
|
26
|
+
@signature_file_path = temp_file_path
|
27
|
+
end
|
28
|
+
private :_set_signature_file
|
29
|
+
|
30
|
+
def signature_file_base64=(content_base64)
|
31
|
+
_set_signature_file_base64(content_base64)
|
32
|
+
end
|
33
|
+
|
34
|
+
def _set_signature_file_base64(content_base64)
|
35
|
+
unless content_base64
|
36
|
+
raise 'The provided "signature_file_base64" is not valid'
|
37
|
+
end
|
38
|
+
|
39
|
+
begin
|
40
|
+
content_raw = Base64.decode64(content_base64)
|
41
|
+
rescue Error
|
42
|
+
raise 'The provided "signature_file_base64" is not Base64-encoded'
|
43
|
+
end
|
44
|
+
|
45
|
+
_set_signature_file(content_raw)
|
46
|
+
end
|
47
|
+
private :_set_signature_file_base64
|
48
|
+
|
49
|
+
def signature_file_path=(path)
|
50
|
+
_set_signature_file_path(path)
|
51
|
+
end
|
52
|
+
|
53
|
+
def _set_signature_file_path(path)
|
54
|
+
unless path
|
55
|
+
raise 'The provided "signature_file_path" is not valid'
|
56
|
+
end
|
57
|
+
unless File.exists?(path)
|
58
|
+
raise 'The provided "signature_file_path" does not exist'
|
59
|
+
end
|
60
|
+
@signature_file_path = path
|
61
|
+
end
|
62
|
+
private :_set_signature_file_path
|
63
|
+
|
64
|
+
# endregion
|
65
|
+
|
66
|
+
def verify_and_add_common_options(args)
|
67
|
+
if @validate
|
68
|
+
args << '--validate'
|
69
|
+
# This operation can only be on versions greater
|
70
|
+
# than 1.3 of the PKI Express.
|
71
|
+
@version_manager.require_version('1.3')
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module PkiExpress
|
2
|
+
class SignaturePolicyIdentifier
|
3
|
+
attr_accessor :digest, :oid, :uri
|
4
|
+
|
5
|
+
def initialize(model)
|
6
|
+
@digest = nil
|
7
|
+
@oid = nil
|
8
|
+
@uri = nil
|
9
|
+
|
10
|
+
unless model.nil?
|
11
|
+
digest = model.fetch(:digest)
|
12
|
+
unless digest.nil?
|
13
|
+
DigestAlgorithmAndValue.new(digest)
|
14
|
+
end
|
15
|
+
oid = model.fetch(:oid)
|
16
|
+
uri = model.fetch(:uri)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
21
|
+
end
|
@@ -26,14 +26,14 @@ module PkiExpress
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def to_s(indentation_level=0)
|
29
|
-
tab =
|
29
|
+
tab = "\t" * indentation_level
|
30
30
|
text = tab + @message
|
31
31
|
if @detail
|
32
32
|
text += " (#{@detail})"
|
33
33
|
end
|
34
34
|
|
35
35
|
if @inner_validation_results
|
36
|
-
text +=
|
36
|
+
text += "\n"
|
37
37
|
text += @inner_validation_results.to_s(indentation_level + 1)
|
38
38
|
end
|
39
39
|
|
@@ -31,7 +31,7 @@ module PkiExpress
|
|
31
31
|
end
|
32
32
|
|
33
33
|
def to_s(indentation_level = 0)
|
34
|
-
item_indent =
|
34
|
+
item_indent = "\t" * indentation_level
|
35
35
|
text = ''
|
36
36
|
|
37
37
|
text += get_summary(indentation_level)
|
@@ -70,7 +70,7 @@ module PkiExpress
|
|
70
70
|
end
|
71
71
|
|
72
72
|
def get_summary(indentation_level=0)
|
73
|
-
item_indent =
|
73
|
+
item_indent = "\t" * indentation_level
|
74
74
|
text = "#{item_indent}Validation Results: "
|
75
75
|
|
76
76
|
if checks_performed == 0
|
@@ -102,13 +102,13 @@ module PkiExpress
|
|
102
102
|
def join_items(items, indentation_level=0)
|
103
103
|
text = ''
|
104
104
|
is_first = true
|
105
|
-
item_indent =
|
105
|
+
item_indent = "\t" * indentation_level
|
106
106
|
|
107
107
|
items.each do |i|
|
108
108
|
if is_first
|
109
109
|
is_first = false
|
110
110
|
else
|
111
|
-
text +=
|
111
|
+
text += "\n"
|
112
112
|
end
|
113
113
|
text += item_indent + '- '
|
114
114
|
text += i.to_s(indentation_level)
|
data/lib/pki_express/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pki_express
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ismael Medeiros
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-01-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -56,23 +56,30 @@ files:
|
|
56
56
|
- lib/pki_express/auth_start_result.rb
|
57
57
|
- lib/pki_express/authentication.rb
|
58
58
|
- lib/pki_express/base_signer.rb
|
59
|
+
- lib/pki_express/cades_signature.rb
|
59
60
|
- lib/pki_express/cades_signature_starter.rb
|
60
61
|
- lib/pki_express/check_service_result.rb
|
61
62
|
- lib/pki_express/command_error.rb
|
62
63
|
- lib/pki_express/commands.rb
|
64
|
+
- lib/pki_express/digest_algorithm.rb
|
65
|
+
- lib/pki_express/digest_algorithm_and_value.rb
|
63
66
|
- lib/pki_express/discovery_service_result.rb
|
64
67
|
- lib/pki_express/enum.rb
|
65
68
|
- lib/pki_express/error_codes.rb
|
66
69
|
- lib/pki_express/installation_not_found_error.rb
|
67
70
|
- lib/pki_express/name.rb
|
71
|
+
- lib/pki_express/oids.rb
|
68
72
|
- lib/pki_express/pades_certification_level.rb
|
69
73
|
- lib/pki_express/pades_horizontal_align.rb
|
70
74
|
- lib/pki_express/pades_measurement_units.rb
|
71
75
|
- lib/pki_express/pades_page_optimization.rb
|
72
76
|
- lib/pki_express/pades_page_orientation.rb
|
73
77
|
- lib/pki_express/pades_paper_size.rb
|
78
|
+
- lib/pki_express/pades_signature.rb
|
79
|
+
- lib/pki_express/pades_signature_explorer.rb
|
74
80
|
- lib/pki_express/pades_signature_starter.rb
|
75
81
|
- lib/pki_express/pades_signer.rb
|
82
|
+
- lib/pki_express/pades_signer_info.rb
|
76
83
|
- lib/pki_express/pades_size.rb
|
77
84
|
- lib/pki_express/pades_text_horizontal_align.rb
|
78
85
|
- lib/pki_express/pades_vertical_align.rb
|
@@ -83,6 +90,7 @@ files:
|
|
83
90
|
- lib/pki_express/pades_visual_rectangle.rb
|
84
91
|
- lib/pki_express/pades_visual_representation.rb
|
85
92
|
- lib/pki_express/pades_visual_text.rb
|
93
|
+
- lib/pki_express/pk_algorithms.rb
|
86
94
|
- lib/pki_express/pk_certificate.rb
|
87
95
|
- lib/pki_express/pki_brazil_certificate_fields.rb
|
88
96
|
- lib/pki_express/pki_brazil_certificate_types.rb
|
@@ -90,7 +98,10 @@ files:
|
|
90
98
|
- lib/pki_express/pki_express_operator.rb
|
91
99
|
- lib/pki_express/pki_italy_certificate_fields.rb
|
92
100
|
- lib/pki_express/pki_italy_certificate_types.rb
|
101
|
+
- lib/pki_express/signature_algorithm_and_value.rb
|
102
|
+
- lib/pki_express/signature_explorer.rb
|
93
103
|
- lib/pki_express/signature_finisher.rb
|
104
|
+
- lib/pki_express/signature_policy_identifier.rb
|
94
105
|
- lib/pki_express/signature_start_result.rb
|
95
106
|
- lib/pki_express/signature_starter.rb
|
96
107
|
- lib/pki_express/signer.rb
|