rest_pki 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: efdf855b8c7a4a0f5884d7cbb7ae6237f57ef12a7b8e5fb9e3f97fd3b559cba4
+  data.tar.gz: f4ae7fd56adca41b9be2723d376a98adc4d054b6cf1a837b9c2f9dce9af65f32
+SHA512:
+  metadata.gz: 958e4840d4e0eaaaadf0fcc7e5eaa12bbc8c89480f9393feda3c57004617c5ce729ef8d7ded10573202946e648a91f8a887666faef8e24fdea0d7cc700c13725
+  data.tar.gz: 97e35162fe53d8b8fe4a53bcdaf1ef7ccdc418efcdf9ad8fc0dc7889601d7ae4fc3a4b7b81f83644a9661998c02ae6226349ff62df2d068a02e929c3511261a4

data/.gitignore

@@ -0,0 +1,28 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+*.gem
+*.rbc
+.DS_Store
+.bundle
+.rvmrc
+.ruby-version
+.yardoc
+.rake_tasks~
+Gemfile.lock
+coverage/*
+doc/*
+log/*
+pkg/*
+.idea/*

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+## 1.0.0 (2018-04-11)
+* First publicly available version
+* Main features on this version:
+    * Certificate authentications
+    * PAdES signatures
+        * Using direct integration with Web PKI
+        * Using server key
+    * CAdES signatures
+        * Using direct integration with Web PKI
+        * Using server key
+    * Full XML signatures
+    * XML element signatures

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rest_pki.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2016 Murilo Zaffalon
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,19 @@
+REST PKI client lib for Ruby
+============================
+
+This library contains classes that encapsulate the calls to the REST PKI API.
+
+The recommended way to install **REST PKI Client lib** is through setting in your Gemfile:
+
+````ruby
+gem 'rest_pki', '~> 1.0.0'
+````
+
+And with installing via [Bundler](http://bundler.io/) on your project root folder:
+    
+    bundle install
+
+Samples
+-------
+Please visit the [Rest PKI samples repository](https://github.com/LacunaSoftware/RestPkiSamples/tree/master/Ruby)
+for examples on how to use this library.

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler/gem_tasks'
+

data/lib/rest_pki.rb

@@ -0,0 +1,35 @@
+require 'rest_pki/version'
+
+require_relative 'rest_pki/rest_base_error'
+require_relative 'rest_pki/rest_error'
+require_relative 'rest_pki/restpki_error'
+require_relative 'rest_pki/rest_unreachable_error'
+require_relative 'rest_pki/validation_error'
+require_relative 'rest_pki/object'
+require_relative 'rest_pki/authentication'
+require_relative 'rest_pki/signature_finisher'
+require_relative 'rest_pki/signature_starter'
+require_relative 'rest_pki/cades_signature_starter'
+require_relative 'rest_pki/cades_signature_finisher'
+require_relative 'rest_pki/xml_signature_starter'
+require_relative 'rest_pki/full_xml_signature_starter'
+require_relative 'rest_pki/namespace_manager'
+require_relative 'rest_pki/pades_signature_finisher'
+require_relative 'rest_pki/pades_signature_starter'
+require_relative 'rest_pki/pades_visual_positioning_presets'
+require_relative 'rest_pki/restpki_client'
+require_relative 'rest_pki/standard_security_contexts'
+require_relative 'rest_pki/standard_signature_policies'
+require_relative 'rest_pki/validation_item'
+require_relative 'rest_pki/validation_results'
+require_relative 'rest_pki/xml_element_signature_starter'
+require_relative 'rest_pki/xml_id_resolution_table'
+require_relative 'rest_pki/xml_insertion_options'
+require_relative 'rest_pki/xml_signature_finisher'
+
+Dir[File.expand_path('../rest_pki/resources/*.rb', __FILE__)].map do |path|
+  require path
+end
+
+module RestPki
+end

data/lib/rest_pki/authentication.rb

@@ -0,0 +1,43 @@
+require 'uri'
+require 'rest_client'
+require 'multi_json'
+
+module RestPki
+    class Authentication
+        attr_accessor :ignore_revocation_status_unknown
+
+        def initialize(restpki_client)
+            @restpki_client = restpki_client
+            @certificate_info = nil
+            @done = false
+            @ignore_revocation_status_unknown = false
+        end
+
+        def start_with_webpki(security_context_id)
+            request = {
+                securityContextId: security_context_id,
+                ignoreRevocationStatusUnknown: @ignore_revocation_status_unknown
+            }
+            response = @restpki_client.post('Api/Authentications', request, 'authentication_model')
+            response['token']
+        end
+
+        def complete_with_webpki(token)
+            response = @restpki_client.post("Api/Authentications/#{token}/Finalize", nil, 'authentication_model')
+            
+            unless response['certificate'].nil?
+                @certificate_info = response['certificate']
+            end
+            @done = true
+
+            ValidationResults.new(response['validationResults'])
+        end
+
+        def certificate_info
+            unless @done
+                raise 'The field "certificate_info" can only be accessed after calling the complete_with_webpki method'
+            end
+            @certificate_info
+        end
+    end
+end

data/lib/rest_pki/cades_signature_finisher.rb

@@ -0,0 +1,48 @@
+
+module RestPki
+    class CadesSignatureFinisher < SignatureFinisher
+
+        def initialize(restpki_client)
+            super(restpki_client)
+            @cms = nil
+        end
+
+        def finish
+            if @token.to_s.blank?
+                raise 'The token was not set'
+            end
+
+            if @signature.to_s.blank?
+                response = @restpki_client.post("Api/CadesSignatures/#{@token}/Finalize", nil, 'cades_model')
+            else
+                request = { signature: @signature }
+                response = @restpki_client.post("Api/CadesSignatures/#{@token}/SignedBytes", request, 'cades_model')
+            end
+
+            @cms = Base64.decode64(response['cms'])
+            @callback_argument = response['callbackArgument']
+            @certificate_info = response['certificate']
+            @done = true
+
+            @cms
+        end
+
+        def cms
+            unless @done
+                raise 'The field "cms" can only be accessed after calling the finish method'
+            end
+
+            @cms
+        end
+
+        def write_cms_to_path(path)
+            unless @done
+                raise 'The method write_cms_to_path can only be called after calling the finish method'
+            end
+
+            file = File.open(path, 'wb')
+            file.write(@cms)
+            file.close
+        end
+    end
+end

data/lib/rest_pki/cades_signature_starter.rb

@@ -0,0 +1,148 @@
+require 'base64'
+
+module RestPki
+    class CadesSignatureStarter < SignatureStarter
+        attr_accessor :encapsulate_content
+
+        def initialize(restpki_client)
+            super(restpki_client)
+            @file_tosign_content_base64 = nil
+            @cms_tocosign_content_base64 = nil
+        end
+
+        #region set_file_tosign
+
+        def set_file_tosign_from_path(path)
+            file = File.open(path, 'rb')
+            @file_tosign_content_base64 = Base64.encode64(file.read)
+            file.close
+
+            @file_tosign_content_base64
+        end
+
+        def set_file_tosign_from_raw(content_raw)
+            @file_tosign_content_base64 = Base64.encode64(content_raw)
+        end
+
+        def set_file_tosign_from_base64(content_base64)
+            @file_tosign_content_base64 = content_base64
+        end
+
+        def set_file_content_tosign(content_raw)
+            set_file_tosign_from_raw(content_raw)
+        end
+
+        def set_file_to_sign(path)
+            set_file_tosign_from_path(path)
+        end
+
+        #endregion
+
+        #region set_cms_tocosign
+
+        def set_cms_tocosign_from_path(path)
+            file = File.open(path, 'rb')
+            @cms_tocosign_content_base64 = Base64.encode64(file.read)
+            file.close
+
+            @cms_tocosign_content_base64
+        end
+
+        def set_cms_tocosign_from_raw(content_raw)
+            @cms_tocosign_content_base64 = Base64.encode64(content_raw)
+        end
+
+        def set_cms_tocosign_from_base64(content_base64)
+            @cms_tocosign_content_base64 = content_base64
+        end
+
+        def set_cms_content_tocosign(content_raw)
+            set_cms_tocosign_from_raw(content_raw)
+        end
+
+        def set_cms_tocosign(path)
+            set_cms_tocosign_from_path(path)
+        end
+
+        #endregion
+
+        def start_with_webpki
+            if @file_tosign_content_base64.to_s.blank? and @cms_tocosign_content_base64.to_s.blank?
+                raise 'The content to sign was not set and no CMS to be co-signed was given'
+            end
+            if @signature_policy_id.to_s.blank?
+               raise 'The signature policy was not set'
+            end
+
+            request = {
+                securityContextId: @security_context_id,
+                signaturePolicyId: @signature_policy_id,
+                callbackArgument: @callback_argument,
+                encapsulateContent: @encapsulate_content,
+                ignoreRevocationStatusUnknown: @ignore_revocation_status_unknown
+            }
+            unless @signer_certificate_base64.to_s.blank?
+                request['certificate'] = Base64.encode64(@signer_certificate_base64)
+            end
+            unless @file_tosign_content_base64.nil?
+                request['contentToSign'] = @file_tosign_content_base64
+            end
+            unless @cms_tocosign_content_base64.nil?
+                request['cmsToCoSign'] = @cms_tocosign_content_base64
+            end
+
+            response = @restpki_client.post('Api/CadesSignatures', request, 'cades_model')
+
+            unless response['certificate'].nil?
+                @certificate = response['certificate']
+            end
+            @done = true
+
+            response['token']
+        end
+
+        def start
+            if @file_tosign_content_base64.to_s.blank? and @cms_tocosign_content_base64.to_s.blank?
+                raise 'The content to sign was not set and no CMS to be co-signed was given'
+            end
+            if @signature_policy_id.to_s.blank?
+                raise 'The signature policy was not set'
+            end
+            if @signer_certificate_base64.to_s.blank?
+                raise 'The signer certificate was not set'
+            end
+
+            request = {
+                securityContextId: @security_context_id,
+                signaturePolicyId: @signature_policy_id,
+                callbackArgument: @callback_argument,
+                encapsulateContent: @encapsulate_content,
+                ignoreRevocationStatusUnknown: @ignore_revocation_status_unknown
+            }
+            unless @signer_certificate_base64.to_s.blank?
+                request['certificate'] = Base64.encode64(@signer_certificate_base64)
+            end
+            unless @file_tosign_content_base64.nil?
+                request['contentToSign'] = @file_tosign_content_base64
+            end
+            unless @cms_tocosign_content_base64.nil?
+                request['cmsToCoSign'] = @cms_tocosign_content_base64
+            end
+
+            response = @restpki_client.post('Api/CadesSignatures', request, 'cades_model')
+
+            unless response['certificate'].nil?
+                @certificate = response['certificate']
+            end
+            @done = true
+
+            {
+                :token => response['token'],
+                :to_sign_data => response['toSignData'],
+                :to_sign_hash => response['toSignHash'],
+                :digest_algorithm_oid => response['digestAlgorithmOid'],
+                :signature_algorithm => get_signature_algorithm(response['digestAlgorithmOid'])
+            }
+        end
+    end
+end

data/lib/rest_pki/full_xml_signature_starter.rb

@@ -0,0 +1,51 @@
+module RestPki
+    class FullXmlSignatureStarter < XmlSignatureStarter
+
+        def initialize(restpki_client)
+            super(restpki_client)
+        end
+
+        def start_with_webpki
+            verify_common_parameters(true)
+            if @xml_content_base64.to_s.blank?
+                raise 'The XML to sign was not set'
+            end
+
+            request = get_request
+
+            response = @restpki_client.post('Api/XmlSignatures/FullXmlSignature', request, 'xml_model')
+
+            unless response['certificate'].nil?
+                @certificate = response['certificate']
+            end
+            @done = true
+
+            response['token']
+        end
+
+        def start
+            verify_common_parameters(true)
+            if @xml_content_base64.to_s.blank?
+                raise 'The XML to sign was not set'
+            end
+
+            request = get_request
+
+            response = @restpki_client.post('Api/XmlSignatures/FullXmlSignature', request, 'xml_model')
+
+            unless response['certificate'].nil?
+                @certificate = response['certificate']
+            end
+            @done = true
+
+            {
+                :token => response['token'],
+                :to_sign_data => response['toSignData'],
+                :to_sign_hash => response['toSignHash'],
+                :digest_algorithm_oid => response['digestAlgorithmOid'],
+                :signature_algorithm => get_signature_algorithm(response['digestAlgorithmOid'])
+            }
+        end
+
+    end
+end

data/lib/rest_pki/namespace_manager.rb

@@ -0,0 +1,16 @@
+
+module RestPki
+  class NamespaceManager
+    attr_accessor :namespaces
+
+    def initialize
+      @namespaces = []
+    end
+
+    def add_namespace(prefix, uri)
+      ns = { prefix: prefix, uri: uri }
+      @namespaces.push(ns)
+    end
+
+  end
+end