signature_dfe 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c802eaf476623cebfcfb4142191d0497d653b10a7c3d0f7b446a94cc3804e61a
-  data.tar.gz: 7a88f5520538835ac8cd22fa7b61c94042837d7aaeb3fce8de512d915aaf4388
+  metadata.gz: 187cda15b027142a73148dea40fbc77c0c50e29bf2ee52277ed8bef11bceda4e
+  data.tar.gz: 583dcd4b1b348b90df234d155898f5a66d3ae9fe60945c5fa3dd07ff3dd4683e
 SHA512:
-  metadata.gz: 5d13f7aec53106b1bc3b8aa80ed9a99adcd9c9523037dd5393c9a59484666d78018015f6903d3f72acc6266c5ad3b07b1b886244175fc2e7801ff483c19f0799
-  data.tar.gz: d1469960231b9af6fb343ac320e3a62ae60173b2d76ee4a0b3cd8405eb11a6c3a6a7e5c9a822b6c6ce5baf00bde671801748512fa15c55ae5c3f4b38dbd9de54
+  metadata.gz: f1fce5b56885cb6b1b3bca3206307770a20cfa9152428128ccf446ddee6cacad35829e061bafbc701053bb44f067ccbfca45bdd795d5528e2b76e1ffeae059b8
+  data.tar.gz: 82b77da8b4a403c5774eba82d0ba207a307bab3c90585e58115e53361965568b4db97ac034dcd7380cad4365389460e98a7aa95dd5e3202b2859b6c902c9331c

data/.github/workflows/rubocop.yml

@@ -0,0 +1,12 @@
+name: Rubocop
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Rubocop checks
+      uses: gimenete/rubocop-action@1.0
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

data/.github/workflows/test.yml

@@ -0,0 +1,17 @@
+name: Rails Unit Tests
+on: [push, pull_request]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.7
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.7
+    - name: Build and test with Rake
+      run: |
+        gem install bundler
+        bundle install
+        bundle exec rspec

data/.rubocop.yml

@@ -0,0 +1,27 @@
+AllCops:
+  Exclude:
+
+Layout/LineLength:
+  Exclude:
+
+Metrics/BlockLength:
+  Exclude:
+    - signature_dfe.gemspec
+    - spec/xml/signature_dfe_xml_spec.rb
+    - spec/signature_dfe_spec.rb
+    - spec/event/signature_dfe_event_pem_spec.rb
+    - spec/event/signature_dfe_event_pkcs_spec.rb
+    - spec/nfe/signature_dfe_nfe_pem_spec.rb
+    - spec/nfe/signature_dfe_nfe_pkcs_spec.rb
+    - spec/xml/event/signatire_dfe_event_spec.rb
+
+Style/Documentation:
+  Enabled: false
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 20
+  Exclude:
+    # - lib/signature_dfe/ssl.rb

data/.travis.yml

@@ -3,5 +3,5 @@ sudo: false
 language: ruby
 cache: bundler
 rvm:
-  - 2.6.0
-before_install: gem install bundler -v 1.17.3
+  - 2.7.0
+before_install: gem install bundler -v 2.1.2

data/CHANGELOG

@@ -1,3 +1,5 @@
+v 0.1.3
+	- add support to Inutilização
 v 0.1.2
 	- fix bug with pkcs12 signature
 	- add event for NF-e NFA-e NFC-e

data/Gemfile

@@ -1,6 +1,6 @@
-source "https://rubygems.org"
+source 'https://rubygems.org'
 
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
 # Specify your gem's dependencies in signature_dfe.gemspec
 gemspec

data/README.md

@@ -1,4 +1,9 @@
-[![Travis CI](https://travis-ci.org/thiaguerd/signature_dfe.svg?branch=master)](https://travis-ci.org/thiaguerd/signature_dfe) [![Gem Version](https://badge.fury.io/rb/signature_dfe.svg)](https://rubygems.org/gems/signature_dfe)
+![test](https://github.com/thiaguerd/signature_dfe/workflows/Rails%20Unit%20Tests/badge.svg)
+[![Travis CI](https://travis-ci.org/thiaguerd/signature_dfe.svg?branch=master)](https://travis-ci.org/thiaguerd/signature_dfe)
+![rubocop](https://github.com/thiaguerd/signature_dfe/workflows/Rubocop/badge.svg)
+[![Gem Version](https://badge.fury.io/rb/signature_dfe.svg)](https://rubygems.org/gems/signature_dfe)
+![](https://ruby-gem-downloads-badge.herokuapp.com/signature_dfe?metric=true)
+![](https://ruby-gem-downloads-badge.herokuapp.com/signature_dfe?type=total)
 
 # SignatureDfe
 
@@ -25,7 +30,7 @@ Or install it yourself as:
 
     $ gem install signature_dfe
 
-## Usando
+## Configurando
 
 Você vai precisar do certificado PKCS12 ou da chave privada e o certificado público.
 
@@ -118,7 +123,8 @@ A forma qual vc tem a xml da assinautra completo onde vc passa o seu xml contend
 inf_evento = %{
 <infEvento Id="ID1101115515151515151515151515156546546546545646544701">
 	...
-</infEvento>}
+</infEvento>
+}
 SignatureDfe::NFe::Event.sign inf_evento
 ```
 
@@ -160,6 +166,37 @@ signature_value = SignatureDfe::NFe::Event.signature_value event_id, digest_valu
 x509certificate = SignatureDfe::SSL.cert
 ```
 
+## Assinatura digital de Inutilização
+
+Segue-se exatamente como os documentos anteriores
+
+Para assinar passo a passo
+
+```
+inf_inut = %{
+  <infInut Id="ID06546541654654654654654654654654654654879">
+  ...
+  </infInut>
+}
+digest_value = SignatureDfe::Inutilizacao.digest_value inf_inut
+inut_id = "ID06546541654654654654654654654654654654879"
+signature_value = SignatureDfe::Inutilizacao.signature_value inut_id, digest_value
+x509certificate = SignatureDfe::SSL.cert
+```
+
+Ou, para gerar toda a assinatura em único passo
+
+```
+inf_inut = %{
+  <infInut Id="ID06546541654654654654654654654654654654879">
+  ...
+  </infInut>
+}
+SignatureDfe::Inutilizacao.sign inf_inut
+```
+
+
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -1,6 +1,6 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task default: :spec

data/bin/console

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
-require "bundler/setup"
-require "signature_dfe"
+require 'bundler/setup'
+require 'signature_dfe'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
@@ -10,5 +10,5 @@ require "signature_dfe"
 # require "pry"
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start(__FILE__)

data/lib/signature_dfe.rb

@@ -1,20 +1,25 @@
-require "signature_dfe/version"
-require "openssl"
+require 'signature_dfe/version'
+require 'signature_dfe_xml'
+require 'signature_dfe_check'
+require 'openssl'
+
+GEM_ROOT = File.expand_path('..', __dir__)
 
 module SignatureDfe
-	class Error < StandardError; end
+  class Error < StandardError; end
 
-	module AbstractClass
-		def initialize
-			raise "this is a abstract class"
-		end
-	end
+  def initialize
+    raise 'this is a abstract class'
+  end
 
-	def self.canonize xml, canonize_method=Nokogiri::XML::XML_C14N_1_1
-		Nokogiri::XML(xml.gsub(/>\s+</,"><")).canonicalize(canonize_method)
-	end
+  module AbstractClass
+    def initialize
+      raise 'this is a abstract class'
+    end
+  end
 end
 
-require "signature_dfe/ssl"
-require "signature_dfe/nfe"
-require "signature_dfe/evento_nfe"
+require 'signature_dfe/ssl'
+require 'signature_dfe/nfe'
+require 'signature_dfe/evento_nfe'
+require 'signature_dfe/disabling'

data/lib/signature_dfe/disabling.rb

@@ -0,0 +1,22 @@
+module SignatureDfe
+  class Inutilizacao
+    def self.digest_value(xml)
+      SignatureDfe::Xml.calc_digest_value('infInut', xml)
+    end
+
+    def self.signature_value(event_id, digest_value)
+      SignatureDfe::Xml.build_signed_info(event_id, digest_value)
+    end
+
+    def self.sign(xml)
+      digest_value_ = digest_value xml
+      event_id = SignatureDfe::Xml.namespace_value('Id', xml)
+      options = {
+        id: event_id,
+        digest_value: digest_value_,
+        signature_value: signature_value(event_id, digest_value_)
+      }
+      SignatureDfe::Xml.build_signature(options)
+    end
+  end
+end

data/lib/signature_dfe/evento_nfe.rb

@@ -2,71 +2,26 @@ require 'base64'
 require 'nokogiri'
 
 module SignatureDfe
-	class NFe
-		class Event
-
-			def self.digest_value something
-				inf_event = something.scan(/\<infevento[\s\S]*?\<\/infevento\>/i)[0].gsub(/>\s+</,"><")
-				inf_event_canonized = canonize_inf_event inf_event
-				Base64.encode64(OpenSSL::Digest::SHA1.digest(inf_event_canonized)).strip
-			end
-
-			def self.signature_value event_id, digest_value
-				signed_info = %{
-					<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
-						<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
-						<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-						<Reference URI="#ID#{event_id}">
-							<Transforms>
-								<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-								<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
-							</Transforms>
-							<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-							<DigestValue>#{digest_value}</DigestValue>
-						</Reference>
-					</SignedInfo>
-				}
-				signed_info_canonized = SignatureDfe.canonize signed_info
-				Base64.encode64(SignatureDfe::SSL.sign signed_info_canonized).strip
-			end
-
-			def self.sign something
-				digest_value_ = digest_value something
-
-				event_id = something.scan(/\<infEvento[\s\S]*?\>/i)[0].scan(/\d/).join("")
-								
-				signature_value_ = signature_value event_id, digest_value_
-
-				%{
-					<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
-						<SignedInfo>
-							<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
-							<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-							<Reference URI="#ID#{event_id}">
-								<Transforms>
-									<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-									<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
-								</Transforms>
-								<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-								<DigestValue>#{digest_value_}</DigestValue>
-							</Reference>
-						</SignedInfo>
-						<SignatureValue>#{signature_value_}</SignatureValue>
-						<KeyInfo>
-							<X509Data>
-								<X509Certificate>#{SignatureDfe::SSL.cert.to_s.gsub(/\-\-\-\-\-[A-Z]+ CERTIFICATE\-\-\-\-\-/, "").strip}</X509Certificate>
-							</X509Data>
-						</KeyInfo>
-					</Signature>
-				}.gsub(/\>\s{1,}\</,"><").strip
-			end
-
-			def self.canonize_inf_event inf_nfe
-				tag_inf_nfe = inf_nfe.scan(/\<infevento[\s\S]*?\>/i)[0]
-				SignatureDfe.canonize(tag_inf_nfe.include?(%{xmlns="http://www.portalfiscal.inf.br/nfe"}) ? tag_inf_nfe : inf_nfe.gsub(%{<infEvento},%{<infEvento xmlns="http://www.portalfiscal.inf.br/nfe"}))
-			end
-
-			private_class_method :canonize_inf_event
-		end
-	end
+  class NFe
+    class Event
+      def self.digest_value(xml)
+        SignatureDfe::Xml.calc_digest_value('infEvento', xml)
+      end
+
+      def self.signature_value(event_id, digest_value)
+        SignatureDfe::Xml.build_signed_info(event_id, digest_value)
+      end
+
+      def self.sign(xml)
+        digest_value_ = digest_value xml
+        event_id = SignatureDfe::Xml.namespace_value('Id', xml)
+        options = {
+          id: event_id,
+          digest_value: digest_value_,
+          signature_value: signature_value(event_id, digest_value_)
+        }
+        SignatureDfe::Xml.build_signature(options)
+      end
+    end
+  end
 end

data/lib/signature_dfe/nfe.rb

@@ -1,67 +1,24 @@
 require 'base64'
 require 'nokogiri'
 module SignatureDfe
-	class NFe
-		def self.sign something
-			if something.is_a? String
-				digest_value_ = digest_value something
-				
-				ch_nfe = something.scan(/\<infnfe[\s\S]*?\>/i)[0].scan(/\d{44}/)[0]
+  class NFe
+    def self.digest_value(xml)
+      SignatureDfe::Xml.calc_digest_value('infNFe', xml)
+    end
 
-				signature_value_ = signature_value ch_nfe, digest_value_
+    def self.sign(xml)
+      digest_value_ = digest_value xml
+      ch_nfe = SignatureDfe::Xml.namespace_value('Id', xml).scan(/\d{44}/)[0]
+      options = {
+        id: "NFe#{ch_nfe}",
+        digest_value: digest_value_,
+        signature_value: signature_value(ch_nfe, digest_value_)
+      }
+      SignatureDfe::Xml.build_signature(options)
+    end
 
-				%{<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
-					<SignedInfo>
-						<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
-						<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-						<Reference URI="#NFe#{ch_nfe}">
-							<Transforms>
-								<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-								<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
-							</Transforms>
-							<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-							<DigestValue>#{digest_value_}</DigestValue>
-						</Reference>
-					</SignedInfo>
-					<SignatureValue>#{signature_value_}</SignatureValue>
-					<KeyInfo>
-						<X509Data>
-							<X509Certificate>#{SignatureDfe::SSL.cert.to_s.gsub(/\-\-\-\-\-[A-Z]+ CERTIFICATE\-\-\-\-\-/, "").strip}</X509Certificate>
-						</X509Data>
-					</KeyInfo>
-				</Signature>}.gsub(/\>\s{1,}\</,"><").strip
-			end
-		end
-
-		def self.canonize_inf_nfe inf_nfe
-			tag_inf_nfe = inf_nfe.scan(/\<infnfe[\s\S]*?\>/i)[0]
-			SignatureDfe.canonize(tag_inf_nfe.include?(%{xmlns="http://www.portalfiscal.inf.br/nfe"}) ? tag_inf_nfe : inf_nfe.gsub(%{<infNFe},%{<infNFe xmlns="http://www.portalfiscal.inf.br/nfe"}))
-		end
-
-		def self.signature_value ch_nfe, digest_value
-			signed_info = %{
-				<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
-					<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
-					<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-					<Reference URI="#NFe#{ch_nfe}">
-						<Transforms>
-							<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-							<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
-						</Transforms>
-						<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-						<DigestValue>#{digest_value}</DigestValue>
-					</Reference>
-				</SignedInfo>
-			}
-			signed_info_canonized = SignatureDfe.canonize signed_info
-			Base64.encode64(SignatureDfe::SSL.sign signed_info_canonized).strip
-		end
-
-		def self.digest_value something
-			inf_nfe = something.scan(/\<infnfe[\s\S]*?\<\/infnfe\>/i)[0].gsub(/>\s+</,"><")
-			inf_nfe_canonized = canonize_inf_nfe inf_nfe
-			Base64.encode64(OpenSSL::Digest::SHA1.digest(inf_nfe_canonized)).strip
-		end
-		private_class_method :canonize_inf_nfe
-	end
-end
+    def self.signature_value(ch_nfe, digest_value)
+      SignatureDfe::Xml.build_signed_info("NFe#{ch_nfe}", digest_value)
+    end
+  end
+end

data/lib/signature_dfe/ssl.rb

@@ -1,79 +1,117 @@
 module SignatureDfe
-	class Config
-		include AbstractClass
-
-		attr_accessor :pkcs12, :pkey, :cert
-
-		attr_writer :password
-
-		def initialize
-			@pkcs12 = nil
-			@pkey = nil
-			@cert = nil
-			@password = nil
-		end
-
-		def inspect
-			super.gsub(/\, \@pass[\s\S]*?\>/,">")
-		end
-
-		def instance_variables
-			super-[:@password]
-		end
-	end
-		
-	class SSL
-		include AbstractClass
-
-		@@config = Config.new
-		
-		def self.config
-			@@config
-		end
-
-		def self.sign content, sign_method=OpenSSL::Digest::SHA1.new
-			self.test unless defined?(@@pk)
-			@@pk.sign sign_method, content
-		end
-
-		def self.cert
-			self.test unless defined?(@@pk)
-			@@cert.to_s.gsub(/\-\-\-\-\-[A-Z]+ CERTIFICATE\-\-\-\-\-/, "").strip
-		end
-
-		def self.test
-			raise SignatureDfe::Error.new "You must be set up pkcs12 or pkey" if (config.pkcs12 == nil || config.pkcs12.empty?) and (config.pkey == nil || config.pkey.empty?)
-			if config.pkcs12
-				if File.exist? config.pkcs12
-					begin
-						aux = OpenSSL::PKCS12.new(File.read(config.pkcs12), config.instance_variable_get(:@password))
-						@@pk = aux.key
-						@@cert = aux.certificate
-					rescue OpenSSL::PKCS12::PKCS12Error => e
-						raise SignatureDfe::Error.new "Wrong password for '#{config.pkcs12}'"
-					end
-				else
-					raise SignatureDfe::Error.new "Your pkcs12 '#{config.pkcs12}' is not a valid file"
-				end
-			elsif config.pkey
-				if File.exist? config.pkey
-					begin
-						@@pk = OpenSSL::PKey::RSA.new File.read(config.pkey), config.instance_variable_get(:@password)
-						begin
-							raise SignatureDfe::Error.new "You must be set up the cert if you chose use pkey" if config.cert == nil || config.cert.empty?
-							raise SignatureDfe::Error.new "Your cert '#{config.cert}' is not a valid file" unless File.exist? config.cert
-							@@cert = OpenSSL::X509::Certificate.new(File.read(config.cert))
-						rescue OpenSSL::X509::CertificateError => e
-							raise SignatureDfe::Error.new "Your cert '#{config.cert}' is not a valid file"
-						end
-					rescue OpenSSL::PKey::RSAError => e
-						raise SignatureDfe::Error.new "Wrong password for '#{config.pkey}'"
-					end
-				else
-					raise SignatureDfe::Error.new "Your pkey '#{config.pkey}' is not a valid file"
-				end
-			end
-			true
-		end
-	end
+  class Config
+    include AbstractClass
+
+    attr_accessor :pkcs12, :pkey, :cert
+
+    attr_writer :password
+
+    def initialize
+      clear
+    end
+
+    def clear
+      @pkcs12 = nil
+      @pkey = nil
+      @cert = nil
+      @password = nil
+    end
+
+    def inspect
+      super.gsub(/\, \@pass[\s\S]*?\>/, '>')
+    end
+
+    def instance_variables
+      super - [:@password]
+    end
+  end
+
+  class SSL
+    include AbstractClass
+
+    @config = Config.new
+
+    class << self
+      attr_reader :config
+    end
+
+    def self.sign(content, sign_method = OpenSSL::Digest::SHA1.new)
+      self.test unless defined?(@pk)
+      @pk.sign sign_method, content
+    end
+
+    def self.cert
+      self.test unless defined?(@pk)
+      @cert.to_s.gsub(/\-\-\-\-\-[A-Z]+ CERTIFICATE\-\-\-\-\-/, '').strip
+    end
+
+    class << self
+      private
+
+      def error(msg)
+        raise SignatureDfe::Error, msg
+      end
+
+      def check_pkcs12
+        (config.pkcs12.nil? || config.pkcs12.empty?)
+      end
+
+      def check_pem
+        (config.pkey.nil? || config.pkey.empty?)
+      end
+
+      def set_up
+        error 'You must be set up pkcs12 or pkey' if check_pkcs12 && check_pem
+      end
+
+      def load_pkcs12
+        pass = config.instance_variable_get(:@password)
+        aux = OpenSSL::PKCS12.new(File.read(config.pkcs12), pass)
+        @pk = aux.key
+        @cert = aux.certificate
+      rescue OpenSSL::PKCS12::PKCS12Error
+        error "Wrong password for '#{config.pkcs12}'"
+      end
+
+      def test_pkc12
+        if File.exist? config.pkcs12
+          load_pkcs12
+        else
+          error "Your pkcs12 '#{config.pkcs12}' is not a valid file"
+        end
+      end
+
+      def check_cert
+        if config.cert.nil? || config.cert.empty?
+          error 'You must be set up the cert if you chose use pkey'
+        end
+        if File.exist? config.cert
+          @cert = OpenSSL::X509::Certificate.new(File.read(config.cert))
+        else
+          error "Your cert '#{config.cert}' is not a valid file"
+        end
+      end
+
+      def test_pem
+        if File.exist? config.pkey
+          pass = config.instance_variable_get(:@password)
+          @pk = OpenSSL::PKey::RSA.new File.read(config.pkey), pass
+          check_cert
+        else
+          error "Your pkey '#{config.pkey}' is not a valid file"
+        end
+      rescue OpenSSL::X509::CertificateError
+        error "Your cert '#{config.cert}' is not a valid file"
+      end
+    end
+
+    def self.test
+      set_up
+      test_pkc12 if config.pkcs12
+      test_pem if config.pkey && !config.pkcs12
+      true
+    rescue OpenSSL::PKey::RSAError
+      error "Wrong password for '#{config.pkey}'"
+    end
+  end
 end

data/lib/signature_dfe/templates/signature.xml

@@ -0,0 +1,20 @@
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+	<SignedInfo>
+		<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+		<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+		<Reference URI="#:id">
+			<Transforms>
+				<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+				<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+			</Transforms>
+			<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+			<DigestValue>:digest_value</DigestValue>
+		</Reference>
+	</SignedInfo>
+	<SignatureValue>:signature_value</SignatureValue>
+	<KeyInfo>
+		<X509Data>
+			<X509Certificate>:x509_certificate</X509Certificate>
+		</X509Data>
+	</KeyInfo>
+</Signature>

data/lib/signature_dfe/templates/signed_info.xml

@@ -0,0 +1,12 @@
+<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+	<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+	<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+	<Reference URI="#:id">
+		<Transforms>
+			<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+			<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+		</Transforms>
+		<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+		<DigestValue>:digest_value</DigestValue>
+	</Reference>
+</SignedInfo>

data/lib/signature_dfe/version.rb

@@ -1,3 +1,3 @@
 module SignatureDfe
-  VERSION = "0.1.2"
+  VERSION = '0.1.3'.freeze
 end

data/lib/signature_dfe_check.rb

@@ -0,0 +1,32 @@
+module SignatureDfe
+  class Check
+    def self.only_signature_check(xml)
+      signed_info_canonized = Xml.signed_info_canonized xml
+      certificate = Xml.public_cert xml
+      certificate.public_key.verify(
+        OpenSSL::Digest.new(Xml.digest_method_algorithm(signed_info_canonized)),
+        Base64.decode64(Xml.node_content('SignatureValue', xml)),
+        signed_info_canonized
+      )
+    end
+
+    def self.signature_check(xml)
+      return false unless digest_check(xml)
+
+      only_signature_check(xml)
+    end
+
+    def self.digest_check(xml)
+      uri = Xml.namespace_value('URI', Xml.tag('Reference', xml)).gsub('#', '')
+      xmlns = Xml.namespace_value('xmlns', xml)
+      node_assigned = Xml.get_node_by_namespace_value(uri, xml)
+      node_assigned.gsub!(/>\s+\</, '><')
+      node_name = Xml.node_name(node_assigned)
+      unless Xml.tag(node_name, xml).include?(xmlns)
+        node_assigned.gsub!(node_name, %(#{node_name} xmlns="#{xmlns}"))
+      end
+      dv = OpenSSL::Digest::SHA1.digest(Xml.canonize(node_assigned))
+      Base64.encode64(dv).strip == Xml.node_content('DigestValue', xml)
+    end
+  end
+end

data/lib/signature_dfe_xml.rb

@@ -0,0 +1,115 @@
+module SignatureDfe
+  class Xml
+    def self.calc_digest_value(tag, xml)
+      xml = SignatureDfe::Xml.node(tag, xml)
+      note_canonized = SignatureDfe::Xml.canonize_with_ns xml, tag
+      Base64.encode64(OpenSSL::Digest::SHA1.digest(note_canonized)).strip
+    end
+
+    def self.build_signature(options = {})
+      path = "#{GEM_ROOT}/lib/signature_dfe/templates/signature.xml"
+      xml = File.read path
+      xml.gsub!(':id', options[:id])
+      xml.gsub!(':digest_value', options[:digest_value])
+      xml.gsub!(':signature_value', options[:signature_value])
+      cert = SignatureDfe::SSL.cert.to_s
+      cert.to_s.gsub(/\-\-\-\-\-[A-Z]+ CERTIFICATE\-\-\-\-\-/, '').strip!
+      xml.gsub!(':x509_certificate', cert.strip).gsub(/\>\s+\</, '><')
+    end
+
+    def self.build_signed_info(id, digest_value_)
+      path = "#{GEM_ROOT}/lib/signature_dfe/templates/signed_info.xml"
+      signed_info = File.read path
+      signed_info.gsub!(':id', id)
+      signed_info.gsub!(':digest_value', digest_value_)
+      signed_info_canonized = SignatureDfe::Xml.canonize signed_info
+      Base64.encode64(SignatureDfe::SSL.sign(signed_info_canonized)).strip
+    end
+
+    def self.digest_method_algorithm(xml)
+      xml.scan(/(\<DigestMethod[\s\S]*?\#)([\s\S]*?)(\"|\')/)[0][1]
+    end
+
+    def self.node(name, xml)
+      r = %r{\<#{Regexp.escape(name)}[\s\S]*((/\>)|(#{Regexp.escape(name)}\>))}
+      xml.match(r)[0].gsub(/>\s+</, '><')
+    end
+
+    def self.node_content(name, xml)
+      full_node = xml.scan(%r{\<#{name}.*?\>([\s\S]*?)\</#{name}\>})
+      return nil unless full_node[0]
+
+      full_node[0][0]
+    end
+
+    def self.node_name(xml)
+      xml.scan(%r{\<[^/\s\>]*})[0].gsub('<', '')
+    end
+
+    def self.tag(name, xml)
+      xml.scan(%r{\<#{name}[\S\s]*?[/\>|\>]})[0]
+    end
+
+    def self.namespace_value(namespace, xml)
+      matches = xml.match(/#{Regexp.escape(namespace)}\=\"([^"]*)/)
+      return nil unless matches
+
+      matches[1]
+    end
+
+    def self.get_node_by_namespace_value(value, xml)
+      a = xml.match(%r{\<[^<]*#{Regexp.escape(value)}[^>]*(\>|/>)})[0]
+      node(node_name(a), xml)
+    end
+
+    def self.canonize_inf_nfe(xml)
+      tag_inf_nfe = node('infNFe', xml)
+      ns = 'xmlns="http://www.portalfiscal.inf.br/nfe"'
+      rxg = Regexp.escape(ns)
+      canonize(
+        if tag_inf_nfe.include?(rxg.to_s)
+          tag_inf_nfe
+        else
+          tag_inf_nfe.gsub(%(<infNFe), %(<infNFe #{ns}))
+        end
+      )
+    end
+
+    def self.signed_info_canonized(xml)
+      canonize(signed_info_with_ns(xml))
+    end
+
+    def self.canonize(xml, canonize_method = Nokogiri::XML::XML_C14N_1_1)
+      Nokogiri::XML(xml.gsub(/>\s+</, '><')).canonicalize(canonize_method)
+    end
+
+    def self.public_cert(xml)
+      x509_certificate = Xml.node_content('X509Certificate', xml)
+      x509_certificate = [
+        '-----BEGIN CERTIFICATE-----',
+        x509_certificate,
+        '-----END CERTIFICATE-----'
+      ].join("\n")
+      OpenSSL::X509::Certificate.new x509_certificate
+    end
+
+    def self.signed_info_with_ns(xml)
+      content = Xml.node 'SignedInfo', xml
+      canonize content.gsub(
+        '<SignedInfo>',
+        %(<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">)
+      )
+    end
+
+    def self.canonize_with_ns(xml, tag)
+      ns = %(xmlns="http://www.portalfiscal.inf.br/nfe")
+      canonize(
+        if xml.include?(ns.to_s)
+          xml
+        else
+          xml.gsub(%(<#{tag}), %(<#{tag} #{ns}))
+        end
+      )
+    end
+  end
+end

data/signature_dfe.gemspec

@@ -1,43 +1,35 @@
-
-lib = File.expand_path("../lib", __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "signature_dfe/version"
+require 'signature_dfe/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "signature_dfe"
+  repo = 'https://github.com/thiaguerd/signature_dfe'
+  spec.name          = 'signature_dfe'
   spec.version       = SignatureDfe::VERSION
-  spec.authors       = ["Thiago Feitosa"]
-  spec.email         = ["mail@thiago.pro"]
-
-  spec.summary       = %q{Assinatura digital de documentos fiscais eletrônicos}
-  spec.description   = %q{Assinatura digital de NF-e NFC-e NFA-e CT-e MDF-e BP-e}
-  spec.homepage      = "https://github.com/thiaguerd/signature_dfe"
-  spec.license       = "MIT"
+  spec.authors       = ['Thiago Feitosa']
+  spec.email         = ['mail@thiago.pro']
+  spec.summary       = 'Assinatura digital de documentos fiscais eletrônicos'
+  spec.description   = 'Assinatura digital de NF-e NFC-e NFA-e CT-e MDF-e BP-e'
+  spec.homepage      = repo
+  spec.license       = 'MIT'
 
-  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
-  # to allow pushing to a single host or delete this section to allow pushing to any host.
-  if spec.respond_to?(:metadata)
-    spec.metadata["allowed_push_host"] = "https://rubygems.org"
+  req_mgs = 'RubyGems >= 2.0 is required to protect against public gem pushes.'
+  raise req_mgs unless spec.respond_to?(:metadata)
 
-    spec.metadata["homepage_uri"] = spec.homepage
-    spec.metadata["source_code_uri"] = "https://github.com/thiaguerd/signature_dfe"
-    spec.metadata["changelog_uri"] = "https://github.com/thiaguerd/signature_dfe/blob/master/CHANGELOG"
-  else
-    raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
+  spec.metadata['allowed_push_host'] = 'https://rubygems.org'
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = repo
+  spec.metadata['changelog_uri'] = repo + '/blob/master/CHANGELOG'
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    rx = %r{^(test|spec|features)/}
+    `git ls-files -z`.split("\x0").reject { |f| f.match(rx) }
   end
-
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  end
-  spec.bindir        = "exe"
+  spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_development_dependency "bundler", "~> 1.17"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency "openssl", "~> 2.1.2"
-  spec.add_development_dependency "nokogiri", "~> 1.9.1"
+  spec.require_paths = ['lib']
+  spec.add_development_dependency 'bundler', '~> 2.1.2'
+  spec.add_development_dependency 'nokogiri', '~> 1.10.7'
+  spec.add_development_dependency 'openssl', '~> 2.1.2'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: signature_dfe
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Thiago Feitosa
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-01-07 00:00:00.000000000 Z
+date: 2020-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,70 +16,70 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: 2.1.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: 2.1.2
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 1.10.7
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 1.10.7
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: openssl
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 2.1.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 2.1.2
 - !ruby/object:Gem::Dependency
-  name: openssl
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.1.2
+        version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.1.2
+        version: '10.0'
 - !ruby/object:Gem::Dependency
-  name: nokogiri
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.9.1
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.9.1
+        version: '3.0'
 description: Assinatura digital de NF-e NFC-e NFA-e CT-e MDF-e BP-e
 email:
 - mail@thiago.pro
@@ -87,8 +87,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/rubocop.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".travis.yml"
 - CHANGELOG
 - CODE_OF_CONDUCT.md
@@ -103,10 +106,15 @@ files:
 - certs/gen.sh
 - certs/key.pem
 - lib/signature_dfe.rb
+- lib/signature_dfe/disabling.rb
 - lib/signature_dfe/evento_nfe.rb
 - lib/signature_dfe/nfe.rb
 - lib/signature_dfe/ssl.rb
+- lib/signature_dfe/templates/signature.xml
+- lib/signature_dfe/templates/signed_info.xml
 - lib/signature_dfe/version.rb
+- lib/signature_dfe_check.rb
+- lib/signature_dfe_xml.rb
 - signature_dfe.gemspec
 homepage: https://github.com/thiaguerd/signature_dfe
 licenses:
@@ -131,7 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Assinatura digital de documentos fiscais eletrônicos