signer 1.2.0 → 1.2.1

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    YWY1OWFhM2YzMDYxMzBiNTE3MTVkNDZiYTg3NDQ4MmM3MzcyMzdhMg==
+    MGVmNjVlMGNlMjM5ZmIyMzczYWIzNzRmNWYzOWRlZTA2NzFmMWZiOA==
   data.tar.gz: !binary |-
-    NDI0MWQxNWZkYWI4NmE3YmQ2NzNlMTNiM2Q0OWY5Mzk5M2QyZGU5Mw==
+    ZDZjYWFiNmE2ODU5MGM4YjUxM2NjMzYyOTBmODBhZWQxYWJkYTFlNw==
 SHA512:
   metadata.gz: !binary |-
-    ZDE0MDRmMGRiMWE4ZjQ5ODUxMjc2M2QwNjMxMTg0NzRlMzNiMGM1YTNmOTk3
-    YzQ1Y2YyMmRmZGI2MThlM2Q5ODk2NjJiOTc0NDBkYjE2ZWZkYzk4MDRhZTc1
-    OTdhODFhZTU4ZjkxYTA4ZGNlZjIwZDA5OWRjZDA5Nzc1ZTdmMWU=
+    MzQ3NjE2NTgxZGFjNGI5NmE2NjAxZWQ0MjNhMDY1YjAzZWNlOGY2YmM1YzNl
+    ZDNhYjEwZmQwYzYzYjc3NDA5OGRmM2MzYjgwZWFiYTQzYjllODNmNTllNjBk
+    ZWI4MmIwNWE0ODg1OGRlNzk5NmUxYjNmODJlMjIxN2Y3ZDAzNTM=
   data.tar.gz: !binary |-
-    YzUwNDQ5MzljOTA1ZThlZTliMTNmZjljYTJlYmFjZDRhMDk1YWMzZDJjMTNl
-    OTY1YmFmMzNkMzNmNWIwNTg2YWY2Njk1ZjEwMGMzYTVjZGRlM2U5ZWE0YWYx
-    Mzc1MzE3MTI1YjQ2MzEzYWQ1OWE3MGIyMDU5YTI5MzgzMTlmM2U=
+    OTkzZWFiN2I4YmNiN2QyOWQ2N2E1MTZkMmQ0ODgwMGZhMjEzZTg4YzgzMzk4
+    NTJmNGY3ZWMzZTUzYzNjZWUzZmI2NTA0YWExM2EzZjY5ODEwY2ZhNGQ3NDRm
+    ZmI3ZWZmNTFlYWMyZjM3YjNlY2UwOTJiNDE5YzQ4N2Y0MWRiODI=

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.2.1 (2014-05-14)
+
+- Fix canonicalization: should be without comments (#2, @Envek)
+
 ## 1.2.0 (2014-05-06)
 
 - Id and attribute namespace preserving when digesting the nodes (#1, @Envek)

data/lib/signer.rb

@@ -28,7 +28,7 @@ class Signer
   end
 
   def canonicalize(node = document)
-    node.canonicalize(Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0)
+    node.canonicalize(Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0, nil, nil) # The last argument should be exactly +nil+ to remove comments from result
   end
 
   # <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">

data/lib/signer/version.rb

@@ -1,3 +1,3 @@
 class Signer
-  VERSION = "1.2.0"
+  VERSION = "1.2.1"
 end

data/spec/fixtures/input_3_c14n_comments.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+  <s:Header>
+    <a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action>
+    <a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID>
+    <To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To>
+    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
+      <u:Timestamp>
+        <u:Created>2012-05-02T18:17:14.467Z</u:Created>
+        <u:Expires>2012-05-02T18:22:14.467Z</u:Expires>
+      </u:Timestamp>
+    </o:Security>
+  </s:Header>
+  <s:Body>
+    <SearchDocuments xmlns="http://tempuri.org/">
+      <searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
+        <!-- This comment shouldn't affect digest value for digested node -->
+        <b:RegistrationNo>1</b:RegistrationNo>
+      </searchCriteria>
+    </SearchDocuments>
+  </s:Body>
+</s:Envelope>

data/spec/fixtures/output_3_c14n_comments.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0"?>
+<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"
+            xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+  <s:Header>
+    <a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action>
+    <a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID>
+    <To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To>
+    <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+                s:mustUnderstand="1">
+      <u:Timestamp>
+        <u:Created>2012-05-02T18:17:14.467Z</u:Created>
+        <u:Expires>2012-05-02T18:22:14.467Z</u:Expires>
+      </u:Timestamp>
+      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+        <SignedInfo>
+          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+          <Reference URI="#_f7a662fdba7cdb44426d7447f06adf0f11707eeb">
+            <Transforms>
+              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+            </Transforms>
+            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+            <DigestValue>iqiXdxdsix9HMz4rEBEo/sYazDU=</DigestValue>
+          </Reference>
+        </SignedInfo>
+        <SignatureValue>XOMmCzcg7Un+BpWIP5WpAAeT1Sq2B+WZ8eM4MiDR1bhIFV8aPScAXX/cB3Esa88JcBltsiBlZTdq1hCQ8GKrLEvWTFMhkSCQrkAR+3eCUR894UzPrWTr0jYA7RZaVaw+XODf7ICbYIhLs7n50cPyFrslKVOjh6EKlCq1ZV5XFYE=</SignatureValue>
+      </Signature>
+    </o:Security>
+  </s:Header>
+  <s:Body u:Id="_f7a662fdba7cdb44426d7447f06adf0f11707eeb">
+    <SearchDocuments xmlns="http://tempuri.org/">
+      <searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
+        <!-- This comment shouldn't affect digest value for digested node -->
+        <b:RegistrationNo>1</b:RegistrationNo>
+      </searchCriteria>
+    </SearchDocuments>
+  </s:Body>
+</s:Envelope>

data/spec/signer_spec.rb

@@ -30,6 +30,23 @@ describe Signer do
     signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
   end
 
+  it "should correctly canonicalize digested nodes (shouldn't account comments)" do
+    input_xml_file   = File.join(File.dirname(__FILE__), 'fixtures', 'input_3_c14n_comments.xml')
+    cert_file        = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
+    private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
+
+    signer = Signer.new(File.read(input_xml_file))
+    signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
+    signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
+
+    signer.digest!(signer.document.at_xpath('//soap:Body', { 'soap' => 'http://www.w3.org/2003/05/soap-envelope'}))
+    signer.sign!
+
+    output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_3_c14n_comments.xml')
+
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+  end
+
   it "should sign simple XML" do
     input_xml_file   = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
     cert_file        = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: signer
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.1
 platform: ruby
 authors:
 - Edgars Beigarts
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-06 00:00:00.000000000 Z
+date: 2014-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   version_requirements: !ruby/object:Gem::Requirement
@@ -67,9 +67,11 @@ files:
 - spec/fixtures/cert.pem
 - spec/fixtures/input_1.xml
 - spec/fixtures/input_2.xml
+- spec/fixtures/input_3_c14n_comments.xml
 - spec/fixtures/key.pem
 - spec/fixtures/output_1.xml
 - spec/fixtures/output_2.xml
+- spec/fixtures/output_3_c14n_comments.xml
 - spec/signer_spec.rb
 - spec/spec_helper.rb
 homepage: ''
@@ -99,8 +101,10 @@ test_files:
 - spec/fixtures/cert.pem
 - spec/fixtures/input_1.xml
 - spec/fixtures/input_2.xml
+- spec/fixtures/input_3_c14n_comments.xml
 - spec/fixtures/key.pem
 - spec/fixtures/output_1.xml
 - spec/fixtures/output_2.xml
+- spec/fixtures/output_3_c14n_comments.xml
 - spec/signer_spec.rb
 - spec/spec_helper.rb