signer 1.4.1 → 1.4.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 882352f66742848ad47014ff70ffc3e209b1cf89
4
- data.tar.gz: 6c3d4c9ede7274989836e517a8593f70c7a579ef
3
+ metadata.gz: c53fd8a35adaec2dbeada21a1b01983f4e062187
4
+ data.tar.gz: e40d84c4287da97c39c4b9db6d49cf2c441b4141
5
5
  SHA512:
6
- metadata.gz: 8e74304e6bcc08fa5d059b5a46f4b7fd0fde9eef2e3ff5b3c3eb6f6e22fdb1745bead38d9221ac757fe52c1bbd06035d09e732f5749df2f963e2f7a274d1d383
7
- data.tar.gz: 605c5260ac8fdefe3ad48b53dd5af359512ca835d58aa3de9d3e34407e9d529b5328252366d9528594319328d2546b609e15cfbc99bf9693b9fda7c4340cec03
6
+ metadata.gz: c470aa82a47a84973991688e3d97b70e9a0195662ac9ae08135380849077b312860b6a2e2f8b29d04323e4e4adf26dc32817282e82b47fe41360c50c3a14aef2
7
+ data.tar.gz: 2d72aae604c64ca037d6ca777d13d6db1ca84ba27c0d0b3feadf46c1b1448b107cbf7f681f2e3ccbdb374b344c176ddf2abcbebe95554fcf188bc81d67a5c881
@@ -1,3 +1,7 @@
1
+ ## 1.4.2 (2014-11-30)
2
+
3
+ - Fixed behaviour on XMLs that already contains nested signatures somewhere
4
+
1
5
  ## 1.4.1 (2014-09-09)
2
6
 
3
7
  - Changed method of getting GOST R 34.11-94 digest algorithm to more short and generic (and working in Ubuntu 14.04 and other OS)
@@ -9,7 +9,7 @@ require "signer/version"
9
9
  class Signer
10
10
  attr_accessor :document, :private_key, :signature_algorithm_id
11
11
  attr_reader :cert
12
- attr_writer :security_node, :security_token_id
12
+ attr_writer :security_node, :signature_node, :security_token_id
13
13
 
14
14
  WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
15
15
  WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
@@ -78,13 +78,15 @@ class Signer
78
78
 
79
79
  # <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
80
80
  def signature_node
81
- node = document.xpath("//ds:Signature", "ds" => "http://www.w3.org/2000/09/xmldsig#").first
82
- unless node
83
- node = Nokogiri::XML::Node.new('Signature', document)
84
- node.default_namespace = 'http://www.w3.org/2000/09/xmldsig#'
85
- security_node.add_child(node)
81
+ @signature_node ||= begin
82
+ @signature_node = security_node.at_xpath('ds:Signature', ds: 'http://www.w3.org/2000/09/xmldsig#')
83
+ unless @signature_node
84
+ @signature_node = Nokogiri::XML::Node.new('Signature', document)
85
+ @signature_node.default_namespace = 'http://www.w3.org/2000/09/xmldsig#'
86
+ security_node.add_child(@signature_node)
87
+ end
88
+ @signature_node
86
89
  end
87
- node
88
90
  end
89
91
 
90
92
  # <SignedInfo>
@@ -93,7 +95,7 @@ class Signer
93
95
  # ...
94
96
  # </SignedInfo>
95
97
  def signed_info_node
96
- node = signature_node.xpath("//ds:SignedInfo", "ds" => 'http://www.w3.org/2000/09/xmldsig#').first
98
+ node = signature_node.at_xpath('ds:SignedInfo', ds: 'http://www.w3.org/2000/09/xmldsig#')
97
99
  unless node
98
100
  node = Nokogiri::XML::Node.new('SignedInfo', document)
99
101
  signature_node.add_child(node)
@@ -119,7 +121,7 @@ class Signer
119
121
  # </o:SecurityTokenReference>
120
122
  # </KeyInfo>
121
123
  def binary_security_token_node
122
- node = document.xpath('//wsse:BinarySecurityToken', wsse: WSSE_NAMESPACE).first
124
+ node = document.at_xpath('wsse:BinarySecurityToken', wsse: WSSE_NAMESPACE)
123
125
  unless node
124
126
  node = Nokogiri::XML::Node.new('BinarySecurityToken', document)
125
127
  node['ValueType'] = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'
@@ -1,3 +1,3 @@
1
1
  class Signer
2
- VERSION = '1.4.1'
2
+ VERSION = '1.4.2'
3
3
  end
@@ -0,0 +1,25 @@
1
+ <?xml version="1.0"?>
2
+ <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
3
+ <s:Header>
4
+ <a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action>
5
+ <a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID>
6
+ <a:ReplyTo>
7
+ <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
8
+ </a:ReplyTo>
9
+ <To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To>
10
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
11
+ <wsurandom:Timestamp>
12
+ <wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created>
13
+ <wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires>
14
+ </wsurandom:Timestamp>
15
+ </wsse:Security>
16
+ </s:Header>
17
+ <s:Body>
18
+ <SearchDocuments xmlns="http://tempuri.org/">
19
+ <searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
20
+ <b:RegistrationNo>1</b:RegistrationNo>
21
+ </searchCriteria>
22
+ <ds:Signature />
23
+ </SearchDocuments>
24
+ </s:Body>
25
+ </s:Envelope>
@@ -0,0 +1,59 @@
1
+ <?xml version="1.0"?>
2
+ <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
3
+ <s:Header>
4
+ <a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action>
5
+ <a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID>
6
+ <a:ReplyTo>
7
+ <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
8
+ </a:ReplyTo>
9
+ <To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1" wsurandom:Id="_7e75a8ded22253b163ca76a40b6cc0c670ed0c33">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To>
10
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
11
+ <wsurandom:Timestamp wsurandom:Id="_3e2f6b0b9430b7f2b69712172db02293291f5322">
12
+ <wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created>
13
+ <wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires>
14
+ </wsurandom:Timestamp>
15
+ <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken>
16
+ <Signature>
17
+ <SignedInfo>
18
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
19
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
20
+ <Reference URI="#_3e2f6b0b9430b7f2b69712172db02293291f5322">
21
+ <Transforms>
22
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
23
+ </Transforms>
24
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
25
+ <DigestValue>hUP34KxVar1UE5I87U1kH8MzV+o=</DigestValue>
26
+ </Reference>
27
+ <Reference URI="#_7e75a8ded22253b163ca76a40b6cc0c670ed0c33">
28
+ <Transforms>
29
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
30
+ </Transforms>
31
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
32
+ <DigestValue>/rAVEm0SjaC0ckFViZd+A0hYe+U=</DigestValue>
33
+ </Reference>
34
+ <Reference URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">
35
+ <Transforms>
36
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
37
+ </Transforms>
38
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
39
+ <DigestValue>QfyyHQKBXN21QNXRHMDBkxZeTMI=</DigestValue>
40
+ </Reference>
41
+ </SignedInfo>
42
+ <SignatureValue>c1YkLvip/5njmwGakJ1Er6PMDUO2zC1HpinFkEEQkL+Ay1XJzGFehQdflIQjb6oRkT3c5DY3c+tcvE+G9/Wzy1m89RKkLvUAdPeI+ZMZw+90Rf5mvJku3QJ/G1bDlBOL54zYIC76El+XmHy1YM71x9+Y56z2mtCxZWAFOP7C3rA=</SignatureValue>
43
+ <KeyInfo>
44
+ <wsse:SecurityTokenReference>
45
+ <wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/>
46
+ </wsse:SecurityTokenReference>
47
+ </KeyInfo>
48
+ </Signature>
49
+ </wsse:Security>
50
+ </s:Header>
51
+ <s:Body>
52
+ <SearchDocuments xmlns="http://tempuri.org/">
53
+ <searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
54
+ <b:RegistrationNo>1</b:RegistrationNo>
55
+ </searchCriteria>
56
+ <ds:Signature/>
57
+ </SearchDocuments>
58
+ </s:Body>
59
+ </s:Envelope>
@@ -108,4 +108,35 @@ describe Signer do
108
108
 
109
109
  signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
110
110
  end
111
+
112
+ it "should digest and sign SOAP XML with security node and digested binary token" do
113
+ input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
114
+ cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
115
+ private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
116
+
117
+ signer = Signer.new(File.read(input_xml_file))
118
+ signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
119
+ signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
120
+ signer.security_node = signer.document.at_xpath('//soap:Header/wsse:Security', soap: 'http://www.w3.org/2003/05/soap-envelope', wsse: Signer::WSSE_NAMESPACE)
121
+
122
+ signer.document.xpath("//u:Timestamp", { "u" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" }).each do |node|
123
+ signer.digest!(node)
124
+ end
125
+
126
+ signer.document.xpath("//a:To", { "a" => "http://www.w3.org/2005/08/addressing" }).each do |node|
127
+ signer.digest!(node)
128
+ end
129
+
130
+ signer.digest!(signer.binary_security_token_node)
131
+
132
+ signer.sign!
133
+
134
+ # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_4_with_nested_signatures.xml'), "w") do |f|
135
+ # f.write signer.document.to_s
136
+ # end
137
+ output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_4_with_nested_signatures.xml')
138
+
139
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
140
+ end
141
+
111
142
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.1
4
+ version: 1.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edgars Beigarts
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-09-09 00:00:00.000000000 Z
11
+ date: 2014-11-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -69,12 +69,14 @@ files:
69
69
  - spec/fixtures/input_1.xml
70
70
  - spec/fixtures/input_2.xml
71
71
  - spec/fixtures/input_3_c14n_comments.xml
72
+ - spec/fixtures/input_4_with_nested_signatures.xml
72
73
  - spec/fixtures/key.pem
73
74
  - spec/fixtures/output_1.xml
74
75
  - spec/fixtures/output_1_inclusive_namespaces.xml
75
76
  - spec/fixtures/output_1_sha256.xml
76
77
  - spec/fixtures/output_2.xml
77
78
  - spec/fixtures/output_3_c14n_comments.xml
79
+ - spec/fixtures/output_4_with_nested_signatures.xml
78
80
  - spec/signer_spec.rb
79
81
  - spec/spec_helper.rb
80
82
  homepage: ''
@@ -96,7 +98,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
96
98
  version: '0'
97
99
  requirements: []
98
100
  rubyforge_project:
99
- rubygems_version: 2.2.2
101
+ rubygems_version: 2.4.4
100
102
  signing_key:
101
103
  specification_version: 4
102
104
  summary: WS Security XML signer
@@ -105,11 +107,13 @@ test_files:
105
107
  - spec/fixtures/input_1.xml
106
108
  - spec/fixtures/input_2.xml
107
109
  - spec/fixtures/input_3_c14n_comments.xml
110
+ - spec/fixtures/input_4_with_nested_signatures.xml
108
111
  - spec/fixtures/key.pem
109
112
  - spec/fixtures/output_1.xml
110
113
  - spec/fixtures/output_1_inclusive_namespaces.xml
111
114
  - spec/fixtures/output_1_sha256.xml
112
115
  - spec/fixtures/output_2.xml
113
116
  - spec/fixtures/output_3_c14n_comments.xml
117
+ - spec/fixtures/output_4_with_nested_signatures.xml
114
118
  - spec/signer_spec.rb
115
119
  - spec/spec_helper.rb