signer 1.4.3 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +7 -0
- data/lib/signer/version.rb +1 -1
- data/lib/signer.rb +4 -2
- data/spec/fixtures/output_4_with_nested_signatures.xml +1 -1
- data/spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml +25 -0
- data/spec/signer_spec.rb +28 -0
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ae216e81d9f7a7ee4d382887c57ac53a915e7173
|
|
4
|
+
data.tar.gz: 01e67fcff1cbe03eafaa72e083d9849ddede5bb4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e9dc941878f1f90d72cf33deba4a2f1c82e84d94f108461a2187a1042520db896368322ed3d1e136bab90d1274fa5e3a4ef96fd10ada602b7878844ec59a642a
|
|
7
|
+
data.tar.gz: 5ff0201e154fa6fd8174c10f1605a4a9f630362db0a8a4b37afed9f61da674b959a5f8cccfd326e1b40a9cc6d310cb5f88353bcb13986c6c395c69c3c1d9cd4e
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -228,3 +228,10 @@ signer.sign! # No need to pass a :security_token option, as we already construct
|
|
|
228
228
|
```
|
|
229
229
|
|
|
230
230
|
If you need to use canonicalization with inclusive namespaces you can pass array of namespace prefixes in `:inclusive_namespaces` option in both `digest!` and `sign!` methods.
|
|
231
|
+
|
|
232
|
+
|
|
233
|
+
Every new instance of signer has Nokogiri `noblanks` set as default in process of parsing xml file. If you need to disable it, pass opional argument `noblanks: false`.
|
|
234
|
+
|
|
235
|
+
```
|
|
236
|
+
Signer.new(File.read("example.xml"), noblanks: false)
|
|
237
|
+
```
|
data/lib/signer/version.rb
CHANGED
data/lib/signer.rb
CHANGED
|
@@ -14,8 +14,10 @@ class Signer
|
|
|
14
14
|
WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
|
|
15
15
|
WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
|
|
16
16
|
|
|
17
|
-
def initialize(document)
|
|
18
|
-
self.document = Nokogiri::XML(document.to_s
|
|
17
|
+
def initialize(document, noblanks: true)
|
|
18
|
+
self.document = Nokogiri::XML(document.to_s) do |config|
|
|
19
|
+
config.noblanks if noblanks
|
|
20
|
+
end
|
|
19
21
|
self.digest_algorithm = :sha1
|
|
20
22
|
self.set_default_signature_method!
|
|
21
23
|
end
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
<wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires>
|
|
14
14
|
</wsurandom:Timestamp>
|
|
15
15
|
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken>
|
|
16
|
-
|
|
16
|
+
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
|
17
17
|
<SignedInfo>
|
|
18
18
|
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
19
19
|
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
3
|
+
<s:Header>
|
|
4
|
+
<a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action>
|
|
5
|
+
<a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID>
|
|
6
|
+
<a:ReplyTo>
|
|
7
|
+
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
|
|
8
|
+
</a:ReplyTo>
|
|
9
|
+
<To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1" wsurandom:Id="_7e75a8ded22253b163ca76a40b6cc0c670ed0c33">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To>
|
|
10
|
+
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
|
|
11
|
+
<wsurandom:Timestamp wsurandom:Id="_071e409128bacfd1bc280e1d0ee581a56e93ffe2">
|
|
12
|
+
<wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created>
|
|
13
|
+
<wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires>
|
|
14
|
+
</wsurandom:Timestamp>
|
|
15
|
+
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#_071e409128bacfd1bc280e1d0ee581a56e93ffe2"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>YDcfIJMN1Ef14aySyIDif+0XeUE=</DigestValue></Reference><Reference URI="#_7e75a8ded22253b163ca76a40b6cc0c670ed0c33"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/rAVEm0SjaC0ckFViZd+A0hYe+U=</DigestValue></Reference><Reference URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>QfyyHQKBXN21QNXRHMDBkxZeTMI=</DigestValue></Reference></SignedInfo><SignatureValue>AKYUCGtsWq4HzQ5NgATA/K6mpEGyoQ7S1imImIChmIcSGVCWfdr01KVpjQPxqnhJSiMZo3gLy4buY5ZUvckFIahIYxbG0ZNCrLACAjtAhXpvUNKjGHgUsW5UV1d5+wrEkUDiMnaym+FM37fyJMfCmmuJAc623LnBSLX349DETlI=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Security>
|
|
16
|
+
</s:Header>
|
|
17
|
+
<s:Body>
|
|
18
|
+
<SearchDocuments xmlns="http://tempuri.org/">
|
|
19
|
+
<searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
|
|
20
|
+
<b:RegistrationNo>1</b:RegistrationNo>
|
|
21
|
+
</searchCriteria>
|
|
22
|
+
<ds:Signature/>
|
|
23
|
+
</SearchDocuments>
|
|
24
|
+
</s:Body>
|
|
25
|
+
</s:Envelope>
|
data/spec/signer_spec.rb
CHANGED
|
@@ -139,4 +139,32 @@ describe Signer do
|
|
|
139
139
|
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
|
|
140
140
|
end
|
|
141
141
|
|
|
142
|
+
it "should digest and sign SOAP XML with security node and digested binary token with noblanks diabled" do
|
|
143
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
|
|
144
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
145
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
146
|
+
|
|
147
|
+
signer = Signer.new(File.read(input_xml_file), noblanks: false)
|
|
148
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
|
149
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
150
|
+
signer.security_node = signer.document.at_xpath('//soap:Header/wsse:Security', soap: 'http://www.w3.org/2003/05/soap-envelope', wsse: Signer::WSSE_NAMESPACE)
|
|
151
|
+
|
|
152
|
+
signer.document.xpath("//u:Timestamp", { "u" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" }).each do |node|
|
|
153
|
+
signer.digest!(node)
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
signer.document.xpath("//a:To", { "a" => "http://www.w3.org/2005/08/addressing" }).each do |node|
|
|
157
|
+
signer.digest!(node)
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
signer.digest!(signer.binary_security_token_node)
|
|
161
|
+
|
|
162
|
+
signer.sign!
|
|
163
|
+
|
|
164
|
+
output_xml_file = File.join(File.dirname(__FILE__),
|
|
165
|
+
'fixtures',
|
|
166
|
+
'output_4_with_nested_signatures_with_noblanks_disabled.xml')
|
|
167
|
+
|
|
168
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(:save_with => 0)
|
|
169
|
+
end
|
|
142
170
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: signer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Edgars Beigarts
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-01-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -77,6 +77,7 @@ files:
|
|
|
77
77
|
- spec/fixtures/output_2.xml
|
|
78
78
|
- spec/fixtures/output_3_c14n_comments.xml
|
|
79
79
|
- spec/fixtures/output_4_with_nested_signatures.xml
|
|
80
|
+
- spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
|
|
80
81
|
- spec/signer_spec.rb
|
|
81
82
|
- spec/spec_helper.rb
|
|
82
83
|
homepage: ''
|
|
@@ -90,7 +91,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
90
91
|
requirements:
|
|
91
92
|
- - ">="
|
|
92
93
|
- !ruby/object:Gem::Version
|
|
93
|
-
version:
|
|
94
|
+
version: 2.1.0
|
|
94
95
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
95
96
|
requirements:
|
|
96
97
|
- - ">="
|
|
@@ -98,7 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
98
99
|
version: '0'
|
|
99
100
|
requirements: []
|
|
100
101
|
rubyforge_project:
|
|
101
|
-
rubygems_version: 2.4.
|
|
102
|
+
rubygems_version: 2.4.3
|
|
102
103
|
signing_key:
|
|
103
104
|
specification_version: 4
|
|
104
105
|
summary: WS Security XML signer
|
|
@@ -115,5 +116,6 @@ test_files:
|
|
|
115
116
|
- spec/fixtures/output_2.xml
|
|
116
117
|
- spec/fixtures/output_3_c14n_comments.xml
|
|
117
118
|
- spec/fixtures/output_4_with_nested_signatures.xml
|
|
119
|
+
- spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
|
|
118
120
|
- spec/signer_spec.rb
|
|
119
121
|
- spec/spec_helper.rb
|