signer 1.5.1 → 1.6.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a37c55f9fdbf134383fd475503fbd47cee739f42
4
- data.tar.gz: 60999a93aa7427c4a132c75985a915f7d18a2995
3
+ metadata.gz: 1ee493581c699bac6cedcc5dade885fe7901bebe
4
+ data.tar.gz: 3e2e76ecef50b8830f0c1b46cfe294734b747698
5
5
  SHA512:
6
- metadata.gz: 47fdf2988627bbf355ac5ab6a1ffe80bbe660d7bd6315ec65c3ed96978191653d1f3919270b960685364487910f846970e21f00738c456affea72b6d31695378
7
- data.tar.gz: 00e6ba00e46ab22ef6a9029d0cc1f28b00c04a8b90cfd2a512a84b2d444bea9b627806d5059efd74f7f66312e8b0465adeb66716abb5733941268ab83b87dfb7
6
+ metadata.gz: 2bb34c6474b97a9729a9179343331b8c22ef8313b64160afa3a4079814a3e095a75c5f0456e86263550ba9c985dffefdbad18e542620479313bd81200d2a55d1
7
+ data.tar.gz: 503971e5792ea1cd9ccaba1e988c35693fbd4b3141ffe83564a2c9ccdc34f5c0f48f736fa89bf89dce7417b287b14e4b077ccda0d53d5c62dd8901dc9b3f9016
@@ -1,3 +1,7 @@
1
+ ## 1.6.0 (2017-09-14)
2
+
3
+ - X509 in SecurityTokenReference node (#17, @tiagocasanovapt)
4
+
1
5
  ## 1.5.1 (2017-03-23)
2
6
 
3
7
  - Allow to set up custom xmldsig namespace prefix for Signature node (#14, @Envek)
data/README.md CHANGED
@@ -220,6 +220,15 @@ __NOTE__: To sign XMLs with __GOST R 34.10-2001__, you need to have Ruby compile
220
220
 
221
221
  ## Miscellaneous
222
222
 
223
+ Every new instance of signer has Nokogiri `noblanks` set as default in process of parsing xml file. If you need to disable it, pass optional argument `noblanks: false`.
224
+
225
+ ```ruby
226
+ Signer.new(File.read("example.xml"), noblanks: false)
227
+ ```
228
+
229
+ Available options for the `sign!` method:
230
+ * [:security_token] - Serializes certificate in DER format, encodes it with Base64 and inserts it within a `BinarySecurityToken` tag
231
+
223
232
  If you need to digest a `BinarySecurityToken` tag, you need to construct it yourself **before** signing.
224
233
 
225
234
  ```ruby
@@ -227,7 +236,7 @@ signer.digest!(signer.binary_security_token_node) # Constructing tag and digesti
227
236
  signer.sign! # No need to pass a :security_token option, as we already constructed and inserted this node
228
237
  ```
229
238
 
230
- If you need to use canonicalization with inclusive namespaces you can pass array of namespace prefixes in `:inclusive_namespaces` option in both `digest!` and `sign!` methods.
239
+ * [:inclusive_namespaces] - Array of namespace prefixes which definitions should be added to signed info node during canonicalization
231
240
 
232
241
  If you need `Signature` tags to be in explicit namespace (say, `<ds:Signature>`) instead of to be in implicit default namespace you can specify next option:
233
242
 
@@ -235,8 +244,7 @@ If you need `Signature` tags to be in explicit namespace (say, `<ds:Signature>`)
235
244
  signer.ds_namespace_prefix = 'ds'
236
245
  ```
237
246
 
238
- Every new instance of signer has Nokogiri `noblanks` set as default in process of parsing xml file. If you need to disable it, pass opional argument `noblanks: false`.
247
+ If you need to use canonicalization with inclusive namespaces you can pass array of namespace prefixes in `:inclusive_namespaces` option in both `digest!` and `sign!` methods.
239
248
 
240
- ```ruby
241
- Signer.new(File.read("example.xml"), noblanks: false)
242
- ```
249
+ * [:issuer_serial] - flag to include a `X509Data` node to include information from a `X509Certificate`
250
+ * [:issuer_in_security_token] - flag to include the `X509Data` inside a `SecurityTokenReference` element
@@ -151,6 +151,7 @@ class Signer
151
151
  end
152
152
 
153
153
  # <KeyInfo>
154
+ # <SecurityTokenReference> (optional)
154
155
  # <X509Data>
155
156
  # <X509IssuerSerial>
156
157
  # <X509IssuerName>System.Security.Cryptography.X509Certificates.X500DistinguishedName</X509IssuerName>
@@ -158,8 +159,9 @@ class Signer
158
159
  # </X509IssuerSerial>
159
160
  # <X509Certificate>MIID+jCCAuKgAwIBAgIEAMdxxTANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJTRTEeMBwGA1UEChMVTm9yZGVhIEJhbmsgQUIgKHB1YmwpMScwJQYDVQQDEx5Ob3JkZWEgcm9sZS1jZXJ0aWZpY2F0ZXMgQ0EgMDExFDASBgNVBAUTCzUxNjQwNi0wMTIwMB4XDTA5MDYxMTEyNTAxOVoXDTExMDYxMTEyNTAxOVowcjELMAkGA1UEBhMCU0UxIDAeBgNVBAMMF05vcmRlYSBEZW1vIENlcnRpZmljYXRlMRQwEgYDVQQEDAtDZXJ0aWZpY2F0ZTEUMBIGA1UEKgwLTm9yZGVhIERlbW8xFTATBgNVBAUTDDAwOTU1NzI0Mzc3MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwcgz5AzbxTbsCE51No7fPnSqmQBIMW9OiPkiHotwYQTl+H9qwDvQRyBqHN26tnw7hNvEShd1ZRGUg4drMEXDV5CmKqsAevs9lauWDaHnGKPNHZJ1hNNYXHwymksEz5zMnG8eqRdhb4vOV2FzreJeYpsgx31Bv0aTofHcHVz4uGcCAwEAAaOCASAwggEcMAkGA1UdEwQCMAAwEQYDVR0OBAoECEj6Y9/vU03WMBMGA1UdIAQMMAowCAYGKoVwRwEDMBMGA1UdIwQMMAqACEIFjfLBeTpRMDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3Aubm9yZGVhLnNlL1JDQTAxMA4GA1UdDwEB/wQEAwIGQDCBiAYDVR0fBIGAMH4wfKB6oHiGdmxkYXA6Ly9sZGFwLm5iLnNlL2NuPU5vcmRlYSUyMHJvbGUtY2VydGlmaWNhdGVzJTIwQ0ElMjAwMSxvPU5vcmRlYSUyMEJhbmslMjBBQiUyMChwdWJsKSxjPVNFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwDQYJKoZIhvcNAQEFBQADggEBAEXUv87VpHk51y3TqkMb1MYDqeKvQRE1cNcvhEJhIzdDpXMA9fG0KqvSTT1e0ZI2r78mXDvtTZnpic44jX2XMSmKO6n+1taAXq940tJUhF4arYMUxwDKOso0Doanogug496gipqMlpLgvIhGt06sWjNrvHzp2eGydUFdCsLr2ULqbDcut7g6eMcmrsnrOntjEU/J3hO8gyCeldJ+fI81qarrK/I0MZLR5LWCyVG/SKduoxHLX7JohsbIGyK1qAh9fi8l6X1Rcu80v5inpu71E/DnjbkAZBo7vsj78zzdk7KNliBIqBcIszdJ3dEHRWSI7FspRxyiR0NDm4lpyLwFtfw=</X509Certificate>
160
161
  # </X509Data>
162
+ # </SecurityTokenReference> (optional)
161
163
  # </KeyInfo>
162
- def x509_data_node
164
+ def x509_data_node(issuer_in_security_token = false)
163
165
  issuer_name_node = Nokogiri::XML::Node.new('X509IssuerName', document)
164
166
  issuer_name_node.content = cert.issuer.to_s[1..-1].gsub(/\//, ',')
165
167
 
@@ -177,12 +179,18 @@ class Signer
177
179
  data_node.add_child(issuer_serial_node)
178
180
  data_node.add_child(cetificate_node)
179
181
 
182
+ if issuer_in_security_token
183
+ security_token_reference_node = Nokogiri::XML::Node.new("wsse:SecurityTokenReference", document)
184
+ security_token_reference_node.add_child(data_node)
185
+ end
186
+
180
187
  key_info_node = Nokogiri::XML::Node.new('KeyInfo', document)
181
- key_info_node.add_child(data_node)
188
+ key_info_node.add_child(issuer_in_security_token ? security_token_reference_node : data_node)
182
189
 
183
190
  signed_info_node.add_next_sibling(key_info_node)
184
191
 
185
192
  set_namespace_for_node(key_info_node, DS_NAMESPACE, ds_namespace_prefix)
193
+ set_namespace_for_node(security_token_reference_node, WSSE_NAMESPACE, ds_namespace_prefix) if issuer_in_security_token
186
194
  set_namespace_for_node(data_node, DS_NAMESPACE, ds_namespace_prefix)
187
195
  set_namespace_for_node(issuer_serial_node, DS_NAMESPACE, ds_namespace_prefix)
188
196
  set_namespace_for_node(cetificate_node, DS_NAMESPACE, ds_namespace_prefix)
@@ -268,6 +276,7 @@ class Signer
268
276
  # Available options:
269
277
  # * [+:security_token+] Serializes certificate in DER format, encodes it with Base64 and inserts it within +<BinarySecurityToken>+ tag
270
278
  # * [+:issuer_serial+]
279
+ # * [+:issuer_in_security_token+]
271
280
  # * [+:inclusive_namespaces+] Array of namespace prefixes which definitions should be added to signed info node during canonicalization
272
281
 
273
282
  def sign!(options = {})
@@ -276,7 +285,7 @@ class Signer
276
285
  end
277
286
 
278
287
  if options[:issuer_serial]
279
- x509_data_node
288
+ x509_data_node(options[:issuer_in_security_token])
280
289
  end
281
290
 
282
291
  if options[:inclusive_namespaces]
@@ -1,3 +1,3 @@
1
1
  class Signer
2
- VERSION = '1.5.1'
2
+ VERSION = '1.6.0'
3
3
  end
@@ -0,0 +1,17 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
3
+ <soapenv:Header>
4
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
5
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
6
+ </wsse:Security>
7
+ </soapenv:Header>
8
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body">
9
+ <InitTransactionInput>
10
+ <CustomerId>679155330</CustomerId>
11
+ <Command>GetUserInfo</Command>
12
+ <Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
13
+ <Environment>PRODUCTION</Environment>
14
+ <SoftwareId>Petri</SoftwareId>
15
+ </InitTransactionInput>
16
+ </soapenv:Body>
17
+ </soapenv:Envelope>
@@ -0,0 +1,43 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
3
+ <soapenv:Header>
4
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
5
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
6
+ <ds:SignedInfo>
7
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
8
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
9
+ <ds:Reference URI="#Body">
10
+ <ds:Transforms>
11
+ <Transform xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
12
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"/>
13
+ </Transform>
14
+ </ds:Transforms>
15
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
16
+ <ds:DigestValue>gi4IR3SwMg7auRoEe4//3J5nIw8=</ds:DigestValue>
17
+ </ds:Reference>
18
+ </ds:SignedInfo>
19
+ <ds:SignatureValue>P1eVMjbEbxD131Q5F8syj0ky8dZ1lbl57K6JM3tAk8HE8pFHD50k6jf0FoI/njuqRESq+EKLvNx8akjiQxlLazV/H2uzdZCNJwqtc+78xGrGgWaMlicYwIZKtaiL0qV0eEfHTkYr9l5SrXelZjEzHil/vy1V98Y05lRcuByMI7o=</ds:SignatureValue>
20
+ <ds:KeyInfo>
21
+ <wsse:SecurityTokenReference>
22
+ <ds:X509Data>
23
+ <ds:X509IssuerSerial>
24
+ <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
25
+ <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
26
+ </ds:X509IssuerSerial>
27
+ <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
28
+ </ds:X509Data>
29
+ </wsse:SecurityTokenReference>
30
+ </ds:KeyInfo>
31
+ </ds:Signature>
32
+ </wsse:Security>
33
+ </soapenv:Header>
34
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body">
35
+ <InitTransactionInput>
36
+ <CustomerId>679155330</CustomerId>
37
+ <Command>GetUserInfo</Command>
38
+ <Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
39
+ <Environment>PRODUCTION</Environment>
40
+ <SoftwareId>Petri</SoftwareId>
41
+ </InitTransactionInput>
42
+ </soapenv:Body>
43
+ </soapenv:Envelope>
@@ -0,0 +1,41 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
3
+ <soapenv:Header>
4
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
5
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
6
+ <ds:SignedInfo>
7
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
8
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
9
+ <ds:Reference URI="#Body">
10
+ <ds:Transforms>
11
+ <Transform xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
12
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv"/>
13
+ </Transform>
14
+ </ds:Transforms>
15
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
16
+ <ds:DigestValue>gi4IR3SwMg7auRoEe4//3J5nIw8=</ds:DigestValue>
17
+ </ds:Reference>
18
+ </ds:SignedInfo>
19
+ <ds:SignatureValue>P1eVMjbEbxD131Q5F8syj0ky8dZ1lbl57K6JM3tAk8HE8pFHD50k6jf0FoI/njuqRESq+EKLvNx8akjiQxlLazV/H2uzdZCNJwqtc+78xGrGgWaMlicYwIZKtaiL0qV0eEfHTkYr9l5SrXelZjEzHil/vy1V98Y05lRcuByMI7o=</ds:SignatureValue>
20
+ <ds:KeyInfo>
21
+ <ds:X509Data>
22
+ <ds:X509IssuerSerial>
23
+ <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
24
+ <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
25
+ </ds:X509IssuerSerial>
26
+ <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
27
+ </ds:X509Data>
28
+ </ds:KeyInfo>
29
+ </ds:Signature>
30
+ </wsse:Security>
31
+ </soapenv:Header>
32
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body">
33
+ <InitTransactionInput>
34
+ <CustomerId>679155330</CustomerId>
35
+ <Command>GetUserInfo</Command>
36
+ <Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
37
+ <Environment>PRODUCTION</Environment>
38
+ <SoftwareId>Petri</SoftwareId>
39
+ </InitTransactionInput>
40
+ </soapenv:Body>
41
+ </soapenv:Envelope>
@@ -161,7 +161,7 @@ describe Signer do
161
161
  signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
162
162
  end
163
163
 
164
- it "should digest and sign SOAP XML with security node and digested binary token with noblanks diabled" do
164
+ it "should digest and sign SOAP XML with security node and digested binary token with noblanks disabled" do
165
165
  input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
166
166
  cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
167
167
  private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
@@ -189,4 +189,48 @@ describe Signer do
189
189
 
190
190
  signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(:save_with => 0)
191
191
  end
192
+
193
+ it "should digest and sign SOAP XML with X509Data inside SecurityTokenReference node" do
194
+ input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_5.xml')
195
+ cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
196
+ private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
197
+
198
+ signer = Signer.new(File.read(input_xml_file))
199
+ signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
200
+ signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
201
+
202
+ # digest Body element from XML
203
+ signer.digest!(signer.document.at_xpath('//soapenv:Body'), id: 'Body', inclusive_namespaces: ['soapenv'])
204
+
205
+ # sign data from this request
206
+ signer.sign!(issuer_serial: true, issuer_in_security_token: true)
207
+
208
+ output_xml_file = File.join(File.dirname(__FILE__),
209
+ 'fixtures',
210
+ 'output_5_with_security_token.xml')
211
+
212
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
213
+ end
214
+
215
+ it "should digest and sign SOAP XML with X509Data" do
216
+ input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_5.xml')
217
+ cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
218
+ private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
219
+
220
+ signer = Signer.new(File.read(input_xml_file))
221
+ signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
222
+ signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
223
+
224
+ # digest Body element from XML
225
+ signer.digest!(signer.document.at_xpath('//soapenv:Body'), id: 'Body', inclusive_namespaces: ['soapenv'])
226
+
227
+ # sign data from this request
228
+ signer.sign!(issuer_serial: true)
229
+
230
+ output_xml_file = File.join(File.dirname(__FILE__),
231
+ 'fixtures',
232
+ 'output_5_with_x509_data.xml')
233
+
234
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
235
+ end
192
236
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.1
4
+ version: 1.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edgars Beigarts
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-23 00:00:00.000000000 Z
11
+ date: 2017-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -70,6 +70,7 @@ files:
70
70
  - spec/fixtures/input_2.xml
71
71
  - spec/fixtures/input_3_c14n_comments.xml
72
72
  - spec/fixtures/input_4_with_nested_signatures.xml
73
+ - spec/fixtures/input_5.xml
73
74
  - spec/fixtures/key.pem
74
75
  - spec/fixtures/output_1.xml
75
76
  - spec/fixtures/output_1_inclusive_namespaces.xml
@@ -79,6 +80,8 @@ files:
79
80
  - spec/fixtures/output_3_c14n_comments.xml
80
81
  - spec/fixtures/output_4_with_nested_signatures.xml
81
82
  - spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
83
+ - spec/fixtures/output_5_with_security_token.xml
84
+ - spec/fixtures/output_5_with_x509_data.xml
82
85
  - spec/signer_spec.rb
83
86
  - spec/spec_helper.rb
84
87
  homepage: ''
@@ -100,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
100
103
  version: '0'
101
104
  requirements: []
102
105
  rubyforge_project:
103
- rubygems_version: 2.6.8
106
+ rubygems_version: 2.6.11
104
107
  signing_key:
105
108
  specification_version: 4
106
109
  summary: WS Security XML signer
@@ -110,6 +113,7 @@ test_files:
110
113
  - spec/fixtures/input_2.xml
111
114
  - spec/fixtures/input_3_c14n_comments.xml
112
115
  - spec/fixtures/input_4_with_nested_signatures.xml
116
+ - spec/fixtures/input_5.xml
113
117
  - spec/fixtures/key.pem
114
118
  - spec/fixtures/output_1.xml
115
119
  - spec/fixtures/output_1_inclusive_namespaces.xml
@@ -119,5 +123,7 @@ test_files:
119
123
  - spec/fixtures/output_3_c14n_comments.xml
120
124
  - spec/fixtures/output_4_with_nested_signatures.xml
121
125
  - spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
126
+ - spec/fixtures/output_5_with_security_token.xml
127
+ - spec/fixtures/output_5_with_x509_data.xml
122
128
  - spec/signer_spec.rb
123
129
  - spec/spec_helper.rb