signer 1.6.0 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +21 -0
- data/lib/signer/digester.rb +16 -6
- data/lib/signer/version.rb +1 -1
- data/lib/signer.rb +141 -47
- data/spec/fixtures/output_1_sha256.xml +1 -1
- data/spec/fixtures/output_2.xml +3 -2
- data/spec/fixtures/output_2_legacy.xml +31 -0
- data/spec/fixtures/output_2_with_ds_prefix.xml +29 -28
- data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml +40 -0
- data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled_legacy.xml +38 -0
- data/spec/fixtures/output_2_with_ds_prefix_legacy.xml +31 -0
- data/spec/fixtures/output_5_with_security_token.xml +1 -1
- data/spec/fixtures/output_5_with_x509_data.xml +1 -1
- data/spec/signer_spec.rb +100 -36
- metadata +49 -18
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 7401c27eba7c1c1e0982f73d50841f4597ecc9f03dbcc8ee459812aa20bbb7ae
|
|
4
|
+
data.tar.gz: 614b4e14d376489299b3476b26838e71131604df13b5200ebf9fd8e4b712bdb1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 77e5d5dcdde818d0713b7d9bb859c8c7ed0c0f0aa90969b4d48c385463d0bf07aead94e1cd8844c7cc943023ceb0c2682ccf5fb31bfa9be92e69349011ba582c
|
|
7
|
+
data.tar.gz: 308cb0b72d15012366e26bfed84aef33b39126d6b5e1af466a919ae32bc58fec24cbc8651abee5cf61e3aabc096493d71a6ad5d68523916fc63c87d87b403644
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,24 @@
|
|
|
1
|
+
## 1.10.0 (2021-10-22)
|
|
2
|
+
|
|
3
|
+
- Ensure compatibility with Nokogiri 1.12.4+ (#31, @flavorjones)
|
|
4
|
+
- fix #26: add xml-exc-c14n Transform when :enveloped option is true. (#27, @kunxi)
|
|
5
|
+
|
|
6
|
+
## 1.9.0 (2019-04-16)
|
|
7
|
+
|
|
8
|
+
- Refactor digest!() method for better extensibility, add GOST-R 34.10/11-2012 algorithms, fix digest node ID reference, cleanup (#22, @netcitylife)
|
|
9
|
+
|
|
10
|
+
## 1.8.0 (2018-11-14)
|
|
11
|
+
|
|
12
|
+
- Add parameter to customize canonicalize algorithm (#19, @pistachiology)
|
|
13
|
+
- Add references node type on digest (for xades-bes signing properties) (#19, @pistachiology)
|
|
14
|
+
- change issuer x509 content to be more standard way (#19, @pistachiology)
|
|
15
|
+
|
|
16
|
+
## 1.7.0 (2018-11-06)
|
|
17
|
+
|
|
18
|
+
- Add wss option for XML only signing (#18, @pistachiology)
|
|
19
|
+
- Add support for SHA512 Digest
|
|
20
|
+
- Rename id for SHA256 Digest
|
|
21
|
+
|
|
1
22
|
## 1.6.0 (2017-09-14)
|
|
2
23
|
|
|
3
24
|
- X509 in SecurityTokenReference node (#17, @tiagocasanovapt)
|
data/lib/signer/digester.rb
CHANGED
|
@@ -12,9 +12,15 @@ class Signer
|
|
|
12
12
|
},
|
|
13
13
|
# SHA 256
|
|
14
14
|
sha256: {
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
15
|
+
name: 'SHA256',
|
|
16
|
+
id: 'http://www.w3.org/2001/04/xmlenc#sha256',
|
|
17
|
+
digester: lambda { OpenSSL::Digest::SHA256.new },
|
|
18
|
+
},
|
|
19
|
+
# SHA512
|
|
20
|
+
sha512: {
|
|
21
|
+
name: 'SHA512',
|
|
22
|
+
id: 'http://www.w3.org/2001/04/xmlenc#sha512',
|
|
23
|
+
digester: lambda { OpenSSL::Digest::SHA512.new },
|
|
18
24
|
},
|
|
19
25
|
# GOST R 34-11 94
|
|
20
26
|
gostr3411: {
|
|
@@ -22,7 +28,13 @@ class Signer
|
|
|
22
28
|
id: 'http://www.w3.org/2001/04/xmldsig-more#gostr3411',
|
|
23
29
|
digester: lambda { OpenSSL::Digest.new('md_gost94') },
|
|
24
30
|
},
|
|
25
|
-
|
|
31
|
+
# GOST R 34-11 2012 256 bit
|
|
32
|
+
gostr34112012_256: {
|
|
33
|
+
name: 'GOST R 34.11-2012 256',
|
|
34
|
+
id: 'urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256',
|
|
35
|
+
digester: lambda { begin OpenSSL::Digest.new('streebog256') rescue OpenSSL::Digest.new('md_gost12_256') end },
|
|
36
|
+
},
|
|
37
|
+
}.freeze
|
|
26
38
|
|
|
27
39
|
# Class that holds +OpenSSL::Digest+ instance with some meta information for digesting in XML.
|
|
28
40
|
class Digester
|
|
@@ -63,7 +75,5 @@ class Signer
|
|
|
63
75
|
def digest_id
|
|
64
76
|
@digest_info[:id]
|
|
65
77
|
end
|
|
66
|
-
|
|
67
78
|
end
|
|
68
|
-
|
|
69
79
|
end
|
data/lib/signer/version.rb
CHANGED
data/lib/signer.rb
CHANGED
|
@@ -7,24 +7,89 @@ require "signer/digester"
|
|
|
7
7
|
require "signer/version"
|
|
8
8
|
|
|
9
9
|
class Signer
|
|
10
|
-
attr_accessor :document, :private_key, :signature_algorithm_id, :ds_namespace_prefix
|
|
10
|
+
attr_accessor :document, :private_key, :signature_algorithm_id, :ds_namespace_prefix, :wss
|
|
11
11
|
attr_reader :cert
|
|
12
12
|
attr_writer :security_node, :signature_node, :security_token_id
|
|
13
13
|
|
|
14
|
-
WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
|
|
15
|
-
WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
|
|
16
|
-
DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
|
|
17
|
-
|
|
18
|
-
|
|
14
|
+
WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'.freeze
|
|
15
|
+
WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'.freeze
|
|
16
|
+
DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'.freeze
|
|
17
|
+
|
|
18
|
+
SIGNATURE_ALGORITHM = {
|
|
19
|
+
# SHA 1
|
|
20
|
+
sha1: {
|
|
21
|
+
id: 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
|
22
|
+
name: 'SHA1'
|
|
23
|
+
},
|
|
24
|
+
# SHA 256
|
|
25
|
+
sha256: {
|
|
26
|
+
id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
|
|
27
|
+
name: 'SHA256'
|
|
28
|
+
},
|
|
29
|
+
# SHA512
|
|
30
|
+
sha512: {
|
|
31
|
+
id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
|
|
32
|
+
name: 'SHA512'
|
|
33
|
+
},
|
|
34
|
+
# GOST R 34-11 94
|
|
35
|
+
gostr3411: {
|
|
36
|
+
id: 'http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411',
|
|
37
|
+
name: 'GOST R 34.11-94'
|
|
38
|
+
},
|
|
39
|
+
# GOST R 34-11 2012 256 bit
|
|
40
|
+
gostr34112012_256: {
|
|
41
|
+
id: 'urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256',
|
|
42
|
+
name: 'GOST R 34.11-2012 256',
|
|
43
|
+
},
|
|
44
|
+
}.freeze
|
|
45
|
+
|
|
46
|
+
CANONICALIZE_ALGORITHM = {
|
|
47
|
+
c14n_exec_1_0: {
|
|
48
|
+
name: 'c14n execlusive 1.0',
|
|
49
|
+
value: Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0,
|
|
50
|
+
id: 'http://www.w3.org/2001/10/xml-exc-c14n#'
|
|
51
|
+
},
|
|
52
|
+
c14n_1_0: {
|
|
53
|
+
name: 'c14n 1.0',
|
|
54
|
+
value: Nokogiri::XML::XML_C14N_1_0,
|
|
55
|
+
id: 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
|
|
56
|
+
},
|
|
57
|
+
c14n_1_1: {
|
|
58
|
+
name: 'c14n 1.1',
|
|
59
|
+
value: Nokogiri::XML::XML_C14N_1_1,
|
|
60
|
+
id: 'https://www.w3.org/TR/2008/REC-xml-c14n11-20080502/'
|
|
61
|
+
}
|
|
62
|
+
}.freeze
|
|
63
|
+
|
|
64
|
+
def initialize(document, noblanks: true, wss: true, canonicalize_algorithm: :c14n_exec_1_0)
|
|
19
65
|
self.document = Nokogiri::XML(document.to_s) do |config|
|
|
20
66
|
config.noblanks if noblanks
|
|
21
67
|
end
|
|
68
|
+
self.document.namespace_inheritance = true if self.document.respond_to?(:namespace_inheritance)
|
|
22
69
|
self.digest_algorithm = :sha1
|
|
23
|
-
self.
|
|
70
|
+
self.wss = wss
|
|
71
|
+
self.canonicalize_algorithm = canonicalize_algorithm
|
|
72
|
+
self.signature_digest_algorithm = :sha1
|
|
24
73
|
end
|
|
25
74
|
|
|
26
75
|
def to_xml
|
|
27
|
-
document.to_xml(:
|
|
76
|
+
document.to_xml(save_with: 0)
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def canonicalize_name
|
|
80
|
+
@canonicalize_algorithm[:name]
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def canonicalize_id
|
|
84
|
+
@canonicalize_algorithm[:id]
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def canonicalize_algorithm
|
|
88
|
+
@canonicalize_algorithm[:value]
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def canonicalize_algorithm=(algorithm)
|
|
92
|
+
@canonicalize_algorithm = CANONICALIZE_ALGORITHM[algorithm]
|
|
28
93
|
end
|
|
29
94
|
|
|
30
95
|
# Return symbol name for supported digest algorithms and string name for custom ones.
|
|
@@ -49,6 +114,7 @@ class Signer
|
|
|
49
114
|
# Allows to change digesting algorithm for signature creation. Same as +digest_algorithm=+
|
|
50
115
|
def signature_digest_algorithm=(algorithm)
|
|
51
116
|
@sign_digester = Signer::Digester.new(algorithm)
|
|
117
|
+
self.signature_algorithm_id = SIGNATURE_ALGORITHM[algorithm][:id]
|
|
52
118
|
end
|
|
53
119
|
|
|
54
120
|
# Receives certificate for signing and tries to guess a digest algorithm for signature creation.
|
|
@@ -58,25 +124,21 @@ class Signer
|
|
|
58
124
|
@cert = certificate
|
|
59
125
|
# Try to guess a digest algorithm for signature creation
|
|
60
126
|
case @cert.signature_algorithm
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
self.signature_algorithm_id = 'http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411'
|
|
64
|
-
# Add clauses for other types of keys that require other digest algorithms and identifiers
|
|
65
|
-
else # most common 'sha1WithRSAEncryption' type included here
|
|
66
|
-
self.set_default_signature_method! # Reset any changes as they can become malformed
|
|
127
|
+
when 'GOST R 34.11-94 with GOST R 34.10-2001'
|
|
128
|
+
self.signature_digest_algorithm = :gostr3411
|
|
67
129
|
end
|
|
68
130
|
end
|
|
69
131
|
|
|
70
132
|
def security_token_id
|
|
71
|
-
@security_token_id ||= "uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"
|
|
133
|
+
@security_token_id ||= wss? ? "uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1" : ""
|
|
72
134
|
end
|
|
73
135
|
|
|
74
136
|
def security_node
|
|
75
|
-
@security_node ||= document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first
|
|
137
|
+
@security_node ||= wss? ? document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first : ''
|
|
76
138
|
end
|
|
77
139
|
|
|
78
|
-
def canonicalize(node = document, inclusive_namespaces=nil)
|
|
79
|
-
node.canonicalize(
|
|
140
|
+
def canonicalize(node = document, inclusive_namespaces=nil, algorithm: canonicalize_algorithm)
|
|
141
|
+
node.canonicalize(algorithm, inclusive_namespaces, nil)
|
|
80
142
|
end
|
|
81
143
|
|
|
82
144
|
# <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
|
@@ -104,7 +166,7 @@ class Signer
|
|
|
104
166
|
signature_node.add_child(node)
|
|
105
167
|
set_namespace_for_node(node, DS_NAMESPACE, ds_namespace_prefix)
|
|
106
168
|
canonicalization_method_node = Nokogiri::XML::Node.new('CanonicalizationMethod', document)
|
|
107
|
-
canonicalization_method_node['Algorithm'] =
|
|
169
|
+
canonicalization_method_node['Algorithm'] = canonicalize_id
|
|
108
170
|
node.add_child(canonicalization_method_node)
|
|
109
171
|
set_namespace_for_node(canonicalization_method_node, DS_NAMESPACE, ds_namespace_prefix)
|
|
110
172
|
signature_method_node = Nokogiri::XML::Node.new('SignatureMethod', document)
|
|
@@ -127,6 +189,7 @@ class Signer
|
|
|
127
189
|
# </o:SecurityTokenReference>
|
|
128
190
|
# </KeyInfo>
|
|
129
191
|
def binary_security_token_node
|
|
192
|
+
return unless wss?
|
|
130
193
|
node = document.at_xpath('wsse:BinarySecurityToken', wsse: WSSE_NAMESPACE)
|
|
131
194
|
unless node
|
|
132
195
|
node = Nokogiri::XML::Node.new('BinarySecurityToken', document)
|
|
@@ -163,7 +226,7 @@ class Signer
|
|
|
163
226
|
# </KeyInfo>
|
|
164
227
|
def x509_data_node(issuer_in_security_token = false)
|
|
165
228
|
issuer_name_node = Nokogiri::XML::Node.new('X509IssuerName', document)
|
|
166
|
-
issuer_name_node.content = cert.issuer.to_s
|
|
229
|
+
issuer_name_node.content = cert.issuer.to_s(OpenSSL::X509::Name::RFC2253)
|
|
167
230
|
|
|
168
231
|
issuer_number_node = Nokogiri::XML::Node.new('X509SerialNumber', document)
|
|
169
232
|
issuer_number_node.content = cert.serial
|
|
@@ -173,7 +236,7 @@ class Signer
|
|
|
173
236
|
issuer_serial_node.add_child(issuer_number_node)
|
|
174
237
|
|
|
175
238
|
cetificate_node = Nokogiri::XML::Node.new('X509Certificate', document)
|
|
176
|
-
cetificate_node.content = Base64.encode64(cert.to_der).
|
|
239
|
+
cetificate_node.content = Base64.encode64(cert.to_der).delete("\n")
|
|
177
240
|
|
|
178
241
|
data_node = Nokogiri::XML::Node.new('X509Data', document)
|
|
179
242
|
data_node.add_child(issuer_serial_node)
|
|
@@ -208,6 +271,8 @@ class Signer
|
|
|
208
271
|
# * [+:id+] Id for the node, if you don't want to use automatically calculated one
|
|
209
272
|
# * [+:inclusive_namespaces+] Array of namespace prefixes which definitions should be added to node during canonicalization
|
|
210
273
|
# * [+:enveloped+]
|
|
274
|
+
# * [+:enveloped_legacy+] add solely `enveloped-signature` in `Transforms` with :enveloped:.
|
|
275
|
+
# * [+:ref_type+] add `Type` attribute to Reference node, if ref_type is not nil
|
|
211
276
|
#
|
|
212
277
|
# Example of XML that will be inserted in message for call like <tt>digest!(node, inclusive_namespaces: ['soap'])</tt>:
|
|
213
278
|
#
|
|
@@ -222,42 +287,41 @@ class Signer
|
|
|
222
287
|
# </Reference>
|
|
223
288
|
|
|
224
289
|
def digest!(target_node, options = {})
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
290
|
+
if wss?
|
|
291
|
+
wsu_ns = namespace_prefix(target_node, WSU_NAMESPACE)
|
|
292
|
+
current_id = target_node["#{wsu_ns}:Id"] if wsu_ns
|
|
293
|
+
id = options[:id] || current_id || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
|
|
294
|
+
unless id.to_s.empty?
|
|
295
|
+
wsu_ns ||= namespace_prefix(target_node, WSU_NAMESPACE, 'wsu')
|
|
296
|
+
target_node["#{wsu_ns}:Id"] = id.to_s
|
|
297
|
+
end
|
|
298
|
+
elsif target_node['Id'].nil?
|
|
299
|
+
id = options[:id] || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
|
|
300
|
+
target_node['Id'] = id.to_s unless id.empty?
|
|
301
|
+
else
|
|
302
|
+
id = options[:id] || target_node['Id']
|
|
231
303
|
end
|
|
304
|
+
|
|
232
305
|
target_canon = canonicalize(target_node, options[:inclusive_namespaces])
|
|
233
306
|
target_digest = Base64.encode64(@digester.digest(target_canon)).strip
|
|
234
307
|
|
|
235
308
|
reference_node = Nokogiri::XML::Node.new('Reference', document)
|
|
236
309
|
reference_node['URI'] = id.to_s.size > 0 ? "##{id}" : ""
|
|
310
|
+
reference_node['Type'] = options[:ref_type] if options[:ref_type]
|
|
311
|
+
|
|
237
312
|
signed_info_node.add_child(reference_node)
|
|
238
313
|
set_namespace_for_node(reference_node, DS_NAMESPACE, ds_namespace_prefix)
|
|
239
314
|
|
|
240
315
|
transforms_node = Nokogiri::XML::Node.new('Transforms', document)
|
|
241
|
-
reference_node.add_child(transforms_node)
|
|
316
|
+
reference_node.add_child(transforms_node) unless options[:no_transform]
|
|
242
317
|
set_namespace_for_node(transforms_node, DS_NAMESPACE, ds_namespace_prefix)
|
|
243
318
|
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
if options[:enveloped]
|
|
247
|
-
transform_node['Algorithm'] = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'
|
|
248
|
-
else
|
|
249
|
-
transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
|
|
250
|
-
end
|
|
251
|
-
if options[:inclusive_namespaces]
|
|
252
|
-
inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
|
|
253
|
-
inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
|
|
254
|
-
inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
|
|
255
|
-
transform_node.add_child(inclusive_namespaces_node)
|
|
256
|
-
end
|
|
257
|
-
transforms_node.add_child(transform_node)
|
|
319
|
+
# create reference + transforms node
|
|
320
|
+
transform!(transforms_node, options)
|
|
258
321
|
|
|
259
322
|
digest_method_node = Nokogiri::XML::Node.new('DigestMethod', document)
|
|
260
323
|
digest_method_node['Algorithm'] = @digester.digest_id
|
|
324
|
+
|
|
261
325
|
reference_node.add_child(digest_method_node)
|
|
262
326
|
set_namespace_for_node(digest_method_node, DS_NAMESPACE, ds_namespace_prefix)
|
|
263
327
|
|
|
@@ -299,7 +363,7 @@ class Signer
|
|
|
299
363
|
signed_info_canon = canonicalize(signed_info_node, options[:inclusive_namespaces])
|
|
300
364
|
|
|
301
365
|
signature = private_key.sign(@sign_digester.digester, signed_info_canon)
|
|
302
|
-
signature_value_digest = Base64.encode64(signature).
|
|
366
|
+
signature_value_digest = Base64.encode64(signature).delete("\n")
|
|
303
367
|
|
|
304
368
|
signature_value_node = Nokogiri::XML::Node.new('SignatureValue', document)
|
|
305
369
|
signature_value_node.content = signature_value_digest
|
|
@@ -310,10 +374,40 @@ class Signer
|
|
|
310
374
|
|
|
311
375
|
protected
|
|
312
376
|
|
|
313
|
-
#
|
|
314
|
-
def
|
|
315
|
-
|
|
316
|
-
|
|
377
|
+
# Create transform nodes
|
|
378
|
+
def transform_node(algorithm, options)
|
|
379
|
+
transform_node = Nokogiri::XML::Node.new('Transform', document)
|
|
380
|
+
set_namespace_for_node(transform_node, DS_NAMESPACE, ds_namespace_prefix)
|
|
381
|
+
transform_node['Algorithm'] = algorithm
|
|
382
|
+
|
|
383
|
+
if options[:inclusive_namespaces]
|
|
384
|
+
inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
|
|
385
|
+
inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
|
|
386
|
+
inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
|
|
387
|
+
transform_node.add_child(inclusive_namespaces_node)
|
|
388
|
+
end
|
|
389
|
+
|
|
390
|
+
transform_node
|
|
391
|
+
end
|
|
392
|
+
|
|
393
|
+
def transform!(transforms_node, options)
|
|
394
|
+
# With PR-26, a new flag :enveloped_legacy is introduced for backward compatibility, the logics are:
|
|
395
|
+
# - :enveloped is false, include xml-exc-c14n
|
|
396
|
+
# - :enveloped is true, include xml-exc-c14n and enveloped-signature
|
|
397
|
+
# - :enveloped is true and :enveloped_legacy is true, include enveloped-signature.
|
|
398
|
+
|
|
399
|
+
if options[:enveloped] && options[:enveloped_legacy]
|
|
400
|
+
transforms_node.add_child(transform_node('http://www.w3.org/2000/09/xmldsig#enveloped-signature', options))
|
|
401
|
+
return
|
|
402
|
+
end
|
|
403
|
+
|
|
404
|
+
transforms_node.add_child(transform_node('http://www.w3.org/2001/10/xml-exc-c14n#', options))
|
|
405
|
+
transforms_node.add_child(transform_node('http://www.w3.org/2000/09/xmldsig#enveloped-signature', options)) if options[:enveloped]
|
|
406
|
+
end
|
|
407
|
+
|
|
408
|
+
# Check are we using ws security?
|
|
409
|
+
def wss?
|
|
410
|
+
wss
|
|
317
411
|
end
|
|
318
412
|
|
|
319
413
|
##
|
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
|
-
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action><a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"><wsurandom:Timestamp><wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created><wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires></wsurandom:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/
|
|
2
|
+
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action><a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"><wsurandom:Timestamp><wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created><wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires></wsurandom:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><Reference URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>2ca0eR2o1+y/CovNwnle3yEK1wI+ztlKQfCqcGvoSAA=</DigestValue></Reference></SignedInfo><SignatureValue>PoUuYfxElOzG8Dw8/zdDrgPXxbFpj+Gxz4Fi7KDJ0XUgUNcQ6/Tk871cwdFA641Pkqo2DvyD2RIylXEuaY57abDQ4JTB86KCqrdt1cgAecn/lqfoojdTflrq+ugc1JGm6UZFQRcHrW4m2wjQgWFFAPFwNnRVdNGTRf5SHtmbMvc=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Security></s:Header><s:Body><SearchDocuments xmlns="http://tempuri.org/"><searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><b:RegistrationNo>1</b:RegistrationNo></searchCriteria></SearchDocuments></s:Body></s:Envelope>
|
data/spec/fixtures/output_2.xml
CHANGED
|
@@ -11,17 +11,18 @@
|
|
|
11
11
|
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
12
|
<Reference URI="">
|
|
13
13
|
<Transforms>
|
|
14
|
+
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
14
15
|
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
15
16
|
</Transforms>
|
|
16
17
|
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
17
18
|
<DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</DigestValue>
|
|
18
19
|
</Reference>
|
|
19
20
|
</SignedInfo>
|
|
20
|
-
<SignatureValue>
|
|
21
|
+
<SignatureValue>pjz9q0RI02SGuFs3ok+qQjKKyibAG+dScZBIxmWebD4JmfjIMOCTvk7RR1S5ZqJqkDp2kMV4DOBg+AqJAEu9ZO6gBBceCfYHYgmdvKWz3Ex42fyRYjfZlnR/7Vxk94VJ806J/H+7n2TBJlSndkMGJ2X8agKq1Zto0ip/k2qDfm4=</SignatureValue>
|
|
21
22
|
<KeyInfo>
|
|
22
23
|
<X509Data>
|
|
23
24
|
<X509IssuerSerial>
|
|
24
|
-
<X509IssuerName>
|
|
25
|
+
<X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</X509IssuerName>
|
|
25
26
|
<X509SerialNumber>16503368396260674861</X509SerialNumber>
|
|
26
27
|
</X509IssuerSerial>
|
|
27
28
|
<X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</X509Certificate>
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
3
|
+
<CustomerId>679155330</CustomerId>
|
|
4
|
+
<Command>GetUserInfo</Command>
|
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
6
|
+
<Environment>PRODUCTION</Environment>
|
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
|
8
|
+
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
|
9
|
+
<SignedInfo>
|
|
10
|
+
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
11
|
+
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
|
+
<Reference URI="">
|
|
13
|
+
<Transforms>
|
|
14
|
+
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
15
|
+
</Transforms>
|
|
16
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
17
|
+
<DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</DigestValue>
|
|
18
|
+
</Reference>
|
|
19
|
+
</SignedInfo>
|
|
20
|
+
<SignatureValue>HpRIiW6/yGyAI0AwVaaGp3PltD3JOCFfxZLVt+kQD05u1tz9EA91/5CbvCNfn1ljoObMSGe3+W9gXFZewCXANu5VXMnt+FeZ42QYNuYj2oUCFaWlg3NcThWnehE1W/R+QPLJVgk4RxpSntNLK0WWtFy79JbAh0NO4CcD84/HEo8=</SignatureValue>
|
|
21
|
+
<KeyInfo>
|
|
22
|
+
<X509Data>
|
|
23
|
+
<X509IssuerSerial>
|
|
24
|
+
<X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</X509IssuerName>
|
|
25
|
+
<X509SerialNumber>16503368396260674861</X509SerialNumber>
|
|
26
|
+
</X509IssuerSerial>
|
|
27
|
+
<X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</X509Certificate>
|
|
28
|
+
</X509Data>
|
|
29
|
+
</KeyInfo>
|
|
30
|
+
</Signature>
|
|
31
|
+
</ApplicationRequest>
|
|
@@ -1,31 +1,32 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
2
|
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
3
|
+
<CustomerId>679155330</CustomerId>
|
|
4
|
+
<Command>GetUserInfo</Command>
|
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
6
|
+
<Environment>PRODUCTION</Environment>
|
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
9
|
+
<ds:SignedInfo>
|
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
|
+
<ds:Reference URI="">
|
|
13
|
+
<ds:Transforms>
|
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
15
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
16
|
+
</ds:Transforms>
|
|
17
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
18
|
+
<ds:DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</ds:DigestValue>
|
|
19
|
+
</ds:Reference>
|
|
20
|
+
</ds:SignedInfo>
|
|
21
|
+
<ds:SignatureValue>oh0PAqWsOY+QROz2ks9rJ6wqD8756qC+Gg2uj9lfR75khHS9LBY0jidThh18iynkflluqD1/gA98Hze8raYjmXdw09X7z+kYkxRB/QBY6YkqsWdxSDMhuW63XynrI372bv5p4fC0YjS1lix195qFbk2i0h5LcTByimquzkwEMUk=</ds:SignatureValue>
|
|
22
|
+
<ds:KeyInfo>
|
|
23
|
+
<ds:X509Data>
|
|
24
|
+
<ds:X509IssuerSerial>
|
|
25
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
26
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
27
|
+
</ds:X509IssuerSerial>
|
|
28
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
29
|
+
</ds:X509Data>
|
|
30
|
+
</ds:KeyInfo>
|
|
31
|
+
</ds:Signature>
|
|
31
32
|
</ApplicationRequest>
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
3
|
+
<CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
|
|
4
|
+
<Command>GetUserInfo</Command>
|
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
6
|
+
<Environment>PRODUCTION</Environment>
|
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
9
|
+
<ds:SignedInfo>
|
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
|
+
<ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
|
|
13
|
+
<ds:Transforms>
|
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
15
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
16
|
+
</ds:Transforms>
|
|
17
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
18
|
+
<ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
|
|
19
|
+
</ds:Reference>
|
|
20
|
+
<ds:Reference URI="">
|
|
21
|
+
<ds:Transforms>
|
|
22
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
23
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
24
|
+
</ds:Transforms>
|
|
25
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
26
|
+
<ds:DigestValue>gZjyHqoTlsz5D1JQJEFNvSmtwjk=</ds:DigestValue>
|
|
27
|
+
</ds:Reference>
|
|
28
|
+
</ds:SignedInfo>
|
|
29
|
+
<ds:SignatureValue>Vhsr3WaCPA0dDB6THouzG9/EA0xfhzHzfbyCn1PY8+Y9MMsLpiW0KHOWtAiWLULDN2mFvTFDr90kCZR6YzgdaztbQewiZHeeu7M0WEC5f8VCgfO0N8J7mzOCWHBELHtDzoN+9phTbqDqbX06TH0mszIpZhnsGa4d+Ko3Y+AA3cs=</ds:SignatureValue>
|
|
30
|
+
<ds:KeyInfo>
|
|
31
|
+
<ds:X509Data>
|
|
32
|
+
<ds:X509IssuerSerial>
|
|
33
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
34
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
35
|
+
</ds:X509IssuerSerial>
|
|
36
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
37
|
+
</ds:X509Data>
|
|
38
|
+
</ds:KeyInfo>
|
|
39
|
+
</ds:Signature>
|
|
40
|
+
</ApplicationRequest>
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
3
|
+
<CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
|
|
4
|
+
<Command>GetUserInfo</Command>
|
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
6
|
+
<Environment>PRODUCTION</Environment>
|
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
9
|
+
<ds:SignedInfo>
|
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
|
+
<ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
|
|
13
|
+
<ds:Transforms>
|
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
15
|
+
</ds:Transforms>
|
|
16
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
17
|
+
<ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
|
|
18
|
+
</ds:Reference>
|
|
19
|
+
<ds:Reference URI="">
|
|
20
|
+
<ds:Transforms>
|
|
21
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
22
|
+
</ds:Transforms>
|
|
23
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
24
|
+
<ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
|
|
25
|
+
</ds:Reference>
|
|
26
|
+
</ds:SignedInfo>
|
|
27
|
+
<ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
|
|
28
|
+
<ds:KeyInfo>
|
|
29
|
+
<ds:X509Data>
|
|
30
|
+
<ds:X509IssuerSerial>
|
|
31
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
32
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
33
|
+
</ds:X509IssuerSerial>
|
|
34
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
35
|
+
</ds:X509Data>
|
|
36
|
+
</ds:KeyInfo>
|
|
37
|
+
</ds:Signature>
|
|
38
|
+
</ApplicationRequest>
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
3
|
+
<CustomerId>679155330</CustomerId>
|
|
4
|
+
<Command>GetUserInfo</Command>
|
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
6
|
+
<Environment>PRODUCTION</Environment>
|
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
9
|
+
<ds:SignedInfo>
|
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
|
+
<ds:Reference URI="">
|
|
13
|
+
<ds:Transforms>
|
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
15
|
+
</ds:Transforms>
|
|
16
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
17
|
+
<ds:DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</ds:DigestValue>
|
|
18
|
+
</ds:Reference>
|
|
19
|
+
</ds:SignedInfo>
|
|
20
|
+
<ds:SignatureValue>rOCe8McbIFa4Ul3pnzd/dBjFWoT4JtSghJgzZGLrz17K/j0W1JyaopcZeMD+8M5/GplAlQrJg3ZSkQvY9Sf7WpqZeLYHW17J0ZJpwas+/OOXUEdyUiec7q9OgWsFLH9DBNuJdLKE3CO6w/8tTKQ/kidYnPBXT6FKioNlSJVZsuI=</ds:SignatureValue>
|
|
21
|
+
<ds:KeyInfo>
|
|
22
|
+
<ds:X509Data>
|
|
23
|
+
<ds:X509IssuerSerial>
|
|
24
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
25
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
26
|
+
</ds:X509IssuerSerial>
|
|
27
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
28
|
+
</ds:X509Data>
|
|
29
|
+
</ds:KeyInfo>
|
|
30
|
+
</ds:Signature>
|
|
31
|
+
</ApplicationRequest>
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
<wsse:SecurityTokenReference>
|
|
22
22
|
<ds:X509Data>
|
|
23
23
|
<ds:X509IssuerSerial>
|
|
24
|
-
<ds:X509IssuerName>
|
|
24
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
25
25
|
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
26
26
|
</ds:X509IssuerSerial>
|
|
27
27
|
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
<ds:KeyInfo>
|
|
21
21
|
<ds:X509Data>
|
|
22
22
|
<ds:X509IssuerSerial>
|
|
23
|
-
<ds:X509IssuerName>
|
|
23
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
24
24
|
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
25
25
|
</ds:X509IssuerSerial>
|
|
26
26
|
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
data/spec/signer_spec.rb
CHANGED
|
@@ -27,7 +27,7 @@ describe Signer do
|
|
|
27
27
|
# end
|
|
28
28
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1.xml')
|
|
29
29
|
|
|
30
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
30
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
it "should correctly canonicalize digested nodes (shouldn't account comments)" do
|
|
@@ -44,7 +44,7 @@ describe Signer do
|
|
|
44
44
|
|
|
45
45
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_3_c14n_comments.xml')
|
|
46
46
|
|
|
47
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
47
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
it "should digest and sign SOAP XML with SHA256" do
|
|
@@ -57,7 +57,7 @@ describe Signer do
|
|
|
57
57
|
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
58
58
|
signer.digest_algorithm = :sha256
|
|
59
59
|
signer.signature_digest_algorithm = :sha256
|
|
60
|
-
signer.signature_algorithm_id = 'http://www.w3.org/2001/04/
|
|
60
|
+
signer.signature_algorithm_id = 'http://www.w3.org/2001/04/xmlenc#sha256'
|
|
61
61
|
|
|
62
62
|
signer.digest!(signer.binary_security_token_node)
|
|
63
63
|
|
|
@@ -65,7 +65,7 @@ describe Signer do
|
|
|
65
65
|
|
|
66
66
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_sha256.xml')
|
|
67
67
|
|
|
68
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
68
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
it "should digest and sign SOAP XML with inclusive namespaces" do
|
|
@@ -85,30 +85,37 @@ describe Signer do
|
|
|
85
85
|
|
|
86
86
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_inclusive_namespaces.xml')
|
|
87
87
|
|
|
88
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
88
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
89
89
|
end
|
|
90
90
|
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
91
|
+
[
|
|
92
|
+
[{ enveloped: true, enveloped_legacy: true }, 'output_2_legacy.xml'],
|
|
93
|
+
[{ enveloped: true, enveloped_legacy: false }, 'output_2.xml'],
|
|
94
|
+
[{ enveloped: true }, 'output_2.xml']
|
|
95
|
+
].each do |options, output_xml|
|
|
96
|
+
it "should sign simple XML with options=#{options}" do
|
|
97
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
|
98
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
99
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
100
|
+
|
|
101
|
+
signer = Signer.new(File.read(input_xml_file))
|
|
102
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
|
103
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
104
|
+
signer.security_node = signer.document.root
|
|
105
|
+
signer.security_token_id = ""
|
|
106
|
+
signer.digest!(signer.document.root, id: "", **options)
|
|
107
|
+
signer.sign!(:issuer_serial => true)
|
|
108
|
+
|
|
109
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml'), "w") do |f|
|
|
110
|
+
# f.write signer.document.to_s
|
|
111
|
+
# end
|
|
112
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', output_xml)
|
|
113
|
+
|
|
114
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
115
|
+
end
|
|
110
116
|
end
|
|
111
117
|
|
|
118
|
+
|
|
112
119
|
it "should digest and sign SOAP XML with security node and digested binary token" do
|
|
113
120
|
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
|
|
114
121
|
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
@@ -136,10 +143,39 @@ describe Signer do
|
|
|
136
143
|
# end
|
|
137
144
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_4_with_nested_signatures.xml')
|
|
138
145
|
|
|
139
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
146
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
[
|
|
150
|
+
[{ enveloped: true, enveloped_legacy: true }, 'output_2_with_ds_prefix_legacy.xml'],
|
|
151
|
+
[{ enveloped: true, enveloped_legacy: false }, 'output_2_with_ds_prefix.xml'],
|
|
152
|
+
[{ enveloped: true }, 'output_2_with_ds_prefix.xml']
|
|
153
|
+
].each do |options, output_xml|
|
|
154
|
+
it "should sign simple XML with custom DS namespace prefix with options=#{options}" do
|
|
155
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
|
156
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
157
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
158
|
+
|
|
159
|
+
signer = Signer.new(File.read(input_xml_file))
|
|
160
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
|
161
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
162
|
+
signer.security_node = signer.document.root
|
|
163
|
+
signer.security_token_id = ""
|
|
164
|
+
signer.ds_namespace_prefix = 'ds'
|
|
165
|
+
|
|
166
|
+
signer.digest!(signer.document.root, id: "", **options)
|
|
167
|
+
signer.sign!(issuer_serial: true)
|
|
168
|
+
|
|
169
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
|
|
170
|
+
# f.write signer.document.to_s
|
|
171
|
+
# end
|
|
172
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', output_xml)
|
|
173
|
+
|
|
174
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
175
|
+
end
|
|
140
176
|
end
|
|
141
177
|
|
|
142
|
-
it "should
|
|
178
|
+
it "should digest simple XML without transforms node" do
|
|
143
179
|
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
|
144
180
|
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
145
181
|
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
@@ -150,15 +186,43 @@ describe Signer do
|
|
|
150
186
|
signer.security_node = signer.document.root
|
|
151
187
|
signer.security_token_id = ""
|
|
152
188
|
signer.ds_namespace_prefix = 'ds'
|
|
153
|
-
signer.digest!(signer.document.root, :id => "", :enveloped => true)
|
|
154
|
-
signer.sign!(:issuer_serial => true)
|
|
155
189
|
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
# end
|
|
159
|
-
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml')
|
|
190
|
+
signer.digest!(signer.document.root, id: "", no_transform: true)
|
|
191
|
+
signer.sign!(issuer_serial: true)
|
|
160
192
|
|
|
161
|
-
signer.
|
|
193
|
+
expect(signer.document.at_xpath('//ds:Transforms', ds: Signer::DS_NAMESPACE)).to be_nil
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
[
|
|
197
|
+
[{ enveloped: true, enveloped_legacy: true }, 'output_2_with_ds_prefix_and_wss_disabled_legacy.xml'],
|
|
198
|
+
[{ enveloped: true, enveloped_legacy: false }, 'output_2_with_ds_prefix_and_wss_disabled.xml'],
|
|
199
|
+
[{ enveloped: true }, 'output_2_with_ds_prefix_and_wss_disabled.xml']
|
|
200
|
+
].each do |options, output_xml|
|
|
201
|
+
it "should partially sign element and simple XML with custom DS namespace prefix when wss is false with options=#{options}" do
|
|
202
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
|
203
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
204
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
205
|
+
|
|
206
|
+
signer = Signer.new(File.read(input_xml_file), wss: false)
|
|
207
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
|
208
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
209
|
+
signer.security_node = signer.document.root
|
|
210
|
+
signer.security_token_id = ""
|
|
211
|
+
signer.ds_namespace_prefix = 'ds'
|
|
212
|
+
|
|
213
|
+
# partially sign element
|
|
214
|
+
signer.digest!(signer.document.root.children.first, **options)
|
|
215
|
+
|
|
216
|
+
signer.digest!(signer.document.root, id: "", **options)
|
|
217
|
+
signer.sign!(issuer_serial: true)
|
|
218
|
+
|
|
219
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml'), "w") do |f|
|
|
220
|
+
# f.write signer.document.to_s
|
|
221
|
+
# end
|
|
222
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', output_xml)
|
|
223
|
+
|
|
224
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
|
|
225
|
+
end
|
|
162
226
|
end
|
|
163
227
|
|
|
164
228
|
it "should digest and sign SOAP XML with security node and digested binary token with noblanks disabled" do
|
|
@@ -187,7 +251,7 @@ describe Signer do
|
|
|
187
251
|
'fixtures',
|
|
188
252
|
'output_4_with_nested_signatures_with_noblanks_disabled.xml')
|
|
189
253
|
|
|
190
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(:
|
|
254
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(save_with: 0)
|
|
191
255
|
end
|
|
192
256
|
|
|
193
257
|
it "should digest and sign SOAP XML with X509Data inside SecurityTokenReference node" do
|
|
@@ -209,7 +273,7 @@ describe Signer do
|
|
|
209
273
|
'fixtures',
|
|
210
274
|
'output_5_with_security_token.xml')
|
|
211
275
|
|
|
212
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
276
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
213
277
|
end
|
|
214
278
|
|
|
215
279
|
it "should digest and sign SOAP XML with X509Data" do
|
|
@@ -231,6 +295,6 @@ describe Signer do
|
|
|
231
295
|
'fixtures',
|
|
232
296
|
'output_5_with_x509_data.xml')
|
|
233
297
|
|
|
234
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
298
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
235
299
|
end
|
|
236
300
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: signer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Edgars Beigarts
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-10-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -45,6 +45,18 @@ dependencies:
|
|
|
45
45
|
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: 1.5.1
|
|
48
|
+
- - "!="
|
|
49
|
+
- !ruby/object:Gem::Version
|
|
50
|
+
version: 1.12.0
|
|
51
|
+
- - "!="
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: 1.12.1
|
|
54
|
+
- - "!="
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: 1.12.2
|
|
57
|
+
- - "!="
|
|
58
|
+
- !ruby/object:Gem::Version
|
|
59
|
+
version: 1.12.3
|
|
48
60
|
type: :runtime
|
|
49
61
|
prerelease: false
|
|
50
62
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -52,6 +64,18 @@ dependencies:
|
|
|
52
64
|
- - ">="
|
|
53
65
|
- !ruby/object:Gem::Version
|
|
54
66
|
version: 1.5.1
|
|
67
|
+
- - "!="
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: 1.12.0
|
|
70
|
+
- - "!="
|
|
71
|
+
- !ruby/object:Gem::Version
|
|
72
|
+
version: 1.12.1
|
|
73
|
+
- - "!="
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: 1.12.2
|
|
76
|
+
- - "!="
|
|
77
|
+
- !ruby/object:Gem::Version
|
|
78
|
+
version: 1.12.3
|
|
55
79
|
description: WS Security XML signer
|
|
56
80
|
email:
|
|
57
81
|
- edgars.beigarts@gmail.com
|
|
@@ -76,7 +100,11 @@ files:
|
|
|
76
100
|
- spec/fixtures/output_1_inclusive_namespaces.xml
|
|
77
101
|
- spec/fixtures/output_1_sha256.xml
|
|
78
102
|
- spec/fixtures/output_2.xml
|
|
103
|
+
- spec/fixtures/output_2_legacy.xml
|
|
79
104
|
- spec/fixtures/output_2_with_ds_prefix.xml
|
|
105
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
|
|
106
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled_legacy.xml
|
|
107
|
+
- spec/fixtures/output_2_with_ds_prefix_legacy.xml
|
|
80
108
|
- spec/fixtures/output_3_c14n_comments.xml
|
|
81
109
|
- spec/fixtures/output_4_with_nested_signatures.xml
|
|
82
110
|
- spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
|
|
@@ -87,7 +115,7 @@ files:
|
|
|
87
115
|
homepage: ''
|
|
88
116
|
licenses: []
|
|
89
117
|
metadata: {}
|
|
90
|
-
post_install_message:
|
|
118
|
+
post_install_message:
|
|
91
119
|
rdoc_options: []
|
|
92
120
|
require_paths:
|
|
93
121
|
- lib
|
|
@@ -102,28 +130,31 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
102
130
|
- !ruby/object:Gem::Version
|
|
103
131
|
version: '0'
|
|
104
132
|
requirements: []
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
signing_key:
|
|
133
|
+
rubygems_version: 3.0.1
|
|
134
|
+
signing_key:
|
|
108
135
|
specification_version: 4
|
|
109
136
|
summary: WS Security XML signer
|
|
110
137
|
test_files:
|
|
138
|
+
- spec/spec_helper.rb
|
|
139
|
+
- spec/fixtures/output_5_with_x509_data.xml
|
|
140
|
+
- spec/fixtures/output_2_with_ds_prefix_legacy.xml
|
|
141
|
+
- spec/fixtures/key.pem
|
|
142
|
+
- spec/fixtures/input_5.xml
|
|
143
|
+
- spec/fixtures/input_4_with_nested_signatures.xml
|
|
111
144
|
- spec/fixtures/cert.pem
|
|
112
145
|
- spec/fixtures/input_1.xml
|
|
113
146
|
- spec/fixtures/input_2.xml
|
|
114
|
-
- spec/fixtures/
|
|
115
|
-
- spec/fixtures/
|
|
116
|
-
- spec/fixtures/input_5.xml
|
|
117
|
-
- spec/fixtures/key.pem
|
|
147
|
+
- spec/fixtures/output_4_with_nested_signatures.xml
|
|
148
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled_legacy.xml
|
|
118
149
|
- spec/fixtures/output_1.xml
|
|
119
|
-
- spec/fixtures/output_1_inclusive_namespaces.xml
|
|
120
|
-
- spec/fixtures/output_1_sha256.xml
|
|
121
150
|
- spec/fixtures/output_2.xml
|
|
122
|
-
- spec/fixtures/
|
|
123
|
-
- spec/fixtures/
|
|
124
|
-
- spec/fixtures/
|
|
151
|
+
- spec/fixtures/output_1_sha256.xml
|
|
152
|
+
- spec/fixtures/input_3_c14n_comments.xml
|
|
153
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
|
|
154
|
+
- spec/fixtures/output_2_legacy.xml
|
|
125
155
|
- spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
|
|
156
|
+
- spec/fixtures/output_3_c14n_comments.xml
|
|
157
|
+
- spec/fixtures/output_2_with_ds_prefix.xml
|
|
158
|
+
- spec/fixtures/output_1_inclusive_namespaces.xml
|
|
126
159
|
- spec/fixtures/output_5_with_security_token.xml
|
|
127
|
-
- spec/fixtures/output_5_with_x509_data.xml
|
|
128
160
|
- spec/signer_spec.rb
|
|
129
|
-
- spec/spec_helper.rb
|