signer 1.6.0 → 1.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +21 -0
- data/lib/signer/digester.rb +16 -6
- data/lib/signer/version.rb +1 -1
- data/lib/signer.rb +141 -47
- data/spec/fixtures/output_1_sha256.xml +1 -1
- data/spec/fixtures/output_2.xml +3 -2
- data/spec/fixtures/output_2_legacy.xml +31 -0
- data/spec/fixtures/output_2_with_ds_prefix.xml +29 -28
- data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml +40 -0
- data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled_legacy.xml +38 -0
- data/spec/fixtures/output_2_with_ds_prefix_legacy.xml +31 -0
- data/spec/fixtures/output_5_with_security_token.xml +1 -1
- data/spec/fixtures/output_5_with_x509_data.xml +1 -1
- data/spec/signer_spec.rb +100 -36
- metadata +49 -18
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 7401c27eba7c1c1e0982f73d50841f4597ecc9f03dbcc8ee459812aa20bbb7ae
|
|
4
|
+
data.tar.gz: 614b4e14d376489299b3476b26838e71131604df13b5200ebf9fd8e4b712bdb1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 77e5d5dcdde818d0713b7d9bb859c8c7ed0c0f0aa90969b4d48c385463d0bf07aead94e1cd8844c7cc943023ceb0c2682ccf5fb31bfa9be92e69349011ba582c
|
|
7
|
+
data.tar.gz: 308cb0b72d15012366e26bfed84aef33b39126d6b5e1af466a919ae32bc58fec24cbc8651abee5cf61e3aabc096493d71a6ad5d68523916fc63c87d87b403644
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,24 @@
|
|
|
1
|
+
## 1.10.0 (2021-10-22)
|
|
2
|
+
|
|
3
|
+
- Ensure compatibility with Nokogiri 1.12.4+ (#31, @flavorjones)
|
|
4
|
+
- fix #26: add xml-exc-c14n Transform when :enveloped option is true. (#27, @kunxi)
|
|
5
|
+
|
|
6
|
+
## 1.9.0 (2019-04-16)
|
|
7
|
+
|
|
8
|
+
- Refactor digest!() method for better extensibility, add GOST-R 34.10/11-2012 algorithms, fix digest node ID reference, cleanup (#22, @netcitylife)
|
|
9
|
+
|
|
10
|
+
## 1.8.0 (2018-11-14)
|
|
11
|
+
|
|
12
|
+
- Add parameter to customize canonicalize algorithm (#19, @pistachiology)
|
|
13
|
+
- Add references node type on digest (for xades-bes signing properties) (#19, @pistachiology)
|
|
14
|
+
- change issuer x509 content to be more standard way (#19, @pistachiology)
|
|
15
|
+
|
|
16
|
+
## 1.7.0 (2018-11-06)
|
|
17
|
+
|
|
18
|
+
- Add wss option for XML only signing (#18, @pistachiology)
|
|
19
|
+
- Add support for SHA512 Digest
|
|
20
|
+
- Rename id for SHA256 Digest
|
|
21
|
+
|
|
1
22
|
## 1.6.0 (2017-09-14)
|
|
2
23
|
|
|
3
24
|
- X509 in SecurityTokenReference node (#17, @tiagocasanovapt)
|
data/lib/signer/digester.rb
CHANGED
|
@@ -12,9 +12,15 @@ class Signer
|
|
|
12
12
|
},
|
|
13
13
|
# SHA 256
|
|
14
14
|
sha256: {
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
15
|
+
name: 'SHA256',
|
|
16
|
+
id: 'http://www.w3.org/2001/04/xmlenc#sha256',
|
|
17
|
+
digester: lambda { OpenSSL::Digest::SHA256.new },
|
|
18
|
+
},
|
|
19
|
+
# SHA512
|
|
20
|
+
sha512: {
|
|
21
|
+
name: 'SHA512',
|
|
22
|
+
id: 'http://www.w3.org/2001/04/xmlenc#sha512',
|
|
23
|
+
digester: lambda { OpenSSL::Digest::SHA512.new },
|
|
18
24
|
},
|
|
19
25
|
# GOST R 34-11 94
|
|
20
26
|
gostr3411: {
|
|
@@ -22,7 +28,13 @@ class Signer
|
|
|
22
28
|
id: 'http://www.w3.org/2001/04/xmldsig-more#gostr3411',
|
|
23
29
|
digester: lambda { OpenSSL::Digest.new('md_gost94') },
|
|
24
30
|
},
|
|
25
|
-
|
|
31
|
+
# GOST R 34-11 2012 256 bit
|
|
32
|
+
gostr34112012_256: {
|
|
33
|
+
name: 'GOST R 34.11-2012 256',
|
|
34
|
+
id: 'urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256',
|
|
35
|
+
digester: lambda { begin OpenSSL::Digest.new('streebog256') rescue OpenSSL::Digest.new('md_gost12_256') end },
|
|
36
|
+
},
|
|
37
|
+
}.freeze
|
|
26
38
|
|
|
27
39
|
# Class that holds +OpenSSL::Digest+ instance with some meta information for digesting in XML.
|
|
28
40
|
class Digester
|
|
@@ -63,7 +75,5 @@ class Signer
|
|
|
63
75
|
def digest_id
|
|
64
76
|
@digest_info[:id]
|
|
65
77
|
end
|
|
66
|
-
|
|
67
78
|
end
|
|
68
|
-
|
|
69
79
|
end
|
data/lib/signer/version.rb
CHANGED
data/lib/signer.rb
CHANGED
|
@@ -7,24 +7,89 @@ require "signer/digester"
|
|
|
7
7
|
require "signer/version"
|
|
8
8
|
|
|
9
9
|
class Signer
|
|
10
|
-
attr_accessor :document, :private_key, :signature_algorithm_id, :ds_namespace_prefix
|
|
10
|
+
attr_accessor :document, :private_key, :signature_algorithm_id, :ds_namespace_prefix, :wss
|
|
11
11
|
attr_reader :cert
|
|
12
12
|
attr_writer :security_node, :signature_node, :security_token_id
|
|
13
13
|
|
|
14
|
-
WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
|
|
15
|
-
WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
|
|
16
|
-
DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
|
|
17
|
-
|
|
18
|
-
|
|
14
|
+
WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'.freeze
|
|
15
|
+
WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'.freeze
|
|
16
|
+
DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'.freeze
|
|
17
|
+
|
|
18
|
+
SIGNATURE_ALGORITHM = {
|
|
19
|
+
# SHA 1
|
|
20
|
+
sha1: {
|
|
21
|
+
id: 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
|
22
|
+
name: 'SHA1'
|
|
23
|
+
},
|
|
24
|
+
# SHA 256
|
|
25
|
+
sha256: {
|
|
26
|
+
id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
|
|
27
|
+
name: 'SHA256'
|
|
28
|
+
},
|
|
29
|
+
# SHA512
|
|
30
|
+
sha512: {
|
|
31
|
+
id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
|
|
32
|
+
name: 'SHA512'
|
|
33
|
+
},
|
|
34
|
+
# GOST R 34-11 94
|
|
35
|
+
gostr3411: {
|
|
36
|
+
id: 'http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411',
|
|
37
|
+
name: 'GOST R 34.11-94'
|
|
38
|
+
},
|
|
39
|
+
# GOST R 34-11 2012 256 bit
|
|
40
|
+
gostr34112012_256: {
|
|
41
|
+
id: 'urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256',
|
|
42
|
+
name: 'GOST R 34.11-2012 256',
|
|
43
|
+
},
|
|
44
|
+
}.freeze
|
|
45
|
+
|
|
46
|
+
CANONICALIZE_ALGORITHM = {
|
|
47
|
+
c14n_exec_1_0: {
|
|
48
|
+
name: 'c14n execlusive 1.0',
|
|
49
|
+
value: Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0,
|
|
50
|
+
id: 'http://www.w3.org/2001/10/xml-exc-c14n#'
|
|
51
|
+
},
|
|
52
|
+
c14n_1_0: {
|
|
53
|
+
name: 'c14n 1.0',
|
|
54
|
+
value: Nokogiri::XML::XML_C14N_1_0,
|
|
55
|
+
id: 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
|
|
56
|
+
},
|
|
57
|
+
c14n_1_1: {
|
|
58
|
+
name: 'c14n 1.1',
|
|
59
|
+
value: Nokogiri::XML::XML_C14N_1_1,
|
|
60
|
+
id: 'https://www.w3.org/TR/2008/REC-xml-c14n11-20080502/'
|
|
61
|
+
}
|
|
62
|
+
}.freeze
|
|
63
|
+
|
|
64
|
+
def initialize(document, noblanks: true, wss: true, canonicalize_algorithm: :c14n_exec_1_0)
|
|
19
65
|
self.document = Nokogiri::XML(document.to_s) do |config|
|
|
20
66
|
config.noblanks if noblanks
|
|
21
67
|
end
|
|
68
|
+
self.document.namespace_inheritance = true if self.document.respond_to?(:namespace_inheritance)
|
|
22
69
|
self.digest_algorithm = :sha1
|
|
23
|
-
self.
|
|
70
|
+
self.wss = wss
|
|
71
|
+
self.canonicalize_algorithm = canonicalize_algorithm
|
|
72
|
+
self.signature_digest_algorithm = :sha1
|
|
24
73
|
end
|
|
25
74
|
|
|
26
75
|
def to_xml
|
|
27
|
-
document.to_xml(:
|
|
76
|
+
document.to_xml(save_with: 0)
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def canonicalize_name
|
|
80
|
+
@canonicalize_algorithm[:name]
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def canonicalize_id
|
|
84
|
+
@canonicalize_algorithm[:id]
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def canonicalize_algorithm
|
|
88
|
+
@canonicalize_algorithm[:value]
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def canonicalize_algorithm=(algorithm)
|
|
92
|
+
@canonicalize_algorithm = CANONICALIZE_ALGORITHM[algorithm]
|
|
28
93
|
end
|
|
29
94
|
|
|
30
95
|
# Return symbol name for supported digest algorithms and string name for custom ones.
|
|
@@ -49,6 +114,7 @@ class Signer
|
|
|
49
114
|
# Allows to change digesting algorithm for signature creation. Same as +digest_algorithm=+
|
|
50
115
|
def signature_digest_algorithm=(algorithm)
|
|
51
116
|
@sign_digester = Signer::Digester.new(algorithm)
|
|
117
|
+
self.signature_algorithm_id = SIGNATURE_ALGORITHM[algorithm][:id]
|
|
52
118
|
end
|
|
53
119
|
|
|
54
120
|
# Receives certificate for signing and tries to guess a digest algorithm for signature creation.
|
|
@@ -58,25 +124,21 @@ class Signer
|
|
|
58
124
|
@cert = certificate
|
|
59
125
|
# Try to guess a digest algorithm for signature creation
|
|
60
126
|
case @cert.signature_algorithm
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
self.signature_algorithm_id = 'http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411'
|
|
64
|
-
# Add clauses for other types of keys that require other digest algorithms and identifiers
|
|
65
|
-
else # most common 'sha1WithRSAEncryption' type included here
|
|
66
|
-
self.set_default_signature_method! # Reset any changes as they can become malformed
|
|
127
|
+
when 'GOST R 34.11-94 with GOST R 34.10-2001'
|
|
128
|
+
self.signature_digest_algorithm = :gostr3411
|
|
67
129
|
end
|
|
68
130
|
end
|
|
69
131
|
|
|
70
132
|
def security_token_id
|
|
71
|
-
@security_token_id ||= "uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"
|
|
133
|
+
@security_token_id ||= wss? ? "uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1" : ""
|
|
72
134
|
end
|
|
73
135
|
|
|
74
136
|
def security_node
|
|
75
|
-
@security_node ||= document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first
|
|
137
|
+
@security_node ||= wss? ? document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first : ''
|
|
76
138
|
end
|
|
77
139
|
|
|
78
|
-
def canonicalize(node = document, inclusive_namespaces=nil)
|
|
79
|
-
node.canonicalize(
|
|
140
|
+
def canonicalize(node = document, inclusive_namespaces=nil, algorithm: canonicalize_algorithm)
|
|
141
|
+
node.canonicalize(algorithm, inclusive_namespaces, nil)
|
|
80
142
|
end
|
|
81
143
|
|
|
82
144
|
# <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
|
@@ -104,7 +166,7 @@ class Signer
|
|
|
104
166
|
signature_node.add_child(node)
|
|
105
167
|
set_namespace_for_node(node, DS_NAMESPACE, ds_namespace_prefix)
|
|
106
168
|
canonicalization_method_node = Nokogiri::XML::Node.new('CanonicalizationMethod', document)
|
|
107
|
-
canonicalization_method_node['Algorithm'] =
|
|
169
|
+
canonicalization_method_node['Algorithm'] = canonicalize_id
|
|
108
170
|
node.add_child(canonicalization_method_node)
|
|
109
171
|
set_namespace_for_node(canonicalization_method_node, DS_NAMESPACE, ds_namespace_prefix)
|
|
110
172
|
signature_method_node = Nokogiri::XML::Node.new('SignatureMethod', document)
|
|
@@ -127,6 +189,7 @@ class Signer
|
|
|
127
189
|
# </o:SecurityTokenReference>
|
|
128
190
|
# </KeyInfo>
|
|
129
191
|
def binary_security_token_node
|
|
192
|
+
return unless wss?
|
|
130
193
|
node = document.at_xpath('wsse:BinarySecurityToken', wsse: WSSE_NAMESPACE)
|
|
131
194
|
unless node
|
|
132
195
|
node = Nokogiri::XML::Node.new('BinarySecurityToken', document)
|
|
@@ -163,7 +226,7 @@ class Signer
|
|
|
163
226
|
# </KeyInfo>
|
|
164
227
|
def x509_data_node(issuer_in_security_token = false)
|
|
165
228
|
issuer_name_node = Nokogiri::XML::Node.new('X509IssuerName', document)
|
|
166
|
-
issuer_name_node.content = cert.issuer.to_s
|
|
229
|
+
issuer_name_node.content = cert.issuer.to_s(OpenSSL::X509::Name::RFC2253)
|
|
167
230
|
|
|
168
231
|
issuer_number_node = Nokogiri::XML::Node.new('X509SerialNumber', document)
|
|
169
232
|
issuer_number_node.content = cert.serial
|
|
@@ -173,7 +236,7 @@ class Signer
|
|
|
173
236
|
issuer_serial_node.add_child(issuer_number_node)
|
|
174
237
|
|
|
175
238
|
cetificate_node = Nokogiri::XML::Node.new('X509Certificate', document)
|
|
176
|
-
cetificate_node.content = Base64.encode64(cert.to_der).
|
|
239
|
+
cetificate_node.content = Base64.encode64(cert.to_der).delete("\n")
|
|
177
240
|
|
|
178
241
|
data_node = Nokogiri::XML::Node.new('X509Data', document)
|
|
179
242
|
data_node.add_child(issuer_serial_node)
|
|
@@ -208,6 +271,8 @@ class Signer
|
|
|
208
271
|
# * [+:id+] Id for the node, if you don't want to use automatically calculated one
|
|
209
272
|
# * [+:inclusive_namespaces+] Array of namespace prefixes which definitions should be added to node during canonicalization
|
|
210
273
|
# * [+:enveloped+]
|
|
274
|
+
# * [+:enveloped_legacy+] add solely `enveloped-signature` in `Transforms` with :enveloped:.
|
|
275
|
+
# * [+:ref_type+] add `Type` attribute to Reference node, if ref_type is not nil
|
|
211
276
|
#
|
|
212
277
|
# Example of XML that will be inserted in message for call like <tt>digest!(node, inclusive_namespaces: ['soap'])</tt>:
|
|
213
278
|
#
|
|
@@ -222,42 +287,41 @@ class Signer
|
|
|
222
287
|
# </Reference>
|
|
223
288
|
|
|
224
289
|
def digest!(target_node, options = {})
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
290
|
+
if wss?
|
|
291
|
+
wsu_ns = namespace_prefix(target_node, WSU_NAMESPACE)
|
|
292
|
+
current_id = target_node["#{wsu_ns}:Id"] if wsu_ns
|
|
293
|
+
id = options[:id] || current_id || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
|
|
294
|
+
unless id.to_s.empty?
|
|
295
|
+
wsu_ns ||= namespace_prefix(target_node, WSU_NAMESPACE, 'wsu')
|
|
296
|
+
target_node["#{wsu_ns}:Id"] = id.to_s
|
|
297
|
+
end
|
|
298
|
+
elsif target_node['Id'].nil?
|
|
299
|
+
id = options[:id] || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
|
|
300
|
+
target_node['Id'] = id.to_s unless id.empty?
|
|
301
|
+
else
|
|
302
|
+
id = options[:id] || target_node['Id']
|
|
231
303
|
end
|
|
304
|
+
|
|
232
305
|
target_canon = canonicalize(target_node, options[:inclusive_namespaces])
|
|
233
306
|
target_digest = Base64.encode64(@digester.digest(target_canon)).strip
|
|
234
307
|
|
|
235
308
|
reference_node = Nokogiri::XML::Node.new('Reference', document)
|
|
236
309
|
reference_node['URI'] = id.to_s.size > 0 ? "##{id}" : ""
|
|
310
|
+
reference_node['Type'] = options[:ref_type] if options[:ref_type]
|
|
311
|
+
|
|
237
312
|
signed_info_node.add_child(reference_node)
|
|
238
313
|
set_namespace_for_node(reference_node, DS_NAMESPACE, ds_namespace_prefix)
|
|
239
314
|
|
|
240
315
|
transforms_node = Nokogiri::XML::Node.new('Transforms', document)
|
|
241
|
-
reference_node.add_child(transforms_node)
|
|
316
|
+
reference_node.add_child(transforms_node) unless options[:no_transform]
|
|
242
317
|
set_namespace_for_node(transforms_node, DS_NAMESPACE, ds_namespace_prefix)
|
|
243
318
|
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
if options[:enveloped]
|
|
247
|
-
transform_node['Algorithm'] = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'
|
|
248
|
-
else
|
|
249
|
-
transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
|
|
250
|
-
end
|
|
251
|
-
if options[:inclusive_namespaces]
|
|
252
|
-
inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
|
|
253
|
-
inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
|
|
254
|
-
inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
|
|
255
|
-
transform_node.add_child(inclusive_namespaces_node)
|
|
256
|
-
end
|
|
257
|
-
transforms_node.add_child(transform_node)
|
|
319
|
+
# create reference + transforms node
|
|
320
|
+
transform!(transforms_node, options)
|
|
258
321
|
|
|
259
322
|
digest_method_node = Nokogiri::XML::Node.new('DigestMethod', document)
|
|
260
323
|
digest_method_node['Algorithm'] = @digester.digest_id
|
|
324
|
+
|
|
261
325
|
reference_node.add_child(digest_method_node)
|
|
262
326
|
set_namespace_for_node(digest_method_node, DS_NAMESPACE, ds_namespace_prefix)
|
|
263
327
|
|
|
@@ -299,7 +363,7 @@ class Signer
|
|
|
299
363
|
signed_info_canon = canonicalize(signed_info_node, options[:inclusive_namespaces])
|
|
300
364
|
|
|
301
365
|
signature = private_key.sign(@sign_digester.digester, signed_info_canon)
|
|
302
|
-
signature_value_digest = Base64.encode64(signature).
|
|
366
|
+
signature_value_digest = Base64.encode64(signature).delete("\n")
|
|
303
367
|
|
|
304
368
|
signature_value_node = Nokogiri::XML::Node.new('SignatureValue', document)
|
|
305
369
|
signature_value_node.content = signature_value_digest
|
|
@@ -310,10 +374,40 @@ class Signer
|
|
|
310
374
|
|
|
311
375
|
protected
|
|
312
376
|
|
|
313
|
-
#
|
|
314
|
-
def
|
|
315
|
-
|
|
316
|
-
|
|
377
|
+
# Create transform nodes
|
|
378
|
+
def transform_node(algorithm, options)
|
|
379
|
+
transform_node = Nokogiri::XML::Node.new('Transform', document)
|
|
380
|
+
set_namespace_for_node(transform_node, DS_NAMESPACE, ds_namespace_prefix)
|
|
381
|
+
transform_node['Algorithm'] = algorithm
|
|
382
|
+
|
|
383
|
+
if options[:inclusive_namespaces]
|
|
384
|
+
inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
|
|
385
|
+
inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
|
|
386
|
+
inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
|
|
387
|
+
transform_node.add_child(inclusive_namespaces_node)
|
|
388
|
+
end
|
|
389
|
+
|
|
390
|
+
transform_node
|
|
391
|
+
end
|
|
392
|
+
|
|
393
|
+
def transform!(transforms_node, options)
|
|
394
|
+
# With PR-26, a new flag :enveloped_legacy is introduced for backward compatibility, the logics are:
|
|
395
|
+
# - :enveloped is false, include xml-exc-c14n
|
|
396
|
+
# - :enveloped is true, include xml-exc-c14n and enveloped-signature
|
|
397
|
+
# - :enveloped is true and :enveloped_legacy is true, include enveloped-signature.
|
|
398
|
+
|
|
399
|
+
if options[:enveloped] && options[:enveloped_legacy]
|
|
400
|
+
transforms_node.add_child(transform_node('http://www.w3.org/2000/09/xmldsig#enveloped-signature', options))
|
|
401
|
+
return
|
|
402
|
+
end
|
|
403
|
+
|
|
404
|
+
transforms_node.add_child(transform_node('http://www.w3.org/2001/10/xml-exc-c14n#', options))
|
|
405
|
+
transforms_node.add_child(transform_node('http://www.w3.org/2000/09/xmldsig#enveloped-signature', options)) if options[:enveloped]
|
|
406
|
+
end
|
|
407
|
+
|
|
408
|
+
# Check are we using ws security?
|
|
409
|
+
def wss?
|
|
410
|
+
wss
|
|
317
411
|
end
|
|
318
412
|
|
|
319
413
|
##
|
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
|
-
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action><a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"><wsurandom:Timestamp><wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created><wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires></wsurandom:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/
|
|
2
|
+
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action><a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"><wsurandom:Timestamp><wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created><wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires></wsurandom:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><Reference URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>2ca0eR2o1+y/CovNwnle3yEK1wI+ztlKQfCqcGvoSAA=</DigestValue></Reference></SignedInfo><SignatureValue>PoUuYfxElOzG8Dw8/zdDrgPXxbFpj+Gxz4Fi7KDJ0XUgUNcQ6/Tk871cwdFA641Pkqo2DvyD2RIylXEuaY57abDQ4JTB86KCqrdt1cgAecn/lqfoojdTflrq+ugc1JGm6UZFQRcHrW4m2wjQgWFFAPFwNnRVdNGTRf5SHtmbMvc=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Security></s:Header><s:Body><SearchDocuments xmlns="http://tempuri.org/"><searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><b:RegistrationNo>1</b:RegistrationNo></searchCriteria></SearchDocuments></s:Body></s:Envelope>
|
data/spec/fixtures/output_2.xml
CHANGED
|
@@ -11,17 +11,18 @@
|
|
|
11
11
|
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
12
|
<Reference URI="">
|
|
13
13
|
<Transforms>
|
|
14
|
+
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
14
15
|
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
15
16
|
</Transforms>
|
|
16
17
|
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
17
18
|
<DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</DigestValue>
|
|
18
19
|
</Reference>
|
|
19
20
|
</SignedInfo>
|
|
20
|
-
<SignatureValue>
|
|
21
|
+
<SignatureValue>pjz9q0RI02SGuFs3ok+qQjKKyibAG+dScZBIxmWebD4JmfjIMOCTvk7RR1S5ZqJqkDp2kMV4DOBg+AqJAEu9ZO6gBBceCfYHYgmdvKWz3Ex42fyRYjfZlnR/7Vxk94VJ806J/H+7n2TBJlSndkMGJ2X8agKq1Zto0ip/k2qDfm4=</SignatureValue>
|
|
21
22
|
<KeyInfo>
|
|
22
23
|
<X509Data>
|
|
23
24
|
<X509IssuerSerial>
|
|
24
|
-
<X509IssuerName>
|
|
25
|
+
<X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</X509IssuerName>
|
|
25
26
|
<X509SerialNumber>16503368396260674861</X509SerialNumber>
|
|
26
27
|
</X509IssuerSerial>
|
|
27
28
|
<X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</X509Certificate>
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
3
|
+
<CustomerId>679155330</CustomerId>
|
|
4
|
+
<Command>GetUserInfo</Command>
|
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
6
|
+
<Environment>PRODUCTION</Environment>
|
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
|
8
|
+
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
|
9
|
+
<SignedInfo>
|
|
10
|
+
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
11
|
+
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
|
+
<Reference URI="">
|
|
13
|
+
<Transforms>
|
|
14
|
+
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
15
|
+
</Transforms>
|
|
16
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
17
|
+
<DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</DigestValue>
|
|
18
|
+
</Reference>
|
|
19
|
+
</SignedInfo>
|
|
20
|
+
<SignatureValue>HpRIiW6/yGyAI0AwVaaGp3PltD3JOCFfxZLVt+kQD05u1tz9EA91/5CbvCNfn1ljoObMSGe3+W9gXFZewCXANu5VXMnt+FeZ42QYNuYj2oUCFaWlg3NcThWnehE1W/R+QPLJVgk4RxpSntNLK0WWtFy79JbAh0NO4CcD84/HEo8=</SignatureValue>
|
|
21
|
+
<KeyInfo>
|
|
22
|
+
<X509Data>
|
|
23
|
+
<X509IssuerSerial>
|
|
24
|
+
<X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</X509IssuerName>
|
|
25
|
+
<X509SerialNumber>16503368396260674861</X509SerialNumber>
|
|
26
|
+
</X509IssuerSerial>
|
|
27
|
+
<X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</X509Certificate>
|
|
28
|
+
</X509Data>
|
|
29
|
+
</KeyInfo>
|
|
30
|
+
</Signature>
|
|
31
|
+
</ApplicationRequest>
|
|
@@ -1,31 +1,32 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
2
|
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
3
|
+
<CustomerId>679155330</CustomerId>
|
|
4
|
+
<Command>GetUserInfo</Command>
|
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
6
|
+
<Environment>PRODUCTION</Environment>
|
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
9
|
+
<ds:SignedInfo>
|
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
|
+
<ds:Reference URI="">
|
|
13
|
+
<ds:Transforms>
|
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
15
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
16
|
+
</ds:Transforms>
|
|
17
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
18
|
+
<ds:DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</ds:DigestValue>
|
|
19
|
+
</ds:Reference>
|
|
20
|
+
</ds:SignedInfo>
|
|
21
|
+
<ds:SignatureValue>oh0PAqWsOY+QROz2ks9rJ6wqD8756qC+Gg2uj9lfR75khHS9LBY0jidThh18iynkflluqD1/gA98Hze8raYjmXdw09X7z+kYkxRB/QBY6YkqsWdxSDMhuW63XynrI372bv5p4fC0YjS1lix195qFbk2i0h5LcTByimquzkwEMUk=</ds:SignatureValue>
|
|
22
|
+
<ds:KeyInfo>
|
|
23
|
+
<ds:X509Data>
|
|
24
|
+
<ds:X509IssuerSerial>
|
|
25
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
26
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
27
|
+
</ds:X509IssuerSerial>
|
|
28
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
29
|
+
</ds:X509Data>
|
|
30
|
+
</ds:KeyInfo>
|
|
31
|
+
</ds:Signature>
|
|
31
32
|
</ApplicationRequest>
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
3
|
+
<CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
|
|
4
|
+
<Command>GetUserInfo</Command>
|
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
6
|
+
<Environment>PRODUCTION</Environment>
|
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
9
|
+
<ds:SignedInfo>
|
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
|
+
<ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
|
|
13
|
+
<ds:Transforms>
|
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
15
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
16
|
+
</ds:Transforms>
|
|
17
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
18
|
+
<ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
|
|
19
|
+
</ds:Reference>
|
|
20
|
+
<ds:Reference URI="">
|
|
21
|
+
<ds:Transforms>
|
|
22
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
23
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
24
|
+
</ds:Transforms>
|
|
25
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
26
|
+
<ds:DigestValue>gZjyHqoTlsz5D1JQJEFNvSmtwjk=</ds:DigestValue>
|
|
27
|
+
</ds:Reference>
|
|
28
|
+
</ds:SignedInfo>
|
|
29
|
+
<ds:SignatureValue>Vhsr3WaCPA0dDB6THouzG9/EA0xfhzHzfbyCn1PY8+Y9MMsLpiW0KHOWtAiWLULDN2mFvTFDr90kCZR6YzgdaztbQewiZHeeu7M0WEC5f8VCgfO0N8J7mzOCWHBELHtDzoN+9phTbqDqbX06TH0mszIpZhnsGa4d+Ko3Y+AA3cs=</ds:SignatureValue>
|
|
30
|
+
<ds:KeyInfo>
|
|
31
|
+
<ds:X509Data>
|
|
32
|
+
<ds:X509IssuerSerial>
|
|
33
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
34
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
35
|
+
</ds:X509IssuerSerial>
|
|
36
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
37
|
+
</ds:X509Data>
|
|
38
|
+
</ds:KeyInfo>
|
|
39
|
+
</ds:Signature>
|
|
40
|
+
</ApplicationRequest>
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
3
|
+
<CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
|
|
4
|
+
<Command>GetUserInfo</Command>
|
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
6
|
+
<Environment>PRODUCTION</Environment>
|
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
9
|
+
<ds:SignedInfo>
|
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
|
+
<ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
|
|
13
|
+
<ds:Transforms>
|
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
15
|
+
</ds:Transforms>
|
|
16
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
17
|
+
<ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
|
|
18
|
+
</ds:Reference>
|
|
19
|
+
<ds:Reference URI="">
|
|
20
|
+
<ds:Transforms>
|
|
21
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
22
|
+
</ds:Transforms>
|
|
23
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
24
|
+
<ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
|
|
25
|
+
</ds:Reference>
|
|
26
|
+
</ds:SignedInfo>
|
|
27
|
+
<ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
|
|
28
|
+
<ds:KeyInfo>
|
|
29
|
+
<ds:X509Data>
|
|
30
|
+
<ds:X509IssuerSerial>
|
|
31
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
32
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
33
|
+
</ds:X509IssuerSerial>
|
|
34
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
35
|
+
</ds:X509Data>
|
|
36
|
+
</ds:KeyInfo>
|
|
37
|
+
</ds:Signature>
|
|
38
|
+
</ApplicationRequest>
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
3
|
+
<CustomerId>679155330</CustomerId>
|
|
4
|
+
<Command>GetUserInfo</Command>
|
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
6
|
+
<Environment>PRODUCTION</Environment>
|
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
9
|
+
<ds:SignedInfo>
|
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
12
|
+
<ds:Reference URI="">
|
|
13
|
+
<ds:Transforms>
|
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
15
|
+
</ds:Transforms>
|
|
16
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
17
|
+
<ds:DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</ds:DigestValue>
|
|
18
|
+
</ds:Reference>
|
|
19
|
+
</ds:SignedInfo>
|
|
20
|
+
<ds:SignatureValue>rOCe8McbIFa4Ul3pnzd/dBjFWoT4JtSghJgzZGLrz17K/j0W1JyaopcZeMD+8M5/GplAlQrJg3ZSkQvY9Sf7WpqZeLYHW17J0ZJpwas+/OOXUEdyUiec7q9OgWsFLH9DBNuJdLKE3CO6w/8tTKQ/kidYnPBXT6FKioNlSJVZsuI=</ds:SignatureValue>
|
|
21
|
+
<ds:KeyInfo>
|
|
22
|
+
<ds:X509Data>
|
|
23
|
+
<ds:X509IssuerSerial>
|
|
24
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
25
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
26
|
+
</ds:X509IssuerSerial>
|
|
27
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
28
|
+
</ds:X509Data>
|
|
29
|
+
</ds:KeyInfo>
|
|
30
|
+
</ds:Signature>
|
|
31
|
+
</ApplicationRequest>
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
<wsse:SecurityTokenReference>
|
|
22
22
|
<ds:X509Data>
|
|
23
23
|
<ds:X509IssuerSerial>
|
|
24
|
-
<ds:X509IssuerName>
|
|
24
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
25
25
|
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
26
26
|
</ds:X509IssuerSerial>
|
|
27
27
|
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
<ds:KeyInfo>
|
|
21
21
|
<ds:X509Data>
|
|
22
22
|
<ds:X509IssuerSerial>
|
|
23
|
-
<ds:X509IssuerName>
|
|
23
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
|
24
24
|
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
25
25
|
</ds:X509IssuerSerial>
|
|
26
26
|
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
data/spec/signer_spec.rb
CHANGED
|
@@ -27,7 +27,7 @@ describe Signer do
|
|
|
27
27
|
# end
|
|
28
28
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1.xml')
|
|
29
29
|
|
|
30
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
30
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
it "should correctly canonicalize digested nodes (shouldn't account comments)" do
|
|
@@ -44,7 +44,7 @@ describe Signer do
|
|
|
44
44
|
|
|
45
45
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_3_c14n_comments.xml')
|
|
46
46
|
|
|
47
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
47
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
it "should digest and sign SOAP XML with SHA256" do
|
|
@@ -57,7 +57,7 @@ describe Signer do
|
|
|
57
57
|
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
58
58
|
signer.digest_algorithm = :sha256
|
|
59
59
|
signer.signature_digest_algorithm = :sha256
|
|
60
|
-
signer.signature_algorithm_id = 'http://www.w3.org/2001/04/
|
|
60
|
+
signer.signature_algorithm_id = 'http://www.w3.org/2001/04/xmlenc#sha256'
|
|
61
61
|
|
|
62
62
|
signer.digest!(signer.binary_security_token_node)
|
|
63
63
|
|
|
@@ -65,7 +65,7 @@ describe Signer do
|
|
|
65
65
|
|
|
66
66
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_sha256.xml')
|
|
67
67
|
|
|
68
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
68
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
it "should digest and sign SOAP XML with inclusive namespaces" do
|
|
@@ -85,30 +85,37 @@ describe Signer do
|
|
|
85
85
|
|
|
86
86
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_inclusive_namespaces.xml')
|
|
87
87
|
|
|
88
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
88
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
89
89
|
end
|
|
90
90
|
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
91
|
+
[
|
|
92
|
+
[{ enveloped: true, enveloped_legacy: true }, 'output_2_legacy.xml'],
|
|
93
|
+
[{ enveloped: true, enveloped_legacy: false }, 'output_2.xml'],
|
|
94
|
+
[{ enveloped: true }, 'output_2.xml']
|
|
95
|
+
].each do |options, output_xml|
|
|
96
|
+
it "should sign simple XML with options=#{options}" do
|
|
97
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
|
98
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
99
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
100
|
+
|
|
101
|
+
signer = Signer.new(File.read(input_xml_file))
|
|
102
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
|
103
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
104
|
+
signer.security_node = signer.document.root
|
|
105
|
+
signer.security_token_id = ""
|
|
106
|
+
signer.digest!(signer.document.root, id: "", **options)
|
|
107
|
+
signer.sign!(:issuer_serial => true)
|
|
108
|
+
|
|
109
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml'), "w") do |f|
|
|
110
|
+
# f.write signer.document.to_s
|
|
111
|
+
# end
|
|
112
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', output_xml)
|
|
113
|
+
|
|
114
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
115
|
+
end
|
|
110
116
|
end
|
|
111
117
|
|
|
118
|
+
|
|
112
119
|
it "should digest and sign SOAP XML with security node and digested binary token" do
|
|
113
120
|
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
|
|
114
121
|
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
@@ -136,10 +143,39 @@ describe Signer do
|
|
|
136
143
|
# end
|
|
137
144
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_4_with_nested_signatures.xml')
|
|
138
145
|
|
|
139
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
146
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
[
|
|
150
|
+
[{ enveloped: true, enveloped_legacy: true }, 'output_2_with_ds_prefix_legacy.xml'],
|
|
151
|
+
[{ enveloped: true, enveloped_legacy: false }, 'output_2_with_ds_prefix.xml'],
|
|
152
|
+
[{ enveloped: true }, 'output_2_with_ds_prefix.xml']
|
|
153
|
+
].each do |options, output_xml|
|
|
154
|
+
it "should sign simple XML with custom DS namespace prefix with options=#{options}" do
|
|
155
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
|
156
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
157
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
158
|
+
|
|
159
|
+
signer = Signer.new(File.read(input_xml_file))
|
|
160
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
|
161
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
162
|
+
signer.security_node = signer.document.root
|
|
163
|
+
signer.security_token_id = ""
|
|
164
|
+
signer.ds_namespace_prefix = 'ds'
|
|
165
|
+
|
|
166
|
+
signer.digest!(signer.document.root, id: "", **options)
|
|
167
|
+
signer.sign!(issuer_serial: true)
|
|
168
|
+
|
|
169
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
|
|
170
|
+
# f.write signer.document.to_s
|
|
171
|
+
# end
|
|
172
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', output_xml)
|
|
173
|
+
|
|
174
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
175
|
+
end
|
|
140
176
|
end
|
|
141
177
|
|
|
142
|
-
it "should
|
|
178
|
+
it "should digest simple XML without transforms node" do
|
|
143
179
|
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
|
144
180
|
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
145
181
|
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
@@ -150,15 +186,43 @@ describe Signer do
|
|
|
150
186
|
signer.security_node = signer.document.root
|
|
151
187
|
signer.security_token_id = ""
|
|
152
188
|
signer.ds_namespace_prefix = 'ds'
|
|
153
|
-
signer.digest!(signer.document.root, :id => "", :enveloped => true)
|
|
154
|
-
signer.sign!(:issuer_serial => true)
|
|
155
189
|
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
# end
|
|
159
|
-
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml')
|
|
190
|
+
signer.digest!(signer.document.root, id: "", no_transform: true)
|
|
191
|
+
signer.sign!(issuer_serial: true)
|
|
160
192
|
|
|
161
|
-
signer.
|
|
193
|
+
expect(signer.document.at_xpath('//ds:Transforms', ds: Signer::DS_NAMESPACE)).to be_nil
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
[
|
|
197
|
+
[{ enveloped: true, enveloped_legacy: true }, 'output_2_with_ds_prefix_and_wss_disabled_legacy.xml'],
|
|
198
|
+
[{ enveloped: true, enveloped_legacy: false }, 'output_2_with_ds_prefix_and_wss_disabled.xml'],
|
|
199
|
+
[{ enveloped: true }, 'output_2_with_ds_prefix_and_wss_disabled.xml']
|
|
200
|
+
].each do |options, output_xml|
|
|
201
|
+
it "should partially sign element and simple XML with custom DS namespace prefix when wss is false with options=#{options}" do
|
|
202
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
|
203
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
204
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
205
|
+
|
|
206
|
+
signer = Signer.new(File.read(input_xml_file), wss: false)
|
|
207
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
|
208
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
209
|
+
signer.security_node = signer.document.root
|
|
210
|
+
signer.security_token_id = ""
|
|
211
|
+
signer.ds_namespace_prefix = 'ds'
|
|
212
|
+
|
|
213
|
+
# partially sign element
|
|
214
|
+
signer.digest!(signer.document.root.children.first, **options)
|
|
215
|
+
|
|
216
|
+
signer.digest!(signer.document.root, id: "", **options)
|
|
217
|
+
signer.sign!(issuer_serial: true)
|
|
218
|
+
|
|
219
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml'), "w") do |f|
|
|
220
|
+
# f.write signer.document.to_s
|
|
221
|
+
# end
|
|
222
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', output_xml)
|
|
223
|
+
|
|
224
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
|
|
225
|
+
end
|
|
162
226
|
end
|
|
163
227
|
|
|
164
228
|
it "should digest and sign SOAP XML with security node and digested binary token with noblanks disabled" do
|
|
@@ -187,7 +251,7 @@ describe Signer do
|
|
|
187
251
|
'fixtures',
|
|
188
252
|
'output_4_with_nested_signatures_with_noblanks_disabled.xml')
|
|
189
253
|
|
|
190
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(:
|
|
254
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(save_with: 0)
|
|
191
255
|
end
|
|
192
256
|
|
|
193
257
|
it "should digest and sign SOAP XML with X509Data inside SecurityTokenReference node" do
|
|
@@ -209,7 +273,7 @@ describe Signer do
|
|
|
209
273
|
'fixtures',
|
|
210
274
|
'output_5_with_security_token.xml')
|
|
211
275
|
|
|
212
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
276
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
213
277
|
end
|
|
214
278
|
|
|
215
279
|
it "should digest and sign SOAP XML with X509Data" do
|
|
@@ -231,6 +295,6 @@ describe Signer do
|
|
|
231
295
|
'fixtures',
|
|
232
296
|
'output_5_with_x509_data.xml')
|
|
233
297
|
|
|
234
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
|
298
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
|
235
299
|
end
|
|
236
300
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: signer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Edgars Beigarts
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-10-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -45,6 +45,18 @@ dependencies:
|
|
|
45
45
|
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: 1.5.1
|
|
48
|
+
- - "!="
|
|
49
|
+
- !ruby/object:Gem::Version
|
|
50
|
+
version: 1.12.0
|
|
51
|
+
- - "!="
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: 1.12.1
|
|
54
|
+
- - "!="
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: 1.12.2
|
|
57
|
+
- - "!="
|
|
58
|
+
- !ruby/object:Gem::Version
|
|
59
|
+
version: 1.12.3
|
|
48
60
|
type: :runtime
|
|
49
61
|
prerelease: false
|
|
50
62
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -52,6 +64,18 @@ dependencies:
|
|
|
52
64
|
- - ">="
|
|
53
65
|
- !ruby/object:Gem::Version
|
|
54
66
|
version: 1.5.1
|
|
67
|
+
- - "!="
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: 1.12.0
|
|
70
|
+
- - "!="
|
|
71
|
+
- !ruby/object:Gem::Version
|
|
72
|
+
version: 1.12.1
|
|
73
|
+
- - "!="
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: 1.12.2
|
|
76
|
+
- - "!="
|
|
77
|
+
- !ruby/object:Gem::Version
|
|
78
|
+
version: 1.12.3
|
|
55
79
|
description: WS Security XML signer
|
|
56
80
|
email:
|
|
57
81
|
- edgars.beigarts@gmail.com
|
|
@@ -76,7 +100,11 @@ files:
|
|
|
76
100
|
- spec/fixtures/output_1_inclusive_namespaces.xml
|
|
77
101
|
- spec/fixtures/output_1_sha256.xml
|
|
78
102
|
- spec/fixtures/output_2.xml
|
|
103
|
+
- spec/fixtures/output_2_legacy.xml
|
|
79
104
|
- spec/fixtures/output_2_with_ds_prefix.xml
|
|
105
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
|
|
106
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled_legacy.xml
|
|
107
|
+
- spec/fixtures/output_2_with_ds_prefix_legacy.xml
|
|
80
108
|
- spec/fixtures/output_3_c14n_comments.xml
|
|
81
109
|
- spec/fixtures/output_4_with_nested_signatures.xml
|
|
82
110
|
- spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
|
|
@@ -87,7 +115,7 @@ files:
|
|
|
87
115
|
homepage: ''
|
|
88
116
|
licenses: []
|
|
89
117
|
metadata: {}
|
|
90
|
-
post_install_message:
|
|
118
|
+
post_install_message:
|
|
91
119
|
rdoc_options: []
|
|
92
120
|
require_paths:
|
|
93
121
|
- lib
|
|
@@ -102,28 +130,31 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
102
130
|
- !ruby/object:Gem::Version
|
|
103
131
|
version: '0'
|
|
104
132
|
requirements: []
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
signing_key:
|
|
133
|
+
rubygems_version: 3.0.1
|
|
134
|
+
signing_key:
|
|
108
135
|
specification_version: 4
|
|
109
136
|
summary: WS Security XML signer
|
|
110
137
|
test_files:
|
|
138
|
+
- spec/spec_helper.rb
|
|
139
|
+
- spec/fixtures/output_5_with_x509_data.xml
|
|
140
|
+
- spec/fixtures/output_2_with_ds_prefix_legacy.xml
|
|
141
|
+
- spec/fixtures/key.pem
|
|
142
|
+
- spec/fixtures/input_5.xml
|
|
143
|
+
- spec/fixtures/input_4_with_nested_signatures.xml
|
|
111
144
|
- spec/fixtures/cert.pem
|
|
112
145
|
- spec/fixtures/input_1.xml
|
|
113
146
|
- spec/fixtures/input_2.xml
|
|
114
|
-
- spec/fixtures/
|
|
115
|
-
- spec/fixtures/
|
|
116
|
-
- spec/fixtures/input_5.xml
|
|
117
|
-
- spec/fixtures/key.pem
|
|
147
|
+
- spec/fixtures/output_4_with_nested_signatures.xml
|
|
148
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled_legacy.xml
|
|
118
149
|
- spec/fixtures/output_1.xml
|
|
119
|
-
- spec/fixtures/output_1_inclusive_namespaces.xml
|
|
120
|
-
- spec/fixtures/output_1_sha256.xml
|
|
121
150
|
- spec/fixtures/output_2.xml
|
|
122
|
-
- spec/fixtures/
|
|
123
|
-
- spec/fixtures/
|
|
124
|
-
- spec/fixtures/
|
|
151
|
+
- spec/fixtures/output_1_sha256.xml
|
|
152
|
+
- spec/fixtures/input_3_c14n_comments.xml
|
|
153
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
|
|
154
|
+
- spec/fixtures/output_2_legacy.xml
|
|
125
155
|
- spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
|
|
156
|
+
- spec/fixtures/output_3_c14n_comments.xml
|
|
157
|
+
- spec/fixtures/output_2_with_ds_prefix.xml
|
|
158
|
+
- spec/fixtures/output_1_inclusive_namespaces.xml
|
|
126
159
|
- spec/fixtures/output_5_with_security_token.xml
|
|
127
|
-
- spec/fixtures/output_5_with_x509_data.xml
|
|
128
160
|
- spec/signer_spec.rb
|
|
129
|
-
- spec/spec_helper.rb
|