signer 1.6.0 → 1.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1ee493581c699bac6cedcc5dade885fe7901bebe
4
- data.tar.gz: 3e2e76ecef50b8830f0c1b46cfe294734b747698
3
+ metadata.gz: 2cba6787704ac8cffdfd99839e20be635d047f06
4
+ data.tar.gz: d0054e1665f0a526e709d543f1340c1e72dd97d6
5
5
  SHA512:
6
- metadata.gz: 2bb34c6474b97a9729a9179343331b8c22ef8313b64160afa3a4079814a3e095a75c5f0456e86263550ba9c985dffefdbad18e542620479313bd81200d2a55d1
7
- data.tar.gz: 503971e5792ea1cd9ccaba1e988c35693fbd4b3141ffe83564a2c9ccdc34f5c0f48f736fa89bf89dce7417b287b14e4b077ccda0d53d5c62dd8901dc9b3f9016
6
+ metadata.gz: a3436ec52e02bea60aeeb62872050fd46ed75eb8fe12ce0f87c25e3338c1a9e909a4c1c8413fdbca3a37afed8d2780fb44712ac8890f9ce347d91632209fb27f
7
+ data.tar.gz: c41e6225ed20232065ac98a7075eba7ff028c0d6f7ef7c0199cfed0c73f3a768dde7215731a32d86667e5a355a5d1e345ad9b19f9b2f2847adeb5e9966e45511
@@ -1,3 +1,7 @@
1
+ ## 1.7.0 (2018-11-06)
2
+
3
+ - Add wss option for XML only signing (#18, @pistachiology)
4
+
1
5
  ## 1.6.0 (2017-09-14)
2
6
 
3
7
  - X509 in SecurityTokenReference node (#17, @tiagocasanovapt)
@@ -7,7 +7,7 @@ require "signer/digester"
7
7
  require "signer/version"
8
8
 
9
9
  class Signer
10
- attr_accessor :document, :private_key, :signature_algorithm_id, :ds_namespace_prefix
10
+ attr_accessor :document, :private_key, :signature_algorithm_id, :ds_namespace_prefix, :wss
11
11
  attr_reader :cert
12
12
  attr_writer :security_node, :signature_node, :security_token_id
13
13
 
@@ -15,11 +15,12 @@ class Signer
15
15
  WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
16
16
  DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
17
17
 
18
- def initialize(document, noblanks: true)
18
+ def initialize(document, noblanks: true, wss: true)
19
19
  self.document = Nokogiri::XML(document.to_s) do |config|
20
20
  config.noblanks if noblanks
21
21
  end
22
22
  self.digest_algorithm = :sha1
23
+ self.wss = wss
23
24
  self.set_default_signature_method!
24
25
  end
25
26
 
@@ -68,11 +69,11 @@ class Signer
68
69
  end
69
70
 
70
71
  def security_token_id
71
- @security_token_id ||= "uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"
72
+ @security_token_id ||= wss? ? "uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1" : ""
72
73
  end
73
74
 
74
75
  def security_node
75
- @security_node ||= document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first
76
+ @security_node ||= wss? ? document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first : ''
76
77
  end
77
78
 
78
79
  def canonicalize(node = document, inclusive_namespaces=nil)
@@ -127,6 +128,7 @@ class Signer
127
128
  # </o:SecurityTokenReference>
128
129
  # </KeyInfo>
129
130
  def binary_security_token_node
131
+ return unless wss?
130
132
  node = document.at_xpath('wsse:BinarySecurityToken', wsse: WSSE_NAMESPACE)
131
133
  unless node
132
134
  node = Nokogiri::XML::Node.new('BinarySecurityToken', document)
@@ -222,13 +224,19 @@ class Signer
222
224
  # </Reference>
223
225
 
224
226
  def digest!(target_node, options = {})
225
- wsu_ns = namespace_prefix(target_node, WSU_NAMESPACE)
226
- current_id = target_node["#{wsu_ns}:Id"] if wsu_ns
227
- id = options[:id] || current_id || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
228
- if id.to_s.size > 0
229
- wsu_ns ||= namespace_prefix(target_node, WSU_NAMESPACE, 'wsu')
230
- target_node["#{wsu_ns}:Id"] = id.to_s
227
+ if wss?
228
+ wsu_ns = namespace_prefix(target_node, WSU_NAMESPACE)
229
+ current_id = target_node["#{wsu_ns}:Id"] if wsu_ns
230
+ id = options[:id] || current_id || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
231
+ unless id.to_s.empty?
232
+ wsu_ns ||= namespace_prefix(target_node, WSU_NAMESPACE, 'wsu')
233
+ target_node["#{wsu_ns}:Id"] = id.to_s
234
+ end
235
+ elsif target_node['Id'].nil?
236
+ id = options[:id] || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
237
+ target_node['Id'] = id.to_s unless id.empty?
231
238
  end
239
+
232
240
  target_canon = canonicalize(target_node, options[:inclusive_namespaces])
233
241
  target_digest = Base64.encode64(@digester.digest(target_canon)).strip
234
242
 
@@ -310,6 +318,11 @@ class Signer
310
318
 
311
319
  protected
312
320
 
321
+ # Check are we using ws security?
322
+ def wss?
323
+ wss
324
+ end
325
+
313
326
  # Reset digest algorithm for signature creation and signature algorithm identifier
314
327
  def set_default_signature_method!
315
328
  self.signature_digest_algorithm = :sha1
@@ -12,9 +12,15 @@ class Signer
12
12
  },
13
13
  # SHA 256
14
14
  sha256: {
15
- name: 'SHA256',
16
- id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
17
- digester: lambda { OpenSSL::Digest::SHA256.new },
15
+ name: 'SHA256',
16
+ id: 'http://www.w3.org/2001/04/xmlenc#sha256',
17
+ digester: lambda { OpenSSL::Digest::SHA256.new },
18
+ },
19
+ # SHA512
20
+ sha512: {
21
+ name: 'SHA512',
22
+ id: 'http://www.w3.org/2001/04/xmlenc#sha512',
23
+ digester: lambda { OpenSSL::Digest::SHA512.new },
18
24
  },
19
25
  # GOST R 34-11 94
20
26
  gostr3411: {
@@ -1,3 +1,3 @@
1
1
  class Signer
2
- VERSION = '1.6.0'
2
+ VERSION = '1.7.0'
3
3
  end
@@ -1,2 +1,2 @@
1
1
  <?xml version="1.0"?>
2
- <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action><a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"><wsurandom:Timestamp><wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created><wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires></wsurandom:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><DigestValue>2ca0eR2o1+y/CovNwnle3yEK1wI+ztlKQfCqcGvoSAA=</DigestValue></Reference></SignedInfo><SignatureValue>ml/HJ0ouBwAag9Kr4yTyrc4RrHc3sspx2YbQHPiTxB3QOT+T2kM5wU+gnHVIk5VOYVR9FIvm/bb6RWnLyW78/7eN6eIoh+Zr1YsEavCHw3AR9Zf4d7S+9ugCrPmrrEO1lOiyEHU0HuWS5gqua+/ttuTPtV24fGeWvxl15SIxFa8=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Security></s:Header><s:Body><SearchDocuments xmlns="http://tempuri.org/"><searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><b:RegistrationNo>1</b:RegistrationNo></searchCriteria></SearchDocuments></s:Body></s:Envelope>
2
+ <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action><a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"><wsurandom:Timestamp><wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created><wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires></wsurandom:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><Reference URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>2ca0eR2o1+y/CovNwnle3yEK1wI+ztlKQfCqcGvoSAA=</DigestValue></Reference></SignedInfo><SignatureValue>PoUuYfxElOzG8Dw8/zdDrgPXxbFpj+Gxz4Fi7KDJ0XUgUNcQ6/Tk871cwdFA641Pkqo2DvyD2RIylXEuaY57abDQ4JTB86KCqrdt1cgAecn/lqfoojdTflrq+ugc1JGm6UZFQRcHrW4m2wjQgWFFAPFwNnRVdNGTRf5SHtmbMvc=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Security></s:Header><s:Body><SearchDocuments xmlns="http://tempuri.org/"><searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><b:RegistrationNo>1</b:RegistrationNo></searchCriteria></SearchDocuments></s:Body></s:Envelope>
@@ -0,0 +1,37 @@
1
+ <ApplicationRequest xmlns="http://bxd.fi/xmldata/">
2
+ <CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
3
+ <Command>GetUserInfo</Command>
4
+ <Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
5
+ <Environment>PRODUCTION</Environment>
6
+ <SoftwareId>Petri</SoftwareId>
7
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
8
+ <ds:SignedInfo>
9
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
10
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
11
+ <ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
12
+ <ds:Transforms>
13
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
14
+ </ds:Transforms>
15
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
16
+ <ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
17
+ </ds:Reference>
18
+ <ds:Reference URI="">
19
+ <ds:Transforms>
20
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
21
+ </ds:Transforms>
22
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
23
+ <ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
24
+ </ds:Reference>
25
+ </ds:SignedInfo>
26
+ <ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
27
+ <ds:KeyInfo>
28
+ <ds:X509Data>
29
+ <ds:X509IssuerSerial>
30
+ <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
31
+ <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
32
+ </ds:X509IssuerSerial>
33
+ <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
34
+ </ds:X509Data>
35
+ </ds:KeyInfo>
36
+ </ds:Signature>
37
+ </ApplicationRequest>
@@ -57,7 +57,7 @@ describe Signer do
57
57
  signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
58
58
  signer.digest_algorithm = :sha256
59
59
  signer.signature_digest_algorithm = :sha256
60
- signer.signature_algorithm_id = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
60
+ signer.signature_algorithm_id = 'http://www.w3.org/2001/04/xmlenc#sha256'
61
61
 
62
62
  signer.digest!(signer.binary_security_token_node)
63
63
 
@@ -109,6 +109,7 @@ describe Signer do
109
109
  signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
110
110
  end
111
111
 
112
+
112
113
  it "should digest and sign SOAP XML with security node and digested binary token" do
113
114
  input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
114
115
  cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
@@ -150,6 +151,7 @@ describe Signer do
150
151
  signer.security_node = signer.document.root
151
152
  signer.security_token_id = ""
152
153
  signer.ds_namespace_prefix = 'ds'
154
+
153
155
  signer.digest!(signer.document.root, :id => "", :enveloped => true)
154
156
  signer.sign!(:issuer_serial => true)
155
157
 
@@ -161,6 +163,32 @@ describe Signer do
161
163
  signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
162
164
  end
163
165
 
166
+ it "should partially sign element and simple XML with custom DS namespace prefix when wss is false" do
167
+ input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
168
+ cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
169
+ private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
170
+
171
+ signer = Signer.new(File.read(input_xml_file), wss: false)
172
+ signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
173
+ signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
174
+ signer.security_node = signer.document.root
175
+ signer.security_token_id = ""
176
+ signer.ds_namespace_prefix = 'ds'
177
+
178
+ # partially sign element
179
+ signer.digest!(signer.document.root.children.first, :enveloped => true)
180
+
181
+ signer.digest!(signer.document.root, :id => "", :enveloped => true)
182
+ signer.sign!(:issuer_serial => true)
183
+
184
+ # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
185
+ # f.write signer.document.to_s
186
+ # end
187
+ output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml')
188
+
189
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
190
+ end
191
+
164
192
  it "should digest and sign SOAP XML with security node and digested binary token with noblanks disabled" do
165
193
  input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
166
194
  cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.0
4
+ version: 1.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edgars Beigarts
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-09-14 00:00:00.000000000 Z
11
+ date: 2018-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -77,6 +77,7 @@ files:
77
77
  - spec/fixtures/output_1_sha256.xml
78
78
  - spec/fixtures/output_2.xml
79
79
  - spec/fixtures/output_2_with_ds_prefix.xml
80
+ - spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
80
81
  - spec/fixtures/output_3_c14n_comments.xml
81
82
  - spec/fixtures/output_4_with_nested_signatures.xml
82
83
  - spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
@@ -103,27 +104,28 @@ required_rubygems_version: !ruby/object:Gem::Requirement
103
104
  version: '0'
104
105
  requirements: []
105
106
  rubyforge_project:
106
- rubygems_version: 2.6.11
107
+ rubygems_version: 2.6.14
107
108
  signing_key:
108
109
  specification_version: 4
109
110
  summary: WS Security XML signer
110
111
  test_files:
112
+ - spec/spec_helper.rb
113
+ - spec/fixtures/output_5_with_x509_data.xml
114
+ - spec/fixtures/key.pem
115
+ - spec/fixtures/input_5.xml
116
+ - spec/fixtures/input_4_with_nested_signatures.xml
111
117
  - spec/fixtures/cert.pem
112
118
  - spec/fixtures/input_1.xml
113
119
  - spec/fixtures/input_2.xml
114
- - spec/fixtures/input_3_c14n_comments.xml
115
- - spec/fixtures/input_4_with_nested_signatures.xml
116
- - spec/fixtures/input_5.xml
117
- - spec/fixtures/key.pem
120
+ - spec/fixtures/output_4_with_nested_signatures.xml
118
121
  - spec/fixtures/output_1.xml
119
- - spec/fixtures/output_1_inclusive_namespaces.xml
120
- - spec/fixtures/output_1_sha256.xml
121
122
  - spec/fixtures/output_2.xml
122
- - spec/fixtures/output_2_with_ds_prefix.xml
123
- - spec/fixtures/output_3_c14n_comments.xml
124
- - spec/fixtures/output_4_with_nested_signatures.xml
123
+ - spec/fixtures/output_1_sha256.xml
124
+ - spec/fixtures/input_3_c14n_comments.xml
125
+ - spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
125
126
  - spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
127
+ - spec/fixtures/output_3_c14n_comments.xml
128
+ - spec/fixtures/output_2_with_ds_prefix.xml
129
+ - spec/fixtures/output_1_inclusive_namespaces.xml
126
130
  - spec/fixtures/output_5_with_security_token.xml
127
- - spec/fixtures/output_5_with_x509_data.xml
128
131
  - spec/signer_spec.rb
129
- - spec/spec_helper.rb