signer 1.7.0 → 1.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +8 -0
  3. data/lib/signer.rb +79 -14
  4. data/lib/signer/digester.rb +1 -3
  5. data/lib/signer/version.rb +1 -1
  6. data/spec/fixtures/output_2.xml +1 -1
  7. data/spec/fixtures/output_2_with_ds_prefix.xml +1 -1
  8. data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml +36 -35
  9. data/spec/fixtures/output_5_with_security_token.xml +1 -1
  10. data/spec/fixtures/output_5_with_x509_data.xml +1 -1
  11. data/spec/signer_spec.rb +35 -17
  12. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2cba6787704ac8cffdfd99839e20be635d047f06
4
- data.tar.gz: d0054e1665f0a526e709d543f1340c1e72dd97d6
3
+ metadata.gz: 0ef82f9441fe5557e15ba389223039ea898ed86d
4
+ data.tar.gz: e08734d225ce9010442d00678eff3a865ca132e6
5
5
  SHA512:
6
- metadata.gz: a3436ec52e02bea60aeeb62872050fd46ed75eb8fe12ce0f87c25e3338c1a9e909a4c1c8413fdbca3a37afed8d2780fb44712ac8890f9ce347d91632209fb27f
7
- data.tar.gz: c41e6225ed20232065ac98a7075eba7ff028c0d6f7ef7c0199cfed0c73f3a768dde7215731a32d86667e5a355a5d1e345ad9b19f9b2f2847adeb5e9966e45511
6
+ metadata.gz: bb7fad0471750095caca4ff1bef554d89b9ee2f998b58d557db3754235fa9da0e4710f3bb1dbdab0ba65a72af09fc8a08fef13f60fe1f65855854459cfa84720
7
+ data.tar.gz: e1a8d6b2ca4d5afc96f01e54a771c75e3ad67871a4ac39d3a1e70462c24b46efa960ed6404f2ec5435cb19ea0f52d75643f914d59d41cf876bfa8e502a841d77
data/CHANGELOG.md CHANGED
@@ -1,6 +1,14 @@
1
+ ## 1.8.0 (2018-11-14)
2
+
3
+ - Add parameter to customize canonicalize algorithm (#19, @pistachiology)
4
+ - Add references node type on digest (for xades-bes signing properties) (#19, @pistachiology)
5
+ - change issuer x509 content to be more standard way (#19, @pistachiology)
6
+
1
7
  ## 1.7.0 (2018-11-06)
2
8
 
3
9
  - Add wss option for XML only signing (#18, @pistachiology)
10
+ - Add support for SHA512 Digest
11
+ - Rename id for SHA256 Digest
4
12
 
5
13
  ## 1.6.0 (2017-09-14)
6
14
 
data/lib/signer.rb CHANGED
@@ -11,21 +11,79 @@ class Signer
11
11
  attr_reader :cert
12
12
  attr_writer :security_node, :signature_node, :security_token_id
13
13
 
14
- WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
15
- WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
16
- DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
17
-
18
- def initialize(document, noblanks: true, wss: true)
14
+ WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'.freeze
15
+ WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'.freeze
16
+ DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'.freeze
17
+
18
+ SIGNATURE_ALGORITHM = {
19
+ # SHA 1
20
+ sha1: {
21
+ id: 'http://www.w3.org/2001/04/xmlenc#sha1',
22
+ name: 'SHA1'
23
+ },
24
+ # SHA 256
25
+ sha256: {
26
+ id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
27
+ name: 'SHA256'
28
+ },
29
+ # SHA512
30
+ sha512: {
31
+ id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
32
+ name: 'SHA512'
33
+ },
34
+ # GOST R 34-11 94
35
+ gostr3411: {
36
+ id: 'https://www.w3.org/2001/04/xmldsig-more#rsa-gostr3411',
37
+ name: 'GOST R 34.11-94'
38
+ }
39
+ }.freeze
40
+
41
+ CANONICALIZE_ALGORITHM = {
42
+ c14n_exec_1_0: {
43
+ name: 'c14n execlusive 1.0',
44
+ value: Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0,
45
+ id: 'http://www.w3.org/2001/10/xml-exc-c14n#'
46
+ },
47
+ c14n_1_0: {
48
+ name: 'c14n 1.0',
49
+ value: Nokogiri::XML::XML_C14N_1_0,
50
+ id: 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
51
+ },
52
+ c14n_1_1: {
53
+ name: 'c14n 1.1',
54
+ value: Nokogiri::XML::XML_C14N_1_1,
55
+ id: 'https://www.w3.org/TR/2008/REC-xml-c14n11-20080502/'
56
+ }
57
+ }.freeze
58
+
59
+ def initialize(document, noblanks: true, wss: true, canonicalize_algorithm: :c14n_exec_1_0)
19
60
  self.document = Nokogiri::XML(document.to_s) do |config|
20
61
  config.noblanks if noblanks
21
62
  end
22
63
  self.digest_algorithm = :sha1
23
64
  self.wss = wss
24
- self.set_default_signature_method!
65
+ self.canonicalize_algorithm = canonicalize_algorithm
66
+ set_default_signature_method!
25
67
  end
26
68
 
27
69
  def to_xml
28
- document.to_xml(:save_with => 0)
70
+ document.to_xml(save_with: 0)
71
+ end
72
+
73
+ def canonicalize_name
74
+ @canonicalize_algorithm[:name]
75
+ end
76
+
77
+ def canonicalize_id
78
+ @canonicalize_algorithm[:id]
79
+ end
80
+
81
+ def canonicalize_algorithm
82
+ @canonicalize_algorithm[:value]
83
+ end
84
+
85
+ def canonicalize_algorithm=(algorithm)
86
+ @canonicalize_algorithm = CANONICALIZE_ALGORITHM[algorithm]
29
87
  end
30
88
 
31
89
  # Return symbol name for supported digest algorithms and string name for custom ones.
@@ -50,6 +108,7 @@ class Signer
50
108
  # Allows to change digesting algorithm for signature creation. Same as +digest_algorithm=+
51
109
  def signature_digest_algorithm=(algorithm)
52
110
  @sign_digester = Signer::Digester.new(algorithm)
111
+ self.signature_algorithm_id = SIGNATURE_ALGORITHM[algorithm][:id]
53
112
  end
54
113
 
55
114
  # Receives certificate for signing and tries to guess a digest algorithm for signature creation.
@@ -76,8 +135,8 @@ class Signer
76
135
  @security_node ||= wss? ? document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first : ''
77
136
  end
78
137
 
79
- def canonicalize(node = document, inclusive_namespaces=nil)
80
- node.canonicalize(Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0, inclusive_namespaces, nil) # The last argument should be exactly +nil+ to remove comments from result
138
+ def canonicalize(node = document, inclusive_namespaces=nil, algorithm: canonicalize_algorithm)
139
+ node.canonicalize(algorithm, inclusive_namespaces, nil)
81
140
  end
82
141
 
83
142
  # <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
@@ -105,7 +164,7 @@ class Signer
105
164
  signature_node.add_child(node)
106
165
  set_namespace_for_node(node, DS_NAMESPACE, ds_namespace_prefix)
107
166
  canonicalization_method_node = Nokogiri::XML::Node.new('CanonicalizationMethod', document)
108
- canonicalization_method_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
167
+ canonicalization_method_node['Algorithm'] = canonicalize_id
109
168
  node.add_child(canonicalization_method_node)
110
169
  set_namespace_for_node(canonicalization_method_node, DS_NAMESPACE, ds_namespace_prefix)
111
170
  signature_method_node = Nokogiri::XML::Node.new('SignatureMethod', document)
@@ -165,7 +224,7 @@ class Signer
165
224
  # </KeyInfo>
166
225
  def x509_data_node(issuer_in_security_token = false)
167
226
  issuer_name_node = Nokogiri::XML::Node.new('X509IssuerName', document)
168
- issuer_name_node.content = cert.issuer.to_s[1..-1].gsub(/\//, ',')
227
+ issuer_name_node.content = cert.issuer.to_s(OpenSSL::X509::Name::RFC2253)
169
228
 
170
229
  issuer_number_node = Nokogiri::XML::Node.new('X509SerialNumber', document)
171
230
  issuer_number_node.content = cert.serial
@@ -175,7 +234,7 @@ class Signer
175
234
  issuer_serial_node.add_child(issuer_number_node)
176
235
 
177
236
  cetificate_node = Nokogiri::XML::Node.new('X509Certificate', document)
178
- cetificate_node.content = Base64.encode64(cert.to_der).gsub("\n", '')
237
+ cetificate_node.content = Base64.encode64(cert.to_der).delete("\n")
179
238
 
180
239
  data_node = Nokogiri::XML::Node.new('X509Data', document)
181
240
  data_node.add_child(issuer_serial_node)
@@ -210,6 +269,7 @@ class Signer
210
269
  # * [+:id+] Id for the node, if you don't want to use automatically calculated one
211
270
  # * [+:inclusive_namespaces+] Array of namespace prefixes which definitions should be added to node during canonicalization
212
271
  # * [+:enveloped+]
272
+ # * [+:ref_type+] add `Type` attribute to Reference node, if ref_type is not nil
213
273
  #
214
274
  # Example of XML that will be inserted in message for call like <tt>digest!(node, inclusive_namespaces: ['soap'])</tt>:
215
275
  #
@@ -242,11 +302,13 @@ class Signer
242
302
 
243
303
  reference_node = Nokogiri::XML::Node.new('Reference', document)
244
304
  reference_node['URI'] = id.to_s.size > 0 ? "##{id}" : ""
305
+ reference_node['Type'] = options[:ref_type] if options[:ref_type]
306
+
245
307
  signed_info_node.add_child(reference_node)
246
308
  set_namespace_for_node(reference_node, DS_NAMESPACE, ds_namespace_prefix)
247
309
 
248
310
  transforms_node = Nokogiri::XML::Node.new('Transforms', document)
249
- reference_node.add_child(transforms_node)
311
+ reference_node.add_child(transforms_node) unless options[:no_transform]
250
312
  set_namespace_for_node(transforms_node, DS_NAMESPACE, ds_namespace_prefix)
251
313
 
252
314
  transform_node = Nokogiri::XML::Node.new('Transform', document)
@@ -256,16 +318,19 @@ class Signer
256
318
  else
257
319
  transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
258
320
  end
321
+
259
322
  if options[:inclusive_namespaces]
260
323
  inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
261
324
  inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
262
325
  inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
263
326
  transform_node.add_child(inclusive_namespaces_node)
264
327
  end
328
+
265
329
  transforms_node.add_child(transform_node)
266
330
 
267
331
  digest_method_node = Nokogiri::XML::Node.new('DigestMethod', document)
268
332
  digest_method_node['Algorithm'] = @digester.digest_id
333
+
269
334
  reference_node.add_child(digest_method_node)
270
335
  set_namespace_for_node(digest_method_node, DS_NAMESPACE, ds_namespace_prefix)
271
336
 
@@ -307,7 +372,7 @@ class Signer
307
372
  signed_info_canon = canonicalize(signed_info_node, options[:inclusive_namespaces])
308
373
 
309
374
  signature = private_key.sign(@sign_digester.digester, signed_info_canon)
310
- signature_value_digest = Base64.encode64(signature).gsub("\n", '')
375
+ signature_value_digest = Base64.encode64(signature).delete("\n")
311
376
 
312
377
  signature_value_node = Nokogiri::XML::Node.new('SignatureValue', document)
313
378
  signature_value_node.content = signature_value_digest
data/lib/signer/digester.rb CHANGED
@@ -28,7 +28,7 @@ class Signer
28
28
  id: 'http://www.w3.org/2001/04/xmldsig-more#gostr3411',
29
29
  digester: lambda { OpenSSL::Digest.new('md_gost94') },
30
30
  },
31
- }
31
+ }.freeze
32
32
 
33
33
  # Class that holds +OpenSSL::Digest+ instance with some meta information for digesting in XML.
34
34
  class Digester
@@ -69,7 +69,5 @@ class Signer
69
69
  def digest_id
70
70
  @digest_info[:id]
71
71
  end
72
-
73
72
  end
74
-
75
73
  end
data/lib/signer/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  class Signer
2
- VERSION = '1.7.0'
2
+ VERSION = '1.8.0'
3
3
  end
data/spec/fixtures/output_2.xml CHANGED
@@ -21,7 +21,7 @@
21
21
  <KeyInfo>
22
22
  <X509Data>
23
23
  <X509IssuerSerial>
24
- <X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</X509IssuerName>
24
+ <X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</X509IssuerName>
25
25
  <X509SerialNumber>16503368396260674861</X509SerialNumber>
26
26
  </X509IssuerSerial>
27
27
  <X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</X509Certificate>
data/spec/fixtures/output_2_with_ds_prefix.xml CHANGED
@@ -21,7 +21,7 @@
21
21
  <ds:KeyInfo>
22
22
  <ds:X509Data>
23
23
  <ds:X509IssuerSerial>
24
- <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
24
+ <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
25
25
  <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
26
26
  </ds:X509IssuerSerial>
27
27
  <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml CHANGED
@@ -1,37 +1,38 @@
1
+ <?xml version="1.0"?>
1
2
  <ApplicationRequest xmlns="http://bxd.fi/xmldata/">
2
- <CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
3
- <Command>GetUserInfo</Command>
4
- <Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
5
- <Environment>PRODUCTION</Environment>
6
- <SoftwareId>Petri</SoftwareId>
7
- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
8
- <ds:SignedInfo>
9
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
10
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
11
- <ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
12
- <ds:Transforms>
13
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
14
- </ds:Transforms>
15
- <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
16
- <ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
17
- </ds:Reference>
18
- <ds:Reference URI="">
19
- <ds:Transforms>
20
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
21
- </ds:Transforms>
22
- <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
23
- <ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
24
- </ds:Reference>
25
- </ds:SignedInfo>
26
- <ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
27
- <ds:KeyInfo>
28
- <ds:X509Data>
29
- <ds:X509IssuerSerial>
30
- <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
31
- <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
32
- </ds:X509IssuerSerial>
33
- <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
34
- </ds:X509Data>
35
- </ds:KeyInfo>
36
- </ds:Signature>
3
+ <CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
4
+ <Command>GetUserInfo</Command>
5
+ <Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
6
+ <Environment>PRODUCTION</Environment>
7
+ <SoftwareId>Petri</SoftwareId>
8
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
9
+ <ds:SignedInfo>
10
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
11
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
12
+ <ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
13
+ <ds:Transforms>
14
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
15
+ </ds:Transforms>
16
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
17
+ <ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
18
+ </ds:Reference>
19
+ <ds:Reference URI="">
20
+ <ds:Transforms>
21
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
22
+ </ds:Transforms>
23
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
24
+ <ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
25
+ </ds:Reference>
26
+ </ds:SignedInfo>
27
+ <ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
28
+ <ds:KeyInfo>
29
+ <ds:X509Data>
30
+ <ds:X509IssuerSerial>
31
+ <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
32
+ <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
33
+ </ds:X509IssuerSerial>
34
+ <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
35
+ </ds:X509Data>
36
+ </ds:KeyInfo>
37
+ </ds:Signature>
37
38
  </ApplicationRequest>
data/spec/fixtures/output_5_with_security_token.xml CHANGED
@@ -21,7 +21,7 @@
21
21
  <wsse:SecurityTokenReference>
22
22
  <ds:X509Data>
23
23
  <ds:X509IssuerSerial>
24
- <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
24
+ <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
25
25
  <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
26
26
  </ds:X509IssuerSerial>
27
27
  <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
data/spec/fixtures/output_5_with_x509_data.xml CHANGED
@@ -20,7 +20,7 @@
20
20
  <ds:KeyInfo>
21
21
  <ds:X509Data>
22
22
  <ds:X509IssuerSerial>
23
- <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
23
+ <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
24
24
  <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
25
25
  </ds:X509IssuerSerial>
26
26
  <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
data/spec/signer_spec.rb CHANGED
@@ -27,7 +27,7 @@ describe Signer do
27
27
  # end
28
28
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1.xml')
29
29
 
30
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
30
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
31
31
  end
32
32
 
33
33
  it "should correctly canonicalize digested nodes (shouldn't account comments)" do
@@ -44,7 +44,7 @@ describe Signer do
44
44
 
45
45
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_3_c14n_comments.xml')
46
46
 
47
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
47
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
48
48
  end
49
49
 
50
50
  it "should digest and sign SOAP XML with SHA256" do
@@ -65,7 +65,7 @@ describe Signer do
65
65
 
66
66
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_sha256.xml')
67
67
 
68
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
68
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
69
69
  end
70
70
 
71
71
  it "should digest and sign SOAP XML with inclusive namespaces" do
@@ -85,7 +85,7 @@ describe Signer do
85
85
 
86
86
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_inclusive_namespaces.xml')
87
87
 
88
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
88
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
89
89
  end
90
90
 
91
91
  it "should sign simple XML" do
@@ -98,7 +98,7 @@ describe Signer do
98
98
  signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
99
99
  signer.security_node = signer.document.root
100
100
  signer.security_token_id = ""
101
- signer.digest!(signer.document.root, :id => "", :enveloped => true)
101
+ signer.digest!(signer.document.root, id: "", enveloped: true)
102
102
  signer.sign!(:issuer_serial => true)
103
103
 
104
104
  # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml'), "w") do |f|
@@ -106,7 +106,7 @@ describe Signer do
106
106
  # end
107
107
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml')
108
108
 
109
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
109
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
110
110
  end
111
111
 
112
112
 
@@ -137,7 +137,7 @@ describe Signer do
137
137
  # end
138
138
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_4_with_nested_signatures.xml')
139
139
 
140
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
140
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
141
141
  end
142
142
 
143
143
  it "should sign simple XML with custom DS namespace prefix" do
@@ -152,15 +152,33 @@ describe Signer do
152
152
  signer.security_token_id = ""
153
153
  signer.ds_namespace_prefix = 'ds'
154
154
 
155
- signer.digest!(signer.document.root, :id => "", :enveloped => true)
156
- signer.sign!(:issuer_serial => true)
155
+ signer.digest!(signer.document.root, id: "", enveloped: true)
156
+ signer.sign!(issuer_serial: true)
157
157
 
158
158
  # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
159
159
  # f.write signer.document.to_s
160
160
  # end
161
161
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml')
162
162
 
163
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
163
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
164
+ end
165
+
166
+ it "should digest simple XML without transforms node" do
167
+ input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
168
+ cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
169
+ private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
170
+
171
+ signer = Signer.new(File.read(input_xml_file))
172
+ signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
173
+ signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
174
+ signer.security_node = signer.document.root
175
+ signer.security_token_id = ""
176
+ signer.ds_namespace_prefix = 'ds'
177
+
178
+ signer.digest!(signer.document.root, id: "", no_transform: true)
179
+ signer.sign!(issuer_serial: true)
180
+
181
+ expect(signer.document.at_xpath('//ds:Transforms', ds: Signer::DS_NAMESPACE)).to be_nil
164
182
  end
165
183
 
166
184
  it "should partially sign element and simple XML with custom DS namespace prefix when wss is false" do
@@ -176,12 +194,12 @@ describe Signer do
176
194
  signer.ds_namespace_prefix = 'ds'
177
195
 
178
196
  # partially sign element
179
- signer.digest!(signer.document.root.children.first, :enveloped => true)
197
+ signer.digest!(signer.document.root.children.first, enveloped: true)
180
198
 
181
- signer.digest!(signer.document.root, :id => "", :enveloped => true)
182
- signer.sign!(:issuer_serial => true)
199
+ signer.digest!(signer.document.root, id: "", enveloped: true)
200
+ signer.sign!(issuer_serial: true)
183
201
 
184
- # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
202
+ # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml'), "w") do |f|
185
203
  # f.write signer.document.to_s
186
204
  # end
187
205
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml')
@@ -215,7 +233,7 @@ describe Signer do
215
233
  'fixtures',
216
234
  'output_4_with_nested_signatures_with_noblanks_disabled.xml')
217
235
 
218
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(:save_with => 0)
236
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(save_with: 0)
219
237
  end
220
238
 
221
239
  it "should digest and sign SOAP XML with X509Data inside SecurityTokenReference node" do
@@ -237,7 +255,7 @@ describe Signer do
237
255
  'fixtures',
238
256
  'output_5_with_security_token.xml')
239
257
 
240
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
258
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
241
259
  end
242
260
 
243
261
  it "should digest and sign SOAP XML with X509Data" do
@@ -259,6 +277,6 @@ describe Signer do
259
277
  'fixtures',
260
278
  'output_5_with_x509_data.xml')
261
279
 
262
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
280
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
263
281
  end
264
282
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 1.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edgars Beigarts
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-11-05 00:00:00.000000000 Z
11
+ date: 2018-11-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake