signer 1.7.0 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/lib/signer.rb +79 -14
- data/lib/signer/digester.rb +1 -3
- data/lib/signer/version.rb +1 -1
- data/spec/fixtures/output_2.xml +1 -1
- data/spec/fixtures/output_2_with_ds_prefix.xml +1 -1
- data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml +36 -35
- data/spec/fixtures/output_5_with_security_token.xml +1 -1
- data/spec/fixtures/output_5_with_x509_data.xml +1 -1
- data/spec/signer_spec.rb +35 -17
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0ef82f9441fe5557e15ba389223039ea898ed86d
|
4
|
+
data.tar.gz: e08734d225ce9010442d00678eff3a865ca132e6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bb7fad0471750095caca4ff1bef554d89b9ee2f998b58d557db3754235fa9da0e4710f3bb1dbdab0ba65a72af09fc8a08fef13f60fe1f65855854459cfa84720
|
7
|
+
data.tar.gz: e1a8d6b2ca4d5afc96f01e54a771c75e3ad67871a4ac39d3a1e70462c24b46efa960ed6404f2ec5435cb19ea0f52d75643f914d59d41cf876bfa8e502a841d77
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,14 @@
|
|
1
|
+
## 1.8.0 (2018-11-14)
|
2
|
+
|
3
|
+
- Add parameter to customize canonicalize algorithm (#19, @pistachiology)
|
4
|
+
- Add references node type on digest (for xades-bes signing properties) (#19, @pistachiology)
|
5
|
+
- change issuer x509 content to be more standard way (#19, @pistachiology)
|
6
|
+
|
1
7
|
## 1.7.0 (2018-11-06)
|
2
8
|
|
3
9
|
- Add wss option for XML only signing (#18, @pistachiology)
|
10
|
+
- Add support for SHA512 Digest
|
11
|
+
- Rename id for SHA256 Digest
|
4
12
|
|
5
13
|
## 1.6.0 (2017-09-14)
|
6
14
|
|
data/lib/signer.rb
CHANGED
@@ -11,21 +11,79 @@ class Signer
|
|
11
11
|
attr_reader :cert
|
12
12
|
attr_writer :security_node, :signature_node, :security_token_id
|
13
13
|
|
14
|
-
WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
|
15
|
-
WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
|
16
|
-
DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
|
17
|
-
|
18
|
-
|
14
|
+
WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'.freeze
|
15
|
+
WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'.freeze
|
16
|
+
DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'.freeze
|
17
|
+
|
18
|
+
SIGNATURE_ALGORITHM = {
|
19
|
+
# SHA 1
|
20
|
+
sha1: {
|
21
|
+
id: 'http://www.w3.org/2001/04/xmlenc#sha1',
|
22
|
+
name: 'SHA1'
|
23
|
+
},
|
24
|
+
# SHA 256
|
25
|
+
sha256: {
|
26
|
+
id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
|
27
|
+
name: 'SHA256'
|
28
|
+
},
|
29
|
+
# SHA512
|
30
|
+
sha512: {
|
31
|
+
id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
|
32
|
+
name: 'SHA512'
|
33
|
+
},
|
34
|
+
# GOST R 34-11 94
|
35
|
+
gostr3411: {
|
36
|
+
id: 'https://www.w3.org/2001/04/xmldsig-more#rsa-gostr3411',
|
37
|
+
name: 'GOST R 34.11-94'
|
38
|
+
}
|
39
|
+
}.freeze
|
40
|
+
|
41
|
+
CANONICALIZE_ALGORITHM = {
|
42
|
+
c14n_exec_1_0: {
|
43
|
+
name: 'c14n execlusive 1.0',
|
44
|
+
value: Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0,
|
45
|
+
id: 'http://www.w3.org/2001/10/xml-exc-c14n#'
|
46
|
+
},
|
47
|
+
c14n_1_0: {
|
48
|
+
name: 'c14n 1.0',
|
49
|
+
value: Nokogiri::XML::XML_C14N_1_0,
|
50
|
+
id: 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
|
51
|
+
},
|
52
|
+
c14n_1_1: {
|
53
|
+
name: 'c14n 1.1',
|
54
|
+
value: Nokogiri::XML::XML_C14N_1_1,
|
55
|
+
id: 'https://www.w3.org/TR/2008/REC-xml-c14n11-20080502/'
|
56
|
+
}
|
57
|
+
}.freeze
|
58
|
+
|
59
|
+
def initialize(document, noblanks: true, wss: true, canonicalize_algorithm: :c14n_exec_1_0)
|
19
60
|
self.document = Nokogiri::XML(document.to_s) do |config|
|
20
61
|
config.noblanks if noblanks
|
21
62
|
end
|
22
63
|
self.digest_algorithm = :sha1
|
23
64
|
self.wss = wss
|
24
|
-
self.
|
65
|
+
self.canonicalize_algorithm = canonicalize_algorithm
|
66
|
+
set_default_signature_method!
|
25
67
|
end
|
26
68
|
|
27
69
|
def to_xml
|
28
|
-
document.to_xml(:
|
70
|
+
document.to_xml(save_with: 0)
|
71
|
+
end
|
72
|
+
|
73
|
+
def canonicalize_name
|
74
|
+
@canonicalize_algorithm[:name]
|
75
|
+
end
|
76
|
+
|
77
|
+
def canonicalize_id
|
78
|
+
@canonicalize_algorithm[:id]
|
79
|
+
end
|
80
|
+
|
81
|
+
def canonicalize_algorithm
|
82
|
+
@canonicalize_algorithm[:value]
|
83
|
+
end
|
84
|
+
|
85
|
+
def canonicalize_algorithm=(algorithm)
|
86
|
+
@canonicalize_algorithm = CANONICALIZE_ALGORITHM[algorithm]
|
29
87
|
end
|
30
88
|
|
31
89
|
# Return symbol name for supported digest algorithms and string name for custom ones.
|
@@ -50,6 +108,7 @@ class Signer
|
|
50
108
|
# Allows to change digesting algorithm for signature creation. Same as +digest_algorithm=+
|
51
109
|
def signature_digest_algorithm=(algorithm)
|
52
110
|
@sign_digester = Signer::Digester.new(algorithm)
|
111
|
+
self.signature_algorithm_id = SIGNATURE_ALGORITHM[algorithm][:id]
|
53
112
|
end
|
54
113
|
|
55
114
|
# Receives certificate for signing and tries to guess a digest algorithm for signature creation.
|
@@ -76,8 +135,8 @@ class Signer
|
|
76
135
|
@security_node ||= wss? ? document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first : ''
|
77
136
|
end
|
78
137
|
|
79
|
-
def canonicalize(node = document, inclusive_namespaces=nil)
|
80
|
-
node.canonicalize(
|
138
|
+
def canonicalize(node = document, inclusive_namespaces=nil, algorithm: canonicalize_algorithm)
|
139
|
+
node.canonicalize(algorithm, inclusive_namespaces, nil)
|
81
140
|
end
|
82
141
|
|
83
142
|
# <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
@@ -105,7 +164,7 @@ class Signer
|
|
105
164
|
signature_node.add_child(node)
|
106
165
|
set_namespace_for_node(node, DS_NAMESPACE, ds_namespace_prefix)
|
107
166
|
canonicalization_method_node = Nokogiri::XML::Node.new('CanonicalizationMethod', document)
|
108
|
-
canonicalization_method_node['Algorithm'] =
|
167
|
+
canonicalization_method_node['Algorithm'] = canonicalize_id
|
109
168
|
node.add_child(canonicalization_method_node)
|
110
169
|
set_namespace_for_node(canonicalization_method_node, DS_NAMESPACE, ds_namespace_prefix)
|
111
170
|
signature_method_node = Nokogiri::XML::Node.new('SignatureMethod', document)
|
@@ -165,7 +224,7 @@ class Signer
|
|
165
224
|
# </KeyInfo>
|
166
225
|
def x509_data_node(issuer_in_security_token = false)
|
167
226
|
issuer_name_node = Nokogiri::XML::Node.new('X509IssuerName', document)
|
168
|
-
issuer_name_node.content = cert.issuer.to_s
|
227
|
+
issuer_name_node.content = cert.issuer.to_s(OpenSSL::X509::Name::RFC2253)
|
169
228
|
|
170
229
|
issuer_number_node = Nokogiri::XML::Node.new('X509SerialNumber', document)
|
171
230
|
issuer_number_node.content = cert.serial
|
@@ -175,7 +234,7 @@ class Signer
|
|
175
234
|
issuer_serial_node.add_child(issuer_number_node)
|
176
235
|
|
177
236
|
cetificate_node = Nokogiri::XML::Node.new('X509Certificate', document)
|
178
|
-
cetificate_node.content = Base64.encode64(cert.to_der).
|
237
|
+
cetificate_node.content = Base64.encode64(cert.to_der).delete("\n")
|
179
238
|
|
180
239
|
data_node = Nokogiri::XML::Node.new('X509Data', document)
|
181
240
|
data_node.add_child(issuer_serial_node)
|
@@ -210,6 +269,7 @@ class Signer
|
|
210
269
|
# * [+:id+] Id for the node, if you don't want to use automatically calculated one
|
211
270
|
# * [+:inclusive_namespaces+] Array of namespace prefixes which definitions should be added to node during canonicalization
|
212
271
|
# * [+:enveloped+]
|
272
|
+
# * [+:ref_type+] add `Type` attribute to Reference node, if ref_type is not nil
|
213
273
|
#
|
214
274
|
# Example of XML that will be inserted in message for call like <tt>digest!(node, inclusive_namespaces: ['soap'])</tt>:
|
215
275
|
#
|
@@ -242,11 +302,13 @@ class Signer
|
|
242
302
|
|
243
303
|
reference_node = Nokogiri::XML::Node.new('Reference', document)
|
244
304
|
reference_node['URI'] = id.to_s.size > 0 ? "##{id}" : ""
|
305
|
+
reference_node['Type'] = options[:ref_type] if options[:ref_type]
|
306
|
+
|
245
307
|
signed_info_node.add_child(reference_node)
|
246
308
|
set_namespace_for_node(reference_node, DS_NAMESPACE, ds_namespace_prefix)
|
247
309
|
|
248
310
|
transforms_node = Nokogiri::XML::Node.new('Transforms', document)
|
249
|
-
reference_node.add_child(transforms_node)
|
311
|
+
reference_node.add_child(transforms_node) unless options[:no_transform]
|
250
312
|
set_namespace_for_node(transforms_node, DS_NAMESPACE, ds_namespace_prefix)
|
251
313
|
|
252
314
|
transform_node = Nokogiri::XML::Node.new('Transform', document)
|
@@ -256,16 +318,19 @@ class Signer
|
|
256
318
|
else
|
257
319
|
transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
|
258
320
|
end
|
321
|
+
|
259
322
|
if options[:inclusive_namespaces]
|
260
323
|
inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
|
261
324
|
inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
|
262
325
|
inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
|
263
326
|
transform_node.add_child(inclusive_namespaces_node)
|
264
327
|
end
|
328
|
+
|
265
329
|
transforms_node.add_child(transform_node)
|
266
330
|
|
267
331
|
digest_method_node = Nokogiri::XML::Node.new('DigestMethod', document)
|
268
332
|
digest_method_node['Algorithm'] = @digester.digest_id
|
333
|
+
|
269
334
|
reference_node.add_child(digest_method_node)
|
270
335
|
set_namespace_for_node(digest_method_node, DS_NAMESPACE, ds_namespace_prefix)
|
271
336
|
|
@@ -307,7 +372,7 @@ class Signer
|
|
307
372
|
signed_info_canon = canonicalize(signed_info_node, options[:inclusive_namespaces])
|
308
373
|
|
309
374
|
signature = private_key.sign(@sign_digester.digester, signed_info_canon)
|
310
|
-
signature_value_digest = Base64.encode64(signature).
|
375
|
+
signature_value_digest = Base64.encode64(signature).delete("\n")
|
311
376
|
|
312
377
|
signature_value_node = Nokogiri::XML::Node.new('SignatureValue', document)
|
313
378
|
signature_value_node.content = signature_value_digest
|
data/lib/signer/digester.rb
CHANGED
@@ -28,7 +28,7 @@ class Signer
|
|
28
28
|
id: 'http://www.w3.org/2001/04/xmldsig-more#gostr3411',
|
29
29
|
digester: lambda { OpenSSL::Digest.new('md_gost94') },
|
30
30
|
},
|
31
|
-
}
|
31
|
+
}.freeze
|
32
32
|
|
33
33
|
# Class that holds +OpenSSL::Digest+ instance with some meta information for digesting in XML.
|
34
34
|
class Digester
|
@@ -69,7 +69,5 @@ class Signer
|
|
69
69
|
def digest_id
|
70
70
|
@digest_info[:id]
|
71
71
|
end
|
72
|
-
|
73
72
|
end
|
74
|
-
|
75
73
|
end
|
data/lib/signer/version.rb
CHANGED
data/spec/fixtures/output_2.xml
CHANGED
@@ -21,7 +21,7 @@
|
|
21
21
|
<KeyInfo>
|
22
22
|
<X509Data>
|
23
23
|
<X509IssuerSerial>
|
24
|
-
<X509IssuerName>
|
24
|
+
<X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</X509IssuerName>
|
25
25
|
<X509SerialNumber>16503368396260674861</X509SerialNumber>
|
26
26
|
</X509IssuerSerial>
|
27
27
|
<X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</X509Certificate>
|
@@ -21,7 +21,7 @@
|
|
21
21
|
<ds:KeyInfo>
|
22
22
|
<ds:X509Data>
|
23
23
|
<ds:X509IssuerSerial>
|
24
|
-
<ds:X509IssuerName>
|
24
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
25
25
|
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
26
26
|
</ds:X509IssuerSerial>
|
27
27
|
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
@@ -1,37 +1,38 @@
|
|
1
|
+
<?xml version="1.0"?>
|
1
2
|
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
3
|
+
<CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
|
4
|
+
<Command>GetUserInfo</Command>
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
6
|
+
<Environment>PRODUCTION</Environment>
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
9
|
+
<ds:SignedInfo>
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
12
|
+
<ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
|
13
|
+
<ds:Transforms>
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
15
|
+
</ds:Transforms>
|
16
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
17
|
+
<ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
|
18
|
+
</ds:Reference>
|
19
|
+
<ds:Reference URI="">
|
20
|
+
<ds:Transforms>
|
21
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
22
|
+
</ds:Transforms>
|
23
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
24
|
+
<ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
|
25
|
+
</ds:Reference>
|
26
|
+
</ds:SignedInfo>
|
27
|
+
<ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
|
28
|
+
<ds:KeyInfo>
|
29
|
+
<ds:X509Data>
|
30
|
+
<ds:X509IssuerSerial>
|
31
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
32
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
33
|
+
</ds:X509IssuerSerial>
|
34
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
35
|
+
</ds:X509Data>
|
36
|
+
</ds:KeyInfo>
|
37
|
+
</ds:Signature>
|
37
38
|
</ApplicationRequest>
|
@@ -21,7 +21,7 @@
|
|
21
21
|
<wsse:SecurityTokenReference>
|
22
22
|
<ds:X509Data>
|
23
23
|
<ds:X509IssuerSerial>
|
24
|
-
<ds:X509IssuerName>
|
24
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
25
25
|
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
26
26
|
</ds:X509IssuerSerial>
|
27
27
|
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
@@ -20,7 +20,7 @@
|
|
20
20
|
<ds:KeyInfo>
|
21
21
|
<ds:X509Data>
|
22
22
|
<ds:X509IssuerSerial>
|
23
|
-
<ds:X509IssuerName>
|
23
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
24
24
|
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
25
25
|
</ds:X509IssuerSerial>
|
26
26
|
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
data/spec/signer_spec.rb
CHANGED
@@ -27,7 +27,7 @@ describe Signer do
|
|
27
27
|
# end
|
28
28
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1.xml')
|
29
29
|
|
30
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
30
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
31
31
|
end
|
32
32
|
|
33
33
|
it "should correctly canonicalize digested nodes (shouldn't account comments)" do
|
@@ -44,7 +44,7 @@ describe Signer do
|
|
44
44
|
|
45
45
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_3_c14n_comments.xml')
|
46
46
|
|
47
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
47
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
48
48
|
end
|
49
49
|
|
50
50
|
it "should digest and sign SOAP XML with SHA256" do
|
@@ -65,7 +65,7 @@ describe Signer do
|
|
65
65
|
|
66
66
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_sha256.xml')
|
67
67
|
|
68
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
68
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
69
69
|
end
|
70
70
|
|
71
71
|
it "should digest and sign SOAP XML with inclusive namespaces" do
|
@@ -85,7 +85,7 @@ describe Signer do
|
|
85
85
|
|
86
86
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_inclusive_namespaces.xml')
|
87
87
|
|
88
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
88
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
89
89
|
end
|
90
90
|
|
91
91
|
it "should sign simple XML" do
|
@@ -98,7 +98,7 @@ describe Signer do
|
|
98
98
|
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
99
99
|
signer.security_node = signer.document.root
|
100
100
|
signer.security_token_id = ""
|
101
|
-
signer.digest!(signer.document.root, :
|
101
|
+
signer.digest!(signer.document.root, id: "", enveloped: true)
|
102
102
|
signer.sign!(:issuer_serial => true)
|
103
103
|
|
104
104
|
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml'), "w") do |f|
|
@@ -106,7 +106,7 @@ describe Signer do
|
|
106
106
|
# end
|
107
107
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml')
|
108
108
|
|
109
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
109
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
110
110
|
end
|
111
111
|
|
112
112
|
|
@@ -137,7 +137,7 @@ describe Signer do
|
|
137
137
|
# end
|
138
138
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_4_with_nested_signatures.xml')
|
139
139
|
|
140
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
140
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
141
141
|
end
|
142
142
|
|
143
143
|
it "should sign simple XML with custom DS namespace prefix" do
|
@@ -152,15 +152,33 @@ describe Signer do
|
|
152
152
|
signer.security_token_id = ""
|
153
153
|
signer.ds_namespace_prefix = 'ds'
|
154
154
|
|
155
|
-
signer.digest!(signer.document.root, :
|
156
|
-
signer.sign!(:
|
155
|
+
signer.digest!(signer.document.root, id: "", enveloped: true)
|
156
|
+
signer.sign!(issuer_serial: true)
|
157
157
|
|
158
158
|
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
|
159
159
|
# f.write signer.document.to_s
|
160
160
|
# end
|
161
161
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml')
|
162
162
|
|
163
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
163
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
164
|
+
end
|
165
|
+
|
166
|
+
it "should digest simple XML without transforms node" do
|
167
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
168
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
169
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
170
|
+
|
171
|
+
signer = Signer.new(File.read(input_xml_file))
|
172
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
173
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
174
|
+
signer.security_node = signer.document.root
|
175
|
+
signer.security_token_id = ""
|
176
|
+
signer.ds_namespace_prefix = 'ds'
|
177
|
+
|
178
|
+
signer.digest!(signer.document.root, id: "", no_transform: true)
|
179
|
+
signer.sign!(issuer_serial: true)
|
180
|
+
|
181
|
+
expect(signer.document.at_xpath('//ds:Transforms', ds: Signer::DS_NAMESPACE)).to be_nil
|
164
182
|
end
|
165
183
|
|
166
184
|
it "should partially sign element and simple XML with custom DS namespace prefix when wss is false" do
|
@@ -176,12 +194,12 @@ describe Signer do
|
|
176
194
|
signer.ds_namespace_prefix = 'ds'
|
177
195
|
|
178
196
|
# partially sign element
|
179
|
-
signer.digest!(signer.document.root.children.first, :
|
197
|
+
signer.digest!(signer.document.root.children.first, enveloped: true)
|
180
198
|
|
181
|
-
signer.digest!(signer.document.root, :
|
182
|
-
signer.sign!(:
|
199
|
+
signer.digest!(signer.document.root, id: "", enveloped: true)
|
200
|
+
signer.sign!(issuer_serial: true)
|
183
201
|
|
184
|
-
# File.open(File.join(File.dirname(__FILE__), 'fixtures', '
|
202
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml'), "w") do |f|
|
185
203
|
# f.write signer.document.to_s
|
186
204
|
# end
|
187
205
|
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml')
|
@@ -215,7 +233,7 @@ describe Signer do
|
|
215
233
|
'fixtures',
|
216
234
|
'output_4_with_nested_signatures_with_noblanks_disabled.xml')
|
217
235
|
|
218
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(:
|
236
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(save_with: 0)
|
219
237
|
end
|
220
238
|
|
221
239
|
it "should digest and sign SOAP XML with X509Data inside SecurityTokenReference node" do
|
@@ -237,7 +255,7 @@ describe Signer do
|
|
237
255
|
'fixtures',
|
238
256
|
'output_5_with_security_token.xml')
|
239
257
|
|
240
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
258
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
241
259
|
end
|
242
260
|
|
243
261
|
it "should digest and sign SOAP XML with X509Data" do
|
@@ -259,6 +277,6 @@ describe Signer do
|
|
259
277
|
'fixtures',
|
260
278
|
'output_5_with_x509_data.xml')
|
261
279
|
|
262
|
-
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:
|
280
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
263
281
|
end
|
264
282
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: signer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.8.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Edgars Beigarts
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-11-
|
11
|
+
date: 2018-11-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|