signer 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2cba6787704ac8cffdfd99839e20be635d047f06
4
- data.tar.gz: d0054e1665f0a526e709d543f1340c1e72dd97d6
3
+ metadata.gz: 0ef82f9441fe5557e15ba389223039ea898ed86d
4
+ data.tar.gz: e08734d225ce9010442d00678eff3a865ca132e6
5
5
  SHA512:
6
- metadata.gz: a3436ec52e02bea60aeeb62872050fd46ed75eb8fe12ce0f87c25e3338c1a9e909a4c1c8413fdbca3a37afed8d2780fb44712ac8890f9ce347d91632209fb27f
7
- data.tar.gz: c41e6225ed20232065ac98a7075eba7ff028c0d6f7ef7c0199cfed0c73f3a768dde7215731a32d86667e5a355a5d1e345ad9b19f9b2f2847adeb5e9966e45511
6
+ metadata.gz: bb7fad0471750095caca4ff1bef554d89b9ee2f998b58d557db3754235fa9da0e4710f3bb1dbdab0ba65a72af09fc8a08fef13f60fe1f65855854459cfa84720
7
+ data.tar.gz: e1a8d6b2ca4d5afc96f01e54a771c75e3ad67871a4ac39d3a1e70462c24b46efa960ed6404f2ec5435cb19ea0f52d75643f914d59d41cf876bfa8e502a841d77
@@ -1,6 +1,14 @@
1
+ ## 1.8.0 (2018-11-14)
2
+
3
+ - Add parameter to customize canonicalize algorithm (#19, @pistachiology)
4
+ - Add references node type on digest (for xades-bes signing properties) (#19, @pistachiology)
5
+ - change issuer x509 content to be more standard way (#19, @pistachiology)
6
+
1
7
  ## 1.7.0 (2018-11-06)
2
8
 
3
9
  - Add wss option for XML only signing (#18, @pistachiology)
10
+ - Add support for SHA512 Digest
11
+ - Rename id for SHA256 Digest
4
12
 
5
13
  ## 1.6.0 (2017-09-14)
6
14
 
@@ -11,21 +11,79 @@ class Signer
11
11
  attr_reader :cert
12
12
  attr_writer :security_node, :signature_node, :security_token_id
13
13
 
14
- WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
15
- WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
16
- DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
17
-
18
- def initialize(document, noblanks: true, wss: true)
14
+ WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'.freeze
15
+ WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'.freeze
16
+ DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'.freeze
17
+
18
+ SIGNATURE_ALGORITHM = {
19
+ # SHA 1
20
+ sha1: {
21
+ id: 'http://www.w3.org/2001/04/xmlenc#sha1',
22
+ name: 'SHA1'
23
+ },
24
+ # SHA 256
25
+ sha256: {
26
+ id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
27
+ name: 'SHA256'
28
+ },
29
+ # SHA512
30
+ sha512: {
31
+ id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
32
+ name: 'SHA512'
33
+ },
34
+ # GOST R 34-11 94
35
+ gostr3411: {
36
+ id: 'https://www.w3.org/2001/04/xmldsig-more#rsa-gostr3411',
37
+ name: 'GOST R 34.11-94'
38
+ }
39
+ }.freeze
40
+
41
+ CANONICALIZE_ALGORITHM = {
42
+ c14n_exec_1_0: {
43
+ name: 'c14n execlusive 1.0',
44
+ value: Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0,
45
+ id: 'http://www.w3.org/2001/10/xml-exc-c14n#'
46
+ },
47
+ c14n_1_0: {
48
+ name: 'c14n 1.0',
49
+ value: Nokogiri::XML::XML_C14N_1_0,
50
+ id: 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
51
+ },
52
+ c14n_1_1: {
53
+ name: 'c14n 1.1',
54
+ value: Nokogiri::XML::XML_C14N_1_1,
55
+ id: 'https://www.w3.org/TR/2008/REC-xml-c14n11-20080502/'
56
+ }
57
+ }.freeze
58
+
59
+ def initialize(document, noblanks: true, wss: true, canonicalize_algorithm: :c14n_exec_1_0)
19
60
  self.document = Nokogiri::XML(document.to_s) do |config|
20
61
  config.noblanks if noblanks
21
62
  end
22
63
  self.digest_algorithm = :sha1
23
64
  self.wss = wss
24
- self.set_default_signature_method!
65
+ self.canonicalize_algorithm = canonicalize_algorithm
66
+ set_default_signature_method!
25
67
  end
26
68
 
27
69
  def to_xml
28
- document.to_xml(:save_with => 0)
70
+ document.to_xml(save_with: 0)
71
+ end
72
+
73
+ def canonicalize_name
74
+ @canonicalize_algorithm[:name]
75
+ end
76
+
77
+ def canonicalize_id
78
+ @canonicalize_algorithm[:id]
79
+ end
80
+
81
+ def canonicalize_algorithm
82
+ @canonicalize_algorithm[:value]
83
+ end
84
+
85
+ def canonicalize_algorithm=(algorithm)
86
+ @canonicalize_algorithm = CANONICALIZE_ALGORITHM[algorithm]
29
87
  end
30
88
 
31
89
  # Return symbol name for supported digest algorithms and string name for custom ones.
@@ -50,6 +108,7 @@ class Signer
50
108
  # Allows to change digesting algorithm for signature creation. Same as +digest_algorithm=+
51
109
  def signature_digest_algorithm=(algorithm)
52
110
  @sign_digester = Signer::Digester.new(algorithm)
111
+ self.signature_algorithm_id = SIGNATURE_ALGORITHM[algorithm][:id]
53
112
  end
54
113
 
55
114
  # Receives certificate for signing and tries to guess a digest algorithm for signature creation.
@@ -76,8 +135,8 @@ class Signer
76
135
  @security_node ||= wss? ? document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first : ''
77
136
  end
78
137
 
79
- def canonicalize(node = document, inclusive_namespaces=nil)
80
- node.canonicalize(Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0, inclusive_namespaces, nil) # The last argument should be exactly +nil+ to remove comments from result
138
+ def canonicalize(node = document, inclusive_namespaces=nil, algorithm: canonicalize_algorithm)
139
+ node.canonicalize(algorithm, inclusive_namespaces, nil)
81
140
  end
82
141
 
83
142
  # <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
@@ -105,7 +164,7 @@ class Signer
105
164
  signature_node.add_child(node)
106
165
  set_namespace_for_node(node, DS_NAMESPACE, ds_namespace_prefix)
107
166
  canonicalization_method_node = Nokogiri::XML::Node.new('CanonicalizationMethod', document)
108
- canonicalization_method_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
167
+ canonicalization_method_node['Algorithm'] = canonicalize_id
109
168
  node.add_child(canonicalization_method_node)
110
169
  set_namespace_for_node(canonicalization_method_node, DS_NAMESPACE, ds_namespace_prefix)
111
170
  signature_method_node = Nokogiri::XML::Node.new('SignatureMethod', document)
@@ -165,7 +224,7 @@ class Signer
165
224
  # </KeyInfo>
166
225
  def x509_data_node(issuer_in_security_token = false)
167
226
  issuer_name_node = Nokogiri::XML::Node.new('X509IssuerName', document)
168
- issuer_name_node.content = cert.issuer.to_s[1..-1].gsub(/\//, ',')
227
+ issuer_name_node.content = cert.issuer.to_s(OpenSSL::X509::Name::RFC2253)
169
228
 
170
229
  issuer_number_node = Nokogiri::XML::Node.new('X509SerialNumber', document)
171
230
  issuer_number_node.content = cert.serial
@@ -175,7 +234,7 @@ class Signer
175
234
  issuer_serial_node.add_child(issuer_number_node)
176
235
 
177
236
  cetificate_node = Nokogiri::XML::Node.new('X509Certificate', document)
178
- cetificate_node.content = Base64.encode64(cert.to_der).gsub("\n", '')
237
+ cetificate_node.content = Base64.encode64(cert.to_der).delete("\n")
179
238
 
180
239
  data_node = Nokogiri::XML::Node.new('X509Data', document)
181
240
  data_node.add_child(issuer_serial_node)
@@ -210,6 +269,7 @@ class Signer
210
269
  # * [+:id+] Id for the node, if you don't want to use automatically calculated one
211
270
  # * [+:inclusive_namespaces+] Array of namespace prefixes which definitions should be added to node during canonicalization
212
271
  # * [+:enveloped+]
272
+ # * [+:ref_type+] add `Type` attribute to Reference node, if ref_type is not nil
213
273
  #
214
274
  # Example of XML that will be inserted in message for call like <tt>digest!(node, inclusive_namespaces: ['soap'])</tt>:
215
275
  #
@@ -242,11 +302,13 @@ class Signer
242
302
 
243
303
  reference_node = Nokogiri::XML::Node.new('Reference', document)
244
304
  reference_node['URI'] = id.to_s.size > 0 ? "##{id}" : ""
305
+ reference_node['Type'] = options[:ref_type] if options[:ref_type]
306
+
245
307
  signed_info_node.add_child(reference_node)
246
308
  set_namespace_for_node(reference_node, DS_NAMESPACE, ds_namespace_prefix)
247
309
 
248
310
  transforms_node = Nokogiri::XML::Node.new('Transforms', document)
249
- reference_node.add_child(transforms_node)
311
+ reference_node.add_child(transforms_node) unless options[:no_transform]
250
312
  set_namespace_for_node(transforms_node, DS_NAMESPACE, ds_namespace_prefix)
251
313
 
252
314
  transform_node = Nokogiri::XML::Node.new('Transform', document)
@@ -256,16 +318,19 @@ class Signer
256
318
  else
257
319
  transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
258
320
  end
321
+
259
322
  if options[:inclusive_namespaces]
260
323
  inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
261
324
  inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
262
325
  inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
263
326
  transform_node.add_child(inclusive_namespaces_node)
264
327
  end
328
+
265
329
  transforms_node.add_child(transform_node)
266
330
 
267
331
  digest_method_node = Nokogiri::XML::Node.new('DigestMethod', document)
268
332
  digest_method_node['Algorithm'] = @digester.digest_id
333
+
269
334
  reference_node.add_child(digest_method_node)
270
335
  set_namespace_for_node(digest_method_node, DS_NAMESPACE, ds_namespace_prefix)
271
336
 
@@ -307,7 +372,7 @@ class Signer
307
372
  signed_info_canon = canonicalize(signed_info_node, options[:inclusive_namespaces])
308
373
 
309
374
  signature = private_key.sign(@sign_digester.digester, signed_info_canon)
310
- signature_value_digest = Base64.encode64(signature).gsub("\n", '')
375
+ signature_value_digest = Base64.encode64(signature).delete("\n")
311
376
 
312
377
  signature_value_node = Nokogiri::XML::Node.new('SignatureValue', document)
313
378
  signature_value_node.content = signature_value_digest
@@ -28,7 +28,7 @@ class Signer
28
28
  id: 'http://www.w3.org/2001/04/xmldsig-more#gostr3411',
29
29
  digester: lambda { OpenSSL::Digest.new('md_gost94') },
30
30
  },
31
- }
31
+ }.freeze
32
32
 
33
33
  # Class that holds +OpenSSL::Digest+ instance with some meta information for digesting in XML.
34
34
  class Digester
@@ -69,7 +69,5 @@ class Signer
69
69
  def digest_id
70
70
  @digest_info[:id]
71
71
  end
72
-
73
72
  end
74
-
75
73
  end
@@ -1,3 +1,3 @@
1
1
  class Signer
2
- VERSION = '1.7.0'
2
+ VERSION = '1.8.0'
3
3
  end
@@ -21,7 +21,7 @@
21
21
  <KeyInfo>
22
22
  <X509Data>
23
23
  <X509IssuerSerial>
24
- <X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</X509IssuerName>
24
+ <X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</X509IssuerName>
25
25
  <X509SerialNumber>16503368396260674861</X509SerialNumber>
26
26
  </X509IssuerSerial>
27
27
  <X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</X509Certificate>
@@ -21,7 +21,7 @@
21
21
  <ds:KeyInfo>
22
22
  <ds:X509Data>
23
23
  <ds:X509IssuerSerial>
24
- <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
24
+ <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
25
25
  <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
26
26
  </ds:X509IssuerSerial>
27
27
  <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
@@ -1,37 +1,38 @@
1
+ <?xml version="1.0"?>
1
2
  <ApplicationRequest xmlns="http://bxd.fi/xmldata/">
2
- <CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
3
- <Command>GetUserInfo</Command>
4
- <Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
5
- <Environment>PRODUCTION</Environment>
6
- <SoftwareId>Petri</SoftwareId>
7
- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
8
- <ds:SignedInfo>
9
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
10
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
11
- <ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
12
- <ds:Transforms>
13
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
14
- </ds:Transforms>
15
- <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
16
- <ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
17
- </ds:Reference>
18
- <ds:Reference URI="">
19
- <ds:Transforms>
20
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
21
- </ds:Transforms>
22
- <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
23
- <ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
24
- </ds:Reference>
25
- </ds:SignedInfo>
26
- <ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
27
- <ds:KeyInfo>
28
- <ds:X509Data>
29
- <ds:X509IssuerSerial>
30
- <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
31
- <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
32
- </ds:X509IssuerSerial>
33
- <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
34
- </ds:X509Data>
35
- </ds:KeyInfo>
36
- </ds:Signature>
3
+ <CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
4
+ <Command>GetUserInfo</Command>
5
+ <Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
6
+ <Environment>PRODUCTION</Environment>
7
+ <SoftwareId>Petri</SoftwareId>
8
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
9
+ <ds:SignedInfo>
10
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
11
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
12
+ <ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
13
+ <ds:Transforms>
14
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
15
+ </ds:Transforms>
16
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
17
+ <ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
18
+ </ds:Reference>
19
+ <ds:Reference URI="">
20
+ <ds:Transforms>
21
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
22
+ </ds:Transforms>
23
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
24
+ <ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
25
+ </ds:Reference>
26
+ </ds:SignedInfo>
27
+ <ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
28
+ <ds:KeyInfo>
29
+ <ds:X509Data>
30
+ <ds:X509IssuerSerial>
31
+ <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
32
+ <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
33
+ </ds:X509IssuerSerial>
34
+ <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
35
+ </ds:X509Data>
36
+ </ds:KeyInfo>
37
+ </ds:Signature>
37
38
  </ApplicationRequest>
@@ -21,7 +21,7 @@
21
21
  <wsse:SecurityTokenReference>
22
22
  <ds:X509Data>
23
23
  <ds:X509IssuerSerial>
24
- <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
24
+ <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
25
25
  <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
26
26
  </ds:X509IssuerSerial>
27
27
  <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
@@ -20,7 +20,7 @@
20
20
  <ds:KeyInfo>
21
21
  <ds:X509Data>
22
22
  <ds:X509IssuerSerial>
23
- <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
23
+ <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
24
24
  <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
25
25
  </ds:X509IssuerSerial>
26
26
  <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
@@ -27,7 +27,7 @@ describe Signer do
27
27
  # end
28
28
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1.xml')
29
29
 
30
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
30
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
31
31
  end
32
32
 
33
33
  it "should correctly canonicalize digested nodes (shouldn't account comments)" do
@@ -44,7 +44,7 @@ describe Signer do
44
44
 
45
45
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_3_c14n_comments.xml')
46
46
 
47
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
47
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
48
48
  end
49
49
 
50
50
  it "should digest and sign SOAP XML with SHA256" do
@@ -65,7 +65,7 @@ describe Signer do
65
65
 
66
66
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_sha256.xml')
67
67
 
68
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
68
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
69
69
  end
70
70
 
71
71
  it "should digest and sign SOAP XML with inclusive namespaces" do
@@ -85,7 +85,7 @@ describe Signer do
85
85
 
86
86
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_inclusive_namespaces.xml')
87
87
 
88
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
88
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
89
89
  end
90
90
 
91
91
  it "should sign simple XML" do
@@ -98,7 +98,7 @@ describe Signer do
98
98
  signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
99
99
  signer.security_node = signer.document.root
100
100
  signer.security_token_id = ""
101
- signer.digest!(signer.document.root, :id => "", :enveloped => true)
101
+ signer.digest!(signer.document.root, id: "", enveloped: true)
102
102
  signer.sign!(:issuer_serial => true)
103
103
 
104
104
  # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml'), "w") do |f|
@@ -106,7 +106,7 @@ describe Signer do
106
106
  # end
107
107
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml')
108
108
 
109
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
109
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
110
110
  end
111
111
 
112
112
 
@@ -137,7 +137,7 @@ describe Signer do
137
137
  # end
138
138
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_4_with_nested_signatures.xml')
139
139
 
140
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
140
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
141
141
  end
142
142
 
143
143
  it "should sign simple XML with custom DS namespace prefix" do
@@ -152,15 +152,33 @@ describe Signer do
152
152
  signer.security_token_id = ""
153
153
  signer.ds_namespace_prefix = 'ds'
154
154
 
155
- signer.digest!(signer.document.root, :id => "", :enveloped => true)
156
- signer.sign!(:issuer_serial => true)
155
+ signer.digest!(signer.document.root, id: "", enveloped: true)
156
+ signer.sign!(issuer_serial: true)
157
157
 
158
158
  # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
159
159
  # f.write signer.document.to_s
160
160
  # end
161
161
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml')
162
162
 
163
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
163
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
164
+ end
165
+
166
+ it "should digest simple XML without transforms node" do
167
+ input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
168
+ cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
169
+ private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
170
+
171
+ signer = Signer.new(File.read(input_xml_file))
172
+ signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
173
+ signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
174
+ signer.security_node = signer.document.root
175
+ signer.security_token_id = ""
176
+ signer.ds_namespace_prefix = 'ds'
177
+
178
+ signer.digest!(signer.document.root, id: "", no_transform: true)
179
+ signer.sign!(issuer_serial: true)
180
+
181
+ expect(signer.document.at_xpath('//ds:Transforms', ds: Signer::DS_NAMESPACE)).to be_nil
164
182
  end
165
183
 
166
184
  it "should partially sign element and simple XML with custom DS namespace prefix when wss is false" do
@@ -176,12 +194,12 @@ describe Signer do
176
194
  signer.ds_namespace_prefix = 'ds'
177
195
 
178
196
  # partially sign element
179
- signer.digest!(signer.document.root.children.first, :enveloped => true)
197
+ signer.digest!(signer.document.root.children.first, enveloped: true)
180
198
 
181
- signer.digest!(signer.document.root, :id => "", :enveloped => true)
182
- signer.sign!(:issuer_serial => true)
199
+ signer.digest!(signer.document.root, id: "", enveloped: true)
200
+ signer.sign!(issuer_serial: true)
183
201
 
184
- # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
202
+ # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml'), "w") do |f|
185
203
  # f.write signer.document.to_s
186
204
  # end
187
205
  output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml')
@@ -215,7 +233,7 @@ describe Signer do
215
233
  'fixtures',
216
234
  'output_4_with_nested_signatures_with_noblanks_disabled.xml')
217
235
 
218
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(:save_with => 0)
236
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(save_with: 0)
219
237
  end
220
238
 
221
239
  it "should digest and sign SOAP XML with X509Data inside SecurityTokenReference node" do
@@ -237,7 +255,7 @@ describe Signer do
237
255
  'fixtures',
238
256
  'output_5_with_security_token.xml')
239
257
 
240
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
258
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
241
259
  end
242
260
 
243
261
  it "should digest and sign SOAP XML with X509Data" do
@@ -259,6 +277,6 @@ describe Signer do
259
277
  'fixtures',
260
278
  'output_5_with_x509_data.xml')
261
279
 
262
- signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
280
+ signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
263
281
  end
264
282
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 1.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edgars Beigarts
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-11-05 00:00:00.000000000 Z
11
+ date: 2018-11-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake