signer 1.7.0 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2cba6787704ac8cffdfd99839e20be635d047f06
-  data.tar.gz: d0054e1665f0a526e709d543f1340c1e72dd97d6
+  metadata.gz: 0ef82f9441fe5557e15ba389223039ea898ed86d
+  data.tar.gz: e08734d225ce9010442d00678eff3a865ca132e6
 SHA512:
-  metadata.gz: a3436ec52e02bea60aeeb62872050fd46ed75eb8fe12ce0f87c25e3338c1a9e909a4c1c8413fdbca3a37afed8d2780fb44712ac8890f9ce347d91632209fb27f
-  data.tar.gz: c41e6225ed20232065ac98a7075eba7ff028c0d6f7ef7c0199cfed0c73f3a768dde7215731a32d86667e5a355a5d1e345ad9b19f9b2f2847adeb5e9966e45511
+  metadata.gz: bb7fad0471750095caca4ff1bef554d89b9ee2f998b58d557db3754235fa9da0e4710f3bb1dbdab0ba65a72af09fc8a08fef13f60fe1f65855854459cfa84720
+  data.tar.gz: e1a8d6b2ca4d5afc96f01e54a771c75e3ad67871a4ac39d3a1e70462c24b46efa960ed6404f2ec5435cb19ea0f52d75643f914d59d41cf876bfa8e502a841d77

data/CHANGELOG.md

@@ -1,6 +1,14 @@
+## 1.8.0 (2018-11-14)
+
+- Add parameter to customize canonicalize algorithm (#19, @pistachiology)
+- Add references node type on digest (for xades-bes signing properties) (#19, @pistachiology)
+- change issuer x509 content to be more standard way (#19, @pistachiology)
+
 ## 1.7.0 (2018-11-06)
 
 - Add wss option for XML only signing (#18, @pistachiology)
+- Add support for SHA512 Digest
+- Rename id for SHA256 Digest
 
 ## 1.6.0 (2017-09-14)
 

data/lib/signer.rb

@@ -11,21 +11,79 @@ class Signer
   attr_reader :cert
   attr_writer :security_node, :signature_node, :security_token_id
 
-  WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
-  WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
-  DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
-
-  def initialize(document, noblanks: true, wss: true)
+  WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'.freeze
+  WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'.freeze
+  DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'.freeze
+
+  SIGNATURE_ALGORITHM = {
+    # SHA 1
+    sha1: {
+      id: 'http://www.w3.org/2001/04/xmlenc#sha1',
+      name: 'SHA1'
+    },
+    # SHA 256
+    sha256: {
+      id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
+      name: 'SHA256'
+    },
+    # SHA512
+    sha512: {
+      id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
+      name: 'SHA512'
+    },
+    # GOST R 34-11 94
+    gostr3411: {
+      id: 'https://www.w3.org/2001/04/xmldsig-more#rsa-gostr3411',
+      name: 'GOST R 34.11-94'
+    }
+  }.freeze
+
+  CANONICALIZE_ALGORITHM = {
+    c14n_exec_1_0: {
+      name: 'c14n execlusive 1.0',
+      value: Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0,
+      id: 'http://www.w3.org/2001/10/xml-exc-c14n#'
+    },
+    c14n_1_0: {
+      name: 'c14n 1.0',
+      value: Nokogiri::XML::XML_C14N_1_0,
+      id: 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
+    },
+    c14n_1_1: {
+      name: 'c14n 1.1',
+      value: Nokogiri::XML::XML_C14N_1_1,
+      id: 'https://www.w3.org/TR/2008/REC-xml-c14n11-20080502/'
+    }
+  }.freeze
+
+  def initialize(document, noblanks: true, wss: true, canonicalize_algorithm: :c14n_exec_1_0)
     self.document = Nokogiri::XML(document.to_s) do |config|
       config.noblanks if noblanks
     end
     self.digest_algorithm = :sha1
     self.wss = wss
-    self.set_default_signature_method!
+    self.canonicalize_algorithm = canonicalize_algorithm
+    set_default_signature_method!
   end
 
   def to_xml
-    document.to_xml(:save_with => 0)
+    document.to_xml(save_with: 0)
+  end
+
+  def canonicalize_name
+    @canonicalize_algorithm[:name]
+  end
+
+  def canonicalize_id
+    @canonicalize_algorithm[:id]
+  end
+
+  def canonicalize_algorithm
+    @canonicalize_algorithm[:value]
+  end
+
+  def canonicalize_algorithm=(algorithm)
+    @canonicalize_algorithm = CANONICALIZE_ALGORITHM[algorithm]
   end
 
   # Return symbol name for supported digest algorithms and string name for custom ones.
@@ -50,6 +108,7 @@ class Signer
   # Allows to change digesting algorithm for signature creation. Same as +digest_algorithm=+
   def signature_digest_algorithm=(algorithm)
     @sign_digester = Signer::Digester.new(algorithm)
+    self.signature_algorithm_id = SIGNATURE_ALGORITHM[algorithm][:id]
   end
 
   # Receives certificate for signing and tries to guess a digest algorithm for signature creation.
@@ -76,8 +135,8 @@ class Signer
     @security_node ||= wss? ? document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first : ''
   end
 
-  def canonicalize(node = document, inclusive_namespaces=nil)
-    node.canonicalize(Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0, inclusive_namespaces, nil) # The last argument should be exactly +nil+ to remove comments from result
+  def canonicalize(node = document, inclusive_namespaces=nil, algorithm: canonicalize_algorithm)
+    node.canonicalize(algorithm, inclusive_namespaces, nil)
   end
 
   # <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
@@ -105,7 +164,7 @@ class Signer
       signature_node.add_child(node)
       set_namespace_for_node(node, DS_NAMESPACE, ds_namespace_prefix)
       canonicalization_method_node = Nokogiri::XML::Node.new('CanonicalizationMethod', document)
-      canonicalization_method_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
+      canonicalization_method_node['Algorithm'] = canonicalize_id
       node.add_child(canonicalization_method_node)
       set_namespace_for_node(canonicalization_method_node, DS_NAMESPACE, ds_namespace_prefix)
       signature_method_node = Nokogiri::XML::Node.new('SignatureMethod', document)
@@ -165,7 +224,7 @@ class Signer
   # </KeyInfo>
   def x509_data_node(issuer_in_security_token = false)
     issuer_name_node   = Nokogiri::XML::Node.new('X509IssuerName', document)
-    issuer_name_node.content = cert.issuer.to_s[1..-1].gsub(/\//, ',')
+    issuer_name_node.content = cert.issuer.to_s(OpenSSL::X509::Name::RFC2253)
 
     issuer_number_node = Nokogiri::XML::Node.new('X509SerialNumber', document)
     issuer_number_node.content = cert.serial
@@ -175,7 +234,7 @@ class Signer
     issuer_serial_node.add_child(issuer_number_node)
 
     cetificate_node    = Nokogiri::XML::Node.new('X509Certificate', document)
-    cetificate_node.content = Base64.encode64(cert.to_der).gsub("\n", '')
+    cetificate_node.content = Base64.encode64(cert.to_der).delete("\n")
 
     data_node          = Nokogiri::XML::Node.new('X509Data', document)
     data_node.add_child(issuer_serial_node)
@@ -210,6 +269,7 @@ class Signer
   # * [+:id+]                   Id for the node, if you don't want to use automatically calculated one
   # * [+:inclusive_namespaces+] Array of namespace prefixes which definitions should be added to node during canonicalization
   # * [+:enveloped+]
+  # * [+:ref_type+]             add `Type` attribute to Reference node, if ref_type is not nil
   #
   # Example of XML that will be inserted in message for call like <tt>digest!(node, inclusive_namespaces: ['soap'])</tt>:
   #
@@ -242,11 +302,13 @@ class Signer
 
     reference_node = Nokogiri::XML::Node.new('Reference', document)
     reference_node['URI'] = id.to_s.size > 0 ? "##{id}" : ""
+    reference_node['Type'] = options[:ref_type] if options[:ref_type]
+
     signed_info_node.add_child(reference_node)
     set_namespace_for_node(reference_node, DS_NAMESPACE, ds_namespace_prefix)
 
     transforms_node = Nokogiri::XML::Node.new('Transforms', document)
-    reference_node.add_child(transforms_node)
+    reference_node.add_child(transforms_node) unless options[:no_transform]
     set_namespace_for_node(transforms_node, DS_NAMESPACE, ds_namespace_prefix)
 
     transform_node = Nokogiri::XML::Node.new('Transform', document)
@@ -256,16 +318,19 @@ class Signer
     else
       transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
     end
+
     if options[:inclusive_namespaces]
       inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
       inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
       inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
       transform_node.add_child(inclusive_namespaces_node)
     end
+
     transforms_node.add_child(transform_node)
 
     digest_method_node = Nokogiri::XML::Node.new('DigestMethod', document)
     digest_method_node['Algorithm'] = @digester.digest_id
+
     reference_node.add_child(digest_method_node)
     set_namespace_for_node(digest_method_node, DS_NAMESPACE, ds_namespace_prefix)
 
@@ -307,7 +372,7 @@ class Signer
     signed_info_canon = canonicalize(signed_info_node, options[:inclusive_namespaces])
 
     signature = private_key.sign(@sign_digester.digester, signed_info_canon)
-    signature_value_digest = Base64.encode64(signature).gsub("\n", '')
+    signature_value_digest = Base64.encode64(signature).delete("\n")
 
     signature_value_node = Nokogiri::XML::Node.new('SignatureValue', document)
     signature_value_node.content = signature_value_digest

data/lib/signer/digester.rb

@@ -28,7 +28,7 @@ class Signer
       id: 'http://www.w3.org/2001/04/xmldsig-more#gostr3411',
       digester: lambda { OpenSSL::Digest.new('md_gost94') },
     },
-  }
+  }.freeze
 
   # Class that holds +OpenSSL::Digest+ instance with some meta information for digesting in XML.
   class Digester
@@ -69,7 +69,5 @@ class Signer
     def digest_id
       @digest_info[:id]
     end
-
   end
-
 end

data/lib/signer/version.rb

@@ -1,3 +1,3 @@
 class Signer
-  VERSION = '1.7.0'
+  VERSION = '1.8.0'
 end

data/spec/fixtures/output_2.xml

@@ -21,7 +21,7 @@
     <KeyInfo>
       <X509Data>
         <X509IssuerSerial>
-          <X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</X509IssuerName>
+          <X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</X509IssuerName>
           <X509SerialNumber>16503368396260674861</X509SerialNumber>
         </X509IssuerSerial>
         <X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</X509Certificate>

data/spec/fixtures/output_2_with_ds_prefix.xml

@@ -21,7 +21,7 @@
     <ds:KeyInfo>
       <ds:X509Data>
         <ds:X509IssuerSerial>
-          <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
+          <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
           <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
         </ds:X509IssuerSerial>
         <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>

data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml

@@ -1,37 +1,38 @@
+<?xml version="1.0"?>
 <ApplicationRequest xmlns="http://bxd.fi/xmldata/">
-	<CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
-	<Command>GetUserInfo</Command>
-	<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
-	<Environment>PRODUCTION</Environment>
-	<SoftwareId>Petri</SoftwareId>
-	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-		<ds:SignedInfo>
-			<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-			<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-			<ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
-				<ds:Transforms>
-					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-				</ds:Transforms>
-				<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-				<ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
-			</ds:Reference>
-			<ds:Reference URI="">
-				<ds:Transforms>
-					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-				</ds:Transforms>
-				<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-				<ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
-			</ds:Reference>
-		</ds:SignedInfo>
-		<ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
-		<ds:KeyInfo>
-			<ds:X509Data>
-				<ds:X509IssuerSerial>
-					<ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
-					<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
-				</ds:X509IssuerSerial>
-				<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
-			</ds:X509Data>
-		</ds:KeyInfo>
-	</ds:Signature>
+  <CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
+  <Command>GetUserInfo</Command>
+  <Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
+  <Environment>PRODUCTION</Environment>
+  <SoftwareId>Petri</SoftwareId>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+      <ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
+      </ds:Reference>
+      <ds:Reference URI="">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509IssuerSerial>
+          <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
+          <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
+        </ds:X509IssuerSerial>
+        <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
 </ApplicationRequest>

data/spec/fixtures/output_5_with_security_token.xml

@@ -21,7 +21,7 @@
           <wsse:SecurityTokenReference>
             <ds:X509Data>
               <ds:X509IssuerSerial>
-                <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
+                <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
                 <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
               </ds:X509IssuerSerial>
               <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>

data/spec/fixtures/output_5_with_x509_data.xml

@@ -20,7 +20,7 @@
         <ds:KeyInfo>
           <ds:X509Data>
             <ds:X509IssuerSerial>
-              <ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
+              <ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
               <ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
             </ds:X509IssuerSerial>
             <ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>

data/spec/signer_spec.rb

@@ -27,7 +27,7 @@ describe Signer do
     # end
     output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1.xml')
 
-    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
   end
 
   it "should correctly canonicalize digested nodes (shouldn't account comments)" do
@@ -44,7 +44,7 @@ describe Signer do
 
     output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_3_c14n_comments.xml')
 
-    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
   end
 
   it "should digest and sign SOAP XML with SHA256" do
@@ -65,7 +65,7 @@ describe Signer do
 
     output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_sha256.xml')
 
-    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
   end
 
   it "should digest and sign SOAP XML with inclusive namespaces" do
@@ -85,7 +85,7 @@ describe Signer do
 
     output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_1_inclusive_namespaces.xml')
 
-    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
   end
 
   it "should sign simple XML" do
@@ -98,7 +98,7 @@ describe Signer do
     signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
     signer.security_node = signer.document.root
     signer.security_token_id = ""
-    signer.digest!(signer.document.root, :id => "", :enveloped => true)
+    signer.digest!(signer.document.root, id: "", enveloped: true)
     signer.sign!(:issuer_serial => true)
 
     # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml'), "w") do |f|
@@ -106,7 +106,7 @@ describe Signer do
     # end
     output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml')
 
-    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
   end
 
 
@@ -137,7 +137,7 @@ describe Signer do
     # end
     output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_4_with_nested_signatures.xml')
 
-    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
   end
 
   it "should sign simple XML with custom DS namespace prefix" do
@@ -152,15 +152,33 @@ describe Signer do
     signer.security_token_id = ""
     signer.ds_namespace_prefix = 'ds'
 
-    signer.digest!(signer.document.root, :id => "", :enveloped => true)
-    signer.sign!(:issuer_serial => true)
+    signer.digest!(signer.document.root, id: "", enveloped: true)
+    signer.sign!(issuer_serial: true)
 
     # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
     #   f.write signer.document.to_s
     # end
     output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml')
 
-    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
+  end
+
+  it "should digest simple XML without transforms node" do
+    input_xml_file   = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
+    cert_file        = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
+    private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
+
+    signer = Signer.new(File.read(input_xml_file))
+    signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
+    signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
+    signer.security_node = signer.document.root
+    signer.security_token_id = ""
+    signer.ds_namespace_prefix = 'ds'
+
+    signer.digest!(signer.document.root, id: "", no_transform: true)
+    signer.sign!(issuer_serial: true)
+
+    expect(signer.document.at_xpath('//ds:Transforms', ds: Signer::DS_NAMESPACE)).to be_nil
   end
 
   it "should partially sign element and simple XML with custom DS namespace prefix when wss is false" do
@@ -176,12 +194,12 @@ describe Signer do
     signer.ds_namespace_prefix = 'ds'
 
     # partially sign element
-    signer.digest!(signer.document.root.children.first, :enveloped => true)
+    signer.digest!(signer.document.root.children.first, enveloped: true)
 
-    signer.digest!(signer.document.root, :id => "", :enveloped => true)
-    signer.sign!(:issuer_serial => true)
+    signer.digest!(signer.document.root, id: "", enveloped: true)
+    signer.sign!(issuer_serial: true)
 
-    # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
+    # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml'), "w") do |f|
     #   f.write signer.document.to_s
     # end
     output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml')
@@ -215,7 +233,7 @@ describe Signer do
                                 'fixtures',
                                 'output_4_with_nested_signatures_with_noblanks_disabled.xml')
 
-    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(:save_with => 0)
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file)).to_xml(save_with: 0)
   end
 
   it "should digest and sign SOAP XML with X509Data inside SecurityTokenReference node" do
@@ -237,7 +255,7 @@ describe Signer do
                                 'fixtures',
                                 'output_5_with_security_token.xml')
 
-    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
   end
 
   it "should digest and sign SOAP XML with X509Data" do
@@ -259,6 +277,6 @@ describe Signer do
                                 'fixtures',
                                 'output_5_with_x509_data.xml')
 
-    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: signer
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.8.0
 platform: ruby
 authors:
 - Edgars Beigarts
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-05 00:00:00.000000000 Z
+date: 2018-11-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake