signer 1.8.0 → 1.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +4 -0
- data/lib/signer.rb +36 -33
- data/lib/signer/digester.rb +6 -0
- data/lib/signer/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 46a635dc54f2e8e61f854c8d6a6c30160acb223c34b91a34160eac718191484a
|
4
|
+
data.tar.gz: 456c0c7b78f27f7479949828b801976ca4a3771d95ca74f63de24d9799c8d2aa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 770e3222a567b40c93c0c83d78cb6e5f3e39ec4a2e124ffad994054d290e0150416a6bad19406a2570f6ac65d48833cfbf4add49f46e9ccafcfe1e65f7189d6a
|
7
|
+
data.tar.gz: 899b1b4d47252ddb9c94aa081734c75718558b89f6187f0518c659765fc17e97922cad7ae96d433b58899e45e13fbb1ea41a7710c1933cd1bcc449f3f2b3feaf
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
## 1.9.0 (2019-04-16)
|
2
|
+
|
3
|
+
- Refactor digest!() method for better extensibility, add GOST-R 34.10/11-2012 algorithms, fix digest node ID reference, cleanup (#22, @netcitylife)
|
4
|
+
|
1
5
|
## 1.8.0 (2018-11-14)
|
2
6
|
|
3
7
|
- Add parameter to customize canonicalize algorithm (#19, @pistachiology)
|
data/lib/signer.rb
CHANGED
@@ -18,7 +18,7 @@ class Signer
|
|
18
18
|
SIGNATURE_ALGORITHM = {
|
19
19
|
# SHA 1
|
20
20
|
sha1: {
|
21
|
-
id: 'http://www.w3.org/
|
21
|
+
id: 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
22
22
|
name: 'SHA1'
|
23
23
|
},
|
24
24
|
# SHA 256
|
@@ -33,9 +33,14 @@ class Signer
|
|
33
33
|
},
|
34
34
|
# GOST R 34-11 94
|
35
35
|
gostr3411: {
|
36
|
-
id: '
|
36
|
+
id: 'http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411',
|
37
37
|
name: 'GOST R 34.11-94'
|
38
|
-
}
|
38
|
+
},
|
39
|
+
# GOST R 34-11 2012 256 bit
|
40
|
+
gostr34112012_256: {
|
41
|
+
id: 'urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256',
|
42
|
+
name: 'GOST R 34.11-2012 256',
|
43
|
+
},
|
39
44
|
}.freeze
|
40
45
|
|
41
46
|
CANONICALIZE_ALGORITHM = {
|
@@ -63,7 +68,7 @@ class Signer
|
|
63
68
|
self.digest_algorithm = :sha1
|
64
69
|
self.wss = wss
|
65
70
|
self.canonicalize_algorithm = canonicalize_algorithm
|
66
|
-
|
71
|
+
self.signature_digest_algorithm = :sha1
|
67
72
|
end
|
68
73
|
|
69
74
|
def to_xml
|
@@ -118,12 +123,8 @@ class Signer
|
|
118
123
|
@cert = certificate
|
119
124
|
# Try to guess a digest algorithm for signature creation
|
120
125
|
case @cert.signature_algorithm
|
121
|
-
|
122
|
-
|
123
|
-
self.signature_algorithm_id = 'http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411'
|
124
|
-
# Add clauses for other types of keys that require other digest algorithms and identifiers
|
125
|
-
else # most common 'sha1WithRSAEncryption' type included here
|
126
|
-
self.set_default_signature_method! # Reset any changes as they can become malformed
|
126
|
+
when 'GOST R 34.11-94 with GOST R 34.10-2001'
|
127
|
+
self.signature_digest_algorithm = :gostr3411
|
127
128
|
end
|
128
129
|
end
|
129
130
|
|
@@ -286,7 +287,7 @@ class Signer
|
|
286
287
|
def digest!(target_node, options = {})
|
287
288
|
if wss?
|
288
289
|
wsu_ns = namespace_prefix(target_node, WSU_NAMESPACE)
|
289
|
-
current_id = target_node["#{wsu_ns}:Id"]
|
290
|
+
current_id = target_node["#{wsu_ns}:Id"] if wsu_ns
|
290
291
|
id = options[:id] || current_id || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
|
291
292
|
unless id.to_s.empty?
|
292
293
|
wsu_ns ||= namespace_prefix(target_node, WSU_NAMESPACE, 'wsu')
|
@@ -295,6 +296,8 @@ class Signer
|
|
295
296
|
elsif target_node['Id'].nil?
|
296
297
|
id = options[:id] || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
|
297
298
|
target_node['Id'] = id.to_s unless id.empty?
|
299
|
+
else
|
300
|
+
id = options[:id] || target_node['Id']
|
298
301
|
end
|
299
302
|
|
300
303
|
target_canon = canonicalize(target_node, options[:inclusive_namespaces])
|
@@ -311,22 +314,8 @@ class Signer
|
|
311
314
|
reference_node.add_child(transforms_node) unless options[:no_transform]
|
312
315
|
set_namespace_for_node(transforms_node, DS_NAMESPACE, ds_namespace_prefix)
|
313
316
|
|
314
|
-
|
315
|
-
|
316
|
-
if options[:enveloped]
|
317
|
-
transform_node['Algorithm'] = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'
|
318
|
-
else
|
319
|
-
transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
|
320
|
-
end
|
321
|
-
|
322
|
-
if options[:inclusive_namespaces]
|
323
|
-
inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
|
324
|
-
inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
|
325
|
-
inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
|
326
|
-
transform_node.add_child(inclusive_namespaces_node)
|
327
|
-
end
|
328
|
-
|
329
|
-
transforms_node.add_child(transform_node)
|
317
|
+
# create reference + transforms node
|
318
|
+
transform!(transforms_node, options)
|
330
319
|
|
331
320
|
digest_method_node = Nokogiri::XML::Node.new('DigestMethod', document)
|
332
321
|
digest_method_node['Algorithm'] = @digester.digest_id
|
@@ -383,17 +372,31 @@ class Signer
|
|
383
372
|
|
384
373
|
protected
|
385
374
|
|
375
|
+
# Create transform nodes
|
376
|
+
def transform!(transforms_node, options)
|
377
|
+
transform_node = Nokogiri::XML::Node.new('Transform', document)
|
378
|
+
set_namespace_for_node(transform_node, DS_NAMESPACE, ds_namespace_prefix)
|
379
|
+
if options[:enveloped]
|
380
|
+
transform_node['Algorithm'] = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'
|
381
|
+
else
|
382
|
+
transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
|
383
|
+
end
|
384
|
+
|
385
|
+
if options[:inclusive_namespaces]
|
386
|
+
inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
|
387
|
+
inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
|
388
|
+
inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
|
389
|
+
transform_node.add_child(inclusive_namespaces_node)
|
390
|
+
end
|
391
|
+
|
392
|
+
transforms_node.add_child(transform_node)
|
393
|
+
end
|
394
|
+
|
386
395
|
# Check are we using ws security?
|
387
396
|
def wss?
|
388
397
|
wss
|
389
398
|
end
|
390
399
|
|
391
|
-
# Reset digest algorithm for signature creation and signature algorithm identifier
|
392
|
-
def set_default_signature_method!
|
393
|
-
self.signature_digest_algorithm = :sha1
|
394
|
-
self.signature_algorithm_id = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
|
395
|
-
end
|
396
|
-
|
397
400
|
##
|
398
401
|
# Searches in namespaces, defined on +target_node+ or its ancestors,
|
399
402
|
# for the +namespace+ with given URI and returns its prefix.
|
data/lib/signer/digester.rb
CHANGED
@@ -28,6 +28,12 @@ class Signer
|
|
28
28
|
id: 'http://www.w3.org/2001/04/xmldsig-more#gostr3411',
|
29
29
|
digester: lambda { OpenSSL::Digest.new('md_gost94') },
|
30
30
|
},
|
31
|
+
# GOST R 34-11 2012 256 bit
|
32
|
+
gostr34112012_256: {
|
33
|
+
name: 'GOST R 34.11-2012 256',
|
34
|
+
id: 'urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256',
|
35
|
+
digester: lambda { begin OpenSSL::Digest.new('streebog256') rescue OpenSSL::Digest.new('md_gost12_256') end },
|
36
|
+
},
|
31
37
|
}.freeze
|
32
38
|
|
33
39
|
# Class that holds +OpenSSL::Digest+ instance with some meta information for digesting in XML.
|
data/lib/signer/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: signer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.9.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Edgars Beigarts
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-04-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -103,8 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
103
|
- !ruby/object:Gem::Version
|
104
104
|
version: '0'
|
105
105
|
requirements: []
|
106
|
-
|
107
|
-
rubygems_version: 2.6.14
|
106
|
+
rubygems_version: 3.0.1
|
108
107
|
signing_key:
|
109
108
|
specification_version: 4
|
110
109
|
summary: WS Security XML signer
|