signer 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 0ef82f9441fe5557e15ba389223039ea898ed86d
4
- data.tar.gz: e08734d225ce9010442d00678eff3a865ca132e6
2
+ SHA256:
3
+ metadata.gz: 46a635dc54f2e8e61f854c8d6a6c30160acb223c34b91a34160eac718191484a
4
+ data.tar.gz: 456c0c7b78f27f7479949828b801976ca4a3771d95ca74f63de24d9799c8d2aa
5
5
  SHA512:
6
- metadata.gz: bb7fad0471750095caca4ff1bef554d89b9ee2f998b58d557db3754235fa9da0e4710f3bb1dbdab0ba65a72af09fc8a08fef13f60fe1f65855854459cfa84720
7
- data.tar.gz: e1a8d6b2ca4d5afc96f01e54a771c75e3ad67871a4ac39d3a1e70462c24b46efa960ed6404f2ec5435cb19ea0f52d75643f914d59d41cf876bfa8e502a841d77
6
+ metadata.gz: 770e3222a567b40c93c0c83d78cb6e5f3e39ec4a2e124ffad994054d290e0150416a6bad19406a2570f6ac65d48833cfbf4add49f46e9ccafcfe1e65f7189d6a
7
+ data.tar.gz: 899b1b4d47252ddb9c94aa081734c75718558b89f6187f0518c659765fc17e97922cad7ae96d433b58899e45e13fbb1ea41a7710c1933cd1bcc449f3f2b3feaf
@@ -1,3 +1,7 @@
1
+ ## 1.9.0 (2019-04-16)
2
+
3
+ - Refactor digest!() method for better extensibility, add GOST-R 34.10/11-2012 algorithms, fix digest node ID reference, cleanup (#22, @netcitylife)
4
+
1
5
  ## 1.8.0 (2018-11-14)
2
6
 
3
7
  - Add parameter to customize canonicalize algorithm (#19, @pistachiology)
@@ -18,7 +18,7 @@ class Signer
18
18
  SIGNATURE_ALGORITHM = {
19
19
  # SHA 1
20
20
  sha1: {
21
- id: 'http://www.w3.org/2001/04/xmlenc#sha1',
21
+ id: 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
22
22
  name: 'SHA1'
23
23
  },
24
24
  # SHA 256
@@ -33,9 +33,14 @@ class Signer
33
33
  },
34
34
  # GOST R 34-11 94
35
35
  gostr3411: {
36
- id: 'https://www.w3.org/2001/04/xmldsig-more#rsa-gostr3411',
36
+ id: 'http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411',
37
37
  name: 'GOST R 34.11-94'
38
- }
38
+ },
39
+ # GOST R 34-11 2012 256 bit
40
+ gostr34112012_256: {
41
+ id: 'urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256',
42
+ name: 'GOST R 34.11-2012 256',
43
+ },
39
44
  }.freeze
40
45
 
41
46
  CANONICALIZE_ALGORITHM = {
@@ -63,7 +68,7 @@ class Signer
63
68
  self.digest_algorithm = :sha1
64
69
  self.wss = wss
65
70
  self.canonicalize_algorithm = canonicalize_algorithm
66
- set_default_signature_method!
71
+ self.signature_digest_algorithm = :sha1
67
72
  end
68
73
 
69
74
  def to_xml
@@ -118,12 +123,8 @@ class Signer
118
123
  @cert = certificate
119
124
  # Try to guess a digest algorithm for signature creation
120
125
  case @cert.signature_algorithm
121
- when 'GOST R 34.11-94 with GOST R 34.10-2001'
122
- self.signature_digest_algorithm = :gostr3411
123
- self.signature_algorithm_id = 'http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411'
124
- # Add clauses for other types of keys that require other digest algorithms and identifiers
125
- else # most common 'sha1WithRSAEncryption' type included here
126
- self.set_default_signature_method! # Reset any changes as they can become malformed
126
+ when 'GOST R 34.11-94 with GOST R 34.10-2001'
127
+ self.signature_digest_algorithm = :gostr3411
127
128
  end
128
129
  end
129
130
 
@@ -286,7 +287,7 @@ class Signer
286
287
  def digest!(target_node, options = {})
287
288
  if wss?
288
289
  wsu_ns = namespace_prefix(target_node, WSU_NAMESPACE)
289
- current_id = target_node["#{wsu_ns}:Id"] if wsu_ns
290
+ current_id = target_node["#{wsu_ns}:Id"] if wsu_ns
290
291
  id = options[:id] || current_id || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
291
292
  unless id.to_s.empty?
292
293
  wsu_ns ||= namespace_prefix(target_node, WSU_NAMESPACE, 'wsu')
@@ -295,6 +296,8 @@ class Signer
295
296
  elsif target_node['Id'].nil?
296
297
  id = options[:id] || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
297
298
  target_node['Id'] = id.to_s unless id.empty?
299
+ else
300
+ id = options[:id] || target_node['Id']
298
301
  end
299
302
 
300
303
  target_canon = canonicalize(target_node, options[:inclusive_namespaces])
@@ -311,22 +314,8 @@ class Signer
311
314
  reference_node.add_child(transforms_node) unless options[:no_transform]
312
315
  set_namespace_for_node(transforms_node, DS_NAMESPACE, ds_namespace_prefix)
313
316
 
314
- transform_node = Nokogiri::XML::Node.new('Transform', document)
315
- set_namespace_for_node(transform_node, DS_NAMESPACE, ds_namespace_prefix)
316
- if options[:enveloped]
317
- transform_node['Algorithm'] = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'
318
- else
319
- transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
320
- end
321
-
322
- if options[:inclusive_namespaces]
323
- inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
324
- inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
325
- inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
326
- transform_node.add_child(inclusive_namespaces_node)
327
- end
328
-
329
- transforms_node.add_child(transform_node)
317
+ # create reference + transforms node
318
+ transform!(transforms_node, options)
330
319
 
331
320
  digest_method_node = Nokogiri::XML::Node.new('DigestMethod', document)
332
321
  digest_method_node['Algorithm'] = @digester.digest_id
@@ -383,17 +372,31 @@ class Signer
383
372
 
384
373
  protected
385
374
 
375
+ # Create transform nodes
376
+ def transform!(transforms_node, options)
377
+ transform_node = Nokogiri::XML::Node.new('Transform', document)
378
+ set_namespace_for_node(transform_node, DS_NAMESPACE, ds_namespace_prefix)
379
+ if options[:enveloped]
380
+ transform_node['Algorithm'] = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'
381
+ else
382
+ transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
383
+ end
384
+
385
+ if options[:inclusive_namespaces]
386
+ inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
387
+ inclusive_namespaces_node.add_namespace_definition('ec', transform_node['Algorithm'])
388
+ inclusive_namespaces_node['PrefixList'] = options[:inclusive_namespaces].join(' ')
389
+ transform_node.add_child(inclusive_namespaces_node)
390
+ end
391
+
392
+ transforms_node.add_child(transform_node)
393
+ end
394
+
386
395
  # Check are we using ws security?
387
396
  def wss?
388
397
  wss
389
398
  end
390
399
 
391
- # Reset digest algorithm for signature creation and signature algorithm identifier
392
- def set_default_signature_method!
393
- self.signature_digest_algorithm = :sha1
394
- self.signature_algorithm_id = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
395
- end
396
-
397
400
  ##
398
401
  # Searches in namespaces, defined on +target_node+ or its ancestors,
399
402
  # for the +namespace+ with given URI and returns its prefix.
@@ -28,6 +28,12 @@ class Signer
28
28
  id: 'http://www.w3.org/2001/04/xmldsig-more#gostr3411',
29
29
  digester: lambda { OpenSSL::Digest.new('md_gost94') },
30
30
  },
31
+ # GOST R 34-11 2012 256 bit
32
+ gostr34112012_256: {
33
+ name: 'GOST R 34.11-2012 256',
34
+ id: 'urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256',
35
+ digester: lambda { begin OpenSSL::Digest.new('streebog256') rescue OpenSSL::Digest.new('md_gost12_256') end },
36
+ },
31
37
  }.freeze
32
38
 
33
39
  # Class that holds +OpenSSL::Digest+ instance with some meta information for digesting in XML.
@@ -1,3 +1,3 @@
1
1
  class Signer
2
- VERSION = '1.8.0'
2
+ VERSION = '1.9.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.8.0
4
+ version: 1.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edgars Beigarts
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-11-14 00:00:00.000000000 Z
11
+ date: 2019-04-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -103,8 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
103
103
  - !ruby/object:Gem::Version
104
104
  version: '0'
105
105
  requirements: []
106
- rubyforge_project:
107
- rubygems_version: 2.6.14
106
+ rubygems_version: 3.0.1
108
107
  signing_key:
109
108
  specification_version: 4
110
109
  summary: WS Security XML signer