signer 1.9.0 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/signer/version.rb +1 -1
- data/lib/signer.rb +20 -7
- data/spec/fixtures/output_2.xml +2 -1
- data/spec/fixtures/output_2_legacy.xml +31 -0
- data/spec/fixtures/output_2_with_ds_prefix.xml +29 -28
- data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml +37 -35
- data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled_legacy.xml +38 -0
- data/spec/fixtures/output_2_with_ds_prefix_legacy.xml +31 -0
- data/spec/signer_spec.rb +82 -64
- metadata +35 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7401c27eba7c1c1e0982f73d50841f4597ecc9f03dbcc8ee459812aa20bbb7ae
|
4
|
+
data.tar.gz: 614b4e14d376489299b3476b26838e71131604df13b5200ebf9fd8e4b712bdb1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 77e5d5dcdde818d0713b7d9bb859c8c7ed0c0f0aa90969b4d48c385463d0bf07aead94e1cd8844c7cc943023ceb0c2682ccf5fb31bfa9be92e69349011ba582c
|
7
|
+
data.tar.gz: 308cb0b72d15012366e26bfed84aef33b39126d6b5e1af466a919ae32bc58fec24cbc8651abee5cf61e3aabc096493d71a6ad5d68523916fc63c87d87b403644
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
## 1.10.0 (2021-10-22)
|
2
|
+
|
3
|
+
- Ensure compatibility with Nokogiri 1.12.4+ (#31, @flavorjones)
|
4
|
+
- fix #26: add xml-exc-c14n Transform when :enveloped option is true. (#27, @kunxi)
|
5
|
+
|
1
6
|
## 1.9.0 (2019-04-16)
|
2
7
|
|
3
8
|
- Refactor digest!() method for better extensibility, add GOST-R 34.10/11-2012 algorithms, fix digest node ID reference, cleanup (#22, @netcitylife)
|
data/lib/signer/version.rb
CHANGED
data/lib/signer.rb
CHANGED
@@ -65,6 +65,7 @@ class Signer
|
|
65
65
|
self.document = Nokogiri::XML(document.to_s) do |config|
|
66
66
|
config.noblanks if noblanks
|
67
67
|
end
|
68
|
+
self.document.namespace_inheritance = true if self.document.respond_to?(:namespace_inheritance)
|
68
69
|
self.digest_algorithm = :sha1
|
69
70
|
self.wss = wss
|
70
71
|
self.canonicalize_algorithm = canonicalize_algorithm
|
@@ -270,6 +271,7 @@ class Signer
|
|
270
271
|
# * [+:id+] Id for the node, if you don't want to use automatically calculated one
|
271
272
|
# * [+:inclusive_namespaces+] Array of namespace prefixes which definitions should be added to node during canonicalization
|
272
273
|
# * [+:enveloped+]
|
274
|
+
# * [+:enveloped_legacy+] add solely `enveloped-signature` in `Transforms` with :enveloped:.
|
273
275
|
# * [+:ref_type+] add `Type` attribute to Reference node, if ref_type is not nil
|
274
276
|
#
|
275
277
|
# Example of XML that will be inserted in message for call like <tt>digest!(node, inclusive_namespaces: ['soap'])</tt>:
|
@@ -373,14 +375,10 @@ class Signer
|
|
373
375
|
protected
|
374
376
|
|
375
377
|
# Create transform nodes
|
376
|
-
def
|
378
|
+
def transform_node(algorithm, options)
|
377
379
|
transform_node = Nokogiri::XML::Node.new('Transform', document)
|
378
380
|
set_namespace_for_node(transform_node, DS_NAMESPACE, ds_namespace_prefix)
|
379
|
-
|
380
|
-
transform_node['Algorithm'] = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'
|
381
|
-
else
|
382
|
-
transform_node['Algorithm'] = 'http://www.w3.org/2001/10/xml-exc-c14n#'
|
383
|
-
end
|
381
|
+
transform_node['Algorithm'] = algorithm
|
384
382
|
|
385
383
|
if options[:inclusive_namespaces]
|
386
384
|
inclusive_namespaces_node = Nokogiri::XML::Node.new('ec:InclusiveNamespaces', document)
|
@@ -389,7 +387,22 @@ class Signer
|
|
389
387
|
transform_node.add_child(inclusive_namespaces_node)
|
390
388
|
end
|
391
389
|
|
392
|
-
|
390
|
+
transform_node
|
391
|
+
end
|
392
|
+
|
393
|
+
def transform!(transforms_node, options)
|
394
|
+
# With PR-26, a new flag :enveloped_legacy is introduced for backward compatibility, the logics are:
|
395
|
+
# - :enveloped is false, include xml-exc-c14n
|
396
|
+
# - :enveloped is true, include xml-exc-c14n and enveloped-signature
|
397
|
+
# - :enveloped is true and :enveloped_legacy is true, include enveloped-signature.
|
398
|
+
|
399
|
+
if options[:enveloped] && options[:enveloped_legacy]
|
400
|
+
transforms_node.add_child(transform_node('http://www.w3.org/2000/09/xmldsig#enveloped-signature', options))
|
401
|
+
return
|
402
|
+
end
|
403
|
+
|
404
|
+
transforms_node.add_child(transform_node('http://www.w3.org/2001/10/xml-exc-c14n#', options))
|
405
|
+
transforms_node.add_child(transform_node('http://www.w3.org/2000/09/xmldsig#enveloped-signature', options)) if options[:enveloped]
|
393
406
|
end
|
394
407
|
|
395
408
|
# Check are we using ws security?
|
data/spec/fixtures/output_2.xml
CHANGED
@@ -11,13 +11,14 @@
|
|
11
11
|
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
12
12
|
<Reference URI="">
|
13
13
|
<Transforms>
|
14
|
+
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
14
15
|
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
15
16
|
</Transforms>
|
16
17
|
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
17
18
|
<DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</DigestValue>
|
18
19
|
</Reference>
|
19
20
|
</SignedInfo>
|
20
|
-
<SignatureValue>
|
21
|
+
<SignatureValue>pjz9q0RI02SGuFs3ok+qQjKKyibAG+dScZBIxmWebD4JmfjIMOCTvk7RR1S5ZqJqkDp2kMV4DOBg+AqJAEu9ZO6gBBceCfYHYgmdvKWz3Ex42fyRYjfZlnR/7Vxk94VJ806J/H+7n2TBJlSndkMGJ2X8agKq1Zto0ip/k2qDfm4=</SignatureValue>
|
21
22
|
<KeyInfo>
|
22
23
|
<X509Data>
|
23
24
|
<X509IssuerSerial>
|
@@ -0,0 +1,31 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
3
|
+
<CustomerId>679155330</CustomerId>
|
4
|
+
<Command>GetUserInfo</Command>
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
6
|
+
<Environment>PRODUCTION</Environment>
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
8
|
+
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
9
|
+
<SignedInfo>
|
10
|
+
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
11
|
+
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
12
|
+
<Reference URI="">
|
13
|
+
<Transforms>
|
14
|
+
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
15
|
+
</Transforms>
|
16
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
17
|
+
<DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</DigestValue>
|
18
|
+
</Reference>
|
19
|
+
</SignedInfo>
|
20
|
+
<SignatureValue>HpRIiW6/yGyAI0AwVaaGp3PltD3JOCFfxZLVt+kQD05u1tz9EA91/5CbvCNfn1ljoObMSGe3+W9gXFZewCXANu5VXMnt+FeZ42QYNuYj2oUCFaWlg3NcThWnehE1W/R+QPLJVgk4RxpSntNLK0WWtFy79JbAh0NO4CcD84/HEo8=</SignatureValue>
|
21
|
+
<KeyInfo>
|
22
|
+
<X509Data>
|
23
|
+
<X509IssuerSerial>
|
24
|
+
<X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</X509IssuerName>
|
25
|
+
<X509SerialNumber>16503368396260674861</X509SerialNumber>
|
26
|
+
</X509IssuerSerial>
|
27
|
+
<X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</X509Certificate>
|
28
|
+
</X509Data>
|
29
|
+
</KeyInfo>
|
30
|
+
</Signature>
|
31
|
+
</ApplicationRequest>
|
@@ -1,31 +1,32 @@
|
|
1
1
|
<?xml version="1.0"?>
|
2
2
|
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
3
|
+
<CustomerId>679155330</CustomerId>
|
4
|
+
<Command>GetUserInfo</Command>
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
6
|
+
<Environment>PRODUCTION</Environment>
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
9
|
+
<ds:SignedInfo>
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
12
|
+
<ds:Reference URI="">
|
13
|
+
<ds:Transforms>
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
15
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
16
|
+
</ds:Transforms>
|
17
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
18
|
+
<ds:DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</ds:DigestValue>
|
19
|
+
</ds:Reference>
|
20
|
+
</ds:SignedInfo>
|
21
|
+
<ds:SignatureValue>oh0PAqWsOY+QROz2ks9rJ6wqD8756qC+Gg2uj9lfR75khHS9LBY0jidThh18iynkflluqD1/gA98Hze8raYjmXdw09X7z+kYkxRB/QBY6YkqsWdxSDMhuW63XynrI372bv5p4fC0YjS1lix195qFbk2i0h5LcTByimquzkwEMUk=</ds:SignatureValue>
|
22
|
+
<ds:KeyInfo>
|
23
|
+
<ds:X509Data>
|
24
|
+
<ds:X509IssuerSerial>
|
25
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
26
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
27
|
+
</ds:X509IssuerSerial>
|
28
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
29
|
+
</ds:X509Data>
|
30
|
+
</ds:KeyInfo>
|
31
|
+
</ds:Signature>
|
31
32
|
</ApplicationRequest>
|
@@ -1,38 +1,40 @@
|
|
1
1
|
<?xml version="1.0"?>
|
2
2
|
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
<ds:
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
3
|
+
<CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
|
4
|
+
<Command>GetUserInfo</Command>
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
6
|
+
<Environment>PRODUCTION</Environment>
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
9
|
+
<ds:SignedInfo>
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
12
|
+
<ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
|
13
|
+
<ds:Transforms>
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
15
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
16
|
+
</ds:Transforms>
|
17
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
18
|
+
<ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
|
19
|
+
</ds:Reference>
|
20
|
+
<ds:Reference URI="">
|
21
|
+
<ds:Transforms>
|
22
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
23
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
24
|
+
</ds:Transforms>
|
25
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
26
|
+
<ds:DigestValue>gZjyHqoTlsz5D1JQJEFNvSmtwjk=</ds:DigestValue>
|
27
|
+
</ds:Reference>
|
28
|
+
</ds:SignedInfo>
|
29
|
+
<ds:SignatureValue>Vhsr3WaCPA0dDB6THouzG9/EA0xfhzHzfbyCn1PY8+Y9MMsLpiW0KHOWtAiWLULDN2mFvTFDr90kCZR6YzgdaztbQewiZHeeu7M0WEC5f8VCgfO0N8J7mzOCWHBELHtDzoN+9phTbqDqbX06TH0mszIpZhnsGa4d+Ko3Y+AA3cs=</ds:SignatureValue>
|
30
|
+
<ds:KeyInfo>
|
31
|
+
<ds:X509Data>
|
32
|
+
<ds:X509IssuerSerial>
|
33
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
34
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
35
|
+
</ds:X509IssuerSerial>
|
36
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
37
|
+
</ds:X509Data>
|
38
|
+
</ds:KeyInfo>
|
39
|
+
</ds:Signature>
|
38
40
|
</ApplicationRequest>
|
@@ -0,0 +1,38 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
3
|
+
<CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
|
4
|
+
<Command>GetUserInfo</Command>
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
6
|
+
<Environment>PRODUCTION</Environment>
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
9
|
+
<ds:SignedInfo>
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
12
|
+
<ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
|
13
|
+
<ds:Transforms>
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
15
|
+
</ds:Transforms>
|
16
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
17
|
+
<ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
|
18
|
+
</ds:Reference>
|
19
|
+
<ds:Reference URI="">
|
20
|
+
<ds:Transforms>
|
21
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
22
|
+
</ds:Transforms>
|
23
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
24
|
+
<ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
|
25
|
+
</ds:Reference>
|
26
|
+
</ds:SignedInfo>
|
27
|
+
<ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
|
28
|
+
<ds:KeyInfo>
|
29
|
+
<ds:X509Data>
|
30
|
+
<ds:X509IssuerSerial>
|
31
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
32
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
33
|
+
</ds:X509IssuerSerial>
|
34
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
35
|
+
</ds:X509Data>
|
36
|
+
</ds:KeyInfo>
|
37
|
+
</ds:Signature>
|
38
|
+
</ApplicationRequest>
|
@@ -0,0 +1,31 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
3
|
+
<CustomerId>679155330</CustomerId>
|
4
|
+
<Command>GetUserInfo</Command>
|
5
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
6
|
+
<Environment>PRODUCTION</Environment>
|
7
|
+
<SoftwareId>Petri</SoftwareId>
|
8
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
9
|
+
<ds:SignedInfo>
|
10
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
11
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
12
|
+
<ds:Reference URI="">
|
13
|
+
<ds:Transforms>
|
14
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
15
|
+
</ds:Transforms>
|
16
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
17
|
+
<ds:DigestValue>U9tsT4lrRMp8ZdKMnblgeMCGfvI=</ds:DigestValue>
|
18
|
+
</ds:Reference>
|
19
|
+
</ds:SignedInfo>
|
20
|
+
<ds:SignatureValue>rOCe8McbIFa4Ul3pnzd/dBjFWoT4JtSghJgzZGLrz17K/j0W1JyaopcZeMD+8M5/GplAlQrJg3ZSkQvY9Sf7WpqZeLYHW17J0ZJpwas+/OOXUEdyUiec7q9OgWsFLH9DBNuJdLKE3CO6w/8tTKQ/kidYnPBXT6FKioNlSJVZsuI=</ds:SignatureValue>
|
21
|
+
<ds:KeyInfo>
|
22
|
+
<ds:X509Data>
|
23
|
+
<ds:X509IssuerSerial>
|
24
|
+
<ds:X509IssuerName>O=Internet Widgits Pty Ltd,ST=Some-State,C=AU</ds:X509IssuerName>
|
25
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
26
|
+
</ds:X509IssuerSerial>
|
27
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
28
|
+
</ds:X509Data>
|
29
|
+
</ds:KeyInfo>
|
30
|
+
</ds:Signature>
|
31
|
+
</ApplicationRequest>
|
data/spec/signer_spec.rb
CHANGED
@@ -88,25 +88,31 @@ describe Signer do
|
|
88
88
|
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
89
89
|
end
|
90
90
|
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
91
|
+
[
|
92
|
+
[{ enveloped: true, enveloped_legacy: true }, 'output_2_legacy.xml'],
|
93
|
+
[{ enveloped: true, enveloped_legacy: false }, 'output_2.xml'],
|
94
|
+
[{ enveloped: true }, 'output_2.xml']
|
95
|
+
].each do |options, output_xml|
|
96
|
+
it "should sign simple XML with options=#{options}" do
|
97
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
98
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
99
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
100
|
+
|
101
|
+
signer = Signer.new(File.read(input_xml_file))
|
102
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
103
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
104
|
+
signer.security_node = signer.document.root
|
105
|
+
signer.security_token_id = ""
|
106
|
+
signer.digest!(signer.document.root, id: "", **options)
|
107
|
+
signer.sign!(:issuer_serial => true)
|
108
|
+
|
109
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2.xml'), "w") do |f|
|
110
|
+
# f.write signer.document.to_s
|
111
|
+
# end
|
112
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', output_xml)
|
113
|
+
|
114
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
115
|
+
end
|
110
116
|
end
|
111
117
|
|
112
118
|
|
@@ -140,27 +146,33 @@ describe Signer do
|
|
140
146
|
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
141
147
|
end
|
142
148
|
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
149
|
+
[
|
150
|
+
[{ enveloped: true, enveloped_legacy: true }, 'output_2_with_ds_prefix_legacy.xml'],
|
151
|
+
[{ enveloped: true, enveloped_legacy: false }, 'output_2_with_ds_prefix.xml'],
|
152
|
+
[{ enveloped: true }, 'output_2_with_ds_prefix.xml']
|
153
|
+
].each do |options, output_xml|
|
154
|
+
it "should sign simple XML with custom DS namespace prefix with options=#{options}" do
|
155
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
156
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
157
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
158
|
+
|
159
|
+
signer = Signer.new(File.read(input_xml_file))
|
160
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
161
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
162
|
+
signer.security_node = signer.document.root
|
163
|
+
signer.security_token_id = ""
|
164
|
+
signer.ds_namespace_prefix = 'ds'
|
165
|
+
|
166
|
+
signer.digest!(signer.document.root, id: "", **options)
|
167
|
+
signer.sign!(issuer_serial: true)
|
168
|
+
|
169
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
|
170
|
+
# f.write signer.document.to_s
|
171
|
+
# end
|
172
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', output_xml)
|
173
|
+
|
174
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(save_with: 0)
|
175
|
+
end
|
164
176
|
end
|
165
177
|
|
166
178
|
it "should digest simple XML without transforms node" do
|
@@ -181,30 +193,36 @@ describe Signer do
|
|
181
193
|
expect(signer.document.at_xpath('//ds:Transforms', ds: Signer::DS_NAMESPACE)).to be_nil
|
182
194
|
end
|
183
195
|
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
196
|
+
[
|
197
|
+
[{ enveloped: true, enveloped_legacy: true }, 'output_2_with_ds_prefix_and_wss_disabled_legacy.xml'],
|
198
|
+
[{ enveloped: true, enveloped_legacy: false }, 'output_2_with_ds_prefix_and_wss_disabled.xml'],
|
199
|
+
[{ enveloped: true }, 'output_2_with_ds_prefix_and_wss_disabled.xml']
|
200
|
+
].each do |options, output_xml|
|
201
|
+
it "should partially sign element and simple XML with custom DS namespace prefix when wss is false with options=#{options}" do
|
202
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
203
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
204
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
205
|
+
|
206
|
+
signer = Signer.new(File.read(input_xml_file), wss: false)
|
207
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
208
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
209
|
+
signer.security_node = signer.document.root
|
210
|
+
signer.security_token_id = ""
|
211
|
+
signer.ds_namespace_prefix = 'ds'
|
212
|
+
|
213
|
+
# partially sign element
|
214
|
+
signer.digest!(signer.document.root.children.first, **options)
|
215
|
+
|
216
|
+
signer.digest!(signer.document.root, id: "", **options)
|
217
|
+
signer.sign!(issuer_serial: true)
|
218
|
+
|
219
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml'), "w") do |f|
|
220
|
+
# f.write signer.document.to_s
|
221
|
+
# end
|
222
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', output_xml)
|
223
|
+
|
224
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
|
225
|
+
end
|
208
226
|
end
|
209
227
|
|
210
228
|
it "should digest and sign SOAP XML with security node and digested binary token with noblanks disabled" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: signer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.10.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Edgars Beigarts
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-10-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -45,6 +45,18 @@ dependencies:
|
|
45
45
|
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: 1.5.1
|
48
|
+
- - "!="
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: 1.12.0
|
51
|
+
- - "!="
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: 1.12.1
|
54
|
+
- - "!="
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: 1.12.2
|
57
|
+
- - "!="
|
58
|
+
- !ruby/object:Gem::Version
|
59
|
+
version: 1.12.3
|
48
60
|
type: :runtime
|
49
61
|
prerelease: false
|
50
62
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -52,6 +64,18 @@ dependencies:
|
|
52
64
|
- - ">="
|
53
65
|
- !ruby/object:Gem::Version
|
54
66
|
version: 1.5.1
|
67
|
+
- - "!="
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: 1.12.0
|
70
|
+
- - "!="
|
71
|
+
- !ruby/object:Gem::Version
|
72
|
+
version: 1.12.1
|
73
|
+
- - "!="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: 1.12.2
|
76
|
+
- - "!="
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
version: 1.12.3
|
55
79
|
description: WS Security XML signer
|
56
80
|
email:
|
57
81
|
- edgars.beigarts@gmail.com
|
@@ -76,8 +100,11 @@ files:
|
|
76
100
|
- spec/fixtures/output_1_inclusive_namespaces.xml
|
77
101
|
- spec/fixtures/output_1_sha256.xml
|
78
102
|
- spec/fixtures/output_2.xml
|
103
|
+
- spec/fixtures/output_2_legacy.xml
|
79
104
|
- spec/fixtures/output_2_with_ds_prefix.xml
|
80
105
|
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
|
106
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled_legacy.xml
|
107
|
+
- spec/fixtures/output_2_with_ds_prefix_legacy.xml
|
81
108
|
- spec/fixtures/output_3_c14n_comments.xml
|
82
109
|
- spec/fixtures/output_4_with_nested_signatures.xml
|
83
110
|
- spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
|
@@ -88,7 +115,7 @@ files:
|
|
88
115
|
homepage: ''
|
89
116
|
licenses: []
|
90
117
|
metadata: {}
|
91
|
-
post_install_message:
|
118
|
+
post_install_message:
|
92
119
|
rdoc_options: []
|
93
120
|
require_paths:
|
94
121
|
- lib
|
@@ -104,12 +131,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
104
131
|
version: '0'
|
105
132
|
requirements: []
|
106
133
|
rubygems_version: 3.0.1
|
107
|
-
signing_key:
|
134
|
+
signing_key:
|
108
135
|
specification_version: 4
|
109
136
|
summary: WS Security XML signer
|
110
137
|
test_files:
|
111
138
|
- spec/spec_helper.rb
|
112
139
|
- spec/fixtures/output_5_with_x509_data.xml
|
140
|
+
- spec/fixtures/output_2_with_ds_prefix_legacy.xml
|
113
141
|
- spec/fixtures/key.pem
|
114
142
|
- spec/fixtures/input_5.xml
|
115
143
|
- spec/fixtures/input_4_with_nested_signatures.xml
|
@@ -117,11 +145,13 @@ test_files:
|
|
117
145
|
- spec/fixtures/input_1.xml
|
118
146
|
- spec/fixtures/input_2.xml
|
119
147
|
- spec/fixtures/output_4_with_nested_signatures.xml
|
148
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled_legacy.xml
|
120
149
|
- spec/fixtures/output_1.xml
|
121
150
|
- spec/fixtures/output_2.xml
|
122
151
|
- spec/fixtures/output_1_sha256.xml
|
123
152
|
- spec/fixtures/input_3_c14n_comments.xml
|
124
153
|
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
|
154
|
+
- spec/fixtures/output_2_legacy.xml
|
125
155
|
- spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
|
126
156
|
- spec/fixtures/output_3_c14n_comments.xml
|
127
157
|
- spec/fixtures/output_2_with_ds_prefix.xml
|