signer 1.4.1 → 1.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/signer.rb +11 -9
- data/lib/signer/version.rb +1 -1
- data/spec/fixtures/input_4_with_nested_signatures.xml +25 -0
- data/spec/fixtures/output_4_with_nested_signatures.xml +59 -0
- data/spec/signer_spec.rb +31 -0
- metadata +7 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c53fd8a35adaec2dbeada21a1b01983f4e062187
|
|
4
|
+
data.tar.gz: e40d84c4287da97c39c4b9db6d49cf2c441b4141
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c470aa82a47a84973991688e3d97b70e9a0195662ac9ae08135380849077b312860b6a2e2f8b29d04323e4e4adf26dc32817282e82b47fe41360c50c3a14aef2
|
|
7
|
+
data.tar.gz: 2d72aae604c64ca037d6ca777d13d6db1ca84ba27c0d0b3feadf46c1b1448b107cbf7f681f2e3ccbdb374b344c176ddf2abcbebe95554fcf188bc81d67a5c881
|
data/CHANGELOG.md
CHANGED
data/lib/signer.rb
CHANGED
|
@@ -9,7 +9,7 @@ require "signer/version"
|
|
|
9
9
|
class Signer
|
|
10
10
|
attr_accessor :document, :private_key, :signature_algorithm_id
|
|
11
11
|
attr_reader :cert
|
|
12
|
-
attr_writer :security_node, :security_token_id
|
|
12
|
+
attr_writer :security_node, :signature_node, :security_token_id
|
|
13
13
|
|
|
14
14
|
WSU_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
|
|
15
15
|
WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
|
|
@@ -78,13 +78,15 @@ class Signer
|
|
|
78
78
|
|
|
79
79
|
# <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
|
80
80
|
def signature_node
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
81
|
+
@signature_node ||= begin
|
|
82
|
+
@signature_node = security_node.at_xpath('ds:Signature', ds: 'http://www.w3.org/2000/09/xmldsig#')
|
|
83
|
+
unless @signature_node
|
|
84
|
+
@signature_node = Nokogiri::XML::Node.new('Signature', document)
|
|
85
|
+
@signature_node.default_namespace = 'http://www.w3.org/2000/09/xmldsig#'
|
|
86
|
+
security_node.add_child(@signature_node)
|
|
87
|
+
end
|
|
88
|
+
@signature_node
|
|
86
89
|
end
|
|
87
|
-
node
|
|
88
90
|
end
|
|
89
91
|
|
|
90
92
|
# <SignedInfo>
|
|
@@ -93,7 +95,7 @@ class Signer
|
|
|
93
95
|
# ...
|
|
94
96
|
# </SignedInfo>
|
|
95
97
|
def signed_info_node
|
|
96
|
-
node = signature_node.
|
|
98
|
+
node = signature_node.at_xpath('ds:SignedInfo', ds: 'http://www.w3.org/2000/09/xmldsig#')
|
|
97
99
|
unless node
|
|
98
100
|
node = Nokogiri::XML::Node.new('SignedInfo', document)
|
|
99
101
|
signature_node.add_child(node)
|
|
@@ -119,7 +121,7 @@ class Signer
|
|
|
119
121
|
# </o:SecurityTokenReference>
|
|
120
122
|
# </KeyInfo>
|
|
121
123
|
def binary_security_token_node
|
|
122
|
-
node = document.
|
|
124
|
+
node = document.at_xpath('wsse:BinarySecurityToken', wsse: WSSE_NAMESPACE)
|
|
123
125
|
unless node
|
|
124
126
|
node = Nokogiri::XML::Node.new('BinarySecurityToken', document)
|
|
125
127
|
node['ValueType'] = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'
|
data/lib/signer/version.rb
CHANGED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
3
|
+
<s:Header>
|
|
4
|
+
<a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action>
|
|
5
|
+
<a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID>
|
|
6
|
+
<a:ReplyTo>
|
|
7
|
+
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
|
|
8
|
+
</a:ReplyTo>
|
|
9
|
+
<To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To>
|
|
10
|
+
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
|
|
11
|
+
<wsurandom:Timestamp>
|
|
12
|
+
<wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created>
|
|
13
|
+
<wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires>
|
|
14
|
+
</wsurandom:Timestamp>
|
|
15
|
+
</wsse:Security>
|
|
16
|
+
</s:Header>
|
|
17
|
+
<s:Body>
|
|
18
|
+
<SearchDocuments xmlns="http://tempuri.org/">
|
|
19
|
+
<searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
|
|
20
|
+
<b:RegistrationNo>1</b:RegistrationNo>
|
|
21
|
+
</searchCriteria>
|
|
22
|
+
<ds:Signature />
|
|
23
|
+
</SearchDocuments>
|
|
24
|
+
</s:Body>
|
|
25
|
+
</s:Envelope>
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
3
|
+
<s:Header>
|
|
4
|
+
<a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action>
|
|
5
|
+
<a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID>
|
|
6
|
+
<a:ReplyTo>
|
|
7
|
+
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
|
|
8
|
+
</a:ReplyTo>
|
|
9
|
+
<To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1" wsurandom:Id="_7e75a8ded22253b163ca76a40b6cc0c670ed0c33">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To>
|
|
10
|
+
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
|
|
11
|
+
<wsurandom:Timestamp wsurandom:Id="_3e2f6b0b9430b7f2b69712172db02293291f5322">
|
|
12
|
+
<wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created>
|
|
13
|
+
<wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires>
|
|
14
|
+
</wsurandom:Timestamp>
|
|
15
|
+
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken>
|
|
16
|
+
<Signature>
|
|
17
|
+
<SignedInfo>
|
|
18
|
+
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
19
|
+
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
20
|
+
<Reference URI="#_3e2f6b0b9430b7f2b69712172db02293291f5322">
|
|
21
|
+
<Transforms>
|
|
22
|
+
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
23
|
+
</Transforms>
|
|
24
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
25
|
+
<DigestValue>hUP34KxVar1UE5I87U1kH8MzV+o=</DigestValue>
|
|
26
|
+
</Reference>
|
|
27
|
+
<Reference URI="#_7e75a8ded22253b163ca76a40b6cc0c670ed0c33">
|
|
28
|
+
<Transforms>
|
|
29
|
+
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
30
|
+
</Transforms>
|
|
31
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
32
|
+
<DigestValue>/rAVEm0SjaC0ckFViZd+A0hYe+U=</DigestValue>
|
|
33
|
+
</Reference>
|
|
34
|
+
<Reference URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">
|
|
35
|
+
<Transforms>
|
|
36
|
+
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
37
|
+
</Transforms>
|
|
38
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
39
|
+
<DigestValue>QfyyHQKBXN21QNXRHMDBkxZeTMI=</DigestValue>
|
|
40
|
+
</Reference>
|
|
41
|
+
</SignedInfo>
|
|
42
|
+
<SignatureValue>c1YkLvip/5njmwGakJ1Er6PMDUO2zC1HpinFkEEQkL+Ay1XJzGFehQdflIQjb6oRkT3c5DY3c+tcvE+G9/Wzy1m89RKkLvUAdPeI+ZMZw+90Rf5mvJku3QJ/G1bDlBOL54zYIC76El+XmHy1YM71x9+Y56z2mtCxZWAFOP7C3rA=</SignatureValue>
|
|
43
|
+
<KeyInfo>
|
|
44
|
+
<wsse:SecurityTokenReference>
|
|
45
|
+
<wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/>
|
|
46
|
+
</wsse:SecurityTokenReference>
|
|
47
|
+
</KeyInfo>
|
|
48
|
+
</Signature>
|
|
49
|
+
</wsse:Security>
|
|
50
|
+
</s:Header>
|
|
51
|
+
<s:Body>
|
|
52
|
+
<SearchDocuments xmlns="http://tempuri.org/">
|
|
53
|
+
<searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
|
|
54
|
+
<b:RegistrationNo>1</b:RegistrationNo>
|
|
55
|
+
</searchCriteria>
|
|
56
|
+
<ds:Signature/>
|
|
57
|
+
</SearchDocuments>
|
|
58
|
+
</s:Body>
|
|
59
|
+
</s:Envelope>
|
data/spec/signer_spec.rb
CHANGED
|
@@ -108,4 +108,35 @@ describe Signer do
|
|
|
108
108
|
|
|
109
109
|
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
|
|
110
110
|
end
|
|
111
|
+
|
|
112
|
+
it "should digest and sign SOAP XML with security node and digested binary token" do
|
|
113
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
|
|
114
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
115
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
116
|
+
|
|
117
|
+
signer = Signer.new(File.read(input_xml_file))
|
|
118
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
|
119
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
120
|
+
signer.security_node = signer.document.at_xpath('//soap:Header/wsse:Security', soap: 'http://www.w3.org/2003/05/soap-envelope', wsse: Signer::WSSE_NAMESPACE)
|
|
121
|
+
|
|
122
|
+
signer.document.xpath("//u:Timestamp", { "u" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" }).each do |node|
|
|
123
|
+
signer.digest!(node)
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
signer.document.xpath("//a:To", { "a" => "http://www.w3.org/2005/08/addressing" }).each do |node|
|
|
127
|
+
signer.digest!(node)
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
signer.digest!(signer.binary_security_token_node)
|
|
131
|
+
|
|
132
|
+
signer.sign!
|
|
133
|
+
|
|
134
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_4_with_nested_signatures.xml'), "w") do |f|
|
|
135
|
+
# f.write signer.document.to_s
|
|
136
|
+
# end
|
|
137
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_4_with_nested_signatures.xml')
|
|
138
|
+
|
|
139
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
|
|
140
|
+
end
|
|
141
|
+
|
|
111
142
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: signer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Edgars Beigarts
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-11-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -69,12 +69,14 @@ files:
|
|
|
69
69
|
- spec/fixtures/input_1.xml
|
|
70
70
|
- spec/fixtures/input_2.xml
|
|
71
71
|
- spec/fixtures/input_3_c14n_comments.xml
|
|
72
|
+
- spec/fixtures/input_4_with_nested_signatures.xml
|
|
72
73
|
- spec/fixtures/key.pem
|
|
73
74
|
- spec/fixtures/output_1.xml
|
|
74
75
|
- spec/fixtures/output_1_inclusive_namespaces.xml
|
|
75
76
|
- spec/fixtures/output_1_sha256.xml
|
|
76
77
|
- spec/fixtures/output_2.xml
|
|
77
78
|
- spec/fixtures/output_3_c14n_comments.xml
|
|
79
|
+
- spec/fixtures/output_4_with_nested_signatures.xml
|
|
78
80
|
- spec/signer_spec.rb
|
|
79
81
|
- spec/spec_helper.rb
|
|
80
82
|
homepage: ''
|
|
@@ -96,7 +98,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
96
98
|
version: '0'
|
|
97
99
|
requirements: []
|
|
98
100
|
rubyforge_project:
|
|
99
|
-
rubygems_version: 2.
|
|
101
|
+
rubygems_version: 2.4.4
|
|
100
102
|
signing_key:
|
|
101
103
|
specification_version: 4
|
|
102
104
|
summary: WS Security XML signer
|
|
@@ -105,11 +107,13 @@ test_files:
|
|
|
105
107
|
- spec/fixtures/input_1.xml
|
|
106
108
|
- spec/fixtures/input_2.xml
|
|
107
109
|
- spec/fixtures/input_3_c14n_comments.xml
|
|
110
|
+
- spec/fixtures/input_4_with_nested_signatures.xml
|
|
108
111
|
- spec/fixtures/key.pem
|
|
109
112
|
- spec/fixtures/output_1.xml
|
|
110
113
|
- spec/fixtures/output_1_inclusive_namespaces.xml
|
|
111
114
|
- spec/fixtures/output_1_sha256.xml
|
|
112
115
|
- spec/fixtures/output_2.xml
|
|
113
116
|
- spec/fixtures/output_3_c14n_comments.xml
|
|
117
|
+
- spec/fixtures/output_4_with_nested_signatures.xml
|
|
114
118
|
- spec/signer_spec.rb
|
|
115
119
|
- spec/spec_helper.rb
|