signer 1.6.0 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1ee493581c699bac6cedcc5dade885fe7901bebe
-  data.tar.gz: 3e2e76ecef50b8830f0c1b46cfe294734b747698
+  metadata.gz: 2cba6787704ac8cffdfd99839e20be635d047f06
+  data.tar.gz: d0054e1665f0a526e709d543f1340c1e72dd97d6
 SHA512:
-  metadata.gz: 2bb34c6474b97a9729a9179343331b8c22ef8313b64160afa3a4079814a3e095a75c5f0456e86263550ba9c985dffefdbad18e542620479313bd81200d2a55d1
-  data.tar.gz: 503971e5792ea1cd9ccaba1e988c35693fbd4b3141ffe83564a2c9ccdc34f5c0f48f736fa89bf89dce7417b287b14e4b077ccda0d53d5c62dd8901dc9b3f9016
+  metadata.gz: a3436ec52e02bea60aeeb62872050fd46ed75eb8fe12ce0f87c25e3338c1a9e909a4c1c8413fdbca3a37afed8d2780fb44712ac8890f9ce347d91632209fb27f
+  data.tar.gz: c41e6225ed20232065ac98a7075eba7ff028c0d6f7ef7c0199cfed0c73f3a768dde7215731a32d86667e5a355a5d1e345ad9b19f9b2f2847adeb5e9966e45511

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.0 (2018-11-06)
+
+- Add wss option for XML only signing (#18, @pistachiology)
+
 ## 1.6.0 (2017-09-14)
 
 - X509 in SecurityTokenReference node (#17, @tiagocasanovapt)

data/lib/signer.rb

@@ -7,7 +7,7 @@ require "signer/digester"
 require "signer/version"
 
 class Signer
-  attr_accessor :document, :private_key, :signature_algorithm_id, :ds_namespace_prefix
+  attr_accessor :document, :private_key, :signature_algorithm_id, :ds_namespace_prefix, :wss
   attr_reader :cert
   attr_writer :security_node, :signature_node, :security_token_id
 
@@ -15,11 +15,12 @@ class Signer
   WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
   DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
 
-  def initialize(document, noblanks: true)
+  def initialize(document, noblanks: true, wss: true)
     self.document = Nokogiri::XML(document.to_s) do |config|
       config.noblanks if noblanks
     end
     self.digest_algorithm = :sha1
+    self.wss = wss
     self.set_default_signature_method!
   end
 
@@ -68,11 +69,11 @@ class Signer
   end
 
   def security_token_id
-    @security_token_id ||= "uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"
+    @security_token_id ||= wss? ? "uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1" : ""
   end
 
   def security_node
-    @security_node ||= document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first
+    @security_node ||= wss? ? document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first : ''
   end
 
   def canonicalize(node = document, inclusive_namespaces=nil)
@@ -127,6 +128,7 @@ class Signer
   #   </o:SecurityTokenReference>
   # </KeyInfo>
   def binary_security_token_node
+    return unless wss?
     node = document.at_xpath('wsse:BinarySecurityToken', wsse: WSSE_NAMESPACE)
     unless node
       node = Nokogiri::XML::Node.new('BinarySecurityToken', document)
@@ -222,13 +224,19 @@ class Signer
   #   </Reference>
 
   def digest!(target_node, options = {})
-    wsu_ns = namespace_prefix(target_node, WSU_NAMESPACE)
-    current_id = target_node["#{wsu_ns}:Id"]  if wsu_ns
-    id = options[:id] || current_id || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
-    if id.to_s.size > 0
-      wsu_ns ||= namespace_prefix(target_node, WSU_NAMESPACE, 'wsu')
-      target_node["#{wsu_ns}:Id"] = id.to_s
+    if wss?
+      wsu_ns = namespace_prefix(target_node, WSU_NAMESPACE)
+      current_id = target_node["#{wsu_ns}:Id"]  if wsu_ns
+      id = options[:id] || current_id || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
+      unless id.to_s.empty?
+        wsu_ns ||= namespace_prefix(target_node, WSU_NAMESPACE, 'wsu')
+        target_node["#{wsu_ns}:Id"] = id.to_s
+      end
+    elsif target_node['Id'].nil?
+      id = options[:id] || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
+      target_node['Id'] = id.to_s unless id.empty?
     end
+
     target_canon = canonicalize(target_node, options[:inclusive_namespaces])
     target_digest = Base64.encode64(@digester.digest(target_canon)).strip
 
@@ -310,6 +318,11 @@ class Signer
 
   protected
 
+  # Check are we using ws security?
+  def wss?
+    wss
+  end
+
   # Reset digest algorithm for signature creation and signature algorithm identifier
   def set_default_signature_method!
     self.signature_digest_algorithm = :sha1

data/lib/signer/digester.rb

@@ -12,9 +12,15 @@ class Signer
     },
     # SHA 256
     sha256: {
-        name: 'SHA256',
-        id: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
-        digester: lambda { OpenSSL::Digest::SHA256.new },
+      name: 'SHA256',
+      id: 'http://www.w3.org/2001/04/xmlenc#sha256',
+      digester: lambda { OpenSSL::Digest::SHA256.new },
+    },
+    # SHA512
+    sha512: {
+      name: 'SHA512',
+      id: 'http://www.w3.org/2001/04/xmlenc#sha512',
+      digester: lambda { OpenSSL::Digest::SHA512.new },
     },
     # GOST R 34-11 94
     gostr3411: {

data/lib/signer/version.rb

@@ -1,3 +1,3 @@
 class Signer
-  VERSION = '1.6.0'
+  VERSION = '1.7.0'
 end

data/spec/fixtures/output_1_sha256.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0"?>
-<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action><a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"><wsurandom:Timestamp><wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created><wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires></wsurandom:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><DigestValue>2ca0eR2o1+y/CovNwnle3yEK1wI+ztlKQfCqcGvoSAA=</DigestValue></Reference></SignedInfo><SignatureValue>ml/HJ0ouBwAag9Kr4yTyrc4RrHc3sspx2YbQHPiTxB3QOT+T2kM5wU+gnHVIk5VOYVR9FIvm/bb6RWnLyW78/7eN6eIoh+Zr1YsEavCHw3AR9Zf4d7S+9ugCrPmrrEO1lOiyEHU0HuWS5gqua+/ttuTPtV24fGeWvxl15SIxFa8=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Security></s:Header><s:Body><SearchDocuments xmlns="http://tempuri.org/"><searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><b:RegistrationNo>1</b:RegistrationNo></searchCriteria></SearchDocuments></s:Body></s:Envelope>
+<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action><a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"><wsurandom:Timestamp><wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created><wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires></wsurandom:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><Reference URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>2ca0eR2o1+y/CovNwnle3yEK1wI+ztlKQfCqcGvoSAA=</DigestValue></Reference></SignedInfo><SignatureValue>PoUuYfxElOzG8Dw8/zdDrgPXxbFpj+Gxz4Fi7KDJ0XUgUNcQ6/Tk871cwdFA641Pkqo2DvyD2RIylXEuaY57abDQ4JTB86KCqrdt1cgAecn/lqfoojdTflrq+ugc1JGm6UZFQRcHrW4m2wjQgWFFAPFwNnRVdNGTRf5SHtmbMvc=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Security></s:Header><s:Body><SearchDocuments xmlns="http://tempuri.org/"><searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><b:RegistrationNo>1</b:RegistrationNo></searchCriteria></SearchDocuments></s:Body></s:Envelope>

data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml

@@ -0,0 +1,37 @@
+<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
+	<CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
+	<Command>GetUserInfo</Command>
+	<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
+	<Environment>PRODUCTION</Environment>
+	<SoftwareId>Petri</SoftwareId>
+	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+		<ds:SignedInfo>
+			<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+			<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+			<ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
+				<ds:Transforms>
+					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+				</ds:Transforms>
+				<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
+			</ds:Reference>
+			<ds:Reference URI="">
+				<ds:Transforms>
+					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+				</ds:Transforms>
+				<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
+			</ds:Reference>
+		</ds:SignedInfo>
+		<ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
+		<ds:KeyInfo>
+			<ds:X509Data>
+				<ds:X509IssuerSerial>
+					<ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
+					<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
+				</ds:X509IssuerSerial>
+				<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
+			</ds:X509Data>
+		</ds:KeyInfo>
+	</ds:Signature>
+</ApplicationRequest>

data/spec/signer_spec.rb

@@ -57,7 +57,7 @@ describe Signer do
     signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
     signer.digest_algorithm = :sha256
     signer.signature_digest_algorithm = :sha256
-    signer.signature_algorithm_id = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
+    signer.signature_algorithm_id = 'http://www.w3.org/2001/04/xmlenc#sha256'
 
     signer.digest!(signer.binary_security_token_node)
 
@@ -109,6 +109,7 @@ describe Signer do
     signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
   end
 
+
   it "should digest and sign SOAP XML with security node and digested binary token" do
     input_xml_file   = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
     cert_file        = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
@@ -150,6 +151,7 @@ describe Signer do
     signer.security_node = signer.document.root
     signer.security_token_id = ""
     signer.ds_namespace_prefix = 'ds'
+
     signer.digest!(signer.document.root, :id => "", :enveloped => true)
     signer.sign!(:issuer_serial => true)
 
@@ -161,6 +163,32 @@ describe Signer do
     signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
   end
 
+  it "should partially sign element and simple XML with custom DS namespace prefix when wss is false" do
+    input_xml_file   = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
+    cert_file        = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
+    private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
+
+    signer = Signer.new(File.read(input_xml_file), wss: false)
+    signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
+    signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
+    signer.security_node = signer.document.root
+    signer.security_token_id = ""
+    signer.ds_namespace_prefix = 'ds'
+
+    # partially sign element
+    signer.digest!(signer.document.root.children.first, :enveloped => true)
+
+    signer.digest!(signer.document.root, :id => "", :enveloped => true)
+    signer.sign!(:issuer_serial => true)
+
+    # File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
+    #   f.write signer.document.to_s
+    # end
+    output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml')
+
+    signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
+  end
+
   it "should digest and sign SOAP XML with security node and digested binary token with noblanks disabled" do
     input_xml_file   = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
     cert_file        = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: signer
 version: !ruby/object:Gem::Version
-  version: 1.6.0
+  version: 1.7.0
 platform: ruby
 authors:
 - Edgars Beigarts
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-14 00:00:00.000000000 Z
+date: 2018-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -77,6 +77,7 @@ files:
 - spec/fixtures/output_1_sha256.xml
 - spec/fixtures/output_2.xml
 - spec/fixtures/output_2_with_ds_prefix.xml
+- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
 - spec/fixtures/output_3_c14n_comments.xml
 - spec/fixtures/output_4_with_nested_signatures.xml
 - spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
@@ -103,27 +104,28 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: WS Security XML signer
 test_files:
+- spec/spec_helper.rb
+- spec/fixtures/output_5_with_x509_data.xml
+- spec/fixtures/key.pem
+- spec/fixtures/input_5.xml
+- spec/fixtures/input_4_with_nested_signatures.xml
 - spec/fixtures/cert.pem
 - spec/fixtures/input_1.xml
 - spec/fixtures/input_2.xml
-- spec/fixtures/input_3_c14n_comments.xml
-- spec/fixtures/input_4_with_nested_signatures.xml
-- spec/fixtures/input_5.xml
-- spec/fixtures/key.pem
+- spec/fixtures/output_4_with_nested_signatures.xml
 - spec/fixtures/output_1.xml
-- spec/fixtures/output_1_inclusive_namespaces.xml
-- spec/fixtures/output_1_sha256.xml
 - spec/fixtures/output_2.xml
-- spec/fixtures/output_2_with_ds_prefix.xml
-- spec/fixtures/output_3_c14n_comments.xml
-- spec/fixtures/output_4_with_nested_signatures.xml
+- spec/fixtures/output_1_sha256.xml
+- spec/fixtures/input_3_c14n_comments.xml
+- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
 - spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
+- spec/fixtures/output_3_c14n_comments.xml
+- spec/fixtures/output_2_with_ds_prefix.xml
+- spec/fixtures/output_1_inclusive_namespaces.xml
 - spec/fixtures/output_5_with_security_token.xml
-- spec/fixtures/output_5_with_x509_data.xml
 - spec/signer_spec.rb
-- spec/spec_helper.rb