signer 1.6.0 → 1.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/signer.rb +23 -10
- data/lib/signer/digester.rb +9 -3
- data/lib/signer/version.rb +1 -1
- data/spec/fixtures/output_1_sha256.xml +1 -1
- data/spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml +37 -0
- data/spec/signer_spec.rb +29 -1
- metadata +16 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2cba6787704ac8cffdfd99839e20be635d047f06
|
|
4
|
+
data.tar.gz: d0054e1665f0a526e709d543f1340c1e72dd97d6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a3436ec52e02bea60aeeb62872050fd46ed75eb8fe12ce0f87c25e3338c1a9e909a4c1c8413fdbca3a37afed8d2780fb44712ac8890f9ce347d91632209fb27f
|
|
7
|
+
data.tar.gz: c41e6225ed20232065ac98a7075eba7ff028c0d6f7ef7c0199cfed0c73f3a768dde7215731a32d86667e5a355a5d1e345ad9b19f9b2f2847adeb5e9966e45511
|
data/CHANGELOG.md
CHANGED
data/lib/signer.rb
CHANGED
|
@@ -7,7 +7,7 @@ require "signer/digester"
|
|
|
7
7
|
require "signer/version"
|
|
8
8
|
|
|
9
9
|
class Signer
|
|
10
|
-
attr_accessor :document, :private_key, :signature_algorithm_id, :ds_namespace_prefix
|
|
10
|
+
attr_accessor :document, :private_key, :signature_algorithm_id, :ds_namespace_prefix, :wss
|
|
11
11
|
attr_reader :cert
|
|
12
12
|
attr_writer :security_node, :signature_node, :security_token_id
|
|
13
13
|
|
|
@@ -15,11 +15,12 @@ class Signer
|
|
|
15
15
|
WSSE_NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
|
|
16
16
|
DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
|
|
17
17
|
|
|
18
|
-
def initialize(document, noblanks: true)
|
|
18
|
+
def initialize(document, noblanks: true, wss: true)
|
|
19
19
|
self.document = Nokogiri::XML(document.to_s) do |config|
|
|
20
20
|
config.noblanks if noblanks
|
|
21
21
|
end
|
|
22
22
|
self.digest_algorithm = :sha1
|
|
23
|
+
self.wss = wss
|
|
23
24
|
self.set_default_signature_method!
|
|
24
25
|
end
|
|
25
26
|
|
|
@@ -68,11 +69,11 @@ class Signer
|
|
|
68
69
|
end
|
|
69
70
|
|
|
70
71
|
def security_token_id
|
|
71
|
-
@security_token_id ||= "uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"
|
|
72
|
+
@security_token_id ||= wss? ? "uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1" : ""
|
|
72
73
|
end
|
|
73
74
|
|
|
74
75
|
def security_node
|
|
75
|
-
@security_node ||= document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first
|
|
76
|
+
@security_node ||= wss? ? document.xpath('//wsse:Security', wsse: WSSE_NAMESPACE).first : ''
|
|
76
77
|
end
|
|
77
78
|
|
|
78
79
|
def canonicalize(node = document, inclusive_namespaces=nil)
|
|
@@ -127,6 +128,7 @@ class Signer
|
|
|
127
128
|
# </o:SecurityTokenReference>
|
|
128
129
|
# </KeyInfo>
|
|
129
130
|
def binary_security_token_node
|
|
131
|
+
return unless wss?
|
|
130
132
|
node = document.at_xpath('wsse:BinarySecurityToken', wsse: WSSE_NAMESPACE)
|
|
131
133
|
unless node
|
|
132
134
|
node = Nokogiri::XML::Node.new('BinarySecurityToken', document)
|
|
@@ -222,13 +224,19 @@ class Signer
|
|
|
222
224
|
# </Reference>
|
|
223
225
|
|
|
224
226
|
def digest!(target_node, options = {})
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
227
|
+
if wss?
|
|
228
|
+
wsu_ns = namespace_prefix(target_node, WSU_NAMESPACE)
|
|
229
|
+
current_id = target_node["#{wsu_ns}:Id"] if wsu_ns
|
|
230
|
+
id = options[:id] || current_id || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
|
|
231
|
+
unless id.to_s.empty?
|
|
232
|
+
wsu_ns ||= namespace_prefix(target_node, WSU_NAMESPACE, 'wsu')
|
|
233
|
+
target_node["#{wsu_ns}:Id"] = id.to_s
|
|
234
|
+
end
|
|
235
|
+
elsif target_node['Id'].nil?
|
|
236
|
+
id = options[:id] || "_#{Digest::SHA1.hexdigest(target_node.to_s)}"
|
|
237
|
+
target_node['Id'] = id.to_s unless id.empty?
|
|
231
238
|
end
|
|
239
|
+
|
|
232
240
|
target_canon = canonicalize(target_node, options[:inclusive_namespaces])
|
|
233
241
|
target_digest = Base64.encode64(@digester.digest(target_canon)).strip
|
|
234
242
|
|
|
@@ -310,6 +318,11 @@ class Signer
|
|
|
310
318
|
|
|
311
319
|
protected
|
|
312
320
|
|
|
321
|
+
# Check are we using ws security?
|
|
322
|
+
def wss?
|
|
323
|
+
wss
|
|
324
|
+
end
|
|
325
|
+
|
|
313
326
|
# Reset digest algorithm for signature creation and signature algorithm identifier
|
|
314
327
|
def set_default_signature_method!
|
|
315
328
|
self.signature_digest_algorithm = :sha1
|
data/lib/signer/digester.rb
CHANGED
|
@@ -12,9 +12,15 @@ class Signer
|
|
|
12
12
|
},
|
|
13
13
|
# SHA 256
|
|
14
14
|
sha256: {
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
15
|
+
name: 'SHA256',
|
|
16
|
+
id: 'http://www.w3.org/2001/04/xmlenc#sha256',
|
|
17
|
+
digester: lambda { OpenSSL::Digest::SHA256.new },
|
|
18
|
+
},
|
|
19
|
+
# SHA512
|
|
20
|
+
sha512: {
|
|
21
|
+
name: 'SHA512',
|
|
22
|
+
id: 'http://www.w3.org/2001/04/xmlenc#sha512',
|
|
23
|
+
digester: lambda { OpenSSL::Digest::SHA512.new },
|
|
18
24
|
},
|
|
19
25
|
# GOST R 34-11 94
|
|
20
26
|
gostr3411: {
|
data/lib/signer/version.rb
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
|
-
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action><a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"><wsurandom:Timestamp><wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created><wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires></wsurandom:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/
|
|
2
|
+
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsurandom="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://tempuri.org/IDocumentService/SearchDocuments</a:Action><a:MessageID>urn:uuid:30db5d4f-ab84-46be-907c-be690a92979b</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><To xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope" a:mustUnderstand="1">http://tempuri.org/PublicServices/Test/1.0.12/PublicServices/DocumentService.svc</To><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1"><wsurandom:Timestamp><wsurandom:Created>2012-05-02T18:17:14.467Z</wsurandom:Created><wsurandom:Expires>2012-05-02T18:22:14.467Z</wsurandom:Expires></wsurandom:Timestamp><wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsurandom:Id="uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1">MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</wsse:BinarySecurityToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><Reference URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>2ca0eR2o1+y/CovNwnle3yEK1wI+ztlKQfCqcGvoSAA=</DigestValue></Reference></SignedInfo><SignatureValue>PoUuYfxElOzG8Dw8/zdDrgPXxbFpj+Gxz4Fi7KDJ0XUgUNcQ6/Tk871cwdFA641Pkqo2DvyD2RIylXEuaY57abDQ4JTB86KCqrdt1cgAecn/lqfoojdTflrq+ugc1JGm6UZFQRcHrW4m2wjQgWFFAPFwNnRVdNGTRf5SHtmbMvc=</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-639b8970-7644-4f9e-9bc4-9c2e367808fc-1"/></wsse:SecurityTokenReference></KeyInfo></Signature></wsse:Security></s:Header><s:Body><SearchDocuments xmlns="http://tempuri.org/"><searchCriteria xmlns:b="http://schemas.datacontract.org/2004/07/BusinessLogic.Data.Documents.Integration" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><b:RegistrationNo>1</b:RegistrationNo></searchCriteria></SearchDocuments></s:Body></s:Envelope>
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
<ApplicationRequest xmlns="http://bxd.fi/xmldata/">
|
|
2
|
+
<CustomerId Id="_8ea8b0fa3fe774fc4942779a3e53620e6d389667">679155330</CustomerId>
|
|
3
|
+
<Command>GetUserInfo</Command>
|
|
4
|
+
<Timestamp>2010-05-10T13:22:19.847+03:00</Timestamp>
|
|
5
|
+
<Environment>PRODUCTION</Environment>
|
|
6
|
+
<SoftwareId>Petri</SoftwareId>
|
|
7
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
8
|
+
<ds:SignedInfo>
|
|
9
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
10
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
11
|
+
<ds:Reference URI="#_8ea8b0fa3fe774fc4942779a3e53620e6d389667">
|
|
12
|
+
<ds:Transforms>
|
|
13
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
14
|
+
</ds:Transforms>
|
|
15
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
16
|
+
<ds:DigestValue>AttQv5nkiNZFLKlFfVfX5+JYmSA=</ds:DigestValue>
|
|
17
|
+
</ds:Reference>
|
|
18
|
+
<ds:Reference URI="">
|
|
19
|
+
<ds:Transforms>
|
|
20
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
21
|
+
</ds:Transforms>
|
|
22
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
23
|
+
<ds:DigestValue>9Z9YtwWWlyGnFB36gxXj+mGcv14=</ds:DigestValue>
|
|
24
|
+
</ds:Reference>
|
|
25
|
+
</ds:SignedInfo>
|
|
26
|
+
<ds:SignatureValue>YwPuF4il34qUeAhIfzsLy/oKr4gxB9hlCYqEhVo8nYsrnDJKtBMznvkmi89TuKJ4FIibWnjsMqDDC74rpkcoUVs9O4pE/zLQxdRnQeRWPZjZnwEsmbBirFK+uk+Q7aVMUTRxxQwjZQRfBain4YdatqKDYCq/VkX4muAzxtHBYN4=</ds:SignatureValue>
|
|
27
|
+
<ds:KeyInfo>
|
|
28
|
+
<ds:X509Data>
|
|
29
|
+
<ds:X509IssuerSerial>
|
|
30
|
+
<ds:X509IssuerName>C=AU,ST=Some-State,O=Internet Widgits Pty Ltd</ds:X509IssuerName>
|
|
31
|
+
<ds:X509SerialNumber>16503368396260674861</ds:X509SerialNumber>
|
|
32
|
+
</ds:X509IssuerSerial>
|
|
33
|
+
<ds:X509Certificate>MIICsDCCAhmgAwIBAgIJAOUHvh4oho0tMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTIwNTAzMTMxODIyWhcNMTMwNTAzMTMxODIyWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvK5hMPv/R5IFmwWyJOyEaFUrF/ZsmN+Gip8hvR6rLP3YPNx9iFYvPcZllFmuVwyaz7YT2N5BsqTwLdyi5v4HY4fUtuz0p8jIPoSd6dfDvcnSpf4QLTOgOaL3ciPEbgDHH2tnIksukoWzqCYva+qFZ74NFl19swXotW9fA4Jzs4QIDAQABo4GnMIGkMB0GA1UdDgQWBBRU1WEHDnP8Hr7ZulxrSzEwOcYpMzB1BgNVHSMEbjBsgBRU1WEHDnP8Hr7ZulxrSzEwOcYpM6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOUHvh4oho0tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEASY/9SAOK57q9mGnNJJeyDbmyGrAHSJTod646xTHYkMvhUqwHyk9PTr5bdfmswpmyVn+AQ43U2tU5vnpTBmKpHWD2+HSHgGa92mMLrfBOd8EBZ329NL3N2HDPIaHr4NPGyhNrSK3QVOnAq2D0jlyrGYJlLli1NxHiBz7FCEJaVI8=</ds:X509Certificate>
|
|
34
|
+
</ds:X509Data>
|
|
35
|
+
</ds:KeyInfo>
|
|
36
|
+
</ds:Signature>
|
|
37
|
+
</ApplicationRequest>
|
data/spec/signer_spec.rb
CHANGED
|
@@ -57,7 +57,7 @@ describe Signer do
|
|
|
57
57
|
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
58
58
|
signer.digest_algorithm = :sha256
|
|
59
59
|
signer.signature_digest_algorithm = :sha256
|
|
60
|
-
signer.signature_algorithm_id = 'http://www.w3.org/2001/04/
|
|
60
|
+
signer.signature_algorithm_id = 'http://www.w3.org/2001/04/xmlenc#sha256'
|
|
61
61
|
|
|
62
62
|
signer.digest!(signer.binary_security_token_node)
|
|
63
63
|
|
|
@@ -109,6 +109,7 @@ describe Signer do
|
|
|
109
109
|
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
|
|
110
110
|
end
|
|
111
111
|
|
|
112
|
+
|
|
112
113
|
it "should digest and sign SOAP XML with security node and digested binary token" do
|
|
113
114
|
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
|
|
114
115
|
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
@@ -150,6 +151,7 @@ describe Signer do
|
|
|
150
151
|
signer.security_node = signer.document.root
|
|
151
152
|
signer.security_token_id = ""
|
|
152
153
|
signer.ds_namespace_prefix = 'ds'
|
|
154
|
+
|
|
153
155
|
signer.digest!(signer.document.root, :id => "", :enveloped => true)
|
|
154
156
|
signer.sign!(:issuer_serial => true)
|
|
155
157
|
|
|
@@ -161,6 +163,32 @@ describe Signer do
|
|
|
161
163
|
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
|
|
162
164
|
end
|
|
163
165
|
|
|
166
|
+
it "should partially sign element and simple XML with custom DS namespace prefix when wss is false" do
|
|
167
|
+
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_2.xml')
|
|
168
|
+
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
|
169
|
+
private_key_file = File.join(File.dirname(__FILE__), 'fixtures', 'key.pem')
|
|
170
|
+
|
|
171
|
+
signer = Signer.new(File.read(input_xml_file), wss: false)
|
|
172
|
+
signer.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
|
|
173
|
+
signer.private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), "test")
|
|
174
|
+
signer.security_node = signer.document.root
|
|
175
|
+
signer.security_token_id = ""
|
|
176
|
+
signer.ds_namespace_prefix = 'ds'
|
|
177
|
+
|
|
178
|
+
# partially sign element
|
|
179
|
+
signer.digest!(signer.document.root.children.first, :enveloped => true)
|
|
180
|
+
|
|
181
|
+
signer.digest!(signer.document.root, :id => "", :enveloped => true)
|
|
182
|
+
signer.sign!(:issuer_serial => true)
|
|
183
|
+
|
|
184
|
+
# File.open(File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix.xml'), "w") do |f|
|
|
185
|
+
# f.write signer.document.to_s
|
|
186
|
+
# end
|
|
187
|
+
output_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'output_2_with_ds_prefix_and_wss_disabled.xml')
|
|
188
|
+
|
|
189
|
+
signer.to_xml.should == Nokogiri::XML(File.read(output_xml_file), &:noblanks).to_xml(:save_with => 0)
|
|
190
|
+
end
|
|
191
|
+
|
|
164
192
|
it "should digest and sign SOAP XML with security node and digested binary token with noblanks disabled" do
|
|
165
193
|
input_xml_file = File.join(File.dirname(__FILE__), 'fixtures', 'input_4_with_nested_signatures.xml')
|
|
166
194
|
cert_file = File.join(File.dirname(__FILE__), 'fixtures', 'cert.pem')
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: signer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Edgars Beigarts
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-11-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -77,6 +77,7 @@ files:
|
|
|
77
77
|
- spec/fixtures/output_1_sha256.xml
|
|
78
78
|
- spec/fixtures/output_2.xml
|
|
79
79
|
- spec/fixtures/output_2_with_ds_prefix.xml
|
|
80
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
|
|
80
81
|
- spec/fixtures/output_3_c14n_comments.xml
|
|
81
82
|
- spec/fixtures/output_4_with_nested_signatures.xml
|
|
82
83
|
- spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
|
|
@@ -103,27 +104,28 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
103
104
|
version: '0'
|
|
104
105
|
requirements: []
|
|
105
106
|
rubyforge_project:
|
|
106
|
-
rubygems_version: 2.6.
|
|
107
|
+
rubygems_version: 2.6.14
|
|
107
108
|
signing_key:
|
|
108
109
|
specification_version: 4
|
|
109
110
|
summary: WS Security XML signer
|
|
110
111
|
test_files:
|
|
112
|
+
- spec/spec_helper.rb
|
|
113
|
+
- spec/fixtures/output_5_with_x509_data.xml
|
|
114
|
+
- spec/fixtures/key.pem
|
|
115
|
+
- spec/fixtures/input_5.xml
|
|
116
|
+
- spec/fixtures/input_4_with_nested_signatures.xml
|
|
111
117
|
- spec/fixtures/cert.pem
|
|
112
118
|
- spec/fixtures/input_1.xml
|
|
113
119
|
- spec/fixtures/input_2.xml
|
|
114
|
-
- spec/fixtures/
|
|
115
|
-
- spec/fixtures/input_4_with_nested_signatures.xml
|
|
116
|
-
- spec/fixtures/input_5.xml
|
|
117
|
-
- spec/fixtures/key.pem
|
|
120
|
+
- spec/fixtures/output_4_with_nested_signatures.xml
|
|
118
121
|
- spec/fixtures/output_1.xml
|
|
119
|
-
- spec/fixtures/output_1_inclusive_namespaces.xml
|
|
120
|
-
- spec/fixtures/output_1_sha256.xml
|
|
121
122
|
- spec/fixtures/output_2.xml
|
|
122
|
-
- spec/fixtures/
|
|
123
|
-
- spec/fixtures/
|
|
124
|
-
- spec/fixtures/
|
|
123
|
+
- spec/fixtures/output_1_sha256.xml
|
|
124
|
+
- spec/fixtures/input_3_c14n_comments.xml
|
|
125
|
+
- spec/fixtures/output_2_with_ds_prefix_and_wss_disabled.xml
|
|
125
126
|
- spec/fixtures/output_4_with_nested_signatures_with_noblanks_disabled.xml
|
|
127
|
+
- spec/fixtures/output_3_c14n_comments.xml
|
|
128
|
+
- spec/fixtures/output_2_with_ds_prefix.xml
|
|
129
|
+
- spec/fixtures/output_1_inclusive_namespaces.xml
|
|
126
130
|
- spec/fixtures/output_5_with_security_token.xml
|
|
127
|
-
- spec/fixtures/output_5_with_x509_data.xml
|
|
128
131
|
- spec/signer_spec.rb
|
|
129
|
-
- spec/spec_helper.rb
|