spid-es 0.0.7 → 0.0.8

data/lib/spid/xml_security.rb

@@ -0,0 +1,166 @@
+# The contents of this file are subject to the terms
+# of the Common Development and Distribution License
+# (the License). You may not use this file except in
+# compliance with the License.
+#
+# You can obtain a copy of the License at
+# https://opensso.dev.java.net/public/CDDLv1.0.html or
+# opensso/legal/CDDLv1.0.txt
+# See the License for the specific language governing
+# permission and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL
+# Header Notice in each file and include the License file
+# at opensso/legal/CDDLv1.0.txt.
+# If applicable, add the following below the CDDL Header,
+# with the fields enclosed by brackets [] replaced by
+# your own identifying information:
+# "Portions Copyrighted [year] [name of copyright owner]"
+#
+# $Id: xml_sec.rb,v 1.6 2007/10/24 00:28:41 todddd Exp $
+#
+# Copyright 2007 Sun Microsystems Inc. All Rights Reserved
+# Portions Copyrighted 2007 Todd W Saxton.
+
+require 'rubygems'
+require "rexml/document"
+require "rexml/xpath"
+require "openssl"
+require 'nokogiri'
+require "digest/sha1"
+require "digest/sha2"
+require "spid/ruby-saml/validation_error"
+
+module Spid
+  module XMLSecurity
+
+    class SignedDocument < REXML::Document
+      C14N = "http://www.w3.org/2001/10/xml-exc-c14n#"
+      DSIG = "http://www.w3.org/2000/09/xmldsig#"
+
+      attr_accessor :signed_element_id, :sig_element, :noko_sig_element
+
+      def initialize(response)
+        super(response)
+        extract_signed_element_id
+      end
+
+      def validate(idp_cert_fingerprint, soft = true)
+        # get cert from response
+        cert_element = REXML::XPath.first(self, "//ds:X509Certificate", { "ds"=>DSIG })
+        base64_cert  = cert_element.text
+        cert_text    = Base64.decode64(base64_cert)
+        cert         = OpenSSL::X509::Certificate.new(cert_text)
+
+        # check cert matches registered idp cert
+        fingerprint = Digest::SHA2.hexdigest(cert.to_der)
+
+        if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
+          return soft ? false : (raise Spid::Saml::ValidationError.new("Fingerprint mismatch"))
+        end
+
+        validate_doc(base64_cert, soft)
+      end
+
+      def validate_doc(base64_cert, soft = true)
+        # validate references
+        # check for inclusive namespaces
+        inclusive_namespaces = extract_inclusive_namespaces
+
+        document = Nokogiri.parse(self.to_s)
+
+        # store and remove signature node
+        self.sig_element ||= begin
+          element = REXML::XPath.first(self, "//ds:Signature", {"ds"=>DSIG})
+          element.remove
+        end
+
+
+        # verify signature
+        signed_info_element     = REXML::XPath.first(sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
+        self.noko_sig_element ||= document.at_xpath('//ds:Signature', 'ds' => DSIG)
+        noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
+        canon_algorithm = canon_algorithm REXML::XPath.first(sig_element, '//ds:CanonicalizationMethod')
+        canon_string = noko_signed_info_element.canonicalize(canon_algorithm)
+        noko_sig_element.remove
+
+        # check digests
+        REXML::XPath.each(sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
+          uri                           = ref.attributes.get_attribute("URI").value
+
+          hashed_element                = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
+          canon_algorithm               = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod')
+          canon_hashed_element          = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces).gsub('&','&amp;')
+
+          digest_algorithm              = algorithm(REXML::XPath.first(ref, "//ds:DigestMethod"))
+
+          hash                          = digest_algorithm.digest(canon_hashed_element)
+          digest_value                  = Base64.decode64(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG}).text)
+
+          unless digests_match?(hash, digest_value)
+            return soft ? false : (raise Spid::Saml::ValidationError.new("Digest mismatch"))
+          end
+        end
+
+        base64_signature        = REXML::XPath.first(sig_element, "//ds:SignatureValue", {"ds"=>DSIG}).text
+        signature               = Base64.decode64(base64_signature)
+
+        # get certificate object
+        cert_text               = Base64.decode64(base64_cert)
+        cert                    = OpenSSL::X509::Certificate.new(cert_text)
+
+        # signature method
+        signature_algorithm     = algorithm(REXML::XPath.first(signed_info_element, "//ds:SignatureMethod", {"ds"=>DSIG}))
+
+        unless cert.public_key.verify(signature_algorithm.new, signature, canon_string)
+          return soft ? false : (raise Spid::Saml::ValidationError.new("Key validation error"))
+        end
+
+        return true
+      end
+
+      private
+
+      def digests_match?(hash, digest_value)
+        hash == digest_value
+      end
+
+      def extract_signed_element_id
+        reference_element       = REXML::XPath.first(self, "//ds:Signature/ds:SignedInfo/ds:Reference", {"ds"=>DSIG})
+        self.signed_element_id  = reference_element.attribute("URI").value[1..-1] unless reference_element.nil?
+      end
+
+      def canon_algorithm(element)
+        algorithm = element.attribute('Algorithm').value if element
+        case algorithm
+          when "http://www.w3.org/2001/10/xml-exc-c14n#"         then Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
+          when "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" then Nokogiri::XML::XML_C14N_1_0
+          when "http://www.w3.org/2006/12/xml-c14n11"            then Nokogiri::XML::XML_C14N_1_1
+          else                                                        Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
+        end
+      end
+
+      def algorithm(element)
+        algorithm = element.attribute("Algorithm").value if element
+        algorithm = algorithm && algorithm =~ /sha(.*?)$/i && $1.to_i
+        case algorithm
+        when 256 then OpenSSL::Digest::SHA256
+        when 384 then OpenSSL::Digest::SHA384
+        when 512 then OpenSSL::Digest::SHA512
+        else
+          OpenSSL::Digest::SHA1
+        end
+      end
+
+      def extract_inclusive_namespaces
+        if element = REXML::XPath.first(self, "//ec:InclusiveNamespaces", { "ec" => C14N })
+          prefix_list = element.attributes.get_attribute("PrefixList").value
+          prefix_list.split(" ")
+        else
+          []
+        end
+      end
+
+    end
+  end
+end

data/lib/spid/xml_security_new.rb

@@ -0,0 +1,373 @@
+# The contents of this file are subject to the terms
+# of the Common Development and Distribution License
+# (the License). You may not use this file except in
+# compliance with the License.
+#
+# You can obtain a copy of the License at
+# https://opensso.dev.java.net/public/CDDLv1.0.html or
+# opensso/legal/CDDLv1.0.txt
+# See the License for the specific language governing
+# permission and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL
+# Header Notice in each file and include the License file
+# at opensso/legal/CDDLv1.0.txt.
+# If applicable, add the following below the CDDL Header,
+# with the fields enclosed by brackets [] replaced by
+# your own identifying information:
+# "Portions Copyrighted [year] [name of copyright owner]"
+#
+# $Id: xml_sec.rb,v 1.6 2007/10/24 00:28:41 todddd Exp $
+#
+# Copyright 2007 Sun Microsystems Inc. All Rights Reserved
+# Portions Copyrighted 2007 Todd W Saxton.
+
+require 'rubygems'
+require "rexml/document"
+require "rexml/xpath"
+require "openssl"
+require 'nokogiri'
+require "digest/sha1"
+require "digest/sha2"
+require "spid/ruby-saml/error_handling"
+
+module Spid
+  module XMLSecurityNew
+
+    class BaseDocument < REXML::Document
+      REXML::Document::entity_expansion_limit = 0
+
+      C14N            = "http://www.w3.org/2001/10/xml-exc-c14n#"
+      DSIG            = "http://www.w3.org/2000/09/xmldsig#"
+      NOKOGIRI_OPTIONS = Nokogiri::XML::ParseOptions::STRICT |
+                         Nokogiri::XML::ParseOptions::NONET
+
+      def canon_algorithm(element)
+        algorithm = element
+        if algorithm.is_a?(REXML::Element)
+          algorithm = element.attribute('Algorithm').value
+        end
+
+        case algorithm
+          when "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
+               "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
+            Nokogiri::XML::XML_C14N_1_0
+          when "http://www.w3.org/2006/12/xml-c14n11",
+               "http://www.w3.org/2006/12/xml-c14n11#WithComments"
+            Nokogiri::XML::XML_C14N_1_1
+          else
+            Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
+        end
+        Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
+      end
+
+      def algorithm(element)
+        algorithm = element
+        if algorithm.is_a?(REXML::Element)
+          algorithm = element.attribute("Algorithm").value
+        end
+
+        algorithm = algorithm && algorithm =~ /(rsa-)?sha(.*?)$/i && $2.to_i
+
+        case algorithm
+        when 256 then OpenSSL::Digest::SHA256
+        when 384 then OpenSSL::Digest::SHA384
+        when 512 then OpenSSL::Digest::SHA512
+        else
+          OpenSSL::Digest::SHA256
+        end
+      end
+
+    end
+
+    class Document < BaseDocument
+      RSA_SHA1        = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+      RSA_SHA256      = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+      RSA_SHA384      = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+      RSA_SHA512      = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+      SHA1            = "http://www.w3.org/2000/09/xmldsig#sha1"
+      SHA256          = 'http://www.w3.org/2001/04/xmlenc#sha256'
+      SHA384          = "http://www.w3.org/2001/04/xmldsig-more#sha384"
+      SHA512          = 'http://www.w3.org/2001/04/xmlenc#sha512'
+      ENVELOPED_SIG   = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
+      INC_PREFIX_LIST = "#default samlp saml2p saml ds xs xsi md"
+
+      attr_accessor :uuid
+
+      def uuid
+        @uuid ||= begin
+          document.root.nil? ? nil : document.root.attributes['ID']
+        end
+      end
+
+      #<Signature>
+        #<SignedInfo>
+          #<CanonicalizationMethod />
+          #<SignatureMethod />
+          #<Reference>
+             #<Transforms>
+             #<DigestMethod>
+             #<DigestValue>
+          #</Reference>
+          #<Reference /> etc.
+        #</SignedInfo>
+        #<SignatureValue />
+        #<KeyInfo />
+        #<Object />
+      #</Signature>
+      def sign_document(private_key, certificate, signature_method = RSA_SHA256, digest_method = SHA256)
+        noko = Nokogiri::XML(self.to_s) do |config|
+          config.options = Spid::XMLSecurityNew::BaseDocument::NOKOGIRI_OPTIONS
+        end
+
+        signature_element = REXML::Element.new("ds:Signature").add_namespace('ds', DSIG)
+        signed_info_element = signature_element.add_element("ds:SignedInfo")
+        signed_info_element.add_element("ds:CanonicalizationMethod", {"Algorithm" => C14N})
+        signed_info_element.add_element("ds:SignatureMethod", {"Algorithm"=>signature_method})
+
+        # Add Reference
+        reference_element = signed_info_element.add_element("ds:Reference", {"URI" => "##{uuid}"})
+
+        # Add Transforms
+        transforms_element = reference_element.add_element("ds:Transforms")
+        transforms_element.add_element("ds:Transform", {"Algorithm" => ENVELOPED_SIG})
+        c14element = transforms_element.add_element("ds:Transform", {"Algorithm" => C14N})
+        c14element.add_element("ec:InclusiveNamespaces", {"xmlns:ec" => C14N, "PrefixList" => INC_PREFIX_LIST})
+
+        digest_method_element = reference_element.add_element("ds:DigestMethod", {"Algorithm" => digest_method})
+        inclusive_namespaces = INC_PREFIX_LIST.split(" ")
+        canon_doc = noko.canonicalize(canon_algorithm(C14N), inclusive_namespaces)
+        #canon_doc = noko.canonicalize(canon_algorithm(C14N))
+        reference_element.add_element("ds:DigestValue").text = compute_digest(canon_doc, algorithm(digest_method_element))
+
+        # add SignatureValue
+        noko_sig_element = Nokogiri::XML(signature_element.to_s) do |config|
+          config.options = Spid::XMLSecurityNew::BaseDocument::NOKOGIRI_OPTIONS
+        end
+
+        noko_signed_info_element = noko_sig_element.at_xpath('//ds:Signature/ds:SignedInfo', 'ds' => DSIG)
+        canon_string = noko_signed_info_element.canonicalize(canon_algorithm(C14N), inclusive_namespaces)
+
+        signature = compute_signature(private_key, algorithm(signature_method).new, canon_string)
+        signature_element.add_element("ds:SignatureValue").text = signature.to_s.gsub(/\n/, "").gsub(/\t/, "")
+
+        # add KeyInfo
+        key_info_element       = signature_element.add_element("ds:KeyInfo")
+        x509_element           = key_info_element.add_element("ds:X509Data")
+        x509_cert_element      = x509_element.add_element("ds:X509Certificate")
+        if certificate.is_a?(String)
+          certificate = OpenSSL::X509::Certificate.new(certificate)
+        end
+        x509_cert_element.text = Base64.encode64(certificate.to_der).to_s.gsub(/\n/, "").gsub(/\t/, "")
+
+        # add the signature
+        sp_sso_descriptor = self.root.elements["md:SPSSODescriptor"]
+        unless sp_sso_descriptor.blank?
+          #inserisco firma nei metadata
+          self.root.insert_before sp_sso_descriptor, signature_element
+        else
+          #inserisco firma nella request
+          saml_issuer = self.root.elements["saml:Issuer"]
+          self.root.insert_after saml_issuer, signature_element
+        end
+        
+
+      end
+
+      protected
+
+      def compute_signature(private_key, signature_algorithm, document)
+        Base64.encode64(private_key.sign(signature_algorithm, document)).to_s.gsub(/\n/, "").gsub(/\t/, "")
+      end
+
+      def compute_digest(document, digest_algorithm)
+        digest = digest_algorithm.digest(document)
+        Base64.encode64(digest).strip!
+      end
+
+    end
+
+    class SignedDocument < BaseDocument
+      include Spid::Saml::ErrorHandling
+
+      attr_accessor :signed_element_id
+
+      def initialize(response, errors = [])
+        super(response)
+        @errors = errors
+      end
+
+      def signed_element_id
+        @signed_element_id ||= extract_signed_element_id
+      end
+
+      def validate_document(idp_cert_fingerprint, soft = true, options = {})
+        # get cert from response
+        cert_element = REXML::XPath.first(
+          self,
+          "//ds:X509Certificate",
+          { "ds"=>DSIG }
+        )
+
+        if cert_element
+          base64_cert = cert_element.text
+          cert_text = Base64.decode64(base64_cert)
+          begin
+            cert = OpenSSL::X509::Certificate.new(cert_text)
+          rescue OpenSSL::X509::CertificateError => e
+            return append_error("Certificate Error", soft)
+          end
+
+          if options[:fingerprint_alg]
+            fingerprint_alg = Spid::XMLSecurityNew::BaseDocument.new.algorithm(options[:fingerprint_alg]).new
+          else
+            fingerprint_alg = OpenSSL::Digest::SHA256.new
+          end
+          fingerprint = fingerprint_alg.hexdigest(cert.to_der)
+
+          # check cert matches registered idp cert
+          if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
+            @errors << "Fingerprint mismatch"
+            return append_error("Fingerprint mismatch", soft)
+          end
+        else
+          if options[:cert]
+            base64_cert = Base64.encode64(options[:cert].to_pem)
+          else
+            if soft
+              return false
+            else
+              return append_error("Certificate element missing in response (ds:X509Certificate) and not cert provided at settings", soft)
+            end
+          end
+        end
+        validate_signature(base64_cert, soft)
+      end
+
+      def validate_signature(base64_cert, soft = true)
+
+        document = Nokogiri::XML(self.to_s) do |config|
+          config.options = Spid::XMLSecurityNew::BaseDocument::NOKOGIRI_OPTIONS
+        end
+
+        # create a rexml document
+        @working_copy ||= REXML::Document.new(self.to_s).root
+
+        # get signature node
+        sig_element = REXML::XPath.first(
+            @working_copy,
+            "//ds:Signature",
+            {"ds"=>DSIG}
+        )
+
+        # signature method
+        sig_alg_value = REXML::XPath.first(
+          sig_element,
+          "./ds:SignedInfo/ds:SignatureMethod",
+          {"ds"=>DSIG}
+        )
+        signature_algorithm = algorithm(sig_alg_value)
+
+        # get signature
+        base64_signature = REXML::XPath.first(
+          sig_element,
+          "./ds:SignatureValue",
+          {"ds" => DSIG}
+        ).text
+        signature = Base64.decode64(base64_signature)
+
+        # canonicalization method
+        canon_algorithm = canon_algorithm REXML::XPath.first(
+          sig_element,
+          './ds:SignedInfo/ds:CanonicalizationMethod',
+          'ds' => DSIG
+        )
+
+        noko_sig_element = document.at_xpath('//ds:Signature', 'ds' => DSIG)
+        noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
+
+        canon_string = noko_signed_info_element.canonicalize(canon_algorithm)
+        noko_sig_element.remove
+
+        # get inclusive namespaces
+        inclusive_namespaces = extract_inclusive_namespaces
+
+        # check digests
+        ref = REXML::XPath.first(sig_element, "//ds:Reference", {"ds"=>DSIG})
+        uri = ref.attributes.get_attribute("URI").value
+
+        hashed_element = document.at_xpath("//*[@ID=$id]", nil, { 'id' => extract_signed_element_id })
+        
+        canon_algorithm = canon_algorithm REXML::XPath.first(
+          ref,
+          '//ds:CanonicalizationMethod',
+          { "ds" => DSIG }
+        )
+        canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
+
+        digest_algorithm = algorithm(REXML::XPath.first(
+          ref,
+          "//ds:DigestMethod",
+          { "ds" => DSIG }
+        ))
+        hash = digest_algorithm.digest(canon_hashed_element)
+        encoded_digest_value = REXML::XPath.first(
+          ref,
+          "//ds:DigestValue",
+          { "ds" => DSIG }
+        ).text
+        digest_value = Base64.decode64(encoded_digest_value)
+
+        unless digests_match?(hash, digest_value)
+          @errors << "Digest mismatch"
+          return append_error("Digest mismatch", soft)
+        end
+
+        # get certificate object
+        cert_text = Base64.decode64(base64_cert)
+        cert = OpenSSL::X509::Certificate.new(cert_text)
+
+        # verify signature
+        unless cert.public_key.verify(signature_algorithm.new, signature, canon_string)
+          return append_error("Key validation error", soft)
+        end
+
+        return true
+      end
+
+      private
+
+      def digests_match?(hash, digest_value)
+        hash == digest_value
+      end
+
+      def extract_signed_element_id
+        reference_element = REXML::XPath.first(
+          self,
+          "//ds:Signature/ds:SignedInfo/ds:Reference",
+          {"ds"=>DSIG}
+        )
+
+        return nil if reference_element.nil?
+
+        sei = reference_element.attribute("URI").value[1..-1]
+        sei.nil? ? reference_element.parent.parent.parent.attribute("ID").value : sei
+      end
+
+      def extract_inclusive_namespaces
+        element = REXML::XPath.first(
+          self,
+          "//ec:InclusiveNamespaces",
+          { "ec" => C14N }
+        )
+        if element
+          prefix_list = element.attributes.get_attribute("PrefixList").value
+          prefix_list.split(" ")
+        else
+          nil
+        end
+      end
+
+    end
+  end
+end

data/lib/spid-es.rb

@@ -1,4 +1,4 @@
-require "xml_security"
+require "spid/xml_security"
 require 'spid/ruby-saml/utils'
 require 'spid/ruby-saml/logging'
 require 'spid/ruby-saml/coding'

data/spid-es.gemspec

@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
 
 Gem::Specification.new do |s|
   s.name = 'spid-es'
-  s.version = '0.0.7'
+  s.version = '0.0.8'
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Fabiano Pavan"]

data/test/response_test.rb

@@ -8,7 +8,7 @@ class RubySamlTest < Test::Unit::TestCase
     end
 
     should "be able to parse a document which contains ampersands" do
-      XMLSecurity::SignedDocument.any_instance.stubs(:digests_match?).returns(true)
+      Spid::XMLSecurity::SignedDocument.any_instance.stubs(:digests_match?).returns(true)
       Spid::Saml::Response.any_instance.stubs(:validate_conditions).returns(true)
 
       response = Spid::Saml::Response.new(ampersands_response)
@@ -101,7 +101,7 @@ class RubySamlTest < Test::Unit::TestCase
         settings = Spid::Saml::Settings.new
         response.settings = settings
         settings.idp_cert_fingerprint = "28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA"
-        XMLSecurity::SignedDocument.any_instance.expects(:validate_doc).returns(true)
+        Spid::XMLSecurity::SignedDocument.any_instance.expects(:validate_doc).returns(true)
         assert response.validate!
       end
 

data/test/xml_security_test.rb

@@ -6,7 +6,7 @@ class XmlSecurityTest < Test::Unit::TestCase
 
   context "XmlSecurity" do
     setup do
-      @document = XMLSecurity::SignedDocument.new(Base64.decode64(response_document))
+      @document = Spid::XMLSecurity::SignedDocument.new(Base64.decode64(response_document))
       @base64cert = @document.elements["//ds:X509Certificate"].text
     end
 
@@ -44,7 +44,7 @@ class XmlSecurityTest < Test::Unit::TestCase
       response = Base64.decode64(response_document)
       response.sub!("<ds:DigestValue>pJQ7MS/ek4KRRWGmv/H43ReHYMs=</ds:DigestValue>",
                     "<ds:DigestValue>b9xsAXLsynugg3Wc1CI3kpWku+0=</ds:DigestValue>")
-      document = XMLSecurity::SignedDocument.new(response)
+      document = Spid::XMLSecurity::SignedDocument.new(response)
       base64cert = document.elements["//ds:X509Certificate"].text
       exception = assert_raise(Spid::Saml::ValidationError) do
         document.validate_doc(base64cert, false)
@@ -55,32 +55,32 @@ class XmlSecurityTest < Test::Unit::TestCase
 
   context "Algorithms" do
     should "validate using SHA1" do
-      @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha1, false))
+      @document = Spid::XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha1, false))
       assert @document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
     end
 
     should "validate using SHA256" do
-      @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha256, false))
+      @document = Spid::XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha256, false))
       assert @document.validate("28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA")
     end
 
     should "validate using SHA384" do
-      @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha384, false))
+      @document = Spid::XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha384, false))
       assert @document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
     end
 
     should "validate using SHA512" do
-      @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha512, false))
+      @document = Spid::XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha512, false))
       assert @document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
     end
   end
   
-  context "XmlSecurity::SignedDocument" do
+  context "Spid::XmlSecurity::SignedDocument" do
     
     context "#extract_inclusive_namespaces" do
       should "support explicit namespace resolution for exclusive canonicalization" do
         response = fixture(:open_saml_response, false)
-        document = XMLSecurity::SignedDocument.new(response)
+        document = Spid::XMLSecurity::SignedDocument.new(response)
         inclusive_namespaces = document.send(:extract_inclusive_namespaces)
         
         assert_equal %w[ xs ], inclusive_namespaces
@@ -88,7 +88,7 @@ class XmlSecurityTest < Test::Unit::TestCase
       
       should "support implicit namespace resolution for exclusive canonicalization" do
         response = fixture(:no_signature_ns, false)
-        document = XMLSecurity::SignedDocument.new(response)
+        document = Spid::XMLSecurity::SignedDocument.new(response)
         inclusive_namespaces = document.send(:extract_inclusive_namespaces)
         
         assert_equal %w[ #default saml ds xs xsi ], inclusive_namespaces
@@ -111,7 +111,7 @@ class XmlSecurityTest < Test::Unit::TestCase
         response = fixture(:no_signature_ns, false)
         response.slice! %r{<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default saml ds xs xsi"/>}
         
-        document = XMLSecurity::SignedDocument.new(response)
+        document = Spid::XMLSecurity::SignedDocument.new(response)
         inclusive_namespaces = document.send(:extract_inclusive_namespaces)
         
         assert inclusive_namespaces.empty?

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid-es
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.0.8
 platform: ruby
 authors:
 - Fabiano Pavan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-17 00:00:00.000000000 Z
+date: 2017-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: canonix
@@ -102,8 +102,8 @@ files:
 - lib/spid/ruby-saml/utils.rb
 - lib/spid/ruby-saml/validation_error.rb
 - lib/spid/ruby-saml/version.rb
-- lib/xml_security.rb
-- lib/xml_security_new.rb
+- lib/spid/xml_security.rb
+- lib/spid/xml_security_new.rb
 - spid-es.gemspec
 - test/certificates/certificate1
 - test/logoutrequest_test.rb