wss4r 0.5

data/lib/wss4r/rpc/router.rb

@@ -0,0 +1,46 @@
+class SOAP::RPC::Router
+  def unmarshal(conn_data)
+    opt = {}
+    opt[:security] = @security
+    contenttype = conn_data.receive_contenttype
+    if /#{MIMEMessage::MultipartContentType}/i =~ contenttype
+      opt[:external_content] = {}
+      mime = MIMEMessage.parse("Content-Type: " + contenttype, conn_data.receive_string)
+      mime.parts.each do |part|
+        value = Attachment.new(part.content)
+        value.contentid = part.contentid
+        obj = SOAPAttachment.new(value)
+        opt[:external_content][value.contentid] = obj if value.contentid
+      end
+      opt[:charset] =  StreamHandler.parse_media_type(mime.root.headers['content-type'].str)
+      env = Processor.unmarshal(mime.root.content, opt)
+    else
+      opt[:charset] = ::SOAP::StreamHandler.parse_media_type(contenttype)
+      env = Processor.unmarshal(conn_data.receive_string, opt)
+    end
+    charset = opt[:charset]
+    conn_data.send_contenttype = "text/xml; charset=\"#{charset}\""
+    env
+  end
+
+  def marshal(conn_data, env, default_encodingstyle = nil)
+    opt = {}
+    opt[:security] = @security
+    opt[:external_content] = nil
+    opt[:default_encodingstyle] = default_encodingstyle
+    opt[:generate_explicit_type] = @generate_explicit_type
+    response_string = Processor.marshal(env, opt)
+    conn_data.send_string = response_string
+    if ext = opt[:external_content]
+      mimeize(conn_data, ext)
+    end
+    conn_data
+  end
+					
+  def security()
+    if (@security == nil)
+      @security = Security.new()
+    end
+    @security
+  end 
+end

data/lib/wss4r/rpc/wssdriver.rb

@@ -0,0 +1,19 @@
+require "soap/rpc/driver"
+require "soap/soap"
+require "soap/processor"
+require "wss4r/security/security"
+require "wss4r/soap/processor"
+require "wss4r/rpc/proxy"
+require "wss4r/rpc/router"
+
+include SOAP
+
+module SOAP
+   module RPC
+      class Driver 
+         def security()
+            @proxy.security()
+         end  
+      end
+   end
+end

data/lib/wss4r/security/crypto/certificate.rb

@@ -0,0 +1,21 @@
+module OpenSSL
+module X509
+	
+class Certificate
+   def key_identifier()
+		ext = extensions.find {|e| e.oid == 'subjectKeyIdentifier' }
+		key_identifier = Base64.encode64(ext.to_der()[11..30])
+		return key_identifier.gsub("\n","")
+   end
+	
+   def filename()
+      return @filename
+   end
+	
+   def filename=(filename)
+      @filename = filename
+   end
+end
+
+end
+end

data/lib/wss4r/security/crypto/cipher.rb

@@ -0,0 +1,161 @@
+module WSS4R
+  module Security
+    module Crypto
+	
+      class SymmetricEncrypter
+        def initialize(algorithm, key = nil, iv = nil)
+          @cipher = Cipher.new(algorithm)
+          @algorithm = algorithm
+          if (iv == nil)
+            @iv = @cipher.random_iv()
+          else
+            @iv = iv
+          end
+          if (key == nil)
+            @key = @cipher.random_key()
+          else
+            @key = key
+          end
+        end
+   
+        def encrypt_to_b64(text)
+          @cipher.encrypt(@key, @iv)
+          @cipher.key = @key
+          cipher = @cipher.update(text)
+          cipher << @cipher.final()
+          Base64.encode64(cipher)
+        end
+   
+        def decrypt(text)
+          @cipher.decrypt(@key, @iv)
+          @cipher.key = @key
+          @cipher.iv = @iv
+          cipher = @cipher.update(text[8..-1])
+          cipher << @cipher.final()
+          cipher    
+        end
+   
+        def iv()
+          @iv
+        end
+	
+        def key()
+          @key
+        end
+	
+        def key=(key)
+          @key
+        end
+	
+        def iv_b64()
+          Base64.encode64(@iv)
+        end
+   
+        def key_b64()
+          Base64.encode64(@key)
+        end
+      end
+
+      class TripleDESSymmetricEncrypter < SymmetricEncrypter
+        def initialize(key = nil, iv = nil)
+          @cipher = Cipher.new("DES-EDE3-CBC")
+          if (iv == nil)
+            @iv = @cipher.random_iv()
+          else
+            @iv = iv
+          end
+          if (key == nil)
+            @key = @cipher.random_key()
+          else
+            @key = key
+          end
+        end
+   
+        def decrypt(text)
+          @cipher.decrypt(@key, @iv)
+          @cipher.key = @key
+          @cipher.iv = @iv
+          cipher = @cipher.update(text[8..-1])
+          cipher << @cipher.final()
+          cipher    
+        end
+   
+        def algorithm()
+          Types::ALGORITHM_3DES_CBC
+        end
+	
+        def iv=(text_iv)
+          @iv = text_iv[0..7]
+        end
+      end
+
+      class AESSymmetricEncrypter < SymmetricEncrypter
+        def initialize(key = nil, iv = nil)
+          @cipher = Cipher.new(self.cipher_name)
+          if (iv == nil)
+            @iv = @cipher.random_iv()
+          else
+            @iv = iv
+          end
+          if (key == nil)
+            @key = @cipher.random_key()
+          else
+            @key = key
+          end
+        end
+   
+        def decrypt(text)
+          @cipher.decrypt(@key, @iv)
+          @cipher.key = @key
+          @cipher.iv = @iv
+          cipher = @cipher.update(text[16..-1])
+          cipher << @cipher.final()
+          cipher    
+        end
+   
+        def algorithm()
+          Types::ALGORITHM_AES_CBC
+        end
+        
+        def cipher_name()
+          "AES-256-CBC"
+        end
+         
+        def iv=(text_iv)
+          @iv = text_iv[0..15]
+        end
+      end
+
+      class AES128SymmetricEncrypter < AESSymmetricEncrypter
+        def initialize(key = nil, iv = nil)
+          super(key, iv)
+        end
+        
+        def algorithm()
+          Types::ALGORITHM_AES128_CBC
+        end
+        
+        def cipher_name()
+          "AES-128-CBC"
+        end
+      end
+
+      class AsymmetricEncrypter
+        def initialize(filename)
+          @private_key = RSA.new(File.read(filename))
+        end
+   
+        def decrypt_symmetrickey_from_b64(text)
+          ciphertext  = @private_rsa_key.private_decrypt(text)
+          iv = ciphertext[0..7]
+          key = ciphertext[8..-1]
+          symmetric_key = Cipher.new(@symmetric_algorithm)
+          symmetric_key.decrypt(key, iv)
+          symmetric_key.key = key
+          symmetric_key
+        end
+      end
+
+    end #Crypto
+  end #Security
+end #WSS4R

data/lib/wss4r/security/crypto/hash.rb

@@ -0,0 +1,35 @@
+require "openssl"
+include OpenSSL
+include OpenSSL::Digest
+
+
+module WSS4R
+  module Security
+    module Crypto
+
+      class CryptHash
+
+	def initialize(type = "SHA1")
+          @digest = SHA1.new() if (type == "SHA1")
+          @digest = MD5.new()  if (type == "MD5")
+	end
+	
+	def digest(value)
+          @digest.update(value)
+          return @digest.digest()
+	end
+	
+	def digest_b64(value)
+          digest = self.digest(value)
+          return Base64.encode64(digest)
+	end
+	
+	def to_s()
+          return @digest.to_s()
+	end
+      end
+
+    end
+  end
+end
+

data/lib/wss4r/security/exceptions/exceptions.rb

@@ -0,0 +1,62 @@
+module WSS4R
+  module Security
+    module Exceptions
+
+      class FaultString
+	attr_reader :data
+	def initialize(data)
+          @data = data
+	end
+      end
+		
+      class WSS4RFault < SOAP::FaultError
+	attr_accessor :faultcode, :faultstring, :faultactor, :detail 
+	
+	def initialize(faultcode,faultstring,faultactor,detail)
+          @faultcode = faultcode
+          @faultstring = FaultString.new(faultstring)
+          @faultactor = faultactor
+          @detail = detail
+	end
+      end
+
+      class VerificationFault < WSS4RFault
+	def initialize()
+          @faultcode = "100"
+          @faultstring = FaultString.new("Signature not valid!")
+          @faultactor = "test"
+          @detail = "Signature verification failed."
+	end	
+      end
+
+      class TimestampFault < WSS4RFault
+	def initialize()
+          @faultcode = "101"
+          @faultstring = FaultString.new("Timestamp not valid")
+          @faultactor = "test"
+          @detail = "Timestamp verification failed."
+	end
+      end
+
+      class UsernameTokenFault < WSS4RFault
+  	def initialize()
+          @faultcode = "102"
+          @faultstring = FaultString.new("UsernameToken not valid")
+          @faultactor = "test"
+          @detail = "UsernameToken verification failed."
+	end
+      end
+      
+      class NoSecurityFault < WSS4RFault
+  	def initialize()
+          @faultcode = "103"
+          @faultstring = FaultString.new("No security token received.")
+          @faultactor = "test"
+          @detail = "No security token received."
+	end
+      end
+
+    end #WSS4R
+  end #Security
+end #Exceptions
+

data/lib/wss4r/security/resolver.rb

@@ -0,0 +1,23 @@
+class Resolver < Array
+  def authenticate_user(usernametoken)
+    self.each{|r|
+      success = r.authenticate_user(usernametoken)
+      return true if (success)
+    }
+    false
+  end
+  def private_key(certificate)
+    self.each{|r|
+      key = r.private_key(certificate)
+      return key if (key)
+    }
+    nil
+  end
+  def certificate_by_subject(subject)
+    self.each{|r|
+      certificate = r.certificate_by_subject(subject)
+      return certificate if (certificate)
+    }
+    nil
+  end
+end

data/lib/wss4r/security/security.rb

@@ -0,0 +1,148 @@
+require "wss4r/security/xml/encrypted_key"
+require "wss4r/security/xml/signature"
+require "wss4r/security/xml/tokentypes"
+require "wss4r/security/xml/encrypted_data"
+require "wss4r/security/xml/reference_list"
+require "wss4r/security/xml/security"
+require "wss4r/security/xml/signed_info"
+require "wss4r/security/xml/key_info"
+require "wss4r/security/xml/signature_value"
+require "wss4r/security/xml/reference"
+require "wss4r/security/xml/timestamp"
+
+require "wss4r/security/crypto/certificate"
+require "wss4r/security/crypto/cipher"
+require "wss4r/security/crypto/hash"
+
+require "wss4r/security/util/transformer_factory"
+require "wss4r/security/util/reference_elements"
+require "wss4r/security/util/xmlcanonicalizer"
+require "wss4r/security/util/namespaces"
+require "wss4r/security/util/xmlutils"
+require "wss4r/security/util/names"
+require "wss4r/security/util/types"
+require "wss4r/security/util/soap_parser"
+require "wss4r/security/exceptions/exceptions"
+
+require "wss4r/config/config"
+require "wss4r/security/resolver"
+
+require "time"
+require "base64"
+require "rexml/document"
+
+require "soap/rpc/driver"
+include SOAP
+
+include OpenSSL
+include OpenSSL::X509
+include OpenSSL::Digest
+include OpenSSL::Cipher
+include OpenSSL::PKey
+
+include WSS4R::Security::Xml
+include WSS4R::Security::Util
+include WSS4R::Security::Crypto
+include WSS4R::Security::Exceptions
+
+
+module WSS4R
+  module Security
+    
+    class Security
+      attr_reader :tokens
+		 
+      @@resolver = Resolver.new()
+		 
+      def initialize()
+        @tokens = Array.new()
+      end
+		
+      def add_security_token(token)
+        @tokens.push(token)
+      end
+      
+      def add_security_resolver(resolver)
+        @@resolver.push(resolver)
+      end 
+      
+      def clear_resolver!()
+        @@resolver.clear()
+      end
+      
+      def clear_tokens!()
+        @tokens.clear()
+      end
+      
+      def resolver()
+        @@resolver
+      end
+			
+      def process_document_marshal(document)
+        return if (@tokens.size() == 0)
+        SOAPParser.document=(document)
+        
+        document.root.add_namespace("xmlns:wsu", Namespaces::WSU)
+        document.root.add_namespace("xmlns:wsse", Namespaces::WSSE)
+        document.root.add_namespace("xmlns:wsa", Namespaces::WSA)
+        document.root.add_namespace("xmlns:xenc", Namespaces::XENCD)
+        document.root.add_namespace("xmlns:xsd", Namespaces::XSD)
+        document.root.add_namespace("xmlns:xsi", Namespaces::XSI)
+        root = document.root()
+        soap_prefix = nil
+        soap_ns=nil
+        root.attributes.each_attribute() {|attr|
+          if (attr.value() == Namespaces::S11)
+            soap_prefix = attr.name()
+            soap_ns = Namespaces::S11
+          end
+          if (attr.value() == Namespaces::S12)
+            soap_prefix = attr.name()
+            soap_ns = Namespaces::S12
+          end
+        }
+        SOAPParser::soap_ns=(soap_ns)
+        SOAPParser::soap_prefix=(soap_prefix)
+
+        soap_body = XPath.first(document, "/env:Envelope/env:Body", {SOAPParser::soap_prefix => SOAPParser::soap_ns})
+		  
+        #soap_body = XPath.first(document, soap_prefix+":Envelope/"+soap_prefix+":Body")
+        #soap_body = SOAPParser.part(SOAPParser::BODY)
+        return if !soap_body 
+        root.delete_element(soap_body)
+        soap_header = SOAPParser.part(SOAPParser::HEADER)
+        if (soap_header == nil) 
+          soap_header = root.add_element(Names::HEADER)
+        end
+        root.add_element(soap_body)
+        security = WSS4R::Security::Xml::Security.new()
+
+        security.process(document)
+
+        @tokens.each{|token|
+          token.process(document)
+        }
+        ####Sort
+        security = XPath.first(root, "/env:Envelope/env:Header/wsse:Security")#, {SOAPParser::soap_prefix=>SOAPParser::soap_ns})
+        timestamp = XPath.first(security, "wsu:Timestamp")
+        @t = timestamp
+        @s = security
+        children = security.children()
+        children.each{|child|
+          security.delete(child)
+        }
+        children.delete(timestamp)
+        security.add_element(timestamp)
+        children.each{|child|
+          security.add_element(child)
+        }
+      end
+      
+      def process_document_unmarshal(document)
+        security = WSS4R::Security::Xml::Security.new()
+        security.unprocess(document)
+      end
+    end
+    
+  end #Security
+end #WSS4R