xml-kit 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3a289752cbc49e2c74959f38b5b104ecbd02b4b8
-  data.tar.gz: 1475f47273a9d9483645c629517b3bf087f686c9
+  metadata.gz: 49fff640520abeb3b244774d156af6e18ee85928
+  data.tar.gz: 92f26fb96366f6a9b8991fa4806f40edeff2d11a
 SHA512:
-  metadata.gz: 0576d38d7792ee436cfe335809516219730d817d5fc0a0d605affc897861e248ea07cc8ffe7e5312b77f2f1a85dd87b034a6d06e05a2b4c4f82afd8a655d8e0c
-  data.tar.gz: f7c764c6ff671e16b4992d0bea126819238ae766368d5c8b6215ca2cecbaa30890a5fad7ee2ba802be74de4f29bcfe63476cc6c0520a390c4c36bcf205a6e269
+  metadata.gz: 000cccaa63a068e24acaa203dfeb80bcd3704f214be8812bb84feacb3d584e920eef7bd1a17d317e6049055a991f9d3c589cf505b4cf9574969a2ed179e19ad7
+  data.tar.gz: 516d4b2f71e2e9e6bd70d09be1f217234d0d10f5649a73ee97ae5100b32b34af24f42e52705465de3047a0d565c9a61f83c117fb1dfe0dc4149e1ff47413c10c

data/README.md

@@ -1,8 +1,8 @@
 # Xml::Kit
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/xml/kit`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+Xml::Kit is a toolkit for working with XML. It supports adding [XML
+Digital Signatures](https://www.w3.org/TR/xmldsig-core/)
+and [XML Encryption](https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html).
 
 ## Installation
 
@@ -22,7 +22,97 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+```builder
+# ./templates/item.builder
+xml.instruct!
+xml.Item ID: id do
+  signature_for reference_id: id, xml: xml
+  xml.Encrypted do
+    encryption_for xml: xml do |encrypted_xml|
+      encrypted_xml.EncryptMe do
+        encrypted_xml.Secret "secret"
+      end
+    end
+  end
+end
+```
+
+```ruby
+require 'xml/kit'
+
+class Item
+  include ::Xml::Kit::Templatable
+
+  def initialize
+    @id = ::Xml::Kit::Id.generate
+    @signing_key_pair = ::Xml::Kit::KeyPair.generate(use: :signing)
+    @embed_signature = true
+    @encrypt = true
+    @encryption_certificate = ::Xml::Kit::KeyPair.generate(use: :encryption).certificate
+  end
+
+  def template_path
+    current_path = File.expand_path(File.dirname(__FILE__))
+    File.join(current_path, "./templates/item.builder")
+  end
+end
+
+puts Item.new.to_xml
+```
+
+This will produce something like the following:
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<Item ID="_de3f6209-f842-400f-b1f7-85159aa90299">
+  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+    <SignedInfo>
+      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <Reference URI="#_de3f6209-f842-400f-b1f7-85159aa90299">
+        <Transforms>
+          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+        </Transforms>
+        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <DigestValue>3cH13yM8oR0sgWbhAx0mo536KMJDkVBynbPo7ehwJPE=</DigestValue>
+      </Reference>
+    </SignedInfo>
+    <SignatureValue>ZCSx4dad704jz0Z6rCMsnOs/oyVH3YBeEF9wtk2UFmWBW+VfhoBKw7N50GnzmAGCHyI6zajRPdff5i6UMDz3fOzh7rlROnqW0TXoG77xPiIfqJswCKE/4LzzBLrEHVbdUz90U8n0M1Ahbesrt+pbf/NkJghpvDhJW+w6oho7dyU6k57C5D//kTaSb7DvKte3a7/o8xWvPRztQhYekK+RyWjK9k/lU4WEXk5rGbx+QrD9rgIXBQOdcSjOtUosZJADz7uFod6AWRak246U62Xahz8JxE/1N22LhZY9whvB7s+c76f1Uv44NtF87D0P8UXs0TVx2jsnhEwLsT7DPQ6jDg==</SignatureValue>
+    <KeyInfo>
+      <X509Data>
+        <X509Certificate>MIIDQTCCAimgAwIBAgIBADANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHQWxiZXJ0YTEQMA4GA1UEBwwHQ2FsZ2FyeTEPMA0GA1UECgwGWG1sS2l0MQ8wDQYDVQQLDAZYbWxLaXQxDzANBgNVBAMMBlhtbEtpdDAeFw0xNzEyMzAxOTM1MjZaFw0xODAxMjkwNzAwMDBaMGQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdBbGJlcnRhMRAwDgYDVQQHDAdDYWxnYXJ5MQ8wDQYDVQQKDAZYbWxLaXQxDzANBgNVBAsMBlhtbEtpdDEPMA0GA1UEAwwGWG1sS2l0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8yvaY1zvqiSTpDc0vFgS00N0R05ytanViNy0YrcAvLH2njvLOYi8e5lWAjCUzoWTe6FMJQySIHuzr9NvZztlQBp5tydmxDsOFQ3DrBhiqtyafdCd5s8OQz1CekavgToTOm5VdZEWLD7HSCFvHXeuiS/zwEh4yYpJBAERtsSaYxT7L1wNggxc6F6UEfF1vwrGxMNH/OUi4okeS773esXeRlP5fHyMUvVC70KHauSYt/kjNR8/WuZBOY8/kFv3XiErf0PNSAYhyGHozabv8hJ2Bho0+HR12P6Xv+qKXFlDnMeAOHy23eShuUpCEBaEPAG4o8w4g/lrn0nJ+e9XrYaNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWybi6buMD75KBCcyd5aRtSKavYoDaZlzuohKh4z1HEzHS/fbpbxVQOrfXtuawZjNxcn62LFIe/w68EImzYkAss8LKojRcaKnIeF1/3Pzo6qfnmFpaecfYvX3ZTtw9JPOd4chy2X2WFAUMRscjSvjNvTBzFOXg60F0UMDnWOWMbc5Di/aZD8r2s/RDE3QxcUou8QhBMc2nYw77mQsXBnWmBeUA2aGP
+8OG/fOgtBKkZnNF8gx7wuodbYSmKAfFGx8+CGtnkwNr4/hXgd1qg5KmsAx+9VYozCjGKSkVUIqC5khy6N+1Pb5jMKrMQ+QU9zGhylWoJ2jiK65hzUUVUESIB</X509Certificate>
+      </X509Data>
+    </KeyInfo>
+  </Signature>
+  <Encrypted>
+    <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#">
+      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+        <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+          <CipherData>
+            <CipherValue>rBJwm+gmL6eUHBZDXs2swIL3DiZ+MfmBPpM52eF0RWFtZv/gutY02KlsFLlm
+jc+DO7X5p9l1Br67FjGJrTdfSSqHf35cS1cioyaKLtgniSrD7Hf9d8qIuWt5
+6dLWjmCi21cePMJHhNiFe5yRjFHNp5LZ9dX5hvNXjbn0+p90fj8zlO2TWZv9
+atooON3BaYGCezZlmG0bWyEmloqKHiGjqaKtkdeSKJDzoo/AvubDEgz56rin
+Cpw26rEOg8BBd/KNfSXyDUifOOzXmn6myq+8+W/FFQ+6y+5SgtsbONRCqe2c
+KkNi3fYhilwLxWCaXFjONimEOkeG03yR5QnWhzEOpw==
+</CipherValue>
+          </CipherData>
+        </EncryptedKey>
+      </KeyInfo>
+      <CipherData>
+        <CipherValue>45rM0phzM/S/vpiq8Ev+uQZ6WL5qZ8av0UDVzWAlHn6Qr7zWYjHea+NF94lK
+pvmTPWQDEnfv2UW8l0VdCLc+51zHjluRE/xJh31Gk3rVuRJtLioSge/N9UM4
+5g901rE9
+</CipherValue>
+      </CipherData>
+    </EncryptedData>
+  </Encrypted>
+</Item>
+```
 
 ## Development
 

data/lib/xml/kit.rb

@@ -1,5 +1,6 @@
 require "active_model"
 require "active_support/core_ext/numeric/time"
+require "active_support/deprecation"
 require "base64"
 require "builder"
 require "logger"
@@ -10,16 +11,16 @@ require "xmldsig"
 
 require "xml/kit/namespaces"
 
-require "xml/kit/builders/encryption"
-require "xml/kit/builders/signature"
 require "xml/kit/certificate"
 require "xml/kit/crypto"
 require "xml/kit/decryption"
 require "xml/kit/document"
+require "xml/kit/encryption"
 require "xml/kit/fingerprint"
 require "xml/kit/id"
 require "xml/kit/key_pair"
 require "xml/kit/self_signed_certificate"
+require "xml/kit/signature"
 require "xml/kit/signatures"
 require "xml/kit/templatable"
 require "xml/kit/template"
@@ -35,6 +36,11 @@ module Xml
       def logger=(logger)
         @logger = logger
       end
+
+      def deprecate(message)
+        @deprecation ||= ActiveSupport::Deprecation.new('1.0.0', 'xml-kit')
+        @deprecation.deprecation_warning(message)
+      end
     end
   end
 end

data/lib/xml/kit/crypto.rb

@@ -1,16 +1,16 @@
 require 'xml/kit/crypto/oaep_cipher'
 require 'xml/kit/crypto/rsa_cipher'
-require 'xml/kit/crypto/simple_cipher'
+require 'xml/kit/crypto/symmetric_cipher'
 require 'xml/kit/crypto/unknown_cipher'
 
 module Xml
   module Kit
     module Crypto
-      DECRYPTORS = [ SimpleCipher, RsaCipher, OaepCipher, UnknownCipher ]
+      CIPHERS = [ SymmetricCipher, RsaCipher, OaepCipher, UnknownCipher ]
 
       # @!visibility private
-      def self.decryptor_for(algorithm, key)
-        DECRYPTORS.find { |x| x.matches?(algorithm) }.new(algorithm, key)
+      def self.cipher_for(algorithm, key)
+        CIPHERS.find { |x| x.matches?(algorithm) }.new(algorithm, key)
       end
     end
   end

data/lib/xml/kit/crypto/oaep_cipher.rb

@@ -13,8 +13,18 @@ module Xml
           ALGORITHMS[algorithm]
         end
 
+        def encrypt(plain_text)
+          @key.public_encrypt(plain_text, padding)
+        end
+
         def decrypt(cipher_text)
-          @key.private_decrypt(cipher_text, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+          @key.private_decrypt(cipher_text, padding)
+        end
+
+        private
+
+        def padding
+          OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
         end
       end
     end

data/lib/xml/kit/crypto/rsa_cipher.rb

@@ -2,16 +2,18 @@ module Xml
   module Kit
     module Crypto
       class RsaCipher
-        ALGORITHMS = {
-          'http://www.w3.org/2001/04/xmlenc#rsa-1_5' => true,
-        }
+        ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-1_5"
 
         def initialize(algorithm, key)
           @key = key
         end
 
         def self.matches?(algorithm)
-          ALGORITHMS[algorithm]
+          ALGORITHM == algorithm
+        end
+
+        def encrypt(plain_text)
+          @key.public_encrypt(plain_text)
         end
 
         def decrypt(cipher_text)

data/lib/xml/kit/crypto/symmetric_cipher.rb

@@ -0,0 +1,48 @@
+module Xml
+  module Kit
+    module Crypto
+      class SymmetricCipher
+        DEFAULT_ALGORITHM="#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc"
+        ALGORITHMS = {
+          "#{::Xml::Kit::Namespaces::XMLENC}tripledes-cbc" => "DES-EDE3-CBC",
+          "#{::Xml::Kit::Namespaces::XMLENC}aes128-cbc" => "AES-128-CBC",
+          "#{::Xml::Kit::Namespaces::XMLENC}aes192-cbc" => "AES-192-CBC",
+          "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc" => "AES-256-CBC",
+        }
+
+        attr_reader :key
+
+        def initialize(algorithm, key = nil)
+          @algorithm = algorithm
+          @key = key || cipher.random_key
+        end
+
+        def self.matches?(algorithm)
+          ALGORITHMS[algorithm]
+        end
+
+        def encrypt(plain_text)
+          cipher.encrypt
+          cipher.key = @key
+          cipher.random_iv + cipher.update(plain_text) + cipher.final
+        end
+
+        def decrypt(cipher_text)
+          cipher.decrypt
+          iv = cipher_text[0..cipher.iv_len-1]
+          data = cipher_text[cipher.iv_len..-1]
+          #cipher.padding = 0
+          cipher.key = @key
+          cipher.iv = iv
+          cipher.update(data) + cipher.final
+        end
+
+        private
+
+        def cipher
+          @cipher ||= OpenSSL::Cipher.new(ALGORITHMS[@algorithm])
+        end
+      end
+    end
+  end
+end

data/lib/xml/kit/decryption.rb

@@ -13,7 +13,22 @@ module Xml
       #
       # @param data [Hash] the XML document converted to a [Hash] using Hash.from_xml.
       def decrypt(data)
-        encrypted_data = data['EncryptedData']
+        ::Xml::Kit.deprecate("decrypt is deprecated. Use decrypt_xml or decrypt_hash instead.")
+        decrypt_hash(data)
+      end
+
+      # Decrypts an EncryptedData section of an XML document.
+      #
+      # @param raw_xml [String] the XML document as a string.
+      def decrypt_xml(raw_xml)
+        decrypt_hash(Hash.from_xml(raw_xml))
+      end
+
+      # Decrypts an EncryptedData section of an XML document.
+      #
+      # @param data [Hash] the XML document converted to a [Hash] using Hash.from_xml.
+      def decrypt_hash(hash)
+        encrypted_data = hash['EncryptedData']
         symmetric_key = symmetric_key_from(encrypted_data)
         cipher_text = Base64.decode64(encrypted_data["CipherData"]["CipherValue"])
         to_plaintext(cipher_text, symmetric_key, encrypted_data["EncryptionMethod"]['Algorithm'])
@@ -37,7 +52,7 @@ module Xml
       end
 
       def to_plaintext(cipher_text, symmetric_key, algorithm)
-        Crypto.decryptor_for(algorithm, symmetric_key).decrypt(cipher_text)
+        Crypto.cipher_for(algorithm, symmetric_key).decrypt(cipher_text)
       end
     end
   end

data/lib/xml/kit/encryption.rb

@@ -0,0 +1,35 @@
+module Xml
+  module Kit
+    class Encryption
+      attr_reader :asymmetric_algorithm
+      attr_reader :asymmetric_cipher_value
+      attr_reader :symmetric_algorithm
+      attr_reader :symmetric_cipher_value
+
+      def initialize(
+        raw_xml,
+        public_key,
+        symmetric_algorithm: ::Xml::Kit::Crypto::SymmetricCipher::DEFAULT_ALGORITHM,
+        asymmetric_algorithm: ::Xml::Kit::Crypto::RsaCipher::ALGORITHM
+      )
+        @symmetric_algorithm = symmetric_algorithm
+        @symmetric_cipher_value = Base64.encode64(symmetric_cipher.encrypt(raw_xml))
+
+        @asymmetric_algorithm = asymmetric_algorithm
+        @asymmetric_cipher_value = Base64.encode64(public_key.public_encrypt(symmetric_cipher.key))
+      end
+
+      def to_xml(xml: ::Builder::XmlMarkup.new)
+        ::Xml::Kit::Template.new(self).to_xml(xml: xml)
+      end
+
+      private
+
+      def symmetric_cipher
+        @symmetric_cipher ||= ::Xml::Kit::Crypto::SymmetricCipher.new(
+          symmetric_algorithm
+        )
+      end
+    end
+  end
+end

data/lib/xml/kit/id.rb

@@ -1,7 +1,7 @@
 module Xml
   module Kit
     # This class is used primary for generating ID.
-    #https://www.w3.org/2001/XMLSchema.xsd
+    # https://www.w3.org/2001/XMLSchema.xsd
     class Id
       # Generate an ID that conforms to the XML Schema.
       # https://www.w3.org/2001/XMLSchema.xsd

data/lib/xml/kit/key_pair.rb

@@ -16,12 +16,18 @@ module Xml
         @use == use
       end
 
+      def public_key
+        certificate.public_key
+      end
+
       # Returns a generated self signed certificate with private key.
       #
       # @param use [Symbol] Can be either `:signing` or `:encryption`.
       # @param passphrase [String] the passphrase to use to encrypt the private key.
-      def self.generate(use:, passphrase: SecureRandom.uuid)
-        certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new(passphrase).create
+      # @param algorithm [String] the symmetric algorithm to use for encrypting the private key.
+      def self.generate(use:, passphrase: SecureRandom.uuid, algorithm: ::Xml::Kit::Crypto::SymmetricCipher::DEFAULT_ALGORITHM)
+        algorithm = ::Xml::Kit::Crypto::SymmetricCipher::ALGORITHMS[algorithm]
+        certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new(passphrase).create(algorithm)
         new(certificate, private_key, passphrase, use)
       end
     end

data/lib/xml/kit/namespaces.rb

@@ -1,6 +1,7 @@
 module Xml
   module Kit
     module Namespaces
+      CANONICALIZATION = "http://www.w3.org/2001/10/xml-exc-c14n#"
       ENVELOPED_SIG = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
       RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
       RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

data/lib/xml/kit/self_signed_certificate.rb

@@ -7,20 +7,19 @@ module Xml
         @passphrase = passphrase
       end
 
-      def create
+      def create(algorithm = 'AES-256-CBC')
         rsa_key = OpenSSL::PKey::RSA.new(2048)
-        public_key = rsa_key.public_key
         certificate = OpenSSL::X509::Certificate.new
         certificate.subject = certificate.issuer = OpenSSL::X509::Name.parse(SUBJECT)
         certificate.not_before = Time.now.to_i
         certificate.not_after = (Date.today + 30).to_time.to_i
-        certificate.public_key = public_key
+        certificate.public_key = rsa_key.public_key
         certificate.serial = 0x0
         certificate.version = 2
         certificate.sign(rsa_key, OpenSSL::Digest::SHA256.new)
         [
           certificate.to_pem,
-          rsa_key.to_pem(OpenSSL::Cipher.new('AES-256-CBC'), @passphrase)
+          rsa_key.to_pem(OpenSSL::Cipher.new(algorithm), @passphrase)
         ]
       end
     end

data/lib/xml/kit/signature.rb

@@ -0,0 +1,36 @@
+module Xml
+  module Kit
+    class Signature
+      SIGNATURE_METHODS = {
+        SHA1: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
+        SHA224: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224",
+        SHA256: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
+        SHA384: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384",
+        SHA512: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
+      }.freeze
+      DIGEST_METHODS = {
+        SHA1: "http://www.w3.org/2000/09/xmldsig#SHA1",
+        SHA224: "http://www.w3.org/2001/04/xmldsig-more#sha224",
+        SHA256: "http://www.w3.org/2001/04/xmlenc#sha256",
+        SHA384: "http://www.w3.org/2001/04/xmldsig-more#sha384",
+        SHA512: "http://www.w3.org/2001/04/xmlenc#sha512",
+      }.freeze
+
+      attr_reader :certificate
+      attr_reader :digest_method
+      attr_reader :reference_id
+      attr_reader :signature_method
+
+      def initialize(reference_id, signature_method: :SH256, digest_method: :SHA256, certificate:)
+        @certificate = certificate
+        @digest_method = DIGEST_METHODS[digest_method]
+        @reference_id = reference_id
+        @signature_method = SIGNATURE_METHODS[signature_method]
+      end
+
+      def to_xml(xml: ::Builder::XmlMarkup.new)
+        ::Xml::Kit::Template.new(self).to_xml(xml: xml)
+      end
+    end
+  end
+end

data/lib/xml/kit/signatures.rb

@@ -20,7 +20,7 @@ module Xml
       def build(reference_id)
         return nil if key_pair.nil?
 
-        ::Xml::Kit::Builders::Signature.new(
+        ::Xml::Kit::Signature.new(
           reference_id,
           certificate: key_pair.certificate,
           signature_method: signature_method,

data/lib/xml/kit/templatable.rb

@@ -24,12 +24,10 @@ module Xml
         if encrypt?
           temp = ::Builder::XmlMarkup.new
           yield temp
-          signed_xml = signatures.complete(temp.target!)
-          xml_encryption = ::Xml::Kit::Builders::Encryption.new(
-            signed_xml,
+          ::Xml::Kit::Encryption.new(
+            signatures.complete(temp.target!),
             encryption_certificate.public_key
-          )
-          render(xml_encryption, xml: xml)
+          ).to_xml(xml: xml)
         else
           yield xml
         end
@@ -41,7 +39,7 @@ module Xml
 
       def signature_for(reference_id:, xml:)
         return unless sign?
-        render(signatures.build(reference_id), xml: xml)
+        signatures.build(reference_id).to_xml(xml: xml)
       end
 
       # Allows you to specify which key pair to use for generating an XML digital signature.

data/lib/xml/kit/template.rb

@@ -21,7 +21,7 @@ module Xml
 
         root_path = File.expand_path(File.dirname(__FILE__))
         template_name = "#{target.class.name.split("::").last.underscore}.builder"
-        File.join(root_path, "builders/templates/", template_name)
+        File.join(root_path, "templates/", template_name)
       end
 
       def template

data/lib/xml/kit/templates/encryption.builder

@@ -0,0 +1,14 @@
+xml.EncryptedData xmlns: ::Xml::Kit::Namespaces::XMLENC do
+  xml.EncryptionMethod Algorithm: symmetric_algorithm
+  xml.KeyInfo xmlns: ::Xml::Kit::Namespaces::XMLDSIG do
+    xml.EncryptedKey xmlns: ::Xml::Kit::Namespaces::XMLENC do
+      xml.EncryptionMethod Algorithm: asymmetric_algorithm
+      xml.CipherData do
+        xml.CipherValue asymmetric_cipher_value
+      end
+    end
+  end
+  xml.CipherData do
+    xml.CipherValue symmetric_cipher_value
+  end
+end

data/lib/xml/kit/{builders/templates → templates}/signature.builder

@@ -1,11 +1,11 @@
 xml.Signature "xmlns" => ::Xml::Kit::Namespaces::XMLDSIG do
   xml.SignedInfo do
-    xml.CanonicalizationMethod Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#"
+    xml.CanonicalizationMethod Algorithm: ::Xml::Kit::Namespaces::CANONICALIZATION
     xml.SignatureMethod Algorithm: signature_method
     xml.Reference URI: "##{reference_id}" do
       xml.Transforms do
-        xml.Transform Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
-        xml.Transform Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#"
+        xml.Transform Algorithm: "#{::Xml::Kit::Namespaces::XMLDSIG}enveloped-signature"
+        xml.Transform Algorithm: ::Xml::Kit::Namespaces::CANONICALIZATION
       end
       xml.DigestMethod Algorithm: digest_method
       xml.DigestValue ""

data/lib/xml/kit/version.rb

@@ -1,5 +1,5 @@
 module Xml
   module Kit
-    VERSION = "0.1.0"
+    VERSION = "0.1.1"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: xml-kit
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - mo khan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-12-28 00:00:00.000000000 Z
+date: 2017-12-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -168,28 +168,28 @@ files:
 - bin/console
 - bin/setup
 - lib/xml/kit.rb
-- lib/xml/kit/builders/encryption.rb
-- lib/xml/kit/builders/signature.rb
-- lib/xml/kit/builders/templates/certificate.builder
-- lib/xml/kit/builders/templates/encryption.builder
-- lib/xml/kit/builders/templates/nil_class.builder
-- lib/xml/kit/builders/templates/signature.builder
 - lib/xml/kit/certificate.rb
 - lib/xml/kit/crypto.rb
 - lib/xml/kit/crypto/oaep_cipher.rb
 - lib/xml/kit/crypto/rsa_cipher.rb
-- lib/xml/kit/crypto/simple_cipher.rb
+- lib/xml/kit/crypto/symmetric_cipher.rb
 - lib/xml/kit/crypto/unknown_cipher.rb
 - lib/xml/kit/decryption.rb
 - lib/xml/kit/document.rb
+- lib/xml/kit/encryption.rb
 - lib/xml/kit/fingerprint.rb
 - lib/xml/kit/id.rb
 - lib/xml/kit/key_pair.rb
 - lib/xml/kit/namespaces.rb
 - lib/xml/kit/self_signed_certificate.rb
+- lib/xml/kit/signature.rb
 - lib/xml/kit/signatures.rb
 - lib/xml/kit/templatable.rb
 - lib/xml/kit/template.rb
+- lib/xml/kit/templates/certificate.builder
+- lib/xml/kit/templates/encryption.builder
+- lib/xml/kit/templates/nil_class.builder
+- lib/xml/kit/templates/signature.builder
 - lib/xml/kit/version.rb
 - xml-kit.gemspec
 homepage: http://www.mokhan.ca

data/lib/xml/kit/builders/encryption.rb

@@ -1,20 +0,0 @@
-module Xml
-  module Kit
-    module Builders
-      class Encryption
-        attr_reader :public_key
-        attr_reader :key, :iv, :encrypted
-
-        def initialize(raw_xml, public_key)
-          @public_key = public_key
-          cipher = OpenSSL::Cipher.new('AES-256-CBC')
-          cipher.encrypt
-          @key = cipher.random_key
-          @iv = cipher.random_iv
-          @encrypted = cipher.update(raw_xml) + cipher.final
-        end
-      end
-    end
-  end
-end
-

data/lib/xml/kit/builders/signature.rb

@@ -1,34 +0,0 @@
-module Xml
-  module Kit
-    module Builders
-      class Signature
-        SIGNATURE_METHODS = {
-          SHA1: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
-          SHA224: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224",
-          SHA256: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
-          SHA384: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384",
-          SHA512: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
-        }.freeze
-        DIGEST_METHODS = {
-          SHA1: "http://www.w3.org/2000/09/xmldsig#SHA1",
-          SHA224: "http://www.w3.org/2001/04/xmldsig-more#sha224",
-          SHA256: "http://www.w3.org/2001/04/xmlenc#sha256",
-          SHA384: "http://www.w3.org/2001/04/xmldsig-more#sha384",
-          SHA512: "http://www.w3.org/2001/04/xmlenc#sha512",
-        }.freeze
-
-        attr_reader :certificate
-        attr_reader :digest_method
-        attr_reader :reference_id
-        attr_reader :signature_method
-
-        def initialize(reference_id, signature_method: :SH256, digest_method: :SHA256, certificate:)
-          @certificate = certificate
-          @digest_method = DIGEST_METHODS[digest_method]
-          @reference_id = reference_id
-          @signature_method = SIGNATURE_METHODS[signature_method]
-        end
-      end
-    end
-  end
-end

data/lib/xml/kit/builders/templates/encryption.builder

@@ -1,14 +0,0 @@
-xml.EncryptedData xmlns: ::Xml::Kit::Namespaces::XMLENC do
-  xml.EncryptionMethod Algorithm: "http://www.w3.org/2001/04/xmlenc#aes256-cbc"
-  xml.KeyInfo xmlns: ::Xml::Kit::Namespaces::XMLDSIG do
-    xml.EncryptedKey xmlns: ::Xml::Kit::Namespaces::XMLENC do
-      xml.EncryptionMethod Algorithm: "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
-      xml.CipherData do
-        xml.CipherValue Base64.encode64(public_key.public_encrypt(key))
-      end
-    end
-  end
-  xml.CipherData do
-    xml.CipherValue Base64.encode64(iv + encrypted)
-  end
-end

data/lib/xml/kit/crypto/simple_cipher.rb

@@ -1,34 +0,0 @@
-module Xml
-  module Kit
-    module Crypto
-      class SimpleCipher
-        ALGORITHMS = {
-          'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' => 'DES-EDE3-CBC',
-          'http://www.w3.org/2001/04/xmlenc#aes128-cbc' => 'AES-128-CBC',
-          'http://www.w3.org/2001/04/xmlenc#aes192-cbc' => 'AES-192-CBC',
-          'http://www.w3.org/2001/04/xmlenc#aes256-cbc' => 'AES-256-CBC',
-        }
-
-        def initialize(algorithm, private_key)
-          @algorithm = algorithm
-          @private_key = private_key
-        end
-
-        def self.matches?(algorithm)
-          ALGORITHMS[algorithm]
-        end
-
-        def decrypt(cipher_text)
-          cipher = OpenSSL::Cipher.new(ALGORITHMS[@algorithm])
-          cipher.decrypt
-          iv = cipher_text[0..cipher.iv_len-1]
-          data = cipher_text[cipher.iv_len..-1]
-          #cipher.padding = 0
-          cipher.key = @private_key
-          cipher.iv = iv
-          cipher.update(data) + cipher.final
-        end
-      end
-    end
-  end
-end