xml-kit 0.1.14 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +23 -5
- data/.travis.yml +7 -5
- data/CHANGELOG.md +60 -0
- data/README.md +14 -22
- data/bin/cibuild +1 -1
- data/lib/xml/kit.rb +11 -2
- data/lib/xml/kit/certificate.rb +6 -4
- data/lib/xml/kit/crypto.rb +14 -0
- data/lib/xml/kit/crypto/oaep_cipher.rb +5 -2
- data/lib/xml/kit/crypto/rsa_cipher.rb +4 -2
- data/lib/xml/kit/crypto/symmetric_cipher.rb +30 -9
- data/lib/xml/kit/crypto/unknown_cipher.rb +6 -1
- data/lib/xml/kit/decryption.rb +29 -20
- data/lib/xml/kit/document.rb +5 -4
- data/lib/xml/kit/encrypted_data.rb +51 -0
- data/lib/xml/kit/encrypted_key.rb +35 -0
- data/lib/xml/kit/encryption.rb +27 -18
- data/lib/xml/kit/fingerprint.rb +1 -1
- data/lib/xml/kit/key_info.rb +71 -0
- data/lib/xml/kit/key_info/key_value.rb +19 -0
- data/lib/xml/kit/key_info/retrieval_method.rb +19 -0
- data/lib/xml/kit/key_info/rsa_key_value.rb +15 -0
- data/lib/xml/kit/key_pair.rb +8 -3
- data/lib/xml/kit/namespaces.rb +12 -12
- data/lib/xml/kit/self_signed_certificate.rb +16 -3
- data/lib/xml/kit/signature.rb +9 -2
- data/lib/xml/kit/signatures.rb +4 -1
- data/lib/xml/kit/templatable.rb +75 -24
- data/lib/xml/kit/templates/certificate.builder +1 -5
- data/lib/xml/kit/templates/encrypted_data.builder +9 -0
- data/lib/xml/kit/templates/encrypted_key.builder +9 -0
- data/lib/xml/kit/templates/key_info.builder +14 -0
- data/lib/xml/kit/templates/key_value.builder +5 -0
- data/lib/xml/kit/templates/retrieval_method.builder +3 -0
- data/lib/xml/kit/templates/rsa_key_value.builder +6 -0
- data/lib/xml/kit/templates/signature.builder +1 -1
- data/lib/xml/kit/version.rb +1 -1
- data/xml-kit.gemspec +4 -4
- metadata +29 -18
- data/.rubocop_todo.yml +0 -22
- data/lib/xml/kit/templates/encryption.builder +0 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ee208a968c74fe0dc205e929d934b15bff996f417e9d6d7d466a42658f264ce6
|
|
4
|
+
data.tar.gz: 392da204421d6acd28ed5e123c5bdb02790fb74401ea6dfca68204c1050a0dcf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9cbda7b1dcb0dfad250bd8de4b73d20eaeff7bd26884f700d0976967c5522626bb988205609e3e25ed1afd536b3d569d281e4456adcda2ebad4396647697b857
|
|
7
|
+
data.tar.gz: 56e952683e4376af240cef1933c112a17637cfaf7982ed29034212f203d516b0278fbbbf1c8423a550daf1e9972c197a2a1425f5ec7844202d1e0df96d1b448f
|
data/.rubocop.yml
CHANGED
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
inherit_from: .rubocop_todo.yml
|
|
2
|
-
|
|
3
1
|
require:
|
|
4
2
|
- rubocop/cop/internal_affairs
|
|
5
3
|
- rubocop-rspec
|
|
@@ -11,7 +9,7 @@ AllCops:
|
|
|
11
9
|
- 'spec/fixtures/**/*'
|
|
12
10
|
- 'tmp/**/*'
|
|
13
11
|
- 'vendor/**/*'
|
|
14
|
-
TargetRubyVersion: 2.
|
|
12
|
+
TargetRubyVersion: 2.5
|
|
15
13
|
|
|
16
14
|
Layout/ClassStructure:
|
|
17
15
|
Enabled: true
|
|
@@ -32,12 +30,15 @@ Layout/ClassStructure:
|
|
|
32
30
|
Layout/EndOfLine:
|
|
33
31
|
EnforcedStyle: lf
|
|
34
32
|
|
|
35
|
-
Layout/
|
|
33
|
+
Layout/FirstArrayElementIndentation:
|
|
36
34
|
EnforcedStyle: consistent
|
|
37
35
|
|
|
38
|
-
Layout/
|
|
36
|
+
Layout/HeredocIndentation:
|
|
39
37
|
EnforcedStyle: active_support
|
|
40
38
|
|
|
39
|
+
Layout/MultilineOperationIndentation:
|
|
40
|
+
EnforcedStyle: indented
|
|
41
|
+
|
|
41
42
|
Lint/AmbiguousBlockAssociation:
|
|
42
43
|
Exclude:
|
|
43
44
|
- 'spec/**/*.rb'
|
|
@@ -46,6 +47,10 @@ Lint/InterpolationCheck:
|
|
|
46
47
|
Exclude:
|
|
47
48
|
- 'spec/**/*.rb'
|
|
48
49
|
|
|
50
|
+
Metrics/AbcSize:
|
|
51
|
+
Exclude:
|
|
52
|
+
- 'lib/xml/kit/self_signed_certificate.rb'
|
|
53
|
+
|
|
49
54
|
Metrics/BlockLength:
|
|
50
55
|
Exclude:
|
|
51
56
|
- '**/**/*.builder'
|
|
@@ -59,8 +64,10 @@ Metrics/ModuleLength:
|
|
|
59
64
|
- 'spec/**/*.rb'
|
|
60
65
|
|
|
61
66
|
Metrics/LineLength:
|
|
67
|
+
IgnoredPatterns: ['(\A|\s)#']
|
|
62
68
|
Exclude:
|
|
63
69
|
- 'spec/**/*.rb'
|
|
70
|
+
- 'lib/xml/kit/templates/*.builder'
|
|
64
71
|
|
|
65
72
|
Naming/FileName:
|
|
66
73
|
Exclude:
|
|
@@ -84,9 +91,16 @@ Style/TrailingCommaInHashLiteral:
|
|
|
84
91
|
RSpec/ExampleLength:
|
|
85
92
|
Max: 80
|
|
86
93
|
|
|
94
|
+
RSpec/LeakyConstantDeclaration:
|
|
95
|
+
Exclude:
|
|
96
|
+
- 'spec/xml/kit/templatable_spec.rb'
|
|
97
|
+
|
|
87
98
|
RSpec/MultipleExpectations:
|
|
88
99
|
Enabled: false
|
|
89
100
|
|
|
101
|
+
RSpec/MultipleMemoizedHelpers:
|
|
102
|
+
Enabled: false
|
|
103
|
+
|
|
90
104
|
RSpec/NamedSubject:
|
|
91
105
|
Enabled: false
|
|
92
106
|
|
|
@@ -95,3 +109,7 @@ RSpec/NestedGroups:
|
|
|
95
109
|
|
|
96
110
|
RSpec/SubjectStub:
|
|
97
111
|
Enabled: false
|
|
112
|
+
|
|
113
|
+
Style/DoubleNegation:
|
|
114
|
+
Exclude:
|
|
115
|
+
- 'lib/xml/kit/certificate.rb'
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
Version 0.5.0
|
|
2
|
+
|
|
3
|
+
# Changelog
|
|
4
|
+
All notable changes to this project will be documented in this file.
|
|
5
|
+
|
|
6
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
7
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
8
|
+
|
|
9
|
+
## [Unreleased]
|
|
10
|
+
|
|
11
|
+
## [0.5.0] - 2021-01-30
|
|
12
|
+
### Changed
|
|
13
|
+
- Minimum Ruby 2.5+
|
|
14
|
+
|
|
15
|
+
## [0.4.0] - 2019-04-30
|
|
16
|
+
### Added
|
|
17
|
+
- provide stable API for specifying the digest method and signature method.
|
|
18
|
+
|
|
19
|
+
### Changed
|
|
20
|
+
- drop support for ruby 2.2
|
|
21
|
+
- drop support for ruby 2.3
|
|
22
|
+
- use bundler 2.0
|
|
23
|
+
|
|
24
|
+
## [0.3.1] - 2019-04-01
|
|
25
|
+
### Changed
|
|
26
|
+
- provide default symmetric cipher for `EncryptedData` element.
|
|
27
|
+
- use `ENVELOPED_SIG` constant
|
|
28
|
+
|
|
29
|
+
### Added
|
|
30
|
+
- allow specifying id for `EncryptedData` element.
|
|
31
|
+
|
|
32
|
+
## [0.3.0] - 2019-01-XX
|
|
33
|
+
### Added
|
|
34
|
+
- Default logger
|
|
35
|
+
|
|
36
|
+
### Changed
|
|
37
|
+
- \_assign does not coerce values by default.
|
|
38
|
+
- errors are merged together instead of overwritten during attribute validation.
|
|
39
|
+
|
|
40
|
+
[Unreleased]: https://github.com/saml-kit/xml-kit/compare/v0.5.0...HEAD
|
|
41
|
+
[0.5.0]: https://github.com/saml-kit/xml-kit/compare/v0.4.0...v0.5.0
|
|
42
|
+
[0.4.0]: https://github.com/saml-kit/xml-kit/compare/v0.3.1...v0.4.0
|
|
43
|
+
[0.3.1]: https://github.com/saml-kit/xml-kit/compare/v0.3.0...v0.3.1
|
|
44
|
+
[0.3.0]: https://github.com/saml-kit/xml-kit/compare/v0.2.0...v0.3.0
|
|
45
|
+
[0.2.0]: https://github.com/saml-kit/xml-kit/compare/v0.1.14...v0.2.0
|
|
46
|
+
[0.1.14]: https://github.com/saml-kit/xml-kit/compare/v0.1.13...v0.1.14
|
|
47
|
+
[0.1.13]: https://github.com/saml-kit/xml-kit/compare/v0.1.12...v0.1.13
|
|
48
|
+
[0.1.12]: https://github.com/saml-kit/xml-kit/compare/v0.1.11...v0.1.12
|
|
49
|
+
[0.1.11]: https://github.com/saml-kit/xml-kit/compare/v0.1.10...v0.1.11
|
|
50
|
+
[0.1.10]: https://github.com/saml-kit/xml-kit/compare/v0.1.9...v0.1.10
|
|
51
|
+
[0.1.9]: https://github.com/saml-kit/xml-kit/compare/v0.1.8...v0.1.9
|
|
52
|
+
[0.1.8]: https://github.com/saml-kit/xml-kit/compare/v0.1.7...v0.1.8
|
|
53
|
+
[0.1.7]: https://github.com/saml-kit/xml-kit/compare/v0.1.6...v0.1.7
|
|
54
|
+
[0.1.6]: https://github.com/saml-kit/xml-kit/compare/v0.1.5...v0.1.6
|
|
55
|
+
[0.1.5]: https://github.com/saml-kit/xml-kit/compare/v0.1.4...v0.1.5
|
|
56
|
+
[0.1.4]: https://github.com/saml-kit/xml-kit/compare/v0.1.3...v0.1.4
|
|
57
|
+
[0.1.3]: https://github.com/saml-kit/xml-kit/compare/v0.1.1...v0.1.3
|
|
58
|
+
[0.1.1]: https://github.com/saml-kit/xml-kit/compare/v0.1.1...v0.1.1
|
|
59
|
+
[0.1.1]: https://github.com/saml-kit/xml-kit/compare/v0.1.0...v0.1.1
|
|
60
|
+
[0.1.0]: https://github.com/saml-kit/xml-kit/compare/v0.1.0...v0.1.0
|
data/README.md
CHANGED
|
@@ -5,8 +5,7 @@
|
|
|
5
5
|
[](https://travis-ci.org/saml-kit/xml-kit)
|
|
6
6
|
[](https://hakiri.io/github/saml-kit/xml-kit/master)
|
|
7
7
|
|
|
8
|
-
Xml::Kit is a toolkit for working with XML. It supports adding [XML
|
|
9
|
-
Digital Signatures](https://www.w3.org/TR/xmldsig-core/)
|
|
8
|
+
Xml::Kit is a toolkit for working with XML. It supports adding [XML Digital Signatures](https://www.w3.org/TR/xmldsig-core/)
|
|
10
9
|
and [XML Encryption](https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html).
|
|
11
10
|
|
|
12
11
|
## Installation
|
|
@@ -29,11 +28,12 @@ Or install it yourself as:
|
|
|
29
28
|
|
|
30
29
|
```builder
|
|
31
30
|
# ./templates/item.builder
|
|
31
|
+
|
|
32
32
|
xml.instruct!
|
|
33
33
|
xml.Item ID: id do
|
|
34
34
|
signature_for reference_id: id, xml: xml
|
|
35
35
|
xml.Encrypted do
|
|
36
|
-
|
|
36
|
+
encrypt_data_for xml: xml do |encrypted_xml|
|
|
37
37
|
encrypted_xml.EncryptMe do
|
|
38
38
|
encrypted_xml.Secret "secret"
|
|
39
39
|
end
|
|
@@ -48,12 +48,12 @@ require 'xml/kit'
|
|
|
48
48
|
class Item
|
|
49
49
|
include ::Xml::Kit::Templatable
|
|
50
50
|
|
|
51
|
-
|
|
51
|
+
attr_reader :id
|
|
52
|
+
|
|
53
|
+
def initialize(signing_key_pair, encryption_certificate)
|
|
52
54
|
@id = ::Xml::Kit::Id.generate
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
@encrypt = true
|
|
56
|
-
@encryption_certificate = ::Xml::Kit::KeyPair.generate(use: :encryption).certificate
|
|
55
|
+
sign_with(signing_key_pair)
|
|
56
|
+
encrypt_with(encryption_certificate)
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
def template_path
|
|
@@ -62,7 +62,9 @@ class Item
|
|
|
62
62
|
end
|
|
63
63
|
end
|
|
64
64
|
|
|
65
|
-
|
|
65
|
+
signing_key_pair = ::Xml::Kit::KeyPair.generate(use: :signing)
|
|
66
|
+
encryption_certificate = ::Xml::Kit::KeyPair.generate(use: :encryption).certificate
|
|
67
|
+
puts Item.new(signing_key_pair, encryption_certificate).to_xml
|
|
66
68
|
```
|
|
67
69
|
|
|
68
70
|
This will produce something like the following:
|
|
@@ -86,8 +88,7 @@ This will produce something like the following:
|
|
|
86
88
|
<SignatureValue>ZCSx4dad704jz0Z6rCMsnOs/oyVH3YBeEF9wtk2UFmWBW+VfhoBKw7N50GnzmAGCHyI6zajRPdff5i6UMDz3fOzh7rlROnqW0TXoG77xPiIfqJswCKE/4LzzBLrEHVbdUz90U8n0M1Ahbesrt+pbf/NkJghpvDhJW+w6oho7dyU6k57C5D//kTaSb7DvKte3a7/o8xWvPRztQhYekK+RyWjK9k/lU4WEXk5rGbx+QrD9rgIXBQOdcSjOtUosZJADz7uFod6AWRak246U62Xahz8JxE/1N22LhZY9whvB7s+c76f1Uv44NtF87D0P8UXs0TVx2jsnhEwLsT7DPQ6jDg==</SignatureValue>
|
|
87
89
|
<KeyInfo>
|
|
88
90
|
<X509Data>
|
|
89
|
-
<X509Certificate>MIIDQTCCAimgAwIBAgIBADANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHQWxiZXJ0YTEQMA4GA1UEBwwHQ2FsZ2FyeTEPMA0GA1UECgwGWG1sS2l0MQ8wDQYDVQQLDAZYbWxLaXQxDzANBgNVBAMMBlhtbEtpdDAeFw0xNzEyMzAxOTM1MjZaFw0xODAxMjkwNzAwMDBaMGQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdBbGJlcnRhMRAwDgYDVQQHDAdDYWxnYXJ5MQ8wDQYDVQQKDAZYbWxLaXQxDzANBgNVBAsMBlhtbEtpdDEPMA0GA1UEAwwGWG1sS2l0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8yvaY1zvqiSTpDc0vFgS00N0R05ytanViNy0YrcAvLH2njvLOYi8e5lWAjCUzoWTe6FMJQySIHuzr9NvZztlQBp5tydmxDsOFQ3DrBhiqtyafdCd5s8OQz1CekavgToTOm5VdZEWLD7HSCFvHXeuiS/zwEh4yYpJBAERtsSaYxT7L1wNggxc6F6UEfF1vwrGxMNH/OUi4okeS773esXeRlP5fHyMUvVC70KHauSYt/kjNR8/WuZBOY8/kFv3XiErf0PNSAYhyGHozabv8hJ2Bho0+HR12P6Xv+qKXFlDnMeAOHy23eShuUpCEBaEPAG4o8w4g/lrn0nJ+e9XrYaNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWybi6buMD75KBCcyd5aRtSKavYoDaZlzuohKh4z1HEzHS/fbpbxVQOrfXtuawZjNxcn62LFIe/w68EImzYkAss8LKojRcaKnIeF1/3Pzo6qfnmFpaecfYvX3ZTtw9JPOd4chy2X2WFAUMRscjSvjNvTBzFOXg60F0UMDnWOWMbc5Di/aZD8r2s/
|
|
90
|
-
8OG/fOgtBKkZnNF8gx7wuodbYSmKAfFGx8+CGtnkwNr4/hXgd1qg5KmsAx+9VYozCjGKSkVUIqC5khy6N+1Pb5jMKrMQ+QU9zGhylWoJ2jiK65hzUUVUESIB</X509Certificate>
|
|
91
|
+
<X509Certificate>MIIDQTCCAimgAwIBAgIBADANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHQWxiZXJ0YTEQMA4GA1UEBwwHQ2FsZ2FyeTEPMA0GA1UECgwGWG1sS2l0MQ8wDQYDVQQLDAZYbWxLaXQxDzANBgNVBAMMBlhtbEtpdDAeFw0xNzEyMzAxOTM1MjZaFw0xODAxMjkwNzAwMDBaMGQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdBbGJlcnRhMRAwDgYDVQQHDAdDYWxnYXJ5MQ8wDQYDVQQKDAZYbWxLaXQxDzANBgNVBAsMBlhtbEtpdDEPMA0GA1UEAwwGWG1sS2l0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8yvaY1zvqiSTpDc0vFgS00N0R05ytanViNy0YrcAvLH2njvLOYi8e5lWAjCUzoWTe6FMJQySIHuzr9NvZztlQBp5tydmxDsOFQ3DrBhiqtyafdCd5s8OQz1CekavgToTOm5VdZEWLD7HSCFvHXeuiS/zwEh4yYpJBAERtsSaYxT7L1wNggxc6F6UEfF1vwrGxMNH/OUi4okeS773esXeRlP5fHyMUvVC70KHauSYt/kjNR8/WuZBOY8/kFv3XiErf0PNSAYhyGHozabv8hJ2Bho0+HR12P6Xv+qKXFlDnMeAOHy23eShuUpCEBaEPAG4o8w4g/lrn0nJ+e9XrYaNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWybi6buMD75KBCcyd5aRtSKavYoDaZlzuohKh4z1HEzHS/fbpbxVQOrfXtuawZjNxcn62LFIe/w68EImzYkAss8LKojRcaKnIeF1/3Pzo6qfnmFpaecfYvX3ZTtw9JPOd4chy2X2WFAUMRscjSvjNvTBzFOXg60F0UMDnWOWMbc5Di/aZD8r2s/RDE3QxcUou8QhBMc2nYw77mQsXBnWmBeUA2aGP8OG/fOgtBKkZnNF8gx7wuodbYSmKAfFGx8+CGtnkwNr4/hXgd1qg5KmsAx+9VYozCjGKSkVUIqC5khy6N+1Pb5jMKrMQ+QU9zGhylWoJ2jiK65hzUUVUESIB</X509Certificate>
|
|
91
92
|
</X509Data>
|
|
92
93
|
</KeyInfo>
|
|
93
94
|
</Signature>
|
|
@@ -98,21 +99,12 @@ This will produce something like the following:
|
|
|
98
99
|
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
|
|
99
100
|
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
|
|
100
101
|
<CipherData>
|
|
101
|
-
<CipherValue>rBJwm+gmL6eUHBZDXs2swIL3DiZ+MfmBPpM52eF0RWFtZv/
|
|
102
|
-
jc+DO7X5p9l1Br67FjGJrTdfSSqHf35cS1cioyaKLtgniSrD7Hf9d8qIuWt5
|
|
103
|
-
6dLWjmCi21cePMJHhNiFe5yRjFHNp5LZ9dX5hvNXjbn0+p90fj8zlO2TWZv9
|
|
104
|
-
atooON3BaYGCezZlmG0bWyEmloqKHiGjqaKtkdeSKJDzoo/AvubDEgz56rin
|
|
105
|
-
Cpw26rEOg8BBd/KNfSXyDUifOOzXmn6myq+8+W/FFQ+6y+5SgtsbONRCqe2c
|
|
106
|
-
KkNi3fYhilwLxWCaXFjONimEOkeG03yR5QnWhzEOpw==
|
|
107
|
-
</CipherValue>
|
|
102
|
+
<CipherValue>rBJwm+gmL6eUHBZDXs2swIL3DiZ+MfmBPpM52eF0RWFtZv/gutY02KlsFLlmjc+DO7X5p9l1Br67FjGJrTdfSSqHf35cS1cioyaKLtgniSrD7Hf9d8qIuWt56dLWjmCi21cePMJHhNiFe5yRjFHNp5LZ9dX5hvNXjbn0+p90fj8zlO2TWZv9atooON3BaYGCezZlmG0bWyEmloqKHiGjqaKtkdeSKJDzoo/AvubDEgz56rinCpw26rEOg8BBd/KNfSXyDUifOOzXmn6myq+8+W/FFQ+6y+5SgtsbONRCqe2cKkNi3fYhilwLxWCaXFjONimEOkeG03yR5QnWhzEOpw==</CipherValue>
|
|
108
103
|
</CipherData>
|
|
109
104
|
</EncryptedKey>
|
|
110
105
|
</KeyInfo>
|
|
111
106
|
<CipherData>
|
|
112
|
-
<CipherValue>45rM0phzM/S/vpiq8Ev+uQZ6WL5qZ8av0UDVzWAlHn6Qr7zWYjHea+
|
|
113
|
-
pvmTPWQDEnfv2UW8l0VdCLc+51zHjluRE/xJh31Gk3rVuRJtLioSge/N9UM4
|
|
114
|
-
5g901rE9
|
|
115
|
-
</CipherValue>
|
|
107
|
+
<CipherValue>45rM0phzM/S/vpiq8Ev+uQZ6WL5qZ8av0UDVzWAlHn6Qr7zWYjHea+NF94lKpvmTPWQDEnfv2UW8l0VdCLc+51zHjluRE/xJh31Gk3rVuRJtLioSge/N9UM45g901rE9</CipherValue>
|
|
116
108
|
</CipherData>
|
|
117
109
|
</EncryptedData>
|
|
118
110
|
</Encrypted>
|
data/bin/cibuild
CHANGED
data/lib/xml/kit.rb
CHANGED
|
@@ -19,9 +19,12 @@ require 'xml/kit/crypto'
|
|
|
19
19
|
require 'xml/kit/decryption'
|
|
20
20
|
require 'xml/kit/decryption_error'
|
|
21
21
|
require 'xml/kit/document'
|
|
22
|
+
require 'xml/kit/encrypted_data'
|
|
23
|
+
require 'xml/kit/encrypted_key'
|
|
22
24
|
require 'xml/kit/encryption'
|
|
23
25
|
require 'xml/kit/fingerprint'
|
|
24
26
|
require 'xml/kit/id'
|
|
27
|
+
require 'xml/kit/key_info'
|
|
25
28
|
require 'xml/kit/key_pair'
|
|
26
29
|
require 'xml/kit/self_signed_certificate'
|
|
27
30
|
require 'xml/kit/signature'
|
|
@@ -32,6 +35,8 @@ require 'xml/kit/version'
|
|
|
32
35
|
|
|
33
36
|
module Xml
|
|
34
37
|
module Kit
|
|
38
|
+
class Error < StandardError; end
|
|
39
|
+
|
|
35
40
|
class << self
|
|
36
41
|
def logger
|
|
37
42
|
@logger ||= Logger.new(STDOUT)
|
|
@@ -39,9 +44,13 @@ module Xml
|
|
|
39
44
|
|
|
40
45
|
attr_writer :logger
|
|
41
46
|
|
|
42
|
-
def deprecate(
|
|
47
|
+
def deprecate(name, alternative: nil)
|
|
43
48
|
@deprecation ||= ActiveSupport::Deprecation.new('1.0.0', 'xml-kit')
|
|
44
|
-
|
|
49
|
+
if alternative
|
|
50
|
+
@deprecation.deprecation_warning(name, "Use `#{alternative}` instead")
|
|
51
|
+
else
|
|
52
|
+
@deprecation.deprecation_warning(name)
|
|
53
|
+
end
|
|
45
54
|
end
|
|
46
55
|
end
|
|
47
56
|
end
|
data/lib/xml/kit/certificate.rb
CHANGED
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require 'xml/kit/templatable'
|
|
4
|
+
|
|
3
5
|
module Xml
|
|
4
6
|
module Kit
|
|
5
|
-
# {include:file:spec/xml/certificate_spec.rb}
|
|
7
|
+
# {include:file:spec/xml/kit/certificate_spec.rb}
|
|
6
8
|
class Certificate
|
|
9
|
+
include Templatable
|
|
7
10
|
BASE64_FORMAT = %r(\A([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\Z).freeze
|
|
8
11
|
BEGIN_CERT = /-----BEGIN CERTIFICATE-----/.freeze
|
|
9
12
|
END_CERT = /-----END CERTIFICATE-----/.freeze
|
|
@@ -109,9 +112,8 @@ module Xml
|
|
|
109
112
|
x509.not_before
|
|
110
113
|
end
|
|
111
114
|
|
|
112
|
-
def
|
|
113
|
-
|
|
114
|
-
pretty ? Nokogiri::XML(xml).to_xml(indent: 2) : xml
|
|
115
|
+
def key_info
|
|
116
|
+
@key_info ||= KeyInfo.new(x509: x509)
|
|
115
117
|
end
|
|
116
118
|
|
|
117
119
|
class << self
|
data/lib/xml/kit/crypto.rb
CHANGED
|
@@ -14,6 +14,20 @@ module Xml
|
|
|
14
14
|
def self.cipher_for(algorithm, key)
|
|
15
15
|
CIPHERS.find { |x| x.matches?(algorithm) }.new(algorithm, key)
|
|
16
16
|
end
|
|
17
|
+
|
|
18
|
+
def self.cipher_registry(&block)
|
|
19
|
+
BlockRegistry.new(&block)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
class BlockRegistry
|
|
23
|
+
def initialize(&factory)
|
|
24
|
+
@factory = factory
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def cipher_for(algorithm, key)
|
|
28
|
+
@factory.call(algorithm, key)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
17
31
|
end
|
|
18
32
|
end
|
|
19
33
|
end
|
|
@@ -4,11 +4,14 @@ module Xml
|
|
|
4
4
|
module Kit
|
|
5
5
|
module Crypto
|
|
6
6
|
class OaepCipher
|
|
7
|
-
ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-oaep-mgf1p"
|
|
7
|
+
ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-oaep-mgf1p"
|
|
8
8
|
ALGORITHMS = {
|
|
9
9
|
ALGORITHM => true
|
|
10
10
|
}.freeze
|
|
11
|
-
|
|
11
|
+
attr_reader :algorithm, :key
|
|
12
|
+
|
|
13
|
+
def initialize(algorithm, key)
|
|
14
|
+
@algorithm = algorithm
|
|
12
15
|
@key = key
|
|
13
16
|
end
|
|
14
17
|
|
|
@@ -4,9 +4,11 @@ module Xml
|
|
|
4
4
|
module Kit
|
|
5
5
|
module Crypto
|
|
6
6
|
class RsaCipher
|
|
7
|
-
ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-1_5"
|
|
7
|
+
ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-1_5"
|
|
8
|
+
attr_reader :algorithm, :key
|
|
8
9
|
|
|
9
|
-
def initialize(
|
|
10
|
+
def initialize(algorithm, key)
|
|
11
|
+
@algorithm = algorithm
|
|
10
12
|
@key = key
|
|
11
13
|
end
|
|
12
14
|
|
|
@@ -4,7 +4,7 @@ module Xml
|
|
|
4
4
|
module Kit
|
|
5
5
|
module Crypto
|
|
6
6
|
class SymmetricCipher
|
|
7
|
-
DEFAULT_ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc"
|
|
7
|
+
DEFAULT_ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc"
|
|
8
8
|
ALGORITHMS = {
|
|
9
9
|
"#{::Xml::Kit::Namespaces::XMLENC}tripledes-cbc" => 'DES-EDE3-CBC',
|
|
10
10
|
"#{::Xml::Kit::Namespaces::XMLENC}aes128-cbc" => 'AES-128-CBC',
|
|
@@ -12,11 +12,12 @@ module Xml
|
|
|
12
12
|
"#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc" => 'AES-256-CBC',
|
|
13
13
|
}.freeze
|
|
14
14
|
|
|
15
|
-
attr_reader :key
|
|
15
|
+
attr_reader :algorithm, :key, :padding
|
|
16
16
|
|
|
17
|
-
def initialize(algorithm, key = nil)
|
|
17
|
+
def initialize(algorithm = DEFAULT_ALGORITHM, key = nil, padding = nil)
|
|
18
18
|
@algorithm = algorithm
|
|
19
19
|
@key = key || cipher.random_key
|
|
20
|
+
@padding = padding
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
def self.matches?(algorithm)
|
|
@@ -30,19 +31,39 @@ module Xml
|
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
def decrypt(cipher_text)
|
|
34
|
+
bytes = cipher_text.bytes
|
|
35
|
+
result = default_decrypt(
|
|
36
|
+
bytes[0...cipher.iv_len],
|
|
37
|
+
bytes[cipher.iv_len..-1]
|
|
38
|
+
)
|
|
39
|
+
return result if padding.nil?
|
|
40
|
+
|
|
41
|
+
padding_size = result.bytes.last
|
|
42
|
+
result[0...-padding_size]
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def to_s
|
|
46
|
+
algorithm
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
protected
|
|
50
|
+
|
|
51
|
+
def default_decrypt(initialization_vector, data)
|
|
33
52
|
cipher.decrypt
|
|
34
|
-
|
|
35
|
-
data = cipher_text[cipher.iv_len..-1]
|
|
36
|
-
# cipher.padding = 0
|
|
53
|
+
apply_padding_to(cipher)
|
|
37
54
|
cipher.key = @key
|
|
38
|
-
cipher.iv =
|
|
39
|
-
cipher.update(data)
|
|
55
|
+
cipher.iv = initialization_vector.pack('c*')
|
|
56
|
+
cipher.update(data.pack('c*')) << cipher.final
|
|
40
57
|
end
|
|
41
58
|
|
|
42
59
|
private
|
|
43
60
|
|
|
44
61
|
def cipher
|
|
45
|
-
@cipher ||= OpenSSL::Cipher.new(ALGORITHMS[
|
|
62
|
+
@cipher ||= OpenSSL::Cipher.new(ALGORITHMS[algorithm])
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def apply_padding_to(cipher)
|
|
66
|
+
cipher.padding = padding unless padding.nil?
|
|
46
67
|
end
|
|
47
68
|
end
|
|
48
69
|
end
|