xml-kit 0.1.14 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +23 -5
- data/.travis.yml +7 -5
- data/CHANGELOG.md +60 -0
- data/README.md +14 -22
- data/bin/cibuild +1 -1
- data/lib/xml/kit.rb +11 -2
- data/lib/xml/kit/certificate.rb +6 -4
- data/lib/xml/kit/crypto.rb +14 -0
- data/lib/xml/kit/crypto/oaep_cipher.rb +5 -2
- data/lib/xml/kit/crypto/rsa_cipher.rb +4 -2
- data/lib/xml/kit/crypto/symmetric_cipher.rb +30 -9
- data/lib/xml/kit/crypto/unknown_cipher.rb +6 -1
- data/lib/xml/kit/decryption.rb +29 -20
- data/lib/xml/kit/document.rb +5 -4
- data/lib/xml/kit/encrypted_data.rb +51 -0
- data/lib/xml/kit/encrypted_key.rb +35 -0
- data/lib/xml/kit/encryption.rb +27 -18
- data/lib/xml/kit/fingerprint.rb +1 -1
- data/lib/xml/kit/key_info.rb +71 -0
- data/lib/xml/kit/key_info/key_value.rb +19 -0
- data/lib/xml/kit/key_info/retrieval_method.rb +19 -0
- data/lib/xml/kit/key_info/rsa_key_value.rb +15 -0
- data/lib/xml/kit/key_pair.rb +8 -3
- data/lib/xml/kit/namespaces.rb +12 -12
- data/lib/xml/kit/self_signed_certificate.rb +16 -3
- data/lib/xml/kit/signature.rb +9 -2
- data/lib/xml/kit/signatures.rb +4 -1
- data/lib/xml/kit/templatable.rb +75 -24
- data/lib/xml/kit/templates/certificate.builder +1 -5
- data/lib/xml/kit/templates/encrypted_data.builder +9 -0
- data/lib/xml/kit/templates/encrypted_key.builder +9 -0
- data/lib/xml/kit/templates/key_info.builder +14 -0
- data/lib/xml/kit/templates/key_value.builder +5 -0
- data/lib/xml/kit/templates/retrieval_method.builder +3 -0
- data/lib/xml/kit/templates/rsa_key_value.builder +6 -0
- data/lib/xml/kit/templates/signature.builder +1 -1
- data/lib/xml/kit/version.rb +1 -1
- data/xml-kit.gemspec +4 -4
- metadata +29 -18
- data/.rubocop_todo.yml +0 -22
- data/lib/xml/kit/templates/encryption.builder +0 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ee208a968c74fe0dc205e929d934b15bff996f417e9d6d7d466a42658f264ce6
|
4
|
+
data.tar.gz: 392da204421d6acd28ed5e123c5bdb02790fb74401ea6dfca68204c1050a0dcf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9cbda7b1dcb0dfad250bd8de4b73d20eaeff7bd26884f700d0976967c5522626bb988205609e3e25ed1afd536b3d569d281e4456adcda2ebad4396647697b857
|
7
|
+
data.tar.gz: 56e952683e4376af240cef1933c112a17637cfaf7982ed29034212f203d516b0278fbbbf1c8423a550daf1e9972c197a2a1425f5ec7844202d1e0df96d1b448f
|
data/.rubocop.yml
CHANGED
@@ -1,5 +1,3 @@
|
|
1
|
-
inherit_from: .rubocop_todo.yml
|
2
|
-
|
3
1
|
require:
|
4
2
|
- rubocop/cop/internal_affairs
|
5
3
|
- rubocop-rspec
|
@@ -11,7 +9,7 @@ AllCops:
|
|
11
9
|
- 'spec/fixtures/**/*'
|
12
10
|
- 'tmp/**/*'
|
13
11
|
- 'vendor/**/*'
|
14
|
-
TargetRubyVersion: 2.
|
12
|
+
TargetRubyVersion: 2.5
|
15
13
|
|
16
14
|
Layout/ClassStructure:
|
17
15
|
Enabled: true
|
@@ -32,12 +30,15 @@ Layout/ClassStructure:
|
|
32
30
|
Layout/EndOfLine:
|
33
31
|
EnforcedStyle: lf
|
34
32
|
|
35
|
-
Layout/
|
33
|
+
Layout/FirstArrayElementIndentation:
|
36
34
|
EnforcedStyle: consistent
|
37
35
|
|
38
|
-
Layout/
|
36
|
+
Layout/HeredocIndentation:
|
39
37
|
EnforcedStyle: active_support
|
40
38
|
|
39
|
+
Layout/MultilineOperationIndentation:
|
40
|
+
EnforcedStyle: indented
|
41
|
+
|
41
42
|
Lint/AmbiguousBlockAssociation:
|
42
43
|
Exclude:
|
43
44
|
- 'spec/**/*.rb'
|
@@ -46,6 +47,10 @@ Lint/InterpolationCheck:
|
|
46
47
|
Exclude:
|
47
48
|
- 'spec/**/*.rb'
|
48
49
|
|
50
|
+
Metrics/AbcSize:
|
51
|
+
Exclude:
|
52
|
+
- 'lib/xml/kit/self_signed_certificate.rb'
|
53
|
+
|
49
54
|
Metrics/BlockLength:
|
50
55
|
Exclude:
|
51
56
|
- '**/**/*.builder'
|
@@ -59,8 +64,10 @@ Metrics/ModuleLength:
|
|
59
64
|
- 'spec/**/*.rb'
|
60
65
|
|
61
66
|
Metrics/LineLength:
|
67
|
+
IgnoredPatterns: ['(\A|\s)#']
|
62
68
|
Exclude:
|
63
69
|
- 'spec/**/*.rb'
|
70
|
+
- 'lib/xml/kit/templates/*.builder'
|
64
71
|
|
65
72
|
Naming/FileName:
|
66
73
|
Exclude:
|
@@ -84,9 +91,16 @@ Style/TrailingCommaInHashLiteral:
|
|
84
91
|
RSpec/ExampleLength:
|
85
92
|
Max: 80
|
86
93
|
|
94
|
+
RSpec/LeakyConstantDeclaration:
|
95
|
+
Exclude:
|
96
|
+
- 'spec/xml/kit/templatable_spec.rb'
|
97
|
+
|
87
98
|
RSpec/MultipleExpectations:
|
88
99
|
Enabled: false
|
89
100
|
|
101
|
+
RSpec/MultipleMemoizedHelpers:
|
102
|
+
Enabled: false
|
103
|
+
|
90
104
|
RSpec/NamedSubject:
|
91
105
|
Enabled: false
|
92
106
|
|
@@ -95,3 +109,7 @@ RSpec/NestedGroups:
|
|
95
109
|
|
96
110
|
RSpec/SubjectStub:
|
97
111
|
Enabled: false
|
112
|
+
|
113
|
+
Style/DoubleNegation:
|
114
|
+
Exclude:
|
115
|
+
- 'lib/xml/kit/certificate.rb'
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,60 @@
|
|
1
|
+
Version 0.5.0
|
2
|
+
|
3
|
+
# Changelog
|
4
|
+
All notable changes to this project will be documented in this file.
|
5
|
+
|
6
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
7
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
8
|
+
|
9
|
+
## [Unreleased]
|
10
|
+
|
11
|
+
## [0.5.0] - 2021-01-30
|
12
|
+
### Changed
|
13
|
+
- Minimum Ruby 2.5+
|
14
|
+
|
15
|
+
## [0.4.0] - 2019-04-30
|
16
|
+
### Added
|
17
|
+
- provide stable API for specifying the digest method and signature method.
|
18
|
+
|
19
|
+
### Changed
|
20
|
+
- drop support for ruby 2.2
|
21
|
+
- drop support for ruby 2.3
|
22
|
+
- use bundler 2.0
|
23
|
+
|
24
|
+
## [0.3.1] - 2019-04-01
|
25
|
+
### Changed
|
26
|
+
- provide default symmetric cipher for `EncryptedData` element.
|
27
|
+
- use `ENVELOPED_SIG` constant
|
28
|
+
|
29
|
+
### Added
|
30
|
+
- allow specifying id for `EncryptedData` element.
|
31
|
+
|
32
|
+
## [0.3.0] - 2019-01-XX
|
33
|
+
### Added
|
34
|
+
- Default logger
|
35
|
+
|
36
|
+
### Changed
|
37
|
+
- \_assign does not coerce values by default.
|
38
|
+
- errors are merged together instead of overwritten during attribute validation.
|
39
|
+
|
40
|
+
[Unreleased]: https://github.com/saml-kit/xml-kit/compare/v0.5.0...HEAD
|
41
|
+
[0.5.0]: https://github.com/saml-kit/xml-kit/compare/v0.4.0...v0.5.0
|
42
|
+
[0.4.0]: https://github.com/saml-kit/xml-kit/compare/v0.3.1...v0.4.0
|
43
|
+
[0.3.1]: https://github.com/saml-kit/xml-kit/compare/v0.3.0...v0.3.1
|
44
|
+
[0.3.0]: https://github.com/saml-kit/xml-kit/compare/v0.2.0...v0.3.0
|
45
|
+
[0.2.0]: https://github.com/saml-kit/xml-kit/compare/v0.1.14...v0.2.0
|
46
|
+
[0.1.14]: https://github.com/saml-kit/xml-kit/compare/v0.1.13...v0.1.14
|
47
|
+
[0.1.13]: https://github.com/saml-kit/xml-kit/compare/v0.1.12...v0.1.13
|
48
|
+
[0.1.12]: https://github.com/saml-kit/xml-kit/compare/v0.1.11...v0.1.12
|
49
|
+
[0.1.11]: https://github.com/saml-kit/xml-kit/compare/v0.1.10...v0.1.11
|
50
|
+
[0.1.10]: https://github.com/saml-kit/xml-kit/compare/v0.1.9...v0.1.10
|
51
|
+
[0.1.9]: https://github.com/saml-kit/xml-kit/compare/v0.1.8...v0.1.9
|
52
|
+
[0.1.8]: https://github.com/saml-kit/xml-kit/compare/v0.1.7...v0.1.8
|
53
|
+
[0.1.7]: https://github.com/saml-kit/xml-kit/compare/v0.1.6...v0.1.7
|
54
|
+
[0.1.6]: https://github.com/saml-kit/xml-kit/compare/v0.1.5...v0.1.6
|
55
|
+
[0.1.5]: https://github.com/saml-kit/xml-kit/compare/v0.1.4...v0.1.5
|
56
|
+
[0.1.4]: https://github.com/saml-kit/xml-kit/compare/v0.1.3...v0.1.4
|
57
|
+
[0.1.3]: https://github.com/saml-kit/xml-kit/compare/v0.1.1...v0.1.3
|
58
|
+
[0.1.1]: https://github.com/saml-kit/xml-kit/compare/v0.1.1...v0.1.1
|
59
|
+
[0.1.1]: https://github.com/saml-kit/xml-kit/compare/v0.1.0...v0.1.1
|
60
|
+
[0.1.0]: https://github.com/saml-kit/xml-kit/compare/v0.1.0...v0.1.0
|
data/README.md
CHANGED
@@ -5,8 +5,7 @@
|
|
5
5
|
[](https://travis-ci.org/saml-kit/xml-kit)
|
6
6
|
[](https://hakiri.io/github/saml-kit/xml-kit/master)
|
7
7
|
|
8
|
-
Xml::Kit is a toolkit for working with XML. It supports adding [XML
|
9
|
-
Digital Signatures](https://www.w3.org/TR/xmldsig-core/)
|
8
|
+
Xml::Kit is a toolkit for working with XML. It supports adding [XML Digital Signatures](https://www.w3.org/TR/xmldsig-core/)
|
10
9
|
and [XML Encryption](https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html).
|
11
10
|
|
12
11
|
## Installation
|
@@ -29,11 +28,12 @@ Or install it yourself as:
|
|
29
28
|
|
30
29
|
```builder
|
31
30
|
# ./templates/item.builder
|
31
|
+
|
32
32
|
xml.instruct!
|
33
33
|
xml.Item ID: id do
|
34
34
|
signature_for reference_id: id, xml: xml
|
35
35
|
xml.Encrypted do
|
36
|
-
|
36
|
+
encrypt_data_for xml: xml do |encrypted_xml|
|
37
37
|
encrypted_xml.EncryptMe do
|
38
38
|
encrypted_xml.Secret "secret"
|
39
39
|
end
|
@@ -48,12 +48,12 @@ require 'xml/kit'
|
|
48
48
|
class Item
|
49
49
|
include ::Xml::Kit::Templatable
|
50
50
|
|
51
|
-
|
51
|
+
attr_reader :id
|
52
|
+
|
53
|
+
def initialize(signing_key_pair, encryption_certificate)
|
52
54
|
@id = ::Xml::Kit::Id.generate
|
53
|
-
|
54
|
-
|
55
|
-
@encrypt = true
|
56
|
-
@encryption_certificate = ::Xml::Kit::KeyPair.generate(use: :encryption).certificate
|
55
|
+
sign_with(signing_key_pair)
|
56
|
+
encrypt_with(encryption_certificate)
|
57
57
|
end
|
58
58
|
|
59
59
|
def template_path
|
@@ -62,7 +62,9 @@ class Item
|
|
62
62
|
end
|
63
63
|
end
|
64
64
|
|
65
|
-
|
65
|
+
signing_key_pair = ::Xml::Kit::KeyPair.generate(use: :signing)
|
66
|
+
encryption_certificate = ::Xml::Kit::KeyPair.generate(use: :encryption).certificate
|
67
|
+
puts Item.new(signing_key_pair, encryption_certificate).to_xml
|
66
68
|
```
|
67
69
|
|
68
70
|
This will produce something like the following:
|
@@ -86,8 +88,7 @@ This will produce something like the following:
|
|
86
88
|
<SignatureValue>ZCSx4dad704jz0Z6rCMsnOs/oyVH3YBeEF9wtk2UFmWBW+VfhoBKw7N50GnzmAGCHyI6zajRPdff5i6UMDz3fOzh7rlROnqW0TXoG77xPiIfqJswCKE/4LzzBLrEHVbdUz90U8n0M1Ahbesrt+pbf/NkJghpvDhJW+w6oho7dyU6k57C5D//kTaSb7DvKte3a7/o8xWvPRztQhYekK+RyWjK9k/lU4WEXk5rGbx+QrD9rgIXBQOdcSjOtUosZJADz7uFod6AWRak246U62Xahz8JxE/1N22LhZY9whvB7s+c76f1Uv44NtF87D0P8UXs0TVx2jsnhEwLsT7DPQ6jDg==</SignatureValue>
|
87
89
|
<KeyInfo>
|
88
90
|
<X509Data>
|
89
|
-
<X509Certificate>MIIDQTCCAimgAwIBAgIBADANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHQWxiZXJ0YTEQMA4GA1UEBwwHQ2FsZ2FyeTEPMA0GA1UECgwGWG1sS2l0MQ8wDQYDVQQLDAZYbWxLaXQxDzANBgNVBAMMBlhtbEtpdDAeFw0xNzEyMzAxOTM1MjZaFw0xODAxMjkwNzAwMDBaMGQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdBbGJlcnRhMRAwDgYDVQQHDAdDYWxnYXJ5MQ8wDQYDVQQKDAZYbWxLaXQxDzANBgNVBAsMBlhtbEtpdDEPMA0GA1UEAwwGWG1sS2l0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8yvaY1zvqiSTpDc0vFgS00N0R05ytanViNy0YrcAvLH2njvLOYi8e5lWAjCUzoWTe6FMJQySIHuzr9NvZztlQBp5tydmxDsOFQ3DrBhiqtyafdCd5s8OQz1CekavgToTOm5VdZEWLD7HSCFvHXeuiS/zwEh4yYpJBAERtsSaYxT7L1wNggxc6F6UEfF1vwrGxMNH/OUi4okeS773esXeRlP5fHyMUvVC70KHauSYt/kjNR8/WuZBOY8/kFv3XiErf0PNSAYhyGHozabv8hJ2Bho0+HR12P6Xv+qKXFlDnMeAOHy23eShuUpCEBaEPAG4o8w4g/lrn0nJ+e9XrYaNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWybi6buMD75KBCcyd5aRtSKavYoDaZlzuohKh4z1HEzHS/fbpbxVQOrfXtuawZjNxcn62LFIe/w68EImzYkAss8LKojRcaKnIeF1/3Pzo6qfnmFpaecfYvX3ZTtw9JPOd4chy2X2WFAUMRscjSvjNvTBzFOXg60F0UMDnWOWMbc5Di/aZD8r2s/
|
90
|
-
8OG/fOgtBKkZnNF8gx7wuodbYSmKAfFGx8+CGtnkwNr4/hXgd1qg5KmsAx+9VYozCjGKSkVUIqC5khy6N+1Pb5jMKrMQ+QU9zGhylWoJ2jiK65hzUUVUESIB</X509Certificate>
|
91
|
+
<X509Certificate>MIIDQTCCAimgAwIBAgIBADANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHQWxiZXJ0YTEQMA4GA1UEBwwHQ2FsZ2FyeTEPMA0GA1UECgwGWG1sS2l0MQ8wDQYDVQQLDAZYbWxLaXQxDzANBgNVBAMMBlhtbEtpdDAeFw0xNzEyMzAxOTM1MjZaFw0xODAxMjkwNzAwMDBaMGQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdBbGJlcnRhMRAwDgYDVQQHDAdDYWxnYXJ5MQ8wDQYDVQQKDAZYbWxLaXQxDzANBgNVBAsMBlhtbEtpdDEPMA0GA1UEAwwGWG1sS2l0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8yvaY1zvqiSTpDc0vFgS00N0R05ytanViNy0YrcAvLH2njvLOYi8e5lWAjCUzoWTe6FMJQySIHuzr9NvZztlQBp5tydmxDsOFQ3DrBhiqtyafdCd5s8OQz1CekavgToTOm5VdZEWLD7HSCFvHXeuiS/zwEh4yYpJBAERtsSaYxT7L1wNggxc6F6UEfF1vwrGxMNH/OUi4okeS773esXeRlP5fHyMUvVC70KHauSYt/kjNR8/WuZBOY8/kFv3XiErf0PNSAYhyGHozabv8hJ2Bho0+HR12P6Xv+qKXFlDnMeAOHy23eShuUpCEBaEPAG4o8w4g/lrn0nJ+e9XrYaNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWybi6buMD75KBCcyd5aRtSKavYoDaZlzuohKh4z1HEzHS/fbpbxVQOrfXtuawZjNxcn62LFIe/w68EImzYkAss8LKojRcaKnIeF1/3Pzo6qfnmFpaecfYvX3ZTtw9JPOd4chy2X2WFAUMRscjSvjNvTBzFOXg60F0UMDnWOWMbc5Di/aZD8r2s/RDE3QxcUou8QhBMc2nYw77mQsXBnWmBeUA2aGP8OG/fOgtBKkZnNF8gx7wuodbYSmKAfFGx8+CGtnkwNr4/hXgd1qg5KmsAx+9VYozCjGKSkVUIqC5khy6N+1Pb5jMKrMQ+QU9zGhylWoJ2jiK65hzUUVUESIB</X509Certificate>
|
91
92
|
</X509Data>
|
92
93
|
</KeyInfo>
|
93
94
|
</Signature>
|
@@ -98,21 +99,12 @@ This will produce something like the following:
|
|
98
99
|
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
|
99
100
|
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
|
100
101
|
<CipherData>
|
101
|
-
<CipherValue>rBJwm+gmL6eUHBZDXs2swIL3DiZ+MfmBPpM52eF0RWFtZv/
|
102
|
-
jc+DO7X5p9l1Br67FjGJrTdfSSqHf35cS1cioyaKLtgniSrD7Hf9d8qIuWt5
|
103
|
-
6dLWjmCi21cePMJHhNiFe5yRjFHNp5LZ9dX5hvNXjbn0+p90fj8zlO2TWZv9
|
104
|
-
atooON3BaYGCezZlmG0bWyEmloqKHiGjqaKtkdeSKJDzoo/AvubDEgz56rin
|
105
|
-
Cpw26rEOg8BBd/KNfSXyDUifOOzXmn6myq+8+W/FFQ+6y+5SgtsbONRCqe2c
|
106
|
-
KkNi3fYhilwLxWCaXFjONimEOkeG03yR5QnWhzEOpw==
|
107
|
-
</CipherValue>
|
102
|
+
<CipherValue>rBJwm+gmL6eUHBZDXs2swIL3DiZ+MfmBPpM52eF0RWFtZv/gutY02KlsFLlmjc+DO7X5p9l1Br67FjGJrTdfSSqHf35cS1cioyaKLtgniSrD7Hf9d8qIuWt56dLWjmCi21cePMJHhNiFe5yRjFHNp5LZ9dX5hvNXjbn0+p90fj8zlO2TWZv9atooON3BaYGCezZlmG0bWyEmloqKHiGjqaKtkdeSKJDzoo/AvubDEgz56rinCpw26rEOg8BBd/KNfSXyDUifOOzXmn6myq+8+W/FFQ+6y+5SgtsbONRCqe2cKkNi3fYhilwLxWCaXFjONimEOkeG03yR5QnWhzEOpw==</CipherValue>
|
108
103
|
</CipherData>
|
109
104
|
</EncryptedKey>
|
110
105
|
</KeyInfo>
|
111
106
|
<CipherData>
|
112
|
-
<CipherValue>45rM0phzM/S/vpiq8Ev+uQZ6WL5qZ8av0UDVzWAlHn6Qr7zWYjHea+
|
113
|
-
pvmTPWQDEnfv2UW8l0VdCLc+51zHjluRE/xJh31Gk3rVuRJtLioSge/N9UM4
|
114
|
-
5g901rE9
|
115
|
-
</CipherValue>
|
107
|
+
<CipherValue>45rM0phzM/S/vpiq8Ev+uQZ6WL5qZ8av0UDVzWAlHn6Qr7zWYjHea+NF94lKpvmTPWQDEnfv2UW8l0VdCLc+51zHjluRE/xJh31Gk3rVuRJtLioSge/N9UM45g901rE9</CipherValue>
|
116
108
|
</CipherData>
|
117
109
|
</EncryptedData>
|
118
110
|
</Encrypted>
|
data/bin/cibuild
CHANGED
data/lib/xml/kit.rb
CHANGED
@@ -19,9 +19,12 @@ require 'xml/kit/crypto'
|
|
19
19
|
require 'xml/kit/decryption'
|
20
20
|
require 'xml/kit/decryption_error'
|
21
21
|
require 'xml/kit/document'
|
22
|
+
require 'xml/kit/encrypted_data'
|
23
|
+
require 'xml/kit/encrypted_key'
|
22
24
|
require 'xml/kit/encryption'
|
23
25
|
require 'xml/kit/fingerprint'
|
24
26
|
require 'xml/kit/id'
|
27
|
+
require 'xml/kit/key_info'
|
25
28
|
require 'xml/kit/key_pair'
|
26
29
|
require 'xml/kit/self_signed_certificate'
|
27
30
|
require 'xml/kit/signature'
|
@@ -32,6 +35,8 @@ require 'xml/kit/version'
|
|
32
35
|
|
33
36
|
module Xml
|
34
37
|
module Kit
|
38
|
+
class Error < StandardError; end
|
39
|
+
|
35
40
|
class << self
|
36
41
|
def logger
|
37
42
|
@logger ||= Logger.new(STDOUT)
|
@@ -39,9 +44,13 @@ module Xml
|
|
39
44
|
|
40
45
|
attr_writer :logger
|
41
46
|
|
42
|
-
def deprecate(
|
47
|
+
def deprecate(name, alternative: nil)
|
43
48
|
@deprecation ||= ActiveSupport::Deprecation.new('1.0.0', 'xml-kit')
|
44
|
-
|
49
|
+
if alternative
|
50
|
+
@deprecation.deprecation_warning(name, "Use `#{alternative}` instead")
|
51
|
+
else
|
52
|
+
@deprecation.deprecation_warning(name)
|
53
|
+
end
|
45
54
|
end
|
46
55
|
end
|
47
56
|
end
|
data/lib/xml/kit/certificate.rb
CHANGED
@@ -1,9 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'xml/kit/templatable'
|
4
|
+
|
3
5
|
module Xml
|
4
6
|
module Kit
|
5
|
-
# {include:file:spec/xml/certificate_spec.rb}
|
7
|
+
# {include:file:spec/xml/kit/certificate_spec.rb}
|
6
8
|
class Certificate
|
9
|
+
include Templatable
|
7
10
|
BASE64_FORMAT = %r(\A([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\Z).freeze
|
8
11
|
BEGIN_CERT = /-----BEGIN CERTIFICATE-----/.freeze
|
9
12
|
END_CERT = /-----END CERTIFICATE-----/.freeze
|
@@ -109,9 +112,8 @@ module Xml
|
|
109
112
|
x509.not_before
|
110
113
|
end
|
111
114
|
|
112
|
-
def
|
113
|
-
|
114
|
-
pretty ? Nokogiri::XML(xml).to_xml(indent: 2) : xml
|
115
|
+
def key_info
|
116
|
+
@key_info ||= KeyInfo.new(x509: x509)
|
115
117
|
end
|
116
118
|
|
117
119
|
class << self
|
data/lib/xml/kit/crypto.rb
CHANGED
@@ -14,6 +14,20 @@ module Xml
|
|
14
14
|
def self.cipher_for(algorithm, key)
|
15
15
|
CIPHERS.find { |x| x.matches?(algorithm) }.new(algorithm, key)
|
16
16
|
end
|
17
|
+
|
18
|
+
def self.cipher_registry(&block)
|
19
|
+
BlockRegistry.new(&block)
|
20
|
+
end
|
21
|
+
|
22
|
+
class BlockRegistry
|
23
|
+
def initialize(&factory)
|
24
|
+
@factory = factory
|
25
|
+
end
|
26
|
+
|
27
|
+
def cipher_for(algorithm, key)
|
28
|
+
@factory.call(algorithm, key)
|
29
|
+
end
|
30
|
+
end
|
17
31
|
end
|
18
32
|
end
|
19
33
|
end
|
@@ -4,11 +4,14 @@ module Xml
|
|
4
4
|
module Kit
|
5
5
|
module Crypto
|
6
6
|
class OaepCipher
|
7
|
-
ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-oaep-mgf1p"
|
7
|
+
ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-oaep-mgf1p"
|
8
8
|
ALGORITHMS = {
|
9
9
|
ALGORITHM => true
|
10
10
|
}.freeze
|
11
|
-
|
11
|
+
attr_reader :algorithm, :key
|
12
|
+
|
13
|
+
def initialize(algorithm, key)
|
14
|
+
@algorithm = algorithm
|
12
15
|
@key = key
|
13
16
|
end
|
14
17
|
|
@@ -4,9 +4,11 @@ module Xml
|
|
4
4
|
module Kit
|
5
5
|
module Crypto
|
6
6
|
class RsaCipher
|
7
|
-
ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-1_5"
|
7
|
+
ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-1_5"
|
8
|
+
attr_reader :algorithm, :key
|
8
9
|
|
9
|
-
def initialize(
|
10
|
+
def initialize(algorithm, key)
|
11
|
+
@algorithm = algorithm
|
10
12
|
@key = key
|
11
13
|
end
|
12
14
|
|
@@ -4,7 +4,7 @@ module Xml
|
|
4
4
|
module Kit
|
5
5
|
module Crypto
|
6
6
|
class SymmetricCipher
|
7
|
-
DEFAULT_ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc"
|
7
|
+
DEFAULT_ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc"
|
8
8
|
ALGORITHMS = {
|
9
9
|
"#{::Xml::Kit::Namespaces::XMLENC}tripledes-cbc" => 'DES-EDE3-CBC',
|
10
10
|
"#{::Xml::Kit::Namespaces::XMLENC}aes128-cbc" => 'AES-128-CBC',
|
@@ -12,11 +12,12 @@ module Xml
|
|
12
12
|
"#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc" => 'AES-256-CBC',
|
13
13
|
}.freeze
|
14
14
|
|
15
|
-
attr_reader :key
|
15
|
+
attr_reader :algorithm, :key, :padding
|
16
16
|
|
17
|
-
def initialize(algorithm, key = nil)
|
17
|
+
def initialize(algorithm = DEFAULT_ALGORITHM, key = nil, padding = nil)
|
18
18
|
@algorithm = algorithm
|
19
19
|
@key = key || cipher.random_key
|
20
|
+
@padding = padding
|
20
21
|
end
|
21
22
|
|
22
23
|
def self.matches?(algorithm)
|
@@ -30,19 +31,39 @@ module Xml
|
|
30
31
|
end
|
31
32
|
|
32
33
|
def decrypt(cipher_text)
|
34
|
+
bytes = cipher_text.bytes
|
35
|
+
result = default_decrypt(
|
36
|
+
bytes[0...cipher.iv_len],
|
37
|
+
bytes[cipher.iv_len..-1]
|
38
|
+
)
|
39
|
+
return result if padding.nil?
|
40
|
+
|
41
|
+
padding_size = result.bytes.last
|
42
|
+
result[0...-padding_size]
|
43
|
+
end
|
44
|
+
|
45
|
+
def to_s
|
46
|
+
algorithm
|
47
|
+
end
|
48
|
+
|
49
|
+
protected
|
50
|
+
|
51
|
+
def default_decrypt(initialization_vector, data)
|
33
52
|
cipher.decrypt
|
34
|
-
|
35
|
-
data = cipher_text[cipher.iv_len..-1]
|
36
|
-
# cipher.padding = 0
|
53
|
+
apply_padding_to(cipher)
|
37
54
|
cipher.key = @key
|
38
|
-
cipher.iv =
|
39
|
-
cipher.update(data)
|
55
|
+
cipher.iv = initialization_vector.pack('c*')
|
56
|
+
cipher.update(data.pack('c*')) << cipher.final
|
40
57
|
end
|
41
58
|
|
42
59
|
private
|
43
60
|
|
44
61
|
def cipher
|
45
|
-
@cipher ||= OpenSSL::Cipher.new(ALGORITHMS[
|
62
|
+
@cipher ||= OpenSSL::Cipher.new(ALGORITHMS[algorithm])
|
63
|
+
end
|
64
|
+
|
65
|
+
def apply_padding_to(cipher)
|
66
|
+
cipher.padding = padding unless padding.nil?
|
46
67
|
end
|
47
68
|
end
|
48
69
|
end
|