xml-kit 0.1.14 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (42) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +23 -5
  3. data/.travis.yml +7 -5
  4. data/CHANGELOG.md +60 -0
  5. data/README.md +14 -22
  6. data/bin/cibuild +1 -1
  7. data/lib/xml/kit.rb +11 -2
  8. data/lib/xml/kit/certificate.rb +6 -4
  9. data/lib/xml/kit/crypto.rb +14 -0
  10. data/lib/xml/kit/crypto/oaep_cipher.rb +5 -2
  11. data/lib/xml/kit/crypto/rsa_cipher.rb +4 -2
  12. data/lib/xml/kit/crypto/symmetric_cipher.rb +30 -9
  13. data/lib/xml/kit/crypto/unknown_cipher.rb +6 -1
  14. data/lib/xml/kit/decryption.rb +29 -20
  15. data/lib/xml/kit/document.rb +5 -4
  16. data/lib/xml/kit/encrypted_data.rb +51 -0
  17. data/lib/xml/kit/encrypted_key.rb +35 -0
  18. data/lib/xml/kit/encryption.rb +27 -18
  19. data/lib/xml/kit/fingerprint.rb +1 -1
  20. data/lib/xml/kit/key_info.rb +71 -0
  21. data/lib/xml/kit/key_info/key_value.rb +19 -0
  22. data/lib/xml/kit/key_info/retrieval_method.rb +19 -0
  23. data/lib/xml/kit/key_info/rsa_key_value.rb +15 -0
  24. data/lib/xml/kit/key_pair.rb +8 -3
  25. data/lib/xml/kit/namespaces.rb +12 -12
  26. data/lib/xml/kit/self_signed_certificate.rb +16 -3
  27. data/lib/xml/kit/signature.rb +9 -2
  28. data/lib/xml/kit/signatures.rb +4 -1
  29. data/lib/xml/kit/templatable.rb +75 -24
  30. data/lib/xml/kit/templates/certificate.builder +1 -5
  31. data/lib/xml/kit/templates/encrypted_data.builder +9 -0
  32. data/lib/xml/kit/templates/encrypted_key.builder +9 -0
  33. data/lib/xml/kit/templates/key_info.builder +14 -0
  34. data/lib/xml/kit/templates/key_value.builder +5 -0
  35. data/lib/xml/kit/templates/retrieval_method.builder +3 -0
  36. data/lib/xml/kit/templates/rsa_key_value.builder +6 -0
  37. data/lib/xml/kit/templates/signature.builder +1 -1
  38. data/lib/xml/kit/version.rb +1 -1
  39. data/xml-kit.gemspec +4 -4
  40. metadata +29 -18
  41. data/.rubocop_todo.yml +0 -22
  42. data/lib/xml/kit/templates/encryption.builder +0 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa2eb376d5c11a9777e3a3a6073754c9783c73bdc24bbb45c7ac5877e3e99472
4
- data.tar.gz: 6eb275d2a3791889c12a04a5e2b1143807bf4e1ac1968491f93ef32faeccd868
3
+ metadata.gz: ee208a968c74fe0dc205e929d934b15bff996f417e9d6d7d466a42658f264ce6
4
+ data.tar.gz: 392da204421d6acd28ed5e123c5bdb02790fb74401ea6dfca68204c1050a0dcf
5
5
  SHA512:
6
- metadata.gz: 0447e7510327c68ee2f9f500b980d1d36255b044a3825dfd504245ea111eb367f998a0bc6a507d54e5f64472de76a2766460085c808b8ca380254fdbe12feaa0
7
- data.tar.gz: 7f9c69571ddd52a638daf3b20062cc4b2d06cfd7cd83f6a517405330daddc8c8bb8d62fbd054b02ad8ad1eda6a9229ef0221f97d90b4d4ee3318420175eb3405
6
+ metadata.gz: 9cbda7b1dcb0dfad250bd8de4b73d20eaeff7bd26884f700d0976967c5522626bb988205609e3e25ed1afd536b3d569d281e4456adcda2ebad4396647697b857
7
+ data.tar.gz: 56e952683e4376af240cef1933c112a17637cfaf7982ed29034212f203d516b0278fbbbf1c8423a550daf1e9972c197a2a1425f5ec7844202d1e0df96d1b448f
@@ -1,5 +1,3 @@
1
- inherit_from: .rubocop_todo.yml
2
-
3
1
  require:
4
2
  - rubocop/cop/internal_affairs
5
3
  - rubocop-rspec
@@ -11,7 +9,7 @@ AllCops:
11
9
  - 'spec/fixtures/**/*'
12
10
  - 'tmp/**/*'
13
11
  - 'vendor/**/*'
14
- TargetRubyVersion: 2.2
12
+ TargetRubyVersion: 2.5
15
13
 
16
14
  Layout/ClassStructure:
17
15
  Enabled: true
@@ -32,12 +30,15 @@ Layout/ClassStructure:
32
30
  Layout/EndOfLine:
33
31
  EnforcedStyle: lf
34
32
 
35
- Layout/IndentArray:
33
+ Layout/FirstArrayElementIndentation:
36
34
  EnforcedStyle: consistent
37
35
 
38
- Layout/IndentHeredoc:
36
+ Layout/HeredocIndentation:
39
37
  EnforcedStyle: active_support
40
38
 
39
+ Layout/MultilineOperationIndentation:
40
+ EnforcedStyle: indented
41
+
41
42
  Lint/AmbiguousBlockAssociation:
42
43
  Exclude:
43
44
  - 'spec/**/*.rb'
@@ -46,6 +47,10 @@ Lint/InterpolationCheck:
46
47
  Exclude:
47
48
  - 'spec/**/*.rb'
48
49
 
50
+ Metrics/AbcSize:
51
+ Exclude:
52
+ - 'lib/xml/kit/self_signed_certificate.rb'
53
+
49
54
  Metrics/BlockLength:
50
55
  Exclude:
51
56
  - '**/**/*.builder'
@@ -59,8 +64,10 @@ Metrics/ModuleLength:
59
64
  - 'spec/**/*.rb'
60
65
 
61
66
  Metrics/LineLength:
67
+ IgnoredPatterns: ['(\A|\s)#']
62
68
  Exclude:
63
69
  - 'spec/**/*.rb'
70
+ - 'lib/xml/kit/templates/*.builder'
64
71
 
65
72
  Naming/FileName:
66
73
  Exclude:
@@ -84,9 +91,16 @@ Style/TrailingCommaInHashLiteral:
84
91
  RSpec/ExampleLength:
85
92
  Max: 80
86
93
 
94
+ RSpec/LeakyConstantDeclaration:
95
+ Exclude:
96
+ - 'spec/xml/kit/templatable_spec.rb'
97
+
87
98
  RSpec/MultipleExpectations:
88
99
  Enabled: false
89
100
 
101
+ RSpec/MultipleMemoizedHelpers:
102
+ Enabled: false
103
+
90
104
  RSpec/NamedSubject:
91
105
  Enabled: false
92
106
 
@@ -95,3 +109,7 @@ RSpec/NestedGroups:
95
109
 
96
110
  RSpec/SubjectStub:
97
111
  Enabled: false
112
+
113
+ Style/DoubleNegation:
114
+ Exclude:
115
+ - 'lib/xml/kit/certificate.rb'
@@ -1,11 +1,13 @@
1
1
  sudo: false
2
2
  language: ruby
3
- cache: bundler
4
3
  rvm:
5
- - 2.2.9
6
- - 2.3.6
7
- - 2.4.3
8
- - 2.5.0
4
+ - 2.5.5
5
+ - 2.6.3
6
+ - 2.7.2
7
+ - 3.0.0
8
+ before_install:
9
+ - gem update --system
10
+ - gem install bundler
9
11
  script:
10
12
  - bin/cibuild
11
13
  - bin/lint
@@ -0,0 +1,60 @@
1
+ Version 0.5.0
2
+
3
+ # Changelog
4
+ All notable changes to this project will be documented in this file.
5
+
6
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
7
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
8
+
9
+ ## [Unreleased]
10
+
11
+ ## [0.5.0] - 2021-01-30
12
+ ### Changed
13
+ - Minimum Ruby 2.5+
14
+
15
+ ## [0.4.0] - 2019-04-30
16
+ ### Added
17
+ - provide stable API for specifying the digest method and signature method.
18
+
19
+ ### Changed
20
+ - drop support for ruby 2.2
21
+ - drop support for ruby 2.3
22
+ - use bundler 2.0
23
+
24
+ ## [0.3.1] - 2019-04-01
25
+ ### Changed
26
+ - provide default symmetric cipher for `EncryptedData` element.
27
+ - use `ENVELOPED_SIG` constant
28
+
29
+ ### Added
30
+ - allow specifying id for `EncryptedData` element.
31
+
32
+ ## [0.3.0] - 2019-01-XX
33
+ ### Added
34
+ - Default logger
35
+
36
+ ### Changed
37
+ - \_assign does not coerce values by default.
38
+ - errors are merged together instead of overwritten during attribute validation.
39
+
40
+ [Unreleased]: https://github.com/saml-kit/xml-kit/compare/v0.5.0...HEAD
41
+ [0.5.0]: https://github.com/saml-kit/xml-kit/compare/v0.4.0...v0.5.0
42
+ [0.4.0]: https://github.com/saml-kit/xml-kit/compare/v0.3.1...v0.4.0
43
+ [0.3.1]: https://github.com/saml-kit/xml-kit/compare/v0.3.0...v0.3.1
44
+ [0.3.0]: https://github.com/saml-kit/xml-kit/compare/v0.2.0...v0.3.0
45
+ [0.2.0]: https://github.com/saml-kit/xml-kit/compare/v0.1.14...v0.2.0
46
+ [0.1.14]: https://github.com/saml-kit/xml-kit/compare/v0.1.13...v0.1.14
47
+ [0.1.13]: https://github.com/saml-kit/xml-kit/compare/v0.1.12...v0.1.13
48
+ [0.1.12]: https://github.com/saml-kit/xml-kit/compare/v0.1.11...v0.1.12
49
+ [0.1.11]: https://github.com/saml-kit/xml-kit/compare/v0.1.10...v0.1.11
50
+ [0.1.10]: https://github.com/saml-kit/xml-kit/compare/v0.1.9...v0.1.10
51
+ [0.1.9]: https://github.com/saml-kit/xml-kit/compare/v0.1.8...v0.1.9
52
+ [0.1.8]: https://github.com/saml-kit/xml-kit/compare/v0.1.7...v0.1.8
53
+ [0.1.7]: https://github.com/saml-kit/xml-kit/compare/v0.1.6...v0.1.7
54
+ [0.1.6]: https://github.com/saml-kit/xml-kit/compare/v0.1.5...v0.1.6
55
+ [0.1.5]: https://github.com/saml-kit/xml-kit/compare/v0.1.4...v0.1.5
56
+ [0.1.4]: https://github.com/saml-kit/xml-kit/compare/v0.1.3...v0.1.4
57
+ [0.1.3]: https://github.com/saml-kit/xml-kit/compare/v0.1.1...v0.1.3
58
+ [0.1.1]: https://github.com/saml-kit/xml-kit/compare/v0.1.1...v0.1.1
59
+ [0.1.1]: https://github.com/saml-kit/xml-kit/compare/v0.1.0...v0.1.1
60
+ [0.1.0]: https://github.com/saml-kit/xml-kit/compare/v0.1.0...v0.1.0
data/README.md CHANGED
@@ -5,8 +5,7 @@
5
5
  [![Build Status](https://travis-ci.org/saml-kit/xml-kit.svg?branch=master)](https://travis-ci.org/saml-kit/xml-kit)
6
6
  [![Security](https://hakiri.io/github/saml-kit/xml-kit/master.svg)](https://hakiri.io/github/saml-kit/xml-kit/master)
7
7
 
8
- Xml::Kit is a toolkit for working with XML. It supports adding [XML
9
- Digital Signatures](https://www.w3.org/TR/xmldsig-core/)
8
+ Xml::Kit is a toolkit for working with XML. It supports adding [XML Digital Signatures](https://www.w3.org/TR/xmldsig-core/)
10
9
  and [XML Encryption](https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html).
11
10
 
12
11
  ## Installation
@@ -29,11 +28,12 @@ Or install it yourself as:
29
28
 
30
29
  ```builder
31
30
  # ./templates/item.builder
31
+
32
32
  xml.instruct!
33
33
  xml.Item ID: id do
34
34
  signature_for reference_id: id, xml: xml
35
35
  xml.Encrypted do
36
- encryption_for xml: xml do |encrypted_xml|
36
+ encrypt_data_for xml: xml do |encrypted_xml|
37
37
  encrypted_xml.EncryptMe do
38
38
  encrypted_xml.Secret "secret"
39
39
  end
@@ -48,12 +48,12 @@ require 'xml/kit'
48
48
  class Item
49
49
  include ::Xml::Kit::Templatable
50
50
 
51
- def initialize
51
+ attr_reader :id
52
+
53
+ def initialize(signing_key_pair, encryption_certificate)
52
54
  @id = ::Xml::Kit::Id.generate
53
- @signing_key_pair = ::Xml::Kit::KeyPair.generate(use: :signing)
54
- @embed_signature = true
55
- @encrypt = true
56
- @encryption_certificate = ::Xml::Kit::KeyPair.generate(use: :encryption).certificate
55
+ sign_with(signing_key_pair)
56
+ encrypt_with(encryption_certificate)
57
57
  end
58
58
 
59
59
  def template_path
@@ -62,7 +62,9 @@ class Item
62
62
  end
63
63
  end
64
64
 
65
- puts Item.new.to_xml
65
+ signing_key_pair = ::Xml::Kit::KeyPair.generate(use: :signing)
66
+ encryption_certificate = ::Xml::Kit::KeyPair.generate(use: :encryption).certificate
67
+ puts Item.new(signing_key_pair, encryption_certificate).to_xml
66
68
  ```
67
69
 
68
70
  This will produce something like the following:
@@ -86,8 +88,7 @@ This will produce something like the following:
86
88
  <SignatureValue>ZCSx4dad704jz0Z6rCMsnOs/oyVH3YBeEF9wtk2UFmWBW+VfhoBKw7N50GnzmAGCHyI6zajRPdff5i6UMDz3fOzh7rlROnqW0TXoG77xPiIfqJswCKE/4LzzBLrEHVbdUz90U8n0M1Ahbesrt+pbf/NkJghpvDhJW+w6oho7dyU6k57C5D//kTaSb7DvKte3a7/o8xWvPRztQhYekK+RyWjK9k/lU4WEXk5rGbx+QrD9rgIXBQOdcSjOtUosZJADz7uFod6AWRak246U62Xahz8JxE/1N22LhZY9whvB7s+c76f1Uv44NtF87D0P8UXs0TVx2jsnhEwLsT7DPQ6jDg==</SignatureValue>
87
89
  <KeyInfo>
88
90
  <X509Data>
89
- <X509Certificate>MIIDQTCCAimgAwIBAgIBADANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHQWxiZXJ0YTEQMA4GA1UEBwwHQ2FsZ2FyeTEPMA0GA1UECgwGWG1sS2l0MQ8wDQYDVQQLDAZYbWxLaXQxDzANBgNVBAMMBlhtbEtpdDAeFw0xNzEyMzAxOTM1MjZaFw0xODAxMjkwNzAwMDBaMGQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdBbGJlcnRhMRAwDgYDVQQHDAdDYWxnYXJ5MQ8wDQYDVQQKDAZYbWxLaXQxDzANBgNVBAsMBlhtbEtpdDEPMA0GA1UEAwwGWG1sS2l0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8yvaY1zvqiSTpDc0vFgS00N0R05ytanViNy0YrcAvLH2njvLOYi8e5lWAjCUzoWTe6FMJQySIHuzr9NvZztlQBp5tydmxDsOFQ3DrBhiqtyafdCd5s8OQz1CekavgToTOm5VdZEWLD7HSCFvHXeuiS/zwEh4yYpJBAERtsSaYxT7L1wNggxc6F6UEfF1vwrGxMNH/OUi4okeS773esXeRlP5fHyMUvVC70KHauSYt/kjNR8/WuZBOY8/kFv3XiErf0PNSAYhyGHozabv8hJ2Bho0+HR12P6Xv+qKXFlDnMeAOHy23eShuUpCEBaEPAG4o8w4g/lrn0nJ+e9XrYaNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWybi6buMD75KBCcyd5aRtSKavYoDaZlzuohKh4z1HEzHS/fbpbxVQOrfXtuawZjNxcn62LFIe/w68EImzYkAss8LKojRcaKnIeF1/3Pzo6qfnmFpaecfYvX3ZTtw9JPOd4chy2X2WFAUMRscjSvjNvTBzFOXg60F0UMDnWOWMbc5Di/aZD8r2s/RDE3QxcUou8QhBMc2nYw77mQsXBnWmBeUA2aGP
90
- 8OG/fOgtBKkZnNF8gx7wuodbYSmKAfFGx8+CGtnkwNr4/hXgd1qg5KmsAx+9VYozCjGKSkVUIqC5khy6N+1Pb5jMKrMQ+QU9zGhylWoJ2jiK65hzUUVUESIB</X509Certificate>
91
+ <X509Certificate>MIIDQTCCAimgAwIBAgIBADANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHQWxiZXJ0YTEQMA4GA1UEBwwHQ2FsZ2FyeTEPMA0GA1UECgwGWG1sS2l0MQ8wDQYDVQQLDAZYbWxLaXQxDzANBgNVBAMMBlhtbEtpdDAeFw0xNzEyMzAxOTM1MjZaFw0xODAxMjkwNzAwMDBaMGQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdBbGJlcnRhMRAwDgYDVQQHDAdDYWxnYXJ5MQ8wDQYDVQQKDAZYbWxLaXQxDzANBgNVBAsMBlhtbEtpdDEPMA0GA1UEAwwGWG1sS2l0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8yvaY1zvqiSTpDc0vFgS00N0R05ytanViNy0YrcAvLH2njvLOYi8e5lWAjCUzoWTe6FMJQySIHuzr9NvZztlQBp5tydmxDsOFQ3DrBhiqtyafdCd5s8OQz1CekavgToTOm5VdZEWLD7HSCFvHXeuiS/zwEh4yYpJBAERtsSaYxT7L1wNggxc6F6UEfF1vwrGxMNH/OUi4okeS773esXeRlP5fHyMUvVC70KHauSYt/kjNR8/WuZBOY8/kFv3XiErf0PNSAYhyGHozabv8hJ2Bho0+HR12P6Xv+qKXFlDnMeAOHy23eShuUpCEBaEPAG4o8w4g/lrn0nJ+e9XrYaNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWybi6buMD75KBCcyd5aRtSKavYoDaZlzuohKh4z1HEzHS/fbpbxVQOrfXtuawZjNxcn62LFIe/w68EImzYkAss8LKojRcaKnIeF1/3Pzo6qfnmFpaecfYvX3ZTtw9JPOd4chy2X2WFAUMRscjSvjNvTBzFOXg60F0UMDnWOWMbc5Di/aZD8r2s/RDE3QxcUou8QhBMc2nYw77mQsXBnWmBeUA2aGP8OG/fOgtBKkZnNF8gx7wuodbYSmKAfFGx8+CGtnkwNr4/hXgd1qg5KmsAx+9VYozCjGKSkVUIqC5khy6N+1Pb5jMKrMQ+QU9zGhylWoJ2jiK65hzUUVUESIB</X509Certificate>
91
92
  </X509Data>
92
93
  </KeyInfo>
93
94
  </Signature>
@@ -98,21 +99,12 @@ This will produce something like the following:
98
99
  <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
99
100
  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
100
101
  <CipherData>
101
- <CipherValue>rBJwm+gmL6eUHBZDXs2swIL3DiZ+MfmBPpM52eF0RWFtZv/gutY02KlsFLlm
102
- jc+DO7X5p9l1Br67FjGJrTdfSSqHf35cS1cioyaKLtgniSrD7Hf9d8qIuWt5
103
- 6dLWjmCi21cePMJHhNiFe5yRjFHNp5LZ9dX5hvNXjbn0+p90fj8zlO2TWZv9
104
- atooON3BaYGCezZlmG0bWyEmloqKHiGjqaKtkdeSKJDzoo/AvubDEgz56rin
105
- Cpw26rEOg8BBd/KNfSXyDUifOOzXmn6myq+8+W/FFQ+6y+5SgtsbONRCqe2c
106
- KkNi3fYhilwLxWCaXFjONimEOkeG03yR5QnWhzEOpw==
107
- </CipherValue>
102
+ <CipherValue>rBJwm+gmL6eUHBZDXs2swIL3DiZ+MfmBPpM52eF0RWFtZv/gutY02KlsFLlmjc+DO7X5p9l1Br67FjGJrTdfSSqHf35cS1cioyaKLtgniSrD7Hf9d8qIuWt56dLWjmCi21cePMJHhNiFe5yRjFHNp5LZ9dX5hvNXjbn0+p90fj8zlO2TWZv9atooON3BaYGCezZlmG0bWyEmloqKHiGjqaKtkdeSKJDzoo/AvubDEgz56rinCpw26rEOg8BBd/KNfSXyDUifOOzXmn6myq+8+W/FFQ+6y+5SgtsbONRCqe2cKkNi3fYhilwLxWCaXFjONimEOkeG03yR5QnWhzEOpw==</CipherValue>
108
103
  </CipherData>
109
104
  </EncryptedKey>
110
105
  </KeyInfo>
111
106
  <CipherData>
112
- <CipherValue>45rM0phzM/S/vpiq8Ev+uQZ6WL5qZ8av0UDVzWAlHn6Qr7zWYjHea+NF94lK
113
- pvmTPWQDEnfv2UW8l0VdCLc+51zHjluRE/xJh31Gk3rVuRJtLioSge/N9UM4
114
- 5g901rE9
115
- </CipherValue>
107
+ <CipherValue>45rM0phzM/S/vpiq8Ev+uQZ6WL5qZ8av0UDVzWAlHn6Qr7zWYjHea+NF94lKpvmTPWQDEnfv2UW8l0VdCLc+51zHjluRE/xJh31Gk3rVuRJtLioSge/N9UM45g901rE9</CipherValue>
116
108
  </CipherData>
117
109
  </EncryptedData>
118
110
  </Encrypted>
@@ -17,5 +17,5 @@ export RUBY_HEAP_SLOTS_INCREMENT=400000
17
17
  export RUBY_HEAP_SLOTS_GROWTH_FACTOR=1
18
18
 
19
19
  ruby -v
20
- gem install bundler --no-ri --no-rdoc --conservative
20
+ gem install bundler --conservative -v '~> 2.0'
21
21
  bin/test
@@ -19,9 +19,12 @@ require 'xml/kit/crypto'
19
19
  require 'xml/kit/decryption'
20
20
  require 'xml/kit/decryption_error'
21
21
  require 'xml/kit/document'
22
+ require 'xml/kit/encrypted_data'
23
+ require 'xml/kit/encrypted_key'
22
24
  require 'xml/kit/encryption'
23
25
  require 'xml/kit/fingerprint'
24
26
  require 'xml/kit/id'
27
+ require 'xml/kit/key_info'
25
28
  require 'xml/kit/key_pair'
26
29
  require 'xml/kit/self_signed_certificate'
27
30
  require 'xml/kit/signature'
@@ -32,6 +35,8 @@ require 'xml/kit/version'
32
35
 
33
36
  module Xml
34
37
  module Kit
38
+ class Error < StandardError; end
39
+
35
40
  class << self
36
41
  def logger
37
42
  @logger ||= Logger.new(STDOUT)
@@ -39,9 +44,13 @@ module Xml
39
44
 
40
45
  attr_writer :logger
41
46
 
42
- def deprecate(message)
47
+ def deprecate(name, alternative: nil)
43
48
  @deprecation ||= ActiveSupport::Deprecation.new('1.0.0', 'xml-kit')
44
- @deprecation.deprecation_warning(message)
49
+ if alternative
50
+ @deprecation.deprecation_warning(name, "Use `#{alternative}` instead")
51
+ else
52
+ @deprecation.deprecation_warning(name)
53
+ end
45
54
  end
46
55
  end
47
56
  end
@@ -1,9 +1,12 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'xml/kit/templatable'
4
+
3
5
  module Xml
4
6
  module Kit
5
- # {include:file:spec/xml/certificate_spec.rb}
7
+ # {include:file:spec/xml/kit/certificate_spec.rb}
6
8
  class Certificate
9
+ include Templatable
7
10
  BASE64_FORMAT = %r(\A([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\Z).freeze
8
11
  BEGIN_CERT = /-----BEGIN CERTIFICATE-----/.freeze
9
12
  END_CERT = /-----END CERTIFICATE-----/.freeze
@@ -109,9 +112,8 @@ module Xml
109
112
  x509.not_before
110
113
  end
111
114
 
112
- def to_xml(pretty: false, xml: ::Builder::XmlMarkup.new)
113
- xml = ::Xml::Kit::Template.new(self).to_xml(xml: xml)
114
- pretty ? Nokogiri::XML(xml).to_xml(indent: 2) : xml
115
+ def key_info
116
+ @key_info ||= KeyInfo.new(x509: x509)
115
117
  end
116
118
 
117
119
  class << self
@@ -14,6 +14,20 @@ module Xml
14
14
  def self.cipher_for(algorithm, key)
15
15
  CIPHERS.find { |x| x.matches?(algorithm) }.new(algorithm, key)
16
16
  end
17
+
18
+ def self.cipher_registry(&block)
19
+ BlockRegistry.new(&block)
20
+ end
21
+
22
+ class BlockRegistry
23
+ def initialize(&factory)
24
+ @factory = factory
25
+ end
26
+
27
+ def cipher_for(algorithm, key)
28
+ @factory.call(algorithm, key)
29
+ end
30
+ end
17
31
  end
18
32
  end
19
33
  end
@@ -4,11 +4,14 @@ module Xml
4
4
  module Kit
5
5
  module Crypto
6
6
  class OaepCipher
7
- ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-oaep-mgf1p".freeze
7
+ ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-oaep-mgf1p"
8
8
  ALGORITHMS = {
9
9
  ALGORITHM => true
10
10
  }.freeze
11
- def initialize(_algorithm, key)
11
+ attr_reader :algorithm, :key
12
+
13
+ def initialize(algorithm, key)
14
+ @algorithm = algorithm
12
15
  @key = key
13
16
  end
14
17
 
@@ -4,9 +4,11 @@ module Xml
4
4
  module Kit
5
5
  module Crypto
6
6
  class RsaCipher
7
- ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-1_5".freeze
7
+ ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-1_5"
8
+ attr_reader :algorithm, :key
8
9
 
9
- def initialize(_algorithm, key)
10
+ def initialize(algorithm, key)
11
+ @algorithm = algorithm
10
12
  @key = key
11
13
  end
12
14
 
@@ -4,7 +4,7 @@ module Xml
4
4
  module Kit
5
5
  module Crypto
6
6
  class SymmetricCipher
7
- DEFAULT_ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc".freeze
7
+ DEFAULT_ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc"
8
8
  ALGORITHMS = {
9
9
  "#{::Xml::Kit::Namespaces::XMLENC}tripledes-cbc" => 'DES-EDE3-CBC',
10
10
  "#{::Xml::Kit::Namespaces::XMLENC}aes128-cbc" => 'AES-128-CBC',
@@ -12,11 +12,12 @@ module Xml
12
12
  "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc" => 'AES-256-CBC',
13
13
  }.freeze
14
14
 
15
- attr_reader :key
15
+ attr_reader :algorithm, :key, :padding
16
16
 
17
- def initialize(algorithm, key = nil)
17
+ def initialize(algorithm = DEFAULT_ALGORITHM, key = nil, padding = nil)
18
18
  @algorithm = algorithm
19
19
  @key = key || cipher.random_key
20
+ @padding = padding
20
21
  end
21
22
 
22
23
  def self.matches?(algorithm)
@@ -30,19 +31,39 @@ module Xml
30
31
  end
31
32
 
32
33
  def decrypt(cipher_text)
34
+ bytes = cipher_text.bytes
35
+ result = default_decrypt(
36
+ bytes[0...cipher.iv_len],
37
+ bytes[cipher.iv_len..-1]
38
+ )
39
+ return result if padding.nil?
40
+
41
+ padding_size = result.bytes.last
42
+ result[0...-padding_size]
43
+ end
44
+
45
+ def to_s
46
+ algorithm
47
+ end
48
+
49
+ protected
50
+
51
+ def default_decrypt(initialization_vector, data)
33
52
  cipher.decrypt
34
- iv = cipher_text[0..cipher.iv_len - 1]
35
- data = cipher_text[cipher.iv_len..-1]
36
- # cipher.padding = 0
53
+ apply_padding_to(cipher)
37
54
  cipher.key = @key
38
- cipher.iv = iv
39
- cipher.update(data) + cipher.final
55
+ cipher.iv = initialization_vector.pack('c*')
56
+ cipher.update(data.pack('c*')) << cipher.final
40
57
  end
41
58
 
42
59
  private
43
60
 
44
61
  def cipher
45
- @cipher ||= OpenSSL::Cipher.new(ALGORITHMS[@algorithm])
62
+ @cipher ||= OpenSSL::Cipher.new(ALGORITHMS[algorithm])
63
+ end
64
+
65
+ def apply_padding_to(cipher)
66
+ cipher.padding = padding unless padding.nil?
46
67
  end
47
68
  end
48
69
  end