xml-kit 0.1.14 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +23 -5
  3. data/.travis.yml +7 -5
  4. data/CHANGELOG.md +60 -0
  5. data/README.md +14 -22
  6. data/bin/cibuild +1 -1
  7. data/lib/xml/kit.rb +11 -2
  8. data/lib/xml/kit/certificate.rb +6 -4
  9. data/lib/xml/kit/crypto.rb +14 -0
  10. data/lib/xml/kit/crypto/oaep_cipher.rb +5 -2
  11. data/lib/xml/kit/crypto/rsa_cipher.rb +4 -2
  12. data/lib/xml/kit/crypto/symmetric_cipher.rb +30 -9
  13. data/lib/xml/kit/crypto/unknown_cipher.rb +6 -1
  14. data/lib/xml/kit/decryption.rb +29 -20
  15. data/lib/xml/kit/document.rb +5 -4
  16. data/lib/xml/kit/encrypted_data.rb +51 -0
  17. data/lib/xml/kit/encrypted_key.rb +35 -0
  18. data/lib/xml/kit/encryption.rb +27 -18
  19. data/lib/xml/kit/fingerprint.rb +1 -1
  20. data/lib/xml/kit/key_info.rb +71 -0
  21. data/lib/xml/kit/key_info/key_value.rb +19 -0
  22. data/lib/xml/kit/key_info/retrieval_method.rb +19 -0
  23. data/lib/xml/kit/key_info/rsa_key_value.rb +15 -0
  24. data/lib/xml/kit/key_pair.rb +8 -3
  25. data/lib/xml/kit/namespaces.rb +12 -12
  26. data/lib/xml/kit/self_signed_certificate.rb +16 -3
  27. data/lib/xml/kit/signature.rb +9 -2
  28. data/lib/xml/kit/signatures.rb +4 -1
  29. data/lib/xml/kit/templatable.rb +75 -24
  30. data/lib/xml/kit/templates/certificate.builder +1 -5
  31. data/lib/xml/kit/templates/encrypted_data.builder +9 -0
  32. data/lib/xml/kit/templates/encrypted_key.builder +9 -0
  33. data/lib/xml/kit/templates/key_info.builder +14 -0
  34. data/lib/xml/kit/templates/key_value.builder +5 -0
  35. data/lib/xml/kit/templates/retrieval_method.builder +3 -0
  36. data/lib/xml/kit/templates/rsa_key_value.builder +6 -0
  37. data/lib/xml/kit/templates/signature.builder +1 -1
  38. data/lib/xml/kit/version.rb +1 -1
  39. data/xml-kit.gemspec +4 -4
  40. metadata +29 -18
  41. data/.rubocop_todo.yml +0 -22
  42. data/lib/xml/kit/templates/encryption.builder +0 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa2eb376d5c11a9777e3a3a6073754c9783c73bdc24bbb45c7ac5877e3e99472
4
- data.tar.gz: 6eb275d2a3791889c12a04a5e2b1143807bf4e1ac1968491f93ef32faeccd868
3
+ metadata.gz: ee208a968c74fe0dc205e929d934b15bff996f417e9d6d7d466a42658f264ce6
4
+ data.tar.gz: 392da204421d6acd28ed5e123c5bdb02790fb74401ea6dfca68204c1050a0dcf
5
5
  SHA512:
6
- metadata.gz: 0447e7510327c68ee2f9f500b980d1d36255b044a3825dfd504245ea111eb367f998a0bc6a507d54e5f64472de76a2766460085c808b8ca380254fdbe12feaa0
7
- data.tar.gz: 7f9c69571ddd52a638daf3b20062cc4b2d06cfd7cd83f6a517405330daddc8c8bb8d62fbd054b02ad8ad1eda6a9229ef0221f97d90b4d4ee3318420175eb3405
6
+ metadata.gz: 9cbda7b1dcb0dfad250bd8de4b73d20eaeff7bd26884f700d0976967c5522626bb988205609e3e25ed1afd536b3d569d281e4456adcda2ebad4396647697b857
7
+ data.tar.gz: 56e952683e4376af240cef1933c112a17637cfaf7982ed29034212f203d516b0278fbbbf1c8423a550daf1e9972c197a2a1425f5ec7844202d1e0df96d1b448f
@@ -1,5 +1,3 @@
1
- inherit_from: .rubocop_todo.yml
2
-
3
1
  require:
4
2
  - rubocop/cop/internal_affairs
5
3
  - rubocop-rspec
@@ -11,7 +9,7 @@ AllCops:
11
9
  - 'spec/fixtures/**/*'
12
10
  - 'tmp/**/*'
13
11
  - 'vendor/**/*'
14
- TargetRubyVersion: 2.2
12
+ TargetRubyVersion: 2.5
15
13
 
16
14
  Layout/ClassStructure:
17
15
  Enabled: true
@@ -32,12 +30,15 @@ Layout/ClassStructure:
32
30
  Layout/EndOfLine:
33
31
  EnforcedStyle: lf
34
32
 
35
- Layout/IndentArray:
33
+ Layout/FirstArrayElementIndentation:
36
34
  EnforcedStyle: consistent
37
35
 
38
- Layout/IndentHeredoc:
36
+ Layout/HeredocIndentation:
39
37
  EnforcedStyle: active_support
40
38
 
39
+ Layout/MultilineOperationIndentation:
40
+ EnforcedStyle: indented
41
+
41
42
  Lint/AmbiguousBlockAssociation:
42
43
  Exclude:
43
44
  - 'spec/**/*.rb'
@@ -46,6 +47,10 @@ Lint/InterpolationCheck:
46
47
  Exclude:
47
48
  - 'spec/**/*.rb'
48
49
 
50
+ Metrics/AbcSize:
51
+ Exclude:
52
+ - 'lib/xml/kit/self_signed_certificate.rb'
53
+
49
54
  Metrics/BlockLength:
50
55
  Exclude:
51
56
  - '**/**/*.builder'
@@ -59,8 +64,10 @@ Metrics/ModuleLength:
59
64
  - 'spec/**/*.rb'
60
65
 
61
66
  Metrics/LineLength:
67
+ IgnoredPatterns: ['(\A|\s)#']
62
68
  Exclude:
63
69
  - 'spec/**/*.rb'
70
+ - 'lib/xml/kit/templates/*.builder'
64
71
 
65
72
  Naming/FileName:
66
73
  Exclude:
@@ -84,9 +91,16 @@ Style/TrailingCommaInHashLiteral:
84
91
  RSpec/ExampleLength:
85
92
  Max: 80
86
93
 
94
+ RSpec/LeakyConstantDeclaration:
95
+ Exclude:
96
+ - 'spec/xml/kit/templatable_spec.rb'
97
+
87
98
  RSpec/MultipleExpectations:
88
99
  Enabled: false
89
100
 
101
+ RSpec/MultipleMemoizedHelpers:
102
+ Enabled: false
103
+
90
104
  RSpec/NamedSubject:
91
105
  Enabled: false
92
106
 
@@ -95,3 +109,7 @@ RSpec/NestedGroups:
95
109
 
96
110
  RSpec/SubjectStub:
97
111
  Enabled: false
112
+
113
+ Style/DoubleNegation:
114
+ Exclude:
115
+ - 'lib/xml/kit/certificate.rb'
@@ -1,11 +1,13 @@
1
1
  sudo: false
2
2
  language: ruby
3
- cache: bundler
4
3
  rvm:
5
- - 2.2.9
6
- - 2.3.6
7
- - 2.4.3
8
- - 2.5.0
4
+ - 2.5.5
5
+ - 2.6.3
6
+ - 2.7.2
7
+ - 3.0.0
8
+ before_install:
9
+ - gem update --system
10
+ - gem install bundler
9
11
  script:
10
12
  - bin/cibuild
11
13
  - bin/lint
@@ -0,0 +1,60 @@
1
+ Version 0.5.0
2
+
3
+ # Changelog
4
+ All notable changes to this project will be documented in this file.
5
+
6
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
7
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
8
+
9
+ ## [Unreleased]
10
+
11
+ ## [0.5.0] - 2021-01-30
12
+ ### Changed
13
+ - Minimum Ruby 2.5+
14
+
15
+ ## [0.4.0] - 2019-04-30
16
+ ### Added
17
+ - provide stable API for specifying the digest method and signature method.
18
+
19
+ ### Changed
20
+ - drop support for ruby 2.2
21
+ - drop support for ruby 2.3
22
+ - use bundler 2.0
23
+
24
+ ## [0.3.1] - 2019-04-01
25
+ ### Changed
26
+ - provide default symmetric cipher for `EncryptedData` element.
27
+ - use `ENVELOPED_SIG` constant
28
+
29
+ ### Added
30
+ - allow specifying id for `EncryptedData` element.
31
+
32
+ ## [0.3.0] - 2019-01-XX
33
+ ### Added
34
+ - Default logger
35
+
36
+ ### Changed
37
+ - \_assign does not coerce values by default.
38
+ - errors are merged together instead of overwritten during attribute validation.
39
+
40
+ [Unreleased]: https://github.com/saml-kit/xml-kit/compare/v0.5.0...HEAD
41
+ [0.5.0]: https://github.com/saml-kit/xml-kit/compare/v0.4.0...v0.5.0
42
+ [0.4.0]: https://github.com/saml-kit/xml-kit/compare/v0.3.1...v0.4.0
43
+ [0.3.1]: https://github.com/saml-kit/xml-kit/compare/v0.3.0...v0.3.1
44
+ [0.3.0]: https://github.com/saml-kit/xml-kit/compare/v0.2.0...v0.3.0
45
+ [0.2.0]: https://github.com/saml-kit/xml-kit/compare/v0.1.14...v0.2.0
46
+ [0.1.14]: https://github.com/saml-kit/xml-kit/compare/v0.1.13...v0.1.14
47
+ [0.1.13]: https://github.com/saml-kit/xml-kit/compare/v0.1.12...v0.1.13
48
+ [0.1.12]: https://github.com/saml-kit/xml-kit/compare/v0.1.11...v0.1.12
49
+ [0.1.11]: https://github.com/saml-kit/xml-kit/compare/v0.1.10...v0.1.11
50
+ [0.1.10]: https://github.com/saml-kit/xml-kit/compare/v0.1.9...v0.1.10
51
+ [0.1.9]: https://github.com/saml-kit/xml-kit/compare/v0.1.8...v0.1.9
52
+ [0.1.8]: https://github.com/saml-kit/xml-kit/compare/v0.1.7...v0.1.8
53
+ [0.1.7]: https://github.com/saml-kit/xml-kit/compare/v0.1.6...v0.1.7
54
+ [0.1.6]: https://github.com/saml-kit/xml-kit/compare/v0.1.5...v0.1.6
55
+ [0.1.5]: https://github.com/saml-kit/xml-kit/compare/v0.1.4...v0.1.5
56
+ [0.1.4]: https://github.com/saml-kit/xml-kit/compare/v0.1.3...v0.1.4
57
+ [0.1.3]: https://github.com/saml-kit/xml-kit/compare/v0.1.1...v0.1.3
58
+ [0.1.1]: https://github.com/saml-kit/xml-kit/compare/v0.1.1...v0.1.1
59
+ [0.1.1]: https://github.com/saml-kit/xml-kit/compare/v0.1.0...v0.1.1
60
+ [0.1.0]: https://github.com/saml-kit/xml-kit/compare/v0.1.0...v0.1.0
data/README.md CHANGED
@@ -5,8 +5,7 @@
5
5
  [![Build Status](https://travis-ci.org/saml-kit/xml-kit.svg?branch=master)](https://travis-ci.org/saml-kit/xml-kit)
6
6
  [![Security](https://hakiri.io/github/saml-kit/xml-kit/master.svg)](https://hakiri.io/github/saml-kit/xml-kit/master)
7
7
 
8
- Xml::Kit is a toolkit for working with XML. It supports adding [XML
9
- Digital Signatures](https://www.w3.org/TR/xmldsig-core/)
8
+ Xml::Kit is a toolkit for working with XML. It supports adding [XML Digital Signatures](https://www.w3.org/TR/xmldsig-core/)
10
9
  and [XML Encryption](https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html).
11
10
 
12
11
  ## Installation
@@ -29,11 +28,12 @@ Or install it yourself as:
29
28
 
30
29
  ```builder
31
30
  # ./templates/item.builder
31
+
32
32
  xml.instruct!
33
33
  xml.Item ID: id do
34
34
  signature_for reference_id: id, xml: xml
35
35
  xml.Encrypted do
36
- encryption_for xml: xml do |encrypted_xml|
36
+ encrypt_data_for xml: xml do |encrypted_xml|
37
37
  encrypted_xml.EncryptMe do
38
38
  encrypted_xml.Secret "secret"
39
39
  end
@@ -48,12 +48,12 @@ require 'xml/kit'
48
48
  class Item
49
49
  include ::Xml::Kit::Templatable
50
50
 
51
- def initialize
51
+ attr_reader :id
52
+
53
+ def initialize(signing_key_pair, encryption_certificate)
52
54
  @id = ::Xml::Kit::Id.generate
53
- @signing_key_pair = ::Xml::Kit::KeyPair.generate(use: :signing)
54
- @embed_signature = true
55
- @encrypt = true
56
- @encryption_certificate = ::Xml::Kit::KeyPair.generate(use: :encryption).certificate
55
+ sign_with(signing_key_pair)
56
+ encrypt_with(encryption_certificate)
57
57
  end
58
58
 
59
59
  def template_path
@@ -62,7 +62,9 @@ class Item
62
62
  end
63
63
  end
64
64
 
65
- puts Item.new.to_xml
65
+ signing_key_pair = ::Xml::Kit::KeyPair.generate(use: :signing)
66
+ encryption_certificate = ::Xml::Kit::KeyPair.generate(use: :encryption).certificate
67
+ puts Item.new(signing_key_pair, encryption_certificate).to_xml
66
68
  ```
67
69
 
68
70
  This will produce something like the following:
@@ -86,8 +88,7 @@ This will produce something like the following:
86
88
  <SignatureValue>ZCSx4dad704jz0Z6rCMsnOs/oyVH3YBeEF9wtk2UFmWBW+VfhoBKw7N50GnzmAGCHyI6zajRPdff5i6UMDz3fOzh7rlROnqW0TXoG77xPiIfqJswCKE/4LzzBLrEHVbdUz90U8n0M1Ahbesrt+pbf/NkJghpvDhJW+w6oho7dyU6k57C5D//kTaSb7DvKte3a7/o8xWvPRztQhYekK+RyWjK9k/lU4WEXk5rGbx+QrD9rgIXBQOdcSjOtUosZJADz7uFod6AWRak246U62Xahz8JxE/1N22LhZY9whvB7s+c76f1Uv44NtF87D0P8UXs0TVx2jsnhEwLsT7DPQ6jDg==</SignatureValue>
87
89
  <KeyInfo>
88
90
  <X509Data>
89
- <X509Certificate>MIIDQTCCAimgAwIBAgIBADANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHQWxiZXJ0YTEQMA4GA1UEBwwHQ2FsZ2FyeTEPMA0GA1UECgwGWG1sS2l0MQ8wDQYDVQQLDAZYbWxLaXQxDzANBgNVBAMMBlhtbEtpdDAeFw0xNzEyMzAxOTM1MjZaFw0xODAxMjkwNzAwMDBaMGQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdBbGJlcnRhMRAwDgYDVQQHDAdDYWxnYXJ5MQ8wDQYDVQQKDAZYbWxLaXQxDzANBgNVBAsMBlhtbEtpdDEPMA0GA1UEAwwGWG1sS2l0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8yvaY1zvqiSTpDc0vFgS00N0R05ytanViNy0YrcAvLH2njvLOYi8e5lWAjCUzoWTe6FMJQySIHuzr9NvZztlQBp5tydmxDsOFQ3DrBhiqtyafdCd5s8OQz1CekavgToTOm5VdZEWLD7HSCFvHXeuiS/zwEh4yYpJBAERtsSaYxT7L1wNggxc6F6UEfF1vwrGxMNH/OUi4okeS773esXeRlP5fHyMUvVC70KHauSYt/kjNR8/WuZBOY8/kFv3XiErf0PNSAYhyGHozabv8hJ2Bho0+HR12P6Xv+qKXFlDnMeAOHy23eShuUpCEBaEPAG4o8w4g/lrn0nJ+e9XrYaNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWybi6buMD75KBCcyd5aRtSKavYoDaZlzuohKh4z1HEzHS/fbpbxVQOrfXtuawZjNxcn62LFIe/w68EImzYkAss8LKojRcaKnIeF1/3Pzo6qfnmFpaecfYvX3ZTtw9JPOd4chy2X2WFAUMRscjSvjNvTBzFOXg60F0UMDnWOWMbc5Di/aZD8r2s/RDE3QxcUou8QhBMc2nYw77mQsXBnWmBeUA2aGP
90
- 8OG/fOgtBKkZnNF8gx7wuodbYSmKAfFGx8+CGtnkwNr4/hXgd1qg5KmsAx+9VYozCjGKSkVUIqC5khy6N+1Pb5jMKrMQ+QU9zGhylWoJ2jiK65hzUUVUESIB</X509Certificate>
91
+ <X509Certificate>MIIDQTCCAimgAwIBAgIBADANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHQWxiZXJ0YTEQMA4GA1UEBwwHQ2FsZ2FyeTEPMA0GA1UECgwGWG1sS2l0MQ8wDQYDVQQLDAZYbWxLaXQxDzANBgNVBAMMBlhtbEtpdDAeFw0xNzEyMzAxOTM1MjZaFw0xODAxMjkwNzAwMDBaMGQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdBbGJlcnRhMRAwDgYDVQQHDAdDYWxnYXJ5MQ8wDQYDVQQKDAZYbWxLaXQxDzANBgNVBAsMBlhtbEtpdDEPMA0GA1UEAwwGWG1sS2l0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8yvaY1zvqiSTpDc0vFgS00N0R05ytanViNy0YrcAvLH2njvLOYi8e5lWAjCUzoWTe6FMJQySIHuzr9NvZztlQBp5tydmxDsOFQ3DrBhiqtyafdCd5s8OQz1CekavgToTOm5VdZEWLD7HSCFvHXeuiS/zwEh4yYpJBAERtsSaYxT7L1wNggxc6F6UEfF1vwrGxMNH/OUi4okeS773esXeRlP5fHyMUvVC70KHauSYt/kjNR8/WuZBOY8/kFv3XiErf0PNSAYhyGHozabv8hJ2Bho0+HR12P6Xv+qKXFlDnMeAOHy23eShuUpCEBaEPAG4o8w4g/lrn0nJ+e9XrYaNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWybi6buMD75KBCcyd5aRtSKavYoDaZlzuohKh4z1HEzHS/fbpbxVQOrfXtuawZjNxcn62LFIe/w68EImzYkAss8LKojRcaKnIeF1/3Pzo6qfnmFpaecfYvX3ZTtw9JPOd4chy2X2WFAUMRscjSvjNvTBzFOXg60F0UMDnWOWMbc5Di/aZD8r2s/RDE3QxcUou8QhBMc2nYw77mQsXBnWmBeUA2aGP8OG/fOgtBKkZnNF8gx7wuodbYSmKAfFGx8+CGtnkwNr4/hXgd1qg5KmsAx+9VYozCjGKSkVUIqC5khy6N+1Pb5jMKrMQ+QU9zGhylWoJ2jiK65hzUUVUESIB</X509Certificate>
91
92
  </X509Data>
92
93
  </KeyInfo>
93
94
  </Signature>
@@ -98,21 +99,12 @@ This will produce something like the following:
98
99
  <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
99
100
  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
100
101
  <CipherData>
101
- <CipherValue>rBJwm+gmL6eUHBZDXs2swIL3DiZ+MfmBPpM52eF0RWFtZv/gutY02KlsFLlm
102
- jc+DO7X5p9l1Br67FjGJrTdfSSqHf35cS1cioyaKLtgniSrD7Hf9d8qIuWt5
103
- 6dLWjmCi21cePMJHhNiFe5yRjFHNp5LZ9dX5hvNXjbn0+p90fj8zlO2TWZv9
104
- atooON3BaYGCezZlmG0bWyEmloqKHiGjqaKtkdeSKJDzoo/AvubDEgz56rin
105
- Cpw26rEOg8BBd/KNfSXyDUifOOzXmn6myq+8+W/FFQ+6y+5SgtsbONRCqe2c
106
- KkNi3fYhilwLxWCaXFjONimEOkeG03yR5QnWhzEOpw==
107
- </CipherValue>
102
+ <CipherValue>rBJwm+gmL6eUHBZDXs2swIL3DiZ+MfmBPpM52eF0RWFtZv/gutY02KlsFLlmjc+DO7X5p9l1Br67FjGJrTdfSSqHf35cS1cioyaKLtgniSrD7Hf9d8qIuWt56dLWjmCi21cePMJHhNiFe5yRjFHNp5LZ9dX5hvNXjbn0+p90fj8zlO2TWZv9atooON3BaYGCezZlmG0bWyEmloqKHiGjqaKtkdeSKJDzoo/AvubDEgz56rinCpw26rEOg8BBd/KNfSXyDUifOOzXmn6myq+8+W/FFQ+6y+5SgtsbONRCqe2cKkNi3fYhilwLxWCaXFjONimEOkeG03yR5QnWhzEOpw==</CipherValue>
108
103
  </CipherData>
109
104
  </EncryptedKey>
110
105
  </KeyInfo>
111
106
  <CipherData>
112
- <CipherValue>45rM0phzM/S/vpiq8Ev+uQZ6WL5qZ8av0UDVzWAlHn6Qr7zWYjHea+NF94lK
113
- pvmTPWQDEnfv2UW8l0VdCLc+51zHjluRE/xJh31Gk3rVuRJtLioSge/N9UM4
114
- 5g901rE9
115
- </CipherValue>
107
+ <CipherValue>45rM0phzM/S/vpiq8Ev+uQZ6WL5qZ8av0UDVzWAlHn6Qr7zWYjHea+NF94lKpvmTPWQDEnfv2UW8l0VdCLc+51zHjluRE/xJh31Gk3rVuRJtLioSge/N9UM45g901rE9</CipherValue>
116
108
  </CipherData>
117
109
  </EncryptedData>
118
110
  </Encrypted>
@@ -17,5 +17,5 @@ export RUBY_HEAP_SLOTS_INCREMENT=400000
17
17
  export RUBY_HEAP_SLOTS_GROWTH_FACTOR=1
18
18
 
19
19
  ruby -v
20
- gem install bundler --no-ri --no-rdoc --conservative
20
+ gem install bundler --conservative -v '~> 2.0'
21
21
  bin/test
@@ -19,9 +19,12 @@ require 'xml/kit/crypto'
19
19
  require 'xml/kit/decryption'
20
20
  require 'xml/kit/decryption_error'
21
21
  require 'xml/kit/document'
22
+ require 'xml/kit/encrypted_data'
23
+ require 'xml/kit/encrypted_key'
22
24
  require 'xml/kit/encryption'
23
25
  require 'xml/kit/fingerprint'
24
26
  require 'xml/kit/id'
27
+ require 'xml/kit/key_info'
25
28
  require 'xml/kit/key_pair'
26
29
  require 'xml/kit/self_signed_certificate'
27
30
  require 'xml/kit/signature'
@@ -32,6 +35,8 @@ require 'xml/kit/version'
32
35
 
33
36
  module Xml
34
37
  module Kit
38
+ class Error < StandardError; end
39
+
35
40
  class << self
36
41
  def logger
37
42
  @logger ||= Logger.new(STDOUT)
@@ -39,9 +44,13 @@ module Xml
39
44
 
40
45
  attr_writer :logger
41
46
 
42
- def deprecate(message)
47
+ def deprecate(name, alternative: nil)
43
48
  @deprecation ||= ActiveSupport::Deprecation.new('1.0.0', 'xml-kit')
44
- @deprecation.deprecation_warning(message)
49
+ if alternative
50
+ @deprecation.deprecation_warning(name, "Use `#{alternative}` instead")
51
+ else
52
+ @deprecation.deprecation_warning(name)
53
+ end
45
54
  end
46
55
  end
47
56
  end
@@ -1,9 +1,12 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'xml/kit/templatable'
4
+
3
5
  module Xml
4
6
  module Kit
5
- # {include:file:spec/xml/certificate_spec.rb}
7
+ # {include:file:spec/xml/kit/certificate_spec.rb}
6
8
  class Certificate
9
+ include Templatable
7
10
  BASE64_FORMAT = %r(\A([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\Z).freeze
8
11
  BEGIN_CERT = /-----BEGIN CERTIFICATE-----/.freeze
9
12
  END_CERT = /-----END CERTIFICATE-----/.freeze
@@ -109,9 +112,8 @@ module Xml
109
112
  x509.not_before
110
113
  end
111
114
 
112
- def to_xml(pretty: false, xml: ::Builder::XmlMarkup.new)
113
- xml = ::Xml::Kit::Template.new(self).to_xml(xml: xml)
114
- pretty ? Nokogiri::XML(xml).to_xml(indent: 2) : xml
115
+ def key_info
116
+ @key_info ||= KeyInfo.new(x509: x509)
115
117
  end
116
118
 
117
119
  class << self
@@ -14,6 +14,20 @@ module Xml
14
14
  def self.cipher_for(algorithm, key)
15
15
  CIPHERS.find { |x| x.matches?(algorithm) }.new(algorithm, key)
16
16
  end
17
+
18
+ def self.cipher_registry(&block)
19
+ BlockRegistry.new(&block)
20
+ end
21
+
22
+ class BlockRegistry
23
+ def initialize(&factory)
24
+ @factory = factory
25
+ end
26
+
27
+ def cipher_for(algorithm, key)
28
+ @factory.call(algorithm, key)
29
+ end
30
+ end
17
31
  end
18
32
  end
19
33
  end
@@ -4,11 +4,14 @@ module Xml
4
4
  module Kit
5
5
  module Crypto
6
6
  class OaepCipher
7
- ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-oaep-mgf1p".freeze
7
+ ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-oaep-mgf1p"
8
8
  ALGORITHMS = {
9
9
  ALGORITHM => true
10
10
  }.freeze
11
- def initialize(_algorithm, key)
11
+ attr_reader :algorithm, :key
12
+
13
+ def initialize(algorithm, key)
14
+ @algorithm = algorithm
12
15
  @key = key
13
16
  end
14
17
 
@@ -4,9 +4,11 @@ module Xml
4
4
  module Kit
5
5
  module Crypto
6
6
  class RsaCipher
7
- ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-1_5".freeze
7
+ ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}rsa-1_5"
8
+ attr_reader :algorithm, :key
8
9
 
9
- def initialize(_algorithm, key)
10
+ def initialize(algorithm, key)
11
+ @algorithm = algorithm
10
12
  @key = key
11
13
  end
12
14
 
@@ -4,7 +4,7 @@ module Xml
4
4
  module Kit
5
5
  module Crypto
6
6
  class SymmetricCipher
7
- DEFAULT_ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc".freeze
7
+ DEFAULT_ALGORITHM = "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc"
8
8
  ALGORITHMS = {
9
9
  "#{::Xml::Kit::Namespaces::XMLENC}tripledes-cbc" => 'DES-EDE3-CBC',
10
10
  "#{::Xml::Kit::Namespaces::XMLENC}aes128-cbc" => 'AES-128-CBC',
@@ -12,11 +12,12 @@ module Xml
12
12
  "#{::Xml::Kit::Namespaces::XMLENC}aes256-cbc" => 'AES-256-CBC',
13
13
  }.freeze
14
14
 
15
- attr_reader :key
15
+ attr_reader :algorithm, :key, :padding
16
16
 
17
- def initialize(algorithm, key = nil)
17
+ def initialize(algorithm = DEFAULT_ALGORITHM, key = nil, padding = nil)
18
18
  @algorithm = algorithm
19
19
  @key = key || cipher.random_key
20
+ @padding = padding
20
21
  end
21
22
 
22
23
  def self.matches?(algorithm)
@@ -30,19 +31,39 @@ module Xml
30
31
  end
31
32
 
32
33
  def decrypt(cipher_text)
34
+ bytes = cipher_text.bytes
35
+ result = default_decrypt(
36
+ bytes[0...cipher.iv_len],
37
+ bytes[cipher.iv_len..-1]
38
+ )
39
+ return result if padding.nil?
40
+
41
+ padding_size = result.bytes.last
42
+ result[0...-padding_size]
43
+ end
44
+
45
+ def to_s
46
+ algorithm
47
+ end
48
+
49
+ protected
50
+
51
+ def default_decrypt(initialization_vector, data)
33
52
  cipher.decrypt
34
- iv = cipher_text[0..cipher.iv_len - 1]
35
- data = cipher_text[cipher.iv_len..-1]
36
- # cipher.padding = 0
53
+ apply_padding_to(cipher)
37
54
  cipher.key = @key
38
- cipher.iv = iv
39
- cipher.update(data) + cipher.final
55
+ cipher.iv = initialization_vector.pack('c*')
56
+ cipher.update(data.pack('c*')) << cipher.final
40
57
  end
41
58
 
42
59
  private
43
60
 
44
61
  def cipher
45
- @cipher ||= OpenSSL::Cipher.new(ALGORITHMS[@algorithm])
62
+ @cipher ||= OpenSSL::Cipher.new(ALGORITHMS[algorithm])
63
+ end
64
+
65
+ def apply_padding_to(cipher)
66
+ cipher.padding = padding unless padding.nil?
46
67
  end
47
68
  end
48
69
  end