xmldsig 0.0.1

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+.rvmrc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/.travis.yaml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 1.8.7
+  - ree

data/Gemfile

@@ -0,0 +1,12 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in xmldsig.gemspec
+gemspec
+
+group :test, :development do
+  gem 'simplecov'
+  gem 'rspec'
+  gem 'guard-rspec'
+  gem 'rb-fsevent', '~> 0.9.1'
+  gem 'rake'
+end

data/Guardfile

@@ -0,0 +1,24 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard 'rspec' do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+
+  # Rails example
+  watch(%r{^app/(.+)\.rb$})                           { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^app/(.*)(\.erb|\.haml)$})                 { |m| "spec/#{m[1]}#{m[2]}_spec.rb" }
+  watch(%r{^app/controllers/(.+)_(controller)\.rb$})  { |m| ["spec/routing/#{m[1]}_routing_spec.rb", "spec/#{m[2]}s/#{m[1]}_#{m[2]}_spec.rb", "spec/acceptance/#{m[1]}_spec.rb"] }
+  watch(%r{^spec/support/(.+)\.rb$})                  { "spec" }
+  watch('config/routes.rb')                           { "spec/routing" }
+  watch('app/controllers/application_controller.rb')  { "spec/controllers" }
+
+  # Capybara features specs
+  watch(%r{^app/views/(.+)/.*\.(erb|haml)$})          { |m| "spec/features/#{m[1]}_spec.rb" }
+
+  # Turnip features and steps
+  watch(%r{^spec/acceptance/(.+)\.feature$})
+  watch(%r{^spec/acceptance/steps/(.+)_steps\.rb$})   { |m| Dir[File.join("**/#{m[1]}.feature")][0] || 'spec/acceptance' }
+end
+

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2013 benoist
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,76 @@
+[![Build Status](https://secure.travis-ci.org/benoist/xmldsig.png?branch=master)](http://travis-ci.org/benoist/xmldsig)
+# Xmldsig
+
+This gem is a (partial) implementation of the XMLDsig specification (http://www.w3.org/TR/xmldsig-core)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'xmldsig'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install xmldsig
+
+## Usage
+
+```ruby
+unsigned_xml = <<-XML
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>
+XML
+
+private_key = OpenSSL::PKey::RSA.new(File.read("key.pem"))
+certificate = OpenSSL::X509::Certificate.new(File.read("certificate.cer"))
+
+unsigned_document = Xmldsig::SignedDocument.new(unsigned_xml)
+signed_xml = unsigned_document.sign(private_key)
+
+# With block
+signed_xml = unsigned_document.sign do |data|
+  private_key.sign(OpenSSL::Digest::SHA256.new, data)
+end
+
+# Validation
+
+signed_document = Xmldsig::SignedDocument.new(signed_xml)
+document.verify(certificate)
+
+# With block
+signed_document = Xmldsig::SignedDocument.new(signed_xml)
+document.verify do |signature_value, data|
+  certificate.public_key.verify(OpenSSL::Digest::SHA256.new, signature_value, data)
+end
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,10 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:core) do |spec|
+  spec.rspec_opts = ['--backtrace']
+end
+
+task :default => [:core]

data/lib/xmldsig.rb

@@ -0,0 +1,18 @@
+require "nokogiri"
+require "openssl"
+require "base64"
+require "xmldsig/version"
+require "xmldsig/canonicalizer"
+require "xmldsig/signed_document"
+require "xmldsig/transforms/transform"
+require "xmldsig/transforms/canonicalize"
+require "xmldsig/transforms/enveloped_signature"
+require "xmldsig/transforms"
+require "xmldsig/signature"
+
+module Xmldsig
+  NAMESPACES = {
+      "ds" => "http://www.w3.org/2000/09/xmldsig#",
+      "ec" => "http://www.w3.org/2001/10/xml-exc-c14n#"
+  }
+end

data/lib/xmldsig/canonicalizer.rb

@@ -0,0 +1,28 @@
+module Xmldsig
+  class Canonicalizer
+    attr_accessor :node, :method, :inclusive_namespaces
+
+    def initialize(node, method, inclusive_namespaces = [])
+      @node = node
+      @method = method
+      @inclusive_namespaces = inclusive_namespaces
+    end
+
+    def canonicalize
+      node.canonicalize(mode(method), inclusive_namespaces)
+    end
+
+    private
+
+    def mode(method)
+      case method
+        when "http://www.w3.org/2001/10/xml-exc-c14n#"
+          Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
+        when "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
+          Nokogiri::XML::XML_C14N_1_0
+        when "http://www.w3.org/2006/12/xml-c14n11"
+          Nokogiri::XML::XML_C14N_1_1
+      end
+    end
+  end
+end

data/lib/xmldsig/signature.rb

@@ -0,0 +1,126 @@
+module Xmldsig
+  class Signature
+    attr_accessor :signature, :errors
+
+    def initialize(signature)
+      @signature = signature
+      @errors    = []
+    end
+
+    def digest_value
+      Base64.decode64 signed_info.at_xpath("descendant::ds:DigestValue", NAMESPACES).content
+    end
+
+    def document
+      signature.document
+    end
+
+    def referenced_node
+      if reference_uri && reference_uri != ""
+        document.dup.at_xpath("//*[@ID='#{reference_uri[1..-1]}']")
+      else
+        document.dup.at_xpath(signature.parent.path)
+      end
+    end
+
+    def reference_uri
+      signature.at_xpath("descendant::ds:Reference", NAMESPACES).get_attribute("URI")
+    end
+
+    def sign(private_key = nil, &block)
+      self.digest_value    = calculate_digest_value
+      self.signature_value = calculate_signature_value(private_key, &block)
+    end
+
+    def signed_info
+      signature.at_xpath("descendant::ds:SignedInfo", NAMESPACES)
+    end
+
+    def signature_value
+      Base64.decode64 signature.at_xpath("descendant::ds:SignatureValue", NAMESPACES).content
+    end
+
+    def valid?(certificate = nil, &block)
+      @errors = []
+      validate_digest_value
+      validate_signature_value(certificate, &block)
+      @errors.empty?
+    end
+
+    private
+
+    def calculate_digest_value
+      node = transforms.apply(referenced_node)
+      digest_method.digest node
+    end
+
+    def canonicalization_method
+      signed_info.at_xpath("descendant::ds:CanonicalizationMethod", NAMESPACES).get_attribute("Algorithm")
+    end
+
+    def canonicalized_signed_info
+      Canonicalizer.new(signed_info, canonicalization_method).canonicalize
+    end
+
+    def calculate_signature_value(private_key, &block)
+      if private_key
+        private_key.sign(signature_method.new, canonicalized_signed_info)
+      else
+        yield(canonicalized_signed_info)
+      end
+    end
+
+    def digest_method
+      algorithm = signed_info.at_xpath("descendant::ds:DigestMethod", NAMESPACES).get_attribute("Algorithm")
+      case algorithm
+        when "http://www.w3.org/2001/04/xmlenc#sha256"
+          Digest::SHA2
+        when "http://www.w3.org/2000/09/xmldsig#sha1"
+          Digest::SHA1
+      end
+    end
+
+    def digest_value=(digest_value)
+      signed_info.at_xpath("descendant::ds:DigestValue").content =
+          Base64.encode64(digest_value).chomp
+    end
+
+    def signature_method
+      algorithm = signed_info.at_xpath("descendant::ds:SignatureMethod", NAMESPACES).get_attribute("Algorithm")
+      algorithm = algorithm && algorithm =~ /sha(.*?)$/i && $1.to_i
+      case algorithm
+        when 256 then
+          OpenSSL::Digest::SHA256
+        else
+          OpenSSL::Digest::SHA1
+      end
+    end
+
+    def signature_value=(signature_value)
+      signature.at_xpath("descendant::ds:SignatureValue").content =
+          Base64.encode64(signature_value).chomp
+    end
+
+    def transforms
+      Transforms.new(signature.xpath("descendant::ds:Transform", NAMESPACES))
+    end
+
+    def validate_digest_value
+      unless digest_value == calculate_digest_value
+        errors << :digest_value
+      end
+    end
+
+    def validate_signature_value(certificate)
+      signature_valid = if certificate
+        certificate.public_key.verify(signature_method.new, signature_value, canonicalized_signed_info)
+      else
+        yield(signature_value, canonicalized_signed_info)
+      end
+
+      unless signature_valid
+        errors << :signature
+      end
+    end
+  end
+end

data/lib/xmldsig/signed_document.rb

@@ -0,0 +1,26 @@
+module Xmldsig
+  class SignedDocument
+    attr_accessor :document
+
+    def initialize(document, options = {})
+      @document = Nokogiri::XML::Document.parse(document)
+    end
+
+    def validate(certificate = nil, &block)
+      signatures.all? { |signature| signature.valid?(certificate, &block) }
+    end
+
+    def sign(private_key = nil, &block)
+      signatures.each { |signature| signature.sign(private_key, &block) }
+      @document.to_s
+    end
+
+    def signed_nodes
+      signatures.collect(&:referenced_node)
+    end
+
+    def signatures
+      document.xpath("//ds:Signature", NAMESPACES).collect { |node| Signature.new(node) } || []
+    end
+  end
+end

data/lib/xmldsig/transforms.rb

@@ -0,0 +1,26 @@
+module Xmldsig
+  class Transforms < Array
+
+    def apply(node)
+      @node = node
+      each do |transform_node|
+        @node = get_transform(@node, transform_node).transform
+      end
+      @node
+    end
+
+    private
+
+    def get_transform(node, transform_node)
+      case transform_node.get_attribute("Algorithm")
+        when "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
+          Transforms::EnvelopedSignature.new(node, transform_node)
+        when "http://www.w3.org/2001/10/xml-exc-c14n#",
+            "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
+            "http://www.w3.org/2006/12/xml-c14n11"
+          Transforms::Canonicalize.new(node, transform_node)
+      end
+    end
+
+  end
+end

data/lib/xmldsig/transforms/canonicalize.rb

@@ -0,0 +1,25 @@
+module Xmldsig
+  class Transforms < Array
+    class Canonicalize < Transform
+      def transform
+        self.node = Canonicalizer.new(node, algorithm, inclusive_namespaces).canonicalize
+        node
+      end
+
+      private
+
+      def algorithm
+        transform_node.get_attribute("Algorithm")
+      end
+
+      def inclusive_namespaces
+        inclusive_namespaces = transform_node.at_xpath("descendant::ec:InclusiveNamespaces", Xmldsig::NAMESPACES)
+        if inclusive_namespaces && inclusive_namespaces.has_attribute?("PrefixList")
+          inclusive_namespaces.get_attribute("PrefixList").to_s.split(" ")
+        else
+          []
+        end
+      end
+    end
+  end
+end

data/lib/xmldsig/transforms/enveloped_signature.rb

@@ -0,0 +1,10 @@
+module Xmldsig
+  class Transforms < Array
+    class EnvelopedSignature < Transform
+      def transform
+        node.xpath("descendant::ds:Signature", Xmldsig::NAMESPACES).remove
+        node
+      end
+    end
+  end
+end

data/lib/xmldsig/transforms/transform.rb

@@ -0,0 +1,18 @@
+module Xmldsig
+  class Transforms < Array
+    class Transform
+
+      attr_accessor :node, :transform_node
+
+      def initialize(node, transform_node)
+        @node           = node
+        @transform_node = transform_node
+      end
+
+      def transform
+        warn("Transform called but not implemented!")
+        self
+      end
+    end
+  end
+end

data/lib/xmldsig/version.rb

@@ -0,0 +1,3 @@
+module Xmldsig
+  VERSION = "0.0.1"
+end

data/spec/fixtures/certificate.cer

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBADANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJCRTEN
+MAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDAeFw0x
+MzAxMTMxNTMzNDNaFw0xNDAxMTMxNTMzNDNaMDoxCzAJBgNVBAYTAkJFMQ0wCwYD
+VQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDARUZXN0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC37C0mhTmdr8iVfQPQuOKtzG/fhwG4ILuUX1Vk
+5uN9oSZJxhb5Kn8aBppny1BSekgk12wn4AE/6i7Jfix3SZWoqdaxpdDalvQSdNey
+n6GmV2oP4lzp6XjXmtRxvOywgTYuhf/DBlpiq7B/vTF7kMwYgs0ahM3mRJG2V7LA
+RTXUfwIDAQABo4GXMIGUMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBRkMx3Z
+wHO3Zog0pWdYNB38NRmWMGIGA1UdIwRbMFmAFBRkMx3ZwHO3Zog0pWdYNB38NRmW
+oT6kPDA6MQswCQYDVQQGEwJCRTENMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVz
+dDENMAsGA1UEAwwEVGVzdIIBADANBgkqhkiG9w0BAQUFAAOBgQBs8voSBDgN7HL1
+i5EP+G/ymWUVenpGvRZCnfkR9Wo4ORzj1Y7ohXHooOzDJ2oi0yDwatXnPpe3hauq
+QDid6d4i7F1Wpgdo2MibqXP8/DPzhuBARvPSzip+yS6ITjqKN/YN4K+kpja2Sh7D
+dxWND3opvVHZTXywjZpdF1OsmNhOCg==
+-----END CERTIFICATE-----

data/spec/fixtures/certificate2.cer

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBADANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJCRTEN
+MAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDAeFw0x
+MzAxMTExNTI4MzdaFw0xNDAxMTExNTI4MzdaMDoxCzAJBgNVBAYTAkJFMQ0wCwYD
+VQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDARUZXN0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDQnLpvMvXoPGcAsdk2j2AeLLPysVtFc1f6CSGA
+fiIR2dzs8h/MN5R0bFBASDUGUGdYyr0QGcKNtqW/cd3Sr1rS2fh5Bopnq9YS6od6
+J6P3AGIKwmJuIBwwfsvnX3eKGDYeOqmrIo5mdPRAob2D1+FhXbMxeYbRhGMmItC0
+dle7LQIDAQABo4GXMIGUMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFM7pPtef
+Oj5Og5wLqI0Lt5UUmw0uMGIGA1UdIwRbMFmAFM7pPtefOj5Og5wLqI0Lt5UUmw0u
+oT6kPDA6MQswCQYDVQQGEwJCRTENMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVz
+dDENMAsGA1UEAwwEVGVzdIIBADANBgkqhkiG9w0BAQUFAAOBgQBTIt/4/sraPO4g
+mmY2oSGG19I2Fs24pV/bX8xqI10iexpGsxnpCQIeiDTUHamo12vyXDPx8zANdVTh
+FSAWHEESBMLrS8pybbAL7sU4ij4JmfxygGk6OEsc3jKY00NYom+Mg3JObIgtjOIK
+YfrH7uvpm+AIXsef5vrst4MI6GhEAA==
+-----END CERTIFICATE-----

data/spec/fixtures/key.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC37C0mhTmdr8iVfQPQuOKtzG/fhwG4ILuUX1Vk5uN9oSZJxhb5
+Kn8aBppny1BSekgk12wn4AE/6i7Jfix3SZWoqdaxpdDalvQSdNeyn6GmV2oP4lzp
+6XjXmtRxvOywgTYuhf/DBlpiq7B/vTF7kMwYgs0ahM3mRJG2V7LARTXUfwIDAQAB
+AoGBAKDQkd3niSw2YiVLTQW4UwNyCLOioT80567g+JKkS28yc374BGhS3xWLhoCQ
+xieHogMMlRX8iDsxcT1e5FRc88wtIh4vnpUeV++tU9nqpF9SAZV1HAHsOZwyrNUc
+0nZHgDcyyClirb2wbBG4L+SkrC2kS0MTlx+HiobGpMYsXMh5AkEA4EPrLY7fUaNl
+bzbJb+Thb3M4UsoXzFuFm0Z/H8ty6aw9yi1pxuh8OiyGGFqPB/gl3zUE1LNdTzx5
+xLt93Qdf8wJBANHy1EHwTcNbHJ935NQXF8RpllGyZG1X962NwtJ9x46MTPAhOceU
+9ZU+OCSOvl+7fKjjcw8TsLYiv4q+RMGZKEUCQHPaomOmqzdBceVCKE3lr5AjtbUP
+Mbwgi6TrhkCmmXadxE3tp/dZotNqrNtn7Pvw9Z+ZhCVdg5arZzx6n0rPxIECQDFZ
+oBUj1FOgXhkKCKrmBrsvipsHkN22+Mw971alJDxYtFkZpkhItnVvW6kUOKGuI35b
+gJdBrJ8TieymDulnA/UCQGfl27mqPX4JTzN+RiZHqGyGSzBi1ggH3vsI2oXDQZ7k
+uOAPiLSBR83eeHGkE2C5fn0QfQGgFNDFjC/6Su/Wvt4=
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/signed.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="foo">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>ftoSYFdze1AWgGHF5N9i9SFKThXkqH2AdyzA3/epbJw=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>E3yyqsSoxRkhYEuaEtR+SLg85gU5B4a7xUXA+d2Zn6j7F6z73dOd8iYHOusB
+Ty3C/3ujbmPhHKg8uX9kUE8b+YoOqZt4z9pdxAq44nJEuijwi4doIPpHWirv
+BnSoP5IoL0DYzGVrgj8udRzfAw5nNeV7wSrBZEn+yrxmUPJoUZc=</ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned/canonicalizer_1_0.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned/canonicalizer_1_1.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned/canonicalizer_exc.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned/digest_sha1.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned/without_namespace_prefix.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned/without_reference_uri.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference>
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned_nested_signature.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:baz="http://example.com/baz#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo baz"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+  <baz:Baz ID="baz">
+    <ds:Signature>
+      <ds:SignedInfo>
+        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+        <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+        <ds:Reference URI="#baz">
+          <ds:Transforms>
+            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+              <ec:InclusiveNamespaces PrefixList="foo baz"/>
+            </ds:Transform>
+          </ds:Transforms>
+          <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+          <ds:DigestValue></ds:DigestValue>
+        </ds:Reference>
+      </ds:SignedInfo>
+      <ds:SignatureValue></ds:SignatureValue>
+    </ds:Signature>
+  </baz:Baz>
+</foo:Foo>

data/spec/lib/xmldsig/signature_spec.rb

@@ -0,0 +1,112 @@
+require 'spec_helper'
+
+describe Xmldsig::Signature do
+  let(:certificate) { OpenSSL::X509::Certificate.new(File.read("spec/fixtures/certificate.cer")) }
+  let(:other_certificate) { OpenSSL::X509::Certificate.new(File.read("spec/fixtures/certificate2.cer")) }
+  let(:private_key) { OpenSSL::PKey::RSA.new(File.read("spec/fixtures/key.pem")) }
+  let(:document) { Nokogiri::XML::Document.parse File.read("spec/fixtures/signed.xml") }
+  let(:signature_node) { document.at_xpath("//ds:Signature", Xmldsig::NAMESPACES) }
+  let(:signature) { Xmldsig::Signature.new(signature_node) }
+
+  describe "#digest_value" do
+    it "returns the digest value in the xml" do
+      signature.digest_value.should == Base64.decode64("ftoSYFdze1AWgGHF5N9i9SFKThXkqH2AdyzA3/epbJw=")
+    end
+  end
+
+  describe "#document" do
+    it "returns the document" do
+      signature.document.should == document
+    end
+  end
+
+  describe "#referenced_node" do
+    it "returns the referenced_node by id" do
+      signature.referenced_node.to_s.should ==
+          document.at_xpath("//*[@ID='foo']").to_s
+    end
+
+    it "returns the referenced node by parent" do
+      signature.stub(:reference_uri).and_return("")
+      signature.referenced_node.to_s.should ==
+          document.at_xpath("//*[@ID='foo']").to_s
+    end
+  end
+
+  describe "#reference_uri" do
+    it "returns the reference uri" do
+      signature.reference_uri.should == "#foo"
+    end
+  end
+
+  describe "#sign" do
+    let(:document) { Nokogiri::XML::Document.parse File.read("spec/fixtures/unsigned.xml") }
+    let(:signature_node) { document.at_xpath("//ds:Signature", Xmldsig::NAMESPACES) }
+    let(:signature) { Xmldsig::Signature.new(signature_node) }
+
+    before :each do
+      signature.sign(private_key)
+    end
+
+    it "sets the digest value" do
+      signature.digest_value.should == Base64.decode64("ftoSYFdze1AWgGHF5N9i9SFKThXkqH2AdyzA3/epbJw=")
+    end
+
+    it "sets the signature value" do
+      signature.signature_value.should == Base64.decode64("
+        E3yyqsSoxRkhYEuaEtR+SLg85gU5B4a7xUXA+d2Zn6j7F6z73dOd8iYHOusB
+        Ty3C/3ujbmPhHKg8uX9kUE8b+YoOqZt4z9pdxAq44nJEuijwi4doIPpHWirv
+        BnSoP5IoL0DYzGVrgj8udRzfAw5nNeV7wSrBZEn+yrxmUPJoUZc=
+      ")
+    end
+
+    it "accepts a block" do
+      signature.sign do |data|
+        private_key.sign(OpenSSL::Digest::SHA256.new, data)
+      end
+      signature.signature_value.should == Base64.decode64("
+        E3yyqsSoxRkhYEuaEtR+SLg85gU5B4a7xUXA+d2Zn6j7F6z73dOd8iYHOusB
+        Ty3C/3ujbmPhHKg8uX9kUE8b+YoOqZt4z9pdxAq44nJEuijwi4doIPpHWirv
+        BnSoP5IoL0DYzGVrgj8udRzfAw5nNeV7wSrBZEn+yrxmUPJoUZc=
+      ")
+    end
+
+  end
+
+  describe "#signed_info" do
+    it "returns the canonicalized signed info element" do
+      signature.signed_info.to_s.should ==
+          document.at_xpath("//ds:SignedInfo", Xmldsig::NAMESPACES).to_s
+    end
+  end
+
+  describe "#signature_value" do
+    it "returns the signature value" do
+      signature.signature_value.should ==
+          Base64.decode64(document.at_xpath("//ds:SignatureValue", Xmldsig::NAMESPACES).content)
+    end
+  end
+
+  describe "#valid?" do
+    it "returns true with the correct certificate" do
+      signature.valid?(certificate).should be_true
+    end
+
+    it "returns false if the xml changed" do
+      signature.stub(:document).and_return(Nokogiri::XML::Document.parse(File.read("spec/fixtures/signed.xml").gsub("\s\s", "\s")))
+      signature.valid?(certificate)
+      signature.errors.should include(:digest_value)
+    end
+
+    it "returns false with a difference certificate" do
+      signature.valid?(other_certificate).should be_false
+    end
+
+    it "accepts a block" do
+      signature.valid? do |signature_value, data|
+        certificate.public_key.verify(OpenSSL::Digest::SHA256.new, signature_value, data)
+      end
+      signature.errors.should be_empty
+    end
+  end
+end

data/spec/lib/xmldsig/signed_document_spec.rb

@@ -0,0 +1,82 @@
+require 'spec_helper'
+
+describe Xmldsig::SignedDocument do
+  let(:signed_xml) { File.read("spec/fixtures/signed.xml") }
+  let(:signed_document) { Xmldsig::SignedDocument.new(signed_xml) }
+  let(:unsigned_xml) { File.read("spec/fixtures/unsigned.xml") }
+  let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml) }
+  let(:private_key) { OpenSSL::PKey::RSA.new(File.read("spec/fixtures/key.pem")) }
+  let(:certificate) { OpenSSL::X509::Certificate.new(File.read("spec/fixtures/certificate.cer")) }
+  let(:other_certificate) { OpenSSL::X509::Certificate.new(File.read("spec/fixtures/certificate2.cer")) }
+
+  describe "#initialize" do
+    it "sets the document to a nokogiri document" do
+      document = described_class.new(signed_xml)
+      document.document.should be_a(Nokogiri::XML::Document)
+    end
+  end
+
+  describe "#signatures" do
+    it "returns only the signed nodes" do
+      signed_document.signatures.should be_all { |signature| signature.is_a?(Xmldsig::Signature) }
+    end
+  end
+
+  describe "#signed_nodes" do
+    it "returns only the signed nodes" do
+      signed_document.signed_nodes.collect(&:name).should == %w(Foo)
+    end
+  end
+
+  describe "#validate" do
+    it "returns true if the signature and digest value are correct" do
+      signed_document.validate(certificate).should be_true
+    end
+
+    it "returns false if the certificate is not valid" do
+      signed_document.validate(other_certificate).should be_false
+    end
+
+    it "accepts a block" do
+      signed_document.validate do |signature_value, data|
+        certificate.public_key.verify(OpenSSL::Digest::SHA256.new, signature_value, data)
+      end.should be_true
+    end
+  end
+
+  describe "#sign" do
+    it "returns a signed document" do
+      signed_document = unsigned_document.sign(private_key)
+      Xmldsig::SignedDocument.new(signed_document).validate(certificate).should be_true
+    end
+
+    it "accepts a block" do
+      signed_document = unsigned_document.sign do |data|
+        private_key.sign(OpenSSL::Digest::SHA256.new, data)
+      end
+      Xmldsig::SignedDocument.new(signed_document).validate(certificate).should be_true
+    end
+  end
+
+
+  describe "Nested Signatures" do
+    let(:unsigned_xml) { File.read("spec/fixtures/unsigned_nested_signature.xml") }
+    let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml) }
+    let(:signed_document) { unsigned_document.sign(private_key) }
+
+    it "when signed should be valid" do
+      Xmldsig::SignedDocument.new(signed_document).validate(certificate).should be_true
+    end
+
+    it "should sign 2 elements" do
+      unsigned_document.signed_nodes.count.should == 2
+    end
+
+    it "allows individual signs" do
+      unsigned_document.signatures.last.sign(private_key)
+      unsigned_document.validate(certificate).should be_false
+      unsigned_document.signatures.last.valid?(certificate).should be_true
+    end
+  end
+
+end

data/spec/lib/xmldsig/transforms/transform_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+describe Xmldsig::Transforms::Transform do
+
+  it "raises a warning when transform is called" do
+    described_class.any_instance.should_receive(:warn)
+    described_class.new(nil,nil).transform
+  end
+
+end

data/spec/lib/xmldsig_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe Xmldsig do
+  let(:private_key) { OpenSSL::PKey::RSA.new(File.read("spec/fixtures/key.pem")) }
+  let(:certificate) { OpenSSL::X509::Certificate.new(File.read("spec/fixtures/certificate.cer")) }
+
+  describe "Sign unsigned documents" do
+
+    %w(
+      canonicalizer_1_0
+      canonicalizer_1_1
+      canonicalizer_exc
+      digest_sha1
+      without_namespace_prefix
+      without_reference_uri
+    ).each do |document|
+      describe "#{document}" do
+        let(:unsigned_xml) { File.read("spec/fixtures/unsigned/#{document}.xml") }
+        let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml) }
+
+        it "should be signable an validateable" do
+          signed_document = unsigned_document.sign(private_key)
+          Xmldsig::SignedDocument.new(signed_document).validate(certificate).should be_true
+        end
+      end
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,22 @@
+require 'simplecov'
+SimpleCov.start
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# Require this file using `require "spec_helper"` to ensure that it is only
+# loaded once.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+
+require 'xmldsig'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end

data/xmlsec.gemspec

@@ -0,0 +1,19 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/xmldsig/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["benoist"]
+  gem.email         = ["benoist.claassen@gmail.com"]
+  gem.description   = %q{This gem is a (partial) implementation of the XMLDsig specification}
+  gem.summary       = %q{This gem is a (partial) implementation of the XMLDsig specification (http://www.w3.org/TR/xmldsig-core)}
+  gem.homepage      = "https://github.com/benoist/xmldsig"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "xmldsig"
+  gem.require_paths = ["lib"]
+  gem.version       = Xmldsig::VERSION
+
+  gem.add_dependency("nokogiri")
+end

metadata

@@ -0,0 +1,113 @@
+--- !ruby/object:Gem::Specification
+name: xmldsig
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- benoist
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-01-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a (partial) implementation of the XMLDsig specification
+email:
+- benoist.claassen@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yaml
+- Gemfile
+- Guardfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/xmldsig.rb
+- lib/xmldsig/canonicalizer.rb
+- lib/xmldsig/signature.rb
+- lib/xmldsig/signed_document.rb
+- lib/xmldsig/transforms.rb
+- lib/xmldsig/transforms/canonicalize.rb
+- lib/xmldsig/transforms/enveloped_signature.rb
+- lib/xmldsig/transforms/transform.rb
+- lib/xmldsig/version.rb
+- spec/fixtures/certificate.cer
+- spec/fixtures/certificate2.cer
+- spec/fixtures/key.pem
+- spec/fixtures/signed.xml
+- spec/fixtures/unsigned.xml
+- spec/fixtures/unsigned/canonicalizer_1_0.xml
+- spec/fixtures/unsigned/canonicalizer_1_1.xml
+- spec/fixtures/unsigned/canonicalizer_exc.xml
+- spec/fixtures/unsigned/digest_sha1.xml
+- spec/fixtures/unsigned/without_namespace_prefix.xml
+- spec/fixtures/unsigned/without_reference_uri.xml
+- spec/fixtures/unsigned_nested_signature.xml
+- spec/lib/xmldsig/signature_spec.rb
+- spec/lib/xmldsig/signed_document_spec.rb
+- spec/lib/xmldsig/transforms/transform_spec.rb
+- spec/lib/xmldsig_spec.rb
+- spec/spec_helper.rb
+- xmlsec.gemspec
+homepage: https://github.com/benoist/xmldsig
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: This gem is a (partial) implementation of the XMLDsig specification (http://www.w3.org/TR/xmldsig-core)
+test_files:
+- spec/fixtures/certificate.cer
+- spec/fixtures/certificate2.cer
+- spec/fixtures/key.pem
+- spec/fixtures/signed.xml
+- spec/fixtures/unsigned.xml
+- spec/fixtures/unsigned/canonicalizer_1_0.xml
+- spec/fixtures/unsigned/canonicalizer_1_1.xml
+- spec/fixtures/unsigned/canonicalizer_exc.xml
+- spec/fixtures/unsigned/digest_sha1.xml
+- spec/fixtures/unsigned/without_namespace_prefix.xml
+- spec/fixtures/unsigned/without_reference_uri.xml
+- spec/fixtures/unsigned_nested_signature.xml
+- spec/lib/xmldsig/signature_spec.rb
+- spec/lib/xmldsig/signed_document_spec.rb
+- spec/lib/xmldsig/transforms/transform_spec.rb
+- spec/lib/xmldsig_spec.rb
+- spec/spec_helper.rb