xmldsig 0.2.10 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/xmldsig.rb +8 -0
- data/lib/xmldsig/signature.rb +7 -0
- data/lib/xmldsig/version.rb +1 -1
- data/lib/xmldsig/xmldsig-core-schema.xsd +262 -0
- data/spec/fixtures/signed-with-xsd-error.xml +24 -0
- data/spec/fixtures/unsigned/with_soap_envelope.xml +1 -2
- data/spec/lib/xmldsig_spec.rb +10 -18
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c660b351f5875742f3eadd11bee9e6db8cb52c5e
|
|
4
|
+
data.tar.gz: 9ca1137b37ea2fd0571caf180818f690a387847d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bbe25b7ed1e30ff825dac52c101b74dbb3337112c54d539b869460c7833e8a2d19d67801abed19d118f044cfeb9d7689295f74d0496c3a8695f1420e83216ab7
|
|
7
|
+
data.tar.gz: be13b6062f6d168b5605e3d4048c8b7eb0d5f111d919a9781e95b92abb545eb8d11f3f0ce3ae909ee709ce5cde433532324d27531f0e5eefb41fb133d8af877c
|
data/lib/xmldsig.rb
CHANGED
|
@@ -17,4 +17,12 @@ module Xmldsig
|
|
|
17
17
|
"ec" => "http://www.w3.org/2001/10/xml-exc-c14n#",
|
|
18
18
|
"wsu" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
|
|
19
19
|
}
|
|
20
|
+
|
|
21
|
+
class Error < StandardError
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
class SchemaError < Error
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
XSD_FILE = File.read(File.expand_path('../xmldsig/xmldsig-core-schema.xsd', __FILE__))
|
|
20
28
|
end
|
data/lib/xmldsig/signature.rb
CHANGED
|
@@ -33,6 +33,7 @@ module Xmldsig
|
|
|
33
33
|
def valid?(certificate = nil, &block)
|
|
34
34
|
@errors = []
|
|
35
35
|
references.each { |r| r.errors = [] }
|
|
36
|
+
validate_schema
|
|
36
37
|
validate_digest_values
|
|
37
38
|
validate_signature_value(certificate, &block)
|
|
38
39
|
errors.empty?
|
|
@@ -75,6 +76,12 @@ module Xmldsig
|
|
|
75
76
|
Base64.encode64(signature_value).chomp
|
|
76
77
|
end
|
|
77
78
|
|
|
79
|
+
def validate_schema
|
|
80
|
+
doc = Nokogiri::XML::Document.parse(signature.canonicalize)
|
|
81
|
+
errors = Nokogiri::XML::Schema.new(Xmldsig::XSD_FILE).validate(doc)
|
|
82
|
+
raise Xmldsig::SchemaError.new(errors.first.message) if errors.any?
|
|
83
|
+
end
|
|
84
|
+
|
|
78
85
|
def validate_digest_values
|
|
79
86
|
references.each(&:validate_digest_value)
|
|
80
87
|
end
|
data/lib/xmldsig/version.rb
CHANGED
|
@@ -0,0 +1,262 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="utf-8"?>
|
|
2
|
+
<!--
|
|
3
|
+
<!DOCTYPE schema
|
|
4
|
+
PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
|
|
5
|
+
[
|
|
6
|
+
<!ATTLIST schema
|
|
7
|
+
xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
|
|
8
|
+
<!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
|
|
9
|
+
<!ENTITY % p ''>
|
|
10
|
+
<!ENTITY % s ''>
|
|
11
|
+
]>
|
|
12
|
+
-->
|
|
13
|
+
<!-- Schema for XML Signatures
|
|
14
|
+
http://www.w3.org/2000/09/xmldsig#
|
|
15
|
+
$Revision: 4 $ on $Date: 2004-12-16 12:08:17 -0500 (Thu, 16 Dec 2004) $ by $Author: marcgratacos $
|
|
16
|
+
Copyright 2001 The Internet Society and W3C (Massachusetts Institute
|
|
17
|
+
of Technology, Institut National de Recherche en Informatique et en
|
|
18
|
+
Automatique, Keio University). All Rights Reserved.
|
|
19
|
+
http://www.w3.org/Consortium/Legal/
|
|
20
|
+
This document is governed by the W3C Software License [1] as described
|
|
21
|
+
in the FAQ [2].
|
|
22
|
+
[1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
|
|
23
|
+
[2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
|
|
24
|
+
-->
|
|
25
|
+
<schema elementFormDefault="qualified" targetNamespace="http://www.w3.org/2000/09/xmldsig#" version="0.1" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
26
|
+
<!-- Basic Types Defined for Signatures -->
|
|
27
|
+
<simpleType name="CryptoBinary">
|
|
28
|
+
<restriction base="base64Binary" />
|
|
29
|
+
</simpleType>
|
|
30
|
+
<!-- Start Signature -->
|
|
31
|
+
<element name="Signature" type="ds:SignatureType" />
|
|
32
|
+
<complexType name="SignatureType">
|
|
33
|
+
<sequence>
|
|
34
|
+
<element ref="ds:SignedInfo" />
|
|
35
|
+
<element ref="ds:SignatureValue" />
|
|
36
|
+
<element minOccurs="0" ref="ds:KeyInfo" />
|
|
37
|
+
<element maxOccurs="unbounded" minOccurs="0" ref="ds:Object" />
|
|
38
|
+
</sequence>
|
|
39
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
40
|
+
</complexType>
|
|
41
|
+
<element name="SignatureValue" type="ds:SignatureValueType" />
|
|
42
|
+
<complexType name="SignatureValueType">
|
|
43
|
+
<simpleContent>
|
|
44
|
+
<extension base="base64Binary">
|
|
45
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
46
|
+
</extension>
|
|
47
|
+
</simpleContent>
|
|
48
|
+
</complexType>
|
|
49
|
+
<!-- Start SignedInfo -->
|
|
50
|
+
<element name="SignedInfo" type="ds:SignedInfoType" />
|
|
51
|
+
<complexType name="SignedInfoType">
|
|
52
|
+
<sequence>
|
|
53
|
+
<element ref="ds:CanonicalizationMethod" />
|
|
54
|
+
<element ref="ds:SignatureMethod" />
|
|
55
|
+
<element maxOccurs="unbounded" ref="ds:Reference" />
|
|
56
|
+
</sequence>
|
|
57
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
58
|
+
</complexType>
|
|
59
|
+
<element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType" />
|
|
60
|
+
<complexType mixed="true" name="CanonicalizationMethodType">
|
|
61
|
+
<sequence>
|
|
62
|
+
<any maxOccurs="unbounded" minOccurs="0" namespace="##any" />
|
|
63
|
+
<!-- (0,unbounded) elements from (1,1) namespace -->
|
|
64
|
+
</sequence>
|
|
65
|
+
<attribute name="Algorithm" type="anyURI" use="required" />
|
|
66
|
+
</complexType>
|
|
67
|
+
<element name="SignatureMethod" type="ds:SignatureMethodType" />
|
|
68
|
+
<complexType mixed="true" name="SignatureMethodType">
|
|
69
|
+
<sequence>
|
|
70
|
+
<element minOccurs="0" name="HMACOutputLength" type="ds:HMACOutputLengthType" />
|
|
71
|
+
<any maxOccurs="unbounded" minOccurs="0" namespace="##other" />
|
|
72
|
+
<!-- (0,unbounded) elements from (1,1) external namespace -->
|
|
73
|
+
</sequence>
|
|
74
|
+
<attribute name="Algorithm" type="anyURI" use="required" />
|
|
75
|
+
</complexType>
|
|
76
|
+
<!-- Start Reference -->
|
|
77
|
+
<element name="Reference" type="ds:ReferenceType" />
|
|
78
|
+
<complexType name="ReferenceType">
|
|
79
|
+
<sequence>
|
|
80
|
+
<element minOccurs="0" ref="ds:Transforms" />
|
|
81
|
+
<element ref="ds:DigestMethod" />
|
|
82
|
+
<element ref="ds:DigestValue" />
|
|
83
|
+
</sequence>
|
|
84
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
85
|
+
<attribute name="URI" type="anyURI" use="optional" />
|
|
86
|
+
<attribute name="Type" type="anyURI" use="optional" />
|
|
87
|
+
</complexType>
|
|
88
|
+
<element name="Transforms" type="ds:TransformsType" />
|
|
89
|
+
<complexType name="TransformsType">
|
|
90
|
+
<sequence>
|
|
91
|
+
<element maxOccurs="unbounded" ref="ds:Transform" />
|
|
92
|
+
</sequence>
|
|
93
|
+
</complexType>
|
|
94
|
+
<element name="Transform" type="ds:TransformType" />
|
|
95
|
+
<complexType mixed="true" name="TransformType">
|
|
96
|
+
<choice maxOccurs="unbounded" minOccurs="0">
|
|
97
|
+
<any namespace="##other" processContents="lax" />
|
|
98
|
+
<!-- (1,1) elements from (0,unbounded) namespaces -->
|
|
99
|
+
<element name="XPath" type="string" />
|
|
100
|
+
</choice>
|
|
101
|
+
<attribute name="Algorithm" type="anyURI" use="required" />
|
|
102
|
+
</complexType>
|
|
103
|
+
<!-- End Reference -->
|
|
104
|
+
<element name="DigestMethod" type="ds:DigestMethodType" />
|
|
105
|
+
<complexType mixed="true" name="DigestMethodType">
|
|
106
|
+
<sequence>
|
|
107
|
+
<any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax" />
|
|
108
|
+
</sequence>
|
|
109
|
+
<attribute name="Algorithm" type="anyURI" use="required" />
|
|
110
|
+
</complexType>
|
|
111
|
+
<element name="DigestValue" type="ds:DigestValueType" />
|
|
112
|
+
<simpleType name="DigestValueType">
|
|
113
|
+
<restriction base="base64Binary" />
|
|
114
|
+
</simpleType>
|
|
115
|
+
<!-- End SignedInfo -->
|
|
116
|
+
<!-- Start KeyInfo -->
|
|
117
|
+
<element name="KeyInfo" type="ds:KeyInfoType" />
|
|
118
|
+
<complexType mixed="true" name="KeyInfoType">
|
|
119
|
+
<choice maxOccurs="unbounded">
|
|
120
|
+
<element ref="ds:KeyName" />
|
|
121
|
+
<element ref="ds:KeyValue" />
|
|
122
|
+
<element ref="ds:RetrievalMethod" />
|
|
123
|
+
<element ref="ds:X509Data" />
|
|
124
|
+
<element ref="ds:PGPData" />
|
|
125
|
+
<element ref="ds:SPKIData" />
|
|
126
|
+
<element ref="ds:MgmtData" />
|
|
127
|
+
<any namespace="##other" processContents="lax" />
|
|
128
|
+
<!-- (1,1) elements from (0,unbounded) namespaces -->
|
|
129
|
+
</choice>
|
|
130
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
131
|
+
</complexType>
|
|
132
|
+
<element name="KeyName" type="string" />
|
|
133
|
+
<element name="MgmtData" type="string" />
|
|
134
|
+
<element name="KeyValue" type="ds:KeyValueType" />
|
|
135
|
+
<complexType mixed="true" name="KeyValueType">
|
|
136
|
+
<choice>
|
|
137
|
+
<element ref="ds:DSAKeyValue" />
|
|
138
|
+
<element ref="ds:RSAKeyValue" />
|
|
139
|
+
<any namespace="##other" processContents="lax" />
|
|
140
|
+
</choice>
|
|
141
|
+
</complexType>
|
|
142
|
+
<element name="RetrievalMethod" type="ds:RetrievalMethodType" />
|
|
143
|
+
<complexType name="RetrievalMethodType">
|
|
144
|
+
<sequence>
|
|
145
|
+
<element minOccurs="0" ref="ds:Transforms" />
|
|
146
|
+
</sequence>
|
|
147
|
+
<attribute name="URI" type="anyURI" />
|
|
148
|
+
<attribute name="Type" type="anyURI" use="optional" />
|
|
149
|
+
</complexType>
|
|
150
|
+
<!-- Start X509Data -->
|
|
151
|
+
<element name="X509Data" type="ds:X509DataType" />
|
|
152
|
+
<complexType name="X509DataType">
|
|
153
|
+
<sequence maxOccurs="unbounded">
|
|
154
|
+
<choice>
|
|
155
|
+
<element name="X509IssuerSerial" type="ds:X509IssuerSerialType" />
|
|
156
|
+
<element name="X509SKI" type="base64Binary" />
|
|
157
|
+
<element name="X509SubjectName" type="string" />
|
|
158
|
+
<element name="X509Certificate" type="base64Binary" />
|
|
159
|
+
<element name="X509CRL" type="base64Binary" />
|
|
160
|
+
<any namespace="##other" processContents="lax" />
|
|
161
|
+
</choice>
|
|
162
|
+
</sequence>
|
|
163
|
+
</complexType>
|
|
164
|
+
<complexType name="X509IssuerSerialType">
|
|
165
|
+
<sequence>
|
|
166
|
+
<element name="X509IssuerName" type="string" />
|
|
167
|
+
<element name="X509SerialNumber" type="integer" />
|
|
168
|
+
</sequence>
|
|
169
|
+
</complexType>
|
|
170
|
+
<!-- End X509Data -->
|
|
171
|
+
<!-- Begin PGPData -->
|
|
172
|
+
<element name="PGPData" type="ds:PGPDataType" />
|
|
173
|
+
<complexType name="PGPDataType">
|
|
174
|
+
<choice>
|
|
175
|
+
<sequence>
|
|
176
|
+
<element name="PGPKeyID" type="base64Binary" />
|
|
177
|
+
<element minOccurs="0" name="PGPKeyPacket" type="base64Binary" />
|
|
178
|
+
<any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax" />
|
|
179
|
+
</sequence>
|
|
180
|
+
<sequence>
|
|
181
|
+
<element name="PGPKeyPacket" type="base64Binary" />
|
|
182
|
+
<any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax" />
|
|
183
|
+
</sequence>
|
|
184
|
+
</choice>
|
|
185
|
+
</complexType>
|
|
186
|
+
<!-- End PGPData -->
|
|
187
|
+
<!-- Begin SPKIData -->
|
|
188
|
+
<element name="SPKIData" type="ds:SPKIDataType" />
|
|
189
|
+
<complexType name="SPKIDataType">
|
|
190
|
+
<sequence maxOccurs="unbounded">
|
|
191
|
+
<element name="SPKISexp" type="base64Binary" />
|
|
192
|
+
<any minOccurs="0" namespace="##other" processContents="lax" />
|
|
193
|
+
</sequence>
|
|
194
|
+
</complexType>
|
|
195
|
+
<!-- End SPKIData -->
|
|
196
|
+
<!-- End KeyInfo -->
|
|
197
|
+
<!-- Start Object (Manifest, SignatureProperty) -->
|
|
198
|
+
<element name="Object" type="ds:ObjectType" />
|
|
199
|
+
<complexType mixed="true" name="ObjectType">
|
|
200
|
+
<sequence maxOccurs="unbounded" minOccurs="0">
|
|
201
|
+
<any namespace="##any" processContents="lax" />
|
|
202
|
+
</sequence>
|
|
203
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
204
|
+
<attribute name="MimeType" type="string" use="optional" />
|
|
205
|
+
<attribute name="Encoding" type="anyURI" use="optional" />
|
|
206
|
+
<!-- add a grep facet -->
|
|
207
|
+
</complexType>
|
|
208
|
+
<element name="Manifest" type="ds:ManifestType" />
|
|
209
|
+
<complexType name="ManifestType">
|
|
210
|
+
<sequence>
|
|
211
|
+
<element maxOccurs="unbounded" ref="ds:Reference" />
|
|
212
|
+
</sequence>
|
|
213
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
214
|
+
</complexType>
|
|
215
|
+
<element name="SignatureProperties" type="ds:SignaturePropertiesType" />
|
|
216
|
+
<complexType name="SignaturePropertiesType">
|
|
217
|
+
<sequence>
|
|
218
|
+
<element maxOccurs="unbounded" ref="ds:SignatureProperty" />
|
|
219
|
+
</sequence>
|
|
220
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
221
|
+
</complexType>
|
|
222
|
+
<element name="SignatureProperty" type="ds:SignaturePropertyType" />
|
|
223
|
+
<complexType mixed="true" name="SignaturePropertyType">
|
|
224
|
+
<choice maxOccurs="unbounded">
|
|
225
|
+
<any namespace="##other" processContents="lax" />
|
|
226
|
+
<!-- (1,1) elements from (1,unbounded) namespaces -->
|
|
227
|
+
</choice>
|
|
228
|
+
<attribute name="Target" type="anyURI" use="required" />
|
|
229
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
230
|
+
</complexType>
|
|
231
|
+
<!-- End Object (Manifest, SignatureProperty) -->
|
|
232
|
+
<!-- Start Algorithm Parameters -->
|
|
233
|
+
<simpleType name="HMACOutputLengthType">
|
|
234
|
+
<restriction base="integer" />
|
|
235
|
+
</simpleType>
|
|
236
|
+
<!-- Start KeyValue Element-types -->
|
|
237
|
+
<element name="DSAKeyValue" type="ds:DSAKeyValueType" />
|
|
238
|
+
<complexType name="DSAKeyValueType">
|
|
239
|
+
<sequence>
|
|
240
|
+
<sequence minOccurs="0">
|
|
241
|
+
<element name="P" type="ds:CryptoBinary" />
|
|
242
|
+
<element name="Q" type="ds:CryptoBinary" />
|
|
243
|
+
</sequence>
|
|
244
|
+
<element minOccurs="0" name="G" type="ds:CryptoBinary" />
|
|
245
|
+
<element name="Y" type="ds:CryptoBinary" />
|
|
246
|
+
<element minOccurs="0" name="J" type="ds:CryptoBinary" />
|
|
247
|
+
<sequence minOccurs="0">
|
|
248
|
+
<element name="Seed" type="ds:CryptoBinary" />
|
|
249
|
+
<element name="PgenCounter" type="ds:CryptoBinary" />
|
|
250
|
+
</sequence>
|
|
251
|
+
</sequence>
|
|
252
|
+
</complexType>
|
|
253
|
+
<element name="RSAKeyValue" type="ds:RSAKeyValueType" />
|
|
254
|
+
<complexType name="RSAKeyValueType">
|
|
255
|
+
<sequence>
|
|
256
|
+
<element name="Modulus" type="ds:CryptoBinary" />
|
|
257
|
+
<element name="Exponent" type="ds:CryptoBinary" />
|
|
258
|
+
</sequence>
|
|
259
|
+
</complexType>
|
|
260
|
+
<!-- End KeyValue Element-types -->
|
|
261
|
+
<!-- End Signature -->
|
|
262
|
+
</schema>
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
<foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="foo">
|
|
3
|
+
<ds:Signature>
|
|
4
|
+
<ds:SignedInfo>
|
|
5
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
6
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
|
|
7
|
+
<ds:Reference URI="#foo">
|
|
8
|
+
<ds:Transforms>
|
|
9
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
10
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
|
|
11
|
+
<ec:InclusiveNamespaces PrefixList="foo"/>
|
|
12
|
+
</ds:Transform>
|
|
13
|
+
</ds:Transforms>
|
|
14
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
|
|
15
|
+
<ds:DigestValue>Uxo8ZyDAavNIsXjJZAp1K8T30aXSXrXMUYof7ZHVwQk=</ds:DigestValue>
|
|
16
|
+
</ds:Reference>
|
|
17
|
+
</ds:SignedInfo>
|
|
18
|
+
<ds:SignatureValue>NggRouxW4kOlLalQuu32YB3RMm92qXbLjZlRpyZiCjKl/WGVfkFbzZwH6frn
|
|
19
|
+
bSnQWA2Nmof5Rb28D5hFRZP8kd2Bs5AzjuiHP0XeCOX1WRo8YQDMuhns8Nn8
|
|
20
|
+
7ouSojTb206NG9c0yHdRlmCQSQlV/rCLSBOj1BTT1oEQjBlxJM0=</ds:SignatureValue>
|
|
21
|
+
<foo:Bar>bar</foo:Bar>
|
|
22
|
+
</ds:Signature>
|
|
23
|
+
<foo:Bar>bar</foo:Bar>
|
|
24
|
+
</foo:Foo>
|
|
@@ -18,7 +18,6 @@
|
|
|
18
18
|
</ds:Reference>
|
|
19
19
|
</ds:SignedInfo>
|
|
20
20
|
<ds:SignatureValue></ds:SignatureValue>
|
|
21
|
-
<ds:KeyInfo/>
|
|
22
21
|
</ds:Signature>
|
|
23
22
|
<samlp:Status>
|
|
24
23
|
<samlp:StatusCode/>
|
|
@@ -30,4 +29,4 @@
|
|
|
30
29
|
</samlp:Response>
|
|
31
30
|
</samlp:ArtifactResponse>
|
|
32
31
|
</soapenv:Body>
|
|
33
|
-
</soapenv:Envelope>
|
|
32
|
+
</soapenv:Envelope>
|
data/spec/lib/xmldsig_spec.rb
CHANGED
|
@@ -18,15 +18,6 @@ describe Xmldsig do
|
|
|
18
18
|
it 'should have at least 1 signature element' do
|
|
19
19
|
Xmldsig::SignedDocument.new(signed_document).signatures.count.should >= 1
|
|
20
20
|
end
|
|
21
|
-
|
|
22
|
-
# TODO: remove this verification step when library matures
|
|
23
|
-
# it 'matches the result from xmlsec1' do
|
|
24
|
-
# result = `xmlsec1 --sign --id-attr:ID http://example.com/foo#:Foo --privkey-pem spec/fixtures/key.pem #{document}`
|
|
25
|
-
# result.gsub!("\n", '')
|
|
26
|
-
# signed_document.gsub!("\n", '')
|
|
27
|
-
# puts result
|
|
28
|
-
# result.should == signed_document
|
|
29
|
-
# end
|
|
30
21
|
end
|
|
31
22
|
end
|
|
32
23
|
end
|
|
@@ -54,6 +45,16 @@ describe Xmldsig do
|
|
|
54
45
|
end
|
|
55
46
|
end
|
|
56
47
|
end
|
|
48
|
+
|
|
49
|
+
context "with invalid xsd signature elemements" do
|
|
50
|
+
let(:signed_xml) { File.read('spec/fixtures/signed-with-xsd-error.xml') }
|
|
51
|
+
let(:signed_document) { Xmldsig::SignedDocument.new(signed_xml) }
|
|
52
|
+
let(:certificate) { OpenSSL::X509::Certificate.new(File.read('spec/fixtures/certificate.cer')) }
|
|
53
|
+
|
|
54
|
+
it "raises schema error" do
|
|
55
|
+
expect{ signed_document.validate(certificate) }.to raise_error(Xmldsig::SchemaError)
|
|
56
|
+
end
|
|
57
|
+
end
|
|
57
58
|
end
|
|
58
59
|
|
|
59
60
|
describe "Allows specifying a custom id attribute" do
|
|
@@ -69,15 +70,6 @@ describe Xmldsig do
|
|
|
69
70
|
it 'should have a signature element' do
|
|
70
71
|
Xmldsig::SignedDocument.new(signed_document, :id_attr => 'MyID').signatures.count.should == 1
|
|
71
72
|
end
|
|
72
|
-
|
|
73
|
-
# TODO: remove this verification step when library matures
|
|
74
|
-
# it 'matches the result from xmlsec1' do
|
|
75
|
-
# document = "spec/fixtures/unsigned_custom_attribute_id.xml"
|
|
76
|
-
# result = `xmlsec1 --sign --privkey-pem spec/fixtures/key.pem --id-attr:MyID Foo #{document}`
|
|
77
|
-
# result.gsub!("\n", '')
|
|
78
|
-
# signed_document.gsub!("\n", '')
|
|
79
|
-
# result.should == signed_document
|
|
80
|
-
# end
|
|
81
73
|
end
|
|
82
74
|
|
|
83
75
|
context "a signed document" do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: xmldsig
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- benoist
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-11-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -50,10 +50,12 @@ files:
|
|
|
50
50
|
- lib/xmldsig/transforms/enveloped_signature.rb
|
|
51
51
|
- lib/xmldsig/transforms/transform.rb
|
|
52
52
|
- lib/xmldsig/version.rb
|
|
53
|
+
- lib/xmldsig/xmldsig-core-schema.xsd
|
|
53
54
|
- signing_service.rb
|
|
54
55
|
- spec/fixtures/certificate.cer
|
|
55
56
|
- spec/fixtures/certificate2.cer
|
|
56
57
|
- spec/fixtures/key.pem
|
|
58
|
+
- spec/fixtures/signed-with-xsd-error.xml
|
|
57
59
|
- spec/fixtures/signed.xml
|
|
58
60
|
- spec/fixtures/signed/ideal.cert
|
|
59
61
|
- spec/fixtures/signed/ideal.txt
|
|
@@ -112,6 +114,7 @@ test_files:
|
|
|
112
114
|
- spec/fixtures/certificate.cer
|
|
113
115
|
- spec/fixtures/certificate2.cer
|
|
114
116
|
- spec/fixtures/key.pem
|
|
117
|
+
- spec/fixtures/signed-with-xsd-error.xml
|
|
115
118
|
- spec/fixtures/signed.xml
|
|
116
119
|
- spec/fixtures/signed/ideal.cert
|
|
117
120
|
- spec/fixtures/signed/ideal.txt
|