xmldsig 0.2.10 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/xmldsig.rb +8 -0
- data/lib/xmldsig/signature.rb +7 -0
- data/lib/xmldsig/version.rb +1 -1
- data/lib/xmldsig/xmldsig-core-schema.xsd +262 -0
- data/spec/fixtures/signed-with-xsd-error.xml +24 -0
- data/spec/fixtures/unsigned/with_soap_envelope.xml +1 -2
- data/spec/lib/xmldsig_spec.rb +10 -18
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c660b351f5875742f3eadd11bee9e6db8cb52c5e
|
|
4
|
+
data.tar.gz: 9ca1137b37ea2fd0571caf180818f690a387847d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bbe25b7ed1e30ff825dac52c101b74dbb3337112c54d539b869460c7833e8a2d19d67801abed19d118f044cfeb9d7689295f74d0496c3a8695f1420e83216ab7
|
|
7
|
+
data.tar.gz: be13b6062f6d168b5605e3d4048c8b7eb0d5f111d919a9781e95b92abb545eb8d11f3f0ce3ae909ee709ce5cde433532324d27531f0e5eefb41fb133d8af877c
|
data/lib/xmldsig.rb
CHANGED
|
@@ -17,4 +17,12 @@ module Xmldsig
|
|
|
17
17
|
"ec" => "http://www.w3.org/2001/10/xml-exc-c14n#",
|
|
18
18
|
"wsu" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
|
|
19
19
|
}
|
|
20
|
+
|
|
21
|
+
class Error < StandardError
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
class SchemaError < Error
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
XSD_FILE = File.read(File.expand_path('../xmldsig/xmldsig-core-schema.xsd', __FILE__))
|
|
20
28
|
end
|
data/lib/xmldsig/signature.rb
CHANGED
|
@@ -33,6 +33,7 @@ module Xmldsig
|
|
|
33
33
|
def valid?(certificate = nil, &block)
|
|
34
34
|
@errors = []
|
|
35
35
|
references.each { |r| r.errors = [] }
|
|
36
|
+
validate_schema
|
|
36
37
|
validate_digest_values
|
|
37
38
|
validate_signature_value(certificate, &block)
|
|
38
39
|
errors.empty?
|
|
@@ -75,6 +76,12 @@ module Xmldsig
|
|
|
75
76
|
Base64.encode64(signature_value).chomp
|
|
76
77
|
end
|
|
77
78
|
|
|
79
|
+
def validate_schema
|
|
80
|
+
doc = Nokogiri::XML::Document.parse(signature.canonicalize)
|
|
81
|
+
errors = Nokogiri::XML::Schema.new(Xmldsig::XSD_FILE).validate(doc)
|
|
82
|
+
raise Xmldsig::SchemaError.new(errors.first.message) if errors.any?
|
|
83
|
+
end
|
|
84
|
+
|
|
78
85
|
def validate_digest_values
|
|
79
86
|
references.each(&:validate_digest_value)
|
|
80
87
|
end
|
data/lib/xmldsig/version.rb
CHANGED
|
@@ -0,0 +1,262 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="utf-8"?>
|
|
2
|
+
<!--
|
|
3
|
+
<!DOCTYPE schema
|
|
4
|
+
PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
|
|
5
|
+
[
|
|
6
|
+
<!ATTLIST schema
|
|
7
|
+
xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
|
|
8
|
+
<!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
|
|
9
|
+
<!ENTITY % p ''>
|
|
10
|
+
<!ENTITY % s ''>
|
|
11
|
+
]>
|
|
12
|
+
-->
|
|
13
|
+
<!-- Schema for XML Signatures
|
|
14
|
+
http://www.w3.org/2000/09/xmldsig#
|
|
15
|
+
$Revision: 4 $ on $Date: 2004-12-16 12:08:17 -0500 (Thu, 16 Dec 2004) $ by $Author: marcgratacos $
|
|
16
|
+
Copyright 2001 The Internet Society and W3C (Massachusetts Institute
|
|
17
|
+
of Technology, Institut National de Recherche en Informatique et en
|
|
18
|
+
Automatique, Keio University). All Rights Reserved.
|
|
19
|
+
http://www.w3.org/Consortium/Legal/
|
|
20
|
+
This document is governed by the W3C Software License [1] as described
|
|
21
|
+
in the FAQ [2].
|
|
22
|
+
[1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
|
|
23
|
+
[2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
|
|
24
|
+
-->
|
|
25
|
+
<schema elementFormDefault="qualified" targetNamespace="http://www.w3.org/2000/09/xmldsig#" version="0.1" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
26
|
+
<!-- Basic Types Defined for Signatures -->
|
|
27
|
+
<simpleType name="CryptoBinary">
|
|
28
|
+
<restriction base="base64Binary" />
|
|
29
|
+
</simpleType>
|
|
30
|
+
<!-- Start Signature -->
|
|
31
|
+
<element name="Signature" type="ds:SignatureType" />
|
|
32
|
+
<complexType name="SignatureType">
|
|
33
|
+
<sequence>
|
|
34
|
+
<element ref="ds:SignedInfo" />
|
|
35
|
+
<element ref="ds:SignatureValue" />
|
|
36
|
+
<element minOccurs="0" ref="ds:KeyInfo" />
|
|
37
|
+
<element maxOccurs="unbounded" minOccurs="0" ref="ds:Object" />
|
|
38
|
+
</sequence>
|
|
39
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
40
|
+
</complexType>
|
|
41
|
+
<element name="SignatureValue" type="ds:SignatureValueType" />
|
|
42
|
+
<complexType name="SignatureValueType">
|
|
43
|
+
<simpleContent>
|
|
44
|
+
<extension base="base64Binary">
|
|
45
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
46
|
+
</extension>
|
|
47
|
+
</simpleContent>
|
|
48
|
+
</complexType>
|
|
49
|
+
<!-- Start SignedInfo -->
|
|
50
|
+
<element name="SignedInfo" type="ds:SignedInfoType" />
|
|
51
|
+
<complexType name="SignedInfoType">
|
|
52
|
+
<sequence>
|
|
53
|
+
<element ref="ds:CanonicalizationMethod" />
|
|
54
|
+
<element ref="ds:SignatureMethod" />
|
|
55
|
+
<element maxOccurs="unbounded" ref="ds:Reference" />
|
|
56
|
+
</sequence>
|
|
57
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
58
|
+
</complexType>
|
|
59
|
+
<element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType" />
|
|
60
|
+
<complexType mixed="true" name="CanonicalizationMethodType">
|
|
61
|
+
<sequence>
|
|
62
|
+
<any maxOccurs="unbounded" minOccurs="0" namespace="##any" />
|
|
63
|
+
<!-- (0,unbounded) elements from (1,1) namespace -->
|
|
64
|
+
</sequence>
|
|
65
|
+
<attribute name="Algorithm" type="anyURI" use="required" />
|
|
66
|
+
</complexType>
|
|
67
|
+
<element name="SignatureMethod" type="ds:SignatureMethodType" />
|
|
68
|
+
<complexType mixed="true" name="SignatureMethodType">
|
|
69
|
+
<sequence>
|
|
70
|
+
<element minOccurs="0" name="HMACOutputLength" type="ds:HMACOutputLengthType" />
|
|
71
|
+
<any maxOccurs="unbounded" minOccurs="0" namespace="##other" />
|
|
72
|
+
<!-- (0,unbounded) elements from (1,1) external namespace -->
|
|
73
|
+
</sequence>
|
|
74
|
+
<attribute name="Algorithm" type="anyURI" use="required" />
|
|
75
|
+
</complexType>
|
|
76
|
+
<!-- Start Reference -->
|
|
77
|
+
<element name="Reference" type="ds:ReferenceType" />
|
|
78
|
+
<complexType name="ReferenceType">
|
|
79
|
+
<sequence>
|
|
80
|
+
<element minOccurs="0" ref="ds:Transforms" />
|
|
81
|
+
<element ref="ds:DigestMethod" />
|
|
82
|
+
<element ref="ds:DigestValue" />
|
|
83
|
+
</sequence>
|
|
84
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
85
|
+
<attribute name="URI" type="anyURI" use="optional" />
|
|
86
|
+
<attribute name="Type" type="anyURI" use="optional" />
|
|
87
|
+
</complexType>
|
|
88
|
+
<element name="Transforms" type="ds:TransformsType" />
|
|
89
|
+
<complexType name="TransformsType">
|
|
90
|
+
<sequence>
|
|
91
|
+
<element maxOccurs="unbounded" ref="ds:Transform" />
|
|
92
|
+
</sequence>
|
|
93
|
+
</complexType>
|
|
94
|
+
<element name="Transform" type="ds:TransformType" />
|
|
95
|
+
<complexType mixed="true" name="TransformType">
|
|
96
|
+
<choice maxOccurs="unbounded" minOccurs="0">
|
|
97
|
+
<any namespace="##other" processContents="lax" />
|
|
98
|
+
<!-- (1,1) elements from (0,unbounded) namespaces -->
|
|
99
|
+
<element name="XPath" type="string" />
|
|
100
|
+
</choice>
|
|
101
|
+
<attribute name="Algorithm" type="anyURI" use="required" />
|
|
102
|
+
</complexType>
|
|
103
|
+
<!-- End Reference -->
|
|
104
|
+
<element name="DigestMethod" type="ds:DigestMethodType" />
|
|
105
|
+
<complexType mixed="true" name="DigestMethodType">
|
|
106
|
+
<sequence>
|
|
107
|
+
<any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax" />
|
|
108
|
+
</sequence>
|
|
109
|
+
<attribute name="Algorithm" type="anyURI" use="required" />
|
|
110
|
+
</complexType>
|
|
111
|
+
<element name="DigestValue" type="ds:DigestValueType" />
|
|
112
|
+
<simpleType name="DigestValueType">
|
|
113
|
+
<restriction base="base64Binary" />
|
|
114
|
+
</simpleType>
|
|
115
|
+
<!-- End SignedInfo -->
|
|
116
|
+
<!-- Start KeyInfo -->
|
|
117
|
+
<element name="KeyInfo" type="ds:KeyInfoType" />
|
|
118
|
+
<complexType mixed="true" name="KeyInfoType">
|
|
119
|
+
<choice maxOccurs="unbounded">
|
|
120
|
+
<element ref="ds:KeyName" />
|
|
121
|
+
<element ref="ds:KeyValue" />
|
|
122
|
+
<element ref="ds:RetrievalMethod" />
|
|
123
|
+
<element ref="ds:X509Data" />
|
|
124
|
+
<element ref="ds:PGPData" />
|
|
125
|
+
<element ref="ds:SPKIData" />
|
|
126
|
+
<element ref="ds:MgmtData" />
|
|
127
|
+
<any namespace="##other" processContents="lax" />
|
|
128
|
+
<!-- (1,1) elements from (0,unbounded) namespaces -->
|
|
129
|
+
</choice>
|
|
130
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
131
|
+
</complexType>
|
|
132
|
+
<element name="KeyName" type="string" />
|
|
133
|
+
<element name="MgmtData" type="string" />
|
|
134
|
+
<element name="KeyValue" type="ds:KeyValueType" />
|
|
135
|
+
<complexType mixed="true" name="KeyValueType">
|
|
136
|
+
<choice>
|
|
137
|
+
<element ref="ds:DSAKeyValue" />
|
|
138
|
+
<element ref="ds:RSAKeyValue" />
|
|
139
|
+
<any namespace="##other" processContents="lax" />
|
|
140
|
+
</choice>
|
|
141
|
+
</complexType>
|
|
142
|
+
<element name="RetrievalMethod" type="ds:RetrievalMethodType" />
|
|
143
|
+
<complexType name="RetrievalMethodType">
|
|
144
|
+
<sequence>
|
|
145
|
+
<element minOccurs="0" ref="ds:Transforms" />
|
|
146
|
+
</sequence>
|
|
147
|
+
<attribute name="URI" type="anyURI" />
|
|
148
|
+
<attribute name="Type" type="anyURI" use="optional" />
|
|
149
|
+
</complexType>
|
|
150
|
+
<!-- Start X509Data -->
|
|
151
|
+
<element name="X509Data" type="ds:X509DataType" />
|
|
152
|
+
<complexType name="X509DataType">
|
|
153
|
+
<sequence maxOccurs="unbounded">
|
|
154
|
+
<choice>
|
|
155
|
+
<element name="X509IssuerSerial" type="ds:X509IssuerSerialType" />
|
|
156
|
+
<element name="X509SKI" type="base64Binary" />
|
|
157
|
+
<element name="X509SubjectName" type="string" />
|
|
158
|
+
<element name="X509Certificate" type="base64Binary" />
|
|
159
|
+
<element name="X509CRL" type="base64Binary" />
|
|
160
|
+
<any namespace="##other" processContents="lax" />
|
|
161
|
+
</choice>
|
|
162
|
+
</sequence>
|
|
163
|
+
</complexType>
|
|
164
|
+
<complexType name="X509IssuerSerialType">
|
|
165
|
+
<sequence>
|
|
166
|
+
<element name="X509IssuerName" type="string" />
|
|
167
|
+
<element name="X509SerialNumber" type="integer" />
|
|
168
|
+
</sequence>
|
|
169
|
+
</complexType>
|
|
170
|
+
<!-- End X509Data -->
|
|
171
|
+
<!-- Begin PGPData -->
|
|
172
|
+
<element name="PGPData" type="ds:PGPDataType" />
|
|
173
|
+
<complexType name="PGPDataType">
|
|
174
|
+
<choice>
|
|
175
|
+
<sequence>
|
|
176
|
+
<element name="PGPKeyID" type="base64Binary" />
|
|
177
|
+
<element minOccurs="0" name="PGPKeyPacket" type="base64Binary" />
|
|
178
|
+
<any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax" />
|
|
179
|
+
</sequence>
|
|
180
|
+
<sequence>
|
|
181
|
+
<element name="PGPKeyPacket" type="base64Binary" />
|
|
182
|
+
<any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax" />
|
|
183
|
+
</sequence>
|
|
184
|
+
</choice>
|
|
185
|
+
</complexType>
|
|
186
|
+
<!-- End PGPData -->
|
|
187
|
+
<!-- Begin SPKIData -->
|
|
188
|
+
<element name="SPKIData" type="ds:SPKIDataType" />
|
|
189
|
+
<complexType name="SPKIDataType">
|
|
190
|
+
<sequence maxOccurs="unbounded">
|
|
191
|
+
<element name="SPKISexp" type="base64Binary" />
|
|
192
|
+
<any minOccurs="0" namespace="##other" processContents="lax" />
|
|
193
|
+
</sequence>
|
|
194
|
+
</complexType>
|
|
195
|
+
<!-- End SPKIData -->
|
|
196
|
+
<!-- End KeyInfo -->
|
|
197
|
+
<!-- Start Object (Manifest, SignatureProperty) -->
|
|
198
|
+
<element name="Object" type="ds:ObjectType" />
|
|
199
|
+
<complexType mixed="true" name="ObjectType">
|
|
200
|
+
<sequence maxOccurs="unbounded" minOccurs="0">
|
|
201
|
+
<any namespace="##any" processContents="lax" />
|
|
202
|
+
</sequence>
|
|
203
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
204
|
+
<attribute name="MimeType" type="string" use="optional" />
|
|
205
|
+
<attribute name="Encoding" type="anyURI" use="optional" />
|
|
206
|
+
<!-- add a grep facet -->
|
|
207
|
+
</complexType>
|
|
208
|
+
<element name="Manifest" type="ds:ManifestType" />
|
|
209
|
+
<complexType name="ManifestType">
|
|
210
|
+
<sequence>
|
|
211
|
+
<element maxOccurs="unbounded" ref="ds:Reference" />
|
|
212
|
+
</sequence>
|
|
213
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
214
|
+
</complexType>
|
|
215
|
+
<element name="SignatureProperties" type="ds:SignaturePropertiesType" />
|
|
216
|
+
<complexType name="SignaturePropertiesType">
|
|
217
|
+
<sequence>
|
|
218
|
+
<element maxOccurs="unbounded" ref="ds:SignatureProperty" />
|
|
219
|
+
</sequence>
|
|
220
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
221
|
+
</complexType>
|
|
222
|
+
<element name="SignatureProperty" type="ds:SignaturePropertyType" />
|
|
223
|
+
<complexType mixed="true" name="SignaturePropertyType">
|
|
224
|
+
<choice maxOccurs="unbounded">
|
|
225
|
+
<any namespace="##other" processContents="lax" />
|
|
226
|
+
<!-- (1,1) elements from (1,unbounded) namespaces -->
|
|
227
|
+
</choice>
|
|
228
|
+
<attribute name="Target" type="anyURI" use="required" />
|
|
229
|
+
<attribute name="Id" type="ID" use="optional" />
|
|
230
|
+
</complexType>
|
|
231
|
+
<!-- End Object (Manifest, SignatureProperty) -->
|
|
232
|
+
<!-- Start Algorithm Parameters -->
|
|
233
|
+
<simpleType name="HMACOutputLengthType">
|
|
234
|
+
<restriction base="integer" />
|
|
235
|
+
</simpleType>
|
|
236
|
+
<!-- Start KeyValue Element-types -->
|
|
237
|
+
<element name="DSAKeyValue" type="ds:DSAKeyValueType" />
|
|
238
|
+
<complexType name="DSAKeyValueType">
|
|
239
|
+
<sequence>
|
|
240
|
+
<sequence minOccurs="0">
|
|
241
|
+
<element name="P" type="ds:CryptoBinary" />
|
|
242
|
+
<element name="Q" type="ds:CryptoBinary" />
|
|
243
|
+
</sequence>
|
|
244
|
+
<element minOccurs="0" name="G" type="ds:CryptoBinary" />
|
|
245
|
+
<element name="Y" type="ds:CryptoBinary" />
|
|
246
|
+
<element minOccurs="0" name="J" type="ds:CryptoBinary" />
|
|
247
|
+
<sequence minOccurs="0">
|
|
248
|
+
<element name="Seed" type="ds:CryptoBinary" />
|
|
249
|
+
<element name="PgenCounter" type="ds:CryptoBinary" />
|
|
250
|
+
</sequence>
|
|
251
|
+
</sequence>
|
|
252
|
+
</complexType>
|
|
253
|
+
<element name="RSAKeyValue" type="ds:RSAKeyValueType" />
|
|
254
|
+
<complexType name="RSAKeyValueType">
|
|
255
|
+
<sequence>
|
|
256
|
+
<element name="Modulus" type="ds:CryptoBinary" />
|
|
257
|
+
<element name="Exponent" type="ds:CryptoBinary" />
|
|
258
|
+
</sequence>
|
|
259
|
+
</complexType>
|
|
260
|
+
<!-- End KeyValue Element-types -->
|
|
261
|
+
<!-- End Signature -->
|
|
262
|
+
</schema>
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
<foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="foo">
|
|
3
|
+
<ds:Signature>
|
|
4
|
+
<ds:SignedInfo>
|
|
5
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
6
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
|
|
7
|
+
<ds:Reference URI="#foo">
|
|
8
|
+
<ds:Transforms>
|
|
9
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
10
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
|
|
11
|
+
<ec:InclusiveNamespaces PrefixList="foo"/>
|
|
12
|
+
</ds:Transform>
|
|
13
|
+
</ds:Transforms>
|
|
14
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
|
|
15
|
+
<ds:DigestValue>Uxo8ZyDAavNIsXjJZAp1K8T30aXSXrXMUYof7ZHVwQk=</ds:DigestValue>
|
|
16
|
+
</ds:Reference>
|
|
17
|
+
</ds:SignedInfo>
|
|
18
|
+
<ds:SignatureValue>NggRouxW4kOlLalQuu32YB3RMm92qXbLjZlRpyZiCjKl/WGVfkFbzZwH6frn
|
|
19
|
+
bSnQWA2Nmof5Rb28D5hFRZP8kd2Bs5AzjuiHP0XeCOX1WRo8YQDMuhns8Nn8
|
|
20
|
+
7ouSojTb206NG9c0yHdRlmCQSQlV/rCLSBOj1BTT1oEQjBlxJM0=</ds:SignatureValue>
|
|
21
|
+
<foo:Bar>bar</foo:Bar>
|
|
22
|
+
</ds:Signature>
|
|
23
|
+
<foo:Bar>bar</foo:Bar>
|
|
24
|
+
</foo:Foo>
|
|
@@ -18,7 +18,6 @@
|
|
|
18
18
|
</ds:Reference>
|
|
19
19
|
</ds:SignedInfo>
|
|
20
20
|
<ds:SignatureValue></ds:SignatureValue>
|
|
21
|
-
<ds:KeyInfo/>
|
|
22
21
|
</ds:Signature>
|
|
23
22
|
<samlp:Status>
|
|
24
23
|
<samlp:StatusCode/>
|
|
@@ -30,4 +29,4 @@
|
|
|
30
29
|
</samlp:Response>
|
|
31
30
|
</samlp:ArtifactResponse>
|
|
32
31
|
</soapenv:Body>
|
|
33
|
-
</soapenv:Envelope>
|
|
32
|
+
</soapenv:Envelope>
|
data/spec/lib/xmldsig_spec.rb
CHANGED
|
@@ -18,15 +18,6 @@ describe Xmldsig do
|
|
|
18
18
|
it 'should have at least 1 signature element' do
|
|
19
19
|
Xmldsig::SignedDocument.new(signed_document).signatures.count.should >= 1
|
|
20
20
|
end
|
|
21
|
-
|
|
22
|
-
# TODO: remove this verification step when library matures
|
|
23
|
-
# it 'matches the result from xmlsec1' do
|
|
24
|
-
# result = `xmlsec1 --sign --id-attr:ID http://example.com/foo#:Foo --privkey-pem spec/fixtures/key.pem #{document}`
|
|
25
|
-
# result.gsub!("\n", '')
|
|
26
|
-
# signed_document.gsub!("\n", '')
|
|
27
|
-
# puts result
|
|
28
|
-
# result.should == signed_document
|
|
29
|
-
# end
|
|
30
21
|
end
|
|
31
22
|
end
|
|
32
23
|
end
|
|
@@ -54,6 +45,16 @@ describe Xmldsig do
|
|
|
54
45
|
end
|
|
55
46
|
end
|
|
56
47
|
end
|
|
48
|
+
|
|
49
|
+
context "with invalid xsd signature elemements" do
|
|
50
|
+
let(:signed_xml) { File.read('spec/fixtures/signed-with-xsd-error.xml') }
|
|
51
|
+
let(:signed_document) { Xmldsig::SignedDocument.new(signed_xml) }
|
|
52
|
+
let(:certificate) { OpenSSL::X509::Certificate.new(File.read('spec/fixtures/certificate.cer')) }
|
|
53
|
+
|
|
54
|
+
it "raises schema error" do
|
|
55
|
+
expect{ signed_document.validate(certificate) }.to raise_error(Xmldsig::SchemaError)
|
|
56
|
+
end
|
|
57
|
+
end
|
|
57
58
|
end
|
|
58
59
|
|
|
59
60
|
describe "Allows specifying a custom id attribute" do
|
|
@@ -69,15 +70,6 @@ describe Xmldsig do
|
|
|
69
70
|
it 'should have a signature element' do
|
|
70
71
|
Xmldsig::SignedDocument.new(signed_document, :id_attr => 'MyID').signatures.count.should == 1
|
|
71
72
|
end
|
|
72
|
-
|
|
73
|
-
# TODO: remove this verification step when library matures
|
|
74
|
-
# it 'matches the result from xmlsec1' do
|
|
75
|
-
# document = "spec/fixtures/unsigned_custom_attribute_id.xml"
|
|
76
|
-
# result = `xmlsec1 --sign --privkey-pem spec/fixtures/key.pem --id-attr:MyID Foo #{document}`
|
|
77
|
-
# result.gsub!("\n", '')
|
|
78
|
-
# signed_document.gsub!("\n", '')
|
|
79
|
-
# result.should == signed_document
|
|
80
|
-
# end
|
|
81
73
|
end
|
|
82
74
|
|
|
83
75
|
context "a signed document" do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: xmldsig
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- benoist
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-11-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -50,10 +50,12 @@ files:
|
|
|
50
50
|
- lib/xmldsig/transforms/enveloped_signature.rb
|
|
51
51
|
- lib/xmldsig/transforms/transform.rb
|
|
52
52
|
- lib/xmldsig/version.rb
|
|
53
|
+
- lib/xmldsig/xmldsig-core-schema.xsd
|
|
53
54
|
- signing_service.rb
|
|
54
55
|
- spec/fixtures/certificate.cer
|
|
55
56
|
- spec/fixtures/certificate2.cer
|
|
56
57
|
- spec/fixtures/key.pem
|
|
58
|
+
- spec/fixtures/signed-with-xsd-error.xml
|
|
57
59
|
- spec/fixtures/signed.xml
|
|
58
60
|
- spec/fixtures/signed/ideal.cert
|
|
59
61
|
- spec/fixtures/signed/ideal.txt
|
|
@@ -112,6 +114,7 @@ test_files:
|
|
|
112
114
|
- spec/fixtures/certificate.cer
|
|
113
115
|
- spec/fixtures/certificate2.cer
|
|
114
116
|
- spec/fixtures/key.pem
|
|
117
|
+
- spec/fixtures/signed-with-xsd-error.xml
|
|
115
118
|
- spec/fixtures/signed.xml
|
|
116
119
|
- spec/fixtures/signed/ideal.cert
|
|
117
120
|
- spec/fixtures/signed/ideal.txt
|