xmldsig 0.4.0 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f23a822603d9deb9781149f9440df390aa386fc2
-  data.tar.gz: 8501502a05a8e89e1c58cabcde2ea86a0dd57dfd
+  metadata.gz: 23aefdcfb75c3ff59055a9751c19d5872f16819a
+  data.tar.gz: 17ec48f80925f06c21759cd7c21407531d51811b
 SHA512:
-  metadata.gz: 60def31b212dc61e5cf32b3062ecc5969106c9ee6555878c1a79463b0de80b002ce7301c1bb38f181adc78ec3d43edd1b2d2fc1fe4f0edc6ca14dd372a6ec018
-  data.tar.gz: ca9edf2fe24d1297cd9d64121f1154aa637d5bce0e601b27c3323de16b28e7d2a7e6207b50e9ef5d9cbbd064e961a637234b8f4e41f3e742fccc69f8c7ad158f
+  metadata.gz: fe51378403b39e0c55f729304816bba9b68108e98c4fa9d5fc7415ecf4d6a6860b58626cfb2c96c6f489b584d16859d0d2ec1a98ba6aaa3c25a3d35d25c6b47f
+  data.tar.gz: bef5d4bebd40e3abcc5023f7f4e622d3d0a1a0cf9221e99212f9bd7f7cc5e4c9a09e06e62a5b18f638438d847e2b7351836e72c6ea81b24426acaa28af6733cc

data/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+v0.4.1 22-03-2015
+- Added support for SHA256, SHA384 and SHA512 
+
 v0.4.0 20-11-2015
 - Breaking change: Signing now leaves previously signed signatures in tact. Use Xmldsig::SignedDocument.new(unsigned_xml, force: true) to resign all signatures
 

data/lib/xmldsig/reference.rb

@@ -58,8 +58,10 @@ module Xmldsig
     def digest_method
       algorithm = reference.at_xpath("descendant::ds:DigestMethod", NAMESPACES).get_attribute("Algorithm")
       case algorithm
+        when "http://www.w3.org/2001/04/xmlenc#sha512"
+          Digest::SHA512
         when "http://www.w3.org/2001/04/xmlenc#sha256"
-          Digest::SHA2
+          Digest::SHA256
         when "http://www.w3.org/2000/09/xmldsig#sha1"
           Digest::SHA1
       end

data/lib/xmldsig/signature.rb

@@ -72,6 +72,10 @@ module Xmldsig
     def signature_method
       algorithm = signature_algorithm && signature_algorithm =~ /sha(.*?)$/i && $1.to_i
       case algorithm
+        when 512
+          OpenSSL::Digest::SHA512
+        when 384
+          OpenSSL::Digest::SHA384
         when 256 then
           OpenSSL::Digest::SHA256
         else

data/lib/xmldsig/version.rb

@@ -1,3 +1,3 @@
 module Xmldsig
-  VERSION = '0.4.0'
+  VERSION = '0.4.1'
 end

data/spec/fixtures/unsigned-sha1.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned-sha256.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned-sha384.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned-sha512.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/lib/xmldsig/reference_spec.rb

@@ -82,4 +82,22 @@ describe Xmldsig::Reference do
       reference.reference_uri.should == "#foo"
     end
   end
+
+  ["sha1", "sha256", "sha512"].each do |algorithm|
+    describe "digest method #{algorithm}" do
+      let(:document) { Nokogiri::XML::Document.parse File.read("spec/fixtures/unsigned-#{algorithm}.xml") }
+      let(:reference) { Xmldsig::Reference.new(document.at_xpath('//ds:Reference', Xmldsig::NAMESPACES)) }
+
+      it "uses the correct digest algorithm" do
+        case algorithm
+        when "sha512"
+          reference.digest_method.should == Digest::SHA512
+        when "sha256"
+          reference.digest_method.should == Digest::SHA256
+        when "sha1"
+          reference.digest_method.should == Digest::SHA1
+        end
+      end
+    end
+  end
 end

data/spec/lib/xmldsig/signature_spec.rb

@@ -97,4 +97,24 @@ describe Xmldsig::Signature do
       signature.errors.should be_empty
     end
   end
+
+  ["sha1", "sha256", "sha384", "sha512"].each do |algorithm|
+    describe "sign method #{algorithm}" do
+      let(:document) { Nokogiri::XML::Document.parse File.read("spec/fixtures/unsigned-#{algorithm}.xml") }
+      let(:signature_node) { document.at_xpath("//ds:Signature", Xmldsig::NAMESPACES) }
+      let(:signature) { Xmldsig::Signature.new(signature_node) }
+
+      it "uses the correct signature algorithm" do
+        signature.sign do |data, signature_algorithm|
+          case algorithm
+          when "sha1"
+            signature_algorithm.should == "http://www.w3.org/2000/09/xmldsig#rsa-#{algorithm}"
+          else
+            signature_algorithm.should == "http://www.w3.org/2001/04/xmldsig-more#rsa-#{algorithm}"
+          end
+          private_key.sign(OpenSSL::Digest.new(algorithm).new, data)
+        end
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: xmldsig
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - benoist
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-11-20 00:00:00.000000000 Z
+date: 2016-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -64,6 +64,10 @@ files:
 - spec/fixtures/signed_custom_attribute_id.xml
 - spec/fixtures/signed_xml-exc-c14n#with_comments.xml
 - spec/fixtures/unsigned-malicious.xml
+- spec/fixtures/unsigned-sha1.xml
+- spec/fixtures/unsigned-sha256.xml
+- spec/fixtures/unsigned-sha384.xml
+- spec/fixtures/unsigned-sha512.xml
 - spec/fixtures/unsigned.xml
 - spec/fixtures/unsigned/canonicalizer_1_0.xml
 - spec/fixtures/unsigned/canonicalizer_1_1.xml
@@ -107,7 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: This gem is a (partial) implementation of the XMLDsig specification (http://www.w3.org/TR/xmldsig-core)
@@ -124,6 +128,10 @@ test_files:
 - spec/fixtures/signed_custom_attribute_id.xml
 - spec/fixtures/signed_xml-exc-c14n#with_comments.xml
 - spec/fixtures/unsigned-malicious.xml
+- spec/fixtures/unsigned-sha1.xml
+- spec/fixtures/unsigned-sha256.xml
+- spec/fixtures/unsigned-sha384.xml
+- spec/fixtures/unsigned-sha512.xml
 - spec/fixtures/unsigned.xml
 - spec/fixtures/unsigned/canonicalizer_1_0.xml
 - spec/fixtures/unsigned/canonicalizer_1_1.xml