xmldsig 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +2 -0
  3. data/lib/xmldsig/reference.rb +6 -4
  4. data/lib/xmldsig/version.rb +1 -1
  5. data/spec/fixtures/unsigned-invalid.xml +21 -0
  6. data/spec/fixtures/unsigned-xmlenc-sha1.xml +21 -0
  7. data/spec/lib/xmldsig/reference_spec.rb +12 -5
  8. metadata +6 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 24b0b911fc3ff8735e115e84958d7ed67cb30201
4
- data.tar.gz: 4216c7d6b5a608c9e0e6f60af86a2b3abaaedb0d
3
+ metadata.gz: ea438669a6cdd47452ce9ec1554ec4b45cbd2f99
4
+ data.tar.gz: df71150ef40324eb26842dae1c3651000d7e4608
5
5
  SHA512:
6
- metadata.gz: 526a3a043f0040e45dbcca923a1b7311fa760e435ef997200bdbbb1be91dd09a83614f4ee97c7dd3a5ff27cbeae438c10b3e86d6a898e8fafd17a1103abf05ae
7
- data.tar.gz: f23638284559286c0665a76f9104ad909b5e3401caf019f4695843348fa3a88bb8de67ebf2d4b575b74b88f2675877e25628cc202f2c151e79385858ce9d208e
6
+ metadata.gz: 08a8db423fede0282b26616d7ff75db36bfee05e00e3e9a4d9b71b56192b7f6d1a62e5a5a6234566044d1dd21bc5b8795a3e7950ca94c181a99f83bebc1152f6
7
+ data.tar.gz: 7803d8c5e39bb1fb3bfb1b63ff2a5942c1f96f26a0f8e6f6f0ec47073b2538d2d8cecda8a56fb7e5ec323fd7f1da1b6c3c3bde2f555c4945ebb621f5eb7749eb
data/CHANGELOG.md CHANGED
@@ -1,4 +1,6 @@
1
1
  # Changelog
2
+ v0.6.2
3
+ - Allowing other DigestMethod namespaces
2
4
 
3
5
  v0.6.1
4
6
  - Using strict base64 encoding
data/lib/xmldsig/reference.rb CHANGED
@@ -57,13 +57,15 @@ module Xmldsig
57
57
 
58
58
  def digest_method
59
59
  algorithm = reference.at_xpath("descendant::ds:DigestMethod", NAMESPACES).get_attribute("Algorithm")
60
- case algorithm
61
- when "http://www.w3.org/2001/04/xmlenc#sha512"
60
+ case algorithm =~ /sha(.*?)$/i && $1.to_i
61
+ when 512
62
62
  Digest::SHA512
63
- when "http://www.w3.org/2001/04/xmlenc#sha256"
63
+ when 256
64
64
  Digest::SHA256
65
- when "http://www.w3.org/2000/09/xmldsig#sha1"
65
+ when 1
66
66
  Digest::SHA1
67
+ else
68
+ Digest::SHA256
67
69
  end
68
70
  end
69
71
 
data/lib/xmldsig/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Xmldsig
2
- VERSION = '0.6.1'
2
+ VERSION = '0.6.2'
3
3
  end
data/spec/fixtures/unsigned-invalid.xml ADDED
@@ -0,0 +1,21 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
3
+ <foo:Bar>bar</foo:Bar>
4
+ <ds:Signature>
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
7
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
8
+ <ds:Reference URI="#foo">
9
+ <ds:Transforms>
10
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
11
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
12
+ <ec:InclusiveNamespaces PrefixList="foo"/>
13
+ </ds:Transform>
14
+ </ds:Transforms>
15
+ <ds:DigestMethod Algorithm="invalid"/>
16
+ <ds:DigestValue></ds:DigestValue>
17
+ </ds:Reference>
18
+ </ds:SignedInfo>
19
+ <ds:SignatureValue></ds:SignatureValue>
20
+ </ds:Signature>
21
+ </foo:Foo>
data/spec/fixtures/unsigned-xmlenc-sha1.xml ADDED
@@ -0,0 +1,21 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
3
+ <foo:Bar>bar</foo:Bar>
4
+ <ds:Signature>
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
7
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
8
+ <ds:Reference URI="#foo">
9
+ <ds:Transforms>
10
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
11
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
12
+ <ec:InclusiveNamespaces PrefixList="foo"/>
13
+ </ds:Transform>
14
+ </ds:Transforms>
15
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
16
+ <ds:DigestValue></ds:DigestValue>
17
+ </ds:Reference>
18
+ </ds:SignedInfo>
19
+ <ds:SignatureValue></ds:SignatureValue>
20
+ </ds:Signature>
21
+ </foo:Foo>
data/spec/lib/xmldsig/reference_spec.rb CHANGED
@@ -83,21 +83,28 @@ describe Xmldsig::Reference do
83
83
  end
84
84
  end
85
85
 
86
- ["sha1", "sha256", "sha512"].each do |algorithm|
86
+ ["xmlenc-sha1", "sha1", "sha256", "sha512"].each do |algorithm|
87
87
  describe "digest method #{algorithm}" do
88
88
  let(:document) { Nokogiri::XML::Document.parse File.read("spec/fixtures/unsigned-#{algorithm}.xml") }
89
89
  let(:reference) { Xmldsig::Reference.new(document.at_xpath('//ds:Reference', Xmldsig::NAMESPACES)) }
90
90
 
91
91
  it "uses the correct digest algorithm" do
92
- case algorithm
93
- when "sha512"
92
+ match = algorithm.match(/\d+/)[0].to_i
93
+ case match
94
+ when 512
94
95
  reference.digest_method.should == Digest::SHA512
95
- when "sha256"
96
+ when 256
96
97
  reference.digest_method.should == Digest::SHA256
97
- when "sha1"
98
+ when 1
98
99
  reference.digest_method.should == Digest::SHA1
99
100
  end
100
101
  end
101
102
  end
102
103
  end
104
+
105
+ it 'defaults to SHA256 for invalid algorithms' do
106
+ document = Nokogiri::XML::Document.parse(IO.read("spec/fixtures/unsigned-invalid.xml"))
107
+ reference = Xmldsig::Reference.new(document.at_xpath('//ds:Reference', Xmldsig::NAMESPACES))
108
+ reference.digest_method.should == Digest::SHA256
109
+ end
103
110
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: xmldsig
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.6.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - benoist
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-11-03 00:00:00.000000000 Z
11
+ date: 2016-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -63,11 +63,13 @@ files:
63
63
  - spec/fixtures/signed/shib.xml
64
64
  - spec/fixtures/signed_custom_attribute_id.xml
65
65
  - spec/fixtures/signed_xml-exc-c14n#with_comments.xml
66
+ - spec/fixtures/unsigned-invalid.xml
66
67
  - spec/fixtures/unsigned-malicious.xml
67
68
  - spec/fixtures/unsigned-sha1.xml
68
69
  - spec/fixtures/unsigned-sha256.xml
69
70
  - spec/fixtures/unsigned-sha384.xml
70
71
  - spec/fixtures/unsigned-sha512.xml
72
+ - spec/fixtures/unsigned-xmlenc-sha1.xml
71
73
  - spec/fixtures/unsigned.xml
72
74
  - spec/fixtures/unsigned/canonicalizer_1_0.xml
73
75
  - spec/fixtures/unsigned/canonicalizer_1_1.xml
@@ -127,11 +129,13 @@ test_files:
127
129
  - spec/fixtures/signed/shib.xml
128
130
  - spec/fixtures/signed_custom_attribute_id.xml
129
131
  - spec/fixtures/signed_xml-exc-c14n#with_comments.xml
132
+ - spec/fixtures/unsigned-invalid.xml
130
133
  - spec/fixtures/unsigned-malicious.xml
131
134
  - spec/fixtures/unsigned-sha1.xml
132
135
  - spec/fixtures/unsigned-sha256.xml
133
136
  - spec/fixtures/unsigned-sha384.xml
134
137
  - spec/fixtures/unsigned-sha512.xml
138
+ - spec/fixtures/unsigned-xmlenc-sha1.xml
135
139
  - spec/fixtures/unsigned.xml
136
140
  - spec/fixtures/unsigned/canonicalizer_1_0.xml
137
141
  - spec/fixtures/unsigned/canonicalizer_1_1.xml