xmldsig 0.6.4 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 64e2371ac44ab8d5d30b2e1dfa83349a9ca0bb29
-  data.tar.gz: cbcf177d17808d6491cc86de1543bfee644a9759
+SHA256:
+  metadata.gz: 92d413835667c8486d402baf1eb4c6670a187c99d92184f1ef9c5b890d5da0dc
+  data.tar.gz: d495328b5b32f196390d13281001b2c2f11f409b2cc9932c1acb2666b55ba713
 SHA512:
-  metadata.gz: 30da1a037016e8414285ce55a4feeaa6279aab87f32343fab4004d02ce445f661349e1d4d5fb44ee397435f2d1f3b97a45abb0c902977cc2caa171129aed124a
-  data.tar.gz: 9f193467662531c2ff8a21bf22d16fea14801fc52527ece095c54a47690a34a7262f91b2f36b4f6461b1f23a132c47ca688ddc89c9eb2edf5cf4b47c3881fa3e
+  metadata.gz: abca8c44733682d84924d867a87d1e21644a0c031447c2fb4eec2321327bcfe324427662115f58d8336e9679f5dd4a1b8e06cd84afdb4e988f441177c30fd75e
+  data.tar.gz: ce2e1bea0c913770f9abd614655361c5bd482aa5ffaeb71d38ede414a8902c9bdc2cacb66a2a3e2316475c55afd6ddb2e64d81e412f7f9bcf4c0749f03b8b664

data/CHANGELOG.md

@@ -1,4 +1,14 @@
 # Changelog
+v0.7.0
+- Changed ReferencedNodeNotFound parent class to Xmldsig::Error for easier error handling
+
+v0.6.6
+- Add support for cid references to external documents. (iterateNZ)
+- Add support for http://www.w3.org/TR/1999/REC-xpath-19991116 transforms (iterateNZ)
+
+v0.6.5
+- Added inclusive namespace prefix list for canonicalization method (jmhooper)
+
 v0.6.4
 - Allow a custom XSD file for schema verifiation
 

data/README.md

@@ -24,6 +24,9 @@ unsigned_xml = <<-XML
 <?xml version="1.0" encoding="UTF-8"?>
 <foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
   <foo:Bar>bar</foo:Bar>
+  <foo:Baz>
+    <foo:Qux>quuz</foo:Qux>
+  </foo:Baz>
   <ds:Signature>
     <ds:SignedInfo>
       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
@@ -31,6 +34,9 @@ unsigned_xml = <<-XML
       <ds:Reference URI="#foo">
         <ds:Transforms>
           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+            <ds:XPath>not(ancestor-or-self::foo:Baz)</ds:XPath>
+          </ds:Transform>
           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
             <ec:InclusiveNamespaces PrefixList="foo"/>
           </ds:Transform>

data/lib/xmldsig/reference.rb

@@ -2,13 +2,14 @@ module Xmldsig
   class Reference
     attr_accessor :reference, :errors, :id_attr
 
-    class ReferencedNodeNotFound < Exception;
+    class ReferencedNodeNotFound < Xmldsig::Error
     end
 
-    def initialize(reference, id_attr = nil)
+    def initialize(reference, id_attr = nil, referenced_documents = {})
       @reference = reference
       @errors    = []
       @id_attr = id_attr
+      @referenced_documents = referenced_documents
     end
 
     def document
@@ -21,16 +22,28 @@ module Xmldsig
 
     def referenced_node
       if reference_uri && reference_uri != ""
-        id = reference_uri[1..-1]
-        referenced_node_xpath = @id_attr ? "//*[@#{@id_attr}=$uri]" : "//*[@ID=$uri or @wsu:Id=$uri]"
-        variable_bindings = { 'uri' => id }
-        if ref = document.dup.at_xpath(referenced_node_xpath, NAMESPACES, variable_bindings)
-          ref
+        if @id_attr.nil? && reference_uri.start_with?("cid:")
+          content_id = reference_uri[4..-1]
+          if @referenced_documents.has_key?(content_id)
+            @referenced_documents[content_id].dup
+          else
+            raise(
+                ReferencedNodeNotFound,
+                "Could not find referenced document with ContentId #{content_id}"
+            )
+          end
         else
-          raise(
-              ReferencedNodeNotFound,
-              "Could not find the referenced node #{id}'"
-          )
+          id = reference_uri[1..-1]
+          referenced_node_xpath = @id_attr ? "//*[@#{@id_attr}=$uri]" : "//*[@ID=$uri or @wsu:Id=$uri]"
+          variable_bindings = { 'uri' => id }
+          if ref = document.dup.at_xpath(referenced_node_xpath, NAMESPACES, variable_bindings)
+            ref
+          else
+            raise(
+                ReferencedNodeNotFound,
+                "Could not find the referenced node #{id}'"
+            )
+          end
         end
       else
         document.dup.root

data/lib/xmldsig/signature.rb

@@ -2,14 +2,15 @@ module Xmldsig
   class Signature
     attr_accessor :signature
 
-    def initialize(signature, id_attr = nil)
+    def initialize(signature, id_attr = nil, referenced_documents = {})
       @signature = signature
       @id_attr = id_attr
+      @referenced_documents = referenced_documents
     end
 
     def references
       @references ||= signature.xpath("descendant::ds:Reference", NAMESPACES).map do |node|
-        Reference.new(node, @id_attr)
+        Reference.new(node, @id_attr, @referenced_documents)
       end
     end
 
@@ -54,7 +55,20 @@ module Xmldsig
     end
 
     def canonicalized_signed_info
-      Canonicalizer.new(signed_info, canonicalization_method).canonicalize
+      Canonicalizer.new(
+        signed_info,
+        canonicalization_method,
+        inclusive_namespaces_for_canonicalization
+      ).canonicalize
+    end
+
+    def inclusive_namespaces_for_canonicalization
+      namespaces_node = signed_info.at_xpath(
+        'descendant::ds:CanonicalizationMethod/ec:InclusiveNamespaces',
+        NAMESPACES
+      )
+      return unless namespaces_node && namespaces_node.get_attribute('PrefixList')
+      namespaces_node.get_attribute('PrefixList').split(/\W+/)
     end
 
     def calculate_signature_value(private_key, &block)

data/lib/xmldsig/signed_document.rb

@@ -1,6 +1,6 @@
 module Xmldsig
   class SignedDocument
-    attr_accessor :document, :id_attr, :force
+    attr_accessor :document, :id_attr, :force, :referenced_documents
 
     def initialize(document, options = {})
       @document = if document.kind_of?(Nokogiri::XML::Document)
@@ -10,6 +10,7 @@ module Xmldsig
       end
       @id_attr  = options[:id_attr] if options[:id_attr]
       @force    = options[:force]
+      @referenced_documents = options.fetch(:referenced_documents, {})
     end
 
     def validate(certificate = nil, schema = nil, &block)
@@ -35,7 +36,7 @@ module Xmldsig
     def signatures
       document.xpath("//ds:Signature", NAMESPACES).
           sort { |left, right| left.ancestors.size <=> right.ancestors.size }.
-          collect { |node| Signature.new(node, @id_attr) } || []
+          collect { |node| Signature.new(node, @id_attr, referenced_documents) } || []
     end
   end
 end

data/lib/xmldsig/transforms/xpath.rb

@@ -0,0 +1,22 @@
+module Xmldsig
+  class Transforms < Array
+    class XPath < Transform
+      attr_reader :xpath_query
+
+      REC_XPATH_1991116_QUERY = "(//. | //@* | //namespace::*)"
+
+      def initialize(node, transform_node)
+        @xpath_query = transform_node.at_xpath("ds:XPath", NAMESPACES).text
+        super(node, transform_node)
+      end
+
+      def transform
+        node.xpath(REC_XPATH_1991116_QUERY)
+          .reject { |n| !n.respond_to?(:xpath) }
+          .reject { |n| n.xpath(@xpath_query, node.namespaces) }
+          .each(&:remove)
+        node
+      end
+    end
+  end
+end

data/lib/xmldsig/transforms.rb

@@ -21,6 +21,8 @@ module Xmldsig
           Transforms::Canonicalize.new(node, transform_node)
         when "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
           Transforms::Canonicalize.new(node, transform_node, true)
+        when "http://www.w3.org/TR/1999/REC-xpath-19991116"
+          Transforms::XPath.new(node, transform_node)
       end
     end
 

data/lib/xmldsig/version.rb

@@ -1,3 +1,3 @@
 module Xmldsig
-  VERSION = '0.6.4'
+  VERSION = '0.7.0'
 end

data/lib/xmldsig.rb

@@ -25,6 +25,7 @@ require "xmldsig/signed_document"
 require "xmldsig/transforms/transform"
 require "xmldsig/transforms/canonicalize"
 require "xmldsig/transforms/enveloped_signature"
+require "xmldsig/transforms/xpath"
 require "xmldsig/transforms"
 require "xmldsig/reference"
 require "xmldsig/signature"

data/spec/fixtures/signed_signature_namespace.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="foo">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="foo"/>
+      </ds:CanonicalizationMethod>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>ftoSYFdze1AWgGHF5N9i9SFKThXkqH2AdyzA3/epbJw=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>s3yYvk1UCZkIpljdy6GZTdbOi/FvhuvCnBSYmdPb3yQmtEpww5Q2tCKgqu/9ixxf1tmyUulRrIZk0mVarQUsykrJhOKBHo8ht487c/XT+fmv+zF4JeO4fV6VsAx1cFd/qMXdDyE6nOxgW+qppeRwkdfX2N5I8COzn0fHOLp9QTo=</ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/signed_with_cid_reference.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="foo">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="cid:fooDocument">
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>tdQEXD9Gb6kf4sxqvnkjKhpXzfEE96JucW4KHieJ33g=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>JI5XLfznf8BsNA5vtm0kPG5kni983qrJV1EFx4oZnb6tPvARvPbtR1oEaxnB5ROQJ6xzBuuxDsUFT1BNNUR8vL1S2qPk80USXwNhl0Cfa4mDULNw1rRhN6q82VEvAC/Hb32mvgKDLlJZymdafZhUUeEmaQj+YHsTU54kPCY5w+E=</ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned/with_xpath_algorithm.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
+  <soapenv:Body>
+    <samlp:ArtifactResponse xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="_91e79cb2e8cded9a7fd4d68dc480b49d2d1adf88" Version="2.0" IssueInstant="2013-01-17T09:02:44Z">
+      <ds:Signature>
+        <ds:SignedInfo>
+          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+          <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+          <ds:Reference>
+            <ds:Transforms>
+              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+              <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+                <ds:XPath>not(ancestor-or-self::samlp:Status)</ds:XPath>
+              </ds:Transform>
+              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+                <ec:InclusiveNamespaces PrefixList="ds saml samlp xs"/>
+              </ds:Transform>
+            </ds:Transforms>
+            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+            <ds:DigestValue></ds:DigestValue>
+          </ds:Reference>
+        </ds:SignedInfo>
+        <ds:SignatureValue></ds:SignatureValue>
+      </ds:Signature>
+      <samlp:Status>
+        <samlp:StatusCode/>
+      </samlp:Status>
+      <samlp:Response ID="_5a88b4aeb1d290c86073874278e5ef302da66739" Version="2.0" IssueInstant="2013-01-17T09:02:44Z">
+        <samlp:Status>
+          <samlp:StatusCode/>
+        </samlp:Status>
+      </samlp:Response>
+    </samlp:ArtifactResponse>
+  </soapenv:Body>
+</soapenv:Envelope>

data/spec/fixtures/unsigned_signature_namespace.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="foo"/>
+      </ds:CanonicalizationMethod>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned_with_cid_reference.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="foo">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="cid:fooDocument">
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/lib/xmldsig/reference_spec.rb

@@ -78,6 +78,30 @@ describe Xmldsig::Reference do
       expect { malicious_reference.referenced_node }.
         to raise_error(Xmldsig::Reference::ReferencedNodeNotFound)
     end
+
+    context "when the referenced node is prefixed with 'cid:'" do
+      let(:document) { Nokogiri::XML::Document.parse File.read("spec/fixtures/unsigned_with_cid_reference.xml") }
+      let(:foo_document) { "<test><ing>present</ing></test>" }
+      let(:referenced_documents) { { "fooDocument" => foo_document } }
+      let(:reference) { Xmldsig::Reference.new(document.at_xpath('//ds:Reference', Xmldsig::NAMESPACES), nil, referenced_documents) }
+
+      it "has the correct reference_uri" do
+        expect(reference.reference_uri).to eq "cid:fooDocument"
+      end
+
+      it "returns the document referenced by the content id" do
+        expect(reference.referenced_node).to eq foo_document
+      end
+
+      context "when the document has no referenced_documents matching the referenced name" do
+        let(:referenced_documents) { Hash.new }
+
+        it "raises ReferencedNodeNotFound" do
+          expect { reference.referenced_node }.
+            to raise_error(Xmldsig::Reference::ReferencedNodeNotFound)
+        end
+      end
+    end
   end
 
   describe "#reference_uri" do

data/spec/lib/xmldsig/signature_spec.rb

@@ -106,6 +106,7 @@ describe Xmldsig::Signature do
 
       it "returns false with the default validation scheme and true with the X509 serial fix scheme" do
         aggregate_failures do
+          break expect(signature.valid?(certificate)).to eq(true) if RUBY_ENGINE == 'jruby'
           expect { signature.valid?(certificate) }.to raise_error Xmldsig::SchemaError, /is not a valid value of the atomic type 'xs:integer'/
           expect(signature.valid?(certificate, Xmldsig::XSD_X509_SERIAL_FIX_FILE)).to eq(true)
           expect(signature.errors).to eql []

data/spec/lib/xmldsig/signed_document_spec.rb

@@ -125,6 +125,15 @@ describe Xmldsig::SignedDocument do
         expect(signed_document.signatures.last.signature_value).to_not be(unsigned_document.signatures.last.signature_value)
       end
     end
+
+    context 'with inclusive namespaces for the signature' do
+      let(:unsigned_xml) { File.read("spec/fixtures/unsigned_signature_namespace.xml") }
+      let(:signed_xml) { File.read("spec/fixtures/signed_signature_namespace.xml") }
+
+      it 'canonicalizes and signs correctly' do
+        expect(unsigned_document.sign(private_key)).to eq(signed_xml)
+      end
+    end
   end
 
   describe "Nested Signatures" do

data/spec/lib/xmldsig/transforms/xpath_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+describe Xmldsig::Transforms::XPath do
+  let(:expected_xpath_query) { "not(ancestor-or-self::samlp:Status)" }
+  let(:unsigned_xml) { File.read('spec/fixtures/unsigned/with_xpath_algorithm.xml') }
+  let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml) }
+  let(:transform_node) { unsigned_document.signatures.first.references.first.transforms[1] }
+  subject(:xpath_transform) { described_class.new(unsigned_document.document, transform_node) }
+
+  it 'reads the xpath' do
+    expect(xpath_transform.xpath_query).to eq expected_xpath_query
+  end
+
+  it 'filters out the nodes matching the xpath expression' do
+    transformed_node = xpath_transform.transform
+    expect(transform_node.children).to all(satisfy { |n| n.xpath(expected_xpath_query, unsigned_document.document.namespaces) })
+  end
+end

data/spec/lib/xmldsig_spec.rb

@@ -81,4 +81,31 @@ describe Xmldsig do
       end
     end
   end
+
+  describe "Allows passing referenced documents" do
+    let(:referenced_documents) { { 'fooDocument' => 'ABC' } }
+
+    describe "an unsigned document" do
+      let(:unsigned_xml) { File.read("spec/fixtures/unsigned_with_cid_reference.xml") }
+      let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml, referenced_documents: referenced_documents) }
+      let(:signed_document) { unsigned_document.sign(private_key) }
+
+      it "should be signable an validateable" do
+        expect(Xmldsig::SignedDocument.new(signed_document, referenced_documents: referenced_documents).validate(certificate)).to eq(true)
+      end
+
+      it 'should have at least 1 signature element' do
+        expect(Xmldsig::SignedDocument.new(signed_document).signatures.count).to be >= 1
+      end
+    end
+
+    context "a signed document" do
+      let(:signed_xml) { File.read("spec/fixtures/signed_with_cid_reference.xml") }
+      let(:signed_document) { Xmldsig::SignedDocument.new(signed_xml, referenced_documents: referenced_documents) }
+
+      it "should be validateable" do
+        expect(signed_document.validate(certificate)).to eq(true)
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: xmldsig
 version: !ruby/object:Gem::Version
-  version: 0.6.4
+  version: 0.7.0
 platform: ruby
 authors:
 - benoist
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-09-07 00:00:00.000000000 Z
+date: 2022-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -55,6 +55,7 @@ files:
 - lib/xmldsig/transforms/canonicalize.rb
 - lib/xmldsig/transforms/enveloped_signature.rb
 - lib/xmldsig/transforms/transform.rb
+- lib/xmldsig/transforms/xpath.rb
 - lib/xmldsig/version.rb
 - lib/xmldsig/xmldsig-core-schema-x509-serial-fix.xsd
 - lib/xmldsig/xmldsig-core-schema.xsd
@@ -69,6 +70,8 @@ files:
 - spec/fixtures/signed/shib.cert
 - spec/fixtures/signed/shib.xml
 - spec/fixtures/signed_custom_attribute_id.xml
+- spec/fixtures/signed_signature_namespace.xml
+- spec/fixtures/signed_with_cid_reference.xml
 - spec/fixtures/signed_xml-exc-c14n#with_comments.xml
 - spec/fixtures/unsigned-invalid.xml
 - spec/fixtures/unsigned-malicious.xml
@@ -86,6 +89,7 @@ files:
 - spec/fixtures/unsigned/unsigned_nested_signature_at_bottom.xml
 - spec/fixtures/unsigned/unsigned_nested_signature_at_top.xml
 - spec/fixtures/unsigned/with_soap_envelope.xml
+- spec/fixtures/unsigned/with_xpath_algorithm.xml
 - spec/fixtures/unsigned/without_canonicalization.xml
 - spec/fixtures/unsigned/without_namespace_prefix.xml
 - spec/fixtures/unsigned/without_reference_uri.xml
@@ -93,11 +97,14 @@ files:
 - spec/fixtures/unsigned_multiple_references.xml
 - spec/fixtures/unsigned_nested_signature.xml
 - spec/fixtures/unsigned_nested_signed_signature.xml
+- spec/fixtures/unsigned_signature_namespace.xml
+- spec/fixtures/unsigned_with_cid_reference.xml
 - spec/lib/xmldsig/reference_spec.rb
 - spec/lib/xmldsig/signature_spec.rb
 - spec/lib/xmldsig/signed_document_spec.rb
 - spec/lib/xmldsig/transforms/enveloped_signature_spec.rb
 - spec/lib/xmldsig/transforms/transform_spec.rb
+- spec/lib/xmldsig/transforms/xpath_spec.rb
 - spec/lib/xmldsig_spec.rb
 - spec/spec_helper.rb
 - xmldsig.gemspec
@@ -105,7 +112,7 @@ homepage: https://github.com/benoist/xmldsig
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -120,9 +127,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: This gem is a (partial) implementation of the XMLDsig specification (http://www.w3.org/TR/xmldsig-core)
 test_files:
@@ -136,6 +142,8 @@ test_files:
 - spec/fixtures/signed/shib.cert
 - spec/fixtures/signed/shib.xml
 - spec/fixtures/signed_custom_attribute_id.xml
+- spec/fixtures/signed_signature_namespace.xml
+- spec/fixtures/signed_with_cid_reference.xml
 - spec/fixtures/signed_xml-exc-c14n#with_comments.xml
 - spec/fixtures/unsigned-invalid.xml
 - spec/fixtures/unsigned-malicious.xml
@@ -153,6 +161,7 @@ test_files:
 - spec/fixtures/unsigned/unsigned_nested_signature_at_bottom.xml
 - spec/fixtures/unsigned/unsigned_nested_signature_at_top.xml
 - spec/fixtures/unsigned/with_soap_envelope.xml
+- spec/fixtures/unsigned/with_xpath_algorithm.xml
 - spec/fixtures/unsigned/without_canonicalization.xml
 - spec/fixtures/unsigned/without_namespace_prefix.xml
 - spec/fixtures/unsigned/without_reference_uri.xml
@@ -160,10 +169,13 @@ test_files:
 - spec/fixtures/unsigned_multiple_references.xml
 - spec/fixtures/unsigned_nested_signature.xml
 - spec/fixtures/unsigned_nested_signed_signature.xml
+- spec/fixtures/unsigned_signature_namespace.xml
+- spec/fixtures/unsigned_with_cid_reference.xml
 - spec/lib/xmldsig/reference_spec.rb
 - spec/lib/xmldsig/signature_spec.rb
 - spec/lib/xmldsig/signed_document_spec.rb
 - spec/lib/xmldsig/transforms/enveloped_signature_spec.rb
 - spec/lib/xmldsig/transforms/transform_spec.rb
+- spec/lib/xmldsig/transforms/xpath_spec.rb
 - spec/lib/xmldsig_spec.rb
 - spec/spec_helper.rb