xmldsig 0.6.4 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 64e2371ac44ab8d5d30b2e1dfa83349a9ca0bb29
4
- data.tar.gz: cbcf177d17808d6491cc86de1543bfee644a9759
2
+ SHA256:
3
+ metadata.gz: 92d413835667c8486d402baf1eb4c6670a187c99d92184f1ef9c5b890d5da0dc
4
+ data.tar.gz: d495328b5b32f196390d13281001b2c2f11f409b2cc9932c1acb2666b55ba713
5
5
  SHA512:
6
- metadata.gz: 30da1a037016e8414285ce55a4feeaa6279aab87f32343fab4004d02ce445f661349e1d4d5fb44ee397435f2d1f3b97a45abb0c902977cc2caa171129aed124a
7
- data.tar.gz: 9f193467662531c2ff8a21bf22d16fea14801fc52527ece095c54a47690a34a7262f91b2f36b4f6461b1f23a132c47ca688ddc89c9eb2edf5cf4b47c3881fa3e
6
+ metadata.gz: abca8c44733682d84924d867a87d1e21644a0c031447c2fb4eec2321327bcfe324427662115f58d8336e9679f5dd4a1b8e06cd84afdb4e988f441177c30fd75e
7
+ data.tar.gz: ce2e1bea0c913770f9abd614655361c5bd482aa5ffaeb71d38ede414a8902c9bdc2cacb66a2a3e2316475c55afd6ddb2e64d81e412f7f9bcf4c0749f03b8b664
data/CHANGELOG.md CHANGED
@@ -1,4 +1,14 @@
1
1
  # Changelog
2
+ v0.7.0
3
+ - Changed ReferencedNodeNotFound parent class to Xmldsig::Error for easier error handling
4
+
5
+ v0.6.6
6
+ - Add support for cid references to external documents. (iterateNZ)
7
+ - Add support for http://www.w3.org/TR/1999/REC-xpath-19991116 transforms (iterateNZ)
8
+
9
+ v0.6.5
10
+ - Added inclusive namespace prefix list for canonicalization method (jmhooper)
11
+
2
12
  v0.6.4
3
13
  - Allow a custom XSD file for schema verifiation
4
14
 
data/README.md CHANGED
@@ -24,6 +24,9 @@ unsigned_xml = <<-XML
24
24
  <?xml version="1.0" encoding="UTF-8"?>
25
25
  <foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
26
26
  <foo:Bar>bar</foo:Bar>
27
+ <foo:Baz>
28
+ <foo:Qux>quuz</foo:Qux>
29
+ </foo:Baz>
27
30
  <ds:Signature>
28
31
  <ds:SignedInfo>
29
32
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
@@ -31,6 +34,9 @@ unsigned_xml = <<-XML
31
34
  <ds:Reference URI="#foo">
32
35
  <ds:Transforms>
33
36
  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
37
+ <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
38
+ <ds:XPath>not(ancestor-or-self::foo:Baz)</ds:XPath>
39
+ </ds:Transform>
34
40
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
35
41
  <ec:InclusiveNamespaces PrefixList="foo"/>
36
42
  </ds:Transform>
@@ -2,13 +2,14 @@ module Xmldsig
2
2
  class Reference
3
3
  attr_accessor :reference, :errors, :id_attr
4
4
 
5
- class ReferencedNodeNotFound < Exception;
5
+ class ReferencedNodeNotFound < Xmldsig::Error
6
6
  end
7
7
 
8
- def initialize(reference, id_attr = nil)
8
+ def initialize(reference, id_attr = nil, referenced_documents = {})
9
9
  @reference = reference
10
10
  @errors = []
11
11
  @id_attr = id_attr
12
+ @referenced_documents = referenced_documents
12
13
  end
13
14
 
14
15
  def document
@@ -21,16 +22,28 @@ module Xmldsig
21
22
 
22
23
  def referenced_node
23
24
  if reference_uri && reference_uri != ""
24
- id = reference_uri[1..-1]
25
- referenced_node_xpath = @id_attr ? "//*[@#{@id_attr}=$uri]" : "//*[@ID=$uri or @wsu:Id=$uri]"
26
- variable_bindings = { 'uri' => id }
27
- if ref = document.dup.at_xpath(referenced_node_xpath, NAMESPACES, variable_bindings)
28
- ref
25
+ if @id_attr.nil? && reference_uri.start_with?("cid:")
26
+ content_id = reference_uri[4..-1]
27
+ if @referenced_documents.has_key?(content_id)
28
+ @referenced_documents[content_id].dup
29
+ else
30
+ raise(
31
+ ReferencedNodeNotFound,
32
+ "Could not find referenced document with ContentId #{content_id}"
33
+ )
34
+ end
29
35
  else
30
- raise(
31
- ReferencedNodeNotFound,
32
- "Could not find the referenced node #{id}'"
33
- )
36
+ id = reference_uri[1..-1]
37
+ referenced_node_xpath = @id_attr ? "//*[@#{@id_attr}=$uri]" : "//*[@ID=$uri or @wsu:Id=$uri]"
38
+ variable_bindings = { 'uri' => id }
39
+ if ref = document.dup.at_xpath(referenced_node_xpath, NAMESPACES, variable_bindings)
40
+ ref
41
+ else
42
+ raise(
43
+ ReferencedNodeNotFound,
44
+ "Could not find the referenced node #{id}'"
45
+ )
46
+ end
34
47
  end
35
48
  else
36
49
  document.dup.root
@@ -2,14 +2,15 @@ module Xmldsig
2
2
  class Signature
3
3
  attr_accessor :signature
4
4
 
5
- def initialize(signature, id_attr = nil)
5
+ def initialize(signature, id_attr = nil, referenced_documents = {})
6
6
  @signature = signature
7
7
  @id_attr = id_attr
8
+ @referenced_documents = referenced_documents
8
9
  end
9
10
 
10
11
  def references
11
12
  @references ||= signature.xpath("descendant::ds:Reference", NAMESPACES).map do |node|
12
- Reference.new(node, @id_attr)
13
+ Reference.new(node, @id_attr, @referenced_documents)
13
14
  end
14
15
  end
15
16
 
@@ -54,7 +55,20 @@ module Xmldsig
54
55
  end
55
56
 
56
57
  def canonicalized_signed_info
57
- Canonicalizer.new(signed_info, canonicalization_method).canonicalize
58
+ Canonicalizer.new(
59
+ signed_info,
60
+ canonicalization_method,
61
+ inclusive_namespaces_for_canonicalization
62
+ ).canonicalize
63
+ end
64
+
65
+ def inclusive_namespaces_for_canonicalization
66
+ namespaces_node = signed_info.at_xpath(
67
+ 'descendant::ds:CanonicalizationMethod/ec:InclusiveNamespaces',
68
+ NAMESPACES
69
+ )
70
+ return unless namespaces_node && namespaces_node.get_attribute('PrefixList')
71
+ namespaces_node.get_attribute('PrefixList').split(/\W+/)
58
72
  end
59
73
 
60
74
  def calculate_signature_value(private_key, &block)
@@ -1,6 +1,6 @@
1
1
  module Xmldsig
2
2
  class SignedDocument
3
- attr_accessor :document, :id_attr, :force
3
+ attr_accessor :document, :id_attr, :force, :referenced_documents
4
4
 
5
5
  def initialize(document, options = {})
6
6
  @document = if document.kind_of?(Nokogiri::XML::Document)
@@ -10,6 +10,7 @@ module Xmldsig
10
10
  end
11
11
  @id_attr = options[:id_attr] if options[:id_attr]
12
12
  @force = options[:force]
13
+ @referenced_documents = options.fetch(:referenced_documents, {})
13
14
  end
14
15
 
15
16
  def validate(certificate = nil, schema = nil, &block)
@@ -35,7 +36,7 @@ module Xmldsig
35
36
  def signatures
36
37
  document.xpath("//ds:Signature", NAMESPACES).
37
38
  sort { |left, right| left.ancestors.size <=> right.ancestors.size }.
38
- collect { |node| Signature.new(node, @id_attr) } || []
39
+ collect { |node| Signature.new(node, @id_attr, referenced_documents) } || []
39
40
  end
40
41
  end
41
42
  end
@@ -0,0 +1,22 @@
1
+ module Xmldsig
2
+ class Transforms < Array
3
+ class XPath < Transform
4
+ attr_reader :xpath_query
5
+
6
+ REC_XPATH_1991116_QUERY = "(//. | //@* | //namespace::*)"
7
+
8
+ def initialize(node, transform_node)
9
+ @xpath_query = transform_node.at_xpath("ds:XPath", NAMESPACES).text
10
+ super(node, transform_node)
11
+ end
12
+
13
+ def transform
14
+ node.xpath(REC_XPATH_1991116_QUERY)
15
+ .reject { |n| !n.respond_to?(:xpath) }
16
+ .reject { |n| n.xpath(@xpath_query, node.namespaces) }
17
+ .each(&:remove)
18
+ node
19
+ end
20
+ end
21
+ end
22
+ end
@@ -21,6 +21,8 @@ module Xmldsig
21
21
  Transforms::Canonicalize.new(node, transform_node)
22
22
  when "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
23
23
  Transforms::Canonicalize.new(node, transform_node, true)
24
+ when "http://www.w3.org/TR/1999/REC-xpath-19991116"
25
+ Transforms::XPath.new(node, transform_node)
24
26
  end
25
27
  end
26
28
 
@@ -1,3 +1,3 @@
1
1
  module Xmldsig
2
- VERSION = '0.6.4'
2
+ VERSION = '0.7.0'
3
3
  end
data/lib/xmldsig.rb CHANGED
@@ -25,6 +25,7 @@ require "xmldsig/signed_document"
25
25
  require "xmldsig/transforms/transform"
26
26
  require "xmldsig/transforms/canonicalize"
27
27
  require "xmldsig/transforms/enveloped_signature"
28
+ require "xmldsig/transforms/xpath"
28
29
  require "xmldsig/transforms"
29
30
  require "xmldsig/reference"
30
31
  require "xmldsig/signature"
@@ -0,0 +1,23 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="foo">
3
+ <foo:Bar>bar</foo:Bar>
4
+ <ds:Signature>
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
7
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="foo"/>
8
+ </ds:CanonicalizationMethod>
9
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
10
+ <ds:Reference URI="#foo">
11
+ <ds:Transforms>
12
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
13
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
14
+ <ec:InclusiveNamespaces PrefixList="foo"/>
15
+ </ds:Transform>
16
+ </ds:Transforms>
17
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
18
+ <ds:DigestValue>ftoSYFdze1AWgGHF5N9i9SFKThXkqH2AdyzA3/epbJw=</ds:DigestValue>
19
+ </ds:Reference>
20
+ </ds:SignedInfo>
21
+ <ds:SignatureValue>s3yYvk1UCZkIpljdy6GZTdbOi/FvhuvCnBSYmdPb3yQmtEpww5Q2tCKgqu/9ixxf1tmyUulRrIZk0mVarQUsykrJhOKBHo8ht487c/XT+fmv+zF4JeO4fV6VsAx1cFd/qMXdDyE6nOxgW+qppeRwkdfX2N5I8COzn0fHOLp9QTo=</ds:SignatureValue>
22
+ </ds:Signature>
23
+ </foo:Foo>
@@ -0,0 +1,15 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="foo">
3
+ <foo:Bar>bar</foo:Bar>
4
+ <ds:Signature>
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
7
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
8
+ <ds:Reference URI="cid:fooDocument">
9
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
10
+ <ds:DigestValue>tdQEXD9Gb6kf4sxqvnkjKhpXzfEE96JucW4KHieJ33g=</ds:DigestValue>
11
+ </ds:Reference>
12
+ </ds:SignedInfo>
13
+ <ds:SignatureValue>JI5XLfznf8BsNA5vtm0kPG5kni983qrJV1EFx4oZnb6tPvARvPbtR1oEaxnB5ROQJ6xzBuuxDsUFT1BNNUR8vL1S2qPk80USXwNhl0Cfa4mDULNw1rRhN6q82VEvAC/Hb32mvgKDLlJZymdafZhUUeEmaQj+YHsTU54kPCY5w+E=</ds:SignatureValue>
14
+ </ds:Signature>
15
+ </foo:Foo>
@@ -0,0 +1,35 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
3
+ <soapenv:Body>
4
+ <samlp:ArtifactResponse xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="_91e79cb2e8cded9a7fd4d68dc480b49d2d1adf88" Version="2.0" IssueInstant="2013-01-17T09:02:44Z">
5
+ <ds:Signature>
6
+ <ds:SignedInfo>
7
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
8
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
9
+ <ds:Reference>
10
+ <ds:Transforms>
11
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
12
+ <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
13
+ <ds:XPath>not(ancestor-or-self::samlp:Status)</ds:XPath>
14
+ </ds:Transform>
15
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
16
+ <ec:InclusiveNamespaces PrefixList="ds saml samlp xs"/>
17
+ </ds:Transform>
18
+ </ds:Transforms>
19
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
20
+ <ds:DigestValue></ds:DigestValue>
21
+ </ds:Reference>
22
+ </ds:SignedInfo>
23
+ <ds:SignatureValue></ds:SignatureValue>
24
+ </ds:Signature>
25
+ <samlp:Status>
26
+ <samlp:StatusCode/>
27
+ </samlp:Status>
28
+ <samlp:Response ID="_5a88b4aeb1d290c86073874278e5ef302da66739" Version="2.0" IssueInstant="2013-01-17T09:02:44Z">
29
+ <samlp:Status>
30
+ <samlp:StatusCode/>
31
+ </samlp:Status>
32
+ </samlp:Response>
33
+ </samlp:ArtifactResponse>
34
+ </soapenv:Body>
35
+ </soapenv:Envelope>
@@ -0,0 +1,23 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
3
+ <foo:Bar>bar</foo:Bar>
4
+ <ds:Signature>
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
7
+ <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="foo"/>
8
+ </ds:CanonicalizationMethod>
9
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
10
+ <ds:Reference URI="#foo">
11
+ <ds:Transforms>
12
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
13
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
14
+ <ec:InclusiveNamespaces PrefixList="foo"/>
15
+ </ds:Transform>
16
+ </ds:Transforms>
17
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
18
+ <ds:DigestValue></ds:DigestValue>
19
+ </ds:Reference>
20
+ </ds:SignedInfo>
21
+ <ds:SignatureValue></ds:SignatureValue>
22
+ </ds:Signature>
23
+ </foo:Foo>
@@ -0,0 +1,15 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="foo">
3
+ <foo:Bar>bar</foo:Bar>
4
+ <ds:Signature>
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
7
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
8
+ <ds:Reference URI="cid:fooDocument">
9
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
10
+ <ds:DigestValue></ds:DigestValue>
11
+ </ds:Reference>
12
+ </ds:SignedInfo>
13
+ <ds:SignatureValue></ds:SignatureValue>
14
+ </ds:Signature>
15
+ </foo:Foo>
@@ -78,6 +78,30 @@ describe Xmldsig::Reference do
78
78
  expect { malicious_reference.referenced_node }.
79
79
  to raise_error(Xmldsig::Reference::ReferencedNodeNotFound)
80
80
  end
81
+
82
+ context "when the referenced node is prefixed with 'cid:'" do
83
+ let(:document) { Nokogiri::XML::Document.parse File.read("spec/fixtures/unsigned_with_cid_reference.xml") }
84
+ let(:foo_document) { "<test><ing>present</ing></test>" }
85
+ let(:referenced_documents) { { "fooDocument" => foo_document } }
86
+ let(:reference) { Xmldsig::Reference.new(document.at_xpath('//ds:Reference', Xmldsig::NAMESPACES), nil, referenced_documents) }
87
+
88
+ it "has the correct reference_uri" do
89
+ expect(reference.reference_uri).to eq "cid:fooDocument"
90
+ end
91
+
92
+ it "returns the document referenced by the content id" do
93
+ expect(reference.referenced_node).to eq foo_document
94
+ end
95
+
96
+ context "when the document has no referenced_documents matching the referenced name" do
97
+ let(:referenced_documents) { Hash.new }
98
+
99
+ it "raises ReferencedNodeNotFound" do
100
+ expect { reference.referenced_node }.
101
+ to raise_error(Xmldsig::Reference::ReferencedNodeNotFound)
102
+ end
103
+ end
104
+ end
81
105
  end
82
106
 
83
107
  describe "#reference_uri" do
@@ -106,6 +106,7 @@ describe Xmldsig::Signature do
106
106
 
107
107
  it "returns false with the default validation scheme and true with the X509 serial fix scheme" do
108
108
  aggregate_failures do
109
+ break expect(signature.valid?(certificate)).to eq(true) if RUBY_ENGINE == 'jruby'
109
110
  expect { signature.valid?(certificate) }.to raise_error Xmldsig::SchemaError, /is not a valid value of the atomic type 'xs:integer'/
110
111
  expect(signature.valid?(certificate, Xmldsig::XSD_X509_SERIAL_FIX_FILE)).to eq(true)
111
112
  expect(signature.errors).to eql []
@@ -125,6 +125,15 @@ describe Xmldsig::SignedDocument do
125
125
  expect(signed_document.signatures.last.signature_value).to_not be(unsigned_document.signatures.last.signature_value)
126
126
  end
127
127
  end
128
+
129
+ context 'with inclusive namespaces for the signature' do
130
+ let(:unsigned_xml) { File.read("spec/fixtures/unsigned_signature_namespace.xml") }
131
+ let(:signed_xml) { File.read("spec/fixtures/signed_signature_namespace.xml") }
132
+
133
+ it 'canonicalizes and signs correctly' do
134
+ expect(unsigned_document.sign(private_key)).to eq(signed_xml)
135
+ end
136
+ end
128
137
  end
129
138
 
130
139
  describe "Nested Signatures" do
@@ -0,0 +1,18 @@
1
+ require 'spec_helper'
2
+
3
+ describe Xmldsig::Transforms::XPath do
4
+ let(:expected_xpath_query) { "not(ancestor-or-self::samlp:Status)" }
5
+ let(:unsigned_xml) { File.read('spec/fixtures/unsigned/with_xpath_algorithm.xml') }
6
+ let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml) }
7
+ let(:transform_node) { unsigned_document.signatures.first.references.first.transforms[1] }
8
+ subject(:xpath_transform) { described_class.new(unsigned_document.document, transform_node) }
9
+
10
+ it 'reads the xpath' do
11
+ expect(xpath_transform.xpath_query).to eq expected_xpath_query
12
+ end
13
+
14
+ it 'filters out the nodes matching the xpath expression' do
15
+ transformed_node = xpath_transform.transform
16
+ expect(transform_node.children).to all(satisfy { |n| n.xpath(expected_xpath_query, unsigned_document.document.namespaces) })
17
+ end
18
+ end
@@ -81,4 +81,31 @@ describe Xmldsig do
81
81
  end
82
82
  end
83
83
  end
84
+
85
+ describe "Allows passing referenced documents" do
86
+ let(:referenced_documents) { { 'fooDocument' => 'ABC' } }
87
+
88
+ describe "an unsigned document" do
89
+ let(:unsigned_xml) { File.read("spec/fixtures/unsigned_with_cid_reference.xml") }
90
+ let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml, referenced_documents: referenced_documents) }
91
+ let(:signed_document) { unsigned_document.sign(private_key) }
92
+
93
+ it "should be signable an validateable" do
94
+ expect(Xmldsig::SignedDocument.new(signed_document, referenced_documents: referenced_documents).validate(certificate)).to eq(true)
95
+ end
96
+
97
+ it 'should have at least 1 signature element' do
98
+ expect(Xmldsig::SignedDocument.new(signed_document).signatures.count).to be >= 1
99
+ end
100
+ end
101
+
102
+ context "a signed document" do
103
+ let(:signed_xml) { File.read("spec/fixtures/signed_with_cid_reference.xml") }
104
+ let(:signed_document) { Xmldsig::SignedDocument.new(signed_xml, referenced_documents: referenced_documents) }
105
+
106
+ it "should be validateable" do
107
+ expect(signed_document.validate(certificate)).to eq(true)
108
+ end
109
+ end
110
+ end
84
111
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: xmldsig
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.4
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - benoist
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-09-07 00:00:00.000000000 Z
11
+ date: 2022-06-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -55,6 +55,7 @@ files:
55
55
  - lib/xmldsig/transforms/canonicalize.rb
56
56
  - lib/xmldsig/transforms/enveloped_signature.rb
57
57
  - lib/xmldsig/transforms/transform.rb
58
+ - lib/xmldsig/transforms/xpath.rb
58
59
  - lib/xmldsig/version.rb
59
60
  - lib/xmldsig/xmldsig-core-schema-x509-serial-fix.xsd
60
61
  - lib/xmldsig/xmldsig-core-schema.xsd
@@ -69,6 +70,8 @@ files:
69
70
  - spec/fixtures/signed/shib.cert
70
71
  - spec/fixtures/signed/shib.xml
71
72
  - spec/fixtures/signed_custom_attribute_id.xml
73
+ - spec/fixtures/signed_signature_namespace.xml
74
+ - spec/fixtures/signed_with_cid_reference.xml
72
75
  - spec/fixtures/signed_xml-exc-c14n#with_comments.xml
73
76
  - spec/fixtures/unsigned-invalid.xml
74
77
  - spec/fixtures/unsigned-malicious.xml
@@ -86,6 +89,7 @@ files:
86
89
  - spec/fixtures/unsigned/unsigned_nested_signature_at_bottom.xml
87
90
  - spec/fixtures/unsigned/unsigned_nested_signature_at_top.xml
88
91
  - spec/fixtures/unsigned/with_soap_envelope.xml
92
+ - spec/fixtures/unsigned/with_xpath_algorithm.xml
89
93
  - spec/fixtures/unsigned/without_canonicalization.xml
90
94
  - spec/fixtures/unsigned/without_namespace_prefix.xml
91
95
  - spec/fixtures/unsigned/without_reference_uri.xml
@@ -93,11 +97,14 @@ files:
93
97
  - spec/fixtures/unsigned_multiple_references.xml
94
98
  - spec/fixtures/unsigned_nested_signature.xml
95
99
  - spec/fixtures/unsigned_nested_signed_signature.xml
100
+ - spec/fixtures/unsigned_signature_namespace.xml
101
+ - spec/fixtures/unsigned_with_cid_reference.xml
96
102
  - spec/lib/xmldsig/reference_spec.rb
97
103
  - spec/lib/xmldsig/signature_spec.rb
98
104
  - spec/lib/xmldsig/signed_document_spec.rb
99
105
  - spec/lib/xmldsig/transforms/enveloped_signature_spec.rb
100
106
  - spec/lib/xmldsig/transforms/transform_spec.rb
107
+ - spec/lib/xmldsig/transforms/xpath_spec.rb
101
108
  - spec/lib/xmldsig_spec.rb
102
109
  - spec/spec_helper.rb
103
110
  - xmldsig.gemspec
@@ -105,7 +112,7 @@ homepage: https://github.com/benoist/xmldsig
105
112
  licenses:
106
113
  - MIT
107
114
  metadata: {}
108
- post_install_message:
115
+ post_install_message:
109
116
  rdoc_options: []
110
117
  require_paths:
111
118
  - lib
@@ -120,9 +127,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
120
127
  - !ruby/object:Gem::Version
121
128
  version: '0'
122
129
  requirements: []
123
- rubyforge_project:
124
- rubygems_version: 2.5.1
125
- signing_key:
130
+ rubygems_version: 3.3.7
131
+ signing_key:
126
132
  specification_version: 4
127
133
  summary: This gem is a (partial) implementation of the XMLDsig specification (http://www.w3.org/TR/xmldsig-core)
128
134
  test_files:
@@ -136,6 +142,8 @@ test_files:
136
142
  - spec/fixtures/signed/shib.cert
137
143
  - spec/fixtures/signed/shib.xml
138
144
  - spec/fixtures/signed_custom_attribute_id.xml
145
+ - spec/fixtures/signed_signature_namespace.xml
146
+ - spec/fixtures/signed_with_cid_reference.xml
139
147
  - spec/fixtures/signed_xml-exc-c14n#with_comments.xml
140
148
  - spec/fixtures/unsigned-invalid.xml
141
149
  - spec/fixtures/unsigned-malicious.xml
@@ -153,6 +161,7 @@ test_files:
153
161
  - spec/fixtures/unsigned/unsigned_nested_signature_at_bottom.xml
154
162
  - spec/fixtures/unsigned/unsigned_nested_signature_at_top.xml
155
163
  - spec/fixtures/unsigned/with_soap_envelope.xml
164
+ - spec/fixtures/unsigned/with_xpath_algorithm.xml
156
165
  - spec/fixtures/unsigned/without_canonicalization.xml
157
166
  - spec/fixtures/unsigned/without_namespace_prefix.xml
158
167
  - spec/fixtures/unsigned/without_reference_uri.xml
@@ -160,10 +169,13 @@ test_files:
160
169
  - spec/fixtures/unsigned_multiple_references.xml
161
170
  - spec/fixtures/unsigned_nested_signature.xml
162
171
  - spec/fixtures/unsigned_nested_signed_signature.xml
172
+ - spec/fixtures/unsigned_signature_namespace.xml
173
+ - spec/fixtures/unsigned_with_cid_reference.xml
163
174
  - spec/lib/xmldsig/reference_spec.rb
164
175
  - spec/lib/xmldsig/signature_spec.rb
165
176
  - spec/lib/xmldsig/signed_document_spec.rb
166
177
  - spec/lib/xmldsig/transforms/enveloped_signature_spec.rb
167
178
  - spec/lib/xmldsig/transforms/transform_spec.rb
179
+ - spec/lib/xmldsig/transforms/xpath_spec.rb
168
180
  - spec/lib/xmldsig_spec.rb
169
181
  - spec/spec_helper.rb