xmldsig 0.2.6 → 0.2.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 96f6cce84663869fcc116f7468d838596f071814
-  data.tar.gz: 4d4c59ff3419b6f450b804a3d7ae00c02a4d7c3e
+  metadata.gz: d8048f4065afca9b20df461f7731e4e40616efd1
+  data.tar.gz: 57000ef34e2df31dbe91635b81fe5456928b4095
 SHA512:
-  metadata.gz: 47df30bf57027840f070b89c7008c0532f5461fb021da00671d149c7e9e4b519c1df39f5d92b574b4addf627ba9a9800dc340a4d417f64359c08c2a1ca60b982
-  data.tar.gz: 33f8d0eaf16ba7cdd032e9f1c2916e38d1d70b1c32fe9722868cf45bd53b7d6663da55361ee294a9dba5517a9ef8398f270f1bc4c44bbe58242cf47cbd5abb2b
+  metadata.gz: 62153a54678fbfe19b71b05211bc8bcb488ce382934868c9c08000fe49793e87871c18cf49f5b5dee5c85bc87c4f4c350fed0dcb5030ed960b0573f28f7262e2
+  data.tar.gz: 9655ca3667ca5011b492a2b858c7c7f9ae3254b433b498e38cbaccca66fa46995c0a1e2844de7c0481b2c7c2e00c2cf7969e28cf35924d19b208ffaa2326ee58

data/lib/xmldsig/reference.rb

@@ -1,13 +1,14 @@
 module Xmldsig
   class Reference
-    attr_accessor :reference, :errors
+    attr_accessor :reference, :errors, :id_attr
 
     class ReferencedNodeNotFound < Exception;
     end
 
-    def initialize(reference)
+    def initialize(reference, id_attr = nil)
       @reference = reference
       @errors    = []
+      @id_attr = id_attr
     end
 
     def document
@@ -21,7 +22,8 @@ module Xmldsig
     def referenced_node
       if reference_uri && reference_uri != ""
         id = reference_uri[1..-1]
-        if ref = document.dup.at_xpath("//*[@ID='#{id}' or @wsu:Id='#{id}']", NAMESPACES)
+        referenced_node_xpath = @id_attr ? "//*[@#{@id_attr}='#{id}']" : "//*[@ID='#{id}' or @wsu:Id='#{id}']"
+        if ref = document.dup.at_xpath(referenced_node_xpath, NAMESPACES)
           ref
         else
           raise(

data/lib/xmldsig/signature.rb

@@ -2,13 +2,14 @@ module Xmldsig
   class Signature
     attr_accessor :signature
 
-    def initialize(signature)
+    def initialize(signature, id_attr = nil)
       @signature = signature
+      @id_attr = id_attr
     end
 
     def references
       @references ||= signature.xpath("descendant::ds:Reference", NAMESPACES).map do |node|
-        Reference.new(node)
+        Reference.new(node, @id_attr)
       end
     end
 
@@ -17,7 +18,7 @@ module Xmldsig
     end
 
     def sign(private_key = nil, &block)
-      references.each(&:sign)
+      references.each { |reference| reference.sign }
       self.signature_value = calculate_signature_value(private_key, &block)
     end
 

data/lib/xmldsig/signed_document.rb

@@ -1,6 +1,6 @@
 module Xmldsig
   class SignedDocument
-    attr_accessor :document
+    attr_accessor :document, :id_attr
 
     def initialize(document, options = {})
       @document = if document.kind_of?(Nokogiri::XML::Document)
@@ -8,6 +8,7 @@ module Xmldsig
       else
         Nokogiri::XML(document, nil, nil, Nokogiri::XML::ParseOptions::STRICT)
       end
+      @id_attr = options[:id_attr] if options[:id_attr]
     end
 
     def validate(certificate = nil, &block)
@@ -24,7 +25,7 @@ module Xmldsig
     end
 
     def signatures
-      document.xpath("//ds:Signature", NAMESPACES).reverse.collect { |node| Signature.new(node) } || []
+      document.xpath("//ds:Signature", NAMESPACES).reverse.collect { |node| Signature.new(node, @id_attr) } || []
     end
   end
 end

data/lib/xmldsig/version.rb

@@ -1,3 +1,3 @@
 module Xmldsig
-  VERSION = '0.2.6'
+  VERSION = '0.2.7'
 end

data/spec/fixtures/signed_custom_attribute_id.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" MyID="foo">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <ds:DigestValue>/GxRLc5AEfTmGlQFGC++jLfhJNE=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>QRr9nX1iGo0OwKsxOMsvoMQ8oWtl5NS9w8JzF3/+DcbLU1oNriaNKM7HixPH
+TQyyPgwn1Ysvyf0twWhiZ7TnPQ71EFcJFKCexGGC6SaChSIIJjnVukmUC6Le
+NdazERYV+QZZV5pmq5EfgW3RfDOinBXsMRuTDR8y1iG6K1gMKws=</ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/fixtures/unsigned_custom_attribute_id.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Foo xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" MyID="foo">
+  <foo:Bar>bar</foo:Bar>
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+      <ds:Reference URI="#foo">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+</foo:Foo>

data/spec/lib/xmldsig/reference_spec.rb

@@ -48,6 +48,16 @@ describe Xmldsig::Reference do
         should == 'foo'
     end
 
+    it "returns the reference node when using a custom id attribute" do
+      node = document.at_xpath('//*[@ID]')
+      node.remove_attribute('ID')
+      node.set_attribute('MyID', 'foo')
+      reference = Xmldsig::Reference.new(document.at_xpath('//ds:Reference', Xmldsig::NAMESPACES), 'MyID')
+
+      reference.referenced_node.to_s.should ==
+        document.at_xpath("//*[@MyID='foo']").to_s
+    end
+
     it "raises ReferencedNodeNotFound when the refenced node is not present" do
       node = document.at_xpath('//*[@ID]')
       node.remove_attribute('ID')

data/spec/lib/xmldsig_spec.rb

@@ -44,4 +44,37 @@ describe Xmldsig do
     end
   end
 
+  describe "Allows specifying a custom id attribute" do
+    context "an unsigned document" do
+      let(:unsigned_xml) { File.read("spec/fixtures/unsigned_custom_attribute_id.xml") }
+      let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml, :id_attr => 'MyID') }
+      let(:signed_document) { unsigned_document.sign(private_key) }
+
+      it "should be signable an validateable" do
+        Xmldsig::SignedDocument.new(signed_document, :id_attr => 'MyID').validate(certificate).should be == true
+      end
+
+      it 'should have a signature element' do
+        Xmldsig::SignedDocument.new(signed_document, :id_attr => 'MyID').signatures.count.should == 1
+      end
+
+      # TODO: remove this verification step when library matures
+      # it 'matches the result from xmlsec1' do
+      #   document = "spec/fixtures/unsigned_custom_attribute_id.xml"
+      #   result = `xmlsec1 --sign --privkey-pem spec/fixtures/key.pem --id-attr:MyID Foo #{document}`
+      #   result.gsub!("\n", '')
+      #   signed_document.gsub!("\n", '')
+      #   result.should == signed_document
+      # end
+    end
+
+    context "a signed document" do
+      let(:signed_xml) { File.read("spec/fixtures/signed_custom_attribute_id.xml") }
+      let(:signed_document) { Xmldsig::SignedDocument.new(signed_xml, :id_attr => 'MyID') }
+
+      it "should be validateable" do
+        signed_document.validate(certificate).should be == true
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: xmldsig
 version: !ruby/object:Gem::Version
-  version: 0.2.6
+  version: 0.2.7
 platform: ruby
 authors:
 - benoist
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-11 00:00:00.000000000 Z
+date: 2015-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -57,6 +57,7 @@ files:
 - spec/fixtures/signed.xml
 - spec/fixtures/signed/ideal.cert
 - spec/fixtures/signed/ideal.txt
+- spec/fixtures/signed_custom_attribute_id.xml
 - spec/fixtures/unsigned.xml
 - spec/fixtures/unsigned/canonicalizer_1_0.xml
 - spec/fixtures/unsigned/canonicalizer_1_1.xml
@@ -66,6 +67,7 @@ files:
 - spec/fixtures/unsigned/without_canonicalization.xml
 - spec/fixtures/unsigned/without_namespace_prefix.xml
 - spec/fixtures/unsigned/without_reference_uri.xml
+- spec/fixtures/unsigned_custom_attribute_id.xml
 - spec/fixtures/unsigned_multiple_references.xml
 - spec/fixtures/unsigned_nested_signature.xml
 - spec/lib/xmldsig/reference_spec.rb
@@ -107,6 +109,7 @@ test_files:
 - spec/fixtures/signed.xml
 - spec/fixtures/signed/ideal.cert
 - spec/fixtures/signed/ideal.txt
+- spec/fixtures/signed_custom_attribute_id.xml
 - spec/fixtures/unsigned.xml
 - spec/fixtures/unsigned/canonicalizer_1_0.xml
 - spec/fixtures/unsigned/canonicalizer_1_1.xml
@@ -116,6 +119,7 @@ test_files:
 - spec/fixtures/unsigned/without_canonicalization.xml
 - spec/fixtures/unsigned/without_namespace_prefix.xml
 - spec/fixtures/unsigned/without_reference_uri.xml
+- spec/fixtures/unsigned_custom_attribute_id.xml
 - spec/fixtures/unsigned_multiple_references.xml
 - spec/fixtures/unsigned_nested_signature.xml
 - spec/lib/xmldsig/reference_spec.rb