xmldsig 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c660b351f5875742f3eadd11bee9e6db8cb52c5e
-  data.tar.gz: 9ca1137b37ea2fd0571caf180818f690a387847d
+  metadata.gz: 3839ef55412ec63fe324ff4ff015e997ade606ac
+  data.tar.gz: 2f34485c7c185f7f1e8aa25c0e08ed4532084d18
 SHA512:
-  metadata.gz: bbe25b7ed1e30ff825dac52c101b74dbb3337112c54d539b869460c7833e8a2d19d67801abed19d118f044cfeb9d7689295f74d0496c3a8695f1420e83216ab7
-  data.tar.gz: be13b6062f6d168b5605e3d4048c8b7eb0d5f111d919a9781e95b92abb545eb8d11f3f0ce3ae909ee709ce5cde433532324d27531f0e5eefb41fb133d8af877c
+  metadata.gz: 154d99fbeb8933bbfd89ca6a3d016b955ff3abc0abb71f741c8618f358c87d4dd4f61b99d248159b5b07e415f524236ea3782d761e5284b7ba00be061339f399
+  data.tar.gz: d4cc3f3815fe83f4934a940515ecab57366cee2557eff17ed137f152f5d94827e127d5c0e82f2857d5cc51010edf3324460646e9af470d3b4b2afb3f6d39f16c

data/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+v0.3.1 10-11-2015
+- Added the option to only sign the root signature with the `Xmldsig::SignedDocument#sign` method
+
 v0.2.9 10-07-2015
 - Use variable binding to create a custom XPath (Sean Bryant)
 

data/lib/xmldsig/signed_document.rb

@@ -15,8 +15,12 @@ module Xmldsig
       signatures.any? && signatures.all? { |signature| signature.valid?(certificate, &block) }
     end
 
-    def sign(private_key = nil, instruct = true, &block)
-      signatures.reverse.each { |signature| signature.sign(private_key, &block) }
+    def sign(private_key = nil, instruct = true, root_only = false, &block)
+      if root_only
+        signatures.first.sign(private_key, &block)
+      else
+        signatures.reverse.each { |signature| signature.sign(private_key, &block) }
+      end
       instruct ? @document.to_s : @document.root.to_s
     end
 

data/lib/xmldsig/version.rb

@@ -1,3 +1,3 @@
 module Xmldsig
-  VERSION = '0.3.0'
+  VERSION = '0.3.1'
 end

data/spec/fixtures/unsigned_nested_signed_signature.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<baz:Baz ID="baz" xmlns:foo="http://example.com/foo#" xmlns:baz="http://example.com/baz#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
+  <ds:Signature>
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#baz">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces PrefixList="foo baz"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue></ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue></ds:SignatureValue>
+  </ds:Signature>
+  <foo:Foo ID="foo">
+    <foo:Bar>bar</foo:Bar>
+    <ds:Signature>
+      <ds:SignedInfo>
+        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+        <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+        <ds:Reference URI="#foo">
+          <ds:Transforms>
+            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+              <ec:InclusiveNamespaces PrefixList="foo"/>
+            </ds:Transform>
+          </ds:Transforms>
+          <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+          <ds:DigestValue>ftoSYFdze1AWgGHF5N9i9SFKThXkqH2AdyzA3/epbJw=</ds:DigestValue>
+        </ds:Reference>
+      </ds:SignedInfo>
+      <ds:SignatureValue>E3yyqsSoxRkhYEuaEtR+SLg85gU5B4a7xUXA+d2Zn6j7F6z73dOd8iYHOusB
+  Ty3C/3ujbmPhHKg8uX9kUE8b+YoOqZt4z9pdxAq44nJEuijwi4doIPpHWirv
+  BnSoP5IoL0DYzGVrgj8udRzfAw5nNeV7wSrBZEn+yrxmUPJoUZc=</ds:SignatureValue>
+    </ds:Signature>
+  </foo:Foo>
+</baz:Baz>

data/spec/lib/xmldsig/signed_document_spec.rb

@@ -93,8 +93,20 @@ describe Xmldsig::SignedDocument do
       end
       Xmldsig::SignedDocument.new(signed_document).validate(certificate).should be == true
     end
-  end
 
+    context 'with the root only option' do
+      let(:unsigned_xml) { File.read("spec/fixtures/unsigned_nested_signed_signature.xml") }
+      let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml) }
+
+      let(:signed_xml) { unsigned_document.sign(private_key, true, true) }
+      let(:signed_document) { Xmldsig::SignedDocument.new(signed_xml) }
+
+      it 'only signs the root signature and leaves the nested signature intact' do
+        signed_document.signatures.first.valid?(certificate).should be == true
+        signed_document.signatures.last.signature_value.should be == unsigned_document.signatures.last.signature_value
+      end
+    end
+  end
 
   describe "Nested Signatures" do
     let(:unsigned_xml) { File.read("spec/fixtures/unsigned_nested_signature.xml") }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: xmldsig
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - benoist
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-11-09 00:00:00.000000000 Z
+date: 2015-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -78,6 +78,7 @@ files:
 - spec/fixtures/unsigned_custom_attribute_id.xml
 - spec/fixtures/unsigned_multiple_references.xml
 - spec/fixtures/unsigned_nested_signature.xml
+- spec/fixtures/unsigned_nested_signed_signature.xml
 - spec/lib/xmldsig/reference_spec.rb
 - spec/lib/xmldsig/signature_spec.rb
 - spec/lib/xmldsig/signed_document_spec.rb
@@ -137,6 +138,7 @@ test_files:
 - spec/fixtures/unsigned_custom_attribute_id.xml
 - spec/fixtures/unsigned_multiple_references.xml
 - spec/fixtures/unsigned_nested_signature.xml
+- spec/fixtures/unsigned_nested_signed_signature.xml
 - spec/lib/xmldsig/reference_spec.rb
 - spec/lib/xmldsig/signature_spec.rb
 - spec/lib/xmldsig/signed_document_spec.rb