xmldsig 0.3.2 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/lib/xmldsig/signature.rb +8 -0
  4. data/lib/xmldsig/signed_document.rb +6 -7
  5. data/lib/xmldsig/version.rb +1 -1
  6. data/spec/fixtures/unsigned_nested_signed_signature.xml +1 -3
  7. data/spec/lib/xmldsig/signed_document_spec.rb +20 -5
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9a25ba1df705f0356c2b566cccfe488ed8349f15
4
- data.tar.gz: 63b9cf765ae35c0a8ff18c7004034ced0be392b1
3
+ metadata.gz: f23a822603d9deb9781149f9440df390aa386fc2
4
+ data.tar.gz: 8501502a05a8e89e1c58cabcde2ea86a0dd57dfd
5
5
  SHA512:
6
- metadata.gz: 8a52954081fa6154227cbd7e68ee41c71c6044344e9ccd24b541f30437df13687ca23fb2a0efc4af5f3248b54ac2541e9d14d08016a18ab81557b00f775a6662
7
- data.tar.gz: f7efae54cadb080a881b4b1be9266bed9d800181a4c2cbed41435c6cedeb7089e3cd4971ad1708879070566b2d5f8086c09710d16bed6f1adeba78100e6173b0
6
+ metadata.gz: 60def31b212dc61e5cf32b3062ecc5969106c9ee6555878c1a79463b0de80b002ce7301c1bb38f181adc78ec3d43edd1b2d2fc1fe4f0edc6ca14dd372a6ec018
7
+ data.tar.gz: ca9edf2fe24d1297cd9d64121f1154aa637d5bce0e601b27c3323de16b28e7d2a7e6207b50e9ef5d9cbbd064e961a637234b8f4e41f3e742fccc69f8c7ad158f
data/CHANGELOG.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # Changelog
2
2
 
3
+ v0.4.0 20-11-2015
4
+ - Breaking change: Signing now leaves previously signed signatures in tact. Use Xmldsig::SignedDocument.new(unsigned_xml, force: true) to resign all signatures
5
+
3
6
  v0.3.2 17-11-2015
4
7
  - After signing return the XML the correct way
5
8
 
data/lib/xmldsig/signature.rb CHANGED
@@ -39,6 +39,14 @@ module Xmldsig
39
39
  errors.empty?
40
40
  end
41
41
 
42
+ def signed?
43
+ !unsigned?
44
+ end
45
+
46
+ def unsigned?
47
+ self.signature_value.to_s.empty?
48
+ end
49
+
42
50
  private
43
51
 
44
52
  def canonicalization_method
data/lib/xmldsig/signed_document.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Xmldsig
2
2
  class SignedDocument
3
- attr_accessor :document, :id_attr
3
+ attr_accessor :document, :id_attr, :force
4
4
 
5
5
  def initialize(document, options = {})
6
6
  @document = if document.kind_of?(Nokogiri::XML::Document)
@@ -8,18 +8,17 @@ module Xmldsig
8
8
  else
9
9
  Nokogiri::XML(document, nil, nil, Nokogiri::XML::ParseOptions::STRICT)
10
10
  end
11
- @id_attr = options[:id_attr] if options[:id_attr]
11
+ @id_attr = options[:id_attr] if options[:id_attr]
12
+ @force = options[:force]
12
13
  end
13
14
 
14
15
  def validate(certificate = nil, &block)
15
16
  signatures.any? && signatures.all? { |signature| signature.valid?(certificate, &block) }
16
17
  end
17
18
 
18
- def sign(private_key = nil, instruct = true, root_only = false, &block)
19
- if root_only
20
- signatures.first.sign(private_key, &block)
21
- else
22
- signatures.reverse.each { |signature| signature.sign(private_key, &block) }
19
+ def sign(private_key = nil, instruct = true, &block)
20
+ signatures.reverse.each do |signature|
21
+ signature.sign(private_key, &block) if signature.unsigned? || force
23
22
  end
24
23
 
25
24
  if instruct
data/lib/xmldsig/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Xmldsig
2
- VERSION = '0.3.2'
2
+ VERSION = '0.4.0'
3
3
  end
data/spec/fixtures/unsigned_nested_signed_signature.xml CHANGED
@@ -34,9 +34,7 @@
34
34
  <ds:DigestValue>ftoSYFdze1AWgGHF5N9i9SFKThXkqH2AdyzA3/epbJw=</ds:DigestValue>
35
35
  </ds:Reference>
36
36
  </ds:SignedInfo>
37
- <ds:SignatureValue>E3yyqsSoxRkhYEuaEtR+SLg85gU5B4a7xUXA+d2Zn6j7F6z73dOd8iYHOusB
38
- Ty3C/3ujbmPhHKg8uX9kUE8b+YoOqZt4z9pdxAq44nJEuijwi4doIPpHWirv
39
- BnSoP5IoL0DYzGVrgj8udRzfAw5nNeV7wSrBZEn+yrxmUPJoUZc=</ds:SignatureValue>
37
+ <ds:SignatureValue>ftoSYFdze1AWgGHF5N9i9SFKThXkqH2AdyzA3/epbJw=</ds:SignatureValue>
40
38
  </ds:Signature>
41
39
  </foo:Foo>
42
40
  </baz:Baz>
data/spec/lib/xmldsig/signed_document_spec.rb CHANGED
@@ -28,7 +28,7 @@ describe Xmldsig::SignedDocument do
28
28
  end
29
29
 
30
30
  it "accepts a nokogiri document" do
31
- doc = Nokogiri::XML(unsigned_xml)
31
+ doc = Nokogiri::XML(unsigned_xml)
32
32
  signed_document = described_class.new(doc)
33
33
  signed_document.document.should be_a(Nokogiri::XML::Document)
34
34
  end
@@ -74,9 +74,9 @@ describe Xmldsig::SignedDocument do
74
74
  end
75
75
 
76
76
  it "validates a document with a http://www.w3.org/2001/10/xml-exc-c14n#WithComments transform" do
77
- unsigned_xml_with_comments = File.read("spec/fixtures/signed_xml-exc-c14n#with_comments.xml")
77
+ unsigned_xml_with_comments = File.read("spec/fixtures/signed_xml-exc-c14n#with_comments.xml")
78
78
  unsigned_documents_with_comments = Xmldsig::SignedDocument.new(unsigned_xml_with_comments)
79
- signed_xml_with_comments = unsigned_documents_with_comments.sign(private_key)
79
+ signed_xml_with_comments = unsigned_documents_with_comments.sign(private_key)
80
80
  Xmldsig::SignedDocument.new(signed_xml_with_comments).validate(certificate).should be == true
81
81
  end
82
82
  end
@@ -94,18 +94,33 @@ describe Xmldsig::SignedDocument do
94
94
  Xmldsig::SignedDocument.new(signed_document).validate(certificate).should be == true
95
95
  end
96
96
 
97
- context 'with the root only option' do
97
+ context 'with the force false' do
98
98
  let(:unsigned_xml) { File.read("spec/fixtures/unsigned_nested_signed_signature.xml") }
99
99
  let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml) }
100
100
 
101
- let(:signed_xml) { unsigned_document.sign(private_key, true, true) }
101
+ let(:signed_xml) { unsigned_document.sign(private_key) }
102
102
  let(:signed_document) { Xmldsig::SignedDocument.new(signed_xml) }
103
103
 
104
104
  it 'only signs the root signature and leaves the nested signature intact' do
105
105
  signed_document.signatures.first.valid?(certificate).should be == true
106
+ signed_document.signatures.last.valid?(certificate).should be == false
106
107
  signed_document.signatures.last.signature_value.should be == unsigned_document.signatures.last.signature_value
107
108
  end
108
109
  end
110
+
111
+ context 'with the force true' do
112
+ let(:unsigned_xml) { File.read("spec/fixtures/unsigned_nested_signed_signature.xml") }
113
+ let(:unsigned_document) { Xmldsig::SignedDocument.new(unsigned_xml, force: true) }
114
+
115
+ let(:signed_xml) { unsigned_document.sign(private_key) }
116
+ let(:signed_document) { Xmldsig::SignedDocument.new(signed_xml) }
117
+
118
+ it 'only signs the root signature and leaves the nested signature intact' do
119
+ signed_document.signatures.first.valid?(certificate).should be == true
120
+ signed_document.signatures.last.valid?(certificate).should be == true
121
+ signed_document.signatures.last.signature_value.should be != unsigned_document.signatures.last.signature_value
122
+ end
123
+ end
109
124
  end
110
125
 
111
126
  describe "Nested Signatures" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: xmldsig
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - benoist
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-11-17 00:00:00.000000000 Z
11
+ date: 2015-11-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri