xmldsig 0.6.1 → 0.6.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +2 -0
  3. data/lib/xmldsig/reference.rb +6 -4
  4. data/lib/xmldsig/version.rb +1 -1
  5. data/spec/fixtures/unsigned-invalid.xml +21 -0
  6. data/spec/fixtures/unsigned-xmlenc-sha1.xml +21 -0
  7. data/spec/lib/xmldsig/reference_spec.rb +12 -5
  8. metadata +6 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 24b0b911fc3ff8735e115e84958d7ed67cb30201
4
- data.tar.gz: 4216c7d6b5a608c9e0e6f60af86a2b3abaaedb0d
3
+ metadata.gz: ea438669a6cdd47452ce9ec1554ec4b45cbd2f99
4
+ data.tar.gz: df71150ef40324eb26842dae1c3651000d7e4608
5
5
  SHA512:
6
- metadata.gz: 526a3a043f0040e45dbcca923a1b7311fa760e435ef997200bdbbb1be91dd09a83614f4ee97c7dd3a5ff27cbeae438c10b3e86d6a898e8fafd17a1103abf05ae
7
- data.tar.gz: f23638284559286c0665a76f9104ad909b5e3401caf019f4695843348fa3a88bb8de67ebf2d4b575b74b88f2675877e25628cc202f2c151e79385858ce9d208e
6
+ metadata.gz: 08a8db423fede0282b26616d7ff75db36bfee05e00e3e9a4d9b71b56192b7f6d1a62e5a5a6234566044d1dd21bc5b8795a3e7950ca94c181a99f83bebc1152f6
7
+ data.tar.gz: 7803d8c5e39bb1fb3bfb1b63ff2a5942c1f96f26a0f8e6f6f0ec47073b2538d2d8cecda8a56fb7e5ec323fd7f1da1b6c3c3bde2f555c4945ebb621f5eb7749eb
data/CHANGELOG.md CHANGED
@@ -1,4 +1,6 @@
1
1
  # Changelog
2
+ v0.6.2
3
+ - Allowing other DigestMethod namespaces
2
4
 
3
5
  v0.6.1
4
6
  - Using strict base64 encoding
data/lib/xmldsig/reference.rb CHANGED
@@ -57,13 +57,15 @@ module Xmldsig
57
57
 
58
58
  def digest_method
59
59
  algorithm = reference.at_xpath("descendant::ds:DigestMethod", NAMESPACES).get_attribute("Algorithm")
60
- case algorithm
61
- when "http://www.w3.org/2001/04/xmlenc#sha512"
60
+ case algorithm =~ /sha(.*?)$/i && $1.to_i
61
+ when 512
62
62
  Digest::SHA512
63
- when "http://www.w3.org/2001/04/xmlenc#sha256"
63
+ when 256
64
64
  Digest::SHA256
65
- when "http://www.w3.org/2000/09/xmldsig#sha1"
65
+ when 1
66
66
  Digest::SHA1
67
+ else
68
+ Digest::SHA256
67
69
  end
68
70
  end
69
71
 
data/lib/xmldsig/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Xmldsig
2
- VERSION = '0.6.1'
2
+ VERSION = '0.6.2'
3
3
  end
data/spec/fixtures/unsigned-invalid.xml ADDED
@@ -0,0 +1,21 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
3
+ <foo:Bar>bar</foo:Bar>
4
+ <ds:Signature>
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
7
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
8
+ <ds:Reference URI="#foo">
9
+ <ds:Transforms>
10
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
11
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
12
+ <ec:InclusiveNamespaces PrefixList="foo"/>
13
+ </ds:Transform>
14
+ </ds:Transforms>
15
+ <ds:DigestMethod Algorithm="invalid"/>
16
+ <ds:DigestValue></ds:DigestValue>
17
+ </ds:Reference>
18
+ </ds:SignedInfo>
19
+ <ds:SignatureValue></ds:SignatureValue>
20
+ </ds:Signature>
21
+ </foo:Foo>
data/spec/fixtures/unsigned-xmlenc-sha1.xml ADDED
@@ -0,0 +1,21 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
3
+ <foo:Bar>bar</foo:Bar>
4
+ <ds:Signature>
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
7
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
8
+ <ds:Reference URI="#foo">
9
+ <ds:Transforms>
10
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
11
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
12
+ <ec:InclusiveNamespaces PrefixList="foo"/>
13
+ </ds:Transform>
14
+ </ds:Transforms>
15
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
16
+ <ds:DigestValue></ds:DigestValue>
17
+ </ds:Reference>
18
+ </ds:SignedInfo>
19
+ <ds:SignatureValue></ds:SignatureValue>
20
+ </ds:Signature>
21
+ </foo:Foo>
data/spec/lib/xmldsig/reference_spec.rb CHANGED
@@ -83,21 +83,28 @@ describe Xmldsig::Reference do
83
83
  end
84
84
  end
85
85
 
86
- ["sha1", "sha256", "sha512"].each do |algorithm|
86
+ ["xmlenc-sha1", "sha1", "sha256", "sha512"].each do |algorithm|
87
87
  describe "digest method #{algorithm}" do
88
88
  let(:document) { Nokogiri::XML::Document.parse File.read("spec/fixtures/unsigned-#{algorithm}.xml") }
89
89
  let(:reference) { Xmldsig::Reference.new(document.at_xpath('//ds:Reference', Xmldsig::NAMESPACES)) }
90
90
 
91
91
  it "uses the correct digest algorithm" do
92
- case algorithm
93
- when "sha512"
92
+ match = algorithm.match(/\d+/)[0].to_i
93
+ case match
94
+ when 512
94
95
  reference.digest_method.should == Digest::SHA512
95
- when "sha256"
96
+ when 256
96
97
  reference.digest_method.should == Digest::SHA256
97
- when "sha1"
98
+ when 1
98
99
  reference.digest_method.should == Digest::SHA1
99
100
  end
100
101
  end
101
102
  end
102
103
  end
104
+
105
+ it 'defaults to SHA256 for invalid algorithms' do
106
+ document = Nokogiri::XML::Document.parse(IO.read("spec/fixtures/unsigned-invalid.xml"))
107
+ reference = Xmldsig::Reference.new(document.at_xpath('//ds:Reference', Xmldsig::NAMESPACES))
108
+ reference.digest_method.should == Digest::SHA256
109
+ end
103
110
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: xmldsig
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.6.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - benoist
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-11-03 00:00:00.000000000 Z
11
+ date: 2016-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -63,11 +63,13 @@ files:
63
63
  - spec/fixtures/signed/shib.xml
64
64
  - spec/fixtures/signed_custom_attribute_id.xml
65
65
  - spec/fixtures/signed_xml-exc-c14n#with_comments.xml
66
+ - spec/fixtures/unsigned-invalid.xml
66
67
  - spec/fixtures/unsigned-malicious.xml
67
68
  - spec/fixtures/unsigned-sha1.xml
68
69
  - spec/fixtures/unsigned-sha256.xml
69
70
  - spec/fixtures/unsigned-sha384.xml
70
71
  - spec/fixtures/unsigned-sha512.xml
72
+ - spec/fixtures/unsigned-xmlenc-sha1.xml
71
73
  - spec/fixtures/unsigned.xml
72
74
  - spec/fixtures/unsigned/canonicalizer_1_0.xml
73
75
  - spec/fixtures/unsigned/canonicalizer_1_1.xml
@@ -127,11 +129,13 @@ test_files:
127
129
  - spec/fixtures/signed/shib.xml
128
130
  - spec/fixtures/signed_custom_attribute_id.xml
129
131
  - spec/fixtures/signed_xml-exc-c14n#with_comments.xml
132
+ - spec/fixtures/unsigned-invalid.xml
130
133
  - spec/fixtures/unsigned-malicious.xml
131
134
  - spec/fixtures/unsigned-sha1.xml
132
135
  - spec/fixtures/unsigned-sha256.xml
133
136
  - spec/fixtures/unsigned-sha384.xml
134
137
  - spec/fixtures/unsigned-sha512.xml
138
+ - spec/fixtures/unsigned-xmlenc-sha1.xml
135
139
  - spec/fixtures/unsigned.xml
136
140
  - spec/fixtures/unsigned/canonicalizer_1_0.xml
137
141
  - spec/fixtures/unsigned/canonicalizer_1_1.xml