xmlenc 0.0.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ZTg0OGJjOWQ5MzI1MDU2ZTZlYjk0ODU5NzE1ZjYyMDJhMzZmZmYwNQ==
+  data.tar.gz: !binary |-
+    OTk5OGFmZWM2NTNmMmUzNGQxNDE4NjgyZTlkMWUwNWQ4MWMzZGYxNw==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    NmY0ZGQyMTZjNzk2N2E5NzQ1M2I5MTUyNzBhZDhiYWQwYjE3ZGM4ZDhlZTBj
+    ODY5MjJhNzVmZGFjZTE1Yzk2YjZjZGM1ZTlkZmZlNzY1ZWJhMjY2NWM4NjI0
+    OWYzNTBkMTE4ZDNlOTU2MThlNzAwNzk2MmEyNWY4ZWEzNDFjMDM=
+  data.tar.gz: !binary |-
+    ZjNlZTYxMTQ1ZGM4YjdjODcyNTdkNTkxMDhiZTJkYjA5YmMxOWJkZGVmNzFh
+    MjkwODNkNTBhMjY2NTg5MGI1OGVhMzBlZmJjZWEwYTQxODI0ZjYwOWVmYWI2
+    YWVjZjk2MDFiMjZhNmNlMTc1MDY3MTViMWU5MGYxOTkwOWYyOWQ=

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.idea

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in xmlenc.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Benoist
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Xmlenc
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'xmlenc'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install xmlenc
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/xmlenc.rb

@@ -0,0 +1,25 @@
+require 'xmlenc/version'
+require 'openssl'
+require 'base64'
+require 'nokogiri'
+
+module Xmlenc
+  NAMESPACES = {
+      xenc: 'http://www.w3.org/2001/04/xmlenc#',
+      ds:   'http://www.w3.org/2000/09/xmldsig#'
+  }
+
+  class UnsupportedError < StandardError
+  end
+
+  module Algorithms
+    autoload :Rsa15, 'xmlenc/algorithms/rsa_15'
+    autoload :RsaOaepMgf1p, 'xmlenc/algorithms/rsa_oaep_mgf1p'
+    autoload :DES3CBC, 'xmlenc/algorithms/des3_cbc'
+    autoload :AESCBC, 'xmlenc/algorithms/aes_cbc'
+  end
+
+  autoload :EncryptedDocument, 'xmlenc/encrypted_document'
+  autoload :EncryptedData, 'xmlenc/encrypted_data'
+  autoload :EncryptedKey, 'xmlenc/encrypted_key'
+end

data/lib/xmlenc/algorithms/aes_cbc.rb

@@ -0,0 +1,38 @@
+module Xmlenc
+  module Algorithms
+    class AESCBC
+      class << self
+        def [](size)
+          new(size)
+        end
+      end
+
+      def initialize(size)
+        @size = size
+      end
+
+      def setup(key)
+        @key = key
+        self
+      end
+
+      def decrypt(cipher_value, options = {})
+        cipher.decrypt
+        cipher.key = @key
+        cipher.iv  = cipher_value[0...iv_len]
+        result     = cipher.update(cipher_value[iv_len..-1])
+        result << cipher.final
+      end
+
+      private
+
+      def iv_len
+        cipher.iv_len
+      end
+
+      def cipher
+        @cipher ||= OpenSSL::Cipher::Cipher.new("aes-#{@size}-cbc")
+      end
+    end
+  end
+end

data/lib/xmlenc/algorithms/des3_cbc.rb

@@ -0,0 +1,31 @@
+module Xmlenc
+  module Algorithms
+    class DES3CBC
+      def self.setup(key)
+        new(key)
+      end
+
+      def initialize(key)
+        @key = key
+      end
+
+      def decrypt(cipher_value, options = {})
+        cipher.decrypt
+        cipher.key = @key
+        cipher.iv  = cipher_value[0...iv_len]
+        result     = cipher.update(cipher_value[iv_len..-1])
+        result << cipher.final
+      end
+
+      private
+
+      def iv_len
+        cipher.iv_len
+      end
+
+      def cipher
+        @cipher ||= OpenSSL::Cipher::Cipher.new('des-ede3-cbc')
+      end
+    end
+  end
+end

data/lib/xmlenc/algorithms/rsa_15.rb

@@ -0,0 +1,13 @@
+module Xmlenc
+  module Algorithms
+    class Rsa15
+      def initialize(key)
+        @key = key
+      end
+
+      def decrypt(cipher_value, options = {})
+        @key.private_decrypt(cipher_value)
+      end
+    end
+  end
+end

data/lib/xmlenc/algorithms/rsa_oaep_mgf1p.rb

@@ -0,0 +1,25 @@
+module Xmlenc
+  module Algorithms
+    class RsaOaepMgf1p
+      DIGEST_METHODS = %w(http://www.w3.org/2000/09/xmldsig#sha1)
+
+      def initialize(key)
+        @key = key
+      end
+
+      def decrypt(cipher_value, options = {})
+        verify_algorithm(options[:node])
+        @key.private_decrypt(cipher_value, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+      end
+
+      private
+
+      def verify_algorithm(node)
+        digest_method = node.at_xpath('./ds:DigestMethod', NAMESPACES)['Algorithm']
+        unless DIGEST_METHODS.include? digest_method
+          raise UnsupportedError.new("RSA OEAP MGF1P unsupported digest method #{digest_method}")
+        end
+      end
+    end
+  end
+end

data/lib/xmlenc/encrypted_data.rb

@@ -0,0 +1,44 @@
+module Xmlenc
+  class EncryptedData
+    ALGORITHMS = {
+        'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' => Algorithms::DES3CBC,
+        'http://www.w3.org/2001/04/xmlenc#aes128-cbc'    => Algorithms::AESCBC[128],
+        'http://www.w3.org/2001/04/xmlenc#aes256-cbc'    => Algorithms::AESCBC[256]
+    }
+
+    attr_accessor :node
+
+    def initialize(node)
+      @node = node
+    end
+
+    def document
+      @node.document
+    end
+
+    def encryption_method
+      at_xpath('./xenc:EncryptionMethod')
+    end
+
+    def cipher_value
+      at_xpath('./xenc:CipherData/xenc:CipherValue').content.gsub(/[\n\s]/, '')
+    end
+
+    def decrypt(key)
+      decryptor = algorithm.setup(key)
+      decryptor.decrypt(Base64.decode64(cipher_value), node: encryption_method)
+    end
+
+    private
+
+    def at_xpath(xpath)
+      @node.at_xpath(xpath, NAMESPACES)
+    end
+
+    def algorithm
+      algorithm = encryption_method['Algorithm']
+      ALGORITHMS[algorithm] ||
+          raise(UnsupportedError.new("Unsupported encryption method #{algorithm}"))
+    end
+  end
+end

data/lib/xmlenc/encrypted_document.rb

@@ -0,0 +1,28 @@
+module Xmlenc
+  class EncryptedDocument
+    attr_accessor :xml
+
+    def initialize(xml)
+      @xml = xml
+    end
+
+    def document
+      @document = Nokogiri::XML::Document.parse(xml)
+    end
+
+    def encrypted_keys
+      document.xpath('//xenc:EncryptedKey', NAMESPACES).collect { |n| EncryptedKey.new(n) }
+    end
+
+    def decrypt(key)
+      encrypted_keys.each do |encrypted_key|
+        encrypted_data = encrypted_key.encrypted_data
+
+        data_key       = encrypted_key.decrypt(key)
+        decrypted_data = encrypted_data.decrypt(data_key)
+        encrypted_data.node.replace(decrypted_data)
+      end
+      @document.to_xml
+    end
+  end
+end

data/lib/xmlenc/encrypted_key.rb

@@ -0,0 +1,53 @@
+module Xmlenc
+  class EncryptedKey
+    ALGORITHMS = {
+        'http://www.w3.org/2001/04/xmlenc#rsa-1_5'        => Algorithms::Rsa15,
+        'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' => Algorithms::RsaOaepMgf1p
+    }
+
+    def initialize(node)
+      @node = node
+    end
+
+    def document
+      @node.document
+    end
+
+    def encryption_method
+      at_xpath('./xenc:EncryptionMethod')
+    end
+
+    def encrypted_data
+      EncryptedData.new(referenced_node)
+    end
+
+    def cipher_value
+      at_xpath('./xenc:CipherData/xenc:CipherValue').content.gsub(/[\n\s]/, '')
+    end
+
+    def decrypt(key)
+      decryptor = algorithm.new(key)
+      decryptor.decrypt(Base64.decode64(cipher_value), node: encryption_method)
+    end
+
+    private
+
+    def referenced_node
+      document.at_xpath("//xenc:EncryptedData[@Id='#{reference_uri}']", NAMESPACES)
+    end
+
+    def reference_uri
+      at_xpath('./xenc:ReferenceList/xenc:DataReference')['URI'][1..-1]
+    end
+
+    def at_xpath(xpath)
+      @node.at_xpath(xpath, NAMESPACES)
+    end
+
+    def algorithm
+      algorithm = encryption_method['Algorithm']
+      ALGORITHMS[algorithm] ||
+          raise(UnsupportedError.new("Unsupported encryption method #{algorithm}"))
+    end
+  end
+end

data/lib/xmlenc/version.rb

@@ -0,0 +1,3 @@
+module Xmlenc
+  VERSION = "0.0.1"
+end

data/spec/fixtures/encrypted_document.xml

@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+  <Name>John Smith</Name>
+  <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+    <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+      <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>my-rsa-key</ds:KeyName>
+          <ds:X509Data>
+            <ds:X509Certificate>
+              MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+              CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+              U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+              IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+              MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+              CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+              MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+              BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+              AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+              Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+              xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+              ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+              +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+              W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+              HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+              ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+              OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+              WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+              p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+              O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+              kKO/vB9Ay64Rt88XbLnnGns=
+            </ds:X509Certificate>
+          </ds:X509Data>
+        </ds:KeyInfo>
+        <CipherData>
+          <CipherValue>
+            cCxxYh3xGBTqlXbhmKxWzNMlHeE28E7vPrMyM5V4T+t1Iy2csj1BoQ7cqBjEhqEy
+            Eot4WNRYsY7P44mWBKurj2mdWQWgoxHvtITP9AR3JTMxUo3TF5ltW76DLDsEvWlE
+            uZKam0PYj6lYPKd4npUULeZyR/rDRrth/wFIBD8vbQlUsBHapNT9MbQfSKZemOuT
+            UJL9PNgsosySpKrX564oQw398XsxfTFxi4hqbdqzA/CLL418X01hUjIHdyv6XnA2
+            98Bmfv9WMPpX05udR4raDv5X8NWxjH00hAhasM3qumxoyCT6mAGfqvE23I+OXtrN
+            lUvE9mMjANw4zweCHsOcfw==
+          </CipherValue>
+        </CipherData>
+        <ReferenceList>
+          <DataReference URI="#ED"/>
+        </ReferenceList>
+      </EncryptedKey>
+    </ds:KeyInfo>
+    <CipherData>
+      <CipherValue>
+        u2vogkwlvFqeknJ0lYTBZkWS/eX8LR1fDPFMfyK1/UY0EyZfHvbONfDHcC/HLv/f
+        aAOOO2Y0GqsknP0LYT1OznkiJrzx134cmJCgbyrYXd3Mp21Pq3rs66JJ34Qt3/+I
+        EyJBUSMT8TdT3fBD44BtOqH2op/hy2g3hQPFZul4GiHBEnNJL/4nU1yad3bMvtAB
+        mzhx80lJvPGLcruj5V77WMvkvZfoeEqMq4qPWK02ZURsJsq0iZcJDi39NB7OCiON
+      </CipherValue>
+    </CipherData>
+  </EncryptedData>
+</PaymentInfo>

data/spec/fixtures/key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnkFwp4y9Zn
+rGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7JxMG7z+hE
+B1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/AZD8Ub/kB
+GOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH+YPjRgLC
+QfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikWW5yiWUmB
+ya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABAoIBAFK+PIiC4hqTBNjj
+WOrPwNH3WmmgS8jPXOp54NzF1+bbfErj+BGMvDRy8oMDUxF72qgujD/Y3canWQcl
+55Yc04/gIGZNYHNotUUx2M21tTIPcuZvRWjxsi57ILj/DHmQsJyX+dcqDtuE7KU7
+dtlwvyZ8koWRpOg9YZDKLpo1m2ET0RjyNEm9fvt6m3ZwSawA9Yu0xSVvVIukNIl7
+eimQzBYeGQwGwhMgMoybQWjwIOpnbvcRfT/iAh9n/AyXcjtOMGwWhifjel+U1XMM
+hrcL3mA5xb+gGQpZ7TToTfmOEJeVCh9BRKpgniH4JVClhiTOeN4VTLZYg/BGmGTj
+rEZKX4ECgYEAigDXtsEns9+QVsQKYolI/GE0Edkd1OkyGw11N3YIMNNzOotcDKoU
+0/Jt1hI7NaWRgi9/LyphmEM/dBaNnrNW6GPIETSjUQ9FuK2LywkNUiM2D+UFsLlq
+EJ4S50/7kdXOC3t9rm9tiIPyqwJKNxRmyAAKfiRbYiEtqqR5zdGXcBECgYEA8ZoG
+xTcXI7pqmkWcI87siHhth1jFCGv3EMwAeIy4tk4HBkxjZoBy/hU2mxviYPhuFEPj
+JTKEbiQRebVLwaTJxs543deGQ1shdVHT1005wyGyhuIVXYC56Xhu+8B2y32650/X
+wRTSUXxP/eQ+Qb2MeDPZ0XgpHhU74Za4F812eE8CgYABNwqvKDoyQjiiGu3Aelbz
+KePseE3j7v2q8U5j450k2Oe9zzZLQkAWsZ638McmrMOAMuzavHPJhGYNnpk2mXud
+Zit/w0fg0dKaUqTVb8n3PCogr7KCIM/HP60I7lJXsVs0DK1JmN+NASRkzwtaOsrA
+3gc5nxZS4dnmE7ai0kKUEQKBgEfA/xHDctPhoZd/5QedhRJi8eSosJv3tMEAVYN4
+B8PdGKj+NudSbtSXaEhY17sFDWxnXSbHAh3UCHylI4K3dlXdLHh2ciG/BwjY7Jmd
+DfKuJ1939fB3Mr/sTMnoN1/oT4IzbFij3nLlALze9L6BlR5+B8r2bP/KPqaZJMOs
++epxAoGAdV6yhdRcUrSBg6e8Q2f1or7LeYzi6xWjf1RRjqPOgf6VB/xiMmF6RnZK
+uRUzK9ieRnAhtDFJTS1nPbfVLPSsASzxAaGQGdZ3AsHD4jp03jCyKtBaPKdDzeVr
+rrIYPcyZ4OBeoFWUvzlDEtEcqJc3ONwpNWal7nhKEbb/AjqFmpg=
+-----END RSA PRIVATE KEY-----