xmlsec-ruby 0.0.7b → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/ext/xmlsec/extconf.rb +0 -6
  2. data/ext/xmlsec/simple-xmlsec.c +76 -66
  3. data/ext/xmlsec/simple-xmlsec_wrap.c +4 -4
  4. metadata +9 -12
data/ext/xmlsec/extconf.rb CHANGED
@@ -1,11 +1,5 @@
1
1
  require 'mkmf'
2
2
  if pkg_config('xmlsec1-openssl')
3
- # The rightscale image appears to have incorrect
4
- # pkg-config files - this flag is needed to link against an
5
- # 64-bit libxmlsec1 but isn't included in the pkg-config
6
- if `uname -p`.match 'x86_64'
7
- $CFLAGS += " -DXMLSEC_NO_SIZE_T"
8
- end
9
3
  create_makefile('xmlsec')
10
4
  else
11
5
  puts "xmlsec1 is not installed."
data/ext/xmlsec/simple-xmlsec.c CHANGED
@@ -6,6 +6,8 @@
6
6
  #include <libxml/tree.h>
7
7
  #include <libxml/xmlmemory.h>
8
8
  #include <libxml/parser.h>
9
+ #include <libxml/xpath.h>
10
+ #include <libxml/xpathInternals.h>
9
11
 
10
12
  #include <xmlsec/xmlsec.h>
11
13
  #include <xmlsec/xmltree.h>
@@ -21,74 +23,88 @@ void cleanup(xmlSecDSigCtxPtr dsigCtx) ;
21
23
  int verify_document(xmlDocPtr doc, const char* key);
22
24
  int verify_file(const char* xmlMessage, const char* key);
23
25
  void xmlSecErrorCallback(const char* file, int line, const char* func, const char* errorObject, const char* errorSubject, int reason, const char* msg);
24
- static int
25
- xmlSecAppAddIDAttr(xmlNodePtr node, const xmlChar* attrName, const xmlChar* nodeName, const xmlChar* nsHref) {
26
- xmlAttrPtr attr, tmpAttr;
27
- xmlNodePtr cur;
28
- xmlChar* id;
29
-
30
- if((node == NULL) || (attrName == NULL) || (nodeName == NULL)) {
31
- return(-1);
32
- }
33
-
34
- /* process children first because it does not matter much but does simplify code */
35
- cur = xmlSecGetNextElementNode(node->children);
36
- while(cur != NULL) {
37
- if(xmlSecAppAddIDAttr(cur, attrName, nodeName, nsHref) < 0) {
38
- return(-1);
39
- }
40
- cur = xmlSecGetNextElementNode(cur->next);
41
- }
42
-
43
- /* node name must match */
44
- if(!xmlStrEqual(node->name, nodeName)) {
45
- return(0);
46
- }
47
-
48
- /* if nsHref is set then it also should match */
49
- if((nsHref != NULL) && (node->ns != NULL) && (!xmlStrEqual(nsHref, node->ns->href))) {
50
- return(0);
51
- }
52
-
53
- /* the attribute with name equal to attrName should exist */
54
- for(attr = node->properties; attr != NULL; attr = attr->next) {
55
- if(xmlStrEqual(attr->name, attrName)) {
56
- break;
57
- }
58
- }
59
- if(attr == NULL) {
60
- return(0);
61
- }
62
-
63
- /* and this attr should have a value */
64
- id = xmlNodeListGetString(node->doc, attr->children, 1);
65
- if(id == NULL) {
66
- return(0);
67
- }
68
-
69
- /* check that we don't have same ID already */
70
- tmpAttr = xmlGetID(node->doc, id);
71
- if(tmpAttr == NULL) {
72
- xmlAddID(NULL, node->doc, id, attr);
73
- } else if(tmpAttr != attr) {
74
- fprintf(stderr, "Error: duplicate ID attribute \"%s\"\n", id);
75
- xmlFree(id);
76
- return(-1);
77
- }
78
- xmlFree(id);
79
- return(0);
26
+
27
+ int assign_id_attributes(xmlDocPtr doc) {
28
+ // Assume the ID attribute is one of (ID | Id | id) and tell this to libxml
29
+ xmlXPathContextPtr xpathCtx = xmlXPathNewContext(doc);
30
+ if(xpathCtx == NULL) {
31
+ xmlFreeDoc(doc);
32
+ rb_raise(rb_eRuntimeError,"Error: unable to create new XPath context\n");
33
+ return(-1);
34
+ }
35
+ xmlChar* xpathExpr = "//*[@ID | @Id | @id]";
36
+
37
+ xmlXPathObjectPtr xpathObj = xmlXPathEvalExpression(xpathExpr, xpathCtx);
38
+ if(xpathObj == NULL) {
39
+ xmlXPathFreeContext(xpathCtx);
40
+ xmlFreeDoc(doc);
41
+ rb_raise(rb_eRuntimeError,"Error: unable to evaluate xpath expression \"%s\"\n", xpathExpr);
42
+ return(-1);
43
+ }
44
+ xmlNodeSetPtr nodes = xpathObj->nodesetval;
45
+ int size = (nodes) ? nodes->nodeNr : 0;
46
+ char* idNames[] = {"ID", "Id", "id"};
47
+ xmlAttrPtr attr = NULL, tmp = NULL;
48
+ int i,j;
49
+ for(i = 0; i < size; i++) {
50
+ for(j=0; j<3;j++) {
51
+ tmp = xmlHasProp(nodes->nodeTab[i], idNames[j]);
52
+ if(tmp != NULL)
53
+ attr = tmp;
54
+ }
55
+ if(attr == NULL) {
56
+ xmlXPathFreeContext(xpathCtx);
57
+ return(-1);
58
+ }
59
+ xmlChar* name = xmlNodeListGetString(doc, attr->children, 1);
60
+ if(name == NULL) {
61
+ xmlXPathFreeContext(xpathCtx);
62
+ return(-1);
63
+ }
64
+ xmlAttrPtr tmp = xmlGetID(doc, name);
65
+ if(tmp != NULL) {
66
+ xmlFree(name);
67
+ return 0;
68
+ }
69
+ xmlAddID(NULL, doc, name, attr);
70
+ xmlFree(name);
71
+ }
72
+
73
+ xmlXPathFreeObject(xpathObj);
74
+ xmlXPathFreeContext(xpathCtx);
80
75
  }
76
+
81
77
 
82
78
  /* functions */
79
+
80
+ /*
81
+ * Document-class: Xmlsec
82
+ *
83
+ */
84
+
85
+ /* call-seq:
86
+ * Xmlsec.verify_file(xml_string, pem_certificate_string) -> 0,1
87
+ *
88
+ * Given a raw XML document string and X509 certificate in PEM format,
89
+ * verify the signatures in the document. Returns 0/1 on invalid/valid signature.
90
+ */
83
91
  int verify_file(const char* xmlMessage, const char* key) {
84
92
  xmlDocPtr doc = NULL;
85
93
  /* Init libxml and libxslt libraries */
86
94
  LIBXML_TEST_VERSION
87
95
  xmlSubstituteEntitiesDefault(1);
88
96
  doc = xmlParseDoc((xmlChar *) xmlMessage) ;
89
- return verify_document(doc, key);
97
+ int result = verify_document(doc, key);
98
+ xmlFreeDoc(doc);
99
+ return result;
90
100
  }
91
101
 
102
+ /* call-seq:
103
+ * Xmlsec.verify_document(doc, pem_certificate_string) -> 0,1
104
+ *
105
+ * Given a LibXML::XML::Document object +doc+ and X509 certificate in PEM format,
106
+ * verify the signatures in the document. Returns 0/1 on invalid/valid signature.
107
+ */
92
108
  int verify_document(xmlDocPtr doc, const char* key) {
93
109
  initialize();
94
110
  xmlNodePtr node = NULL;
@@ -96,25 +112,19 @@ int verify_document(xmlDocPtr doc, const char* key) {
96
112
  int res = 0;
97
113
 
98
114
  if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
99
- cleanup(dsigCtx);
100
115
  rb_raise(rb_eRuntimeError, "unable to parse XML document");
101
116
  }
102
117
 
103
118
  /* find start node */
104
119
  node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
105
120
  if(node == NULL) {
106
- cleanup(dsigCtx);
107
121
  rb_raise(rb_eRuntimeError, "could not find start node in XML document");
108
122
  }
109
123
 
110
- xmlNodePtr cur = xmlSecGetNextElementNode(doc->children);
111
- while(cur != NULL) {
112
- if(xmlSecAppAddIDAttr(cur, "ID", "Response", "urn:oasis:names:tc:SAML:2.0:protocol") < 0) {
113
- cleanup(dsigCtx);
114
- rb_raise(rb_eRuntimeError, "could not define ID attribute");
115
- }
116
- cur = xmlSecGetNextElementNode(cur->next);
124
+ if(assign_id_attributes(doc) < 0) {
125
+ rb_raise(rb_eRuntimeError, "Could not find ID attribute in document");
117
126
  }
127
+
118
128
 
119
129
  /* create signature context */
120
130
  dsigCtx = xmlSecDSigCtxCreate(NULL);
data/ext/xmlsec/simple-xmlsec_wrap.c CHANGED
@@ -1,6 +1,6 @@
1
1
  /* ----------------------------------------------------------------------------
2
2
  * This file was automatically generated by SWIG (http://www.swig.org).
3
- * Version 2.0.0
3
+ * Version 2.0.1
4
4
  *
5
5
  * This file is not intended to be easily readable and contains a number of
6
6
  * coding conventions designed to improve portability and efficiency. Do not make
@@ -281,7 +281,7 @@
281
281
  /*
282
282
  Flags/methods for returning states.
283
283
 
284
- The SWIG conversion methods, as ConvertPtr, return and integer
284
+ The SWIG conversion methods, as ConvertPtr, return an integer
285
285
  that tells if the conversion was successful or not. And if not,
286
286
  an error code can be returned (see swigerrors.swg for the codes).
287
287
 
@@ -998,7 +998,7 @@ static VALUE _mSWIG = Qnil;
998
998
 
999
999
  /* Define custom exceptions for errors that do not map to existing Ruby
1000
1000
  exceptions. Note this only works for C++ since a global cannot be
1001
- initialized by a funtion in C. For C, fallback to rb_eRuntimeError.*/
1001
+ initialized by a function in C. For C, fallback to rb_eRuntimeError.*/
1002
1002
 
1003
1003
  SWIGINTERN VALUE
1004
1004
  getNullReferenceError(void) {
@@ -1807,7 +1807,7 @@ static VALUE mXmlsec;
1807
1807
  #define SWIG_RUBY_THREAD_END_BLOCK
1808
1808
 
1809
1809
 
1810
- #define SWIGVERSION 0x020000
1810
+ #define SWIGVERSION 0x020001
1811
1811
  #define SWIG_VERSION SWIGVERSION
1812
1812
 
1813
1813
 
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: xmlsec-ruby
3
3
  version: !ruby/object:Gem::Version
4
- hash: 55
5
- prerelease: 5
4
+ hash: 17
5
+ prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
9
  - 7
10
- - b
11
- version: 0.0.7b
10
+ version: 0.0.7
12
11
  platform: ruby
13
12
  authors:
14
13
  - Victor Lin
@@ -16,11 +15,11 @@ autorequire:
16
15
  bindir: bin
17
16
  cert_chain: []
18
17
 
19
- date: 2011-04-25 00:00:00 -07:00
18
+ date: 2011-04-18 00:00:00 -07:00
20
19
  default_executable:
21
20
  dependencies: []
22
21
 
23
- description: "\txmlsec-ruby is project using SWIG to create ruby bindings\n\
22
+ description: "\txmlsec-ruby is a project using SWIG to create ruby bindings\n\
24
23
  \tfor the xmlsec library (http://www.aleksey.com/xmlsec/). \n"
25
24
  email: victor@coupa.com
26
25
  executables: []
@@ -54,14 +53,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
54
53
  required_rubygems_version: !ruby/object:Gem::Requirement
55
54
  none: false
56
55
  requirements:
57
- - - ">"
56
+ - - ">="
58
57
  - !ruby/object:Gem::Version
59
- hash: 25
58
+ hash: 3
60
59
  segments:
61
- - 1
62
- - 3
63
- - 1
64
- version: 1.3.1
60
+ - 0
61
+ version: "0"
65
62
  requirements: []
66
63
 
67
64
  rubyforge_project: