RubyGems - xmlsec - Versions diffs - 0.0.4 → 0.0.5 - Mend

xmlsec 0.0.4 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

data/ext/xmlsec/sign.c CHANGED

@@ -19,7 +19,7 @@ static VALUE xmlsec_sign(VALUE self, xmlDocPtr doc, VALUE key_file, VALUE passwo
   /* create signature template for RSA-SHA1 enveloped signature */
   signNode = xmlSecTmplSignatureCreate( doc,
-                                        xmlSecTransformExclC14NWithCommentsId,
+                                        xmlSecTransformInclC14NWithCommentsId,
                                         xmlSecTransformRsaSha1Id,
                                        NULL
                                       );
@@ -46,7 +46,7 @@ static VALUE xmlsec_sign(VALUE self, xmlDocPtr doc, VALUE key_file, VALUE passwo
   refNode = xmlSecTmplSignatureAddReference(signNode,
                                             xmlSecTransformSha1Id,
                                             NULL,
-                                            NULL,
+                                            "\0",
                                             NULL);
   if(refNode == NULL) {
     if(doc != NULL) xmlFreeDoc(doc);
@@ -76,6 +76,11 @@ static VALUE xmlsec_sign(VALUE self, xmlDocPtr doc, VALUE key_file, VALUE passwo
       rb_raise(rb_eRuntimeError, "Error: failed to add X509Data node\n");
       return Qnil;
     }
+    if(xmlSecTmplKeyInfoAddKeyValue(keyInfoNode) == NULL) {
+      if(doc != NULL) xmlFreeDoc(doc);
+      rb_raise(rb_eRuntimeError, "Error: failed to add KeyValue node\n");
+      return Qnil;
+    }
   }
   /* create signature context, we don't need keys manager in this example */
@@ -162,7 +167,7 @@ static VALUE rb_xmlsec_sign(VALUE self, VALUE template, VALUE key_file, VALUE pa
     rb_raise(rb_eRuntimeError, "Error: unable to parse  template.");
     return Qnil;
   }
-  return xmlsec_sign(self, doc, key_file, password, x509_file,node_name );
+  return xmlsec_sign(self, doc, key_file, password, x509_file, node_name );
 }
@@ -171,4 +176,4 @@ void init_xmlsec_sign() {
   rb_define_singleton_method(mXmlSec, "sign_file", rb_xmlsec_sign_file, 5);
   rb_define_singleton_method(mXmlSec, "sign", rb_xmlsec_sign, 5);
-}
+}

data/ext/xmlsec/verify.c CHANGED

@@ -6,8 +6,10 @@ extern VALUE mXmlSec, cXmlSecError;
 VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file ) {
   xmlSecKeysMngrPtr mngr;
+  VALUE v;
   xmlNodePtr node = NULL;
   xmlSecDSigCtxPtr dsigCtx = NULL;
+  long i;
   mngr = xmlSecKeysMngrCreate();
@@ -23,15 +25,32 @@ VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file )
     rb_raise(rb_eRuntimeError, "Error: failed to initialize keys manager.\n");
     return Qnil;
   }
+  if (TYPE(x509_file) == T_STRING){
+    /* load trusted cert */
+    if(xmlSecCryptoAppKeysMngrCertLoad(mngr, StringValuePtr(x509_file), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
+      if(doc != NULL) xmlFreeDoc(doc);
+      if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
+      rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", StringValuePtr(x509_file));
+      return Qnil;
+    }
+  }
+  if (TYPE(x509_file) == T_ARRAY) {
+    for (i =0; i < RARRAY_LEN(x509_file); i++) {
+      v = rb_ary_entry(x509_file, i);
+      StringValue(v);
+      if(xmlSecCryptoAppKeysMngrCertLoad(mngr, RSTRING_PTR(v), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
+          if(doc != NULL) xmlFreeDoc(doc);
+          if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
+          rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", RSTRING_PTR(v));
+          return Qnil;
+      }
+    }
+    //rb_ary_entry
-  /* load trusted cert */
-  if(xmlSecCryptoAppKeysMngrCertLoad(mngr, StringValuePtr(x509_file), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
-    if(doc != NULL) xmlFreeDoc(doc);
-    if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
-    rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", StringValuePtr(x509_file));
-    return Qnil;
   }
   /* find start node */
   node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
   if(node == NULL) {
@@ -49,6 +68,9 @@ VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file )
     return Qnil;
   }
+    /* limit the Reference URI attributes to empty or NULL */
+  dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
   /* Verify signature */
   if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
     if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
@@ -92,6 +114,7 @@ VALUE xmlsec_is_valid(VALUE self, xmlDocPtr doc) {
     rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
     return Qnil;
   }
+  dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
   /* Verify signature */
   if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
@@ -133,6 +156,7 @@ VALUE xmlsec_is_valid_by_key(VALUE self, xmlDocPtr doc, VALUE key_file ) {
     rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
     return Qnil;
   }
+  dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
   /* load public key */
   dsigCtx->signKey = xmlSecCryptoAppKeyLoad(StringValuePtr(key_file), xmlSecKeyDataFormatPem, NULL, NULL, NULL);
@@ -177,7 +201,7 @@ static VALUE rb_xmlsec_is_valid_file(VALUE self, VALUE template_file, VALUE key_
   doc = xmlParseFile(StringValuePtr(template_file));
   if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)) {
-    rb_raise(rb_eRuntimeError, "Error: unable to parse  template file.");
+    rb_raise(rb_eRuntimeError, "Error: unable to parse template file.");
     return Qnil;
   }
   if (! NIL_P(x509_file)) return xmlsec_is_valid_by_x509_file(self, doc, x509_file );
@@ -187,6 +211,11 @@ static VALUE rb_xmlsec_is_valid_file(VALUE self, VALUE template_file, VALUE key_
 static VALUE rb_xmlsec_is_valid(VALUE self, VALUE template, VALUE key_file, VALUE x509_file ) {
   xmlDocPtr doc;
+  if (TYPE(template) != T_STRING){
+    rb_raise(rb_eRuntimeError, "Error: Wrong template type");
+  }
   doc = xmlReadMemory(
       StringValuePtr(template),
       RSTRING_LEN(template),
@@ -194,13 +223,16 @@ static VALUE rb_xmlsec_is_valid(VALUE self, VALUE template, VALUE key_file, VALU
       NULL,
       0
     );
   if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
-    rb_raise(rb_eRuntimeError, "Error: unable to parse  template.");
+    rb_raise(rb_eRuntimeError, "Error: unable to parse template %s.", StringValuePtr(template));
+    rb_raise(rb_eRuntimeError, "Error: unable to parse template.");
     return Qnil;
   }
   if (! NIL_P(x509_file)) return xmlsec_is_valid_by_x509_file(self, doc, x509_file );
   if (! NIL_P(key_file)) return xmlsec_is_valid_by_key(self, doc, key_file);
-  return xmlsec_is_valid(self, doc);
+  //return xmlsec_is_valid(self, doc);
 }
@@ -209,4 +241,4 @@ void init_xmlsec_verify(){
   rb_define_singleton_method(mXmlSec, "valid_file?", rb_xmlsec_is_valid_file, 3);
   rb_define_singleton_method(mXmlSec, "valid?", rb_xmlsec_is_valid, 3);
-}
+}

data/lib/xmlsec/version.rb CHANGED

@@ -1,3 +1,3 @@
 module XmlSec
-  VERSION = "0.0.4"
+  VERSION = "0.0.5"
 end

data/spec/assets/signed.test.xml CHANGED

@@ -13,9 +13,9 @@
   </Data>
 <Security><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
 <SignedInfo>
-<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
+<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
 <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-<Reference>
+<Reference URI="">
 <Transforms>
 <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 </Transforms>
@@ -23,9 +23,9 @@
 <DigestValue>cWRQ7e5Hp3G/m+AsreGhIefcB0A=</DigestValue>
 </Reference>
 </SignedInfo>
-<SignatureValue>lxGeNKU+RS7T8DsAT+ZlPxO/e0OLiq1tIUiZ1LWYLB3RxACvnre15pNniRCjXRrZ
-He6Kr+0xrqhfQLVPqHi0Gj7z8Ac0sTdICCCxJTzq1YQ2PhSRgXT8TGeXzVI4VIMp
-D0ypoBWhtOLvwaCpiX4mHZ3NjpqbrdNcxVGnoGh5Dm0=</SignatureValue>
+<SignatureValue>VNdXZlm1D88wXUjJq6SaG+BrOTbRZeQRrO1bY/4vvJ0lKAQE2xJ+O/LV6XpVQM+f
+1DhHisEM/rqXgXN1AcT9/jFCakdhGINY7p0y2k2ZjNkZebd43xNJylwP4HCepIVx
+vXo1sUr7/c7Lovb+5sP5aTVD/6vvr6kWQRbhuhrHCjg=</SignatureValue>
 <KeyInfo>
 <X509Data>
 <X509Certificate>MIIB+zCCAWQCCQCNDSfdaw1XODANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJY
@@ -40,5 +40,17 @@ JZKuMzTdOBFMdJABXQ26ik4X5G3oQvLCvvfxqGoci4BnOa2TnxvpRw7g1jekjGxn
 oxAOVnMI6cuAbNe5ydub5YeelyJGrlPEcIs+lm2GkUCRFZd4krVO4r2wptD0KP8a
 5iD8CBI9Bl39pXP7k6pEM1UVPUfxyT/h7I2dpqxp+Q==</X509Certificate>
 </X509Data>
+<KeyValue>
+<RSAKeyValue>
+<Modulus>
+zAkX2JwvyH6hUtXt9g7HAz/GQPe/nexZjGwVOfZtcLVR24wzSqMKUm+t+hsDrngZ
+or7mYbkzrFwWJZKuMzTdOBFMdJABXQ26ik4X5G3oQvLCvvfxqGoci4BnOa2Tnxvp
+Rw7g1jekjGxn393bFgOXJIi0gsjx+hcr20qLdaEnJyc=
+</Modulus>
+<Exponent>
+AQAB
+</Exponent>
+</RSAKeyValue>
+</KeyValue>
 </KeyInfo>
 </Signature></Security></Service>

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: xmlsec
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
   prerelease:
 platform: ruby
 authors:
@@ -12,7 +12,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-05-30 00:00:00.000000000 Z
+date: 2012-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake-compiler