xmlsec 0.0.1

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in xmlsec.gemspec
+gemspec

data/README.md

@@ -0,0 +1,4 @@
+xmlsec
+======
+
+xmlsec

data/Rakefile

@@ -0,0 +1,4 @@
+require "bundler/gem_tasks"
+
+require 'rake'
+Dir['tasks/*.rake'].sort.each { |f| load f }

data/ext/xmlsec/Makefile

@@ -0,0 +1,213 @@
+
+SHELL = /bin/sh
+
+# V=0 quiet, V=1 verbose.  other values don't work.
+V = 0
+Q1 = $(V:1=)
+Q = $(Q1:0=@)
+n=$(NULLCMD)
+ECHO1 = $(V:1=@$n)
+ECHO = $(ECHO1:0=@echo)
+
+#### Start of system configuration section. ####
+
+srcdir = .
+topdir = /usr/local/include/ruby-1.9.1
+hdrdir = /usr/local/include/ruby-1.9.1
+arch_hdrdir = /usr/local/include/ruby-1.9.1/$(arch)
+VPATH = $(srcdir):$(arch_hdrdir)/ruby:$(hdrdir)/ruby
+prefix = $(DESTDIR)/usr/local
+rubylibprefix = $(libdir)/$(RUBY_BASE_NAME)
+exec_prefix = $(prefix)
+vendorhdrdir = $(rubyhdrdir)/vendor_ruby
+sitehdrdir = $(rubyhdrdir)/site_ruby
+rubyhdrdir = $(includedir)/$(RUBY_BASE_NAME)-$(ruby_version)
+vendordir = $(rubylibprefix)/vendor_ruby
+sitedir = $(rubylibprefix)/site_ruby
+ridir = $(datarootdir)/$(RI_BASE_NAME)
+mandir = $(datarootdir)/man
+localedir = $(datarootdir)/locale
+libdir = $(exec_prefix)/lib
+psdir = $(docdir)
+pdfdir = $(docdir)
+dvidir = $(docdir)
+htmldir = $(docdir)
+infodir = $(datarootdir)/info
+docdir = $(datarootdir)/doc/$(PACKAGE)
+oldincludedir = $(DESTDIR)/usr/include
+includedir = $(prefix)/include
+localstatedir = $(prefix)/var
+sharedstatedir = $(prefix)/com
+sysconfdir = $(prefix)/etc
+datadir = $(datarootdir)
+datarootdir = $(prefix)/share
+libexecdir = $(exec_prefix)/libexec
+sbindir = $(exec_prefix)/sbin
+bindir = $(exec_prefix)/bin
+rubylibdir = $(rubylibprefix)/$(ruby_version)
+archdir = $(rubylibdir)/$(arch)
+sitelibdir = $(sitedir)/$(ruby_version)
+sitearchdir = $(sitelibdir)/$(sitearch)
+vendorlibdir = $(vendordir)/$(ruby_version)
+vendorarchdir = $(vendorlibdir)/$(sitearch)
+
+NULLCMD = :
+
+CC = gcc
+CXX = g++
+LIBRUBY = $(LIBRUBY_A)
+LIBRUBY_A = lib$(RUBY_SO_NAME)-static.a
+LIBRUBYARG_SHARED = -Wl,-R -Wl,$(libdir) -L$(libdir) 
+LIBRUBYARG_STATIC = -Wl,-R -Wl,$(libdir) -L$(libdir) -l$(RUBY_SO_NAME)-static
+OUTFLAG = -o 
+COUTFLAG = -o 
+
+RUBY_EXTCONF_H = 
+cflags   =  $(optflags) $(debugflags) $(warnflags)
+optflags = -O3
+debugflags = -ggdb
+warnflags = -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wimplicit-function-declaration
+CFLAGS   = -fPIC $(cflags) -DXMLSEC_CRYPTO=\"openssl\" -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1, -DXMLSEC_OPENSSL_098=1 -DXMLSEC_CRYPTO_OPENSSL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2   
+INCFLAGS = -I. -I$(arch_hdrdir) -I$(hdrdir)/ruby/backward -I$(hdrdir) -I$(srcdir)
+DEFS     = -D_FILE_OFFSET_BITS=64
+CPPFLAGS =   $(DEFS) $(cppflags)
+CXXFLAGS = $(CFLAGS) $(cxxflags)
+ldflags  = -L.  -rdynamic -Wl,-export-dynamic 
+dldflags = 
+ARCH_FLAG = 
+DLDFLAGS = $(ldflags) $(dldflags)
+LDSHARED = $(CC) -shared
+LDSHAREDXX = $(CXX) -shared
+AR = ar
+EXEEXT = 
+
+RUBY_BASE_NAME = ruby
+RUBY_INSTALL_NAME = ruby
+RUBY_SO_NAME = ruby
+arch = i686-linux
+sitearch = $(arch)
+ruby_version = 1.9.1
+ruby = /usr/local/bin/ruby
+RUBY = $(ruby)
+RM = rm -f
+RM_RF = $(RUBY) -run -e rm -- -rf
+RMDIRS = rmdir --ignore-fail-on-non-empty -p
+MAKEDIRS = /bin/mkdir -p
+INSTALL = /usr/bin/install -c
+INSTALL_PROG = $(INSTALL) -m 0755
+INSTALL_DATA = $(INSTALL) -m 644
+COPY = cp
+
+#### End of system configuration section. ####
+
+preload = 
+
+libpath = . $(libdir)
+LIBPATH =  -L. -L$(libdir) -Wl,-R$(libdir)
+DEFFILE = 
+
+CLEANFILES = mkmf.log
+DISTCLEANFILES = 
+DISTCLEANDIRS = 
+
+extout = 
+extout_prefix = 
+target_prefix = /xmlsec
+LOCAL_LIBS = 
+LIBS =   -lxmlsec1-openssl -lxmlsec1 -lltdl -lssl -lcrypto -ldl -lxslt -lz -lm -lxml2   -lpthread -lrt -ldl -lcrypt -lm   -lc
+SRCS = sign.c xmlsec_ext.c verify.c
+OBJS = sign.o xmlsec_ext.o verify.o
+TARGET = xmlsec_ext
+DLLIB = $(TARGET).so
+EXTSTATIC = 
+STATIC_LIB = 
+
+BINDIR        = $(bindir)
+RUBYCOMMONDIR = $(sitedir)$(target_prefix)
+RUBYLIBDIR    = $(sitelibdir)$(target_prefix)
+RUBYARCHDIR   = $(sitearchdir)$(target_prefix)
+HDRDIR        = $(rubyhdrdir)/ruby$(target_prefix)
+ARCHHDRDIR    = $(rubyhdrdir)/$(arch)/ruby$(target_prefix)
+
+TARGET_SO     = $(DLLIB)
+CLEANLIBS     = $(TARGET).so 
+CLEANOBJS     = *.o  *.bak
+
+all:    $(DLLIB)
+static: $(STATIC_LIB)
+.PHONY: all install static install-so install-rb
+.PHONY: clean clean-so clean-rb
+
+clean-rb-default::
+clean-rb::
+clean-so::
+clean: clean-so clean-rb-default clean-rb
+		@-$(RM) $(CLEANLIBS) $(CLEANOBJS) $(CLEANFILES)
+
+distclean-rb-default::
+distclean-rb::
+distclean-so::
+distclean: clean distclean-so distclean-rb-default distclean-rb
+		@-$(RM) Makefile $(RUBY_EXTCONF_H) conftest.* mkmf.log
+		@-$(RM) core ruby$(EXEEXT) *~ $(DISTCLEANFILES)
+		@-$(RMDIRS) $(DISTCLEANDIRS) 2> /dev/null || true
+
+realclean: distclean
+install: install-so install-rb
+
+install-so: $(RUBYARCHDIR)
+install-so: $(RUBYARCHDIR)/$(DLLIB)
+$(RUBYARCHDIR)/$(DLLIB): $(DLLIB)
+	@-$(MAKEDIRS) $(@D)
+	$(INSTALL_PROG) $(DLLIB) $(@D)
+install-rb: pre-install-rb install-rb-default
+install-rb-default: pre-install-rb-default
+pre-install-rb: Makefile
+pre-install-rb-default: Makefile
+pre-install-rb-default:
+	$(ECHO) installing default xmlsec_ext libraries
+$(RUBYARCHDIR):
+	$(Q) $(MAKEDIRS) $@
+
+site-install: site-install-so site-install-rb
+site-install-so: install-so
+site-install-rb: install-rb
+
+.SUFFIXES: .c .m .cc .mm .cxx .cpp .C .o
+
+.cc.o:
+	$(ECHO) compiling $(<)
+	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
+
+.mm.o:
+	$(ECHO) compiling $(<)
+	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
+
+.cxx.o:
+	$(ECHO) compiling $(<)
+	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
+
+.cpp.o:
+	$(ECHO) compiling $(<)
+	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
+
+.C.o:
+	$(ECHO) compiling $(<)
+	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
+
+.c.o:
+	$(ECHO) compiling $(<)
+	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) $(COUTFLAG)$@ -c $<
+
+.m.o:
+	$(ECHO) compiling $(<)
+	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) $(COUTFLAG)$@ -c $<
+
+$(DLLIB): $(OBJS) Makefile
+	$(ECHO) linking shared-object xmlsec/$(DLLIB)
+	@-$(RM) $(@)
+	$(Q) $(LDSHARED) -o $@ $(OBJS) $(LIBPATH) $(DLDFLAGS) $(LOCAL_LIBS) $(LIBS)
+
+
+
+$(OBJS): $(hdrdir)/ruby.h $(hdrdir)/ruby/defines.h $(arch_hdrdir)/ruby/config.h

data/ext/xmlsec/extconf.rb

@@ -0,0 +1,7 @@
+require 'mkmf'
+
+if pkg_config('xmlsec1-openssl')
+  create_makefile('xmlsec/xmlsec_ext')
+else
+  puts "xmlsec1 is not installed."
+end

data/ext/xmlsec/mkmf.log

@@ -0,0 +1,5 @@
+package configuration for xmlsec1-openssl
+cflags: -DXMLSEC_CRYPTO=\"openssl\" -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1, -DXMLSEC_OPENSSL_098=1 -DXMLSEC_CRYPTO_OPENSSL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2  
+ldflags: 
+libs: -lxmlsec1-openssl -lxmlsec1 -lltdl -lssl -lcrypto -ldl -lxslt -lz -lm -lxml2  
+

data/ext/xmlsec/sign.c

@@ -0,0 +1,174 @@
+#include <xmlsec_ext.h>
+#include <sign.h>
+#include <errno.h>
+
+
+extern VALUE mXmlSec, cXmlSecError;
+
+static VALUE xmlsec_sign(VALUE self, xmlDocPtr doc, VALUE key_file, VALUE password, VALUE x509_file, VALUE node_name ) {
+
+  xmlNodePtr signNode = NULL;
+  xmlNodePtr refNode = NULL;
+  xmlNodePtr pathNode = NULL;
+  xmlNodePtr keyInfoNode = NULL;
+  xmlSecDSigCtxPtr dsigCtx = NULL;
+  xmlChar *xmlbuff;
+  int xmlbuffsize;
+  VALUE result;
+
+
+  /* create signature template for RSA-SHA1 enveloped signature */
+  signNode = xmlSecTmplSignatureCreate( doc,
+                                        xmlSecTransformExclC14NWithCommentsId,
+                                        xmlSecTransformRsaSha1Id,
+                                       NULL
+                                      );
+  if(signNode == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: failed to create signature template\n");
+    return Qnil;
+  }
+
+  pathNode =  xmlDocGetRootElement(doc);
+  if (! NIL_P(node_name)) {
+    pathNode = xmlNewChild(xmlDocGetRootElement(doc), NULL, StringValuePtr(node_name), NULL);
+    if(pathNode == NULL) {
+      if(doc != NULL) xmlFreeDoc(doc);
+      rb_raise(rb_eRuntimeError, "Error: failed to create %s node\n", StringValuePtr(node_name));
+      return Qnil;
+    }
+  }
+
+  /* add <dsig:Signature/> node to the doc */
+  xmlAddChild(pathNode, signNode);
+
+  /* add reference */
+  refNode = xmlSecTmplSignatureAddReference(signNode,
+                                            xmlSecTransformSha1Id,
+                                            NULL,
+                                            NULL,
+                                            NULL);
+  if(refNode == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: failed to add reference to signature template\n");
+    return Qnil;
+  }
+
+  /* add enveloped transform */
+  if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: failed to add enveloped transform to reference\n");
+    return Qnil;
+  }
+
+  if (! NIL_P(x509_file)){
+
+    /* add <dsig:KeyInfo/> and <dsig:X509Data/> */
+    keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
+    if(keyInfoNode == NULL) {
+      if(doc != NULL) xmlFreeDoc(doc);
+      rb_raise(rb_eRuntimeError, "Error: failed to add key info\n");
+      return Qnil;
+    }
+
+    if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
+      if(doc != NULL) xmlFreeDoc(doc);
+      rb_raise(rb_eRuntimeError, "Error: failed to add X509Data node\n");
+      return Qnil;
+    }
+  }
+
+  /* create signature context, we don't need keys manager in this example */
+  dsigCtx = xmlSecDSigCtxCreate(NULL);
+  if(dsigCtx == NULL) {
+    if(doc != NULL) xmlFreeDoc(doc);
+    rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
+    return Qnil;
+  }
+
+  /* load private key, assuming that there is not password */
+  dsigCtx->signKey = xmlSecCryptoAppKeyLoad(StringValuePtr(key_file),
+                                            xmlSecKeyDataFormatPem,
+                                            NIL_P(password) ? NULL : StringValuePtr(password),
+                                            NULL,
+                                            NULL);
+
+  if(dsigCtx->signKey == NULL) {
+      if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+      if(doc != NULL) xmlFreeDoc(doc);
+      rb_raise(rb_eRuntimeError, "Error: failed to load private pem key from \"%s\"\n", StringValuePtr(key_file));
+      return Qnil;
+  }
+
+  if (! NIL_P(x509_file)){
+    /* load certificate and add to the key */
+    if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, StringValuePtr(x509_file), xmlSecKeyDataFormatPem) < 0) {
+      if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+      if(doc != NULL) xmlFreeDoc(doc);
+      rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate \"%s\"\n", StringValuePtr(x509_file));
+      return Qnil;
+    }
+  }
+
+    /* set key name to the file name, this is just an example! */
+    if(xmlSecKeySetName(dsigCtx->signKey, StringValuePtr(key_file)) < 0) {
+      if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+      if(doc != NULL) xmlFreeDoc(doc);
+      rb_raise(rb_eRuntimeError, "Error: failed to set key name for key from \"%s\"\n", StringValuePtr(key_file));
+      return Qnil;
+    }
+
+    /* sign the template */
+    if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) {
+      if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+      if(doc != NULL) xmlFreeDoc(doc);
+      rb_raise(rb_eRuntimeError, "Error: signature failed");
+      return Qnil;
+    }
+
+    /* return signed document*/
+    xmlDocDumpFormatMemory(doc, &xmlbuff, &xmlbuffsize, 1);
+    result =  rb_str_new(xmlbuff, xmlbuffsize);
+    xmlFree(xmlbuff);
+    if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
+    if(doc != NULL) xmlFreeDoc(doc);
+    return result;
+
+}
+
+static VALUE rb_xmlsec_sign_file(VALUE self, VALUE template_file, VALUE key_file, VALUE password, VALUE x509_file, VALUE node_name) {
+  xmlDocPtr doc;
+
+  doc = xmlParseFile(StringValuePtr(template_file));
+
+  if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)) {
+    rb_raise(rb_eRuntimeError, "Error: unable to parse  template file.");
+    return;
+  }
+
+  return xmlsec_sign(self, doc, key_file, password, x509_file, node_name );
+}
+
+static VALUE rb_xmlsec_sign(VALUE self, VALUE template, VALUE key_file, VALUE password, VALUE x509_file, VALUE node_name ) {
+  xmlDocPtr doc;
+  doc = xmlReadMemory(
+      StringValuePtr(template),
+      RSTRING_LEN(template),
+      "noname.xml",
+      NULL,
+      0
+    );
+  if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+    rb_raise(rb_eRuntimeError, "Error: unable to parse  template.");
+    return;
+  }
+  return xmlsec_sign(self, doc, key_file, password, x509_file,node_name );
+}
+
+
+void init_xmlsec_sign() {
+
+  rb_define_singleton_method(mXmlSec, "sign_file", rb_xmlsec_sign_file, 5);
+  rb_define_singleton_method(mXmlSec, "sign", rb_xmlsec_sign, 5);
+
+}

data/ext/xmlsec/sign.h

@@ -0,0 +1,9 @@
+#ifndef XMLSEC_SIGN_H
+#define XMLSEC_SIGN_H
+
+#include <xmlsec/templates.h>
+
+
+void init_xmlsec_sign();
+
+#endif /* ifndef XMLSEC_SIGN_H */