xmlsec 0.0.4 → 0.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/ext/xmlsec/sign.c +9 -4
  2. data/ext/xmlsec/verify.c +42 -10
  3. data/lib/xmlsec/version.rb +1 -1
  4. data/spec/assets/signed.test.xml +17 -5
  5. metadata +2 -2
data/ext/xmlsec/sign.c CHANGED
@@ -19,7 +19,7 @@ static VALUE xmlsec_sign(VALUE self, xmlDocPtr doc, VALUE key_file, VALUE passwo
19
19
 
20
20
  /* create signature template for RSA-SHA1 enveloped signature */
21
21
  signNode = xmlSecTmplSignatureCreate( doc,
22
- xmlSecTransformExclC14NWithCommentsId,
22
+ xmlSecTransformInclC14NWithCommentsId,
23
23
  xmlSecTransformRsaSha1Id,
24
24
  NULL
25
25
  );
@@ -46,7 +46,7 @@ static VALUE xmlsec_sign(VALUE self, xmlDocPtr doc, VALUE key_file, VALUE passwo
46
46
  refNode = xmlSecTmplSignatureAddReference(signNode,
47
47
  xmlSecTransformSha1Id,
48
48
  NULL,
49
- NULL,
49
+ "\0",
50
50
  NULL);
51
51
  if(refNode == NULL) {
52
52
  if(doc != NULL) xmlFreeDoc(doc);
@@ -76,6 +76,11 @@ static VALUE xmlsec_sign(VALUE self, xmlDocPtr doc, VALUE key_file, VALUE passwo
76
76
  rb_raise(rb_eRuntimeError, "Error: failed to add X509Data node\n");
77
77
  return Qnil;
78
78
  }
79
+ if(xmlSecTmplKeyInfoAddKeyValue(keyInfoNode) == NULL) {
80
+ if(doc != NULL) xmlFreeDoc(doc);
81
+ rb_raise(rb_eRuntimeError, "Error: failed to add KeyValue node\n");
82
+ return Qnil;
83
+ }
79
84
  }
80
85
 
81
86
  /* create signature context, we don't need keys manager in this example */
@@ -162,7 +167,7 @@ static VALUE rb_xmlsec_sign(VALUE self, VALUE template, VALUE key_file, VALUE pa
162
167
  rb_raise(rb_eRuntimeError, "Error: unable to parse template.");
163
168
  return Qnil;
164
169
  }
165
- return xmlsec_sign(self, doc, key_file, password, x509_file,node_name );
170
+ return xmlsec_sign(self, doc, key_file, password, x509_file, node_name );
166
171
  }
167
172
 
168
173
 
@@ -171,4 +176,4 @@ void init_xmlsec_sign() {
171
176
  rb_define_singleton_method(mXmlSec, "sign_file", rb_xmlsec_sign_file, 5);
172
177
  rb_define_singleton_method(mXmlSec, "sign", rb_xmlsec_sign, 5);
173
178
 
174
- }
179
+ }
data/ext/xmlsec/verify.c CHANGED
@@ -6,8 +6,10 @@ extern VALUE mXmlSec, cXmlSecError;
6
6
 
7
7
  VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file ) {
8
8
  xmlSecKeysMngrPtr mngr;
9
+ VALUE v;
9
10
  xmlNodePtr node = NULL;
10
11
  xmlSecDSigCtxPtr dsigCtx = NULL;
12
+ long i;
11
13
 
12
14
  mngr = xmlSecKeysMngrCreate();
13
15
 
@@ -23,15 +25,32 @@ VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file )
23
25
  rb_raise(rb_eRuntimeError, "Error: failed to initialize keys manager.\n");
24
26
  return Qnil;
25
27
  }
28
+ if (TYPE(x509_file) == T_STRING){
29
+ /* load trusted cert */
30
+ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, StringValuePtr(x509_file), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
31
+ if(doc != NULL) xmlFreeDoc(doc);
32
+ if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
33
+ rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", StringValuePtr(x509_file));
34
+ return Qnil;
35
+ }
36
+ }
37
+ if (TYPE(x509_file) == T_ARRAY) {
38
+ for (i =0; i < RARRAY_LEN(x509_file); i++) {
39
+ v = rb_ary_entry(x509_file, i);
40
+ StringValue(v);
41
+ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, RSTRING_PTR(v), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
42
+ if(doc != NULL) xmlFreeDoc(doc);
43
+ if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
44
+ rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", RSTRING_PTR(v));
45
+ return Qnil;
46
+ }
47
+
48
+ }
49
+ //rb_ary_entry
26
50
 
27
- /* load trusted cert */
28
- if(xmlSecCryptoAppKeysMngrCertLoad(mngr, StringValuePtr(x509_file), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
29
- if(doc != NULL) xmlFreeDoc(doc);
30
- if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
31
- rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", StringValuePtr(x509_file));
32
- return Qnil;
33
51
  }
34
52
 
53
+
35
54
  /* find start node */
36
55
  node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
37
56
  if(node == NULL) {
@@ -49,6 +68,9 @@ VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file )
49
68
  return Qnil;
50
69
  }
51
70
 
71
+ /* limit the Reference URI attributes to empty or NULL */
72
+ dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
73
+
52
74
  /* Verify signature */
53
75
  if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
54
76
  if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
@@ -92,6 +114,7 @@ VALUE xmlsec_is_valid(VALUE self, xmlDocPtr doc) {
92
114
  rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
93
115
  return Qnil;
94
116
  }
117
+ dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
95
118
 
96
119
  /* Verify signature */
97
120
  if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
@@ -133,6 +156,7 @@ VALUE xmlsec_is_valid_by_key(VALUE self, xmlDocPtr doc, VALUE key_file ) {
133
156
  rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
134
157
  return Qnil;
135
158
  }
159
+ dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
136
160
 
137
161
  /* load public key */
138
162
  dsigCtx->signKey = xmlSecCryptoAppKeyLoad(StringValuePtr(key_file), xmlSecKeyDataFormatPem, NULL, NULL, NULL);
@@ -177,7 +201,7 @@ static VALUE rb_xmlsec_is_valid_file(VALUE self, VALUE template_file, VALUE key_
177
201
  doc = xmlParseFile(StringValuePtr(template_file));
178
202
 
179
203
  if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)) {
180
- rb_raise(rb_eRuntimeError, "Error: unable to parse template file.");
204
+ rb_raise(rb_eRuntimeError, "Error: unable to parse template file.");
181
205
  return Qnil;
182
206
  }
183
207
  if (! NIL_P(x509_file)) return xmlsec_is_valid_by_x509_file(self, doc, x509_file );
@@ -187,6 +211,11 @@ static VALUE rb_xmlsec_is_valid_file(VALUE self, VALUE template_file, VALUE key_
187
211
 
188
212
  static VALUE rb_xmlsec_is_valid(VALUE self, VALUE template, VALUE key_file, VALUE x509_file ) {
189
213
  xmlDocPtr doc;
214
+
215
+ if (TYPE(template) != T_STRING){
216
+ rb_raise(rb_eRuntimeError, "Error: Wrong template type");
217
+ }
218
+
190
219
  doc = xmlReadMemory(
191
220
  StringValuePtr(template),
192
221
  RSTRING_LEN(template),
@@ -194,13 +223,16 @@ static VALUE rb_xmlsec_is_valid(VALUE self, VALUE template, VALUE key_file, VALU
194
223
  NULL,
195
224
  0
196
225
  );
226
+
197
227
  if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
198
- rb_raise(rb_eRuntimeError, "Error: unable to parse template.");
228
+ rb_raise(rb_eRuntimeError, "Error: unable to parse template %s.", StringValuePtr(template));
229
+
230
+ rb_raise(rb_eRuntimeError, "Error: unable to parse template.");
199
231
  return Qnil;
200
232
  }
201
233
  if (! NIL_P(x509_file)) return xmlsec_is_valid_by_x509_file(self, doc, x509_file );
202
234
  if (! NIL_P(key_file)) return xmlsec_is_valid_by_key(self, doc, key_file);
203
- return xmlsec_is_valid(self, doc);
235
+ //return xmlsec_is_valid(self, doc);
204
236
  }
205
237
 
206
238
 
@@ -209,4 +241,4 @@ void init_xmlsec_verify(){
209
241
  rb_define_singleton_method(mXmlSec, "valid_file?", rb_xmlsec_is_valid_file, 3);
210
242
  rb_define_singleton_method(mXmlSec, "valid?", rb_xmlsec_is_valid, 3);
211
243
 
212
- }
244
+ }
data/lib/xmlsec/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module XmlSec
2
- VERSION = "0.0.4"
2
+ VERSION = "0.0.5"
3
3
  end
data/spec/assets/signed.test.xml CHANGED
@@ -13,9 +13,9 @@
13
13
  </Data>
14
14
  <Security><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
15
15
  <SignedInfo>
16
- <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
16
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
17
17
  <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
18
- <Reference>
18
+ <Reference URI="">
19
19
  <Transforms>
20
20
  <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
21
21
  </Transforms>
@@ -23,9 +23,9 @@
23
23
  <DigestValue>cWRQ7e5Hp3G/m+AsreGhIefcB0A=</DigestValue>
24
24
  </Reference>
25
25
  </SignedInfo>
26
- <SignatureValue>lxGeNKU+RS7T8DsAT+ZlPxO/e0OLiq1tIUiZ1LWYLB3RxACvnre15pNniRCjXRrZ
27
- He6Kr+0xrqhfQLVPqHi0Gj7z8Ac0sTdICCCxJTzq1YQ2PhSRgXT8TGeXzVI4VIMp
28
- D0ypoBWhtOLvwaCpiX4mHZ3NjpqbrdNcxVGnoGh5Dm0=</SignatureValue>
26
+ <SignatureValue>VNdXZlm1D88wXUjJq6SaG+BrOTbRZeQRrO1bY/4vvJ0lKAQE2xJ+O/LV6XpVQM+f
27
+ 1DhHisEM/rqXgXN1AcT9/jFCakdhGINY7p0y2k2ZjNkZebd43xNJylwP4HCepIVx
28
+ vXo1sUr7/c7Lovb+5sP5aTVD/6vvr6kWQRbhuhrHCjg=</SignatureValue>
29
29
  <KeyInfo>
30
30
  <X509Data>
31
31
  <X509Certificate>MIIB+zCCAWQCCQCNDSfdaw1XODANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJY
@@ -40,5 +40,17 @@ JZKuMzTdOBFMdJABXQ26ik4X5G3oQvLCvvfxqGoci4BnOa2TnxvpRw7g1jekjGxn
40
40
  oxAOVnMI6cuAbNe5ydub5YeelyJGrlPEcIs+lm2GkUCRFZd4krVO4r2wptD0KP8a
41
41
  5iD8CBI9Bl39pXP7k6pEM1UVPUfxyT/h7I2dpqxp+Q==</X509Certificate>
42
42
  </X509Data>
43
+ <KeyValue>
44
+ <RSAKeyValue>
45
+ <Modulus>
46
+ zAkX2JwvyH6hUtXt9g7HAz/GQPe/nexZjGwVOfZtcLVR24wzSqMKUm+t+hsDrngZ
47
+ or7mYbkzrFwWJZKuMzTdOBFMdJABXQ26ik4X5G3oQvLCvvfxqGoci4BnOa2Tnxvp
48
+ Rw7g1jekjGxn393bFgOXJIi0gsjx+hcr20qLdaEnJyc=
49
+ </Modulus>
50
+ <Exponent>
51
+ AQAB
52
+ </Exponent>
53
+ </RSAKeyValue>
54
+ </KeyValue>
43
55
  </KeyInfo>
44
56
  </Signature></Security></Service>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: xmlsec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.5
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2012-05-30 00:00:00.000000000 Z
15
+ date: 2012-06-05 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: rake-compiler