xmlsig 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. data/README.rdoc +0 -0
  2. data/ext/xmlsig/BioWrap.h +98 -0
  3. data/ext/xmlsig/DSig.cpp +109 -0
  4. data/ext/xmlsig/DSig.h +81 -0
  5. data/ext/xmlsig/DSigCtx.h +72 -0
  6. data/ext/xmlsig/Exceptions.cpp +151 -0
  7. data/ext/xmlsig/Exceptions.h +214 -0
  8. data/ext/xmlsig/Key.cpp +582 -0
  9. data/ext/xmlsig/Key.h +338 -0
  10. data/ext/xmlsig/KeyInfoCtx.h +67 -0
  11. data/ext/xmlsig/KeyStore.cpp +180 -0
  12. data/ext/xmlsig/KeyStore.h +157 -0
  13. data/ext/xmlsig/KeysMngrWrap.h +62 -0
  14. data/ext/xmlsig/NodeSet.h +60 -0
  15. data/ext/xmlsig/Signer.cpp +691 -0
  16. data/ext/xmlsig/Signer.h +373 -0
  17. data/ext/xmlsig/TrustVerifier.cpp +145 -0
  18. data/ext/xmlsig/TrustVerifier.h +174 -0
  19. data/ext/xmlsig/Verifier.cpp +677 -0
  20. data/ext/xmlsig/Verifier.h +313 -0
  21. data/ext/xmlsig/X509Certificate.cpp +362 -0
  22. data/ext/xmlsig/X509Certificate.h +146 -0
  23. data/ext/xmlsig/XPath.cpp +173 -0
  24. data/ext/xmlsig/XPath.h +156 -0
  25. data/ext/xmlsig/XPathCtx.h +68 -0
  26. data/ext/xmlsig/XmlCharBuf.h +60 -0
  27. data/ext/xmlsig/XmlDoc.cpp +278 -0
  28. data/ext/xmlsig/XmlDoc.h +157 -0
  29. data/ext/xmlsig/XmlElement.cpp +151 -0
  30. data/ext/xmlsig/XmlElement.h +134 -0
  31. data/ext/xmlsig/countptr.h +260 -0
  32. data/ext/xmlsig/extconf.rb +58 -0
  33. data/ext/xmlsig/runtests.rb +23 -0
  34. data/ext/xmlsig/swig/countptr.i +27 -0
  35. data/ext/xmlsig/swig/exceptions.i +79 -0
  36. data/ext/xmlsig/swig/ruby.i +17 -0
  37. data/ext/xmlsig/swig/xmlsig.i +405 -0
  38. data/ext/xmlsig/t/tc_cert.rb +34 -0
  39. data/ext/xmlsig/t/tc_interface.rb +158 -0
  40. data/ext/xmlsig/t/tc_signer.rb +501 -0
  41. data/ext/xmlsig/t/tc_tsik.rb +490 -0
  42. data/ext/xmlsig/t/tc_verifier.rb +151 -0
  43. data/ext/xmlsig/t/tsik_interop/sign.rb +48 -0
  44. data/ext/xmlsig/t/tsik_interop/verify.rb +31 -0
  45. data/ext/xmlsig/t/tsik_interop/verify_own.rb +46 -0
  46. data/ext/xmlsig/xmlsig.cpp +13363 -0
  47. data/lib/xmlsig.rb +1 -0
  48. metadata +113 -0
@@ -0,0 +1,501 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # (C) Copyright 2006 VeriSign, Inc.
4
+ # Developed by Sxip Identity
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+
18
+ require 'test/unit'
19
+ require 'xmlsig'
20
+
21
+ class TC_Signer < Test::Unit::TestCase
22
+ # def setup
23
+ # end
24
+
25
+ # def teardown
26
+ # end
27
+
28
+ def clear_enveloping (str)
29
+ str = str.gsub(/Reference URI=".*"/, 'Reference URI=""')
30
+ str = str.gsub(/Object Id=".*"/, 'Object Id=""')
31
+ str = str.gsub(/<DigestValue>.*<\/DigestValue>/,
32
+ '<DigestValue></DigestValue>')
33
+ str = str.gsub(/<SignatureValue>.*<\/SignatureValue>/m,
34
+ '<SignatureValue></SignatureValue>')
35
+ return str
36
+ end
37
+
38
+ def test_signer_basics
39
+ x = Xmlsig::XmlDoc.new
40
+ if x.loadFromString('<hello>world!</hello>') < 0
41
+ raise "failed to create XML document"
42
+ end
43
+ k = Xmlsig::Key.new
44
+ if k.loadFromFile('t/res/rsakey.pem','pem','') < 0
45
+ raise "failed to load key"
46
+ end
47
+ s = Xmlsig::Signer.new(x,k)
48
+ s.signInPlace()
49
+ expected = <<-XML
50
+ <?xml version="1.0"?>
51
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
52
+ <SignedInfo>
53
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
54
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
55
+ <Reference URI="#obj1">
56
+ <Transforms>
57
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
58
+ </Transforms>
59
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
60
+ <DigestValue>YSHe8XZ7FyBg4bJyb9nB4m0x+uo=</DigestValue>
61
+ </Reference>
62
+ </SignedInfo>
63
+ <SignatureValue>cAWu6o1UKCUSfsVDlNG6JvE7bj6TrInQPdYYBWn/kR4zkyeSR45IjTjk8ug4w0lP
64
+ RJnPkFcxt9KZystNh/84boNPr8dV4aitMVBcwI9KC+wVyTSiNSGoQ97xwNWvV3P0
65
+ MuP0IfzwMYEYzaz4BcnLAeBS/zJj1nKBrQl4cPendKz258wND3sCx44gGPBWOe6S
66
+ +bgvzO31Dk6bXVid92DU2BBfzJ+vLC/R1pA7zzSbi4IbVOGGxcDwWz1UnXrBWVRv
67
+ l0BUrEO/ggm11KrDPywYpDk4K+S77uirJ5ZnE7/80gtVqeUNXFwPDXwxanr4OAYX
68
+ Oqke+lk6t9sVyzTbB/AhDw==</SignatureValue>
69
+ <Object Id="obj1"><hello>world!</hello></Object>
70
+ </Signature>
71
+ XML
72
+ assert_equal(clear_enveloping(expected),
73
+ clear_enveloping(x.toString), "check signed xml")
74
+
75
+ if x.loadFromString('<hello>world!</hello>') < 0
76
+ raise "failed to create XML document"
77
+ end
78
+ s = Xmlsig::Signer.new(x,k)
79
+ s.signInPlace()
80
+ assert_equal(clear_enveloping(expected),
81
+ clear_enveloping(x.toString), "should be able to sign again")
82
+
83
+
84
+ if x.loadFromString('<hello>world!</hello>') < 0
85
+ raise "failed to create XML document"
86
+ end
87
+ s = Xmlsig::Signer.new(x,k)
88
+ x_dup = s.sign()
89
+ original = <<-XML
90
+ <?xml version="1.0"?>
91
+ <hello>world!</hello>
92
+ XML
93
+ assert_equal(original, x.toString, "sign should preserve the original")
94
+ assert_equal(clear_enveloping(expected),
95
+ clear_enveloping(x_dup.toString), "sign should produce a copy")
96
+ s.signInPlace()
97
+ assert_equal(clear_enveloping(expected),
98
+ clear_enveloping(x.toString), "signInPlace should still work")
99
+
100
+
101
+ enveloped = <<-XML
102
+ <n0:pdu xmlns:n0="http://a.example">
103
+ <n1:elem1 xmlns:n1="http://b.example">
104
+ content
105
+ </n1:elem1>
106
+ </n0:pdu>
107
+ XML
108
+ if x.loadFromString(enveloped) < 0
109
+ raise "failed to create XML document"
110
+ end
111
+ s = Xmlsig::Signer.new(x,k)
112
+ x_dup = s.sign
113
+ expected = <<-XML
114
+ <?xml version="1.0"?>
115
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
116
+ <SignedInfo>
117
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
118
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
119
+ <Reference URI="#obj1">
120
+ <Transforms>
121
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
122
+ </Transforms>
123
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
124
+ <DigestValue>Z1BLe+Di+r3Q88UGYMg0U98+SkQ=</DigestValue>
125
+ </Reference>
126
+ </SignedInfo>
127
+ <SignatureValue>XnIMidjeC2cwjpx1g5cdUjJhaeOrUn7QVbOp3nZfZ9pX9h0RzNr7IbyBDIFYDz8V
128
+ x/pJTrIBwtNRNv/zipgNdO3Zz6k5cKOeh518F+tIVa6LiApywRIUSZJRJRDrkfRI
129
+ D+qllTfEz0nBZIkW6R40xawHYXbMi7/jirJPFptIqYW0P/X2QUqoR7tKMB6U7z97
130
+ 6YXwLTO32O2R1udK8psoKwalOqdmWdR/8xWxLSjLoywyhF6c2+sNIa16BWMilFPX
131
+ hCz91erW1LWKcUXgVGbsniG/3Wqz7VXmROf0iYZ56gTLWA2qKRBS8DC3uZo830bq
132
+ cG04ZgJEZyAdMCjFcN0kaA==</SignatureValue>
133
+ <Object Id="obj1"><n0:pdu xmlns:n0="http://a.example">
134
+ <n1:elem1 xmlns:n1="http://b.example">
135
+ content
136
+ </n1:elem1>
137
+ </n0:pdu></Object>
138
+ </Signature>
139
+ XML
140
+ assert_equal(clear_enveloping(expected),
141
+ clear_enveloping(x_dup.toString), "inclusive c14n")
142
+ s.useExclusiveCanonicalizer('')
143
+ x_dup = s.sign
144
+ expected = <<-XML
145
+ <?xml version="1.0"?>
146
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
147
+ <SignedInfo>
148
+ <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
149
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
150
+ <Reference URI="#obj1">
151
+ <Transforms>
152
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
153
+ </Transforms>
154
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
155
+ <DigestValue>Z1BLe+Di+r3Q88UGYMg0U98+SkQ=</DigestValue>
156
+ </Reference>
157
+ </SignedInfo>
158
+ <SignatureValue>V/BJBFvJNWJmrPoTcCiEJ+Kiho3oNcwWzBrJIA9uCgl5LXvgJsH1iedVHzPlDyfH
159
+ zRxxjx3EiXBpmh92sPmboBcBEOJxEsXRmNNspLjdBlywoAJNSCXqdpWTKpjCeFxe
160
+ tefTsPt2u3FvMrHHPzqWJBegHkO1egsAJQ4ZenyfJw6OkXttdj52UJDiUNaoa5mr
161
+ ucKC4ccFxbOgtGg7pkfJ1mStvChRABb1a27glf0HkgXrffDkXklVwqmGLw+QD2VK
162
+ I3p3jWjicltVHHYazr1GzBG2MJ6JH/6q0cAS1tmXDQZPl/iV7kVX1kiJcjnUHbxi
163
+ DaJbsDL5hmar/m7hOKDgHA==</SignatureValue>
164
+ <Object Id="obj1"><n0:pdu xmlns:n0="http://a.example">
165
+ <n1:elem1 xmlns:n1="http://b.example">
166
+ content
167
+ </n1:elem1>
168
+ </n0:pdu></Object>
169
+ </Signature>
170
+ XML
171
+ assert_equal(clear_enveloping(expected),
172
+ clear_enveloping(x_dup.toString), "exclusive c14n")
173
+
174
+ x = Xmlsig::XmlDoc.new
175
+ if x.loadFromString('<hello>world!</hello>') < 0
176
+ raise "failed to create XML document"
177
+ end
178
+ k = Xmlsig::Key.new
179
+ if k.loadFromFile('t/res/rsakey.pem','pem','') < 0
180
+ raise "failed to load key"
181
+ end
182
+ s = Xmlsig::Signer.new(x,k)
183
+ if s.addCertFromFile('t/res/rsacert.pem', 'pem') < 0
184
+ raise "failed to add cert"
185
+ end
186
+ x_dup = s.sign
187
+ expected = <<-XML
188
+ <?xml version="1.0"?>
189
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
190
+ <SignedInfo>
191
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
192
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
193
+ <Reference URI="#obj-gXKdX4PpMA">
194
+ <Transforms>
195
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
196
+ </Transforms>
197
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
198
+ <DigestValue>FmuiTWZt7LioHNUGy5rSu+lqcNA=</DigestValue>
199
+ </Reference>
200
+ </SignedInfo>
201
+ <SignatureValue>M7eBJdXlzNuyAFdsFG/6ZHydmmq4X7VLXWixvRnXDZM2xVY1eCi3JtPtOI/qNdEp
202
+ FiV8/PvZ2fUQqMdGmKU2HX4RJyf2BuzlrsJ3lGXu84HDSDRnt6TChO2PThFjw7ZP
203
+ vicru6g8PN6uK5aWDZ6AXT/aDvwiar1wN0LfAnthnXXByQtIwDbtQLvkbdcoDjVh
204
+ YNn2FD/XjXsNtEH2Ny7wWsd3zsX3X3TbYJWyuXfvsg1/rS7m0hLYNM4EDIyAj8CF
205
+ BAgYY55DLt8GX7jiKQD/0gYebp0NQCepL02drQ090URMksNyOYIpZwPv2lUfCOAn
206
+ 5LnFffld7w+CGCIdMegVaQ==</SignatureValue>
207
+ <KeyInfo>
208
+ <X509Data>
209
+ <X509Certificate>MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
210
+ EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
211
+ ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
212
+ eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
213
+ a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
214
+ DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw
215
+ EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
216
+ eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt
217
+ cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
218
+ BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB
219
+ BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt
220
+ quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E
221
+ mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg
222
+ qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53
223
+ 7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w
224
+ Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG
225
+ A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
226
+ ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw
227
+ MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx
228
+ EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
229
+ ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
230
+ eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
231
+ a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA
232
+ MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY
233
+ 1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn
234
+ ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL
235
+ NJ2D</X509Certificate>
236
+ </X509Data>
237
+ </KeyInfo>
238
+ <Object Id="obj-gXKdX4PpMA"><hello>world!</hello></Object>
239
+ </Signature>
240
+ XML
241
+ assert_equal(clear_enveloping(expected),
242
+ clear_enveloping(x_dup.toString),
243
+ "sign and attach pubkey x509 cert")
244
+
245
+ x = Xmlsig::XmlDoc.new
246
+ if x.loadFromString('<hello>world!</hello>') < 0
247
+ raise "failed to create XML document"
248
+ end
249
+ k = Xmlsig::Key.new
250
+ if k.loadHMACFromString('secret') < 0
251
+ raise "failed to load key"
252
+ end
253
+ s = Xmlsig::Signer.new(x,k)
254
+ x_dup = s.sign
255
+ expected = <<-XML
256
+ <?xml version="1.0"?>
257
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
258
+ <SignedInfo>
259
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
260
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
261
+ <Reference URI="#obj1">
262
+ <Transforms>
263
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
264
+ </Transforms>
265
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
266
+ <DigestValue>YSHe8XZ7FyBg4bJyb9nB4m0x+uo=</DigestValue>
267
+ </Reference>
268
+ </SignedInfo>
269
+ <SignatureValue>a2xSwgkUYkby86Rw32ZuJjzrkJQ=</SignatureValue>
270
+ <Object Id="obj1"><hello>world!</hello></Object>
271
+ </Signature>
272
+ XML
273
+ assert_equal(clear_enveloping(expected),
274
+ clear_enveloping(x_dup.toString),
275
+ "sign with HMAC")
276
+ end
277
+
278
+ def test_id_attr
279
+ xml = <<-XML
280
+ <foo>
281
+ <thing id="me">ha ha ha</thing>
282
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
283
+ <SignedInfo>
284
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
285
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
286
+ <Reference URI="#xpointer(id('me'))">
287
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
288
+ <DigestValue/>
289
+ </Reference>
290
+ </SignedInfo>
291
+ <SignatureValue/>
292
+ </Signature>
293
+ </foo>
294
+ XML
295
+ x = Xmlsig::XmlDoc.new
296
+ if x.loadFromString(xml) < 0
297
+ raise "error loading XML"
298
+ end
299
+ x.addIdAttr('id','thing','')
300
+ k = Xmlsig::Key.new
301
+ if k.loadHMACFromString("secret") < 0
302
+ raise "error loading key"
303
+ end
304
+ s = Xmlsig::Signer.new(x,k)
305
+ s.signInPlace
306
+ expected = <<-XML
307
+ <?xml version="1.0"?>
308
+ <foo>
309
+ <thing id="me">ha ha ha</thing>
310
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
311
+ <SignedInfo>
312
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
313
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
314
+ <Reference URI="#xpointer(id('me'))">
315
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
316
+ <DigestValue>LtCo7+kPydkEmDCmDeHN/uw3n7c=</DigestValue>
317
+ </Reference>
318
+ </SignedInfo>
319
+ <SignatureValue>PqQMfXh6WV+vLS2Hn/0kFR2Sl8c=</SignatureValue>
320
+ </Signature>
321
+ </foo>
322
+ XML
323
+ assert_equal(expected, x.toString, "signedInPlace with ID attribute")
324
+ x = Xmlsig::XmlDoc.new
325
+ if x.loadFromString(xml) < 0
326
+ raise "error loading XML"
327
+ end
328
+ x.addIdAttr('id','thing','')
329
+ s = Xmlsig::Signer.new(x,k)
330
+ x_signed = s.sign
331
+ expected = <<-XML
332
+ <?xml version="1.0"?>
333
+ <foo>
334
+ <thing id="me">ha ha ha</thing>
335
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
336
+ <SignedInfo>
337
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
338
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
339
+ <Reference URI="#xpointer(id('me'))">
340
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
341
+ <DigestValue>LtCo7+kPydkEmDCmDeHN/uw3n7c=</DigestValue>
342
+ </Reference>
343
+ </SignedInfo>
344
+ <SignatureValue>PqQMfXh6WV+vLS2Hn/0kFR2Sl8c=</SignatureValue>
345
+ </Signature>
346
+ </foo>
347
+ XML
348
+ assert_equal(expected, x_signed.toString, "signed copy with ID attribute")
349
+ end
350
+ def test_add_verifying_key
351
+ xml = <<-XML
352
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
353
+ <SignedInfo>
354
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
355
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
356
+ <Reference URI="#object">
357
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
358
+ <DigestValue/>
359
+ </Reference>
360
+ </SignedInfo>
361
+ <SignatureValue/>
362
+ <KeyInfo>
363
+ <KeyValue/>
364
+ </KeyInfo>
365
+ <Object Id="object">some text</Object>
366
+ </Signature>
367
+ XML
368
+ xml = <<-XML
369
+ <hello>world!</hello>
370
+ XML
371
+ x = Xmlsig::XmlDoc.new
372
+ if x.loadFromString(xml) < 0
373
+ raise "error loading XML"
374
+ end
375
+ k = Xmlsig::Key.new
376
+ if k.loadFromFile("t/res/rsakey.pem","pem","") < 0
377
+ raise "error loading key"
378
+ end
379
+ s = Xmlsig::Signer.new(x,k)
380
+ s.attachPublicKey(1)
381
+ s.signInPlace
382
+ expected = <<-XML
383
+ <?xml version="1.0"?>
384
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
385
+ <SignedInfo>
386
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
387
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
388
+ <Reference URI="#obj1">
389
+ <Transforms>
390
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
391
+ </Transforms>
392
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
393
+ <DigestValue>YSHe8XZ7FyBg4bJyb9nB4m0x+uo=</DigestValue>
394
+ </Reference>
395
+ </SignedInfo>
396
+ <SignatureValue>cAWu6o1UKCUSfsVDlNG6JvE7bj6TrInQPdYYBWn/kR4zkyeSR45IjTjk8ug4w0lP
397
+ RJnPkFcxt9KZystNh/84boNPr8dV4aitMVBcwI9KC+wVyTSiNSGoQ97xwNWvV3P0
398
+ MuP0IfzwMYEYzaz4BcnLAeBS/zJj1nKBrQl4cPendKz258wND3sCx44gGPBWOe6S
399
+ +bgvzO31Dk6bXVid92DU2BBfzJ+vLC/R1pA7zzSbi4IbVOGGxcDwWz1UnXrBWVRv
400
+ l0BUrEO/ggm11KrDPywYpDk4K+S77uirJ5ZnE7/80gtVqeUNXFwPDXwxanr4OAYX
401
+ Oqke+lk6t9sVyzTbB/AhDw==</SignatureValue>
402
+ <KeyInfo>
403
+ <KeyValue>
404
+ <RSAKeyValue>
405
+ <Modulus>
406
+ l7j+tD+DNXgWiQTsK2GMv8RfAIFKRebZzeniPJc7Ra2q5o0Ld3EHAU98+X3iGard
407
+ kVn08c89unhGlhGctltGOXNVI6r3ngBc5elJ7DucP4SZOpCt335khsYmcs4xCHl+
408
+ ExW45b/WVgKNYCFMJxhk+/tVcPYzvS9VcNVefpmupOCqRUcTqDDVoIqdzCDs5I5R
409
+ yVTFfz5mLXS/o3r48+yUVzm0rAB1YmFUtNDgUob4XnfsUEOc0rqnjGJavLL+88xi
410
+ fiNga8dRSTd4fiUVMKv6tK4ljyL8o0h/8gqKbuD+jfAB7cYzzGuh/aaA7waMr/ZA
411
+ Oo5CFCBhEh/j/AWxBdVlww==
412
+ </Modulus>
413
+ <Exponent>
414
+ AQAB
415
+ </Exponent>
416
+ </RSAKeyValue>
417
+ </KeyValue>
418
+ </KeyInfo>
419
+ <Object Id="obj1"><hello>world!</hello></Object>
420
+ </Signature>
421
+ XML
422
+ assert_equal(clear_enveloping(expected),
423
+ clear_enveloping(x.toString),
424
+ "add raw verifying key")
425
+ x = Xmlsig::XmlDoc.new
426
+ if x.loadFromString('<hello>world!</hello>') < 0
427
+ raise "failed to create XML document"
428
+ end
429
+ k = Xmlsig::Key.new
430
+ if k.loadHMACFromString('secret') < 0
431
+ raise "failed to load key"
432
+ end
433
+ s = Xmlsig::Signer.new(x,k)
434
+ s.attachPublicKey(1)
435
+ x_dup = s.sign
436
+ expected = <<-XML
437
+ <?xml version="1.0"?>
438
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
439
+ <SignedInfo>
440
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
441
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
442
+ <Reference URI="#obj1">
443
+ <Transforms>
444
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
445
+ </Transforms>
446
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
447
+ <DigestValue>YSHe8XZ7FyBg4bJyb9nB4m0x+uo=</DigestValue>
448
+ </Reference>
449
+ </SignedInfo>
450
+ <SignatureValue>a2xSwgkUYkby86Rw32ZuJjzrkJQ=</SignatureValue>
451
+ <KeyInfo>
452
+ <KeyValue/>
453
+ </KeyInfo>
454
+ <Object Id="obj1"><hello>world!</hello></Object>
455
+ </Signature>
456
+ XML
457
+ assert_equal(clear_enveloping(expected),
458
+ clear_enveloping(x_dup.toString),
459
+ "sign with HMAC - should not attach key")
460
+ end
461
+
462
+ def test_enveloped
463
+ x = Xmlsig::XmlDoc.new
464
+ if x.loadFromString('<hello>world!</hello>') < 0
465
+ raise "failed to create XML document"
466
+ end
467
+ k = Xmlsig::Key.new
468
+ if k.loadFromFile('t/res/rsakey.pem','pem','') < 0
469
+ raise "failed to load key"
470
+ end
471
+ s = Xmlsig::Signer.new(x,k)
472
+ xp = Xmlsig::XPath.new
473
+ xp.setXPath("/hello")
474
+ s.signInPlace(xp)
475
+ expected = <<-XML
476
+ <?xml version="1.0"?>
477
+ <hello>world!<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
478
+ <SignedInfo>
479
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
480
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
481
+ <Reference URI="">
482
+ <Transforms>
483
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
484
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
485
+ </Transforms>
486
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
487
+ <DigestValue>1yxTNbA2ACee4VdoRgA69iOj6kg=</DigestValue>
488
+ </Reference>
489
+ </SignedInfo>
490
+ <SignatureValue>R0F67tolSG60Dx7NCsi6f//QboN1FqmQs6C73GiCztY+SLaoOIMohGEWL5dQfvJd
491
+ isRn/AVZe+09bBmJLru73b+floTTf+av6sw0j2NsqQroGAuNDwMVk0fJwv8shMoB
492
+ wOM35Gp6jHs13FayL7QCf4qw7K+OebQtPdCHos4PkDuvKmMK1F/YpDOsezjo1Wg+
493
+ 9dKFaTmbeaaq7iY3NlSJaC+kyRUMnlY9jVJWsE/EDTD0XujwlOFhKV9heanPvd+z
494
+ dplValY7ioM+T21IW5UUVY0xy8wTXWeaXRWRDuFcoIIF3UX/aeVEmmLhjKuEgD8k
495
+ ee1QrIN9c+mr5+W3Je6QTg==</SignatureValue>
496
+ </Signature></hello>
497
+ XML
498
+ assert_equal(expected, x.toString, "check signed xml")
499
+ end
500
+ end
501
+