xmlsig 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. data/README.rdoc +0 -0
  2. data/ext/xmlsig/BioWrap.h +98 -0
  3. data/ext/xmlsig/DSig.cpp +109 -0
  4. data/ext/xmlsig/DSig.h +81 -0
  5. data/ext/xmlsig/DSigCtx.h +72 -0
  6. data/ext/xmlsig/Exceptions.cpp +151 -0
  7. data/ext/xmlsig/Exceptions.h +214 -0
  8. data/ext/xmlsig/Key.cpp +582 -0
  9. data/ext/xmlsig/Key.h +338 -0
  10. data/ext/xmlsig/KeyInfoCtx.h +67 -0
  11. data/ext/xmlsig/KeyStore.cpp +180 -0
  12. data/ext/xmlsig/KeyStore.h +157 -0
  13. data/ext/xmlsig/KeysMngrWrap.h +62 -0
  14. data/ext/xmlsig/NodeSet.h +60 -0
  15. data/ext/xmlsig/Signer.cpp +691 -0
  16. data/ext/xmlsig/Signer.h +373 -0
  17. data/ext/xmlsig/TrustVerifier.cpp +145 -0
  18. data/ext/xmlsig/TrustVerifier.h +174 -0
  19. data/ext/xmlsig/Verifier.cpp +677 -0
  20. data/ext/xmlsig/Verifier.h +313 -0
  21. data/ext/xmlsig/X509Certificate.cpp +362 -0
  22. data/ext/xmlsig/X509Certificate.h +146 -0
  23. data/ext/xmlsig/XPath.cpp +173 -0
  24. data/ext/xmlsig/XPath.h +156 -0
  25. data/ext/xmlsig/XPathCtx.h +68 -0
  26. data/ext/xmlsig/XmlCharBuf.h +60 -0
  27. data/ext/xmlsig/XmlDoc.cpp +278 -0
  28. data/ext/xmlsig/XmlDoc.h +157 -0
  29. data/ext/xmlsig/XmlElement.cpp +151 -0
  30. data/ext/xmlsig/XmlElement.h +134 -0
  31. data/ext/xmlsig/countptr.h +260 -0
  32. data/ext/xmlsig/extconf.rb +58 -0
  33. data/ext/xmlsig/runtests.rb +23 -0
  34. data/ext/xmlsig/swig/countptr.i +27 -0
  35. data/ext/xmlsig/swig/exceptions.i +79 -0
  36. data/ext/xmlsig/swig/ruby.i +17 -0
  37. data/ext/xmlsig/swig/xmlsig.i +405 -0
  38. data/ext/xmlsig/t/tc_cert.rb +34 -0
  39. data/ext/xmlsig/t/tc_interface.rb +158 -0
  40. data/ext/xmlsig/t/tc_signer.rb +501 -0
  41. data/ext/xmlsig/t/tc_tsik.rb +490 -0
  42. data/ext/xmlsig/t/tc_verifier.rb +151 -0
  43. data/ext/xmlsig/t/tsik_interop/sign.rb +48 -0
  44. data/ext/xmlsig/t/tsik_interop/verify.rb +31 -0
  45. data/ext/xmlsig/t/tsik_interop/verify_own.rb +46 -0
  46. data/ext/xmlsig/xmlsig.cpp +13363 -0
  47. data/lib/xmlsig.rb +1 -0
  48. metadata +113 -0
@@ -0,0 +1,490 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # (C) Copyright 2006 VeriSign, Inc.
4
+ # Developed by Sxip Identity
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License")
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+
18
+ require 'test/unit'
19
+ require 'xmlsig'
20
+
21
+ class TC_TSIK < Test::Unit::TestCase
22
+
23
+
24
+ # def setup
25
+ # end
26
+
27
+ # def teardown
28
+ # end
29
+
30
+ def resdir
31
+ return 't/res/tsik_tcport/'
32
+ end
33
+
34
+ def publicKey
35
+ key = Xmlsig::Key.new
36
+ assert_equal(0, key.loadFromFile(resdir() + 'mypub.pem', 'pem', ''), "loadFromFile of a key")
37
+ assert_equal(1, key.isValid(), "isValid key")
38
+ return key
39
+ end
40
+
41
+ def privateKey
42
+ key = Xmlsig::Key.new
43
+ assert_equal(0, key.loadFromFile(resdir() + 'mypriv.pem', 'pem', ''), "loadFromFile of a key")
44
+ assert_equal(1, key.isValid(), "isValid key")
45
+ key.setName("")
46
+ return key
47
+ end
48
+
49
+ def loadDoc(filename)
50
+ doc = Xmlsig::XmlDoc.new
51
+ fullfilename = resdir() + filename
52
+ assert_equal(0, doc.loadFromFile(fullfilename), "loadFromFile of a XmlDoc")
53
+ return doc
54
+ end
55
+
56
+ def sign1(inFileName, privateKey, publicKey, cert)
57
+ doc = loadDoc(inFileName)
58
+ if (cert != NIL)
59
+ signer = Xmlsig::Signer.new(doc, privateKey)
60
+ signer.addCertFromFile(cert, 'pem')
61
+ return signer
62
+ elsif (publicKey != NIL)
63
+ return Xmlsig::Signer.new(doc, privateKey, publicKey)
64
+ else
65
+ return Xmlsig::Signer.new(doc, privateKey)
66
+ end
67
+ end
68
+
69
+ def sign2(signer, type, outFileName)
70
+ if (type == "")
71
+ d = signer.sign()
72
+ else
73
+ d = signer.sign(Xmlsig::XPath.new(type))
74
+ if (outFileName != NIL)
75
+ d.toFile(outFileName)
76
+ end
77
+ end
78
+ return d
79
+ end
80
+
81
+ def verify(inDoc, signatureLocation, publicKey, mustHavePublicKey, mustHaveCert)
82
+ xpath = Xmlsig::XPath.new(signatureLocation)
83
+ xpath.addNamespace("ds", "http://www.w3.org/2000/09/xmldsig#")
84
+ xpath.addNamespace("s2", "http://ns.s2ml.org/s2ml")
85
+ xpath.addNamespace("SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/")
86
+ xpath.addNamespace("EMS", "http://ems.verisign.com/2001/05/ems-s2ml#")
87
+
88
+ verifier = Xmlsig::Verifier.new(inDoc, xpath)
89
+ pubKey = publicKey
90
+ if (mustHavePublicKey)
91
+ pubKey = verifier.getVerifyingKey()
92
+ if (pubKey == NIL)
93
+ print("Cannot find public key")
94
+ return 0
95
+ end
96
+ end
97
+ if (mustHaveCert)
98
+ cert = verifier.getCertificate()
99
+ if (cert == NIL)
100
+ print("Cannot find certificate")
101
+ return 0
102
+ end
103
+ end
104
+ verified = 0
105
+ verified = verifier.verify(pubKey) == 1
106
+ return verified
107
+ end
108
+
109
+ ### Port of the TSIK org.apache.tsik.xmlsig.test.XmlSigTest class
110
+ ###
111
+
112
+ def test_SignInPlace
113
+ ### TSIK XmlSigTest.testSignInPlace
114
+ # Load document
115
+ doc = loadDoc("SomeTest.xml")
116
+
117
+ # Sign document
118
+ signer = Xmlsig::Signer.new(doc, privateKey(), publicKey())
119
+ xpath = Xmlsig::XPath.new('/')
120
+ assert_equal(0, signer.signInPlace(xpath), "signInPlace")
121
+
122
+ # Verify document
123
+ xpath = Xmlsig::XPath.new('//ds:Signature')
124
+ xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
125
+ v = Xmlsig::Verifier.new(doc, xpath)
126
+ assert_equal(1, v.verify(publicKey()), "Verify")
127
+ end
128
+
129
+ def test_SignInPlace2
130
+ ### TSIK XmlSigTest.testSignInPlace2
131
+ # Load document
132
+ doc = loadDoc("Test2.xml")
133
+
134
+ # Sign document
135
+ signer = Xmlsig::Signer.new(doc, privateKey(), publicKey())
136
+ xpath = Xmlsig::XPath.new('/test/test2')
137
+ assert_equal(0, signer.signInPlace(xpath, 1), "signInPlace")
138
+
139
+ # Verify document
140
+ xpath = Xmlsig::XPath.new('//ds:Signature')
141
+ xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
142
+ v = Xmlsig::Verifier.new(doc, xpath)
143
+ assert_equal(1, v.verify(publicKey()), "Verify")
144
+ end
145
+
146
+ def test_SignInPlaceEnveloping
147
+ ### TSIK XmlSigTest.testSignInPlaceEnveloping
148
+ # Load document
149
+ doc = loadDoc("Test2.xml")
150
+
151
+ # Sign document
152
+ signer = Xmlsig::Signer.new(doc, privateKey(), publicKey())
153
+ assert_equal(0, signer.signInPlace(), "signInPlace")
154
+
155
+ # Verify document
156
+ xpath = Xmlsig::XPath.new('//ds:Signature')
157
+ xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
158
+ v = Xmlsig::Verifier.new(doc, xpath)
159
+ assert_equal(1, v.verify(publicKey()), "Verify")
160
+ end
161
+
162
+ def test_VerifyingKeyWithCerts
163
+ ### TSIK XmlSigTest.testVerifyingKeyWithCerts
164
+ doc = loadDoc('in.xml')
165
+ cert = Xmlsig::X509Certificate.new
166
+ if (cert.loadFromFile(resdir() + 'mycert.x509', 'cert_pem') < 0)
167
+ raise "IOException - Couldn't load 'mycert.x509'"
168
+ end
169
+ verifyingKey = cert.getKey()
170
+ # Sign document
171
+ signer = Xmlsig::Signer.new(doc, privateKey(), verifyingKey)
172
+ xpath = Xmlsig::XPath.new('/')
173
+ d = signer.sign(xpath)
174
+
175
+ # Verify document
176
+ xpath = Xmlsig::XPath.new('//ds:Signature')
177
+ xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
178
+ v = Xmlsig::Verifier.new(d, xpath)
179
+ v.setKeyStore(Xmlsig::KeyStore.new)
180
+ assert_equal(1, v.verify(publicKey()), "Verify")
181
+ assert_equal(1, v.verify(), "Verify")
182
+ end
183
+
184
+ def test_SigningAndVerifyingKey
185
+ ### TSIK XmlSigTest.testSigningAndVerifyingKey
186
+ doc = loadDoc('in.xml')
187
+ # Sign document
188
+ signer = Xmlsig::Signer.new(doc, privateKey(), publicKey())
189
+ xpath = Xmlsig::XPath.new('/books')
190
+ signer.attachPublicKey(1)
191
+ d = signer.sign(xpath)
192
+ # Verify document
193
+ xpath = Xmlsig::XPath.new('//ds:Signature')
194
+ xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
195
+ v = Xmlsig::Verifier.new(d, xpath)
196
+ assert_equal(1, v.verify(publicKey()), "Verify")
197
+ assert_equal(1, v.verify(), "Verify")
198
+ end
199
+
200
+ def test_CertOnly
201
+ ### TSIK XmlSigTest.testCertOnly
202
+ doc = loadDoc('testCertOnly_in.xml')
203
+ xpath = Xmlsig::XPath.new('//ds:Signature')
204
+ xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
205
+ v = Xmlsig::Verifier.new(doc, xpath)
206
+ assert_equal(1, v.verify(), "Verify")
207
+ end
208
+
209
+ def test_Hmac
210
+ ### TSIK XmlSigTest.testHmac
211
+ doc = loadDoc('in.xml')
212
+ sigKey = Xmlsig::Key.new
213
+ sigKey.loadHMACFromString('ab')
214
+ signer = Xmlsig::Signer.new(doc, sigKey)
215
+ xpath = Xmlsig::XPath.new('/')
216
+ d = signer.sign(xpath)
217
+ xpath = Xmlsig::XPath.new('//ds:Signature')
218
+ xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
219
+ v = Xmlsig::Verifier.new(d, xpath)
220
+ verKey = Xmlsig::Key.new
221
+ verKey.loadHMACFromString('ab')
222
+ assert_equal(1, v.verify(verKey), "Verify")
223
+ verKey.loadHMACFromString('bb')
224
+ assert_equal(0, v.verify(verKey), "Verify")
225
+ end
226
+
227
+ def test_EmptyNamespace
228
+ ### TSIK XmlSigTest.testEmptyNamespace
229
+ # original testEmptyNamespace.xml was
230
+ # <elem xmlns="default namespace"/>
231
+ # changed to
232
+ # <elem xmlns="http://default/namespace"/>
233
+ # because the former was being flagged by the libxml2 parser as
234
+ # having an invalid URI
235
+ signer = sign1('testEmptyNamespace.xml', privateKey(), publicKey(), NIL)
236
+ doc = sign2(signer, '/', NIL)
237
+ assert_equal(false, doc.nil?)
238
+ assert_equal(true, verify(doc, '//ds:Signature', publicKey(), 0, 0), "Verify")
239
+ end
240
+
241
+ def test_Stele
242
+ ### TSIK XmlSigTest.testStele
243
+ signer = sign1('testStele.xml', privateKey(), publicKey(), NIL)
244
+ xpath = Xmlsig::XPath.new("/SOAP-ENV:Envelope/SOAP-ENV:Body")
245
+ xpath.addNamespace("SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/")
246
+ signer.addReference(xpath)
247
+ doc = sign2(signer, '/', NIL)
248
+ assert_equal(false, doc.nil?)
249
+ assert_equal(true, verify(doc, '//ds:Signature', publicKey(), 0, 0), "Verify")
250
+ end
251
+
252
+ def test_Cert
253
+ ### TSIK XmlSigTest.testCert
254
+ signer = sign1('in.xml', privateKey(), NIL, resdir() + 'mycert.x509')
255
+ signer.attachPublicKey(1)
256
+ assert_equal(false, signer.nil?)
257
+ doc = sign2(signer, '/', NIL)
258
+ assert_equal(false, doc.nil?)
259
+ sigLoc = '/books/ds:Signature'
260
+
261
+ assert_equal(true, verify(doc, sigLoc, publicKey(), 0, 0), "Verify")
262
+ assert_equal(true, verify(doc, sigLoc, NIL, 1, 0), "Verify")
263
+ assert_equal(true, verify(doc, sigLoc, NIL, 1, 1), "Verify")
264
+ xpath = Xmlsig::XPath.new(sigLoc)
265
+ xpath.addNamespace("ds", "http://www.w3.org/2000/09/xmldsig#")
266
+ verifier = Xmlsig::Verifier.new(doc, xpath)
267
+ l = verifier.getCertificateChain()
268
+ assert_equal(1, l.length, "Chain length")
269
+ end
270
+
271
+ def test_MultipleCert
272
+ ### TSIK XmlSigTest.testMultipleCert
273
+ cert = Xmlsig::X509Certificate.new
274
+ if (cert.loadFromFile(resdir() + 'mycert.x509', 'cert_pem') < 0)
275
+ raise "IOException - Couldn't load 'mycert.x509'"
276
+ end
277
+ verifyingKey = cert.getKey()
278
+ doc = loadDoc('in.xml')
279
+ signer = Xmlsig::Signer.new(doc, privateKey(), verifyingKey)
280
+ signer.attachPublicKey(1)
281
+ signer.addReference(Xmlsig::XPath.new("/books/book[2]"))
282
+ d = signer.sign(Xmlsig::XPath.new("/books/book[1]"))
283
+ assert_equal(false, d.nil?)
284
+ sigLoc = '//ds:Signature'
285
+
286
+ assert_equal(true, verify(d, sigLoc, publicKey(), 0, 0), "Verify")
287
+ assert_equal(true, verify(d, sigLoc, NIL, 1, 0), "Verify")
288
+ assert_equal(true, verify(d, sigLoc, NIL, 1, 1), "Verify")
289
+ xpath = Xmlsig::XPath.new(sigLoc)
290
+ xpath.addNamespace("ds", "http://www.w3.org/2000/09/xmldsig#")
291
+ verifier = Xmlsig::Verifier.new(d, xpath)
292
+ l = verifier.getCertificateChain()
293
+ assert_equal(1, l.length, "Chain length")
294
+ end
295
+
296
+ def test_Enveloped
297
+ ### TSIK XmlSigTest.testEnveloped
298
+ signer = sign1('in.xml', privateKey(), publicKey(), NIL)
299
+ doc = sign2(signer, '/', NIL)
300
+ assert_equal(false, doc.nil?)
301
+ assert_equal(true, verify(doc, '/books/ds:Signature', publicKey(), 0, 0), "Verify")
302
+ end
303
+
304
+ def test_Enveloping
305
+ ### TSIK XmlSigTest.testEnveloping
306
+ signer = sign1('in.xml', privateKey(), publicKey(), NIL)
307
+ doc = sign2(signer, '', NIL)
308
+ assert_equal(false, doc.nil?)
309
+ assert_equal(true, verify(doc, '/ds:Signature', publicKey(), 0, 0), "Verify")
310
+ assert_equal(true, verify(doc, '/ds:Signature', NIL, 1, 0), "Verify")
311
+ end
312
+
313
+ def test_Detached
314
+ ### TSIK XmlSigTest.testDetached
315
+ signer = sign1('in.xml', privateKey(), publicKey(), NIL)
316
+ doc = sign2(signer, '/books/book[1]', NIL)
317
+ assert_equal(false, doc.nil?)
318
+ assert_equal(true, verify(doc, '/books/book[1]/ds:Signature', publicKey(), 0, 0), "Verify")
319
+ assert_equal(true, verify(doc, '/books/book[1]/ds:Signature', NIL, 1, 0), "Verify")
320
+ end
321
+
322
+ def test_MultipleRefsDetached
323
+ ### TSIK XmlSigTest.testMultipleRefsDetached
324
+ signer = sign1('in.xml', privateKey(), publicKey(), NIL)
325
+
326
+ for expr in ['/', '/books', '/books/book[2]', '/books/book[1]',
327
+ "/books/book[@name='Professional XML']"]
328
+ xpath = Xmlsig::XPath.new(expr)
329
+ signer.addReference(xpath)
330
+ end
331
+
332
+ doc = sign2(signer, '/books/book[1]', NIL)
333
+ assert_equal(false, doc.nil?)
334
+ assert_equal(true, verify(doc, '/books/book[1]/ds:Signature', publicKey(), 0, 0), "Verify")
335
+ assert_equal(true, verify(doc, '/books/book[1]/ds:Signature', NIL, 1, 0), "Verify")
336
+ end
337
+
338
+ def test_BadXPath1
339
+ ### TSIK XmlSigTest.testBadXPath1
340
+ signer = sign1('in.xml', privateKey(), publicKey(), NIL)
341
+ xpath = Xmlsig::XPath.new('bad xpath')
342
+ signer.addReference(xpath)
343
+ d = sign2(signer, '/', NIL)
344
+ rescue
345
+ assert_equal(true, d.nil?)
346
+ end
347
+
348
+ def test_BadXPath2
349
+ ### TSIK XmlSigTest.testBadXPath2
350
+ signer = sign1('in.xml', privateKey(), publicKey(), NIL)
351
+ xpath = Xmlsig::XPath.new('here()')
352
+ signer.addReference(xpath)
353
+ d = sign2(signer, '/', NIL)
354
+ rescue
355
+ assert_equal(true, d.nil?)
356
+ end
357
+
358
+ def test_MultipleSignatures
359
+ ### TSIK XmlSigTest.testMultipleSignatures
360
+ signer = sign1('in.xml', privateKey(), publicKey(), NIL)
361
+ signer.addReference(Xmlsig::XPath.new('/books/book[2]'))
362
+ doc = signer.sign(Xmlsig::XPath.new('/books/book[1]'), 1)
363
+ assert_equal(false, doc.nil?)
364
+ signer = Xmlsig::Signer.new(doc, privateKey(), publicKey())
365
+ # TSIK uses /books/ds:Signature for this reference, which
366
+ # matches multiple Signature elements. This causes problems
367
+ # because a Signature should not refer to itself, so we've
368
+ # changed it to refer to the first Signature only which was
369
+ # presumably the intent. (modified TSIK output reference xml)
370
+ xpath = Xmlsig::XPath.new('/books/ds:Signature[1]')
371
+ xpath.addNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#')
372
+ signer.addReference(xpath)
373
+ doc = signer.sign(Xmlsig::XPath.new('/books/book[2]'), 1)
374
+ assert_equal(false, doc.nil?)
375
+ sigLoc1 = '/books/ds:Signature[1]'
376
+ sigLoc2 = '/books/ds:Signature[2]'
377
+ assert_equal(true, verify(doc, sigLoc1, publicKey(), 0, 0), "Verify")
378
+ assert_equal(true, verify(doc, sigLoc2, publicKey(), 0, 0), "Verify")
379
+ assert_equal(true, verify(doc, sigLoc1, NIL, 1, 0), "Verify")
380
+ assert_equal(true, verify(doc, sigLoc2, NIL, 1, 0), "Verify")
381
+ end
382
+
383
+ def test_MerlinEnvelopedDsa
384
+ ### TSIK XmlSigTest.testMerlinEnvelopedDsa
385
+ doc = loadDoc("merlin-xmldsig-fifteen/signature-enveloped-dsa.xml")
386
+ assert_equal(true, verify(doc, '//ds:Signature', NIL, 1, 0), "Verify")
387
+ end
388
+
389
+ def test_MerlinEnvelopingDsa
390
+ ### TSIK XmlSigTest.testMerlinEnvelopingDsa
391
+ doc = loadDoc("merlin-xmldsig-fifteen/signature-enveloping-dsa.xml")
392
+ assert_equal(true, verify(doc, '//ds:Signature', NIL, 1, 0), "Verify")
393
+ end
394
+
395
+ def test_MerlinEnvelopingBase64Dsa
396
+ ### TSIK XmlSigTest.testMerlinEnvelopingBase64Dsa
397
+ doc = loadDoc("merlin-xmldsig-fifteen/signature-enveloping-b64-dsa.xml")
398
+ assert_equal(true, verify(doc, '//ds:Signature', NIL, 1, 0), "Verify")
399
+ end
400
+
401
+ ### Port of the TSIK org.apache.tsik.xmlsig.test.XmlSigTestExcC14n class
402
+ ###
403
+
404
+ def test_EmptyList
405
+ ### TSIK XmlSigTestExcC14n.testEmptyList
406
+ s = sign1('testStele.xml', privateKey(), publicKey(), NIL)
407
+ s.useExclusiveCanonicalizer('')
408
+ xp = Xmlsig::XPath.new("//*[@Id='ID1']")
409
+ # Unused in TSIK, if we leave this out our Reference URIs match
410
+ #xp.addNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/")
411
+ s.addReference(xp)
412
+ doc = sign2(s, '/', NIL)
413
+ assert_equal(false, doc.nil?)
414
+ assert_equal(true, verify(doc, '//ds:Signature', publicKey(), 0, 0), "Verify")
415
+ assert_equal(true, verify(doc, '//ds:Signature', NIL, 1, 0), "Verify")
416
+ end
417
+
418
+ ### Port of the TSIK org.apache.tsik.xmlsig.test.XmlSigTestDigsig class
419
+ ###
420
+
421
+ def test_XPath
422
+ ### TSIK XmlSigTestDigsig.testXPath
423
+ doc = loadDoc("digsig-ratified/xpath_out.xml")
424
+ sigLoc = "//ds:Signature"
425
+ assert_equal(true, verify(doc, sigLoc, NIL, 1, 0), "Verify")
426
+ end
427
+
428
+ def test_XPointer
429
+ ### TSIK XmlSigTestDigsig.testXPointer
430
+ doc = loadDoc("digsig-ratified/xpointer_out.xml")
431
+ # Id attribute must be set, see
432
+ # http://www.aleksey.com/xmlsec/faq.html#section_3_2
433
+ doc.addIdAttr('Id', 'elem', '')
434
+ sigLoc = "//ds:Signature"
435
+ assert_equal(true, verify(doc, sigLoc, NIL, 1, 0), "Verify")
436
+ end
437
+
438
+ def test_XPathEnveloped
439
+ ### TSIK XmlSigTestDigsig.testXPathEnveloped
440
+ doc = loadDoc("digsig-ratified/envelopedsignature_out.xml")
441
+ # Id attribute must be set, see
442
+ # http://www.aleksey.com/xmlsec/faq.html#section_3_2
443
+ doc.addIdAttr('Id', 'RegisterResult', 'http://www.xkms.org/schema/xkms-2001-01-20')
444
+ sigLoc = "//ds:Signature"
445
+ assert_equal(true, verify(doc, sigLoc, NIL, 1, 0), "Verify")
446
+ end
447
+
448
+ def test_Merlin2
449
+ ### TSIK XmlSigTestDigsig.testMerlin2
450
+ doc = loadDoc("merlin-xmldsig-fifteen/signature-enveloping-rsa.xml")
451
+ sigLoc = "//ds:Signature"
452
+ assert_equal(true, verify(doc, sigLoc, NIL, 1, 0), "Verify")
453
+ end
454
+
455
+
456
+ ### Port of the TSIK org.apache.tsik.xmlsig.test.XmlSigTestMerlin23 class
457
+ ###
458
+
459
+ def HMACKey
460
+ key = Xmlsig::Key.new
461
+ key.loadHMACFromString('secret')
462
+ return key
463
+ end
464
+
465
+ def test_Merlin23
466
+ ### TSIK XmlSigTestMerlin23
467
+ xpath = Xmlsig::XPath.new("//ds:Signature")
468
+ xpath.addNamespace("ds", "http://www.w3.org/2000/09/xmldsig#")
469
+ for res in ['signature-enveloped-dsa',
470
+ 'signature-enveloping-b64-dsa',
471
+ 'signature-enveloping-rsa',
472
+ 'signature-external-b64-dsa',
473
+ 'signature-external-dsa',
474
+ 'signature-x509-crt-crl',
475
+ 'signature-x509-crt',
476
+ 'signature-enveloping-hmac-sha1']
477
+ fullfilename = resdir() + "merlin-xmldsig-twenty-three/" + res + ".xml"
478
+ doc = Xmlsig::XmlDoc.new
479
+ if doc.loadFromFile(fullfilename) < 0
480
+ raise "IOError - Couldn't open XML file " + fullfilename
481
+ end
482
+ verifier = Xmlsig::Verifier.new(doc, xpath)
483
+ if res == 'signature-enveloping-hmac-sha1'
484
+ assert_equal(1, verifier.verify(HMACKey()), "Verify Merlin32")
485
+ else
486
+ assert_equal(1, verifier.verify(), "Verify Merlin32")
487
+ end
488
+ end
489
+ end
490
+ end
@@ -0,0 +1,151 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # (C) Copyright 2006 VeriSign, Inc.
4
+ # Developed by Sxip Identity
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+
18
+ require 'test/unit'
19
+ require 'xmlsig'
20
+
21
+ class TC_Verifier < Test::Unit::TestCase
22
+ # def setup
23
+ # end
24
+
25
+ # def teardown
26
+ # end
27
+
28
+ def test_basics
29
+ x = Xmlsig::XmlDoc.new
30
+ xml = <<-XML
31
+ <?xml version="1.0" encoding="UTF-8"?>
32
+ <sxip:envelope xmlns:foo="http://sxip.com/xml-dsig/test/foo#" xmlns:sxip="http://sxip.com/xml-dsig/test#" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><sxip:header><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#xpointer(/sxip:envelope/sxip:body/foo:morestuff)"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>NuSUptSOayIh51kdIONXjFeYxMQ=</ds:DigestValue></ds:Reference><ds:Reference URI="#xpointer(/sxip:envelope/sxip:body/sxip:evenMoreSxipStuff)"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>oT0HFNUy26Iea8HBnXsz0+IzPU4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>V64bOOa8ve14Qg0LYETMrV+Eby3go3AAjPgMMwM1swegZKiFYUntin14M7o8v6/TlNMFPlBx
33
+ x7vajc6AgVGshLkkvsrzKWktNqcya1k1YGqswxNIPdFsscMRzileSc+Dx61JuXm9Yw2PPl+0
34
+ aSmaxeKlrWjo9NOHLdHcmskCTPzqk20glB5SIYIspCnktCnCo1cj6xksOXi6G+ueEk8AVWnR
35
+ p07UIPgjWftXtWTDLJNxuhWOHUkpyBcMhCZjbNALq7wIm/pebMPC3gHFWaA8jIz+IIuRzwwj
36
+ ik7w/bp7Y81PYQyQGgFXuTs45x+twx4u7BX/RTpfGthpU/Ph3j0EtA==</ds:SignatureValue><ds:KeyInfo><ds:KeyName>Public key of certificate</ds:KeyName><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>oGgoDlqu7bl/TsvRjQs7JnocBR6/Sf8YNSzEc84/4JKiWK/X/3/VALmp8IXazpXSkGbRMqQY
37
+ nz9NVirxB6tB7z5p6yCh1oNLglH/vNDLi314RtAy0AU799EcQOJa8ybJR4phLK6uy1IxcBrd
38
+ AO2TAh/5QfYTUDsgAmH+FxWOJbwRd76u4+8RCqOFnEbHiKUBA1/N5C6H78+o3fIjfEApSADy
39
+ pVegB9UY5rkzPVLCTgKcQb7SOp5WHVteD3IzP0HSB0YsP3Pie9bwVyAzfoh1iq5Enoqnx4eV
40
+ APjOAWDf9WqoiBfxmwjqAHTWclDBYw2TOg+e3Lb03rqsKr60imT2uQ==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><ds:X509Data><ds:X509Certificate>MIIDATCCAemgAwIBAgIGAQoqb98SMA0GCSqGSIb3DQEBCwUAMEExEzARBgoJkiaJk/IsZAEZ
41
+ EwNjb20xFDASBgoJkiaJk/IsZAEZEwRzeGlwMRQwEgYDVQQDEwtJc3N1ZXIgTmFtZTAeFw0w
42
+ NjAzMjQwNDA3NTVaFw0yMDAxMDEwODAwMDBaMEIxEzARBgoJkiaJk/IsZAEZEwNjb20xFDAS
43
+ BgoJkiaJk/IsZAEZEwRzeGlwMRUwEwYDVQQDEwxTdWJqZWN0IE5hbWUwggEiMA0GCSqGSIb3
44
+ DQEBAQUAA4IBDwAwggEKAoIBAQCgaCgOWq7tuX9Oy9GNCzsmehwFHr9J/xg1LMRzzj/gkqJY
45
+ r9f/f9UAuanwhdrOldKQZtEypBifP01WKvEHq0HvPmnrIKHWg0uCUf+80MuLfXhG0DLQBTv3
46
+ 0RxA4lrzJslHimEsrq7LUjFwGt0A7ZMCH/lB9hNQOyACYf4XFY4lvBF3vq7j7xEKo4WcRseI
47
+ pQEDX83kLofvz6jd8iN8QClIAPKlV6AH1RjmuTM9UsJOApxBvtI6nlYdW14PcjM/QdIHRiw/
48
+ c+J71vBXIDN+iHWKrkSeiqfHh5UA+M4BYN/1aqiIF/GbCOoAdNZyUMFjDZM6D57ctvTeuqwq
49
+ vrSKZPa5AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAArJTw0B6ZXSqs0oxFkgu5UAws0xdi/8
50
+ fuQCYMcV1e1Y8VXYVrmJQv8oaft/iSueyc7QmhOgUpXbqB+ApYhS3Hrk2F5EQthEIFGTWG1K
51
+ uxQno0OriMvRTn880SNo5wnl/UeKkp6OwAYGrsVZnxZ1cij+5EVWB8eBXN5OZPbktc/tAuj9
52
+ gS3CaEtoO7KQKZjGugwSMBGZwhiECaSn9jb4MotovtZCo5Qp8FJyeYWTgw2S+/HDc5Ot4i2b
53
+ pa/U87KGxffQASJcj05ij7HgHnAznvFBuFamNQo2s2sdXTIEKQpJ9804oSGdrdq7VuAOMnXN
54
+ uswvjAEdbUfaEBzym0OMghY=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></sxip:header><sxip:body id="Body"><foo:morestuff>Here is more stuff!</foo:morestuff><foo:evenMoreStuff>Here is more stuff!</foo:evenMoreStuff><sxip:evenMoreSxipStuff>Here is more stuff!</sxip:evenMoreSxipStuff></sxip:body></sxip:envelope>
55
+ XML
56
+ if x.loadFromString(xml) == -1
57
+ raise "failed to create XML document"
58
+ end
59
+ xp = Xmlsig::XPath.new()
60
+ xp.addNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#')
61
+ xp.setXPath('/descendant::ds:Signature[position()=1]')
62
+ v = Xmlsig::Verifier.new(x,xp)
63
+ rc = v.verify
64
+ assert_equal(1,rc,"verify document with namespace using xpath")
65
+ end
66
+
67
+ def test_plain_key
68
+ x = Xmlsig::XmlDoc.new
69
+ xml = <<-XML
70
+ <?xml version="1.0" encoding="UTF-8"?>
71
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
72
+ <SignedInfo>
73
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
74
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
75
+ <Reference URI="#object">
76
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
77
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
78
+ </Reference>
79
+ </SignedInfo>
80
+ <SignatureValue>BMGn3ftGz476A4ZyCOTf1X2GZ/yMK/o5J3kTg8WSh+56cgLRCQiOrA==</SignatureValue>
81
+ <KeyInfo>
82
+ <KeyValue>
83
+ <DSAKeyValue>
84
+ <P>
85
+ mTNzLdDnUE8esvAOW+m5/GR+2xAuv/5XHRuGP216C1Lh0ofU2978HuCIZgu29ggW
86
+ d6nYkRAhpprnw0MvnwQynyvZMs51YyHbSHFIb3eefyg14+Y4/003LrhOQwaPkptA
87
+ iUHohW9w7dhqRxKgDbD9T3yYiWr066v02u0jZhMCX/0=
88
+ </P>
89
+ <Q>
90
+ vMMOrPdYTfgRjIwMxAGrvGqpxZM=
91
+ </Q>
92
+ <G>
93
+ kAzI1xXPJ1Qd9V/OKNWuKliEvAWpPcPrshOPajErPXhG2qT15c+oP/CxauG+96RV
94
+ qoArUoluexWjySPm6SAZNr+hHQrE/OnV0IIgsiRlUJqxLNNEI6wn6G6FOw6ymUay
95
+ RCLAha5VDyoeQ90XA2QdZ7EDXhmom+q6ZjGAsn4dtNk=
96
+ </G>
97
+ <Y>
98
+ bmInlV3nwDyJ/8vck3jOYj3bB2c6gXrvdKQlxNsUvxy5rVfGY7DY+N/5Q4v6S8Q3
99
+ Cy6+GgMWIKjnolIpFt8khUUmwV0SNDcgLwsrnEMrZ0kQlMybFBaWqbuTk0FC+ORK
100
+ giAQbEuMveocyjZPdHNAHJmDe87nn1nbmBlPpxLQwTg=
101
+ </Y>
102
+ </DSAKeyValue>
103
+ </KeyValue>
104
+ </KeyInfo>
105
+ <Object Id="object">some text</Object>
106
+ </Signature>
107
+ XML
108
+ if x.loadFromString(xml) == -1
109
+ raise "failed to create XML document"
110
+ end
111
+ v = Xmlsig::Verifier.new(x)
112
+ rc = v.verify
113
+ assert_equal(1,rc,"verify document containing plain key")
114
+ end
115
+
116
+ def test_bad_input
117
+ xml = <<-XML
118
+ <?xml version="1.0" encoding="UTF-8"?>
119
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
120
+ <SignedInfo>
121
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
122
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
123
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
124
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
125
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
126
+ </Reference>
127
+ </SignedInfo>
128
+ <SignatureValue>
129
+ MUOjiqG0dbjvR6+qYYPL85nKSt2FeZGQBQkYudv48KyJhJLG1Bp+bA==
130
+ </SignatureValue>
131
+ <KeyInfo>
132
+ <X509Data>
133
+ <X509SubjectName>
134
+ CN=Badb,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
135
+ </X509SubjectName>
136
+ </X509Data>
137
+ </KeyInfo>
138
+ </Signature>
139
+ XML
140
+ x = Xmlsig::XmlDoc.new
141
+ x.loadFromString(xml)
142
+ ks = Xmlsig::KeyStore.new
143
+ ks.addTrustedCertFromFile('t/keys/ca.pem', 'pem')
144
+ ks.addTrustedCertFromFile('t/keys/badb.pem', 'pem')
145
+ ks.addKeyFromFile('t/keys/badb.pem', 'cert_pem', '')
146
+ v = Xmlsig::Verifier.new(x)
147
+ v.setKeyStore(ks)
148
+ assert_equal(1,v.verify, "should work")
149
+ end
150
+ end
151
+
@@ -0,0 +1,48 @@
1
+ #!/usr/bin/env ruby
2
+ require 'xmlsig'
3
+
4
+ in_path = '../res/tsik/in/'
5
+ key_path = '../res/tsik/keys/'
6
+ out_path = '../'
7
+
8
+ x = Xmlsig::XmlDoc.new
9
+ x.loadFromFile(in_path + "in.xml")
10
+ k = Xmlsig::Key.new
11
+ k.loadFromFile(key_path + 'alice.pfx','pkcs12','password')
12
+ s = Xmlsig::Signer.new(x,k)
13
+ s.signInPlace()
14
+ x.toFile(out_path + "out_1.xml")
15
+
16
+
17
+
18
+ x = Xmlsig::XmlDoc.new
19
+ x.loadFromFile(in_path + "in.xml")
20
+ k = Xmlsig::Key.new
21
+ k.loadFromFile(key_path + 'alice.pfx','pkcs12','password')
22
+ s = Xmlsig::Signer.new(x,k)
23
+ s.addCertFromFile(key_path + 'Alice.cer', 'cert_der')
24
+ xp = Xmlsig::XPath.new()
25
+ xp.addNamespace('cert', 'http://example.com/cert')
26
+ xp.setXPath('/cert:cert')
27
+ x = s.sign(xp)
28
+ x.toFile(out_path + "out_2.xml")
29
+
30
+
31
+
32
+ x = Xmlsig::XmlDoc.new
33
+ x.loadFromFile(in_path + "in.xml")
34
+ k = Xmlsig::Key.new
35
+ k.loadFromFile(key_path + 'alice.pfx','pkcs12','password')
36
+
37
+ pk = Xmlsig::Key.new
38
+ pk.loadFromFile(key_path + 'Alice.cer', 'cert_der', '')
39
+
40
+ s = Xmlsig::Signer.new(x,k,pk)
41
+ xp = Xmlsig::XPath.new()
42
+ xp.addNamespace('cert', 'http://example.com/cert')
43
+ xp.setXPath('/cert:cert')
44
+ x = s.sign(xp)
45
+ x.toFile(out_path + "out_3.xml")
46
+
47
+
48
+