RubyGems - xmlsig - Versions diffs - 0.0.1 - Mend

xmlsig 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

data/README.rdoc +0 -0
data/ext/xmlsig/BioWrap.h +98 -0
data/ext/xmlsig/DSig.cpp +109 -0
data/ext/xmlsig/DSig.h +81 -0
data/ext/xmlsig/DSigCtx.h +72 -0
data/ext/xmlsig/Exceptions.cpp +151 -0
data/ext/xmlsig/Exceptions.h +214 -0
data/ext/xmlsig/Key.cpp +582 -0
data/ext/xmlsig/Key.h +338 -0
data/ext/xmlsig/KeyInfoCtx.h +67 -0
data/ext/xmlsig/KeyStore.cpp +180 -0
data/ext/xmlsig/KeyStore.h +157 -0
data/ext/xmlsig/KeysMngrWrap.h +62 -0
data/ext/xmlsig/NodeSet.h +60 -0
data/ext/xmlsig/Signer.cpp +691 -0
data/ext/xmlsig/Signer.h +373 -0
data/ext/xmlsig/TrustVerifier.cpp +145 -0
data/ext/xmlsig/TrustVerifier.h +174 -0
data/ext/xmlsig/Verifier.cpp +677 -0
data/ext/xmlsig/Verifier.h +313 -0
data/ext/xmlsig/X509Certificate.cpp +362 -0
data/ext/xmlsig/X509Certificate.h +146 -0
data/ext/xmlsig/XPath.cpp +173 -0
data/ext/xmlsig/XPath.h +156 -0
data/ext/xmlsig/XPathCtx.h +68 -0
data/ext/xmlsig/XmlCharBuf.h +60 -0
data/ext/xmlsig/XmlDoc.cpp +278 -0
data/ext/xmlsig/XmlDoc.h +157 -0
data/ext/xmlsig/XmlElement.cpp +151 -0
data/ext/xmlsig/XmlElement.h +134 -0
data/ext/xmlsig/countptr.h +260 -0
data/ext/xmlsig/extconf.rb +58 -0
data/ext/xmlsig/runtests.rb +23 -0
data/ext/xmlsig/swig/countptr.i +27 -0
data/ext/xmlsig/swig/exceptions.i +79 -0
data/ext/xmlsig/swig/ruby.i +17 -0
data/ext/xmlsig/swig/xmlsig.i +405 -0
data/ext/xmlsig/t/tc_cert.rb +34 -0
data/ext/xmlsig/t/tc_interface.rb +158 -0
data/ext/xmlsig/t/tc_signer.rb +501 -0
data/ext/xmlsig/t/tc_tsik.rb +490 -0
data/ext/xmlsig/t/tc_verifier.rb +151 -0
data/ext/xmlsig/t/tsik_interop/sign.rb +48 -0
data/ext/xmlsig/t/tsik_interop/verify.rb +31 -0
data/ext/xmlsig/t/tsik_interop/verify_own.rb +46 -0
data/ext/xmlsig/xmlsig.cpp +13363 -0
data/lib/xmlsig.rb +1 -0
metadata +113 -0

data/ext/xmlsig/t/tc_tsik.rb ADDED Viewed

@@ -0,0 +1,490 @@
+#!/usr/bin/env ruby
+# (C) Copyright 2006 VeriSign, Inc.
+# Developed by Sxip Identity
+#
+# Licensed under the Apache License, Version 2.0 (the "License")
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require 'test/unit'
+require 'xmlsig'
+class TC_TSIK < Test::Unit::TestCase
+    # def setup
+    # end
+    # def teardown
+    # end
+    def resdir
+	    return 't/res/tsik_tcport/'
+	end
+    def publicKey
+        key = Xmlsig::Key.new
+        assert_equal(0, key.loadFromFile(resdir() + 'mypub.pem', 'pem', ''), "loadFromFile of a key")
+        assert_equal(1, key.isValid(), "isValid key")
+        return key
+    end
+    def privateKey
+        key = Xmlsig::Key.new
+        assert_equal(0, key.loadFromFile(resdir() + 'mypriv.pem', 'pem', ''), "loadFromFile of a key")
+        assert_equal(1, key.isValid(), "isValid key")
+        key.setName("")
+        return key
+    end
+    def loadDoc(filename)
+        doc = Xmlsig::XmlDoc.new
+        fullfilename = resdir() + filename
+        assert_equal(0, doc.loadFromFile(fullfilename), "loadFromFile of a XmlDoc")
+        return doc
+    end
+    def sign1(inFileName, privateKey, publicKey, cert)
+        doc = loadDoc(inFileName)
+        if (cert != NIL)
+            signer = Xmlsig::Signer.new(doc, privateKey)
+            signer.addCertFromFile(cert, 'pem')
+            return signer
+        elsif (publicKey != NIL)
+            return Xmlsig::Signer.new(doc, privateKey, publicKey)
+        else
+		    return Xmlsig::Signer.new(doc, privateKey)
+        end
+    end
+    def sign2(signer, type, outFileName)
+        if (type == "")
+            d = signer.sign()
+        else
+            d = signer.sign(Xmlsig::XPath.new(type))
+            if (outFileName != NIL)
+                d.toFile(outFileName)
+            end
+        end
+        return d
+    end
+    def verify(inDoc, signatureLocation, publicKey, mustHavePublicKey, mustHaveCert)
+        xpath = Xmlsig::XPath.new(signatureLocation)
+        xpath.addNamespace("ds", "http://www.w3.org/2000/09/xmldsig#")
+        xpath.addNamespace("s2", "http://ns.s2ml.org/s2ml")
+        xpath.addNamespace("SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/")
+        xpath.addNamespace("EMS", "http://ems.verisign.com/2001/05/ems-s2ml#")
+        verifier = Xmlsig::Verifier.new(inDoc, xpath)
+        pubKey = publicKey
+        if (mustHavePublicKey)
+            pubKey = verifier.getVerifyingKey()
+            if (pubKey == NIL)
+                print("Cannot find public key")
+                return 0
+            end
+        end
+        if (mustHaveCert)
+            cert = verifier.getCertificate()
+            if (cert == NIL)
+                print("Cannot find certificate")
+                return 0
+            end
+        end
+        verified = 0
+        verified = verifier.verify(pubKey) == 1
+        return verified
+    end
+    ### Port of the TSIK org.apache.tsik.xmlsig.test.XmlSigTest class
+    ###
+    def test_SignInPlace
+        ### TSIK XmlSigTest.testSignInPlace
+        # Load document
+        doc = loadDoc("SomeTest.xml")
+        # Sign document
+        signer = Xmlsig::Signer.new(doc, privateKey(), publicKey())
+        xpath = Xmlsig::XPath.new('/')
+        assert_equal(0, signer.signInPlace(xpath), "signInPlace")
+        # Verify document
+        xpath = Xmlsig::XPath.new('//ds:Signature')
+        xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
+        v = Xmlsig::Verifier.new(doc, xpath)
+        assert_equal(1, v.verify(publicKey()), "Verify")
+	end
+    def test_SignInPlace2
+        ### TSIK XmlSigTest.testSignInPlace2
+        # Load document
+        doc = loadDoc("Test2.xml")
+        # Sign document
+        signer = Xmlsig::Signer.new(doc, privateKey(), publicKey())
+        xpath = Xmlsig::XPath.new('/test/test2')
+        assert_equal(0, signer.signInPlace(xpath, 1), "signInPlace")
+        # Verify document
+        xpath = Xmlsig::XPath.new('//ds:Signature')
+        xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
+        v = Xmlsig::Verifier.new(doc, xpath)
+        assert_equal(1, v.verify(publicKey()), "Verify")
+    end
+    def test_SignInPlaceEnveloping
+        ### TSIK XmlSigTest.testSignInPlaceEnveloping
+        # Load document
+        doc = loadDoc("Test2.xml")
+        # Sign document
+        signer = Xmlsig::Signer.new(doc, privateKey(), publicKey())
+        assert_equal(0, signer.signInPlace(), "signInPlace")
+        # Verify document
+        xpath = Xmlsig::XPath.new('//ds:Signature')
+        xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
+        v = Xmlsig::Verifier.new(doc, xpath)
+        assert_equal(1, v.verify(publicKey()), "Verify")
+    end
+    def test_VerifyingKeyWithCerts
+        ### TSIK XmlSigTest.testVerifyingKeyWithCerts
+        doc = loadDoc('in.xml')
+        cert = Xmlsig::X509Certificate.new
+        if (cert.loadFromFile(resdir() +  'mycert.x509', 'cert_pem') < 0)
+            raise "IOException - Couldn't load 'mycert.x509'"
+        end
+        verifyingKey = cert.getKey()
+        # Sign document
+        signer = Xmlsig::Signer.new(doc, privateKey(), verifyingKey)
+        xpath = Xmlsig::XPath.new('/')
+        d = signer.sign(xpath)
+        # Verify document
+        xpath = Xmlsig::XPath.new('//ds:Signature')
+        xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
+        v = Xmlsig::Verifier.new(d, xpath)
+        v.setKeyStore(Xmlsig::KeyStore.new)
+        assert_equal(1, v.verify(publicKey()), "Verify")
+        assert_equal(1, v.verify(), "Verify")
+    end
+    def test_SigningAndVerifyingKey
+        ### TSIK XmlSigTest.testSigningAndVerifyingKey
+        doc = loadDoc('in.xml')
+        # Sign document
+        signer = Xmlsig::Signer.new(doc, privateKey(), publicKey())
+        xpath = Xmlsig::XPath.new('/books')
+        signer.attachPublicKey(1)
+        d = signer.sign(xpath)
+        # Verify document
+        xpath = Xmlsig::XPath.new('//ds:Signature')
+        xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
+        v = Xmlsig::Verifier.new(d, xpath)
+        assert_equal(1, v.verify(publicKey()), "Verify")
+        assert_equal(1, v.verify(), "Verify")
+    end
+    def test_CertOnly
+        ### TSIK XmlSigTest.testCertOnly
+        doc = loadDoc('testCertOnly_in.xml')
+        xpath = Xmlsig::XPath.new('//ds:Signature')
+        xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
+        v = Xmlsig::Verifier.new(doc, xpath)
+        assert_equal(1, v.verify(), "Verify")
+    end
+    def test_Hmac
+        ### TSIK XmlSigTest.testHmac
+        doc = loadDoc('in.xml')
+        sigKey = Xmlsig::Key.new
+        sigKey.loadHMACFromString('ab')
+        signer = Xmlsig::Signer.new(doc, sigKey)
+        xpath = Xmlsig::XPath.new('/')
+        d = signer.sign(xpath)
+        xpath = Xmlsig::XPath.new('//ds:Signature')
+        xpath.addNamespace('ds', "http://www.w3.org/2000/09/xmldsig#")
+        v = Xmlsig::Verifier.new(d, xpath)
+        verKey = Xmlsig::Key.new
+        verKey.loadHMACFromString('ab')
+        assert_equal(1, v.verify(verKey), "Verify")
+        verKey.loadHMACFromString('bb')
+        assert_equal(0, v.verify(verKey), "Verify")
+    end
+    def test_EmptyNamespace
+        ### TSIK XmlSigTest.testEmptyNamespace
+        # original testEmptyNamespace.xml was
+        #  <elem xmlns="default namespace"/>
+        # changed to
+        #  <elem xmlns="http://default/namespace"/>
+        # because the former was being flagged by the libxml2 parser as
+        # having an invalid URI
+        signer = sign1('testEmptyNamespace.xml', privateKey(), publicKey(), NIL)
+        doc = sign2(signer, '/', NIL)
+        assert_equal(false, doc.nil?)
+        assert_equal(true, verify(doc, '//ds:Signature', publicKey(), 0, 0), "Verify")
+    end
+    def test_Stele
+        ### TSIK XmlSigTest.testStele
+        signer = sign1('testStele.xml', privateKey(), publicKey(), NIL)
+        xpath = Xmlsig::XPath.new("/SOAP-ENV:Envelope/SOAP-ENV:Body")
+        xpath.addNamespace("SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/")
+        signer.addReference(xpath)
+        doc = sign2(signer, '/', NIL)
+        assert_equal(false, doc.nil?)
+        assert_equal(true, verify(doc, '//ds:Signature', publicKey(), 0, 0), "Verify")
+    end
+    def test_Cert
+        ### TSIK XmlSigTest.testCert
+        signer = sign1('in.xml', privateKey(), NIL, resdir() + 'mycert.x509')
+        signer.attachPublicKey(1)
+        assert_equal(false, signer.nil?)
+        doc = sign2(signer, '/', NIL)
+        assert_equal(false, doc.nil?)
+        sigLoc = '/books/ds:Signature'
+        assert_equal(true, verify(doc, sigLoc, publicKey(), 0, 0), "Verify")
+        assert_equal(true, verify(doc, sigLoc, NIL, 1, 0), "Verify")
+        assert_equal(true, verify(doc, sigLoc, NIL, 1, 1), "Verify")
+        xpath = Xmlsig::XPath.new(sigLoc)
+        xpath.addNamespace("ds", "http://www.w3.org/2000/09/xmldsig#")
+        verifier = Xmlsig::Verifier.new(doc, xpath)
+        l = verifier.getCertificateChain()
+        assert_equal(1, l.length, "Chain length")
+    end
+    def test_MultipleCert
+        ### TSIK XmlSigTest.testMultipleCert
+        cert = Xmlsig::X509Certificate.new
+        if (cert.loadFromFile(resdir() +  'mycert.x509', 'cert_pem') < 0)
+            raise "IOException - Couldn't load 'mycert.x509'"
+        end
+        verifyingKey = cert.getKey()
+        doc = loadDoc('in.xml')
+        signer = Xmlsig::Signer.new(doc, privateKey(), verifyingKey)
+        signer.attachPublicKey(1)
+        signer.addReference(Xmlsig::XPath.new("/books/book[2]"))
+        d = signer.sign(Xmlsig::XPath.new("/books/book[1]"))
+		assert_equal(false, d.nil?)
+        sigLoc = '//ds:Signature'
+        assert_equal(true, verify(d, sigLoc, publicKey(), 0, 0), "Verify")
+        assert_equal(true, verify(d, sigLoc, NIL, 1, 0), "Verify")
+        assert_equal(true, verify(d, sigLoc, NIL, 1, 1), "Verify")
+        xpath = Xmlsig::XPath.new(sigLoc)
+        xpath.addNamespace("ds", "http://www.w3.org/2000/09/xmldsig#")
+        verifier = Xmlsig::Verifier.new(d, xpath)
+        l = verifier.getCertificateChain()
+        assert_equal(1, l.length, "Chain length")
+	end
+    def test_Enveloped
+        ### TSIK XmlSigTest.testEnveloped
+        signer = sign1('in.xml', privateKey(), publicKey(), NIL)
+        doc = sign2(signer, '/', NIL)
+        assert_equal(false, doc.nil?)
+        assert_equal(true, verify(doc, '/books/ds:Signature', publicKey(), 0, 0), "Verify")
+    end
+    def test_Enveloping
+        ### TSIK XmlSigTest.testEnveloping
+        signer = sign1('in.xml', privateKey(), publicKey(), NIL)
+        doc = sign2(signer, '', NIL)
+        assert_equal(false, doc.nil?)
+        assert_equal(true, verify(doc, '/ds:Signature', publicKey(), 0, 0), "Verify")
+        assert_equal(true, verify(doc, '/ds:Signature', NIL, 1, 0), "Verify")
+    end
+    def test_Detached
+        ### TSIK XmlSigTest.testDetached
+        signer = sign1('in.xml', privateKey(), publicKey(), NIL)
+        doc = sign2(signer, '/books/book[1]', NIL)
+        assert_equal(false, doc.nil?)
+        assert_equal(true, verify(doc, '/books/book[1]/ds:Signature', publicKey(), 0, 0), "Verify")
+        assert_equal(true, verify(doc, '/books/book[1]/ds:Signature', NIL, 1, 0), "Verify")
+    end
+    def test_MultipleRefsDetached
+        ### TSIK XmlSigTest.testMultipleRefsDetached
+        signer = sign1('in.xml', privateKey(), publicKey(), NIL)
+        for expr in ['/', '/books', '/books/book[2]', '/books/book[1]',
+                    "/books/book[@name='Professional XML']"]
+            xpath = Xmlsig::XPath.new(expr)
+            signer.addReference(xpath)
+        end
+        doc = sign2(signer, '/books/book[1]', NIL)
+        assert_equal(false, doc.nil?)
+        assert_equal(true, verify(doc, '/books/book[1]/ds:Signature', publicKey(), 0, 0), "Verify")
+        assert_equal(true, verify(doc, '/books/book[1]/ds:Signature', NIL, 1, 0), "Verify")
+    end
+    def test_BadXPath1
+        ### TSIK XmlSigTest.testBadXPath1
+        signer = sign1('in.xml', privateKey(), publicKey(), NIL)
+        xpath = Xmlsig::XPath.new('bad xpath')
+        signer.addReference(xpath)
+        d = sign2(signer, '/', NIL)
+        rescue
+        assert_equal(true, d.nil?)
+    end
+    def test_BadXPath2
+        ### TSIK XmlSigTest.testBadXPath2
+        signer = sign1('in.xml', privateKey(), publicKey(), NIL)
+        xpath = Xmlsig::XPath.new('here()')
+        signer.addReference(xpath)
+        d = sign2(signer, '/', NIL)
+        rescue
+        assert_equal(true, d.nil?)
+    end
+    def test_MultipleSignatures
+        ### TSIK XmlSigTest.testMultipleSignatures
+        signer = sign1('in.xml', privateKey(), publicKey(), NIL)
+        signer.addReference(Xmlsig::XPath.new('/books/book[2]'))
+        doc = signer.sign(Xmlsig::XPath.new('/books/book[1]'), 1)
+        assert_equal(false, doc.nil?)
+        signer = Xmlsig::Signer.new(doc, privateKey(), publicKey())
+        # TSIK uses /books/ds:Signature for this reference, which
+        # matches multiple Signature elements. This causes problems
+        # because a Signature should not refer to itself, so we've
+        # changed it to refer to the first Signature only which was
+        # presumably the intent. (modified TSIK output reference xml)
+        xpath = Xmlsig::XPath.new('/books/ds:Signature[1]')
+        xpath.addNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#')
+        signer.addReference(xpath)
+        doc = signer.sign(Xmlsig::XPath.new('/books/book[2]'), 1)
+        assert_equal(false, doc.nil?)
+        sigLoc1 = '/books/ds:Signature[1]'
+        sigLoc2 = '/books/ds:Signature[2]'
+        assert_equal(true, verify(doc, sigLoc1, publicKey(), 0, 0), "Verify")
+        assert_equal(true, verify(doc, sigLoc2, publicKey(), 0, 0), "Verify")
+        assert_equal(true, verify(doc, sigLoc1, NIL, 1, 0), "Verify")
+        assert_equal(true, verify(doc, sigLoc2, NIL, 1, 0), "Verify")
+    end
+    def test_MerlinEnvelopedDsa
+        ### TSIK XmlSigTest.testMerlinEnvelopedDsa
+        doc = loadDoc("merlin-xmldsig-fifteen/signature-enveloped-dsa.xml")
+        assert_equal(true, verify(doc, '//ds:Signature', NIL, 1, 0), "Verify")
+    end
+    def test_MerlinEnvelopingDsa
+        ### TSIK XmlSigTest.testMerlinEnvelopingDsa
+        doc = loadDoc("merlin-xmldsig-fifteen/signature-enveloping-dsa.xml")
+        assert_equal(true, verify(doc, '//ds:Signature', NIL, 1, 0), "Verify")
+    end
+    def test_MerlinEnvelopingBase64Dsa
+        ### TSIK XmlSigTest.testMerlinEnvelopingBase64Dsa
+        doc = loadDoc("merlin-xmldsig-fifteen/signature-enveloping-b64-dsa.xml")
+        assert_equal(true, verify(doc, '//ds:Signature', NIL, 1, 0), "Verify")
+    end
+    ### Port of the TSIK org.apache.tsik.xmlsig.test.XmlSigTestExcC14n class
+    ###
+    def test_EmptyList
+        ### TSIK XmlSigTestExcC14n.testEmptyList
+        s = sign1('testStele.xml', privateKey(), publicKey(), NIL)
+        s.useExclusiveCanonicalizer('')
+        xp = Xmlsig::XPath.new("//*[@Id='ID1']")
+        # Unused in TSIK, if we leave this out our Reference URIs match
+        #xp.addNamespace("s", "http://schemas.xmlsoap.org/soap/envelope/")
+        s.addReference(xp)
+        doc = sign2(s, '/', NIL)
+        assert_equal(false, doc.nil?)
+        assert_equal(true, verify(doc, '//ds:Signature', publicKey(), 0, 0), "Verify")
+        assert_equal(true, verify(doc, '//ds:Signature', NIL, 1, 0), "Verify")
+    end
+    ### Port of the TSIK org.apache.tsik.xmlsig.test.XmlSigTestDigsig class
+    ###
+    def test_XPath
+        ### TSIK XmlSigTestDigsig.testXPath
+        doc = loadDoc("digsig-ratified/xpath_out.xml")
+        sigLoc = "//ds:Signature"
+        assert_equal(true, verify(doc, sigLoc, NIL, 1, 0), "Verify")
+    end
+    def test_XPointer
+        ### TSIK XmlSigTestDigsig.testXPointer
+        doc = loadDoc("digsig-ratified/xpointer_out.xml")
+        # Id attribute must be set, see
+        # http://www.aleksey.com/xmlsec/faq.html#section_3_2
+        doc.addIdAttr('Id', 'elem', '')
+        sigLoc = "//ds:Signature"
+        assert_equal(true, verify(doc, sigLoc, NIL, 1, 0), "Verify")
+    end
+    def test_XPathEnveloped
+        ### TSIK XmlSigTestDigsig.testXPathEnveloped
+        doc = loadDoc("digsig-ratified/envelopedsignature_out.xml")
+        # Id attribute must be set, see
+        # http://www.aleksey.com/xmlsec/faq.html#section_3_2
+        doc.addIdAttr('Id', 'RegisterResult', 'http://www.xkms.org/schema/xkms-2001-01-20')
+        sigLoc = "//ds:Signature"
+        assert_equal(true, verify(doc, sigLoc, NIL, 1, 0), "Verify")
+    end
+    def test_Merlin2
+        ### TSIK XmlSigTestDigsig.testMerlin2
+        doc = loadDoc("merlin-xmldsig-fifteen/signature-enveloping-rsa.xml")
+        sigLoc = "//ds:Signature"
+        assert_equal(true, verify(doc, sigLoc, NIL, 1, 0), "Verify")
+    end
+    ### Port of the TSIK org.apache.tsik.xmlsig.test.XmlSigTestMerlin23 class
+    ###
+    def HMACKey
+        key = Xmlsig::Key.new
+        key.loadHMACFromString('secret')
+        return key
+    end
+    def test_Merlin23
+        ### TSIK XmlSigTestMerlin23
+        xpath = Xmlsig::XPath.new("//ds:Signature")
+        xpath.addNamespace("ds", "http://www.w3.org/2000/09/xmldsig#")
+        for res in ['signature-enveloped-dsa',
+                     'signature-enveloping-b64-dsa',
+                     'signature-enveloping-rsa',
+                     'signature-external-b64-dsa',
+                     'signature-external-dsa',
+                     'signature-x509-crt-crl',
+                     'signature-x509-crt',
+                     'signature-enveloping-hmac-sha1']
+            fullfilename = resdir() + "merlin-xmldsig-twenty-three/" + res + ".xml"
+            doc = Xmlsig::XmlDoc.new
+            if doc.loadFromFile(fullfilename) < 0
+                raise "IOError - Couldn't open XML file " + fullfilename
+            end
+            verifier = Xmlsig::Verifier.new(doc, xpath)
+            if res == 'signature-enveloping-hmac-sha1'
+                assert_equal(1, verifier.verify(HMACKey()), "Verify Merlin32")
+            else
+                assert_equal(1, verifier.verify(), "Verify Merlin32")
+            end
+        end
+	end
+end

data/ext/xmlsig/t/tc_verifier.rb ADDED Viewed

@@ -0,0 +1,151 @@
+#!/usr/bin/env ruby
+# (C) Copyright 2006 VeriSign, Inc.
+# Developed by Sxip Identity
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require 'test/unit'
+require 'xmlsig'
+class TC_Verifier < Test::Unit::TestCase
+    # def setup
+    # end
+    # def teardown
+    # end
+    def test_basics
+        x = Xmlsig::XmlDoc.new
+        xml = <<-XML
+<?xml version="1.0" encoding="UTF-8"?>
+<sxip:envelope xmlns:foo="http://sxip.com/xml-dsig/test/foo#" xmlns:sxip="http://sxip.com/xml-dsig/test#" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><sxip:header><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#xpointer(/sxip:envelope/sxip:body/foo:morestuff)"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>NuSUptSOayIh51kdIONXjFeYxMQ=</ds:DigestValue></ds:Reference><ds:Reference URI="#xpointer(/sxip:envelope/sxip:body/sxip:evenMoreSxipStuff)"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>oT0HFNUy26Iea8HBnXsz0+IzPU4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>V64bOOa8ve14Qg0LYETMrV+Eby3go3AAjPgMMwM1swegZKiFYUntin14M7o8v6/TlNMFPlBx
+x7vajc6AgVGshLkkvsrzKWktNqcya1k1YGqswxNIPdFsscMRzileSc+Dx61JuXm9Yw2PPl+0
+aSmaxeKlrWjo9NOHLdHcmskCTPzqk20glB5SIYIspCnktCnCo1cj6xksOXi6G+ueEk8AVWnR
+p07UIPgjWftXtWTDLJNxuhWOHUkpyBcMhCZjbNALq7wIm/pebMPC3gHFWaA8jIz+IIuRzwwj
+ik7w/bp7Y81PYQyQGgFXuTs45x+twx4u7BX/RTpfGthpU/Ph3j0EtA==</ds:SignatureValue><ds:KeyInfo><ds:KeyName>Public key of certificate</ds:KeyName><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>oGgoDlqu7bl/TsvRjQs7JnocBR6/Sf8YNSzEc84/4JKiWK/X/3/VALmp8IXazpXSkGbRMqQY
+nz9NVirxB6tB7z5p6yCh1oNLglH/vNDLi314RtAy0AU799EcQOJa8ybJR4phLK6uy1IxcBrd
+AO2TAh/5QfYTUDsgAmH+FxWOJbwRd76u4+8RCqOFnEbHiKUBA1/N5C6H78+o3fIjfEApSADy
+pVegB9UY5rkzPVLCTgKcQb7SOp5WHVteD3IzP0HSB0YsP3Pie9bwVyAzfoh1iq5Enoqnx4eV
+APjOAWDf9WqoiBfxmwjqAHTWclDBYw2TOg+e3Lb03rqsKr60imT2uQ==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><ds:X509Data><ds:X509Certificate>MIIDATCCAemgAwIBAgIGAQoqb98SMA0GCSqGSIb3DQEBCwUAMEExEzARBgoJkiaJk/IsZAEZ
+EwNjb20xFDASBgoJkiaJk/IsZAEZEwRzeGlwMRQwEgYDVQQDEwtJc3N1ZXIgTmFtZTAeFw0w
+NjAzMjQwNDA3NTVaFw0yMDAxMDEwODAwMDBaMEIxEzARBgoJkiaJk/IsZAEZEwNjb20xFDAS
+BgoJkiaJk/IsZAEZEwRzeGlwMRUwEwYDVQQDEwxTdWJqZWN0IE5hbWUwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCgaCgOWq7tuX9Oy9GNCzsmehwFHr9J/xg1LMRzzj/gkqJY
+r9f/f9UAuanwhdrOldKQZtEypBifP01WKvEHq0HvPmnrIKHWg0uCUf+80MuLfXhG0DLQBTv3
+0RxA4lrzJslHimEsrq7LUjFwGt0A7ZMCH/lB9hNQOyACYf4XFY4lvBF3vq7j7xEKo4WcRseI
+pQEDX83kLofvz6jd8iN8QClIAPKlV6AH1RjmuTM9UsJOApxBvtI6nlYdW14PcjM/QdIHRiw/
+c+J71vBXIDN+iHWKrkSeiqfHh5UA+M4BYN/1aqiIF/GbCOoAdNZyUMFjDZM6D57ctvTeuqwq
+vrSKZPa5AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAArJTw0B6ZXSqs0oxFkgu5UAws0xdi/8
+fuQCYMcV1e1Y8VXYVrmJQv8oaft/iSueyc7QmhOgUpXbqB+ApYhS3Hrk2F5EQthEIFGTWG1K
+uxQno0OriMvRTn880SNo5wnl/UeKkp6OwAYGrsVZnxZ1cij+5EVWB8eBXN5OZPbktc/tAuj9
+gS3CaEtoO7KQKZjGugwSMBGZwhiECaSn9jb4MotovtZCo5Qp8FJyeYWTgw2S+/HDc5Ot4i2b
+pa/U87KGxffQASJcj05ij7HgHnAznvFBuFamNQo2s2sdXTIEKQpJ9804oSGdrdq7VuAOMnXN
+uswvjAEdbUfaEBzym0OMghY=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></sxip:header><sxip:body id="Body"><foo:morestuff>Here is more stuff!</foo:morestuff><foo:evenMoreStuff>Here is more stuff!</foo:evenMoreStuff><sxip:evenMoreSxipStuff>Here is more stuff!</sxip:evenMoreSxipStuff></sxip:body></sxip:envelope>
+        XML
+        if x.loadFromString(xml) == -1
+            raise "failed to create XML document"
+        end
+        xp = Xmlsig::XPath.new()
+        xp.addNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#')
+        xp.setXPath('/descendant::ds:Signature[position()=1]')
+        v = Xmlsig::Verifier.new(x,xp)
+        rc = v.verify
+        assert_equal(1,rc,"verify document with namespace using xpath")
+    end
+    def test_plain_key
+        x = Xmlsig::XmlDoc.new
+        xml = <<-XML
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+  <SignedInfo>
+    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+    <Reference URI="#object">
+      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+      <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+    </Reference>
+  </SignedInfo>
+  <SignatureValue>BMGn3ftGz476A4ZyCOTf1X2GZ/yMK/o5J3kTg8WSh+56cgLRCQiOrA==</SignatureValue>
+  <KeyInfo>
+      <KeyValue>
+<DSAKeyValue>
+<P>
+mTNzLdDnUE8esvAOW+m5/GR+2xAuv/5XHRuGP216C1Lh0ofU2978HuCIZgu29ggW
+d6nYkRAhpprnw0MvnwQynyvZMs51YyHbSHFIb3eefyg14+Y4/003LrhOQwaPkptA
+iUHohW9w7dhqRxKgDbD9T3yYiWr066v02u0jZhMCX/0=
+</P>
+<Q>
+vMMOrPdYTfgRjIwMxAGrvGqpxZM=
+</Q>
+<G>
+kAzI1xXPJ1Qd9V/OKNWuKliEvAWpPcPrshOPajErPXhG2qT15c+oP/CxauG+96RV
+qoArUoluexWjySPm6SAZNr+hHQrE/OnV0IIgsiRlUJqxLNNEI6wn6G6FOw6ymUay
+RCLAha5VDyoeQ90XA2QdZ7EDXhmom+q6ZjGAsn4dtNk=
+</G>
+<Y>
+bmInlV3nwDyJ/8vck3jOYj3bB2c6gXrvdKQlxNsUvxy5rVfGY7DY+N/5Q4v6S8Q3
+Cy6+GgMWIKjnolIpFt8khUUmwV0SNDcgLwsrnEMrZ0kQlMybFBaWqbuTk0FC+ORK
+giAQbEuMveocyjZPdHNAHJmDe87nn1nbmBlPpxLQwTg=
+</Y>
+</DSAKeyValue>
+</KeyValue>
+  </KeyInfo>
+  <Object Id="object">some text</Object>
+</Signature>
+        XML
+        if x.loadFromString(xml) == -1
+            raise "failed to create XML document"
+        end
+        v = Xmlsig::Verifier.new(x)
+        rc = v.verify
+        assert_equal(1,rc,"verify document containing plain key")
+    end
+    def test_bad_input
+        xml = <<-XML
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+  <SignedInfo>
+    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+    <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+      <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+    </Reference>
+  </SignedInfo>
+  <SignatureValue>
+    MUOjiqG0dbjvR6+qYYPL85nKSt2FeZGQBQkYudv48KyJhJLG1Bp+bA==
+  </SignatureValue>
+  <KeyInfo>
+    <X509Data>
+      <X509SubjectName>
+        CN=Badb,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+      </X509SubjectName>
+    </X509Data>
+  </KeyInfo>
+</Signature>
+        XML
+        x = Xmlsig::XmlDoc.new
+        x.loadFromString(xml)
+        ks = Xmlsig::KeyStore.new
+        ks.addTrustedCertFromFile('t/keys/ca.pem', 'pem')
+        ks.addTrustedCertFromFile('t/keys/badb.pem', 'pem')
+        ks.addKeyFromFile('t/keys/badb.pem', 'cert_pem', '')
+        v = Xmlsig::Verifier.new(x)
+        v.setKeyStore(ks)
+        assert_equal(1,v.verify, "should work")
+    end
+end

data/ext/xmlsig/t/tsik_interop/sign.rb ADDED Viewed

@@ -0,0 +1,48 @@
+#!/usr/bin/env ruby
+require 'xmlsig'
+in_path = '../res/tsik/in/'
+key_path = '../res/tsik/keys/'
+out_path = '../'
+x = Xmlsig::XmlDoc.new
+x.loadFromFile(in_path + "in.xml")
+k = Xmlsig::Key.new
+k.loadFromFile(key_path + 'alice.pfx','pkcs12','password')
+s = Xmlsig::Signer.new(x,k)
+s.signInPlace()
+x.toFile(out_path + "out_1.xml")
+x = Xmlsig::XmlDoc.new
+x.loadFromFile(in_path + "in.xml")
+k = Xmlsig::Key.new
+k.loadFromFile(key_path + 'alice.pfx','pkcs12','password')
+s = Xmlsig::Signer.new(x,k)
+s.addCertFromFile(key_path + 'Alice.cer', 'cert_der')
+xp = Xmlsig::XPath.new()
+xp.addNamespace('cert', 'http://example.com/cert')
+xp.setXPath('/cert:cert')
+x = s.sign(xp)
+x.toFile(out_path + "out_2.xml")
+x = Xmlsig::XmlDoc.new
+x.loadFromFile(in_path + "in.xml")
+k = Xmlsig::Key.new
+k.loadFromFile(key_path + 'alice.pfx','pkcs12','password')
+pk = Xmlsig::Key.new
+pk.loadFromFile(key_path + 'Alice.cer', 'cert_der', '')
+s = Xmlsig::Signer.new(x,k,pk)
+xp = Xmlsig::XPath.new()
+xp.addNamespace('cert', 'http://example.com/cert')
+xp.setXPath('/cert:cert')
+x = s.sign(xp)
+x.toFile(out_path + "out_3.xml")