Module: XMLSecurity

Extended by:: FFI::Library

Defined in:: lib/xml_sec.rb

Defined Under Namespace

Modules: SignedDocument Classes: SignatureFailure, XmlSecDSigCtx, XmlSecError, XmlSecKeyInfoCtx, XmlSecKeyReq, XmlSecPtrList, XmlSecTransformCtx, XmlSecTransformUriType

Constant Summary collapse

XMLSEC_ERRORS_R_INVALID_DATA =

ErrorCallback =

FFI::Function.new(:void,
    [ :string, :int, :string, :string,     :string,      :int,   :string ]
) do |file,    line, func,    errorObject, errorSubject, reason, msg     |
  XMLSecurity.handle_xmlsec_error_callback(file, line, func, errorObject, errorSubject, reason, msg)
end

Class Method Summary collapse

.disable_remote_references!(dsig_context) ⇒ Object
.disable_xslt_transforms!(dsig_context) ⇒ Object
.handle_xmlsec_error_callback(*args) ⇒ Object
.mute(&block) ⇒ Object
.raise_exception_if_necessary(file, line, func, errorObject, errorSubject, reason, msg) ⇒ Object
.register_xml_id_attribute(doc, root) ⇒ Object

Register ‘ID’ as an XML id attribute so we can properly sign/validate signatures with references of the form:.
.sign(reference_id, xml_string, private_key, certificate) ⇒ Object
.xmlFree(ptr) ⇒ Object
.xmlMalloc(size) ⇒ Object

Class Method Details

.disable_remote_references!(dsig_context) ⇒ `Object`

# File 'lib/xml_sec.rb', line 301

def self.disable_remote_references!(dsig_context)
  dsig_context[:transformCtx][:enabledUris] = XmlSecTransformUriType.conservative
  dsig_context[:enabledReferenceUris] = XmlSecTransformUriType.conservative
end

.disable_xslt_transforms!(dsig_context) ⇒ `Object`

# File 'lib/xml_sec.rb', line 289

def self.disable_xslt_transforms!(dsig_context)
  all_transforms = XMLSecurity.xmlSecTransformIdsGet

  (0...XMLSecurity.xmlSecPtrListGetSize(all_transforms)).each do |pos|
    transform = XMLSecurity.xmlSecPtrListGetItem(all_transforms, pos)
    unless transform == XMLSecurity.xmlSecTransformXsltGetKlass
      XMLSecurity.xmlSecPtrListAdd(dsig_context[:transformCtx][:enabledTransforms], transform)
      XMLSecurity.xmlSecDSigCtxEnableReferenceTransform(dsig_context, transform)
    end
  end
end

.handle_xmlsec_error_callback(*args) ⇒ `Object`

# File 'lib/xml_sec.rb', line 271

def self.handle_xmlsec_error_callback(*args)
  raise_exception_if_necessary(*args)
  xmlSecErrorsDefaultCallback(*args)
end

.mute(&block) ⇒ `Object`

# File 'lib/xml_sec.rb', line 283

def self.mute(&block)
  xmlSecErrorsDefaultCallbackEnableOutput(false)
  block.call
  xmlSecErrorsDefaultCallbackEnableOutput(true)
end

.raise_exception_if_necessary(file, line, func, errorObject, errorSubject, reason, msg) ⇒ `Object`

# File 'lib/xml_sec.rb', line 276

def self.raise_exception_if_necessary(file, line, func, errorObject, errorSubject, reason, msg)
  if reason == XMLSEC_ERRORS_R_INVALID_DATA
    raise XmlSecError.new(msg)
  end
end

.register_xml_id_attribute(doc, root) ⇒ `Object`

<dsig:Reference URI="#IdOfElementImSigning" />

Which refer to another element in the same document like:

<elem ID="IdOfElementImSigning" />

For more information see:

http://www.aleksey.com/xmlsec/faq.html#section_3_4

# File 'lib/xml_sec.rb', line 556

def self.register_xml_id_attribute(doc, root)
  idary = FFI::MemoryPointer.new(:pointer, 2)
  idary[0].put_pointer(0, FFI::MemoryPointer.from_string("ID"))
  idary[1].put_pointer(0, nil)
  XMLSecurity.xmlSecAddIDs(doc, root, idary)
end

.sign(reference_id, xml_string, private_key, certificate) ⇒ `Object`

# File 'lib/xml_sec.rb', line 486

def self.sign(reference_id, xml_string, private_key, certificate)
  doc = self.xmlParseMemory(xml_string, xml_string.size)
  raise SignatureFailure.new("could not parse XML document") if doc.null?

  canonicalization_method_id = self.xmlSecTransformExclC14NGetKlass
  sign_method_id = self.xmlSecOpenSSLTransformRsaSha1GetKlass

  sign_node = self.xmlSecTmplSignatureCreate(doc, canonicalization_method_id, sign_method_id, nil)

  raise SignatureFailure.new("failed to create signature template") if sign_node.null?
  root = self.xmlDocGetRootElement(doc)
  self.xmlAddChild(root, sign_node)

  XMLSecurity.register_xml_id_attribute(doc, root)

  ref_node = self.xmlSecTmplSignatureAddReference(sign_node, self.xmlSecOpenSSLTransformSha1GetKlass, nil, reference_id && "##{reference_id}", nil)
  raise SignatureFailure.new("failed to add a reference") if ref_node.null?

  envelope_result = self.xmlSecTmplReferenceAddTransform(ref_node, self.xmlSecTransformEnvelopedGetKlass)
  raise SignatureFailure.new("failed to add envelope transform to reference") if envelope_result.null?

  key_info_node = self.xmlSecTmplSignatureEnsureKeyInfo(sign_node, nil)
  raise SignatureFailure.new("failed to add key info") if key_info_node.null?

  digital_signature_context = self.xmlSecDSigCtxCreate(nil)
  raise SignatureFailure.new("failed to create signature context") if digital_signature_context.null?

  digital_signature_context[:signKey] = self.xmlSecOpenSSLAppKeyLoad(private_key, :xmlSecKeyDataFormatPem, nil, nil, nil)
  raise SignatureFailure.new("failed to load private pem key from #{private_key}") if digital_signature_context[:signKey].null?

  if self.xmlSecOpenSSLAppKeyCertLoad(digital_signature_context[:signKey], certificate, :xmlSecKeyDataFormatPem) < 0
    raise SignatureFailure.new("failed to load public cert from #{certificate}")
  end

  x509_data_node = self.xmlSecTmplKeyInfoAddX509Data(key_info_node)
  raise SignatureFailure.new("failed to add <dsig:X509Data/> node") if x509_data_node.null?

  if self.xmlSecDSigCtxSign(digital_signature_context, sign_node) < 0
    raise SignatureFailure.new("signature failed!")
  end

  ptr = FFI::MemoryPointer.new(:pointer, 1)
  sizeptr = FFI::MemoryPointer.new(:pointer, 1)
  self.xmlDocDumpFormatMemory(doc, ptr, sizeptr, 0)
  strptr = ptr.read_pointer

  return strptr.null? ? nil : strptr.read_string
ensure
  ptr.free if defined?(ptr) && ptr
  sizeptr.free if defined?(sizeptr) && sizeptr
  self.xmlFreeDoc(doc) if defined?(doc) && doc && !doc.null?
  self.xmlSecDSigCtxDestroy(digital_signature_context) if defined?(digital_signature_context) && digital_signature_context && !digital_signature_context.null?
  self.xmlFree(strptr) if defined?(strptr) && strptr && !strptr.null?
end

.xmlFree(ptr) ⇒ `Object`



261
262
263

# File 'lib/xml_sec.rb', line 261

def self.xmlFree(ptr)
  __xmlFree.call(ptr)
end

.xmlMalloc(size) ⇒ `Object`



257
258
259

# File 'lib/xml_sec.rb', line 257

def self.xmlMalloc(size)
  __xmlMalloc.call(size)
end

Module: XMLSecurity

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.disable_remote_references!(dsig_context) ⇒ Object

.disable_xslt_transforms!(dsig_context) ⇒ Object

.handle_xmlsec_error_callback(*args) ⇒ Object

.mute(&block) ⇒ Object

.raise_exception_if_necessary(file, line, func, errorObject, errorSubject, reason, msg) ⇒ Object

.register_xml_id_attribute(doc, root) ⇒ Object

.sign(reference_id, xml_string, private_key, certificate) ⇒ Object

.xmlFree(ptr) ⇒ Object

.xmlMalloc(size) ⇒ Object

.disable_remote_references!(dsig_context) ⇒ `Object`

.disable_xslt_transforms!(dsig_context) ⇒ `Object`

.handle_xmlsec_error_callback(*args) ⇒ `Object`

.mute(&block) ⇒ `Object`

.raise_exception_if_necessary(file, line, func, errorObject, errorSubject, reason, msg) ⇒ `Object`

.register_xml_id_attribute(doc, root) ⇒ `Object`

.sign(reference_id, xml_string, private_key, certificate) ⇒ `Object`

.xmlFree(ptr) ⇒ `Object`

.xmlMalloc(size) ⇒ `Object`