SignedXml
SignedXml is a Ruby implementation of XML Signatures.
Dependencies
SignedXml requires and is in love with Nokogiri.
Limitations
They are legion. Allowed transformations are enveloped-signature and c14n. Only same-document Reference URIs are supported, and of those only the null URI (URI="", i.e. the whole document) and fragment URIs which specify a literal ID are supported. XPointer expressions are not supported.
SignedXml can also sign documents which contain certain required placeholder elements. For an example, see the file saml_response_template.xml in spec/resources.
Installation
Add this line to your application's Gemfile:
gem 'signed_xml'
And then execute:
bundle
Or install it yourself as:
gem install signed_xml
Usage
require 'signed_xml'
# Verification
# using certificate in document
signed_doc = SignedXml::Document(File.read 'some_signed_doc.xml')
signed_doc.is_verified?
# using certificate provided by caller
certificate = OpenSSL::X509::Certificate.new(File.read 'certificate.pem')
signed_doc.is_verified? certificate
# using certificate which matches the one in the document
# (and failing if it doesn't)
cert_fingerprint = Digest::SHA1.hexdigest(certificate.to_der)
certificate_store = {cert_fingerprint => certificate}
signed_doc.is_verified? certificate_store
# Signing
doc = SignedXml::Document(File.read 'doc_with_placeholder_elems.xml')
private_key = OpenSSL::PKey::RSA.new(File.new 'private_key.pem')
certificate = OpenSSL::X509::Certificate.new(File.read 'certificate.pem')
doc.sign(private_key, certificate)
File.open('signed_doc.xml', 'w') { |file| file.puts doc.to_xml }
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
Copyright
Copyright (c) OpenLogic, Inc. See LICENSE for details.