Class: Nokogiri::XML::Document

Inherits:

Object

• Object
• Nokogiri::XML::Document

Defined in:

lib/xmlsec.rb

Instance Method Summary

• #decrypt!(opts) ⇒ Object

  Decrypts the current document, then returns it.

• #encrypt!(key:, name: nil, **opts) ⇒ Object

  Encrypts the current document, then returns it.

• #sign!(opts) ⇒ Object
• #verify_signature ⇒ Object

  Attempts to verify the signature of this document using only certificates installed on the system.

• #verify_with(opts_or_keys) ⇒ Object

  Verifies the signature on the current document.

Instance Method Details

#decrypt!(opts) ⇒ Object

Decrypts the current document, then returns it.

Examples:

# decrypt with a specific private key
doc.decrypt! key: 'private-key'
# pass the key as an OpenSSL PKey object
doc.decrypt! key: OpenSSL::PKey.read('private-key')

# File 'lib/xmlsec.rb', line 78

def decrypt! opts
  first_encrypted_node = root.at_xpath("//xenc:EncryptedData", 'xenc' => "http://www.w3.org/2001/04/xmlenc#")
  raise XMLSec::DecryptionError("start node not found") unless first_encrypted_node

  first_encrypted_node.decrypt_with opts
  self
end

#encrypt!(key:, name: nil, **opts) ⇒ Object

Encrypts the current document, then returns it.

Examples:

# encrypt with a public key and optional key name
doc.encrypt! key: 'public-key', name: 'name'

# File 'lib/xmlsec.rb', line 64

def encrypt!(key:, name: nil, **opts)
  root.encrypt_with(key: key, name: name, **opts)
  self
end

#sign!(opts) ⇒ Object

# File 'lib/xmlsec.rb', line 6

def sign! opts
  root.sign! opts
  self
end

#verify_signature ⇒ Object

Attempts to verify the signature of this document using only certificates installed on the system. This is equivalent to calling ‘verify_with certificates: []` (that is, an empty array).

# File 'lib/xmlsec.rb', line 53

def verify_signature
  verify_with(certs: [])
end

#verify_with(opts_or_keys) ⇒ Object

Verifies the signature on the current document.

Returns ‘true` if the signature is valid, `false` otherwise.

Examples:

# Try to validate with the given public or private key
doc.verify_with key: 'rsa-key'

# Try to validate with a set of keys. It will try to match
# based on the contents of the `KeyName` element.
doc.verify_with({
  'key-name'         => 'x509 certificate',
  'another-key-name' => 'rsa-public-key'
})

# Try to validate with a trusted certificate
doc.verify_with(cert: 'certificate')

# Try to validate with a set of certificates, any one of which
# can match
doc.verify_with(certs: ['cert1', 'cert2'])

# Validate the signature, checking the certificate validity as of
# a certain time (anything that's convertible to an integer, such as a Time)
doc.verify_with(cert: 'certificate', verification_time: message_creation_timestamp)

# Validate the signature, but don't validate that the certificate is valid,
# or has a full trust chain
doc.verify_with(cert: 'certificate', verify_certificates: false)

# File 'lib/xmlsec.rb', line 42

def verify_with opts_or_keys
  first_signature = root.at_xpath("//ds:Signature", 'ds' => "http://www.w3.org/2000/09/xmldsig#")
  raise XMLSec::VerificationError("start node not found") unless first_signature

  first_signature.verify_with(opts_or_keys)
end