Class: Nokogiri::XML::Document
- Inherits:
-
Object
- Object
- Nokogiri::XML::Document
- Defined in:
- lib/xmlsec.rb
Instance Method Summary collapse
-
#decrypt!(opts) ⇒ Object
Decrypts the current document, then returns it.
-
#encrypt!(key:, name: nil, **opts) ⇒ Object
Encrypts the current document, then returns it.
- #sign!(opts) ⇒ Object
-
#verify_signature ⇒ Object
Attempts to verify the signature of this document using only certificates installed on the system.
-
#verify_with(opts_or_keys) ⇒ Object
Verifies the signature on the current document.
Instance Method Details
#decrypt!(opts) ⇒ Object
Decrypts the current document, then returns it.
Examples:
# decrypt with a specific private key
doc.decrypt! key: 'private-key'
# pass the key as an OpenSSL PKey object
doc.decrypt! key: OpenSSL::PKey.read('private-key')
78 79 80 81 82 83 84 |
# File 'lib/xmlsec.rb', line 78 def decrypt! opts first_encrypted_node = root.at_xpath("//xenc:EncryptedData", 'xenc' => "http://www.w3.org/2001/04/xmlenc#") raise XMLSec::DecryptionError("start node not found") unless first_encrypted_node first_encrypted_node.decrypt_with opts self end |
#encrypt!(key:, name: nil, **opts) ⇒ Object
Encrypts the current document, then returns it.
Examples:
# encrypt with a public key and optional key name
doc.encrypt! key: 'public-key', name: 'name'
64 65 66 67 |
# File 'lib/xmlsec.rb', line 64 def encrypt!(key:, name: nil, **opts) root.encrypt_with(key: key, name: name, **opts) self end |
#sign!(opts) ⇒ Object
6 7 8 9 |
# File 'lib/xmlsec.rb', line 6 def sign! opts root.sign! opts self end |
#verify_signature ⇒ Object
Attempts to verify the signature of this document using only certificates installed on the system. This is equivalent to calling ‘verify_with certificates: []` (that is, an empty array).
53 54 55 |
# File 'lib/xmlsec.rb', line 53 def verify_signature verify_with(certs: []) end |
#verify_with(opts_or_keys) ⇒ Object
Verifies the signature on the current document.
Returns ‘true` if the signature is valid, `false` otherwise.
Examples:
# Try to validate with the given public or private key
doc.verify_with key: 'rsa-key'
# Try to validate with a set of keys. It will try to match
# based on the contents of the `KeyName` element.
doc.verify_with({
'key-name' => 'x509 certificate',
'another-key-name' => 'rsa-public-key'
})
# Try to validate with a trusted certificate
doc.verify_with(cert: 'certificate')
# Try to validate with a set of certificates, any one of which
# can match
doc.verify_with(certs: ['cert1', 'cert2'])
# Validate the signature, checking the certificate validity as of
# a certain time (anything that's convertible to an integer, such as a Time)
doc.verify_with(cert: 'certificate', verification_time: )
# Validate the signature, but don't validate that the certificate is valid,
# or has a full trust chain
doc.verify_with(cert: 'certificate', verify_certificates: false)
42 43 44 45 46 47 |
# File 'lib/xmlsec.rb', line 42 def verify_with opts_or_keys first_signature = root.at_xpath("//ds:Signature", 'ds' => "http://www.w3.org/2000/09/xmldsig#") raise XMLSec::VerificationError("start node not found") unless first_signature first_signature.verify_with(opts_or_keys) end |