Class: Nokogiri::XML::Document
- Inherits:
-
Object
- Object
- Nokogiri::XML::Document
- Defined in:
- lib/xmlsec.rb
Instance Method Summary collapse
-
#decrypt!(opts) ⇒ Object
Decrypts the current document, then returns it.
-
#encrypt!(opts) ⇒ Object
Encrypts the current document, then returns it.
-
#sign!(opts) ⇒ Object
Signs this document, and then returns it.
-
#verify_signature ⇒ Object
Attempts to verify the signature of this document using only certificates installed on the system.
-
#verify_with(opts_or_keys) ⇒ Object
Verifies the signature on the current document.
Instance Method Details
#decrypt!(opts) ⇒ Object
Decrypts the current document, then returns it.
Examples:
# decrypt with a specific private key
doc.decrypt! key: 'private-key'
102 103 104 105 106 107 108 109 |
# File 'lib/xmlsec.rb', line 102 def decrypt! opts if opts[:key] decrypt_with_key opts[:name].to_s, opts[:key] else raise 'inadequate options specified for decryption' end self end |
#encrypt!(opts) ⇒ Object
Encrypts the current document, then returns it.
Examples:
# encrypt with a public key and optional key name
doc.encrypt! key: 'public-key', name: 'name'
86 87 88 89 90 91 92 93 |
# File 'lib/xmlsec.rb', line 86 def encrypt! opts if opts[:key] encrypt_with_key opts[:name].to_s, opts[:key] else raise "public :key is required for encryption" end self end |
#sign!(opts) ⇒ Object
Signs this document, and then returns it.
Examples:
doc.sign! key: 'rsa-private-key'
doc.sign! key: 'rsa-private-key', name: 'key-name'
doc.sign! x509: 'x509 certificate', key: 'cert private key'
doc.sign! x509: 'x509 certificate', key: 'cert private key',
name: 'key-name'
You can also use ‘:cert` or `:certificate` as aliases for `:x509`.
18 19 20 21 22 23 24 25 26 27 28 |
# File 'lib/xmlsec.rb', line 18 def sign! opts if (cert = opts[:x509]) || (cert = opts[:cert]) || (cert = opts[:certificate]) raise "need a private :key" unless opts[:key] sign_with_certificate opts[:name].to_s, opts[:key], cert elsif opts[:key] sign_with_key opts[:name].to_s, opts[:key] else raise "No private :key was given" end self end |
#verify_signature ⇒ Object
Attempts to verify the signature of this document using only certificates installed on the system. This is equivalent to calling ‘verify_with certificates: []` (that is, an empty array).
75 76 77 |
# File 'lib/xmlsec.rb', line 75 def verify_signature verify_with_certificates [] end |
#verify_with(opts_or_keys) ⇒ Object
Verifies the signature on the current document.
Returns ‘true` if the signature is valid, `false` otherwise.
Examples:
# Try to validate with the given public or private key
doc.verify_with key: 'rsa-key'
# Try to validate with a set of keys. It will try to match
# based on the contents of the `KeyName` element.
doc.verify_with({
'key-name' => 'x509 certificate',
'another-key-name' => 'rsa-public-key'
})
# Try to validate with a trusted certificate
doc.verify_with(x509: 'certificate')
# Try to validate with a set of certificates, any one of which
# can match
doc.verify_with(x509: ['cert1', 'cert2'])
You can also use ‘:cert` or `:certificate` or `:certs` or `:certificates` as aliases for `:x509`.
56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# File 'lib/xmlsec.rb', line 56 def verify_with opts_or_keys if (certs = opts_or_keys[:x509]) || (certs = opts_or_keys[:cert]) || (certs = opts_or_keys[:certs]) || (certs = opts_or_keys[:certificate]) || (certs = opts_or_keys[:certificates]) certs = [certs] unless certs.kind_of?(Array) verify_with_certificates certs elsif opts_or_keys[:key] verify_with_rsa_key opts_or_keys[:key] else verify_with_named_keys opts_or_keys end end |