Class: Nokogiri::XML::Document

Inherits:

Object

• Object
• Nokogiri::XML::Document

Defined in:

lib/xmlsec.rb

Instance Method Summary

• #decrypt!(opts) ⇒ Object

  Decrypts the current document, then returns it.

• #encrypt!(opts) ⇒ Object

  Encrypts the current document, then returns it.

• #sign!(opts) ⇒ Object

  Signs this document, and then returns it.

• #verify_signature ⇒ Object

  Attempts to verify the signature of this document using only certificates installed on the system.

• #verify_with(opts_or_keys) ⇒ Object

  Verifies the signature on the current document.

Instance Method Details

#decrypt!(opts) ⇒ Object

Decrypts the current document, then returns it.

Examples:

# decrypt with a specific private key
doc.decrypt! key: 'private-key'

# File 'lib/xmlsec.rb', line 102

def decrypt! opts
  if opts[:key]
    decrypt_with_key opts[:name].to_s, opts[:key]
  else
    raise 'inadequate options specified for decryption'
  end
  self
end

#encrypt!(opts) ⇒ Object

Encrypts the current document, then returns it.

Examples:

# encrypt with a public key and optional key name
doc.encrypt! key: 'public-key', name: 'name'

# File 'lib/xmlsec.rb', line 86

def encrypt! opts
  if opts[:key]
    encrypt_with_key opts[:name].to_s, opts[:key]
  else
    raise "public :key is required for encryption"
  end
  self
end

#sign!(opts) ⇒ Object

Signs this document, and then returns it.

Examples:

doc.sign! key: 'rsa-private-key'
doc.sign! key: 'rsa-private-key', name: 'key-name'
doc.sign! x509: 'x509 certificate', key: 'cert private key'
doc.sign! x509: 'x509 certificate', key: 'cert private key',
          name: 'key-name'

You can also use ‘:cert` or `:certificate` as aliases for `:x509`.

# File 'lib/xmlsec.rb', line 18

def sign! opts
  if (cert = opts[:x509]) || (cert = opts[:cert]) || (cert = opts[:certificate])
    raise "need a private :key" unless opts[:key]
    sign_with_certificate opts[:name].to_s, opts[:key], cert
  elsif opts[:key]
    sign_with_key opts[:name].to_s, opts[:key]
  else
    raise "No private :key was given"
  end
  self
end

#verify_signature ⇒ Object

Attempts to verify the signature of this document using only certificates installed on the system. This is equivalent to calling ‘verify_with certificates: []` (that is, an empty array).

# File 'lib/xmlsec.rb', line 75

def verify_signature
  verify_with_certificates []
end

#verify_with(opts_or_keys) ⇒ Object

Verifies the signature on the current document.

Returns ‘true` if the signature is valid, `false` otherwise.

Examples:

# Try to validate with the given public or private key
doc.verify_with key: 'rsa-key'

# Try to validate with a set of keys. It will try to match
# based on the contents of the `KeyName` element.
doc.verify_with({
  'key-name'         => 'x509 certificate',
  'another-key-name' => 'rsa-public-key'
})

# Try to validate with a trusted certificate
doc.verify_with(x509: 'certificate')

# Try to validate with a set of certificates, any one of which
# can match
doc.verify_with(x509: ['cert1', 'cert2'])

You can also use ‘:cert` or `:certificate` or `:certs` or `:certificates` as aliases for `:x509`.

# File 'lib/xmlsec.rb', line 56

def verify_with opts_or_keys
  if (certs = opts_or_keys[:x509]) ||
     (certs = opts_or_keys[:cert]) ||
     (certs = opts_or_keys[:certs]) ||
     (certs = opts_or_keys[:certificate]) ||
     (certs = opts_or_keys[:certificates])
    certs = [certs] unless certs.kind_of?(Array)
    verify_with_certificates certs
  elsif opts_or_keys[:key]
    verify_with_rsa_key opts_or_keys[:key]
  else
    verify_with_named_keys opts_or_keys
  end
end