Module: XMLSecurity
- Extended by:
- FFI::Library
- Defined in:
- lib/xml_sec.rb
Defined Under Namespace
Modules: SignedDocument Classes: SignatureFailure, XmlSecDSigCtx, XmlSecError, XmlSecKeyInfoCtx, XmlSecKeyReq, XmlSecPtrList, XmlSecTransformCtx, XmlSecTransformUriType
Constant Summary collapse
- XMLSEC_ERRORS_R_INVALID_DATA =
12
- ErrorCallback =
FFI::Function.new(:void, [ :string, :int, :string, :string, :string, :int, :string ] ) do |file, line, func, errorObject, errorSubject, reason, msg | XMLSecurity.handle_xmlsec_error_callback(file, line, func, errorObject, errorSubject, reason, msg) end
- XmlSecErrorsDefaultCallbackPtr =
attach_function :xmlSecErrorsDefaultCallback, [ :string, :int, :string, :string, :string, :int, :string ], :void
Class Method Summary collapse
- .disable_remote_references!(dsig_context) ⇒ Object
- .disable_xslt_transforms!(dsig_context) ⇒ Object
- .handle_xmlsec_error_callback(*args) ⇒ Object
- .mute(&block) ⇒ Object
- .raise_exception_if_necessary(file, line, func, errorObject, errorSubject, reason, msg) ⇒ Object
-
.register_xml_id_attribute(doc, root) ⇒ Object
Register ‘ID’ as an XML id attribute so we can properly sign/validate signatures with references of the form:.
- .sign(reference_id, xml_string, private_key, certificate) ⇒ Object
- .xmlFree(ptr) ⇒ Object
- .xmlMalloc(size) ⇒ Object
Class Method Details
.disable_remote_references!(dsig_context) ⇒ Object
300 301 302 303 |
# File 'lib/xml_sec.rb', line 300 def self.disable_remote_references!(dsig_context) dsig_context[:transformCtx][:enabledUris] = XmlSecTransformUriType.conservative dsig_context[:enabledReferenceUris] = XmlSecTransformUriType.conservative end |
.disable_xslt_transforms!(dsig_context) ⇒ Object
288 289 290 291 292 293 294 295 296 297 298 |
# File 'lib/xml_sec.rb', line 288 def self.disable_xslt_transforms!(dsig_context) all_transforms = XMLSecurity.xmlSecTransformIdsGet (0...XMLSecurity.xmlSecPtrListGetSize(all_transforms)).each do |pos| transform = XMLSecurity.xmlSecPtrListGetItem(all_transforms, pos) unless transform == XMLSecurity.xmlSecTransformXsltGetKlass XMLSecurity.xmlSecPtrListAdd(dsig_context[:transformCtx][:enabledTransforms], transform) XMLSecurity.xmlSecDSigCtxEnableReferenceTransform(dsig_context, transform) end end end |
.handle_xmlsec_error_callback(*args) ⇒ Object
270 271 272 273 |
# File 'lib/xml_sec.rb', line 270 def self.handle_xmlsec_error_callback(*args) raise_exception_if_necessary(*args) xmlSecErrorsDefaultCallback(*args) end |
.mute(&block) ⇒ Object
282 283 284 285 286 |
# File 'lib/xml_sec.rb', line 282 def self.mute(&block) xmlSecErrorsDefaultCallbackEnableOutput(false) block.call xmlSecErrorsDefaultCallbackEnableOutput(true) end |
.raise_exception_if_necessary(file, line, func, errorObject, errorSubject, reason, msg) ⇒ Object
275 276 277 278 279 |
# File 'lib/xml_sec.rb', line 275 def self.raise_exception_if_necessary(file, line, func, errorObject, errorSubject, reason, msg) if reason == XMLSEC_ERRORS_R_INVALID_DATA raise XmlSecError.new(msg) end end |
.register_xml_id_attribute(doc, root) ⇒ Object
Register ‘ID’ as an XML id attribute so we can properly sign/validate signatures with references of the form:
<dsig:Reference URI="#IdOfElementImSigning" />
Which refer to another element in the same document like:
<elem ID="IdOfElementImSigning" />
For more information see:
http://www.aleksey.com/xmlsec/faq.html#section_3_4
558 559 560 561 562 563 |
# File 'lib/xml_sec.rb', line 558 def self.register_xml_id_attribute(doc, root) idary = FFI::MemoryPointer.new(:pointer, 2) idary[0].put_pointer(0, FFI::MemoryPointer.from_string("ID")) idary[1].put_pointer(0, nil) XMLSecurity.xmlSecAddIDs(doc, root, idary) end |
.sign(reference_id, xml_string, private_key, certificate) ⇒ Object
488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 |
# File 'lib/xml_sec.rb', line 488 def self.sign(reference_id, xml_string, private_key, certificate) doc = self.xmlParseMemory(xml_string, xml_string.size) raise SignatureFailure.new("could not parse XML document") if doc.null? canonicalization_method_id = self.xmlSecTransformExclC14NGetKlass sign_method_id = self.xmlSecOpenSSLTransformRsaSha1GetKlass sign_node = self.xmlSecTmplSignatureCreate(doc, canonicalization_method_id, sign_method_id, nil) raise SignatureFailure.new("failed to create signature template") if sign_node.null? root = self.xmlDocGetRootElement(doc) self.xmlAddChild(root, sign_node) XMLSecurity.register_xml_id_attribute(doc, root) ref_node = self.xmlSecTmplSignatureAddReference(sign_node, self.xmlSecOpenSSLTransformSha1GetKlass, nil, reference_id && "##{reference_id}", nil) raise SignatureFailure.new("failed to add a reference") if ref_node.null? envelope_result = self.xmlSecTmplReferenceAddTransform(ref_node, self.xmlSecTransformEnvelopedGetKlass) raise SignatureFailure.new("failed to add envelope transform to reference") if envelope_result.null? key_info_node = self.xmlSecTmplSignatureEnsureKeyInfo(sign_node, nil) raise SignatureFailure.new("failed to add key info") if key_info_node.null? digital_signature_context = self.xmlSecDSigCtxCreate(nil) raise SignatureFailure.new("failed to create signature context") if digital_signature_context.null? digital_signature_context[:signKey] = self.xmlSecOpenSSLAppKeyLoad(private_key, :xmlSecKeyDataFormatPem, nil, nil, nil) raise SignatureFailure.new("failed to load private pem key from #{private_key}") if digital_signature_context[:signKey].null? if self.xmlSecOpenSSLAppKeyCertLoad(digital_signature_context[:signKey], certificate, :xmlSecKeyDataFormatPem) < 0 raise SignatureFailure.new("failed to load public cert from #{certificate}") end x509_data_node = self.xmlSecTmplKeyInfoAddX509Data(key_info_node) raise SignatureFailure.new("failed to add <dsig:X509Data/> node") if x509_data_node.null? if self.xmlSecDSigCtxSign(digital_signature_context, sign_node) < 0 raise SignatureFailure.new("signature failed!") end ptr = FFI::MemoryPointer.new(:pointer, 1) sizeptr = FFI::MemoryPointer.new(:pointer, 1) self.xmlDocDumpFormatMemory(doc, ptr, sizeptr, 0) strptr = ptr.read_pointer return strptr.null? ? nil : strptr.read_string ensure ptr.free if defined?(ptr) && ptr sizeptr.free if defined?(sizeptr) && sizeptr self.xmlFreeDoc(doc) if defined?(doc) && doc && !doc.null? self.xmlSecDSigCtxDestroy(digital_signature_context) if defined?(digital_signature_context) && digital_signature_context && !digital_signature_context.null? self.xmlFree(strptr) if defined?(strptr) && strptr && !strptr.null? end |
.xmlFree(ptr) ⇒ Object
261 262 263 |
# File 'lib/xml_sec.rb', line 261 def self.xmlFree(ptr) __xmlFree.call(ptr) end |
.xmlMalloc(size) ⇒ Object
257 258 259 |
# File 'lib/xml_sec.rb', line 257 def self.xmlMalloc(size) __xmlMalloc.call(size) end |