38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
|
# File 'ext/xmlsig/t/tc_signer.rb', line 38
def test_signer_basics
x = Xmlsig::XmlDoc.new
if x.loadFromString('<hello>world!</hello>') < 0
raise "failed to create XML document"
end
k = Xmlsig::Key.new
if k.loadFromFile('t/res/rsakey.pem','pem','') < 0
raise "failed to load key"
end
s = Xmlsig::Signer.new(x,k)
s.signInPlace()
expected = <<-XML
<?xml version="1.0"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#obj1">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>YSHe8XZ7FyBg4bJyb9nB4m0x+uo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>cAWu6o1UKCUSfsVDlNG6JvE7bj6TrInQPdYYBWn/kR4zkyeSR45IjTjk8ug4w0lP
RJnPkFcxt9KZystNh/84boNPr8dV4aitMVBcwI9KC+wVyTSiNSGoQ97xwNWvV3P0
MuP0IfzwMYEYzaz4BcnLAeBS/zJj1nKBrQl4cPendKz258wND3sCx44gGPBWOe6S
+bgvzO31Dk6bXVid92DU2BBfzJ+vLC/R1pA7zzSbi4IbVOGGxcDwWz1UnXrBWVRv
l0BUrEO/ggm11KrDPywYpDk4K+S77uirJ5ZnE7/80gtVqeUNXFwPDXwxanr4OAYX
Oqke+lk6t9sVyzTbB/AhDw==</SignatureValue>
<Object Id="obj1"><hello>world!</hello></Object>
</Signature>
XML
assert_equal(clear_enveloping(expected),
clear_enveloping(x.toString), "check signed xml")
if x.loadFromString('<hello>world!</hello>') < 0
raise "failed to create XML document"
end
s = Xmlsig::Signer.new(x,k)
s.signInPlace()
assert_equal(clear_enveloping(expected),
clear_enveloping(x.toString), "should be able to sign again")
if x.loadFromString('<hello>world!</hello>') < 0
raise "failed to create XML document"
end
s = Xmlsig::Signer.new(x,k)
x_dup = s.sign()
original = <<-XML
<?xml version="1.0"?>
<hello>world!</hello>
XML
assert_equal(original, x.toString, "sign should preserve the original")
assert_equal(clear_enveloping(expected),
clear_enveloping(x_dup.toString), "sign should produce a copy")
s.signInPlace()
assert_equal(clear_enveloping(expected),
clear_enveloping(x.toString), "signInPlace should still work")
enveloped = <<-XML
<n0:pdu xmlns:n0="http://a.example">
<n1:elem1 xmlns:n1="http://b.example">
content
</n1:elem1>
</n0:pdu>
XML
if x.loadFromString(enveloped) < 0
raise "failed to create XML document"
end
s = Xmlsig::Signer.new(x,k)
x_dup = s.sign
expected = <<-XML
<?xml version="1.0"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#obj1">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Z1BLe+Di+r3Q88UGYMg0U98+SkQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>XnIMidjeC2cwjpx1g5cdUjJhaeOrUn7QVbOp3nZfZ9pX9h0RzNr7IbyBDIFYDz8V
x/pJTrIBwtNRNv/zipgNdO3Zz6k5cKOeh518F+tIVa6LiApywRIUSZJRJRDrkfRI
D+qllTfEz0nBZIkW6R40xawHYXbMi7/jirJPFptIqYW0P/X2QUqoR7tKMB6U7z97
6YXwLTO32O2R1udK8psoKwalOqdmWdR/8xWxLSjLoywyhF6c2+sNIa16BWMilFPX
hCz91erW1LWKcUXgVGbsniG/3Wqz7VXmROf0iYZ56gTLWA2qKRBS8DC3uZo830bq
cG04ZgJEZyAdMCjFcN0kaA==</SignatureValue>
<Object Id="obj1"><n0:pdu xmlns:n0="http://a.example">
<n1:elem1 xmlns:n1="http://b.example">
content
</n1:elem1>
</n0:pdu></Object>
</Signature>
XML
assert_equal(clear_enveloping(expected),
clear_enveloping(x_dup.toString), "inclusive c14n")
s.useExclusiveCanonicalizer('')
x_dup = s.sign
expected = <<-XML
<?xml version="1.0"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#obj1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Z1BLe+Di+r3Q88UGYMg0U98+SkQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>V/BJBFvJNWJmrPoTcCiEJ+Kiho3oNcwWzBrJIA9uCgl5LXvgJsH1iedVHzPlDyfH
zRxxjx3EiXBpmh92sPmboBcBEOJxEsXRmNNspLjdBlywoAJNSCXqdpWTKpjCeFxe
tefTsPt2u3FvMrHHPzqWJBegHkO1egsAJQ4ZenyfJw6OkXttdj52UJDiUNaoa5mr
ucKC4ccFxbOgtGg7pkfJ1mStvChRABb1a27glf0HkgXrffDkXklVwqmGLw+QD2VK
I3p3jWjicltVHHYazr1GzBG2MJ6JH/6q0cAS1tmXDQZPl/iV7kVX1kiJcjnUHbxi
DaJbsDL5hmar/m7hOKDgHA==</SignatureValue>
<Object Id="obj1"><n0:pdu xmlns:n0="http://a.example">
<n1:elem1 xmlns:n1="http://b.example">
content
</n1:elem1>
</n0:pdu></Object>
</Signature>
XML
assert_equal(clear_enveloping(expected),
clear_enveloping(x_dup.toString), "exclusive c14n")
x = Xmlsig::XmlDoc.new
if x.loadFromString('<hello>world!</hello>') < 0
raise "failed to create XML document"
end
k = Xmlsig::Key.new
if k.loadFromFile('t/res/rsakey.pem','pem','') < 0
raise "failed to load key"
end
s = Xmlsig::Signer.new(x,k)
if s.addCertFromFile('t/res/rsacert.pem', 'pem') < 0
raise "failed to add cert"
end
x_dup = s.sign
expected = <<-XML
<?xml version="1.0"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#obj-gXKdX4PpMA">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>FmuiTWZt7LioHNUGy5rSu+lqcNA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>M7eBJdXlzNuyAFdsFG/6ZHydmmq4X7VLXWixvRnXDZM2xVY1eCi3JtPtOI/qNdEp
FiV8/PvZ2fUQqMdGmKU2HX4RJyf2BuzlrsJ3lGXu84HDSDRnt6TChO2PThFjw7ZP
vicru6g8PN6uK5aWDZ6AXT/aDvwiar1wN0LfAnthnXXByQtIwDbtQLvkbdcoDjVh
YNn2FD/XjXsNtEH2Ny7wWsd3zsX3X3TbYJWyuXfvsg1/rS7m0hLYNM4EDIyAj8CF
BAgYY55DLt8GX7jiKQD/0gYebp0NQCepL02drQ090URMksNyOYIpZwPv2lUfCOAn
5LnFffld7w+CGCIdMegVaQ==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw
EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt
cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt
quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E
mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg
qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53
7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w
Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG
A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw
MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA
MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY
1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn
ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL
NJ2D</X509Certificate>
</X509Data>
</KeyInfo>
<Object Id="obj-gXKdX4PpMA"><hello>world!</hello></Object>
</Signature>
XML
assert_equal(clear_enveloping(expected),
clear_enveloping(x_dup.toString),
"sign and attach pubkey x509 cert")
x = Xmlsig::XmlDoc.new
if x.loadFromString('<hello>world!</hello>') < 0
raise "failed to create XML document"
end
k = Xmlsig::Key.new
if k.loadHMACFromString('secret') < 0
raise "failed to load key"
end
s = Xmlsig::Signer.new(x,k)
x_dup = s.sign
expected = <<-XML
<?xml version="1.0"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#obj1">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>YSHe8XZ7FyBg4bJyb9nB4m0x+uo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>a2xSwgkUYkby86Rw32ZuJjzrkJQ=</SignatureValue>
<Object Id="obj1"><hello>world!</hello></Object>
</Signature>
XML
assert_equal(clear_enveloping(expected),
clear_enveloping(x_dup.toString),
"sign with HMAC")
end
|