Class: Ciam::XMLSecurityNew::Document
- Inherits:
-
BaseDocument
- Object
- REXML::Document
- BaseDocument
- Ciam::XMLSecurityNew::Document
- Defined in:
- lib/ciam/xml_security_new.rb
Constant Summary collapse
- RSA_SHA1 =
"http://www.w3.org/2000/09/xmldsig#rsa-sha1"
- RSA_SHA256 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
- RSA_SHA384 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
- RSA_SHA512 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
- SHA1 =
"http://www.w3.org/2000/09/xmldsig#sha1"
- SHA256 =
'http://www.w3.org/2001/04/xmlenc#sha256'
- SHA384 =
"http://www.w3.org/2001/04/xmldsig-more#sha384"
- SHA512 =
'http://www.w3.org/2001/04/xmlenc#sha512'
- ENVELOPED_SIG =
"http://www.w3.org/2000/09/xmldsig#enveloped-signature"
- INC_PREFIX_LIST =
"#default samlp saml2p saml ds xs xsi md"
Constants inherited from BaseDocument
BaseDocument::C14N, BaseDocument::DSIG, BaseDocument::NOKOGIRI_OPTIONS
Instance Attribute Summary collapse
-
#uuid ⇒ Object
Returns the value of attribute uuid.
Instance Method Summary collapse
-
#sign_document(private_key, certificate, signature_method = RSA_SHA256, digest_method = SHA256) ⇒ Object
</Signature>.
Methods inherited from BaseDocument
Instance Attribute Details
#uuid ⇒ Object
Returns the value of attribute uuid.
95 96 97 |
# File 'lib/ciam/xml_security_new.rb', line 95 def uuid @uuid end |
Instance Method Details
#sign_document(private_key, certificate, signature_method = RSA_SHA256, digest_method = SHA256) ⇒ Object
</Signature>
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 |
# File 'lib/ciam/xml_security_new.rb', line 118 def sign_document(private_key, certificate, signature_method = RSA_SHA256, digest_method = SHA256) noko = Nokogiri::XML(self.to_s) do |config| config. = Ciam::XMLSecurityNew::BaseDocument::NOKOGIRI_OPTIONS end signature_element = REXML::Element.new("ds:Signature").add_namespace('ds', DSIG) signed_info_element = signature_element.add_element("ds:SignedInfo") signed_info_element.add_element("ds:CanonicalizationMethod", {"Algorithm" => C14N}) signed_info_element.add_element("ds:SignatureMethod", {"Algorithm"=>signature_method}) # Add Reference reference_element = signed_info_element.add_element("ds:Reference", {"URI" => "##{uuid}"}) # Add Transforms transforms_element = reference_element.add_element("ds:Transforms") transforms_element.add_element("ds:Transform", {"Algorithm" => ENVELOPED_SIG}) c14element = transforms_element.add_element("ds:Transform", {"Algorithm" => C14N}) c14element.add_element("ec:InclusiveNamespaces", {"xmlns:ec" => C14N, "PrefixList" => INC_PREFIX_LIST}) digest_method_element = reference_element.add_element("ds:DigestMethod", {"Algorithm" => digest_method}) inclusive_namespaces = INC_PREFIX_LIST.split(" ") canon_doc = noko.canonicalize(canon_algorithm(C14N), inclusive_namespaces) #canon_doc = noko.canonicalize(canon_algorithm(C14N)) reference_element.add_element("ds:DigestValue").text = compute_digest(canon_doc, algorithm(digest_method_element)) # add SignatureValue noko_sig_element = Nokogiri::XML(signature_element.to_s) do |config| config. = Ciam::XMLSecurityNew::BaseDocument::NOKOGIRI_OPTIONS end noko_signed_info_element = noko_sig_element.at_xpath('//ds:Signature/ds:SignedInfo', 'ds' => DSIG) canon_string = noko_signed_info_element.canonicalize(canon_algorithm(C14N), inclusive_namespaces) signature = compute_signature(private_key, algorithm(signature_method).new, canon_string) signature_element.add_element("ds:SignatureValue").text = signature.to_s.gsub(/\n/, "").gsub(/\t/, "") # add KeyInfo key_info_element = signature_element.add_element("ds:KeyInfo") x509_element = key_info_element.add_element("ds:X509Data") x509_cert_element = x509_element.add_element("ds:X509Certificate") if certificate.is_a?(String) certificate = OpenSSL::X509::Certificate.new(certificate) end x509_cert_element.text = Base64.encode64(certificate.to_der).to_s.gsub(/\n/, "").gsub(/\t/, "") # add the signature sp_sso_descriptor = self.root.elements["md:SPSSODescriptor"] unless sp_sso_descriptor.blank? #inserisco firma nei metadata self.root.insert_before sp_sso_descriptor, signature_element else #inserisco firma nella request saml_issuer = self.root.elements["saml:Issuer"] self.root.insert_after saml_issuer, signature_element end end |