Class: XMLSecurity::Document

Inherits:
BaseDocument show all
Defined in:
lib/xml_security.rb

Constant Summary collapse

SHA1 = 
"http://www.w3.org/2000/09/xmldsig#rsa-sha1"
SHA256 = 
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
SHA384 = 
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
SHA512 = 
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
ENVELOPED_SIG = 
"http://www.w3.org/2000/09/xmldsig#enveloped-signature"
INC_PREFIX_LIST = 
"#default samlp saml ds xs xsi"

Constants inherited from BaseDocument

BaseDocument::C14N, BaseDocument::DSIG

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from BaseDocument

#algorithm, #canon_algorithm

Instance Attribute Details

#uuidObject

Returns the value of attribute uuid.



81
82
83
 
# File 'lib/xml_security.rb', line 81

def uuid
  @uuid
end

Instance Method Details

#sign_document(private_key, certificate, signature_method = SHA1, digest_method = SHA1) ⇒ Object

</Signature>



98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
 
# File 'lib/xml_security.rb', line 98

def sign_document(private_key, certificate, signature_method = SHA1, digest_method = SHA1)
  noko = Nokogiri.parse(self.to_s)
  canon_doc = noko.canonicalize(canon_algorithm(C14N))

  signature_element = REXML::Element.new("ds:Signature").add_namespace('ds', DSIG)
  signed_info_element = signature_element.add_element("ds:SignedInfo")
  signed_info_element.add_element("ds:CanonicalizationMethod", {"Algorithm" => C14N})
  signed_info_element.add_element("ds:SignatureMethod", {"Algorithm"=>signature_method})

  # Add Reference
  reference_element = signed_info_element.add_element("ds:Reference", {"URI" => "##{uuid}"})

  # Add Transforms
  transforms_element = reference_element.add_element("ds:Transforms")
  transforms_element.add_element("ds:Transform", {"Algorithm" => ENVELOPED_SIG})
  transforms_element.add_element("ds:Transform", {"Algorithm" => C14N})
  transforms_element.add_element("ds:InclusiveNamespaces", {"xmlns" => C14N, "PrefixList" => INC_PREFIX_LIST})

  digest_method_element = reference_element.add_element("ds:DigestMethod", {"Algorithm" => digest_method})
  reference_element.add_element("ds:DigestValue").text = compute_digest(canon_doc, algorithm(digest_method_element))

  # add SignatureValue
  noko_sig_element = Nokogiri.parse(signature_element.to_s)
  noko_signed_info_element = noko_sig_element.at_xpath('//ds:Signature/ds:SignedInfo', 'ds' => DSIG)
  canon_string = noko_signed_info_element.canonicalize(canon_algorithm(C14N))
  signature = compute_signature(private_key, algorithm(signature_method).new, canon_string)
  signature_element.add_element("ds:SignatureValue").text = signature

  # add KeyInfo
  key_info_element       = signature_element.add_element("ds:KeyInfo")
  x509_element           = key_info_element.add_element("ds:X509Data")
  x509_cert_element      = x509_element.add_element("ds:X509Certificate")
  if certificate.is_a?(String)
    certificate = OpenSSL::X509::Certificate.new(certificate)
  end
  x509_cert_element.text = Base64.encode64(certificate.to_der).gsub(/\n/, "")

  # add the signature
  issuer_element = self.elements["//saml:Issuer"]
  if issuer_element
    self.root.insert_after issuer_element, signature_element
  else
    self.root.add_element(signature_element)
  end
end