Class: WSDL::Security::Digester

Inherits:

Object

• Object
• WSDL::Security::Digester

Defined in:

lib/wsdl/security/digester.rb

Overview

Handles digest calculation for XML Digital Signatures.

The Digester computes cryptographic hashes of XML content for use in signature Reference elements. It supports SHA-1, SHA-256, and SHA-512 algorithms.

Examples:

Basic usage

digester = Digester.new
digest = digester.digest("content to hash")

With Base64 encoding (for XML output)

digester = Digester.new(algorithm: :sha256)
base64_digest = digester.base64_digest(canonicalized_xml)

See Also:

• https://www.w3.org/TR/xmldsig-core1/#sec-DigestMethod

Constant Summary

Digest =

Local alias for digest algorithm constants

Constants::Algorithms::Digest

ALGORITHMS =

Supported digest algorithms.

Each algorithm specifies:

• :id - The URI used in XML DigestMethod elements
• :name - The OpenSSL digest name
• :klass - The OpenSSL::Digest class to use

{
  # SHA-1 (legacy, still widely used in WS-Security)
  sha1: {
    id: Digest::SHA1,
    name: 'SHA1',
    klass: OpenSSL::Digest::SHA1
  },

  # SHA-224
  sha224: {
    id: Digest::SHA224,
    name: 'SHA224',
    klass: OpenSSL::Digest::SHA224
  },

  # SHA-256 (recommended)
  sha256: {
    id: Digest::SHA256,
    name: 'SHA256',
    klass: OpenSSL::Digest::SHA256
  },

  # SHA-384
  sha384: {
    id: Digest::SHA384,
    name: 'SHA384',
    klass: OpenSSL::Digest::SHA384
  },

  # SHA-512 (strongest)
  sha512: {
    id: Digest::SHA512,
    name: 'SHA512',
    klass: OpenSSL::Digest::SHA512
  }
}.freeze

DEFAULT_ALGORITHM =

Default algorithm to use

:sha256

Instance Attribute Summary

• #algorithm ⇒ Hash readonly

  Returns the current algorithm configuration.

• #algorithm_key ⇒ Symbol readonly

  Returns the algorithm symbol.

Class Method Summary

• .base64_digest(data, algorithm: DEFAULT_ALGORITHM) ⇒ String

  Class method to compute a Base64-encoded digest.

• .digest(data, algorithm: DEFAULT_ALGORITHM, encode: nil) ⇒ String

  Class method to compute a digest with default settings.

Instance Method Summary

• #algorithm_id ⇒ String

  Returns the algorithm URI for use in XML DigestMethod elements.

• #algorithm_name ⇒ String

  Returns the OpenSSL digest name.

• #base64_digest(data) ⇒ String

  Computes the digest and returns it as a Base64-encoded string.

• #digest(data) ⇒ String

  Computes the digest of the given data.

• #digest_length ⇒ Integer

  Returns the digest length in bytes.

• #hex_digest(data) ⇒ String

  Computes the digest and returns it as a hexadecimal string.

• #initialize(algorithm: DEFAULT_ALGORITHM) ⇒ Digester constructor

  Creates a new Digester instance.

• #new_digest ⇒ OpenSSL::Digest

  Creates a new OpenSSL::Digest instance for this algorithm.

Constructor Details

#initialize(algorithm: DEFAULT_ALGORITHM) ⇒ Digester

Creates a new Digester instance.

Parameters:

• algorithm (Symbol) (defaults to: DEFAULT_ALGORITHM) —

  the digest algorithm to use (default: :sha256)

Raises:

• (ArgumentError) —

  if an unknown algorithm is specified

# File 'lib/wsdl/security/digester.rb', line 90

def initialize(algorithm: DEFAULT_ALGORITHM)
  @algorithm_key = algorithm
  @algorithm = ALGORITHMS[algorithm] or
    raise ArgumentError, "Unknown digest algorithm: #{algorithm.inspect}. " \
                         "Valid options: #{ALGORITHMS.keys.join(', ')}"
end

Instance Attribute Details

#algorithm ⇒ Hash (readonly)

Returns the current algorithm configuration.

Returns:

• (Hash) —

  the algorithm settings

# File 'lib/wsdl/security/digester.rb', line 77

def algorithm
  @algorithm
end

#algorithm_key ⇒ Symbol (readonly)

Returns the algorithm symbol.

Returns:

• (Symbol) —

  the algorithm key (e.g., :sha256)

# File 'lib/wsdl/security/digester.rb', line 81

def algorithm_key
  @algorithm_key
end

Class Method Details

.base64_digest(data, algorithm: DEFAULT_ALGORITHM) ⇒ String

Class method to compute a Base64-encoded digest.

Parameters:

• data (String) —

  the data to digest

• algorithm (Symbol) (defaults to: DEFAULT_ALGORITHM) —

  the algorithm to use (default: :sha256)

Returns:

• (String) —

  the Base64-encoded digest

# File 'lib/wsdl/security/digester.rb', line 197

def self.base64_digest(data, algorithm: DEFAULT_ALGORITHM)
  new(algorithm: algorithm).base64_digest(data)
end

.digest(data, algorithm: DEFAULT_ALGORITHM, encode: nil) ⇒ String

Class method to compute a digest with default settings.

Parameters:

• data (String) —

  the data to digest

• algorithm (Symbol) (defaults to: DEFAULT_ALGORITHM) —

  the algorithm to use (default: :sha256)

• encode (Symbol, nil) (defaults to: nil) —

  encoding format (:base64, :hex, or nil for raw)

Returns:

• (String) —

  the digest in the specified format

# File 'lib/wsdl/security/digester.rb', line 177

def self.digest(data, algorithm: DEFAULT_ALGORITHM, encode: nil)
  digester = new(algorithm: algorithm)

  case encode
  when :base64
    digester.base64_digest(data)
  when :hex
    digester.hex_digest(data)
  else
    digester.digest(data)
  end
end

Instance Method Details

#algorithm_id ⇒ String

Returns the algorithm URI for use in XML DigestMethod elements.

Returns:

• (String) —

  the digest algorithm URI

# File 'lib/wsdl/security/digester.rb', line 138

def algorithm_id
  @algorithm[:id]
end

#algorithm_name ⇒ String

Returns the OpenSSL digest name.

Returns:

• (String) —

  the digest algorithm name (e.g., 'SHA256')

# File 'lib/wsdl/security/digester.rb', line 146

def algorithm_name
  @algorithm[:name]
end

#base64_digest(data) ⇒ String

Computes the digest and returns it as a Base64-encoded string.

This is the format required for XML DigestValue elements.

Examples:

digester.base64_digest("hello world")
# => "Kq5sNclPz7QV2+lfQIuc6R7oRu0="

Parameters:

• data (String) —

  the data to digest

Returns:

• (String) —

  the Base64-encoded digest

# File 'lib/wsdl/security/digester.rb', line 121

def base64_digest(data)
  Base64.strict_encode64(digest(data))
end

#digest(data) ⇒ String

Computes the digest of the given data.

Examples:

digester.digest("hello world")
# => binary string

Parameters:

• data (String) —

  the data to digest

Returns:

• (String) —

  the raw binary digest

# File 'lib/wsdl/security/digester.rb', line 106

def digest(data)
  @algorithm[:klass].digest(data)
end

#digest_length ⇒ Integer

Returns the digest length in bytes.

Returns:

• (Integer) —

  the digest length

# File 'lib/wsdl/security/digester.rb', line 154

def digest_length
  @algorithm[:klass].new.digest_length
end

#hex_digest(data) ⇒ String

Computes the digest and returns it as a hexadecimal string.

Parameters:

• data (String) —

  the data to digest

Returns:

• (String) —

  the hexadecimal digest

# File 'lib/wsdl/security/digester.rb', line 130

def hex_digest(data)
  @algorithm[:klass].hexdigest(data)
end

#new_digest ⇒ OpenSSL::Digest

Creates a new OpenSSL::Digest instance for this algorithm.

This is useful when you need to feed data incrementally or when signing.

Returns:

• (OpenSSL::Digest) —

  a new digest instance

# File 'lib/wsdl/security/digester.rb', line 165

def new_digest
  @algorithm[:klass].new
end