Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Implementation of the xmldsig specification http://www.w3.org/TR/xmldsig-core/
Ruby
Branch: master
Pull request Compare This branch is 3 commits ahead, 41 commits behind benoist:master.

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
spec
.gitignore
.rspec
.travis.yaml
Gemfile
Guardfile
LICENSE
README.md
Rakefile
xmldsig.gemspec

README.md

Build Status

Xmldsig

This gem is a (partial) implementation of the XMLDsig specification (http://www.w3.org/TR/xmldsig-core)

Installation

Add this line to your application's Gemfile:

gem 'xmldsig'

And then execute:

$ bundle

Or install it yourself as:

$ gem install xmldsig

Usage

unsigned_xml = <<-XML
<?xml version="1.0" encoding="UTF-8"?>
<foo:Foo ID="foo" xmlns:foo="http://example.com/foo#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#">
  <foo:Bar>bar</foo:Bar>
  <ds:Signature>
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
      <ds:Reference URI="#foo">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces PrefixList="foo"/>
          </ds:Transform>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <ds:DigestValue></ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue></ds:SignatureValue>
  </ds:Signature>
</foo:Foo>
XML

private_key = OpenSSL::PKey::RSA.new(File.read("key.pem"))
certificate = OpenSSL::X509::Certificate.new(File.read("certificate.cer"))

unsigned_document = Xmldsig::SignedDocument.new(unsigned_xml)
signed_xml = unsigned_document.sign(private_key)

# With block
signed_xml = unsigned_document.sign do |data|
  private_key.sign(OpenSSL::Digest::SHA256.new, data)
end

# Validation

signed_document = Xmldsig::SignedDocument.new(signed_xml)
signed_document.verify(certificate)

# With block
signed_document = Xmldsig::SignedDocument.new(signed_xml)
signed_document.verify do |signature_value, data|
  certificate.public_key.verify(OpenSSL::Digest::SHA256.new, signature_value, data)
end

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request
Something went wrong with that request. Please try again.