Commit eabb08d
Changed files (13)
lib/xml/kit/certificate.rb
@@ -7,7 +7,9 @@ module Xml
# {include:file:spec/xml/certificate_spec.rb}
class Certificate
include Templatable
+ # rubocop:disable Metrics/LineLength
BASE64_FORMAT = %r(\A([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\Z).freeze
+ # rubocop:enable Metrics/LineLength
BEGIN_CERT = /-----BEGIN CERTIFICATE-----/.freeze
END_CERT = /-----END CERTIFICATE-----/.freeze
# The use can be `:signing` or `:encryption`. Use `nil` for both.
lib/xml/kit/decryption.rb
@@ -16,7 +16,9 @@ module Xml
#
# @param data [Hash] the XML document converted to a [Hash] using Hash.from_xml.
def decrypt(data)
- ::Xml::Kit.deprecate('decrypt is deprecated. Use decrypt_xml or decrypt_hash instead.')
+ ::Xml::Kit.deprecate(
+ 'decrypt is deprecated. Use decrypt_xml or decrypt_hash instead.'
+ )
decrypt_hash(data)
end
@@ -31,11 +33,11 @@ module Xml
#
# @param hash [Hash] the XML document converted to a [Hash] using Hash.from_xml.
def decrypt_hash(hash)
- encrypted_data = hash['EncryptedData']
+ data = hash['EncryptedData']
to_plaintext(
- Base64.decode64(encrypted_data['CipherData']['CipherValue']),
- symmetric_key_from(encrypted_data),
- encrypted_data['EncryptionMethod']['Algorithm']
+ Base64.decode64(data['CipherData']['CipherValue']),
+ symmetric_key_from(data['KeyInfo']['EncryptedKey']),
+ data['EncryptionMethod']['Algorithm']
)
end
@@ -50,12 +52,12 @@ module Xml
private
- def symmetric_key_from(encrypted_data, attempts = private_keys.count)
- cipher_text = Base64.decode64(encrypted_data['KeyInfo']['EncryptedKey']['CipherData']['CipherValue'])
+ def symmetric_key_from(encrypted_key, attempts = private_keys.count)
+ cipher, algorithm = cipher_and_algorithm_fron(encrypted_key)
private_keys.each do |private_key|
begin
attempts -= 1
- return to_plaintext(cipher_text, private_key, encrypted_data['KeyInfo']['EncryptedKey']['EncryptionMethod']['Algorithm'])
+ return to_plaintext(cipher, private_key, algorithm)
rescue OpenSSL::PKey::RSAError
raise if attempts.zero?
end
@@ -66,6 +68,13 @@ module Xml
def to_plaintext(cipher_text, private_key, algorithm)
cipher_registry.cipher_for(algorithm, private_key).decrypt(cipher_text)
end
+
+ def cipher_and_algorithm_fron(encrypted_key)
+ [
+ Base64.decode64(encrypted_key['CipherData']['CipherValue']),
+ encrypted_key['EncryptionMethod']['Algorithm']
+ ]
+ end
end
end
end
lib/xml/kit/document.rb
@@ -47,9 +47,10 @@ module Xml
end
end
- def invalid_signatures
- signed_document = Xmldsig::SignedDocument.new(document, id_attr: 'ID=$uri or @Id')
- signed_document.signatures.find_all do |signature|
+ def invalid_signatures(id_attr: 'ID=$uri or @Id')
+ Xmldsig::SignedDocument
+ .new(document, id_attr: id_attr)
+ .signatures.find_all do |signature|
x509_certificates.all? do |certificate|
!signature.valid?(certificate)
end
lib/xml/kit/encrypted_data.rb
@@ -14,8 +14,13 @@ module Xml
key_info: nil
)
@symmetric_cipher = symmetric_cipher
- @symmetric_cipher_value = Base64.strict_encode64(symmetric_cipher.encrypt(raw_xml))
- @key_info = key_info || create_key_info_for(symmetric_cipher, asymmetric_cipher)
+ @symmetric_cipher_value = Base64.strict_encode64(
+ symmetric_cipher.encrypt(raw_xml)
+ )
+ @key_info = key_info || create_key_info_for(
+ symmetric_cipher,
+ asymmetric_cipher
+ )
end
def to_xml(xml: ::Builder::XmlMarkup.new)
@@ -30,7 +35,10 @@ module Xml
def create_key_info_for(symmetric_cipher, asymmetric_cipher)
KeyInfo.new do |x|
- x.encrypted_key = EncryptedKey.new(asymmetric_cipher: asymmetric_cipher, symmetric_cipher: symmetric_cipher)
+ x.encrypted_key = EncryptedKey.new(
+ asymmetric_cipher: asymmetric_cipher,
+ symmetric_cipher: symmetric_cipher
+ )
end
end
end
lib/xml/kit/encrypted_key.rb
@@ -10,7 +10,12 @@ module Xml
attr_reader :asymmetric_cipher, :symmetric_cipher
attr_accessor :key_info
- def initialize(id: Id.generate, asymmetric_cipher:, symmetric_cipher:, key_info: nil)
+ def initialize(
+ id: Id.generate,
+ asymmetric_cipher:,
+ symmetric_cipher:,
+ key_info: nil
+ )
@id = id
@asymmetric_cipher = asymmetric_cipher
@symmetric_cipher = symmetric_cipher
lib/xml/kit/encryption.rb
@@ -11,16 +11,14 @@ module Xml
def initialize(
raw_xml,
public_key,
- symmetric_algorithm: ::Xml::Kit::Crypto::SymmetricCipher::DEFAULT_ALGORITHM,
- asymmetric_algorithm: ::Xml::Kit::Crypto::RsaCipher::ALGORITHM,
+ symmetric_algorithm: Crypto::SymmetricCipher::DEFAULT_ALGORITHM,
+ asymmetric_algorithm: Crypto::RsaCipher::ALGORITHM,
key_info: nil
)
@symmetric_algorithm = symmetric_algorithm
@asymmetric_algorithm = asymmetric_algorithm
- ::Xml::Kit.deprecate('Xml::Kit::Encryption is deprecated. Use Xml::Kit::EncryptedData instead.')
-
- super(
- raw_xml,
+ Xml::Kit.deprecate('Encryption is deprecated. Use EncryptedData.')
+ super(raw_xml,
symmetric_cipher: symmetric(symmetric_algorithm),
asymmetric_cipher: asymmetric(asymmetric_algorithm, public_key),
key_info: key_info
lib/xml/kit/key_pair.rb
@@ -30,9 +30,16 @@ module Xml
# @param use [Symbol] Can be either `:signing` or `:encryption`.
# @param passphrase [String] the passphrase to use to encrypt the private key.
# @param algorithm [String] the symmetric algorithm to use for encrypting the private key.
- def self.generate(use:, passphrase: SecureRandom.uuid, algorithm: ::Xml::Kit::Crypto::SymmetricCipher::DEFAULT_ALGORITHM)
+ def self.generate(
+ use:,
+ passphrase: SecureRandom.uuid,
+ algorithm: ::Xml::Kit::Crypto::SymmetricCipher::DEFAULT_ALGORITHM
+ )
algorithm = ::Xml::Kit::Crypto::SymmetricCipher::ALGORITHMS[algorithm]
- certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(algorithm: algorithm, passphrase: passphrase)
+ certificate, private_key = SelfSignedCertificate.new.create(
+ algorithm: algorithm,
+ passphrase: passphrase
+ )
new(certificate, private_key, passphrase, use)
end
end
lib/xml/kit/self_signed_certificate.rb
@@ -5,7 +5,11 @@ module Xml
class SelfSignedCertificate
SUBJECT = '/C=CA/ST=AB/L=Calgary/O=XmlKit/OU=XmlKit/CN=XmlKit'.freeze
- def create(algorithm: 'AES-256-CBC', passphrase: nil, key_pair: OpenSSL::PKey::RSA.new(2048))
+ def create(
+ algorithm: 'AES-256-CBC',
+ passphrase: nil,
+ key_pair: OpenSSL::PKey::RSA.new(2048)
+ )
certificate = certificate_for(key_pair.public_key)
certificate.sign(key_pair, OpenSSL::Digest::SHA256.new)
[certificate.to_pem, export(key_pair, algorithm, passphrase)]
@@ -24,7 +28,8 @@ module Xml
def certificate_for(public_key)
certificate = OpenSSL::X509::Certificate.new
- certificate.subject = certificate.issuer = OpenSSL::X509::Name.parse(SUBJECT)
+ certificate.subject =
+ certificate.issuer = OpenSSL::X509::Name.parse(SUBJECT)
certificate.not_before = Time.now
certificate.not_after = certificate.not_before + 30 * 24 * 60 * 60 # 30 days
certificate.public_key = public_key
@@ -35,10 +40,12 @@ module Xml
end
def apply_ski_extension_to(certificate)
- extension_factory = OpenSSL::X509::ExtensionFactory.new
- extension_factory.subject_certificate = certificate
- extension_factory.issuer_certificate = certificate
- certificate.add_extension(extension_factory.create_extension('subjectKeyIdentifier', 'hash', false))
+ extensions = OpenSSL::X509::ExtensionFactory.new
+ extensions.subject_certificate = certificate
+ extensions.issuer_certificate = certificate
+ certificate.add_extension(
+ extensions.create_extension('subjectKeyIdentifier', 'hash', false)
+ )
end
end
end
lib/xml/kit/signature.rb
@@ -23,7 +23,12 @@ module Xml
attr_reader :reference_id
attr_reader :signature_method
- def initialize(reference_id, signature_method: :SH256, digest_method: :SHA256, certificate:)
+ def initialize(
+ reference_id,
+ signature_method: :SH256,
+ digest_method: :SHA256,
+ certificate:
+ )
@certificate = certificate
@digest_method = DIGEST_METHODS[digest_method]
@reference_id = reference_id
lib/xml/kit/signatures.rb
@@ -39,7 +39,12 @@ module Xml
end
# @!visibility private
- def self.sign(xml: ::Builder::XmlMarkup.new, key_pair:, signature_method: :SHA256, digest_method: :SHA256)
+ def self.sign(
+ xml: ::Builder::XmlMarkup.new,
+ key_pair:,
+ signature_method: :SHA256,
+ digest_method: :SHA256
+ )
signatures = new(
key_pair: key_pair,
signature_method: signature_method,
lib/xml/kit/templatable.rb
@@ -32,7 +32,9 @@ module Xml
end
def encryption_for(*args, &block)
- ::Xml::Kit.deprecate('encryption_for is deprecated. Use encrypt_data_for instead.')
+ ::Xml::Kit.deprecate(
+ 'encryption_for is deprecated. Use encrypt_data_for instead.'
+ )
encrypt_data_for(*args, &block)
end
@@ -50,7 +52,10 @@ module Xml
end
def asymmetric_cipher(algorithm: Crypto::RsaCipher::ALGORITHM)
- @asymmetric_cipher ||= Crypto.cipher_for(algorithm, encryption_certificate.public_key)
+ @asymmetric_cipher ||= Crypto.cipher_for(
+ algorithm,
+ encryption_certificate.public_key
+ )
end
def symmetric_cipher
.rubocop.yml
@@ -59,8 +59,10 @@ Metrics/ModuleLength:
- 'spec/**/*.rb'
Metrics/LineLength:
+ IgnoredPatterns: ['(\A|\s)#']
Exclude:
- 'spec/**/*.rb'
+ - 'lib/xml/kit/templates/*.builder'
Naming/FileName:
Exclude:
.rubocop_todo.yml
@@ -14,9 +14,3 @@ Metrics/AbcSize:
Style/DoubleNegation:
Exclude:
- 'lib/xml/kit/certificate.rb'
-
-# Offense count: 29
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
-# URISchemes: http, https
-Metrics/LineLength:
- Max: 141