在Ruby中规范化XML [英] Canonicalizing XML in Ruby
问题描述
我正在使用Ruby / Rails在SAML网关上工作,并且尝试编写一些代码来验证 xml数字签名。
I'm working on a SAML gateway using Ruby/Rails and I'm attempting to write some code that validates the xml digital signature of the incoming SAML response against the x509 cert of the originating service.
我的问题:签名依赖于经过哈希处理然后签名的XML的规范化版本,而我很难找到可以按规范。我在rubyforge上发现了超级旧宝石,但我会更感兴趣如果类似nokogiri之类的东西支持这种功能(从nokogiri文档中不支持)。
My problem: the signature depends on a canonicalized version of the XML that is hashed and then signed and I'm having trouble finding a ruby lib/gem that will canonicalize XML per the spec. I found a super old gem on rubyforge that is a mess but I'd be more interested if something like nokogiri supported this kind of functionality (from the nokogiri docs, it doesn't).
我已经在Google上进行了广泛的搜索,但是我想在这里问一下在尝试并尝试编写自己的版本或对现有的c14n-r库进行重做之前,请先查看是否有人有任何深刻的见识。
I've googled extensively but thought I'd ask around here to see if anyone has any good insights before I go and try to write my own version or rework the existing c14n-r library.
推荐答案
给这两个宝石一个机会:
Give these two gems a shot:
http://rubygems.org/gems/coupa-libxml-ruby
http://rubygems.org/gems/xmlsec-ruby
我为SAML项目编写了它们。第一个修补程序libxml-ruby在基础C库中添加了规范函数的绑定。
I wrote them for a SAML project. The first patches libxml-ruby to add a binding for the canonicalize function in the base C library.
后者是Rubysec的Rubysec绑定。现在,所有有效的方法就是签名验证,这是我完成该项目所需的全部,但听起来也满足您的需求。
The latter is ruby binding for xmlsec. Right now all that works is signature verification, which was all I needed for the project, but it sounds like it'd fit your needs too.
我建议您去使用xmlsec是因为尝试编写自己的XML签名验证码是徒劳的。请耐心等待,直到您必须处理多个封装的签名,嵌入式证书等等。让xmlsec处理该废话。
I'd recommend going with xmlsec because trying to write your own XML signature verification code is an exercise in futility. Just wait til you have to deal with multiple enveloped signatures, embedded certificates, gah. Let xmlsec handle that crap.
这篇关于在Ruby中规范化XML的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
