Class: Akami::WSSE::VerifySignature

Inherits:

Object

• Object
• Akami::WSSE::VerifySignature

Includes:

C14nHelper

Defined in:

lib/akami/wsse/verify_signature.rb

Overview

Validating WSSE signed messages.

Defined Under Namespace

Classes: InvalidDigest, InvalidSignedValue

Instance Attribute Summary

• #document ⇒ Object readonly

  Returns the value of attribute document.

• #namespaces ⇒ Object

  Returns XML namespaces that are used internally for document querying.

Instance Method Summary

• #certificate ⇒ Object

  Returns signer’s certificate, bundled in signed document.

• #digesters ⇒ Object

  Returns a hash with currently initialized digesters.

• #initialize(xml) ⇒ VerifySignature constructor

  A new instance of VerifySignature.

• #valid? ⇒ Boolean

  Validates document signature, returns true on success, false otherwise.

• #verify! ⇒ Object

  Validates document signature and digests and raises if anything mismatches.

Methods included from C14nHelper

#canonicalize

Constructor Details

#initialize(xml) ⇒ VerifySignature

Returns a new instance of VerifySignature.

# File 'lib/akami/wsse/verify_signature.rb', line 17

def initialize(xml)
  @document = Nokogiri::XML(xml.to_s, &:noblanks)
end

Instance Attribute Details

#document ⇒ Object (readonly)

Returns the value of attribute document.

# File 'lib/akami/wsse/verify_signature.rb', line 15

def document
  @document
end

#namespaces ⇒ Object

Returns XML namespaces that are used internally for document querying.

# File 'lib/akami/wsse/verify_signature.rb', line 22

def namespaces
  @namespaces ||= {
    wse: Akami::WSSE::WSE_NAMESPACE,
    ds:  'http://www.w3.org/2000/09/xmldsig#',
    wsu: Akami::WSSE::WSU_NAMESPACE,
  }
end

Instance Method Details

#certificate ⇒ Object

Returns signer’s certificate, bundled in signed document

# File 'lib/akami/wsse/verify_signature.rb', line 34

def certificate
  certificate_value = document.at_xpath('//wse:Security/wse:BinarySecurityToken', namespaces).text.strip
  OpenSSL::X509::Certificate.new Base64.decode64(certificate_value)
end

#digesters ⇒ Object

Returns a hash with currently initialized digesters.

Will be empty after initialization, and will contain used algorithms after verification.

May be used to insert additional digesters, not supported out of the box, for example:

digesters['http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'] = OpenSSL::Digest::SHA512.new

# File 'lib/akami/wsse/verify_signature.rb', line 61

def digesters
  @digesters
end

#valid? ⇒ Boolean

Validates document signature, returns true on success, false otherwise.

Returns:

• (Boolean)

# File 'lib/akami/wsse/verify_signature.rb', line 40

def valid?
  verify
rescue InvalidDigest, InvalidSignedValue
  return false
end

#verify! ⇒ Object

Validates document signature and digests and raises if anything mismatches.

# File 'lib/akami/wsse/verify_signature.rb', line 47

def verify!
  verify
rescue InvalidDigest, InvalidSignedValue => e
  raise InvalidSignature, e.message
end