144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
# File 'lib/saml/util.rb', line 144
def verify_xml(message, raw_body)
document = Xmldsig::SignedDocument.new(raw_body)
signature_valid = document.validate do |signature, data, signature_algorithm|
node = document.signatures.find { |s| s.signature_value == signature }.signature.at_xpath('descendant::ds:KeyName', Xmldsig::NAMESPACES)
key_name = node.present? ? node.content : nil
message.provider.verify(signature_algorithm, signature, data, key_name)
end
fail Saml::Errors::SignatureInvalid unless signature_valid
signed_node = document.signed_nodes.find { |node| node['ID'] == message._id }
message.class.parse(signed_node.canonicalize, single: true)
end
|