Class: Saml::Kit::Signature

Inherits:

Object

• Object
• Saml::Kit::Signature

Includes:

ActiveModel::Validations, Translatable

Defined in:

lib/saml/kit/signature.rb

Overview

This class is responsible for validating an xml digital signature in an xml document.

Instance Attribute Summary

• #name ⇒ Object readonly

  Returns the value of attribute name.

Instance Method Summary

• #canonicalization_method ⇒ Object
• #certificate ⇒ Object

  Returns the embedded X509 Certificate.

• #digest_method ⇒ Object
• #digest_value ⇒ Object
• #expected_digest_value ⇒ Object
• #initialize(node) ⇒ Signature constructor

  A new instance of Signature.

• #present? ⇒ Boolean
• #signature_method ⇒ Object
• #signature_value ⇒ Object
• #to_h ⇒ Object

  Returns the XML Hash.

• #to_s ⇒ Object
• #to_xml(pretty: nil) ⇒ Object
• #transforms ⇒ Object
• #trusted?(metadata) ⇒ Boolean

  Returns true when the fingerprint of the certificate matches one of the certificates registered in the metadata.

Constructor Details

#initialize(node) ⇒ Signature

Returns a new instance of Signature.

# File 'lib/saml/kit/signature.rb', line 17

def initialize(node)
  @name = 'Signature'
  @node = node
end

Instance Attribute Details

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/saml/kit/signature.rb', line 15

def name
  @name
end

Instance Method Details

#canonicalization_method ⇒ Object

# File 'lib/saml/kit/signature.rb', line 61

def canonicalization_method
  xpath = './ds:SignedInfo/ds:CanonicalizationMethod/@Algorithm'
  at_xpath(xpath).try(:value)
end

#certificate ⇒ Object

Returns the embedded X509 Certificate

# File 'lib/saml/kit/signature.rb', line 23

def certificate
  xpath = './ds:KeyInfo/ds:X509Data/ds:X509Certificate'
  value = at_xpath(xpath).try(:text)
  return if value.nil?
  ::Xml::Kit::Certificate.new(value, use: :signing)
end

#digest_method ⇒ Object

# File 'lib/saml/kit/signature.rb', line 48

def digest_method
  xpath = './ds:SignedInfo/ds:Reference/ds:DigestMethod/@Algorithm'
  at_xpath(xpath).try(:value)
end

#digest_value ⇒ Object

# File 'lib/saml/kit/signature.rb', line 37

def digest_value
  at_xpath('./ds:SignedInfo/ds:Reference/ds:DigestValue').try(:text)
end

#expected_digest_value ⇒ Object

# File 'lib/saml/kit/signature.rb', line 41

def expected_digest_value
  digests = dsignature.references.map do |xxx|
    Base64.encode64(xxx.calculate_digest_value).chomp
  end
  digests.count > 1 ? digests : digests[0]
end

#present? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml/kit/signature.rb', line 83

def present?
  node.present?
end

#signature_method ⇒ Object

# File 'lib/saml/kit/signature.rb', line 57

def signature_method
  at_xpath('./ds:SignedInfo/ds:SignatureMethod/@Algorithm').try(:value)
end

#signature_value ⇒ Object

# File 'lib/saml/kit/signature.rb', line 53

def signature_value
  at_xpath('./ds:SignatureValue').try(:text)
end

#to_h ⇒ Object

Returns the XML Hash.

# File 'lib/saml/kit/signature.rb', line 79

def to_h
  @to_h ||= present? ? Hash.from_xml(to_xml)['Signature'] : {}
end

#to_s ⇒ Object

# File 'lib/saml/kit/signature.rb', line 91

def to_s
  node.to_s
end

#to_xml(pretty: nil) ⇒ Object

# File 'lib/saml/kit/signature.rb', line 87

def to_xml(pretty: nil)
  pretty ? node.to_xml(indent: 2) : to_s
end

#transforms ⇒ Object

# File 'lib/saml/kit/signature.rb', line 66

def transforms
  xpath = xpath_for([
    '.',
    'ds:SignedInfo',
    'ds:Reference',
    'ds:Transforms',
    'ds:Transform',
    '@Algorithm',
  ])
  node.search(xpath, Saml::Kit::Document::NAMESPACES).try(:map, &:value)
end

#trusted?(metadata) ⇒ Boolean

Returns true when the fingerprint of the certificate matches one of the certificates registered in the metadata.

Returns:

• (Boolean)

# File 'lib/saml/kit/signature.rb', line 32

def trusted?(metadata)
  return false if metadata.nil?
  metadata.matches?(certificate.fingerprint, use: :signing).present?
end