Class: Saml::Kit::Signature

Inherits:
Object
  • Object
show all
Includes:
ActiveModel::Validations, Translatable
Defined in:
lib/saml/kit/signature.rb

Overview

This class is responsible for validating an xml digital signature in an xml document.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(node) ⇒ Signature


17
18
19
20
# File 'lib/saml/kit/signature.rb', line 17

def initialize(node)
  @name = 'Signature'
  @node = node
end

Instance Attribute Details

#nameObject (readonly)

Returns the value of attribute name


15
16
17
# File 'lib/saml/kit/signature.rb', line 15

def name
  @name
end

Instance Method Details

#canonicalization_methodObject


63
64
65
66
# File 'lib/saml/kit/signature.rb', line 63

def canonicalization_method
  xpath = './ds:SignedInfo/ds:CanonicalizationMethod/@Algorithm'
  at_xpath(xpath).try(:value)
end

#certificateObject

Returns the embedded X509 Certificate


23
24
25
26
27
28
29
# File 'lib/saml/kit/signature.rb', line 23

def certificate
  xpath = './ds:KeyInfo/ds:X509Data/ds:X509Certificate'
  value = at_xpath(xpath).try(:text)
  return if value.nil?

  ::Xml::Kit::Certificate.new(value, use: :signing)
end

#digest_methodObject


50
51
52
53
# File 'lib/saml/kit/signature.rb', line 50

def digest_method
  xpath = './ds:SignedInfo/ds:Reference/ds:DigestMethod/@Algorithm'
  at_xpath(xpath).try(:value)
end

#digest_valueObject


39
40
41
# File 'lib/saml/kit/signature.rb', line 39

def digest_value
  at_xpath('./ds:SignedInfo/ds:Reference/ds:DigestValue').try(:text)
end

#expected_digest_valueObject


43
44
45
46
47
48
# File 'lib/saml/kit/signature.rb', line 43

def expected_digest_value
  digests = dsignature.references.map do |xxx|
    Base64.encode64(xxx.calculate_digest_value).chomp
  end
  digests.count > 1 ? digests : digests[0]
end

#present?Boolean


85
86
87
# File 'lib/saml/kit/signature.rb', line 85

def present?
  node.present?
end

#signature_methodObject


59
60
61
# File 'lib/saml/kit/signature.rb', line 59

def signature_method
  at_xpath('./ds:SignedInfo/ds:SignatureMethod/@Algorithm').try(:value)
end

#signature_valueObject


55
56
57
# File 'lib/saml/kit/signature.rb', line 55

def signature_value
  at_xpath('./ds:SignatureValue').try(:text)
end

#to_hObject

Returns the XML Hash.


81
82
83
# File 'lib/saml/kit/signature.rb', line 81

def to_h
  @to_h ||= present? ? Hash.from_xml(to_xml)['Signature'] : {}
end

#to_sObject


93
94
95
# File 'lib/saml/kit/signature.rb', line 93

def to_s
  node.to_s
end

#to_xml(pretty: nil) ⇒ Object


89
90
91
# File 'lib/saml/kit/signature.rb', line 89

def to_xml(pretty: nil)
  pretty ? node.to_xml(indent: 2) : to_s
end

#transformsObject


68
69
70
71
72
73
74
75
76
77
78
# File 'lib/saml/kit/signature.rb', line 68

def transforms
  xpath = xpath_for([
    '.',
    'ds:SignedInfo',
    'ds:Reference',
    'ds:Transforms',
    'ds:Transform',
    '@Algorithm',
  ])
  node.search(xpath, Saml::Kit::Document::NAMESPACES).try(:map, &:value)
end

#trusted?(metadata) ⇒ Boolean

Returns true when the fingerprint of the certificate matches one of the certificates registered in the metadata.


33
34
35
36
37
# File 'lib/saml/kit/signature.rb', line 33

def trusted?()
  return false if .nil?

  .matches?(certificate.fingerprint, use: :signing).present?
end