Class: Akami::WSSE::VerifySignature

Inherits:
Object
  • Object
show all
Includes:
C14nHelper
Defined in:
lib/akami/wsse/verify_signature.rb

Overview

Validating WSSE signed messages.

Defined Under Namespace

Classes: InvalidDigest, InvalidSignedValue

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from C14nHelper

#canonicalize

Constructor Details

#initialize(xml) ⇒ VerifySignature

Returns a new instance of VerifySignature.



17
18
19
# File 'lib/akami/wsse/verify_signature.rb', line 17

def initialize(xml)
  @document = Nokogiri::XML(xml.to_s, &:noblanks)
end

Instance Attribute Details

#documentObject (readonly)

Returns the value of attribute document.



15
16
17
# File 'lib/akami/wsse/verify_signature.rb', line 15

def document
  @document
end

#namespacesObject

Returns XML namespaces that are used internally for document querying.



22
23
24
25
26
27
28
# File 'lib/akami/wsse/verify_signature.rb', line 22

def namespaces
  @namespaces ||= {
    wse: Akami::WSSE::WSE_NAMESPACE,
    ds:  'http://www.w3.org/2000/09/xmldsig#',
    wsu: Akami::WSSE::WSU_NAMESPACE,
  }
end

Instance Method Details

#certificateObject

Returns signer’s certificate, bundled in signed document



34
35
36
37
# File 'lib/akami/wsse/verify_signature.rb', line 34

def certificate
  certificate_value = document.at_xpath('//wse:Security/wse:BinarySecurityToken', namespaces).text.strip
  OpenSSL::X509::Certificate.new Base64.decode64(certificate_value)
end

#digestersObject

Returns a hash with currently initialized digesters.

Will be empty after initialization, and will contain used algorithms after verification.

May be used to insert additional digesters, not supported out of the box, for example:

digesters['http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'] = OpenSSL::Digest::SHA512.new


61
62
63
# File 'lib/akami/wsse/verify_signature.rb', line 61

def digesters
  @digesters
end

#valid?Boolean

Validates document signature, returns true on success, false otherwise.

Returns:

  • (Boolean)


40
41
42
43
44
# File 'lib/akami/wsse/verify_signature.rb', line 40

def valid?
  verify
rescue InvalidDigest, InvalidSignedValue
  return false
end

#verify!Object

Validates document signature and digests and raises if anything mismatches.



47
48
49
50
51
# File 'lib/akami/wsse/verify_signature.rb', line 47

def verify!
  verify
rescue InvalidDigest, InvalidSignedValue => e
  raise InvalidSignature, e.message
end