Class: Akami::WSSE::VerifySignature
- Inherits:
-
Object
- Object
- Akami::WSSE::VerifySignature
- Includes:
- C14nHelper
- Defined in:
- lib/akami/wsse/verify_signature.rb
Overview
Validating WSSE signed messages.
Defined Under Namespace
Classes: InvalidDigest, InvalidSignedValue
Instance Attribute Summary collapse
-
#document ⇒ Object
readonly
Returns the value of attribute document.
-
#namespaces ⇒ Object
Returns XML namespaces that are used internally for document querying.
Instance Method Summary collapse
-
#certificate ⇒ Object
Returns signer’s certificate, bundled in signed document.
-
#digesters ⇒ Object
Returns a hash with currently initialized digesters.
-
#initialize(xml) ⇒ VerifySignature
constructor
A new instance of VerifySignature.
-
#valid? ⇒ Boolean
Validates document signature, returns
true
on success,false
otherwise. -
#verify! ⇒ Object
Validates document signature and digests and raises if anything mismatches.
Methods included from C14nHelper
Constructor Details
#initialize(xml) ⇒ VerifySignature
Returns a new instance of VerifySignature.
17 18 19 |
# File 'lib/akami/wsse/verify_signature.rb', line 17 def initialize(xml) @document = Nokogiri::XML(xml.to_s, &:noblanks) end |
Instance Attribute Details
#document ⇒ Object (readonly)
Returns the value of attribute document.
15 16 17 |
# File 'lib/akami/wsse/verify_signature.rb', line 15 def document @document end |
#namespaces ⇒ Object
Returns XML namespaces that are used internally for document querying.
22 23 24 25 26 27 28 |
# File 'lib/akami/wsse/verify_signature.rb', line 22 def namespaces @namespaces ||= { wse: Akami::WSSE::WSE_NAMESPACE, ds: 'http://www.w3.org/2000/09/xmldsig#', wsu: Akami::WSSE::WSU_NAMESPACE, } end |
Instance Method Details
#certificate ⇒ Object
Returns signer’s certificate, bundled in signed document
34 35 36 37 |
# File 'lib/akami/wsse/verify_signature.rb', line 34 def certificate certificate_value = document.at_xpath('//wse:Security/wse:BinarySecurityToken', namespaces).text.strip OpenSSL::X509::Certificate.new Base64.decode64(certificate_value) end |
#digesters ⇒ Object
Returns a hash with currently initialized digesters.
Will be empty after initialization, and will contain used algorithms after verification.
May be used to insert additional digesters, not supported out of the box, for example:
digesters['http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'] = OpenSSL::Digest::SHA512.new
61 62 63 |
# File 'lib/akami/wsse/verify_signature.rb', line 61 def digesters @digesters end |
#valid? ⇒ Boolean
Validates document signature, returns true
on success, false
otherwise.
40 41 42 43 44 |
# File 'lib/akami/wsse/verify_signature.rb', line 40 def valid? verify rescue InvalidDigest, InvalidSignedValue return false end |
#verify! ⇒ Object
Validates document signature and digests and raises if anything mismatches.
47 48 49 50 51 |
# File 'lib/akami/wsse/verify_signature.rb', line 47 def verify! verify rescue InvalidDigest, InvalidSignedValue => e raise InvalidSignature, e. end |