Class: XMLSecurity::BaseDocument

Inherits:
REXML::Document
  • Object
show all
Defined in:
lib/xml_security.rb

Direct Known Subclasses

Document, SignedDocument

Constant Summary collapse

C14N = 
"http://www.w3.org/2001/10/xml-exc-c14n#"
DSIG = 
"http://www.w3.org/2000/09/xmldsig#"
NOKOGIRI_OPTIONS = 
Nokogiri::XML::ParseOptions::STRICT |
Nokogiri::XML::ParseOptions::NONET

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.safe_load_xml(document, check_malformed_doc = true) ⇒ Nokogiri::XML

Safety load the SAML Message XML

Parameters:

  • document (REXML::Document)

    The message to be loaded

  • check_malformed_doc (Boolean) (defaults to: true)

    check_malformed_doc Enable or Disable the check for malformed XML

Returns:

  • (Nokogiri::XML)

    The nokogiri document

Raises:

  • (ValidationError)

    If there was a problem loading the SAML Message XML



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/xml_security.rb', line 50

def self.safe_load_xml(document, check_malformed_doc = true)
  doc_str = document.to_s
  if doc_str.include?("<!DOCTYPE")
   raise StandardError.new("Dangerous XML detected. No Doctype nodes allowed")
  end

  begin
    xml = Nokogiri::XML(doc_str) do |config|
      config.options = self::NOKOGIRI_OPTIONS
    end
  rescue StandardError => error
    raise StandardError.new(error.message)
  end

  if xml.internal_subset
    raise StandardError.new("Dangerous XML detected. No Doctype nodes allowed")
  end

  unless xml.errors.empty?
    raise StandardError.new("There were XML errors when parsing: #{xml.errors}") if check_malformed_doc
  end

  xml
end

Instance Method Details

#algorithm(element) ⇒ Object 



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/xml_security.rb', line 93

def algorithm(element)
  algorithm = element
  if algorithm.is_a?(REXML::Element)
    algorithm = element.attribute("Algorithm").value
  end

  algorithm = algorithm && algorithm =~ /(rsa-)?sha(.*?)$/i && $2.to_i

  case algorithm
  when 256 then OpenSSL::Digest::SHA256
  when 384 then OpenSSL::Digest::SHA384
  when 512 then OpenSSL::Digest::SHA512
  else
    OpenSSL::Digest::SHA1
  end
end

#canon_algorithm(element) ⇒ Object 



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/xml_security.rb', line 75

def canon_algorithm(element)
  algorithm = element
  if algorithm.is_a?(REXML::Element)
    algorithm = element.attribute('Algorithm').value
  end

  case algorithm
    when "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
         "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
      Nokogiri::XML::XML_C14N_1_0
    when "http://www.w3.org/2006/12/xml-c14n11",
         "http://www.w3.org/2006/12/xml-c14n11#WithComments"
      Nokogiri::XML::XML_C14N_1_1
    else
      Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
  end
end