Class: WSDL::Security::Verifier::ElementPositionValidator
- Defined in:
- lib/wsdl/security/verifier/element_position_validator.rb
Overview
Validates that signed elements are in their expected structural positions.
This validator implements W3C XML Signature Best Practice 14: "When checking a reference URI, don't just check the name of the element. Check both the name and position of the element."
Different elements have different expected locations in a SOAP message:
- Body must be a direct child of Envelope
- Timestamp must be within the Security header
- WS-Addressing headers must be within the SOAP Header
Constant Summary collapse
- KNOWN_SECURITY_ELEMENTS =
Known security elements that legitimately live in the Security header.
%w[ Timestamp BinarySecurityToken UsernameToken Signature SecurityTokenReference ].freeze
Constants inherited from Base
Base::SOAPNS, Base::SOAP_NAMESPACES, Base::SecurityNS, Base::SignatureNS
Instance Attribute Summary
Attributes inherited from Base
Instance Method Summary collapse
-
#initialize(element) ⇒ ElementPositionValidator
constructor
Creates a new element position validator.
-
#valid? ⇒ Boolean
Validates the element is in its expected structural position.
Constructor Details
#initialize(element) ⇒ ElementPositionValidator
Creates a new element position validator.
42 43 44 45 |
# File 'lib/wsdl/security/verifier/element_position_validator.rb', line 42 def initialize(element) super() @element = element end |
Instance Method Details
#valid? ⇒ Boolean
Validates the element is in its expected structural position.
50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/wsdl/security/verifier/element_position_validator.rb', line 50 def valid? case @element.name when 'Body' body_position_valid? when 'Timestamp' when *Constants::WS_ADDRESSING_HEADERS addressing_header_position_valid? else general_position_valid? end end |