Class: WSDL::Security::Verifier::SignatureValidator

Inherits:

Base

Object
Base
WSDL::Security::Verifier::SignatureValidator

show all

Defined in:: lib/wsdl/security/verifier/signature_validator.rb

Overview

Validates the cryptographic signature over the SignedInfo element.

This validator performs the final cryptographic verification step:

Canonicalizes the ds:SignedInfo element using the specified algorithm
Decodes the ds:SignatureValue
Verifies the signature using the certificate's public key

This should be called after all reference digests have been verified, as the SignedInfo contains the digest values being authenticated.

Examples:

Validating a signature

validator = SignatureValidator.new(signature_node, certificate)
if validator.valid?
  puts "Signature cryptographically valid"
else
  puts validator.errors
end

Constant Summary

Constants inherited from Base

Base::SOAPNS, Base::SOAP_NAMESPACES, Base::SecurityNS, Base::SignatureNS

Instance Attribute Summary

Attributes inherited from Base

#errors

Instance Method Summary collapse

#canonicalization_algorithm ⇒ String^?
Returns the canonicalization algorithm URI.
#initialize(signature_node, certificate) ⇒ SignatureValidator constructor
Creates a new signature validator.
#signature_algorithm ⇒ String^?
Returns the signature algorithm URI.
#valid? ⇒ Boolean
Validates the cryptographic signature.

Constructor Details

#initialize(signature_node, certificate) ⇒ `SignatureValidator`

Creates a new signature validator.

Parameters:

signature_node (Nokogiri::XML::Element) —
the ds:Signature element
certificate (OpenSSL::X509::Certificate) —
the certificate for verification

# File 'lib/wsdl/security/verifier/signature_validator.rb', line 37

def initialize(signature_node, certificate)
  super()
  @signature_node = signature_node
  @certificate = certificate
end

Instance Method Details

#canonicalization_algorithm ⇒ `String`^?

Returns the canonicalization algorithm URI.

Returns:

(String, nil) —
the algorithm URI



63
64
65

# File 'lib/wsdl/security/verifier/signature_validator.rb', line 63

def canonicalization_algorithm
  signed_info_node&.at_xpath('ds:CanonicalizationMethod/@Algorithm', ns)&.value
end

#signature_algorithm ⇒ `String`^?

Returns the signature algorithm URI.

Returns:

(String, nil) —
the algorithm URI



56
57
58

# File 'lib/wsdl/security/verifier/signature_validator.rb', line 56

def signature_algorithm
  signed_info_node&.at_xpath('ds:SignatureMethod/@Algorithm', ns)&.value
end

#valid? ⇒ `Boolean`

Validates the cryptographic signature.

Returns:

(Boolean) —
true if signature is cryptographically valid

# File 'lib/wsdl/security/verifier/signature_validator.rb', line 46

def valid?
  return add_failure('SignedInfo not found') unless signed_info_node
  return add_failure('SignatureValue not found') unless signature_value_node

  verify_signature
end

Class: WSDL::Security::Verifier::SignatureValidator

Overview

Examples:

Validating a signature

Constant Summary

Constants inherited from Base

Instance Attribute Summary

Attributes inherited from Base

Instance Method Summary collapse

Constructor Details

#initialize(signature_node, certificate) ⇒ SignatureValidator

Instance Method Details

#canonicalization_algorithm ⇒ String?

#signature_algorithm ⇒ String?

#valid? ⇒ Boolean

#initialize(signature_node, certificate) ⇒ `SignatureValidator`

#canonicalization_algorithm ⇒ `String`^?

#signature_algorithm ⇒ `String`^?

#valid? ⇒ `Boolean`