Class: WSDL::Security::Verifier::StructureValidator

Inherits:

Base

Object
Base
WSDL::Security::Verifier::StructureValidator

show all

Defined in:: lib/wsdl/security/verifier/structure_validator.rb

Overview

Validates SOAP document structure to prevent XML Signature Wrapping (XSW) attacks.

This validator implements structural checks recommended by the W3C XML Signature Best Practices specification. These checks run before expensive cryptographic operations to catch attacks early.

== Protections

Duplicate ID Detection — Rejects documents with duplicate wsu:Id, Id, or xml:id attributes, preventing attackers from injecting elements with the same ID as signed elements.
Signature Location Validation — Ensures the ds:Signature element is within the wsse:Security header as required by WS-Security SOAP Message Security specification.

Examples:

Basic usage

validator = StructureValidator.new(document)
if validator.valid?
  # Document structure is safe, proceed with crypto verification
else
  puts validator.errors
end

Constant Summary

Constants inherited from Base

Base::SOAPNS, Base::SOAP_NAMESPACES, Base::SecurityNS, Base::SignatureNS

Instance Attribute Summary

Attributes inherited from Base

#errors

Instance Method Summary collapse

#initialize(document) ⇒ StructureValidator constructor
Creates a new structure validator.
#security_node ⇒ Nokogiri::XML::Element^?
Returns the security header node.
#signature_node ⇒ Nokogiri::XML::Element^?
Returns the signature node.
#signature_present? ⇒ Boolean
Returns whether a signature is present in the document.
#valid? ⇒ Boolean
Validates the document structure for XSW attack indicators.

Constructor Details

#initialize(document) ⇒ `StructureValidator`

Creates a new structure validator.

Parameters:

document (Nokogiri::XML::Document) —
the SOAP document to validate

# File 'lib/wsdl/security/verifier/structure_validator.rb', line 38

def initialize(document)
  super()
  @document = document
end

Instance Method Details

#security_node ⇒ `Nokogiri::XML::Element`^?

Returns the security header node.

Returns:

(Nokogiri::XML::Element, nil) —
the wsse:Security element



71
72
73

# File 'lib/wsdl/security/verifier/structure_validator.rb', line 71

def security_node
  @security_node ||= @document.at_xpath('//wsse:Security', ns)
end

#signature_node ⇒ `Nokogiri::XML::Element`^?

Returns the signature node.

Returns:

(Nokogiri::XML::Element, nil) —
the ds:Signature element



64
65
66

# File 'lib/wsdl/security/verifier/structure_validator.rb', line 64

def signature_node
  @signature_node ||= @document.at_xpath('//ds:Signature', ns)
end

#signature_present? ⇒ `Boolean`

Returns whether a signature is present in the document.

Returns:

(Boolean) —
true if a ds:Signature element exists



57
58
59

# File 'lib/wsdl/security/verifier/structure_validator.rb', line 57

def signature_present?
  !signature_node.nil?
end

#valid? ⇒ `Boolean`

Validates the document structure for XSW attack indicators.

Returns:

(Boolean) —
true if structure is valid

# File 'lib/wsdl/security/verifier/structure_validator.rb', line 46

def valid?
  return add_failure('No signature found in document') unless signature_present?
  return false unless no_duplicate_ids?
  return false unless signature_in_security_header?

  true
end

Class: WSDL::Security::Verifier::StructureValidator

Overview

Examples:

Basic usage

Constant Summary

Constants inherited from Base

Instance Attribute Summary

Attributes inherited from Base

Instance Method Summary collapse

Constructor Details

#initialize(document) ⇒ StructureValidator

Instance Method Details

#security_node ⇒ Nokogiri::XML::Element?

#signature_node ⇒ Nokogiri::XML::Element?

#signature_present? ⇒ Boolean

#valid? ⇒ Boolean

#initialize(document) ⇒ `StructureValidator`

#security_node ⇒ `Nokogiri::XML::Element`^?

#signature_node ⇒ `Nokogiri::XML::Element`^?

#signature_present? ⇒ `Boolean`

#valid? ⇒ `Boolean`