lib/saml/kit/signature.rb in saml-kit-1.0.8 vs lib/saml/kit/signature.rb in saml-kit-1.0.9
- old
+ new
@@ -29,10 +29,17 @@
def digest_value
at_xpath('./ds:SignedInfo/ds:Reference/ds:DigestValue').try(:text)
end
+ def expected_digest_value
+ digests = dsignature.references.map do |x|
+ Base64.encode64(x.calculate_digest_value).chomp
+ end
+ digests.count > 1 ? digests : digests[0]
+ end
+
def digest_method
at_xpath('./ds:SignedInfo/ds:Reference/ds:DigestMethod/@Algorithm').try(:value)
end
def signature_value
@@ -67,15 +74,14 @@
private
attr_reader :node
def validate_signature
- return errors[:base].push(error_message(:empty)) if certificate.nil?
+ return errors.add(:base, error_message(:empty)) if certificate.nil?
+ return if dsignature.valid?(certificate.x509)
- signature = Xmldsig::Signature.new(@node, 'ID=$uri or @Id')
- return if signature.valid?(certificate.x509)
- signature.errors.each do |attribute|
+ dsignature.errors.each do |attribute|
errors.add(attribute, error_message(attribute))
end
end
def validate_certificate(now = Time.now.utc)
@@ -91,9 +97,13 @@
end
def at_xpath(xpath)
return nil unless node
node.at_xpath(xpath, Saml::Kit::Document::NAMESPACES)
+ end
+
+ def dsignature
+ @dsignature ||= Xmldsig::Signature.new(node, 'ID=$uri or @Id')
end
end
end
end