class Xmldsig::Signature

Attributes

signature[RW]

Public Class Methods

new(signature) click to toggle source
# File lib/xmldsig/signature.rb, line 5
def initialize(signature)
  @signature = signature
end

Public Instance Methods

certificate() click to toggle source
# File lib/xmldsig/signature.rb, line 41
def certificate
  x509_certificate
end
errors() click to toggle source
# File lib/xmldsig/signature.rb, line 23
def errors
  references.flat_map(&:errors) + @errors
end
references() click to toggle source
# File lib/xmldsig/signature.rb, line 27
def references
  @references ||= signature.xpath("descendant::ds:Reference", Xmldsig::NAMESPACES).map do |node|
    Reference.new(node)
  end
end
sign(private_key = nil, certificate =nil, &block) click to toggle source
# File lib/xmldsig/signature.rb, line 9
def sign(private_key = nil, certificate =nil, &block)
  references.each(&:sign)
  self.x509_certificate = certificate
  self.signature_value = calculate_signature_value(private_key, &block)
end
signature_value() click to toggle source
# File lib/xmldsig/signature.rb, line 33
def signature_value
  Base64.decode64 signature.at_xpath("descendant::ds:SignatureValue", Xmldsig::NAMESPACES).content
end
signed_info() click to toggle source
# File lib/xmldsig/signature.rb, line 37
def signed_info
  signature.at_xpath("descendant::ds:SignedInfo", Xmldsig::NAMESPACES)
end
valid?(certificate = nil, &block) click to toggle source
# File lib/xmldsig/signature.rb, line 15
def valid?(certificate = nil, &block)
  @errors = []
  references.each { |r| r.errors = [] }
  validate_digest_values
  validate_signature_value(certificate, &block)
  errors.empty?
end

Private Instance Methods

calculate_signature_value(private_key) { |canonicalized_signed_info, signature_algorithm| ... } click to toggle source
# File lib/xmldsig/signature.rb, line 54
def calculate_signature_value(private_key, &block)
  if private_key
    private_key.sign(signature_method.new, canonicalized_signed_info)
  else
    yield(canonicalized_signed_info, signature_algorithm)
  end
end
canonicalization_method() click to toggle source
# File lib/xmldsig/signature.rb, line 46
def canonicalization_method
  signed_info.at_xpath("descendant::ds:CanonicalizationMethod", Xmldsig::NAMESPACES).get_attribute("Algorithm")
end
canonicalized_signed_info() click to toggle source
# File lib/xmldsig/signature.rb, line 50
def canonicalized_signed_info
  Canonicalizer.new(signed_info, canonicalization_method).canonicalize
end
signature_algorithm() click to toggle source
# File lib/xmldsig/signature.rb, line 62
def signature_algorithm
  signed_info.at_xpath("descendant::ds:SignatureMethod", Xmldsig::NAMESPACES).get_attribute("Algorithm")
end
signature_method() click to toggle source
# File lib/xmldsig/signature.rb, line 66
def signature_method
  algorithm = signature_algorithm && signature_algorithm =~ /sha(.*?)$/i && $1.to_i
  case algorithm
    when 256 then
      OpenSSL::Digest::SHA256
    else
      OpenSSL::Digest::SHA1
  end
end
signature_value=(signature_value) click to toggle source
# File lib/xmldsig/signature.rb, line 76
def signature_value=(signature_value)
  signature.at_xpath("descendant::ds:SignatureValue", Xmldsig::NAMESPACES).content =
      Base64.encode64(signature_value).chomp
end
validate_digest_values() click to toggle source
# File lib/xmldsig/signature.rb, line 90
def validate_digest_values
  references.each(&:validate_digest_value)
end
validate_signature_value(certificate) { |signature_value, canonicalized_signed_info, signature_algorithm| ... } click to toggle source
# File lib/xmldsig/signature.rb, line 94
def validate_signature_value(certificate)
  signature_valid = if certificate
    certificate.public_key.verify(signature_method.new, signature_value, canonicalized_signed_info)
  else
    yield(signature_value, canonicalized_signed_info, signature_algorithm)
  end

  unless signature_valid
    @errors << :signature
  end
end
x509_certificate() click to toggle source
# File lib/xmldsig/signature.rb, line 86
def x509_certificate
  signature.at_xpath("descendant::ds:X509Certificate", Xmldsig::NAMESPACES).content
end
x509_certificate=(certificate) click to toggle source
# File lib/xmldsig/signature.rb, line 81
def x509_certificate=(certificate)
  signature.at_xpath("descendant::ds:X509Certificate", Xmldsig::NAMESPACES).content =
      certificate.to_s.gsub("-----BEGIN CERTIFICATE-----\n", '').gsub("\n-----END CERTIFICATE-----\n", '').gsub("\n", '')
end