func (ar *AuthnRequest) PopulateFromXML(n types.Node) error { if err := ar.Request.PopulateFromXML(n); err != nil { return err } xpc, err := xpath.NewContext(n) if err != nil { return errors.New("failed to create xpath context: " + err.Error()) } if err := xpc.RegisterNS(ns.SAML.Prefix, ns.SAML.URI); err != nil { return errors.New("failed to register namespace for xpath context: " + err.Error()) } ar.ProviderName = xpath.String(xpc.Find("@ProviderName")) // Check if we have a proper ProtocolBinding switch proto := binding.Protocol(xpath.String(xpc.Find("@ProtocolBinding"))); proto { case binding.HTTPPost, binding.HTTPRedirect: ar.ProtocolBinding = proto default: return errors.New("invalid protocol binding") } ar.AssertionConsumerServiceURL = xpath.String(xpc.Find("@AssertionConsumerServiceURL")) if node := xpath.NodeList(xpc.Find("NameIDPolicy")).First(); node != nil { nip := &NameIDPolicy{} if err := nip.PopulateFromXML(node.(types.Element)); err != nil { return err } ar.NameIDPolicy = nip } return nil }
// makeXPC wraps a node and creates an XPathContext that has all of the // required namespaces registered to handle SAML node parsing func makeXPathContext(n types.Node) (*xpath.Context, error) { xpc, err := xpath.NewContext(n) if err != nil { return nil, errors.New("failed to create xpath context: " + err.Error()) } if err := xpc.RegisterNS(ns.SAML.Prefix, ns.SAML.URI); err != nil { return nil, errors.New("failed to register namespace for xpath context: " + err.Error()) } return xpc, nil }
func (v *SignatureVerify) Verify(buf []byte) error { p := parser.New(parser.XMLParseDTDLoad | parser.XMLParseDTDAttr | parser.XMLParseNoEnt) doc, err := p.Parse(buf) if err != nil { return err } defer doc.Free() mngr, err := crypto.NewKeyManager() if err != nil { return err } defer mngr.Free() ctx, err := NewCtx(mngr) if err != nil { return err } defer ctx.Free() root, err := doc.DocumentElement() if err != nil { return err } signode, err := clib.FindSignatureNode(root) if err != nil { return err } // Create a key manager, load keys from KeyInfo prefix, err := signode.LookupNamespacePrefix(xmlsec.DSigNs) if err != nil { return err } if prefix == "" { prefix = xmlsec.Prefix } xpc, err := xpath.NewContext(signode) if err != nil { return err } xpc.RegisterNS(prefix, xmlsec.Prefix) iter := xpath.NodeIter(xpc.Find("//" + prefix + ":KeyInfo")) for iter.Next() { n := iter.Node() if err := mngr.GetKey(n); err != nil { return err } } if key := v.key; key != nil { cpy, err := key.Copy() if err != nil { return err } if err := ctx.SetKey(cpy); err != nil { return err } } return ctx.Verify(doc) }