Пример #1
0
func (ar *AuthnRequest) PopulateFromXML(n types.Node) error {
	if err := ar.Request.PopulateFromXML(n); err != nil {
		return err
	}

	xpc, err := xpath.NewContext(n)
	if err != nil {
		return errors.New("failed to create xpath context: " + err.Error())
	}

	if err := xpc.RegisterNS(ns.SAML.Prefix, ns.SAML.URI); err != nil {
		return errors.New("failed to register namespace for xpath context: " + err.Error())
	}

	ar.ProviderName = xpath.String(xpc.Find("@ProviderName"))
	// Check if we have a proper ProtocolBinding
	switch proto := binding.Protocol(xpath.String(xpc.Find("@ProtocolBinding"))); proto {
	case binding.HTTPPost, binding.HTTPRedirect:
		ar.ProtocolBinding = proto
	default:
		return errors.New("invalid protocol binding")
	}

	ar.AssertionConsumerServiceURL = xpath.String(xpc.Find("@AssertionConsumerServiceURL"))
	if node := xpath.NodeList(xpc.Find("NameIDPolicy")).First(); node != nil {
		nip := &NameIDPolicy{}
		if err := nip.PopulateFromXML(node.(types.Element)); err != nil {
			return err
		}
		ar.NameIDPolicy = nip
	}

	return nil
}
Пример #2
0
// makeXPC wraps a node and creates an XPathContext that has all of the
// required namespaces registered to handle SAML node parsing
func makeXPathContext(n types.Node) (*xpath.Context, error) {
	xpc, err := xpath.NewContext(n)
	if err != nil {
		return nil, errors.New("failed to create xpath context: " + err.Error())
	}

	if err := xpc.RegisterNS(ns.SAML.Prefix, ns.SAML.URI); err != nil {
		return nil, errors.New("failed to register namespace for xpath context: " + err.Error())
	}
	return xpc, nil
}
Пример #3
0
func (v *SignatureVerify) Verify(buf []byte) error {
	p := parser.New(parser.XMLParseDTDLoad | parser.XMLParseDTDAttr | parser.XMLParseNoEnt)
	doc, err := p.Parse(buf)
	if err != nil {
		return err
	}
	defer doc.Free()

	mngr, err := crypto.NewKeyManager()
	if err != nil {
		return err
	}
	defer mngr.Free()

	ctx, err := NewCtx(mngr)
	if err != nil {
		return err
	}
	defer ctx.Free()

	root, err := doc.DocumentElement()
	if err != nil {
		return err
	}
	signode, err := clib.FindSignatureNode(root)
	if err != nil {
		return err
	}

	// Create a key manager, load keys from KeyInfo
	prefix, err := signode.LookupNamespacePrefix(xmlsec.DSigNs)
	if err != nil {
		return err
	}
	if prefix == "" {
		prefix = xmlsec.Prefix
	}

	xpc, err := xpath.NewContext(signode)
	if err != nil {
		return err
	}

	xpc.RegisterNS(prefix, xmlsec.Prefix)

	iter := xpath.NodeIter(xpc.Find("//" + prefix + ":KeyInfo"))
	for iter.Next() {
		n := iter.Node()
		if err := mngr.GetKey(n); err != nil {
			return err
		}
	}

	if key := v.key; key != nil {
		cpy, err := key.Copy()
		if err != nil {
			return err
		}

		if err := ctx.SetKey(cpy); err != nil {
			return err
		}
	}

	return ctx.Verify(doc)
}