func (ar *AuthnRequest) PopulateFromXML(n types.Node) error {
if err := ar.Request.PopulateFromXML(n); err != nil {
return err
}
xpc, err := xpath.NewContext(n)
if err != nil {
return errors.New("failed to create xpath context: " + err.Error())
}
if err := xpc.RegisterNS(ns.SAML.Prefix, ns.SAML.URI); err != nil {
return errors.New("failed to register namespace for xpath context: " + err.Error())
}
ar.ProviderName = xpath.String(xpc.Find("@ProviderName"))
// Check if we have a proper ProtocolBinding
switch proto := binding.Protocol(xpath.String(xpc.Find("@ProtocolBinding"))); proto {
case binding.HTTPPost, binding.HTTPRedirect:
ar.ProtocolBinding = proto
default:
return errors.New("invalid protocol binding")
}
ar.AssertionConsumerServiceURL = xpath.String(xpc.Find("@AssertionConsumerServiceURL"))
if node := xpath.NodeList(xpc.Find("NameIDPolicy")).First(); node != nil {
nip := &NameIDPolicy{}
if err := nip.PopulateFromXML(node.(types.Element)); err != nil {
return err
}
ar.NameIDPolicy = nip
}
return nil
}
// makeXPC wraps a node and creates an XPathContext that has all of the
// required namespaces registered to handle SAML node parsing
func makeXPathContext(n types.Node) (*xpath.Context, error) {
xpc, err := xpath.NewContext(n)
if err != nil {
return nil, errors.New("failed to create xpath context: " + err.Error())
}
if err := xpc.RegisterNS(ns.SAML.Prefix, ns.SAML.URI); err != nil {
return nil, errors.New("failed to register namespace for xpath context: " + err.Error())
}
return xpc, nil
}
func (v *SignatureVerify) Verify(buf []byte) error {
p := parser.New(parser.XMLParseDTDLoad | parser.XMLParseDTDAttr | parser.XMLParseNoEnt)
doc, err := p.Parse(buf)
if err != nil {
return err
}
defer doc.Free()
mngr, err := crypto.NewKeyManager()
if err != nil {
return err
}
defer mngr.Free()
ctx, err := NewCtx(mngr)
if err != nil {
return err
}
defer ctx.Free()
root, err := doc.DocumentElement()
if err != nil {
return err
}
signode, err := clib.FindSignatureNode(root)
if err != nil {
return err
}
// Create a key manager, load keys from KeyInfo
prefix, err := signode.LookupNamespacePrefix(xmlsec.DSigNs)
if err != nil {
return err
}
if prefix == "" {
prefix = xmlsec.Prefix
}
xpc, err := xpath.NewContext(signode)
if err != nil {
return err
}
xpc.RegisterNS(prefix, xmlsec.Prefix)
iter := xpath.NodeIter(xpc.Find("//" + prefix + ":KeyInfo"))
for iter.Next() {
n := iter.Node()
if err := mngr.GetKey(n); err != nil {
return err
}
}
if key := v.key; key != nil {
cpy, err := key.Copy()
if err != nil {
return err
}
if err := ctx.SetKey(cpy); err != nil {
return err
}
}
return ctx.Verify(doc)
}
