def self.verify(xml, signature_value)
doc = REXML::Document.new(xml)
return nil if REXML::XPath.first(doc, "//ds:Signature").nil? and signature_value.nil?
decoded_sig = Base64.decode64(signature_value)
certs = self.parse_certificates(doc)
raise "No signature in document" if certs.nil? or certs.empty?
raise "Missing signature value" if signature_value.nil?
signing_certificate = certs.first
raise "Invalid signature" if !signing_certificate.public_key.verify(OpenSSL::Digest::SHA1.new, decoded_sig, xml)
raise "Certificate chain not valid" if !self.valid_chain?(certs)
subject = signing_certificate.subject.to_a
signed_by = subject.last[1]
return signed_by
end