NAME
XML::Compile::WSS::Signature - WSS Signatures
INHERITANCE
XML::Compile::WSS::Signature
is a XML::Compile::WSSSYNOPSIS
WARNING: Only limited real-life experience. Many optional extensions have never been tried.
# You may need a few constants
use XML::Compile::WSS::Util qw/:dsig/;
use XML::Compile::C14N::Util qw/:c14n/;
# This modules van be used "stand-alone" ...
my $schema = XML::Compile::Cache->new(...);
my $sig = XML::Compile::WSS::Signature->new
(sign_method => DSIG_RSA_SHA1, ...);
# ... or as SOAP slave (strict order of object creation!)
my $wss = XML::Compile::SOAP::WSS->new;
my $wsdl = XML::Compile::WSDL11->new($wsdlfn);
my $sig = $wss->signature(sign_method => ...);DESCRIPTION
The generic Web Service Security protocol is implemented by the super class XML::Compile::WSS. This extension implements cypto signatures.
On this moment, there are two versions of this standard:
http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
http://www.w3.org/TR/xmldsig-core2/
One or more elements of a (SOAP) document can be selected to be signed. They are canonalized (serialized in a well-described way) and then digested (usually via SHA1). The digest is put in a SignedInfo component of the Signature element in the Security header. When all digests are in place, the whole SignedInfo structure gets signed.
Extends "DESCRIPTION" in XML::Compile::WSS.
Limitations
Many companies use their own selection from a large the pile of standards for this feature. Some of the resulting limitations are known by the author:
digests
Only digest algorithms which are provided via the Digest module are supported for the elements to be signed. (But that's quite a lot)
signatures
Only a limited subset of signing (algorithm, hash) combinations are supported. Lower on this page, you find details about each of the provided signing implementations.
METHODS
Extends "METHODS" in XML::Compile::WSS.
Constructors
Extends "Constructors" in XML::Compile::WSS.
- XML::Compile::WSS::Signature->new(%options)
-
The %options you provide here, will will passed to various objects which are created automatially. But you may also give pre-instantiated objects, for instance when you decide to use your own extension on a certain spot.
-Option --Defined in --Default checker undef key_info {} prepare XML::Compile::WSS 'ALL' remote_token undef schema XML::Compile::WSS undef sign_types <required> signed_info {} signer DSIG_RSA_SHA1 token <depends on sign_method> version XML::Compile::WSS undef wss_version XML::Compile::WSS '1.1'- checker => OBJECT|HASH|TYPE
-
The signer object with server information, anything what is accepted by XML::Compile::WSS::Sign::fromConfig(). When provided, we do not need to collect the information from the incoming messages.
- key_info => HASH
- prepare => 'READER'|'WRITER'|'ALL'|'NONE'
- remote_token => OBJECT|HASH|FILENAME
-
To defend against man-in-the-middle attacks, you need to specify the server's public key. When specified, that key will be used to verify the signature, not the one listed in the XML response.
Only when this
remote_tokenis specified, we will require the signature. Otherwise, the check of the signature will only be performed when a Signature is available in the Security header. - schema => an XML::Compile::Cache object
- sign_types => ARRAY
-
Specify the types of elements which need to be signed. If you have more elements of the same type, they will all get signed.
- signed_info => HASH
-
Settings for the SignedInfo structure. Read XML::Compile::WSS::SignedInfo::new()
- signer => OBJECT|HASH|TYPE
-
The client-side signer object, anything what is accepted by XML::Compile::WSS::Sign::fromConfig().
- token => OBJECT|HASH|FILENAME
-
The token, anything which is accepted by XML::Compile::WSS::SecToken::fromConfig(). This contains at least the public information.
- version => STRING
- wss_version => '1.1'|MODULE
Attributes
Extends "Attributes" in XML::Compile::WSS.
- $obj->keyInfo()
- $obj->schema()
-
Inherited, see "Attributes" in XML::Compile::WSS
- $obj->signedInfo()
- $obj->signer()
- $obj->wssVersion()
-
Inherited, see "Attributes" in XML::Compile::WSS
Security Tokens
To prove the signature, there usually is some security token. This token may (or may not) be included in the SOAP message itself.
- $obj->remoteToken()
-
Returns the security token of the server, which is an XML::Compile::WSS::SecToken object. Either, this token is provided by new(remote_token), to taken from the first message.
- $obj->token()
-
Returns the security token, which is an XML::Compile::WSS::SecToken object.
Apply
Extends "Apply" in XML::Compile::WSS.
- $obj->check($security)
-
Inherited, see "Apply" in XML::Compile::WSS
- $obj->create($doc, $security, $data)
-
Inherited, see "Apply" in XML::Compile::WSS
Helpers
Extends "Helpers" in XML::Compile::WSS.
- $obj->dateTime($time|$string|HASH)
-
Inherited, see "Helpers" in XML::Compile::WSS
Internals
Extends "Internals" in XML::Compile::WSS.
- $obj->loadSchemas($schema, $version)
- XML::Compile::WSS::Signature->loadSchemas($schema, $version)
-
Inherited, see "Internals" in XML::Compile::WSS
- $obj->writerHookWsuId($type)
-
Inherited, see "Internals" in XML::Compile::WSS
DETAILS
Extends "DETAILS" in XML::Compile::WSS.
SEE ALSO
This module is part of XML-Compile-WSS-Signature distribution version 2.02, built on July 16, 2016. Website: http://perl.overmeer.net/xml-compile/
Please post questions or ideas to the mailinglist at http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile . For live contact with other developers, visit the #xml-compile channel on irc.perl.org.
LICENSE
Copyrights 2012-2016 by [Mark Overmeer]. For other contributors see ChangeLog.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See http://www.perl.com/perl/misc/Artistic.html