NAME
XML::Compile::WSS::Signature - WSS Signatures
INHERITANCE
XML::Compile::WSS::Signature
is a XML::Compile::WSSSYNOPSIS
WARNING: Only limited real-life experience. Many optional extensions have never been tried.
# You may need a few of these
use XML::Compile::WSS::Util qw/:dsig/;
use XML::Compile::C14N::Util qw/:c14n/;
# This modules van be used "stand-alone" ...
my $schema = XML::Compile::Cache->new(...);
my $sig = XML::Compile::WSS::Signature->new
(sign_method => DSIG_RSA_SHA1, ...);
# ... or as SOAP slave (strict order of object creation!)
my $wss = XML::Compile::SOAP::WSS->new;
my $wsdl = XML::Compile::WSDL11->new($wsdlfn);
my $sig = $wss->signature(sign_method => ...);DESCRIPTION
The generic Web Service Security protocol is implemented by the super class XML::Compile::WSS. This extension implements cypto signatures.
On this moment, there are two versions of this standard:
One or more elements of the document can be selected to be signed. They are canonalized (serialized in a well-described way) and then digested (usually via SHA1). The digest is put in a SignedInfo component of the Signature feature in the Security header. When all digests are in place, the whole SignedInfo structure
See documentation in the base class.
Limitations
Many companies have their own use of the pile of standards for this feature. Some of the resulting limitations are known by the author:
digests
Only digest algorithms which are provided via the Digest module are supported for the elements to be signed.
signatures
Only a limited subset of signing (algoritm, hash) combinations are supported. Lower on this page, you find details about each of the provided signing implementations.
METHODS
See documentation in the base class.
Constructors
See documentation in the base class.
- XML::Compile::WSS::Signature->new(OPTIONS)
-
The OPTIONS you provisw here, will also end-up as
-Option --Defined in --Default checker undef key_info {} prepare XML::Compile::WSS 'ALL' remote_token undef schema XML::Compile::WSS undef sign_types <required> signed_info {} signer DSIG_RSA_SHA1 token <depends on sign_method> version XML::Compile::WSS undef wss_version XML::Compile::WSS '1.1'- checker => OBJECT|HASH|TYPE
-
The signer object with server information, anything what is accepted by XML::Compile::WSS::Sign::fromConfig(). When provided, we do not need to collect the information from the incoming messages.
- key_info => HASH
- prepare => 'READER'|'WRITER'|'ALL'|'NONE'
- remote_token => OBJECT|HASH|FILENAME
-
To defend against man-in-the-middle attacks, you need to specify the server's public key. When specified, that key will be used to verify the signature, not the one listed in the XML response.
Only when this
remote_tokenis specified, we will require the signature. Otherwise, the check of the signature will only be performed when a Signature is available in the Security header. - schema => an XML::Compile::Cache object
- sign_types => ARRAY
-
Specify the types of elements which need to be signed. If you have more elements of the same type, they will all get signed.
- signed_info => HASH
-
Settings for the SignedInfo structure. Read XML::Compile::WSS::SignedInfo::new()
- signer => OBJECT|HASH|TYPE
-
The client-side signer object, anything what is accepted by XML::Compile::WSS::Sign::fromConfig().
- token => OBJECT|HASH|FILENAME
-
The token, anything which is accepted by XML::Compile::WSS::SecToken::fromConfig(). This contains at least the public information.
- version => STRING
- wss_version => '1.1'|MODULE
Attributes
See documentation in the base class.
Security Tokens
To prove the signature, there usually is some security token. This token may (or may not) be included in the SOAP message itself.
- $obj->remoteToken()
-
Returns the security token of the server, which is an XML::Compile::WSS::SecToken object. Either, this token is provided by new(remote_token), to taken from the first message.
- $obj->token()
-
Returns the security token, which is an XML::Compile::WSS::SecToken object.
Apply
See documentation in the base class.
Helpers
See documentation in the base class.
Internals
See documentation in the base class.
- $obj->loadSchemas(SCHEMA, VERSION)
- XML::Compile::WSS::Signature->loadSchemas(SCHEMA, VERSION)
- $obj->writerHookWsuId(TYPE)
DETAILS
See documentation in the base class.
SEE ALSO
This module is part of XML-Compile-WSS-Signature distribution version 2.01, built on October 11, 2013. Website: http://perl.overmeer.net/xml-compile/
Other distributions in this suite: XML::Compile, XML::Compile::SOAP, XML::Compile::SOAP12, XML::Compile::SOAP::Daemon, XML::Compile::SOAP::WSA, XML::Compile::C14N, XML::Compile::WSS, XML::Compile::WSS::Signature, XML::Compile::Tester, XML::Compile::Cache, XML::Compile::Dumper, XML::Compile::RPC, XML::Rewrite and XML::LibXML::Simple.
Please post questions or ideas to the mailinglist at http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile . For live contact with other developers, visit the #xml-compile channel on irc.perl.org.
LICENSE
Copyrights 2012-2013 by [Mark Overmeer]. For other contributors see ChangeLog.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See http://www.perl.com/perl/misc/Artistic.html