=head1 NAME
XML::Compile::WSS::Sign - Base for WSS Signers
=head1 INHERITANCE
XML::Compile::WSS::Sign is extended by
XML::Compile::WSS::Sign::RSA
=head1 SYNOPSIS
# either
use XML::Compile::WSS::Util qw/DSIG_RSA_SHA1/;
my $sign = XML::Compile::WSS::Sign->new
( type => DSIG_RSA_SHA1
, private_key => $key
, ...
);
# or
use XML::Compile::WSS::Sign::RSA;
my $sign = XML::Compile::WSS::Sign::RSA->new
( hashing => 'SHA1'
, private_key => $key
, ...
);
=head1 DESCRIPTION
=head2 Supported signers
=over 4
=item * RSA
=back
Hire me to implement other signers!
=head1 METHODS
=head2 Constructors
=over 4
=item XML::Compile::WSS::Sign-E<gt>B<fromConfig>(CONFIG, [PRIVKEY])
Try to be very flexible. CONFIG can be a HASH, which could also be
passed to L<new()|XML::Compile::WSS::Sign/"Constructors"> directly. But it can also be various kinds of
objects.
=item XML::Compile::WSS::Sign-E<gt>B<new>(OPTIONS)
-Option--Default
type DSIG_RSA_SHA1
=over 2
=item type => TYPE
=back
=back
=head2 Attributes
=over 4
=item $obj-E<gt>B<type>()
=back
=head2 Handlers
=over 4
=item $obj-E<gt>B<check>(TOKEN, ref-BYTES, SIGNATURE)
Use TOKEN to check whether the BYTES (passed by reference) match the
SIGNATURE. TOKEN is signer specific.
=item $obj-E<gt>B<sign>(ref-BYTES)
Returns a SIGNATURE
=back
=head1 DETAILS
=head2 Signing, the generic part
The base of this whole security protocol is crypto-signing the messages,
so you will always need to specify some parameters for L<new()|XML::Compile::WSS::Sign/"Constructors">.
my $wss = XML::Compile::WSS::Signature->new
( signer => DSIG_$algo
, ...parameters for $algo...
);
When the algorithm is known (see the next sections of this chapter),
then the parameters will be used to produce the CODE which will do the
signing.
=head2 Defend against man-in-the-middle
The signature can easily be spoofed with a man-in-the-middle attack,
unless you hard-code the remote's public key.
my $wss = XML::Compile::WSS::Signature->new
( ...
, remote_token => $token
);
=head1 SEE ALSO
This module is part of XML-Compile-WSS-Signature distribution version 0.91,
built on November 19, 2012. Website: F<http://perl.overmeer.net/xml-compile/>
Other distributions in this suite:
L<XML::Compile>,
L<XML::Compile::SOAP>,
L<XML::Compile::SOAP12>,
L<XML::Compile::SOAP::Daemon>,
L<XML::Compile::SOAP::WSA>,
L<XML::Compile::C14N>,
L<XML::Compile::WSS>,
L<XML::Compile::WSS::Signature>,
L<XML::Compile::Tester>,
L<XML::Compile::Cache>,
L<XML::Compile::Dumper>,
L<XML::Compile::RPC>,
L<XML::Rewrite>,
L<XML::eXistDB>,
and
L<XML::LibXML::Simple>.
Please post questions or ideas to the mailinglist at
F<http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile>
For live contact with other developers, visit the C<#xml-compile> channel
on C<irc.perl.org>.
=head1 LICENSE
Copyrights 2012 by [Mark Overmeer]. For other contributors see ChangeLog.
This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
See F<http://www.perl.com/perl/misc/Artistic.html>