Mark Overmeer > XML-Compile-WSS-Signature-0.90 > XML::Compile::WSS::Sign

Download:
XML-Compile-WSS-Signature-0.90.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  0
View/Report Bugs
Module Version: 0.90   Source   Latest Release: XML-Compile-WSS-Signature-2.01

NAME ^

XML::Compile::WSS::Sign - Base for WSS Signers

INHERITANCE ^

 XML::Compile::WSS::Sign is extended by
   XML::Compile::WSS::Sign::RSA

SYNOPSIS ^

  # either
  use XML::Compile::WSS::Util qw/DSIG_RSA_SHA1/;
  my $sign = XML::Compile::WSS::Sign->new
    ( type        => DSIG_RSA_SHA1
    , private_key => $key
    , ...
    );

  # or
  use XML::Compile::WSS::Sign::RSA;
  my $sign = XML::Compile::WSS::Sign::RSA->new
    ( hashing     => 'SHA1'
    , private_key => $key
    , ...
    );

DESCRIPTION ^

Supported signers

Hire me to implement other signers!

METHODS ^

Constructors

XML::Compile::WSS::Sign->fromConfig(CONFIG, [PRIVKEY])

Try to be very flexible. CONFIG can be a HASH, which could also be passed to new() directly. But it can also be various kinds of objects.

XML::Compile::WSS::Sign->new(OPTIONS)
 -Option--Default
  type    DSIG_RSA_SHA1
type => TYPE

Attributes

$obj->type()

Handlers

$obj->check(TOKEN, ref-BYTES, SIGNATURE)

Use TOKEN to check whether the BYTES (passed by reference) match the SIGNATURE. TOKEN is signer specific.

$obj->sign(ref-BYTES)

Returns a SIGNATURE

DETAILS ^

Signing, the generic part

The base of this whole security protocol is crypto-signing the messages, so you will always need to specify some parameters for new().

  my $wss  = XML::Compile::WSS::Signature->new
    ( signer => DSIG_$algo
    , ...parameters for $algo...
    );

When the algorithm is known (see the next sections of this chapter), then the parameters will be used to produce the CODE which will do the signing.

Defend against man-in-the-middle

The signature can easily be spoofed with a man-in-the-middle attack, unless you hard-code the remote's public key.

  my $wss  = XML::Compile::WSS::Signature->new
    ( ...
    , remote_token          => $token
    );

SEE ALSO ^

This module is part of XML-Compile-WSS-Signature distribution version 0.90, built on November 05, 2012. Website: http://perl.overmeer.net/xml-compile/

Other distributions in this suite: XML::Compile, XML::Compile::SOAP, XML::Compile::SOAP12, XML::Compile::SOAP::Daemon, XML::Compile::SOAP::WSA, XML::Compile::C14N, XML::Compile::WSS, XML::Compile::WSS::Signature, XML::Compile::Tester, XML::Compile::Cache, XML::Compile::Dumper, XML::Compile::RPC, XML::Rewrite, XML::eXistDB, and XML::LibXML::Simple.

Please post questions or ideas to the mailinglist at http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile

For live contact with other developers, visit the #xml-compile channel on irc.perl.org.

LICENSE ^

Copyrights 2012 by [Mark Overmeer]. For other contributors see ChangeLog.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See http://www.perl.com/perl/misc/Artistic.html

syntax highlighting: