Mark Overmeer > XML-Compile-WSS-Signature > XML::Compile::WSS::Signature

Download:
XML-Compile-WSS-Signature-2.01.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  0
View/Report Bugs
Module Version: 2.01   Source  

NAME ^

XML::Compile::WSS::Signature - WSS Signatures

INHERITANCE ^

 XML::Compile::WSS::Signature
   is a XML::Compile::WSS

SYNOPSIS ^

WARNING: Only limited real-life experience. Many optional extensions have never been tried.

 # You may need a few of these
 use XML::Compile::WSS::Util  qw/:dsig/;
 use XML::Compile::C14N::Util qw/:c14n/;

 # This modules van be used "stand-alone" ...
 my $schema = XML::Compile::Cache->new(...);
 my $sig    = XML::Compile::WSS::Signature->new
   (sign_method => DSIG_RSA_SHA1, ...);

 # ... or as SOAP slave (strict order of object creation!)
 my $wss    = XML::Compile::SOAP::WSS->new;
 my $wsdl   = XML::Compile::WSDL11->new($wsdlfn);
 my $sig    = $wss->signature(sign_method => ...);

DESCRIPTION ^

The generic Web Service Security protocol is implemented by the super class XML::Compile::WSS. This extension implements cypto signatures.

On this moment, there are two versions of this standard:

http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
http://www.w3.org/TR/xmldsig-core2/

One or more elements of the document can be selected to be signed. They are canonalized (serialized in a well-described way) and then digested (usually via SHA1). The digest is put in a SignedInfo component of the Signature feature in the Security header. When all digests are in place, the whole SignedInfo structure

See documentation in the base class.

Limitations

Many companies have their own use of the pile of standards for this feature. Some of the resulting limitations are known by the author:

METHODS ^

See documentation in the base class.

Constructors

See documentation in the base class.

XML::Compile::WSS::Signature->new(OPTIONS)

The OPTIONS you provisw here, will also end-up as

 -Option      --Defined in       --Default
  checker                          undef
  key_info                         {}
  prepare       XML::Compile::WSS  'ALL'
  remote_token                     undef
  schema        XML::Compile::WSS  undef
  sign_types                       <required>
  signed_info                      {}
  signer                           DSIG_RSA_SHA1
  token                            <depends on sign_method>
  version       XML::Compile::WSS  undef
  wss_version   XML::Compile::WSS  '1.1'
checker => OBJECT|HASH|TYPE

The signer object with server information, anything what is accepted by XML::Compile::WSS::Sign::fromConfig(). When provided, we do not need to collect the information from the incoming messages.

key_info => HASH

Read XML::Compile::WSS::KeyInfo::new()

prepare => 'READER'|'WRITER'|'ALL'|'NONE'
remote_token => OBJECT|HASH|FILENAME

To defend against man-in-the-middle attacks, you need to specify the server's public key. When specified, that key will be used to verify the signature, not the one listed in the XML response.

Only when this remote_token is specified, we will require the signature. Otherwise, the check of the signature will only be performed when a Signature is available in the Security header.

schema => an XML::Compile::Cache object
sign_types => ARRAY

Specify the types of elements which need to be signed. If you have more elements of the same type, they will all get signed.

signed_info => HASH

Settings for the SignedInfo structure. Read XML::Compile::WSS::SignedInfo::new()

signer => OBJECT|HASH|TYPE

The client-side signer object, anything what is accepted by XML::Compile::WSS::Sign::fromConfig().

token => OBJECT|HASH|FILENAME

The token, anything which is accepted by XML::Compile::WSS::SecToken::fromConfig(). This contains at least the public information.

version => STRING
wss_version => '1.1'|MODULE

Attributes

See documentation in the base class.

$obj->keyInfo()
$obj->schema()

See "Attributes" in XML::Compile::WSS

$obj->signedInfo()
$obj->signer()
$obj->wssVersion()

See "Attributes" in XML::Compile::WSS

Security Tokens

To prove the signature, there usually is some security token. This token may (or may not) be included in the SOAP message itself.

$obj->remoteToken()

Returns the security token of the server, which is an XML::Compile::WSS::SecToken object. Either, this token is provided by new(remote_token), to taken from the first message.

$obj->token()

Returns the security token, which is an XML::Compile::WSS::SecToken object.

Apply

See documentation in the base class.

$obj->check(SECURITY)

See "Apply" in XML::Compile::WSS

$obj->create(DOC, SECURITY, DATA)

See "Apply" in XML::Compile::WSS

Helpers

See documentation in the base class.

$obj->dateTime(TIME|STRING|HASH)

See "Helpers" in XML::Compile::WSS

Internals

See documentation in the base class.

$obj->loadSchemas(SCHEMA, VERSION)
XML::Compile::WSS::Signature->loadSchemas(SCHEMA, VERSION)

See "Internals" in XML::Compile::WSS

$obj->writerHookWsuId(TYPE)

See "Internals" in XML::Compile::WSS

DETAILS ^

See documentation in the base class.

SEE ALSO ^

This module is part of XML-Compile-WSS-Signature distribution version 2.01, built on October 11, 2013. Website: http://perl.overmeer.net/xml-compile/

Other distributions in this suite: XML::Compile, XML::Compile::SOAP, XML::Compile::SOAP12, XML::Compile::SOAP::Daemon, XML::Compile::SOAP::WSA, XML::Compile::C14N, XML::Compile::WSS, XML::Compile::WSS::Signature, XML::Compile::Tester, XML::Compile::Cache, XML::Compile::Dumper, XML::Compile::RPC, XML::Rewrite and XML::LibXML::Simple.

Please post questions or ideas to the mailinglist at http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile . For live contact with other developers, visit the #xml-compile channel on irc.perl.org.

LICENSE ^

Copyrights 2012-2013 by [Mark Overmeer]. For other contributors see ChangeLog.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See http://www.perl.com/perl/misc/Artistic.html

syntax highlighting: