Authen-NZRealMe
view release on metacpan or search on metacpan
lib/Authen/NZRealMe/XMLSig.pm view on Meta::CPAN
uri => $uri,
sign_method => '_create_signature_' . $name,
verify_method => '_verify_signature_' . $name,
};
$sig_alg_by_name{$name} = $signature_algorithm;
$sig_alg_by_uri{$uri} = $signature_algorithm;
}
sub _find_sig_alg {
my($self, $identifier) = @_;
my $sig_alg = $sig_alg_by_name{$identifier} // $sig_alg_by_uri{$identifier}
or die "Unknown signature algorithm: '$identifier'";
return $sig_alg;
}
sub _verify_signature {
my($self, $sig_alg, $plaintext, $signature) = @_;
my $method = $sig_alg->{verify_method}
or die "transform does not include method";
die "Unimplemented signature verification method: '$method'"
unless $self->can($method);
my $bin_sig = decode_base64($signature);
return $self->$method($plaintext, $bin_sig);
}
sub _create_signature {
my($self, $sig_alg, $plaintext) = @_;
my $method = $sig_alg->{sign_method}
or die "transform does not include method";
die "Unimplemented signature creation method: '$method'"
unless $self->can($method);
my $bin_sig = $self->$method($plaintext);
return encode_base64($bin_sig);
}
sub _verify_signature_rsa_sha1 {
my($self, $plaintext, $bin_sig) = @_;
my $rsa_pub_key = Crypt::OpenSSL::RSA->new_public_key($self->pub_key_text);
$rsa_pub_key->use_pkcs1_padding();
$rsa_pub_key->use_sha1_hash();
return $rsa_pub_key->verify($plaintext, $bin_sig);
}
sub _verify_signature_rsa_sha256 {
my($self, $plaintext, $bin_sig) = @_;
my $rsa_pub_key = Crypt::OpenSSL::RSA->new_public_key($self->pub_key_text);
$rsa_pub_key->use_pkcs1_oaep_padding();
$rsa_pub_key->use_sha256_hash();
return $rsa_pub_key->verify($plaintext, $bin_sig);
}
sub _create_signature_rsa_sha1 {
my($self, $plaintext) = @_;
my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($self->key_text);
$rsa_key->use_pkcs1_padding();
$rsa_key->use_sha1_hash();
return $rsa_key->sign($plaintext);
}
sub _create_signature_rsa_sha256 {
my($self, $plaintext) = @_;
my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($self->key_text);
$rsa_key->use_pkcs1_oaep_padding();
$rsa_key->use_sha256_hash();
return $rsa_key->sign($plaintext);
}
1;
__END__
=head1 SYNOPSIS
my $signer = Authen::NZRealMe->class_for('xml_signer')->new(
key_file => $path_to_private_key_file,
);
my $signed_xml = $signer->sign($xml, $target_id);
my $verifier = Authen::NZRealMe->class_for('xml_signer')->new(
pub_cert_text => $self->signing_cert_pem_data(),
);
$verifier->verify($xml);
=head1 METHODS
=head2 new( )
Constructor. Should not be called directly. Instead, call:
Authen::NZRealMe->class_for('xml_signer')->new( options );
Options are passed in as key => value pairs.
When creating digital signatures, a private key must be passed to the
constructor using either the C<key_text> or the C<key_file> option.
When verifying digital signatures, a public key is required. This may be
passed in using the C<pub_key_text> option or it will be extracted from the
X509 certificate provided in the C<pub_cert_text> or the C<pub_cert_file>
option.
Other recognised options are:
=over 4
=item C<c14n_method>
The canonicalisation method to use when creating a signature block. Default
is 'ec14n'.
=item C<include_x509_cert>
A boolean flag indicating whether the generated signature should include an
X509 representation of the certificate with public key required to verify the
signature.
=item C<signature_algorithm>
The signature algorithm to use when creating a signature block. Default
is 'rsa_sha1'.
=item C<reference_digest_method>
The digest method to use when creating a reference element in a signature
block. Default is 'sha1'.
=item C<reference_transforms>
The list of transforms to usewhen creating a reference element in a signature
block. Must be specified as an arrayref. Default is [ 'env_sig', 'ec14n' ].
=back
( run in 0.528 second using v1.01-cache-2.11-cpan-ceb78f64989 )