XML-LibXML-xmlsec
view release on metacpan or search on metacpan
examples/a.xml view on Meta::CPAN
<?xml version="1.0"?>
<Keys xmlns="http://www.aleksey.com/xmlsec/2002">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyValue>
<RSAKeyValue>
<Modulus>
shsF7sQ/geqW9cv/8ArtK9umdP7oV5B3i2lRxGPTgFExb7auTyhwKQv71ZVZ4pXa
UOTFtqPubfPvipP++WhMMi9PmaIO8bUmU4YYpZLrLGFbFBwJeJd4f3KISJpz4xz0
/wGQPtvUiEjQZfNAX41rAhy7EYeflkMlKlA4M3WDc3U=
</Modulus>
<Exponent>
AQAB
</Exponent>
examples/hello-ready.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<Data id="hello">
<content>Hello world</content>
</Data>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#hello">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue/>
<ds:KeyInfo>
<ds:KeyName>key.pem</ds:KeyName>
<ds:KeyValue />
<ds:X509Data>
<ds:X509Certificate/>
</ds:X509Data>
examples/keystore.xml view on Meta::CPAN
<?xml version="1.0"?>
<Keys xmlns="http://www.aleksey.com/xmlsec/2002">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>noname</KeyName>
<KeyValue>
<RSAKeyValue>
<Modulus>
shsF7sQ/geqW9cv/8ArtK9umdP7oV5B3i2lRxGPTgFExb7auTyhwKQv71ZVZ4pXa
UOTFtqPubfPvipP++WhMMi9PmaIO8bUmU4YYpZLrLGFbFBwJeJd4f3KISJpz4xz0
/wGQPtvUiEjQZfNAX41rAhy7EYeflkMlKlA4M3WDc3U=
</Modulus>
<Exponent>
AQAB
examples/signed.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<Data id="hello">
<content>Hello world</content>
</Data>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#hello">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>H8+/9SNyFIQUr3D4ivpWwCjRwAU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>gROBCm94jxE8tmSWiVD5Mg7V4PAg2z9720OkifhdZQ6o8BLhfO0T9tr7H/Buscdg
HIQUY4waNbQu3r3076WasOH8iMwXb7ffzbshhBWU73juGnXZBoLZ8chWR9To6C3w
BGwx18j9s4azI0ldh8P0atFda1SqCLHxLCjtZO/bn4A=</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>key.pem</ds:KeyName>
<ds:KeyValue>
<ds:RSAKeyValue>
examples/verify.pl view on Meta::CPAN
#!/usr/bin/perl
use strict;
use warnings;
use XML::LibXML::xmlsec;
my $signeddoc= <<"EOX";
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<Data id="hello">
<content>Hello world</content>
</Data>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#hello">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>H8+/9SNyFIQUr3D4ivpWwCjRwAU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>gROBCm94jxE8tmSWiVD5Mg7V4PAg2z9720OkifhdZQ6o8BLhfO0T9tr7H/Buscdg
HIQUY4waNbQu3r3076WasOH8iMwXb7ffzbshhBWU73juGnXZBoLZ8chWR9To6C3w
BGwx18j9s4azI0ldh8P0atFda1SqCLHxLCjtZO/bn4A=</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>key.pem</ds:KeyName>
<ds:KeyValue>
<ds:RSAKeyValue>
examples/verify.pl view on Meta::CPAN
<ds:X509Data>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</Envelope>
EOX
my $tampered= <<"EOX";
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<Data id="hello">
<content>Hello world!</content>
</Data>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#hello">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>H8+/9SNyFIQUr3D4ivpWwCjRwAU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>gROBCm94jxE8tmSWiVD5Mg7V4PAg2z9720OkifhdZQ6o8BLhfO0T9tr7H/Buscdg
HIQUY4waNbQu3r3076WasOH8iMwXb7ffzbshhBWU73juGnXZBoLZ8chWR9To6C3w
BGwx18j9s4azI0ldh8P0atFda1SqCLHxLCjtZO/bn4A=</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>key.pem</ds:KeyName>
<ds:KeyValue>
<ds:RSAKeyValue>
lib/XML/LibXML/xmlsec.pm view on Meta::CPAN
signdoc will compute the digital signature and then add it as contents to the XML document.
The argument is expected to be a signature envelope as a well behaved L<LibXML::Document|https://metacpan.org/pod/distribution/XML-LibXML/lib/XML/LibXML/Document.pod>
already setup with the algorithm identifiers and the signature placeholder.
The options are as follows
=over 1
=item id => 'mydoc' indicates the id of the xml element subject of the signature
=item start => <libxml node> indicates a starting Signature o dsig:Signature of the signing process
=item id-attr => 'ID' indicates the name of the id attribute applied. Default lowercase 'id'
=item id-node => 'mytagname' indicates the tag name of the xml element subject of the signature
=back
id-attr and id-node are provided as tweaks in order to be able to sign a DTD-less documents in the same way the option --id-attr works in xmlsec1 utility
=head2 $signer->verifydoc($xmldoc, %options);
lib/XML/LibXML/xmlsec.pm view on Meta::CPAN
=item *
xmlsec has a strong libxml2 binding. This module will accept XML::LibXML handles, but in turn
will do processing in the underlying xmlsec/libxml2 C libraries.
=back
=head1 SEE ALSO
See L<W3C XML signature definition|https://www.w3.org/TR/xmldsig-core/>.
See L<W3C XML encryption definition|https://www.w3.org/TR/xmlenc-core/>.
The original xmlsec library has a webpage at L<https://www.aleksey.com/xmlsec/>
=head1 AUTHOR
Erich Strelow, E<lt>hstrelo@puc.clE<gt>
=head1 COPYRIGHT AND LICENSE
This library is free software; you can redistribute it and/or modify
t/02-signkey.t view on Meta::CPAN
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDB1tclX+q/bcDRuB/Uzu7rjECN
oy7qxEPSm+1lAXnG9jRvGji5ELz7GF9vX+kWkc2s+8AncCxvHiJTekkoj48YIYhx
9gLDUDkcWbAFyYcrewmN3Ij4uptLacGSOGSRbrDFyqK1M44BMixcIu9mNa+iZSOM
wfbedG8twTqYW9ErkQIDAQAB
-----END PUBLIC KEY-----
PEM
my $xml= <<"EOX";
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<Data ID="hello">
<content>Hello world</content>
</Data>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#hello">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue/>
<ds:KeyInfo>
<ds:KeyName>key.pem</ds:KeyName>
<ds:KeyValue />
<ds:X509Data>
<ds:X509Certificate/>
</ds:X509Data>
W6yvtJVJdBFfwH569Jdplf264fESKEcNyKU6Cift0D9oD7YZK7oaopAvBmZbJ0Ws
zoq+6197T7+hCdBjJyyVSwmAVIp+d4LkzCFlSR804ZZ63lJ80lFAopyJ5OpVJWWz
41SFHA75RakSOQABj+2vuSJ9p2jvfeO1tsolcU59I3ks2kX8JWdwoEiKfQVOlZGk
AC4Ss3TqjmgQbjXzoTBQB9lpEIuqRzZwfaj1vGeJgE/95hJznUL8Ff6OGuvKf5nX
-----END RSA PRIVATE KEY-----
PEM
my $xml= <<"EOX";
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<Data ID="hello">
<content>Hello world</content>
</Data>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#hello">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue/>
<ds:KeyInfo>
<ds:KeyName>key.pem</ds:KeyName>
<ds:KeyValue />
<ds:X509Data>
<ds:X509Certificate/>
</ds:X509Data>
t/04-envelope.t view on Meta::CPAN
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDB1tclX+q/bcDRuB/Uzu7rjECN
oy7qxEPSm+1lAXnG9jRvGji5ELz7GF9vX+kWkc2s+8AncCxvHiJTekkoj48YIYhx
9gLDUDkcWbAFyYcrewmN3Ij4uptLacGSOGSRbrDFyqK1M44BMixcIu9mNa+iZSOM
wfbedG8twTqYW9ErkQIDAQAB
-----END PUBLIC KEY-----
PEM
my $xml= <<"EOX";
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<Data ID="hello">
<content>Hello world</content>
</Data>
</Envelope>
EOX
sub checkvalue($$$) {
my $doc=shift();
my $path=shift();
t/data/envelope.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<Data ID="hello">
<content>Hello world</content>
</Data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#hello">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<KeyName/>
</KeyInfo>
</Signature></Envelope>
t/data/hello.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<Data ID="hello">
<content>Hello world</content>
</Data>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#hello">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue/>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue/>
<ds:KeyInfo>
<ds:KeyName>key.pem</ds:KeyName>
<ds:KeyValue/>
<ds:X509Data>
<ds:X509Certificate/>
</ds:X509Data>
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmldsig.h>
#include <xmlsec/openssl/app.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/errors.h>
#include <xmlsec/templates.h>
#include "perl-libxml-mm.h"
#include "EXTERN.h"
#include "perl.h"
#include "XSUB.h"
xmlDocPtr real_doc;
xmlAttrPtr attr;
xmlNodePtr startNode;
if (id == NULL) {
croak( "id must be specified");
}
xmlSecKeysMngrPtr pkm=INT2PTR(xmlSecKeysMngrPtr, mgr);
xmlSecDSigCtx dsigCtx;
ret=xmlSecDSigCtxInitialize(&dsigCtx, pkm);
if (ret < 0) {
croak("Error xmlSecDSigCtxInitialize fail");
}
real_doc=(xmlDocPtr) PmmSvNode(doc);
if (real_doc == NULL) {
croak("Error: failed to get libxml doc");
}
/* find starting node by id */
attr = xmlGetID(real_doc, id);
if (attr == NULL) {
croak("Error: xmlsec fail to find starting node");
}
startNode = xmlSecFindNode(attr->parent, "Signature", "http://www.w3.org/2000/09/xmldsig#");
if (startNode == NULL)
{
croak( "Error: xmlsec fail to find Signature node");
}
ret=xmlSecDSigCtxSign(&dsigCtx, startNode);
if (ret < 0)
{
croak("Error xmlsec signature failed");
}
xmlSecDSigCtxFinalize(&dsigCtx);
RETVAL=ret;
OUTPUT:
RETVAL
int
XmlSecSign(self,doc,mgr,node)
HV * self
SV * doc
xmlNodePtr startNode= PmmSvNodeExt(node,0);
if (node == NULL) {
croak("Starting node missing");
}
xmlDocPtr real_doc=(xmlDocPtr) PmmSvNode(doc);
if (real_doc == NULL) {
croak("Error: failed to get libxml doc");
}
xmlSecKeysMngrPtr pkm=INT2PTR(xmlSecKeysMngrPtr, mgr);
xmlSecDSigCtx dsigCtx;
ret=xmlSecDSigCtxInitialize(&dsigCtx, pkm);
if (ret < 0) {
croak("Error xmlSecDSigCtxInitialize fail");
}
ret=xmlSecDSigCtxSign(&dsigCtx, startNode);
if (ret < 0)
{
croak("Error xmlsec signature failed");
}
xmlSecDSigCtxFinalize(&dsigCtx);
RETVAL=ret;
OUTPUT:
RETVAL
int
XmlSecVerify(self,doc,mgr, id)
HV * self
xmlDocPtr real_doc;
xmlAttrPtr attr;
xmlNodePtr startNode;
if (id == NULL) {
croak( "id must be specified");
}
xmlSecKeysMngrPtr pkm=INT2PTR(xmlSecKeysMngrPtr, mgr);
xmlSecDSigCtx dsigCtx;
ret=xmlSecDSigCtxInitialize(&dsigCtx, pkm);
if (ret < 0) {
croak("Error xmlSecDSigCtxInitialize fail");
}
real_doc=(xmlDocPtr) PmmSvNode(doc);
if (real_doc == NULL) {
croak("Error: failed to get libxml doc");
}
attr = xmlGetID(real_doc, id);
if (attr == NULL) {
croak("Error: xmlsec fail to find starting node");
}
startNode = xmlSecFindNode(attr->parent, "Signature", "http://www.w3.org/2000/09/xmldsig#");
if (startNode == NULL)
{
croak( "Error: xmlsec fail to find Signature node");
}
//I reset the error msg
MY_CXT.sLastMsg[0]=(char)0;
xmlSecErrorsSetCallback (&MyErrorsCallback);
ret=xmlSecDSigCtxVerify(&dsigCtx, startNode);
xmlSecErrorsSetCallback(&xmlSecErrorsDefaultCallback);
if (ret < 0)
{ croak("Error: xmlSecDSigCtxVerify fail");
RETVAL=ret;
} else {
ret=dsigCtx.status;
}
RETVAL=ret;
OUTPUT:
RETVAL
char *
lastmsg(self)
SV * self
PREINIT:
( run in 1.639 second using v1.01-cache-2.11-cpan-71847e10f99 )