XML::Compile::WSS - OASIS Web Services Security
XML::Compile::WSS is extended by XML::Compile::WSS::BasicAuth XML::Compile::WSS::Signature XML::Compile::WSS::Timestamp
# This modules can be used "stand-alone" ==> my $schema = XML::Compile::Cache->new(...); my $auth = XML::Compile::WSS::BasicAuth->new (schema => $schema, username => $user, ...); my $elem = $auth->create($doc, $data); # ==> or as SOAP client my $wss = XML::Compile::SOAP::WSS->new; my $wsdl = XML::Compile::WSDL11->new($wsdlfn); my $auth = $wss->basicAuth(username => $user, ...); # once! # SOAP call, compile on demand my $answer = $wsdl->call($operation, wsse_Security => $auth, %data); # same, because "all" defined is default, $auth is in 'all' my $answer = $wsdl->call($operation, %data); # or SOAP call, explicit compile my $call = $wsdl->compileClient($operation); my $answer = $call->(%data);
The Web Services Security working group of W3C develops a set of standards which add signatures and encryption to XML.
This module implements features in the Security header. One header may contain more than one of these features:
Security
timestamps in XML::Compile::WSS::Timestamp
username/password authentication in XML::Compile::WSS::BasicAuth
signing of the body in XML::Compile::WSS::Signature
encryption is not yet supported. Please hire me to get it implemented.
Furthermore
you will certainly need the constants from XML::Compile::WSS::Util.
for SOAP use XML::Compile::SOAP::WSS to create above features.
-Option --Default prepare 'ALL' schema undef version undef wss_version <required>
Add the WSS extension information to the provided schema. If not provided at instantiation, you have to call loadSchemas() before compiling readers and writers.
Alternative for wss_version, but not always as clear.
wss_version
[1.0] Explicitly state which version WSS needs to be produced. You may use a version number. You may also use the MODULE name, which is a namespace constant, provided via ::Util. The only option is currently WSS11MODULE.
::Util
WSS11MODULE
Returns the schema used to implement this feature.
Returns the version number.
Check whether received $security information is correct. Each active WSS feature must check whether it finds information for it.
Adds some WSS element to $security. The $data is the structure which is passed to some writer (for instance, the $data which the user passes to the SOAP call). There is quite some flexibility in that structure, so should not be used, in general.
Returns a structure which can be used as timestamp, for instance in Created and Expires fields. This helper function will help you use these timestamp fields correctly.
Created
Expires
The WSU10 specification defines a free format timestamp. Of course, that is very impractical. Typically a "design by committee" decission. Also, the standard does not describe the ValueType field, which is often used to cover this design mistake.
example:
# Both will get ValueType="$xsd/dateTime" Created => time() # will get formatted Created => '2012-10-14T22:26:21Z' # autodected ValueType # Explicit formatting Created => { _ => 'this Christmas' , ValueType => 'http://per6.org/releasedates' }; # No ValueType added Created => '2012-11-01'
$schema must extend XML::Compile::Cache.
The $schema settings will may changed a little. For one, the allow_undeclared flag will be set. Also, any_element will be set to 'ATTEMPT' and mixed_elements to 'STRUCTURAL'.
allow_undeclared
any_element
mixed_elements
You can not mix multiple versions of WSS inside one $schema, because there will be too much confusion about prefixes.
Creates a hook for an XML producer (writer), to understand wsu:Id on elements of $type.
A huge number of specifications act in this field. Every self respecting company has contributed its own implementation into the field. A lot of this is not supported, but the list of constants should be complete in XML::Compile::WSS::Util.
XML Security Generic Hybrid Ciphers
http://www.w3.org/TR/2011/CR-xmlsec-generic-hybrid-20110303/, 3 March 2011
XML Signature Properties
http://www.w3.org/TR/2011/CR-xmldsig-properties-20110303/, 3 March 2011
XML Signature Syntax and Processing Version 1.1
http://www.w3.org/TR/2011/CR-xmldsig-core1-20110303/, 3 March 2011
SOAP message security
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf, March 2004
XML Signature Syntax and Processing (Second Edition)
http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/, 10 June 2008
RFC4050 Using the ECDSA for XML Digital Signatures
http://www.ietf.org/rfc/rfc4050.txt, april 2005
RFC4051 Additional XML Security Uniform Resource Identifiers (URIs)
http://www.ietf.org/rfc/rfc4051.txt, april 2005
XML Encryption Syntax and Processing
http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/, 10 December 2002
This module is part of XML-Compile-WSS distribution version 1.14, built on May 08, 2017. Website: http://perl.overmeer.net/xml-compile/
Please post questions or ideas to the mailinglist at http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile . For live contact with other developers, visit the #xml-compile channel on irc.perl.org.
#xml-compile
irc.perl.org
Copyrights 2011-2017 by [Mark Overmeer]. For other contributors see ChangeLog.
This program is free software; you can redistribute it and/or modify it under the Artistic license. See http://dev.perl.org/licenses/artistic.html
To install XML::Compile::WSS, copy and paste the appropriate command in to your terminal.
cpanm
cpanm XML::Compile::WSS
CPAN shell
perl -MCPAN -e shell install XML::Compile::WSS
For more information on module installation, please visit the detailed CPAN module installation guide.