XML::Compile::WSS::KeyInfo - handling WSS key info structures
# Not for end-users my $sig = XML::Compile::WSS::Signature->new(key_info => $config); my $ki = $sig->keyInfo;
The specifications define at least 10 different ways to provide security keys to the messages. This module implements the logic to read and write tokens and keyinfo references to these tokens in the XML message.
Take default values to be used with the readers and writers, which are created by this object. So, the configuration contains all parameters to builder()
End-user should use XML::Compile::WSS::Signature::new(key_info) to pass a HASH of %options. These options do not have accessors (yet).
-Option --Default fingerprint undef name undef uri undef
Not for end-users. Returns a CODE which will be called to produce the token representation in some output message.
-Option --Default publish_token 'SECTOKREF_URI'
How to publish the security token. The INCLUDE_BY_REF constant will add the token as BinarySecurityToken in the message, plus a keyinfo structure with a reference to that token. See "DETAILS" about the various choices and additional options they imply.
INCLUDE_BY_REF
Not for end-users. Returns a CODE which needs to be called with a parsed incoming message.
On the top level, we have the following options:
keyinfo_id STRING an xsd:ID value for the Id attribute (namespaceless)
This key-info type inlines one or more X509 certificates, in base64 encoding.
Additional options:
x509data_type TYPE read below, default ASN1DER
When you use the X509DATA method to publish your key, you can specify the x509data_type
X509DATA
x509data_type
SERIAL issuer name and cert serial number SKI subject key identifier (subject hash) SUBJECT subject name ASN1DER base64 encoded full public certificate CRL certification revocation list not supported (yet)
As example, you may look at Net::Domain::SMD::Schema, which uses this key storage model for an enveloped signature.
The wsse:SecurityTokenReference structure contains various other constructs. They share the following options:
wsse:SecurityTokenReference
sectokref_id the wsu:Id of the SecurityTokenReference usage list of URIs
(At least) used in EncryptedKeys structures. The "ThumbprintSHA1" is the SHA1 of the fingerprint of an key.
Example:
<wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">+tkVcx0cyPfbKrQtVePbC98Kjc0=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo>
Options and defaults:
keyid_value WSM11_PRINT_SHA1 keyid_encoding WSM10_BASE64 keyident_id the wsu:Id of the KeyIdentifier
Creates a KeyInfo structure which refers to the key via an URI. But, this will also add the BinarySecurityToken to the Security header, if not yet present.
<ds:KeyInfo Id="KI-1"> <wsse:SecurityTokenReference wsu:Id="STR-2"> <wsse:Reference URI="#X509-3" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> <wsse:Security <wsse:BinarySecurityToken wsu:Id="X509-3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> MIIB..akDNgQ== </wsse:BinarySecurityToken> </wsse:Security>
sectokref_uri Relative or absolute URI
This module is part of XML-Compile-WSS-Signature distribution version 2.02, built on July 16, 2016. Website: http://perl.overmeer.net/xml-compile/
Please post questions or ideas to the mailinglist at http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile . For live contact with other developers, visit the #xml-compile channel on irc.perl.org.
#xml-compile
irc.perl.org
Copyrights 2012-2016 by [Mark Overmeer]. For other contributors see ChangeLog.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See http://www.perl.com/perl/misc/Artistic.html
To install XML::Compile::WSS::Signature, copy and paste the appropriate command in to your terminal.
cpanm
cpanm XML::Compile::WSS::Signature
CPAN shell
perl -MCPAN -e shell install XML::Compile::WSS::Signature
For more information on module installation, please visit the detailed CPAN module installation guide.