Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

RSA lib called within XML::Sig fails to verify XML Signature genarated from windows

by sujathagkn (Initiate)
on Jun 02, 2017 at 13:55 UTC ( [id://1191954]=perlquestion: print w/replies, xml ) Need Help??

sujathagkn has asked for the wisdom of the Perl Monks concerning the following question:

Hi I have a requirement to validate the SAML Assertion XML Signature generated in Windows Identity Foundation (WIF) from the Perl script. I tried to implement this by loading the Assertion XML generated from WIF and calling verify on XML::Sig Perl module as shown below 

$xml = XML::LibXML->load_from_file(..);
my $signer = XML::Sig->new({
x509=>1
   });
If($signer->verify($xml)) {
}
Eg Assertion XML from WIF:
  <Assertion ID="abc">
    <bar>123</bar>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
      <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:sam
+lp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.o
+rg/2001/04/xmlenc#">
        <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/R
+EC-xml-c14n-20010315#WithComments" />
        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#
+rsa-sha1" />
        <Reference URI="#abc">
          <Transforms>
            <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#en
+veloped-signature" />
          </Transforms>
          <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#s
+ha1" />
          <DigestValue>9kpmrvv3peVJpNSTRycrV+jeHVY=</DigestValue>
        </Reference>
      </SignedInfo>
      <SignatureValue>
        HXUBnMgPJf//j4ihaWnaylNwAR5AzDFY83HljFIlLmTqX1w1C72ZTuRObvYve8
+TNEbVsQlTQkj4R
        hiY0pgIMQUb75GLYFtc+f0Y.......xwCdyGsIZOIZdQ8MWpeQrifxBR0d8W1Z
+m6ix21WNv
        ONt575h7VxLKw8BDhNPS0p8CS3hOnSk29stpiDMCHFPxAwrbKVL1kGDLaLZn1q
+8nNRmH8oFxG15l
        UmS3JXDZAss8gZhU7g9T4XllCqjrAvzPLOFdeQ==
      </SignatureValue>
      <KeyInfo>
        <X509Data><X509Certificate>
MIICajCCAdOgAwIBAgIBADANBg.....00m0YZGyc4LzgD0CROMASTWNg==</X509Certif
+icate></X509Data>
</KeyInfo>
  
    </Signature>
  </Assertion>

[download]

WIF from windows is adding the pem content of the X509 Pub Certificate content to the X509Certificate tag. But when the above xml is loaded for signature verification XML::Sig throws an error "OpenSSL error: bad base64 decode". After going through the XML::Sig and Crypt::OpenSSL::RSA modules found that the expected value in X509Certificate is "RSA Public key”, it does not support X500 pem content.

So tried placing RSA public key within the X509 Certificate and called XML::Sig->verify , but the verify function never returned true. Can you please help me what am I missing here. Is the windows signed XML can be verified from Linux (Redhat 5.x)? Please share any hints/thoughts in getting the signature verification working in Perl. Thanks Sujatha

  • Comment on RSA lib called within XML::Sig fails to verify XML Signature genarated from windows
  • Download Code

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1191954]
Approved by stevieb
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (5)
As of 2024-04-24 12:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found