Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

XML Signature Validation in Perl

by chora_sid (Novice)
on Feb 24, 2018 at 15:07 UTC ( [id://1209902]=perlquestion: print w/replies, xml ) Need Help??

chora_sid has asked for the wisdom of the Perl Monks concerning the following question:

I am working on SAML Authentication through ADFS. Code is in Perl CGI and I am relatively new to Perl CGI.

I am able to get SAMLResponse back but struggling to get its signature/hash validated.

In CPAN, its mentioned that required methods for authentication are in Crypt::OpenSSL::RSA library. However, some important methods like _load_public_x509_key, verify, etc are not present in this library.

Request you to please help me on this. Please help me get RSA library with _load_public_x509_key, verify, etc subroutines. Also, please share some knowledge/implementation on xml authentication in Perl.

Thanks in Advance !!!

Replies are listed 'Best First'.
Re: XML Signature Validation in Perl
by CountZero (Bishop) on Feb 24, 2018 at 17:55 UTC
    I see that Crypt::OpenSSL::RSA has a get_public_key_x509_string method as well as sign and verify methods.

    Did you try these?

    CountZero

    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

    My blog: Imperial Deltronics

      @CountZero, Thanks for your response

      Those methods mentioned are there in the implementation but now in actual Source code. Can you please advise or share any link where these methods are present in source code.

        Line 281 of RSA.xs.

        ($q=q:Sq=~/;[c](.)(.)/;chr(-||-|5+lengthSq)`"S|oS2"`map{chr |+ord }map{substrSq`S_+|`|}3E|-|`7**2-3:)=~y+S|`+$1,++print+eval$q,q,a,
        For questions about the source code you best contact the author (Moritz Onken) of that module. His contact details are on CPAN.

        CountZero

        A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

        My blog: Imperial Deltronics
Re: XML Signature Validation in Perl
by beech (Parson) on Feb 26, 2018 at 06:39 UTC
      I was running into the exact same problem. So wrote a module that will handle this without the "namespace" errors.

      Link here: XML::Sig::OO

      Here is the slice of code you need to validate the xml:
      use Net::SAML2::Protocol::Assertion; use XML::Sig::OO; use MIME::Base64; # Lets assume we have a post binding response my $saml_response=..... my $xml=decode_base64($saml_response); my $v=XML::Sig::OO->new(xml=>$xml,cacert=>'idp_cert.pem'); my $result=$v->validate; die $result unless $result; # we can now use the asertion knowing it was from our idp my $assertion=Net::SAML2::Protocol::Assertion->new_from_xml(xml=>$xml)

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://1209902]
Approved by Marshall
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (3)
As of 2024-12-14 16:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Which IDE have you been most impressed by?













    Results (70 votes). Check out past polls.