File Coverage

lib/XML/Compile/WSS/Util.pm

Criterion	Covered	Total	%
statement	57	64	89.0
branch	0	6	0.0
condition			n/a
subroutine	19	21	90.4
pod	2	2	100.0
total	78	93	83.8

line	stmt	bran	sub	pod	time	code
1						# Copyrights 2011-2014 by [Mark Overmeer].
2						# For other contributors see ChangeLog.
3						# See the manual pages for details on the licensing terms.
4						# Pod stripped from pm file by OODoc 2.01.
5	1		1		124836	use warnings;
	1				3
	1				40
6	1		1		6	use strict;
	1				2
	1				64
7
8						package XML::Compile::WSS::Util;
9						our $VERSION = '1.12';
10
11	1		1		26	use base 'Exporter';
	1				3
	1				109
12
13	1		1		6	use Log::Report 'xml-compile-wss';
	1				2
	1				9
14	1		1		391	use MIME::Base64 qw/decode_base64 encode_base64/;
	1				1
	1				394
15
16						my @wss11 = qw/
17						WSS_11 WSS11MODULE WSM_10 WSM_11 WSU_10
18						WSSE_10
19						DSIG_NS XENC_NS DSIG11_NS DSP_NS DSIG_MORE_NS
20						GHC_NS WSU_NS
21						/;
22
23						my @dsig = qw/
24						DSIG_BASE64 DSIG_HMAC_SHA1 DSIG_OBJECT DSIG_SHA1 DSIG_X509_DATA
25						DSIG_DSA_KV DSIG_MANIFEST DSIG_PGP_DATA DSIG_SIGPROPS DSIG_XPATH
26						DSIG_DSA_SHA1 DSIG_MGMT_DATA DSIG_RSA_KV DSIG_SPKI_DATA DSIG_XSLT
27						DSIG_ENV_SIG DSIG_NS DSIG_RSA_SHA1 DSIG_X509_CERT
28						/;
29
30						my @dsig_more = qw/
31						DSIGM_MD5 DSIGM_ECDSA_SHA224 DSIGM_CAM192
32						DSIGM_SHA224 DSIGM_ECDSA_SHA256 DSIGM_CAM256
33						DSIGM_SHA384 DSIGM_ECDSA_SHA384 DSIGM_KW_CAM128
34						DSIGM_HMAC_MD5 DSIGM_ECDSA_SHA512 DSIGM_KW_CAM192
35						DSIGM_HMAC_SHA224 DSIGM_ESIGN_SHA1 DSIGM_KW_CAM256
36						DSIGM_HMAC_SHA256 DSIGM_ESIGN_SHA224 DSIGM_PSEC_KEM
37						DSIGM_HMAC_SHA384 DSIGM_ESIGN_SHA256 DSIGM_KV
38						DSIGM_HMAC_SHA512 DSIGM_ESIGN_SHA384 DSIGM_RETR_METHOD
39						DSIGM_HMAC_RIPEMD160 DSIGM_ESIGN_SHA512 DSIGM_KEY_NAME
40						DSIGM_RSA_MD5 DSIGM_DSA_SHA256 DSIGM_RAW_X509
41						DSIGM_RSA_SHA256 DSIGM_CURVE_URN DSIGM_RAW_PGP
42						DSIGM_RSA_SHA384 DSIGM_XPTR DSIGM_RAW_SPKIS
43						DSIGM_RSA_SHA512 DSIGM_ARCFOUR DSIGM_PKCS7_DATA
44						DSIGM_ECDSA_SHA1 DSIGM_CAM128 DSIGM_RAW_PKCS7_DATA
45						/;
46
47						my @dsig11 = qw/
48						DSIG11_NS DSIG11_EC_KV DSIG11_DER_KV
49						/;
50
51						my @xtp10 = qw/XTP10_X509 XTP10_X509v3 XTP10_X509PKI XTP10_X509PKC/;
52
53						my @wsm10 = qw/
54						WSM10_BASE64 WSM10_STR_TRANS
55						wsm_encoded wsm_decoded
56						/;
57
58						my @wsm11 = qw/WSM11_PRINT_SHA1 WSM11_ENCKEY_SHA1 WSM11_ENCKEY/;
59
60						my @xenc = qw/
61						XENC_NS XENC_PROPS XENC_AES128 XENC_DH XENC_KW_AES256
62						XENC_MIME_TYPE XENC_SHA256 XENC_AES192 XENC_DH_KV XENC_DSIG
63						XENC_ELEMENT XENC_SHA512 XENC_AES256 XENC_KW_3DES
64						XENC_CONTENT XENC_RIPEMD160 XENC_RSA_1_5 XENC_KW_AES128
65						XENC_KEY XENC_3DES XENC_RSA_OAEP XENC_KW_AES192
66						/;
67
68						my @ghc = qw/
69						GHC_NS GHC_GENERIC GHC_RSAES_KEM GHC_ECIES_KEM
70						/;
71
72						my @dsp = qw/
73						DSP_NS
74						/;
75
76						my @utp11 = qw/
77						UTP11_PTEXT UTP11_PDIGEST UTP11_USERNAME
78						/;
79
80						our @EXPORT = 'WSS11MODULE';
81						our @EXPORT_OK
82						= ( @wss11, @dsig, @dsig_more, @dsig11, @xenc, @ghc, @dsp, @utp11
83						, @wsm10, @wsm11, @xtp10);
84
85						our %EXPORT_TAGS =
86						( wss11 => \@wss11
87						, dsig => \@dsig
88						, dsig11 => \@dsig11
89						, dsigm => \@dsig_more
90						, xenc => \@xenc
91						, ghc => \@ghc
92						, dsp => \@dsp
93						, utp11 => \@utp11
94						, xtp10 => \@xtp10
95						, wsm10 => \@wsm10
96						, wsm11 => \@wsm11
97						);
98
99
100						# Path components, not exported
101						use constant
102	1				145	{ WSS_BASE => 'http://docs.oasis-open.org/wss'
103						, DSIG => 'http://www.w3.org/2000/09/xmldsig'
104						, DSIG11 => 'http://www.w3.org/2009/xmldsig11'
105						, DSIGM => 'http://www.w3.org/2001/04/xmldsig-more'
106						, XENC => 'http://www.w3.org/2001/04/xmlenc'
107						, GHC => 'http://www.w3.org/2010/xmlsec-ghc'
108						, DSP => 'http://www.w3.org/2009/xmldsig-properties'
109	1		1		7	};
	1				1
110
111
112	1		1		5	use constant WSS_WG200401 => WSS_BASE.'/2004/01/oasis-200401-wss';
	1				1
	1				134
113						use constant
114	1				117	{ WSU_10 => WSS_WG200401.'-wssecurity-utility-1.0.xsd'
115						, WSSE_10 => WSS_WG200401.'-wssecurity-secext-1.0.xsd'
116						, UTP_10 => WSS_WG200401.'-username-token-profile-1.0'
117						, XTP_10 => WSS_WG200401.'-x509-token-profile-1.0'
118						, WSM_10 => WSS_WG200401.'-soap-message-security-1.0'
119
120						, WSS_11 => WSS_BASE.'/oasis-wss-wssecurity-secext-1.1.xsd'
121						, WSM_11 => WSS_BASE.'/oasis-wss-soap-message-security-1.1'
122	1		1		5	};
	1				1
123
124						use constant
125	1				104	{ WSS11MODULE => WSS_11
126						, WSU_NS => WSU_10
127	1		1		5	};
	1				1
128
129
130						use constant
131	1				108	{ XTP10_X509 => XTP_10.'#X509'
132						, XTP10_X509v3 => XTP_10.'#X509v3'
133						, XTP10_X509PKI => XTP_10.'#X509PKIPathv1'
134						, XTP10_X509PKC => XTP_10.'#X509PKCS7'
135	1		1		4	};
	1				2
136
137
138						use constant
139	1				358	{ WSM10_BASE64 => WSM_10.'#Base64Binary'
140						, WSM10_STR_TRANS => WSM_10.'#STRTransform'
141	1		1		5	};
	1				1
142
143
144						sub wsm_encoded($$)
145	0		0	1		{ my ($enc, $bytes) = @_;
146
147	0	0				return encode_base64 $bytes
148						if $enc eq WSM10_BASE64;
149
150	0					panic "unsupported encoding style $enc for encoding";
151						}
152
153
154						sub wsm_decoded($$)
155	0		0	1		{ my ($dec, $bytes) = @_;
156	0	0				$dec or return $bytes;
157
158	0	0				return decode_base64 $bytes
159						if $dec eq WSM10_BASE64;
160
161	0					panic "unsupported encoding style $dec for decoding";
162						}
163
164
165						use constant
166	1				111	{ WSM11_PRINT_SHA1 => WSM_11.'#ThumbprintSHA1'
167						, WSM11_ENCKEY_SHA1 => WSM_11.'#EncryptedKeySHA1'
168						, WSM11_ENCKEY => WSM_11.'#EncryptedKey'
169	1		1		7	};
	1				1
170
171
172						use constant # Yes, I know... it is correct, v1.1 uses the 1.0 namespace
173	1				254	{ UTP11_PTEXT => UTP_10.'#PasswordText'
174						, UTP11_PDIGEST => UTP_10.'#PasswordDigest'
175						, UTP11_USERNAME => UTP_10.'#UsernameToken'
176	1		1		5	};
	1				1
177
178
179						use constant
180	1				641	{ DSIG_NS => DSIG.'#'
181
182						, DSIG_SIGPROPS => DSIG.'#SignatureProperties'
183						, DSIG_OBJECT => DSIG.'#Object'
184						, DSIG_MANIFEST => DSIG.'#Manifest'
185
186						, DSIG_DSA_KV => DSIG.'#DSAKeyValue'
187						, DSIG_RSA_KV => DSIG.'#RSAKeyValue'
188						, DSIG_X509_DATA => DSIG.'#X509Data'
189						, DSIG_PGP_DATA => DSIG.'#PGPData'
190						, DSIG_SPKI_DATA => DSIG.'#SPKIData'
191						, DSIG_MGMT_DATA => DSIG.'#MgmtData'
192
193						# Message Digest
194						, DSIG_SHA1 => DSIG.'#sha1'
195
196						# Encodings
197						, DSIG_BASE64 => DSIG.'#base64'
198
199						# MACs
200						, DSIG_HMAC_SHA1 => DSIG.'#hmac-sha1'
201
202						# Signatures
203						, DSIG_DSA_SHA1 => DSIG.'#dsa-sha1' # dss
204						, DSIG_RSA_SHA1 => DSIG.'#rsa-sha1'
205
206						# Transform
207						, DSIG_XSLT => 'http://www.w3.org/TR/1999/REC-xslt-19991116'
208						, DSIG_XPATH => 'http://www.w3.org/TR/1999/REC-xpath-19991116'
209						, DSIG_ENV_SIG => DSIG.'#enveloped-signature'
210	1		1		6	};
	1				2
211
212
213						# Some weird gaps, for instance: why are sha256 and sha512 missing?
214						use constant
215	1				613	{ DSIG_MORE_NS => DSIGM.'#'
216
217						# Message Digest
218						, DSIGM_MD5 => DSIGM.'#md5'
219						, DSIGM_SHA224 => DSIGM.'#sha224'
220						, DSIGM_SHA384 => DSIGM.'#sha384'
221
222						# MACs
223						, DSIGM_HMAC_MD5 => DSIGM.'#hmac-md5'
224						, DSIGM_HMAC_SHA224 => DSIGM.'#hmac-sha224'
225						, DSIGM_HMAC_SHA256 => DSIGM.'#hmac-sha256'
226						, DSIGM_HMAC_SHA384 => DSIGM.'#hmac-sha384'
227						, DSIGM_HMAC_SHA512 => DSIGM.'#hmac-sha512'
228						, DSIGM_HMAC_RIPEMD160 => DSIGM.'#hmac-ripemd160'
229
230						# Signatures
231						, DSIGM_RSA_MD5 => DSIGM.'#rsa-md5'
232						, DSIGM_RSA_SHA256 => DSIGM.'#rsa-sha256'
233						, DSIGM_RSA_SHA384 => DSIGM.'#rsa-sha384'
234						, DSIGM_RSA_SHA512 => DSIGM.'#rsa-sha512'
235						, DSIGM_ECDSA_SHA1 => DSIGM.'#ecdsa-sha1'
236						, DSIGM_ECDSA_SHA224 => DSIGM.'#ecdsa-sha224'
237						, DSIGM_ECDSA_SHA256 => DSIGM.'#ecdsa-sha256'
238						, DSIGM_ECDSA_SHA384 => DSIGM.'#ecdsa-sha384'
239						, DSIGM_ECDSA_SHA512 => DSIGM.'#ecdsa-sha512'
240						, DSIGM_ESIGN_SHA1 => DSIGM.'#esign-sha1'
241						, DSIGM_ESIGN_SHA224 => DSIGM.'#esign-sha224'
242						, DSIGM_ESIGN_SHA256 => DSIGM.'#esign-sha256'
243						, DSIGM_ESIGN_SHA384 => DSIGM.'#esign-sha384'
244						, DSIGM_ESIGN_SHA512 => DSIGM.'#esign-sha512'
245						, DSIGM_DSA_SHA256 => DSIGM.'#dsa-sha256'
246
247						, DSIGM_CURVE_URN => 'urn:oid:1.2.840.10045.3.1.1'
248						, DSIGM_XPTR => DSIGM.'/xptr'
249
250						# Encryption algorithms
251						, DSIGM_ARCFOUR => DSIGM.'#arcfour'
252						, DSIGM_CAM128 => DSIGM.'#camellia128-cbc'
253						, DSIGM_CAM192 => DSIGM.'#camellia192-cbc'
254						, DSIGM_CAM256 => DSIGM.'#camellia256-cbc'
255						, DSIGM_KW_CAM128 => DSIGM.'#kw-camellia128'
256						, DSIGM_KW_CAM192 => DSIGM.'#kw-camellia192'
257						, DSIGM_KW_CAM256 => DSIGM.'#kw-camellia256'
258						, DSIGM_PSEC_KEM => DSIGM.'#psec-kem'
259
260						# Retreival method types
261						, DSIGM_KV => DSIGM.'#KeyValue'
262						, DSIGM_RETR_METHOD => DSIGM.'#RetrievalMethod'
263						, DSIGM_KEY_NAME => DSIGM.'#KeyName'
264						, DSIGM_RAW_X509 => DSIGM.'#rawX509CRL'
265						, DSIGM_RAW_PGP => DSIGM.'#rawPGPKeyPacket'
266						, DSIGM_RAW_SPKIS => DSIGM.'#rawSPKISexp'
267						, DSIGM_PKCS7_DATA => DSIGM.'#PKCS7signedData'
268						, DSIGM_RAW_PKCS7_DATA => DSIGM.'#rawPKCS7signedData'
269	1		1		7	};
	1				2
270
271
272						use constant
273	1				393	{ DSIG11_NS => DSIG11.'#'
274						, DSIG11_EC_KV => DSIG11.'#ECKeyValue'
275						, DSIG11_DER_KV => DSIG11.'#DEREncodedKeyValue'
276
277						, DSIG_X509_CERT => DSIG.'#rawX509Certificate'
278	1		1		7	};
	1				2
279
280
281						use constant
282	1				352	{ XENC_NS => XENC.'#'
283						, XENC_MIME_TYPE => 'application/xenc+xml'
284
285						, XENC_ELEMENT => XENC.'#Element'
286						, XENC_CONTENT => XENC.'#Content'
287						, XENC_KEY => XENC.'#EncryptedKey'
288						, XENC_PROPS => XENC.'#EncryptionProperties'
289
290						# Message Digest
291						, XENC_SHA256 => XENC.'#sha256'
292						, XENC_SHA512 => XENC.'#sha512'
293						, XENC_RIPEMD160 => XENC.'#ripemd160'
294
295						# Block Encryption
296						, XENC_3DES => XENC.'#tripledes-cbc'
297						, XENC_AES128 => XENC.'#aes128-cbc'
298						, XENC_AES192 => XENC.'#aes192-cbc'
299						, XENC_AES256 => XENC.'#aes256-cbc'
300
301						# Key Transport
302						, XENC_RSA_1_5 => XENC.'#rsa-1_5'
303						, XENC_RSA_OAEP => XENC.'#rsa-oaep-mgf1p'
304
305						# Key Agreement
306						, XENC_DH => XENC.'#dh'
307						, XENC_DH_KV => XENC.'#DHKeyValue'
308
309						# Symmetric Key Wrap
310						, XENC_KW_3DES => XENC.'#kw-tripledes'
311						, XENC_KW_AES128 => XENC.'#kw-aes128'
312						, XENC_KW_AES192 => XENC.'#kw-aes192'
313						, XENC_KW_AES256 => XENC.'#kw-aes256'
314
315						# Message Authentication
316						, XENC_DSIG => DSIG_NS
317	1		1		7	};
	1				2
318
319
320						use constant
321	1				103	{ GHC_NS => GHC.'#'
322
323						# Generic Hybrid Encryption
324						, GHC_GENERIC => GHC.'#generic-hybrid'
325
326						# Key Encapsulation
327						, GHC_RSAES_KEM => GHC.'#rsaes-kem'
328						, GHC_ECIES_KEM => GHC.'#ecies-kem'
329	1		1		7	};
	1				1
330
331
332						use constant
333	1				93	{ DSP_NS => DSP
334	1		1		6	};
	1				2
335
336						1;