File Coverage

lib/XML/Compile/WSS/Util.pm

Criterion	Covered	Total	%
statement	60	67	89.5
branch	0	6	0.0
condition			n/a
subroutine	20	22	90.9
pod	2	2	100.0
total	82	97	84.5

line	stmt	bran	sub	pod	time	code
1						# Copyrights 2011-2017 by [Mark Overmeer].
2						# For other contributors see ChangeLog.
3						# See the manual pages for details on the licensing terms.
4						# Pod stripped from pm file by OODoc 2.02.
5	1		1		78925	use warnings;
	1				2
	1				27
6	1		1		5	use strict;
	1				2
	1				23
7
8						package XML::Compile::WSS::Util;
9	1		1		9	use vars '$VERSION';
	1				1
	1				40
10						$VERSION = '1.14';
11
12	1		1		5	use base 'Exporter';
	1				2
	1				57
13
14	1		1		5	use Log::Report 'xml-compile-wss';
	1				2
	1				9
15	1		1		212	use MIME::Base64 qw/decode_base64 encode_base64/;
	1				1
	1				223
16
17						my @wss11 = qw/
18						WSS_11 WSS11MODULE WSM_10 WSM_11 WSU_10
19						WSSE_10
20						DSIG_NS XENC_NS DSIG11_NS DSP_NS DSIG_MORE_NS
21						GHC_NS WSU_NS
22						/;
23
24						my @dsig = qw/
25						DSIG_BASE64 DSIG_HMAC_SHA1 DSIG_OBJECT DSIG_SHA1 DSIG_X509_DATA
26						DSIG_DSA_KV DSIG_MANIFEST DSIG_PGP_DATA DSIG_SIGPROPS DSIG_XPATH
27						DSIG_DSA_SHA1 DSIG_MGMT_DATA DSIG_RSA_KV DSIG_SPKI_DATA DSIG_XSLT
28						DSIG_ENV_SIG DSIG_NS DSIG_RSA_SHA1 DSIG_X509_CERT
29						/;
30
31						my @dsig_more = qw/
32						DSIGM_MD5 DSIGM_ECDSA_SHA224 DSIGM_CAM192
33						DSIGM_SHA224 DSIGM_ECDSA_SHA256 DSIGM_CAM256
34						DSIGM_SHA384 DSIGM_ECDSA_SHA384 DSIGM_KW_CAM128
35						DSIGM_HMAC_MD5 DSIGM_ECDSA_SHA512 DSIGM_KW_CAM192
36						DSIGM_HMAC_SHA224 DSIGM_ESIGN_SHA1 DSIGM_KW_CAM256
37						DSIGM_HMAC_SHA256 DSIGM_ESIGN_SHA224 DSIGM_PSEC_KEM
38						DSIGM_HMAC_SHA384 DSIGM_ESIGN_SHA256 DSIGM_KV
39						DSIGM_HMAC_SHA512 DSIGM_ESIGN_SHA384 DSIGM_RETR_METHOD
40						DSIGM_HMAC_RIPEMD160 DSIGM_ESIGN_SHA512 DSIGM_KEY_NAME
41						DSIGM_RSA_MD5 DSIGM_DSA_SHA256 DSIGM_RAW_X509
42						DSIGM_RSA_SHA256 DSIGM_CURVE_URN DSIGM_RAW_PGP
43						DSIGM_RSA_SHA384 DSIGM_XPTR DSIGM_RAW_SPKIS
44						DSIGM_RSA_SHA512 DSIGM_ARCFOUR DSIGM_PKCS7_DATA
45						DSIGM_ECDSA_SHA1 DSIGM_CAM128 DSIGM_RAW_PKCS7_DATA
46						/;
47
48						my @dsig11 = qw/
49						DSIG11_NS DSIG11_EC_KV DSIG11_DER_KV
50						/;
51
52						my @xtp10 = qw/XTP10_X509 XTP10_X509v3 XTP10_X509PKI XTP10_X509PKC/;
53
54						my @wsm10 = qw/
55						WSM10_BASE64 WSM10_STR_TRANS
56						wsm_encoded wsm_decoded
57						/;
58
59						my @wsm11 = qw/WSM11_PRINT_SHA1 WSM11_ENCKEY_SHA1 WSM11_ENCKEY/;
60
61						my @xenc = qw/
62						XENC_NS XENC_PROPS XENC_AES128 XENC_DH XENC_KW_AES256
63						XENC_MIME_TYPE XENC_SHA256 XENC_AES192 XENC_DH_KV XENC_DSIG
64						XENC_ELEMENT XENC_SHA512 XENC_AES256 XENC_KW_3DES
65						XENC_CONTENT XENC_RIPEMD160 XENC_RSA_1_5 XENC_KW_AES128
66						XENC_KEY XENC_3DES XENC_RSA_OAEP XENC_KW_AES192
67						/;
68
69						my @ghc = qw/
70						GHC_NS GHC_GENERIC GHC_RSAES_KEM GHC_ECIES_KEM
71						/;
72
73						my @dsp = qw/
74						DSP_NS
75						/;
76
77						my @utp11 = qw/
78						UTP11_PTEXT UTP11_PDIGEST UTP11_USERNAME
79						/;
80
81						our @EXPORT = 'WSS11MODULE';
82						our @EXPORT_OK
83						= ( @wss11, @dsig, @dsig_more, @dsig11, @xenc, @ghc, @dsp, @utp11
84						, @wsm10, @wsm11, @xtp10);
85
86						our %EXPORT_TAGS =
87						( wss11 => \@wss11
88						, dsig => \@dsig
89						, dsig11 => \@dsig11
90						, dsigm => \@dsig_more
91						, xenc => \@xenc
92						, ghc => \@ghc
93						, dsp => \@dsp
94						, utp11 => \@utp11
95						, xtp10 => \@xtp10
96						, wsm10 => \@wsm10
97						, wsm11 => \@wsm11
98						);
99
100
101						# Path components, not exported
102						use constant
103	1				112	{ WSS_BASE => 'http://docs.oasis-open.org/wss'
104						, DSIG => 'http://www.w3.org/2000/09/xmldsig'
105						, DSIG11 => 'http://www.w3.org/2009/xmldsig11'
106						, DSIGM => 'http://www.w3.org/2001/04/xmldsig-more'
107						, XENC => 'http://www.w3.org/2001/04/xmlenc'
108						, GHC => 'http://www.w3.org/2010/xmlsec-ghc'
109						, DSP => 'http://www.w3.org/2009/xmldsig-properties'
110	1		1		7	};
	1				4
111
112
113	1		1		5	use constant WSS_WG200401 => WSS_BASE.'/2004/01/oasis-200401-wss';
	1				2
	1				69
114						use constant
115	1				90	{ WSU_10 => WSS_WG200401.'-wssecurity-utility-1.0.xsd'
116						, WSSE_10 => WSS_WG200401.'-wssecurity-secext-1.0.xsd'
117						, UTP_10 => WSS_WG200401.'-username-token-profile-1.0'
118						, XTP_10 => WSS_WG200401.'-x509-token-profile-1.0'
119						, WSM_10 => WSS_WG200401.'-soap-message-security-1.0'
120
121						, WSS_11 => WSS_BASE.'/oasis-wss-wssecurity-secext-1.1.xsd'
122						, WSM_11 => WSS_BASE.'/oasis-wss-soap-message-security-1.1'
123	1		1		4	};
	1				2
124
125						use constant
126	1				62	{ WSS11MODULE => WSS_11
127						, WSU_NS => WSU_10
128	1		1		11	};
	1				2
129
130
131						use constant
132	1				69	{ XTP10_X509 => XTP_10.'#X509'
133						, XTP10_X509v3 => XTP_10.'#X509v3'
134						, XTP10_X509PKI => XTP_10.'#X509PKIPathv1'
135						, XTP10_X509PKC => XTP_10.'#X509PKCS7'
136	1		1		5	};
	1				2
137
138
139						use constant
140	1				165	{ WSM10_BASE64 => WSM_10.'#Base64Binary'
141						, WSM10_STR_TRANS => WSM_10.'#STRTransform'
142	1		1		5	};
	1				1
143
144
145						sub wsm_encoded($$)
146	0		0	1		{ my ($enc, $bytes) = @_;
147
148	0	0				return encode_base64 $bytes
149						if $enc eq WSM10_BASE64;
150
151	0					panic "unsupported encoding style $enc for encoding";
152						}
153
154
155						sub wsm_decoded($$)
156	0		0	1		{ my ($dec, $bytes) = @_;
157	0	0				$dec or return $bytes;
158
159	0	0				return decode_base64 $bytes
160						if $dec eq WSM10_BASE64;
161
162	0					panic "unsupported encoding style $dec for decoding";
163						}
164
165
166						use constant
167	1				66	{ WSM11_PRINT_SHA1 => WSM_11.'#ThumbprintSHA1'
168						, WSM11_ENCKEY_SHA1 => WSM_11.'#EncryptedKeySHA1'
169						, WSM11_ENCKEY => WSM_11.'#EncryptedKey'
170	1		1		6	};
	1				1
171
172
173						use constant # Yes, I know... it is correct, v1.1 uses the 1.0 namespace
174	1				145	{ UTP11_PTEXT => UTP_10.'#PasswordText'
175						, UTP11_PDIGEST => UTP_10.'#PasswordDigest'
176						, UTP11_USERNAME => UTP_10.'#UsernameToken'
177	1		1		5	};
	1				2
178
179
180						use constant
181	1				290	{ DSIG_NS => DSIG.'#'
182
183						, DSIG_SIGPROPS => DSIG.'#SignatureProperties'
184						, DSIG_OBJECT => DSIG.'#Object'
185						, DSIG_MANIFEST => DSIG.'#Manifest'
186
187						, DSIG_DSA_KV => DSIG.'#DSAKeyValue'
188						, DSIG_RSA_KV => DSIG.'#RSAKeyValue'
189						, DSIG_X509_DATA => DSIG.'#X509Data'
190						, DSIG_PGP_DATA => DSIG.'#PGPData'
191						, DSIG_SPKI_DATA => DSIG.'#SPKIData'
192						, DSIG_MGMT_DATA => DSIG.'#MgmtData'
193
194						# Message Digest
195						, DSIG_SHA1 => DSIG.'#sha1'
196
197						# Encodings
198						, DSIG_BASE64 => DSIG.'#base64'
199
200						# MACs
201						, DSIG_HMAC_SHA1 => DSIG.'#hmac-sha1'
202
203						# Signatures
204						, DSIG_DSA_SHA1 => DSIG.'#dsa-sha1' # dss
205						, DSIG_RSA_SHA1 => DSIG.'#rsa-sha1'
206
207						# Transform
208						, DSIG_XSLT => 'http://www.w3.org/TR/1999/REC-xslt-19991116'
209						, DSIG_XPATH => 'http://www.w3.org/TR/1999/REC-xpath-19991116'
210						, DSIG_ENV_SIG => DSIG.'#enveloped-signature'
211	1		1		6	};
	1				1
212
213
214						# Some weird gaps, for instance: why are sha256 and sha512 missing?
215						use constant
216	1				302	{ DSIG_MORE_NS => DSIGM.'#'
217
218						# Message Digest
219						, DSIGM_MD5 => DSIGM.'#md5'
220						, DSIGM_SHA224 => DSIGM.'#sha224'
221						, DSIGM_SHA384 => DSIGM.'#sha384'
222
223						# MACs
224						, DSIGM_HMAC_MD5 => DSIGM.'#hmac-md5'
225						, DSIGM_HMAC_SHA224 => DSIGM.'#hmac-sha224'
226						, DSIGM_HMAC_SHA256 => DSIGM.'#hmac-sha256'
227						, DSIGM_HMAC_SHA384 => DSIGM.'#hmac-sha384'
228						, DSIGM_HMAC_SHA512 => DSIGM.'#hmac-sha512'
229						, DSIGM_HMAC_RIPEMD160 => DSIGM.'#hmac-ripemd160'
230
231						# Signatures
232						, DSIGM_RSA_MD5 => DSIGM.'#rsa-md5'
233						, DSIGM_RSA_SHA256 => DSIGM.'#rsa-sha256'
234						, DSIGM_RSA_SHA384 => DSIGM.'#rsa-sha384'
235						, DSIGM_RSA_SHA512 => DSIGM.'#rsa-sha512'
236						, DSIGM_ECDSA_SHA1 => DSIGM.'#ecdsa-sha1'
237						, DSIGM_ECDSA_SHA224 => DSIGM.'#ecdsa-sha224'
238						, DSIGM_ECDSA_SHA256 => DSIGM.'#ecdsa-sha256'
239						, DSIGM_ECDSA_SHA384 => DSIGM.'#ecdsa-sha384'
240						, DSIGM_ECDSA_SHA512 => DSIGM.'#ecdsa-sha512'
241						, DSIGM_ESIGN_SHA1 => DSIGM.'#esign-sha1'
242						, DSIGM_ESIGN_SHA224 => DSIGM.'#esign-sha224'
243						, DSIGM_ESIGN_SHA256 => DSIGM.'#esign-sha256'
244						, DSIGM_ESIGN_SHA384 => DSIGM.'#esign-sha384'
245						, DSIGM_ESIGN_SHA512 => DSIGM.'#esign-sha512'
246						, DSIGM_DSA_SHA256 => DSIGM.'#dsa-sha256'
247
248						, DSIGM_CURVE_URN => 'urn:oid:1.2.840.10045.3.1.1'
249						, DSIGM_XPTR => DSIGM.'/xptr'
250
251						# Encryption algorithms
252						, DSIGM_ARCFOUR => DSIGM.'#arcfour'
253						, DSIGM_CAM128 => DSIGM.'#camellia128-cbc'
254						, DSIGM_CAM192 => DSIGM.'#camellia192-cbc'
255						, DSIGM_CAM256 => DSIGM.'#camellia256-cbc'
256						, DSIGM_KW_CAM128 => DSIGM.'#kw-camellia128'
257						, DSIGM_KW_CAM192 => DSIGM.'#kw-camellia192'
258						, DSIGM_KW_CAM256 => DSIGM.'#kw-camellia256'
259						, DSIGM_PSEC_KEM => DSIGM.'#psec-kem'
260
261						# Retreival method types
262						, DSIGM_KV => DSIGM.'#KeyValue'
263						, DSIGM_RETR_METHOD => DSIGM.'#RetrievalMethod'
264						, DSIGM_KEY_NAME => DSIGM.'#KeyName'
265						, DSIGM_RAW_X509 => DSIGM.'#rawX509CRL'
266						, DSIGM_RAW_PGP => DSIGM.'#rawPGPKeyPacket'
267						, DSIGM_RAW_SPKIS => DSIGM.'#rawSPKISexp'
268						, DSIGM_PKCS7_DATA => DSIGM.'#PKCS7signedData'
269						, DSIGM_RAW_PKCS7_DATA => DSIGM.'#rawPKCS7signedData'
270	1		1		6	};
	1				1
271
272
273						use constant
274	1				143	{ DSIG11_NS => DSIG11.'#'
275						, DSIG11_EC_KV => DSIG11.'#ECKeyValue'
276						, DSIG11_DER_KV => DSIG11.'#DEREncodedKeyValue'
277
278						, DSIG_X509_CERT => DSIG.'#rawX509Certificate'
279	1		1		7	};
	1				1
280
281
282						use constant
283	1				165	{ XENC_NS => XENC.'#'
284						, XENC_MIME_TYPE => 'application/xenc+xml'
285
286						, XENC_ELEMENT => XENC.'#Element'
287						, XENC_CONTENT => XENC.'#Content'
288						, XENC_KEY => XENC.'#EncryptedKey'
289						, XENC_PROPS => XENC.'#EncryptionProperties'
290
291						# Message Digest
292						, XENC_SHA256 => XENC.'#sha256'
293						, XENC_SHA512 => XENC.'#sha512'
294						, XENC_RIPEMD160 => XENC.'#ripemd160'
295
296						# Block Encryption
297						, XENC_3DES => XENC.'#tripledes-cbc'
298						, XENC_AES128 => XENC.'#aes128-cbc'
299						, XENC_AES192 => XENC.'#aes192-cbc'
300						, XENC_AES256 => XENC.'#aes256-cbc'
301
302						# Key Transport
303						, XENC_RSA_1_5 => XENC.'#rsa-1_5'
304						, XENC_RSA_OAEP => XENC.'#rsa-oaep-mgf1p'
305
306						# Key Agreement
307						, XENC_DH => XENC.'#dh'
308						, XENC_DH_KV => XENC.'#DHKeyValue'
309
310						# Symmetric Key Wrap
311						, XENC_KW_3DES => XENC.'#kw-tripledes'
312						, XENC_KW_AES128 => XENC.'#kw-aes128'
313						, XENC_KW_AES192 => XENC.'#kw-aes192'
314						, XENC_KW_AES256 => XENC.'#kw-aes256'
315
316						# Message Authentication
317						, XENC_DSIG => DSIG_NS
318	1		1		8	};
	1				2
319
320
321						use constant
322	1				58	{ GHC_NS => GHC.'#'
323
324						# Generic Hybrid Encryption
325						, GHC_GENERIC => GHC.'#generic-hybrid'
326
327						# Key Encapsulation
328						, GHC_RSAES_KEM => GHC.'#rsaes-kem'
329						, GHC_ECIES_KEM => GHC.'#ecies-kem'
330	1		1		5	};
	1				2
331
332
333						use constant
334	1				54	{ DSP_NS => DSP
335	1		1		5	};
	1				2
336
337						1;