Embed TLS in plaintext XML

Gukkifar has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to access a .NET service, using WS-Secureconversation. Specifically, WS-Trust for TLS handshake:

http://schemas.xmlsoap.org/ws/2005/02/trust/tls/WSTrustForTLS.pdf

It would be much easier if the service was located on a https endpoint.

All cpan modules I could find revolves around a socket and an endpoint that is ready to talk ssl, but that is not the case here. I need to wrap the TLS handshake and eventually application data in XML.

I've got the connection and XML under control, but need help with the contents of "BinaryExchange". A lot of modules already solved this, but they all require to take care of the tcp connection as well.

Can anyone help me to craft the TLS handshakes and encrypted application data, so I can wrap it in xml?

This is an example of the initial post that should be made from the client:

POST http://obfuscated.svc HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
Host: obfuscated
Content-Length: 1190
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a=
+"http://www.w3.org/2005/08/addressing"><s:Header><a:Action s:mustUnde
+rstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:A
+ction><a:MessageID>urn:uuid:196ed237-3216-4b52-9304-beb62db9e103</a:M
+essageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/a
+nonymous</a:Address></a:ReplyTo><a:To s:mustUnderstand="1">http://obf
+uscated.svc</a:To></s:Header><s:Body><t:RequestSecurityToken Context=
+"uuid-e119489f-65ec-4609-9757-a284d3b0b5b3-1" xmlns:t="http://schemas
+.xmlsoap.org/ws/2005/02/trust"><t:TokenType>http://schemas.xmlsoap.or
+g/ws/2005/02/sc/sct</t:TokenType><t:RequestType>http://schemas.xmlsoa
+p.org/ws/2005/02/trust/Issue</t:RequestType><t:KeySize>256</t:KeySize
+><t:BinaryExchange ValueType=" http://schemas.xmlsoap.org/ws/2005/02/
+trust/tlsnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/o
+asis-200401-wss-soap-message-security-1.0#Base64Binary">FgMBAF4BAABaA
+wFWHMqB2vOzZbm0ZHugS6WeW0uxqr6F89tcHCzaEzVutgAAGMAUwBMANQAvwArACQA4AD
+IACgATAAUABAEAABkACgAGAAQAFwAYAAsAAgEAACMAAP8BAAEA</t:BinaryExchange>
+</t:RequestSecurityToken></s:Body></s:Envelope>
[download]

Comment on Embed TLS in plaintext XML Download Code

Replies are listed 'Best First'.
Re: Embed TLS in plaintext XML by noxxi (Pilgrim) on Nov 11, 2015 at 16:05 UTC
I don't think that any if the existing libraries gives you comfortable way to do this. At the end you have to fiddle around with various BIO_read, BIO_write and various other BIO_xxx methods. You might have a look at the source code of AnyEvent (especially AnyEvent::TLS and AnyEvent::Handle) to get the idea how this can be done.	[reply]
Re^2: Embed TLS in plaintext XML by Gukkifar (Initiate) on Nov 11, 2015 at 20:42 UTC
I would much rather see the code that generates the TLS Hello, Exchange cipher, and Finished messages - and see how the magic is done. But I can't find those pieces of code anywhere? I've looked through Net::SSLeay, Crypt::SSLeay - but the missing link is... missing. At least for me. Especially the Net::SSLeay::connect seems interesting, but I can't find the code for that anywhere.	[reply]
Re^3: Embed TLS in plaintext XML by noxxi (Pilgrim) on Nov 12, 2015 at 06:05 UTC
The code to generate these messages is deep inside the OpenSSL library and you have no direct access from Perl to this and I doubt even there is a public C interface. But you can get the generated messages with a memory BIO and use of BIO_read, BIO_write etc. And again, on the Perl side AnyEvent will probably the best source to look into. You might have a look at code from other languages but I doubt that you will find much more because the use case you have is really special and weird.	[reply]