XML Signature Validation in Perl

chora_sid has asked for the wisdom of the Perl Monks concerning the following question:

I am working on SAML Authentication through ADFS. Code is in Perl CGI and I am relatively new to Perl CGI.

I am able to get SAMLResponse back but struggling to get its signature/hash validated.

In CPAN, its mentioned that required methods for authentication are in Crypt::OpenSSL::RSA library. However, some important methods like _load_public_x509_key, verify, etc are not present in this library.

Request you to please help me on this. Please help me get RSA library with _load_public_x509_key, verify, etc subroutines. Also, please share some knowledge/implementation on xml authentication in Perl.

Thanks in Advance !!!

Comment on XML Signature Validation in Perl

Replies are listed 'Best First'.
Re: XML Signature Validation in Perl by CountZero (Bishop) on Feb 24, 2018 at 17:55 UTC
I see that Crypt::OpenSSL::RSA has a `get_public_key_x509_string` method as well as `sign` and `verify` methods. Did you try these? CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James My blog: Imperial Deltronics	[reply] [d/l] [select]
Re^2: XML Signature Validation in Perl by chora_sid (Novice) on Feb 24, 2018 at 18:07 UTC
@CountZero, Thanks for your response Those methods mentioned are there in the implementation but now in actual Source code. Can you please advise or share any link where these methods are present in source code.	[reply]
Re^3: XML Signature Validation in Perl by choroba (Cardinal) on Feb 24, 2018 at 20:45 UTC
Line 281 of RSA.xs. ($q=q:Sq=~/;[c](.)(.)/;chr(-\|\|-\|5+lengthSq)`"S\|oS2"`map{chr \|+ord }map{substrSq`S_+\|`\|}3E\|-\|`7**2-3:)=~y+S\|`+$1,++print+eval$q,q,a, [download]	[reply] [d/l]
Re^3: XML Signature Validation in Perl by CountZero (Bishop) on Feb 25, 2018 at 08:27 UTC
For questions about the source code you best contact the author (Moritz Onken) of that module. His contact details are on CPAN. CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James My blog: Imperial Deltronics	[reply]
Re: XML Signature Validation in Perl by beech (Parson) on Feb 26, 2018 at 06:39 UTC
Hi This is curios https://grep.cpan.me/?q=x509_key shows "x509_key" mentioned in XML::Sig and Net::SAML::XML::Sig	[reply]
Re^2: XML Signature Validation in Perl by akalinux (Initiate) on May 03, 2019 at 23:49 UTC
I was running into the exact same problem. So wrote a module that will handle this without the "namespace" errors. Link here: XML::Sig::OO Here is the slice of code you need to validate the xml: `use Net::SAML2::Protocol::Assertion; use XML::Sig::OO; use MIME::Base64; # Lets assume we have a post binding response my $saml_response=..... my $xml=decode_base64($saml_response); my $v=XML::Sig::OO->new(xml=>$xml,cacert=>'idp_cert.pem'); my $result=$v->validate; die $result unless $result; # we can now use the asertion knowing it was from our idp my $assertion=Net::SAML2::Protocol::Assertion->new_from_xml(xml=>$xml)` [download]	[reply] [d/l]