[Xml-compile] XML::Compile::WSS - Declaring KeyInfo $schema->writer for X509IssuerSerial block

Mark Overmeer mark at overmeer.net
Fri Apr 22 20:20:49 GMT 2016 

* James Moore (webtechhq at gmail.com) [160422 17:52]:
> I am implementing XML::Compile::WSS and the API I am working with expects
> the header to contain a SecurityTokenReference with
> X509Data/X509IssuerSerial block.

Unluckily for you, I'll go on holidays (9 days Schotland) leaving tomorrow
early morning... support will be a bit limited ;-)  [at least daily]

> http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html#KeyIdentifier_or_X509IssuerSerial_for_External_References
> 
> XML::Compile::WSS::KeyInfo provides three methods for publish_token
> (KEYNAME, SECTOKREF_KEYID, SECTOKREF_URI).  Unfortunately, none of these
> produce the KeyInfo block in the way desired.  So, I have tried my hand at
> creating schema->writer(s).

There are over 300 algoritms in XML-WSS space :(

> my $x509w = $schema->writer('ds:X509Data');
> ## works correctly
> 
> my $x509isw = $schema->writer('ds:X509IssuerSerial');
> ## returns error: cannot find element or attribute `{
> http://www.w3.org/2000/09/xmldsig#}X509IssuerSerial' at ds:X509IssuerSerial

This is not a top-level element, so cannot be addressed this way.

The 200009-dsig.xsd tells me:

<element name="X509Data" type="ds:X509DataType"/>
<complexType name="X509DataType">
  <sequence maxOccurs="unbounded">
    <choice>
      <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
      <element name="X509SKI" type="base64Binary"/>
      <element name="X509SubjectName" type="string"/>

The distribution contains a dump/ directory with templates for this
structure.

      # is a ds:X509DataType
      ds_X509Data =>
      { # sequence of choice
        # occurs 1 <= # <= unbounded times
        seq_ds_X509IssuerSerial =>
        [ {
            # choice of ds_X509IssuerSerial, ds_X509SKI,
            #   ds_X509SubjectName, ds_X509Certificate, ds_X509CRL, ANY

            # is a ds:X509IssuerSerialType
            ds_X509IssuerSerial =>
            { # sequence of ds_X509IssuerName, ds_X509SerialNumber

              # is a xsd:string
              ds_X509IssuerName => "example",

              # is a xsd:integer
              ds_X509SerialNumber => 42, },

> As this is part of the specification, I imagine it has come up before and I
> am just overlooking the solution.  I appreciate your feedback and a big
> "Thank You" for developing this great suite of modules.

As emergency trick, you can always manually create a XML::LibXML::Element,
and put that as value to ds_X509Data
-- 
Success!
               MarkOv

------------------------------------------------------------------------
       Mark Overmeer MSc                                MARKOV Solutions
       Mark at Overmeer.net                          solutions at overmeer.net
http://Mark.Overmeer.net                   http://solutions.overmeer.net

More information about the Xml-compile mailing list