XML digital signatures for xmerl
Functions for performing XML digital signature generation and verification, as specified at http://www.w3.org/TR/xmldsig-core/ .
These routines work on xmerl data structures (see the xmerl user guide for details).
Currently only RSA + SHA1|SHA256 signatures are supported, in the typical enveloped mode.fingerprint() = binary() | {sha | sha256, binary()}
sig_method() = rsa_sha1 | rsa_sha256
sig_method_uri() = string()
xml_thing() = #xmlDocument{} | #xmlElement{} | #xmlAttribute{} | #xmlPI{} | #xmlText{} | #xmlComment{}
digest/1 | Returns the canonical digest of an (optionally signed) element. |
sign/3 | Signs the given XML element by creating a ds:Signature element within it, returning the element with the signature added. |
sign/4 | |
strip/1 | Returns an xmlelement without any ds:Signature elements that are inside it. |
verify/1 | Verifies an XML digital signature, trusting any valid certificate. |
verify/2 | Verifies an XML digital signature on the given element. |
digest(Element::#xmlElement{}) -> binary()
Returns the canonical digest of an (optionally signed) element
Strips any XML digital signatures and applies any relevant InclusiveNamespaces before generating the digest.sign(Element::#xmlElement{}, PrivateKey::#'RSAPrivateKey'{}, CertBin::binary()) -> #xmlElement{}
Signs the given XML element by creating a ds:Signature element within it, returning the element with the signature added.
Don't use "ds" as a namespace prefix in the envelope document, or things will go baaaad.sign(Element::#xmlElement{}, PrivateKey::#'RSAPrivateKey'{}, CertBin::binary(), SignatureMethod::sig_method() | sig_method_uri()) -> #xmlElement{}
strip(Element::#xmlElement{} | #xmlDocument{}) -> #xmlElement{}
Returns an xmlelement without any ds:Signature elements that are inside it.
verify(Element::xml_thing()) -> ok | {error, bad_digest | bad_signature | cert_not_accepted}
Verifies an XML digital signature, trusting any valid certificate.
This is really not recommended for production use, but it's handy in testing/development.verify(Element::#xmlElement{}, Fingerprints::[fingerprint()] | any) -> ok | {error, bad_digest | bad_signature | cert_not_accepted}
Verifies an XML digital signature on the given element.
Fingerprints is a list of valid cert fingerprints that can be accepted.
Will throw badmatch errors if you give it XML that is not signed according to the xml-dsig spec. If you're using something other than rsa+sha1 or sha256 this will asplode. Don't say I didn't warn you.Generated by EDoc