[xmlsec] Perl module for xmlsec set to publish

Aleksey Sanin aleksey at aleksey.com
Wed Aug 24 11:37:24 UTC 2022


Fantastic! I've added a link to the docs and website will be updated
after next release as well:

https://github.com/lsh123/xmlsec/commit/6361f2f86e6d66f596fada39b58de158772260ac

Thanks!

Aleksey

On 8/23/22 4:49 PM, Erich Strelow wrote:
> Finally, I uploaded the perl module binding I announced back in 2020.
> 
> The module indexed in CPAN ==> https://metacpan.org/pod/XML::LibXML::xmlsec
> 
> The github repository ==> https://github.com/estrelow/Perl-LibXML-Sec
> 
> I just recently restarted work on this. I reached the point in which the module just about does what I expected as a first release.
> 
> The app I was working on had to do with xml representations of accounting ledgers. The tax authority in the country where I live encourages a system in which your accounting ledgers are stored in some digital archive as signed xml documents. The signee must use a X509 certificate issued by a CA, which un turn must be recognized by the tax authority. The subject of the X509 can be the company CFO, the accountant or just some previously enrolled clerk.
> 
> So, the glue perl script here must perform a series of pre-press transformations on the document, transfer the data in and out the archive, serve as a backend for a web app for previewing and approval of the ledgers; and perform the xml signature and verification.
> 
> An early version of this app I did back in the 2000's issued a system call for the xmlsec utility after dumping the document. But, since libxml was my XML library of choice anyway, I always felt I was double-parsing all the time.
> 
> As for the module, some design comments:
> 
> * There's already a very mature libxml perl module, so the xmlsec methods accepts already parsed xml documents as perl objects.
> * perl can use interpolation in function names, so the one cheap trick I did was to dynamically construct something like xmlSecTransformRsaSha1Id from the string 'rsa-sha1'. I had to write a lot of stub C calls, but it worked. This helped simplify the template construction on the perl side.
> * The idea was to identify tampered documents, so I took advantage of the error callback feature in the verify method in order to keep the reason why a document failed.
> 
> I tested the module in Debian and RH variants. I lost my Windows development device a couple of weeks ago when some guys stole my backpack. I expect to have one later.
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list