XML Digital Signatures (XMLDSig) generation and verification.
Implements enveloped XML digital signature generation and verification as specified at http://www.w3.org/TR/xmldsig-core/
Currently supports RSA + SHA1|SHA256 signatures.
Summary
Functions
Returns the canonical digest of an (optionally signed) element.
Signs the given XML element by creating a ds:Signature element within it.
Returns an element without any ds:Signature elements inside it.
Verifies an XML digital signature, trusting any valid certificate.
Verifies an XML digital signature on the given element.
Types
@type sig_method() :: :rsa_sha1 | :rsa_sha256
Functions
@spec digest( {:xmlElement, name :: term(), expanded_name :: term(), nsinfo :: term(), namespace :: term(), parents :: term(), pos :: term(), attributes :: term(), content :: term(), language :: term(), xmlbase :: term(), elementdef :: term()} ) :: binary()
Returns the canonical digest of an (optionally signed) element.
@spec sign( {:xmlElement, name :: term(), expanded_name :: term(), nsinfo :: term(), namespace :: term(), parents :: term(), pos :: term(), attributes :: term(), content :: term(), language :: term(), xmlbase :: term(), elementdef :: term()}, tuple(), binary() ) :: {:xmlElement, name :: term(), expanded_name :: term(), nsinfo :: term(), namespace :: term(), parents :: term(), pos :: term(), attributes :: term(), content :: term(), language :: term(), xmlbase :: term(), elementdef :: term()}
Signs the given XML element by creating a ds:Signature element within it.
Returns the element with the signature added. Default algorithm is RSA-SHA256.
@spec sign( {:xmlElement, name :: term(), expanded_name :: term(), nsinfo :: term(), namespace :: term(), parents :: term(), pos :: term(), attributes :: term(), content :: term(), language :: term(), xmlbase :: term(), elementdef :: term()}, tuple(), binary(), sig_method() | String.t() ) :: {:xmlElement, name :: term(), expanded_name :: term(), nsinfo :: term(), namespace :: term(), parents :: term(), pos :: term(), attributes :: term(), content :: term(), language :: term(), xmlbase :: term(), elementdef :: term()}
Returns an element without any ds:Signature elements inside it.
@spec verify( {:xmlElement, name :: term(), expanded_name :: term(), nsinfo :: term(), namespace :: term(), parents :: term(), pos :: term(), attributes :: term(), content :: term(), language :: term(), xmlbase :: term(), elementdef :: term()} ) :: :ok | {:error, :bad_digest | :bad_signature | :cert_not_accepted}
Verifies an XML digital signature, trusting any valid certificate.
@spec verify( {:xmlElement, name :: term(), expanded_name :: term(), nsinfo :: term(), namespace :: term(), parents :: term(), pos :: term(), attributes :: term(), content :: term(), language :: term(), xmlbase :: term(), elementdef :: term()}, [fingerprint()] | :any ) :: :ok | {:error, :bad_digest | :bad_signature | :cert_not_accepted | :no_signature | :multiple_signatures | :insecure_algorithm | :unsupported_algorithm}
Verifies an XML digital signature on the given element.
fingerprints is a list of valid cert fingerprints that can be accepted,
or :any to accept any valid certificate.