[xmlsec] Looking for a developer - an XMLSec to Objective C Port

Thu May 19 14:01:20 PDT 2011

Hi all,

Sorry this is my first post here, I didn¹t see any sort of policy against
using this list to look for developer talent for contract work, so I
apologize in advance if this offends anyone. Admin, if this is against
policy, please feel free to delete this message and email me off list
letting me know of my violation.

I¹m in a bit of a bind and looking for a professional developer to help me
out with a bit of work.

We need a library to verify the signature of a SAML assertion for use in an
iOS application; it can be implemented either as a static library or as
source code. It must meet the following requirements:
* Verify an enveloped XML digital signature with an embedded x509
certificate (base64 encoded).
* Exist as an Objective-C library (or a C library with an Objective-C
wrapper) that is based on libxml.
* Take an NSString containing a Base64 encoded XML string and respond with a
Boolean indicating whether the signature is valid or not.
* Be implemented in an iOS 4.3 based application (targeting iOS 3.2) without
using private components of the iOS SDK.

Essentially what I¹m asking for is for something like this line of code
BOOL result = [XMLVerify isValidXML:value];
Where value is an NSstring containing a Base64 encoded XML string and result
contains whether value is valid.

An example of the digital signature:
<?xml version="1.0" encoding="UTF-16"?>
<saml:Assertion ID="oQ2YZuHBspA_f91HM8o3.o6ZZla"
IssueInstant="2011-05-06T00:51:40.733Z" Version="2.0"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml:Issuer>[...]</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
        <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <ds:Reference URI="#oQ2YZuHBspA_f91HM8o3.o6ZZla">
            <ds:Transforms>
                <ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>zj4pCHBNMln+28Jq/v1YIScfiuw=</ds:DigestValue>
        </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>[...]</ds:SignatureValue>
    <ds:KeyInfo>
        <ds:X509Data>

<ds:X509Certificate>MIIDVjCCAj6gAwIBAgIGAS67wkWCMA0GCSqGSIb3[...]7bgf</ds:X5
09Certificate>
        </ds:X509Data>
        <ds:KeyValue>
            <ds:RSAKeyValue>
                <ds:Modulus>[...]</ds:Modulus>
                <ds:Exponent>AQAB</ds:Exponent>
            </ds:RSAKeyValue>
        </ds:KeyValue>
    </ds:KeyInfo>
</ds:Signature>
[..the rest of the SAML token...]

If you are interested in this work, contact me off list and we can talk
about your qualifications, rate, etc. and begin work.

Chad Udell

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20110519/c08d4529/attachment.html>