[xmlsec] Perl module for xmlsec set to publish

Erich Strelow esf at moller.cl
Tue Aug 23 20:49:16 UTC 2022

Finally, I uploaded the perl module binding I announced back in 2020.

The module indexed in CPAN ==> https://metacpan.org/pod/XML::LibXML::xmlsec

The github repository ==> https://github.com/estrelow/Perl-LibXML-Sec

I just recently restarted work on this. I reached the point in which the module just about does what I expected as a first release.

The app I was working on had to do with xml representations of accounting ledgers. The tax authority in the country where I live encourages a system in which your accounting ledgers are stored in some digital archive as signed xml documents. The signee must use a X509 certificate issued by a CA, which un turn must be recognized by the tax authority. The subject of the X509 can be the company CFO, the accountant or just some previously enrolled clerk.

So, the glue perl script here must perform a series of pre-press transformations on the document, transfer the data in and out the archive, serve as a backend for a web app for previewing and approval of the ledgers; and perform the xml signature and verification. 

An early version of this app I did back in the 2000's issued a system call for the xmlsec utility after dumping the document. But, since libxml was my XML library of choice anyway, I always felt I was double-parsing all the time.

As for the module, some design comments:

* There's already a very mature libxml perl module, so the xmlsec methods accepts already parsed xml documents as perl objects. 
* perl can use interpolation in function names, so the one cheap trick I did was to dynamically construct something like xmlSecTransformRsaSha1Id from the string 'rsa-sha1'. I had to write a lot of stub C calls, but it worked. This helped simplify the template construction on the perl side.
* The idea was to identify tampered documents, so I took advantage of the error callback feature in the verify method in order to keep the reason why a document failed.

I tested the module in Debian and RH variants. I lost my Windows development device a couple of weeks ago when some guys stole my backpack. I expect to have one later.

More information about the xmlsec mailing list