Skip to content

Commit

Permalink
Whitespace changes only.
Browse files Browse the repository at this point in the history
  • Loading branch information
Chris Andrews committed Feb 28, 2011
1 parent 5831b53 commit fcd382d
Show file tree
Hide file tree
Showing 12 changed files with 663 additions and 660 deletions.
34 changes: 17 additions & 17 deletions lib/Net/SAML2/Binding/POST.pm
View file
Expand Up @@ -39,23 +39,23 @@ Base64-encoded response, from the SAMLResponse CGI parameter.
=cut

sub handle_response {
my ($self, $response) = @_;

# unpack and check the signature
my $xml = decode_base64($response);
my $x = Net::SAML2::XML::Sig->new({ x509 => 1 });
my $ret = $x->verify($xml);
die "signature check failed" unless $ret;

# verify the signing certificate
my $cert = $x->signer_cert;
my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
$ret = $ca->verify($cert);

if ($ret) {
return sprintf("%s (verified)", $cert->subject);
}
return;
my ($self, $response) = @_;

# unpack and check the signature
my $xml = decode_base64($response);
my $x = Net::SAML2::XML::Sig->new({ x509 => 1 });
my $ret = $x->verify($xml);
die "signature check failed" unless $ret;

# verify the signing certificate
my $cert = $x->signer_cert;
my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
$ret = $ca->verify($cert);

if ($ret) {
return sprintf("%s (verified)", $cert->subject);
}
return;
}

1;
70 changes: 35 additions & 35 deletions lib/Net/SAML2/Binding/Redirect.pm
View file
Expand Up @@ -69,28 +69,28 @@ authentication process with the IdP.
=cut

sub sign {
my ($self, $request, $relaystate) = @_;
my ($self, $request, $relaystate) = @_;

my $input = "$request";
my $output = '';
my $input = "$request";
my $output = '';

rawdeflate \$input => \$output;
my $req = encode_base64($output, '');
rawdeflate \$input => \$output;
my $req = encode_base64($output, '');

my $u = URI->new($self->url);
$u->query_param($self->param, $req);
$u->query_param('RelayState', $relaystate) if defined $relaystate;
$u->query_param('SigAlg', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1');
my $u = URI->new($self->url);
$u->query_param($self->param, $req);
$u->query_param('RelayState', $relaystate) if defined $relaystate;
$u->query_param('SigAlg', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1');

my $key_string = read_file($self->key);
my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);
my $key_string = read_file($self->key);
my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);

my $to_sign = $u->query;
my $sig = encode_base64($rsa_priv->sign($to_sign), '');
$u->query_param('Signature', $sig);
my $to_sign = $u->query;
my $sig = encode_base64($rsa_priv->sign($to_sign), '');
$u->query_param('Signature', $sig);

my $url = $u->as_string;
return $url;
my $url = $u->as_string;
return $url;
}

=head2 verify($url)
Expand All @@ -102,30 +102,30 @@ Verifies the signature on the response.
=cut

sub verify {
my ($self, $url) = @_;
my $u = URI->new($url);
my ($self, $url) = @_;
my $u = URI->new($url);

# verify the response
my $sigalg = $u->query_param('SigAlg');
die "can't verify '$sigalg' signatures"
unless $sigalg eq 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
# verify the response
my $sigalg = $u->query_param('SigAlg');
die "can't verify '$sigalg' signatures"
unless $sigalg eq 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';

my $cert = Crypt::OpenSSL::X509->new_from_string($self->cert);
my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($cert->pubkey);
my $cert = Crypt::OpenSSL::X509->new_from_string($self->cert);
my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($cert->pubkey);

my $sig = decode_base64($u->query_param_delete('Signature'));
my $signed = $u->query;
die "bad sig" unless $rsa_pub->verify($signed, $sig);

# unpack the SAML request
my $deflated = decode_base64($u->query_param($self->param));
my $request = '';
rawinflate \$deflated => \$request;
my $sig = decode_base64($u->query_param_delete('Signature'));
my $signed = $u->query;
die "bad sig" unless $rsa_pub->verify($signed, $sig);

# unpack the SAML request
my $deflated = decode_base64($u->query_param($self->param));
my $request = '';
rawinflate \$deflated => \$request;

# unpack the relaystate
my $relaystate = $u->query_param('RelayState');
# unpack the relaystate
my $relaystate = $u->query_param('RelayState');

return ($request, $relaystate);
return ($request, $relaystate);
}

1;
Expand Down
154 changes: 77 additions & 77 deletions lib/Net/SAML2/Binding/SOAP.pm
View file
Expand Up @@ -61,21 +61,21 @@ Returns the Response, or dies if there was an error.
=cut

sub request {
my ($self, $message) = @_;
my $request = $self->create_soap_envelope($message);
my ($self, $message) = @_;
my $request = $self->create_soap_envelope($message);

my $soap_action = 'http://www.oasis-open.org/committees/security';
my $soap_action = 'http://www.oasis-open.org/committees/security';

my $req = POST $self->url;
$req->header('SOAPAction' => $soap_action);
$req->header('Content-Type' => 'text/xml');
$req->header('Content-Length' => length $request);
$req->content($request);
my $req = POST $self->url;
$req->header('SOAPAction' => $soap_action);
$req->header('Content-Type' => 'text/xml');
$req->header('Content-Length' => length $request);
$req->content($request);

my $ua = $self->ua;
my $res = $ua->request($req);
my $ua = $self->ua;
my $res = $ua->request($req);

return $self->handle_response($res->content);
return $self->handle_response($res->content);
}

=head2 handle_response( $response )
Expand All @@ -87,28 +87,28 @@ Accepts a string containing the complete SOAP response.
=cut

sub handle_response {
my ($self, $response) = @_;
my ($self, $response) = @_;

# verify the response
my $x = Net::SAML2::XML::Sig->new({ x509 => 1, cert_text => $self->idp_cert });
my $ret = $x->verify($response);
die "bad SOAP response" unless $ret;
# verify the response
my $x = Net::SAML2::XML::Sig->new({ x509 => 1, cert_text => $self->idp_cert });
my $ret = $x->verify($response);
die "bad SOAP response" unless $ret;

# verify the signing certificate
my $cert = $x->signer_cert;
my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
$ret = $ca->verify($cert);
die "bad signer cert" unless $ret;
# verify the signing certificate
my $cert = $x->signer_cert;
my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
$ret = $ca->verify($cert);
die "bad signer cert" unless $ret;

my $subject = sprintf("%s (verified)", $cert->subject);
my $subject = sprintf("%s (verified)", $cert->subject);

# parse the SOAP response and return the payload
my $parser = XML::XPath->new( xml => $response );
$parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
$parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
# parse the SOAP response and return the payload
my $parser = XML::XPath->new( xml => $response );
$parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
$parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');

my $saml = $parser->findnodes_as_string('/soap-env:Envelope/soap-env:Body/*');
return ($subject, $saml);
my $saml = $parser->findnodes_as_string('/soap-env:Envelope/soap-env:Body/*');
return ($subject, $saml);
}

=head2 handle_request( $request )
Expand All @@ -120,29 +120,29 @@ Accepts a string containing the complete SOAP request.
=cut

sub handle_request {
my ($self, $request) = @_;
my ($self, $request) = @_;

my $parser = XML::XPath->new( xml => $request );
$parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
$parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
my $parser = XML::XPath->new( xml => $request );
$parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
$parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');

my $saml = $parser->findnodes_as_string('/soap-env:Envelope/soap-env:Body/*');
my $saml = $parser->findnodes_as_string('/soap-env:Envelope/soap-env:Body/*');

if (defined $saml) {
my $x = Net::SAML2::XML::Sig->new({ x509 => 1, cert_text => $self->idp_cert });
my $ret = $x->verify($saml);
die "bad signature" unless $ret;
if (defined $saml) {
my $x = Net::SAML2::XML::Sig->new({ x509 => 1, cert_text => $self->idp_cert });
my $ret = $x->verify($saml);
die "bad signature" unless $ret;

my $cert = $x->signer_cert;
my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
$ret = $ca->verify($cert);
die "bad certificate in request: ".$cert->subject unless $ret;
my $cert = $x->signer_cert;
my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
$ret = $ca->verify($cert);
die "bad certificate in request: ".$cert->subject unless $ret;

my $subject = $cert->subject;
return ($subject, $saml);
}
my $subject = $cert->subject;
return ($subject, $saml);
}

return;
return;
}

=head2 create_soap_envelope($message)
Expand All @@ -152,45 +152,45 @@ Signs and SOAP-wraps the given message.
=cut

sub create_soap_envelope {
my ($self, $message) = @_;

# sign the message
my $sig = Net::SAML2::XML::Sig->new({
x509 => 1,
key => $self->key,
cert => $self->cert,
});
my $signed_message = $sig->sign($message);
my ($self, $message) = @_;

# sign the message
my $sig = Net::SAML2::XML::Sig->new({
x509 => 1,
key => $self->key,
cert => $self->cert,
});
my $signed_message = $sig->sign($message);

# OpenSSO ArtifactResolve hack
#
# OpenSSO's ArtifactResolve parser is completely hateful. It demands that
# the order of child elements in an ArtifactResolve message be:
#
# 1: saml:Issuer
# 2: dsig:Signature
# 3: samlp:Artifact
#
# Really.
#
if ($signed_message =~ /ArtifactResolve/) {
$signed_message =~ s!(<dsig:Signature.*?</dsig:Signature>)!!s;
my $signature = $1;
$signed_message =~ s/(<\/saml:Issuer>)/$1$signature/;
}

# test verify
my $ret = $sig->verify($signed_message);
die "failed to sign" unless $ret;

my $soap = <<"SOAP";
# OpenSSO ArtifactResolve hack
#
# OpenSSO's ArtifactResolve parser is completely hateful. It demands that
# the order of child elements in an ArtifactResolve message be:
#
# 1: saml:Issuer
# 2: dsig:Signature
# 3: samlp:Artifact
#
# Really.
#
if ($signed_message =~ /ArtifactResolve/) {
$signed_message =~ s!(<dsig:Signature.*?</dsig:Signature>)!!s;
my $signature = $1;
$signed_message =~ s/(<\/saml:Issuer>)/$1$signature/;
}

# test verify
my $ret = $sig->verify($signed_message);
die "failed to sign" unless $ret;

my $soap = <<"SOAP";
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
$signed_message
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAP
return $soap;
return $soap;
}

1;

0 comments on commit fcd382d

Please sign in to comment.