Permalink
Browse files

Whitespace changes only.

  • Loading branch information...
Chris Andrews
Chris Andrews committed Feb 28, 2011
1 parent 5831b53 commit fcd382da336c3fa6401f8ecee36c2ff4b971a216
@@ -39,23 +39,23 @@ Base64-encoded response, from the SAMLResponse CGI parameter.
=cut
sub handle_response {
- my ($self, $response) = @_;
-
- # unpack and check the signature
- my $xml = decode_base64($response);
- my $x = Net::SAML2::XML::Sig->new({ x509 => 1 });
- my $ret = $x->verify($xml);
- die "signature check failed" unless $ret;
-
- # verify the signing certificate
- my $cert = $x->signer_cert;
- my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
- $ret = $ca->verify($cert);
-
- if ($ret) {
- return sprintf("%s (verified)", $cert->subject);
- }
- return;
+ my ($self, $response) = @_;
+
+ # unpack and check the signature
+ my $xml = decode_base64($response);
+ my $x = Net::SAML2::XML::Sig->new({ x509 => 1 });
+ my $ret = $x->verify($xml);
+ die "signature check failed" unless $ret;
+
+ # verify the signing certificate
+ my $cert = $x->signer_cert;
+ my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+ $ret = $ca->verify($cert);
+
+ if ($ret) {
+ return sprintf("%s (verified)", $cert->subject);
+ }
+ return;
}
1;
@@ -69,28 +69,28 @@ authentication process with the IdP.
=cut
sub sign {
- my ($self, $request, $relaystate) = @_;
+ my ($self, $request, $relaystate) = @_;
- my $input = "$request";
- my $output = '';
+ my $input = "$request";
+ my $output = '';
- rawdeflate \$input => \$output;
- my $req = encode_base64($output, '');
+ rawdeflate \$input => \$output;
+ my $req = encode_base64($output, '');
- my $u = URI->new($self->url);
- $u->query_param($self->param, $req);
- $u->query_param('RelayState', $relaystate) if defined $relaystate;
- $u->query_param('SigAlg', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1');
+ my $u = URI->new($self->url);
+ $u->query_param($self->param, $req);
+ $u->query_param('RelayState', $relaystate) if defined $relaystate;
+ $u->query_param('SigAlg', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1');
- my $key_string = read_file($self->key);
- my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);
+ my $key_string = read_file($self->key);
+ my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);
- my $to_sign = $u->query;
- my $sig = encode_base64($rsa_priv->sign($to_sign), '');
- $u->query_param('Signature', $sig);
+ my $to_sign = $u->query;
+ my $sig = encode_base64($rsa_priv->sign($to_sign), '');
+ $u->query_param('Signature', $sig);
- my $url = $u->as_string;
- return $url;
+ my $url = $u->as_string;
+ return $url;
}
=head2 verify($url)
@@ -102,30 +102,30 @@ Verifies the signature on the response.
=cut
sub verify {
- my ($self, $url) = @_;
- my $u = URI->new($url);
+ my ($self, $url) = @_;
+ my $u = URI->new($url);
- # verify the response
- my $sigalg = $u->query_param('SigAlg');
- die "can't verify '$sigalg' signatures"
- unless $sigalg eq 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
+ # verify the response
+ my $sigalg = $u->query_param('SigAlg');
+ die "can't verify '$sigalg' signatures"
+ unless $sigalg eq 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
- my $cert = Crypt::OpenSSL::X509->new_from_string($self->cert);
- my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($cert->pubkey);
+ my $cert = Crypt::OpenSSL::X509->new_from_string($self->cert);
+ my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($cert->pubkey);
- my $sig = decode_base64($u->query_param_delete('Signature'));
- my $signed = $u->query;
- die "bad sig" unless $rsa_pub->verify($signed, $sig);
-
- # unpack the SAML request
- my $deflated = decode_base64($u->query_param($self->param));
- my $request = '';
- rawinflate \$deflated => \$request;
+ my $sig = decode_base64($u->query_param_delete('Signature'));
+ my $signed = $u->query;
+ die "bad sig" unless $rsa_pub->verify($signed, $sig);
+
+ # unpack the SAML request
+ my $deflated = decode_base64($u->query_param($self->param));
+ my $request = '';
+ rawinflate \$deflated => \$request;
- # unpack the relaystate
- my $relaystate = $u->query_param('RelayState');
+ # unpack the relaystate
+ my $relaystate = $u->query_param('RelayState');
- return ($request, $relaystate);
+ return ($request, $relaystate);
}
1;
@@ -61,21 +61,21 @@ Returns the Response, or dies if there was an error.
=cut
sub request {
- my ($self, $message) = @_;
- my $request = $self->create_soap_envelope($message);
+ my ($self, $message) = @_;
+ my $request = $self->create_soap_envelope($message);
- my $soap_action = 'http://www.oasis-open.org/committees/security';
+ my $soap_action = 'http://www.oasis-open.org/committees/security';
- my $req = POST $self->url;
- $req->header('SOAPAction' => $soap_action);
- $req->header('Content-Type' => 'text/xml');
- $req->header('Content-Length' => length $request);
- $req->content($request);
+ my $req = POST $self->url;
+ $req->header('SOAPAction' => $soap_action);
+ $req->header('Content-Type' => 'text/xml');
+ $req->header('Content-Length' => length $request);
+ $req->content($request);
- my $ua = $self->ua;
- my $res = $ua->request($req);
+ my $ua = $self->ua;
+ my $res = $ua->request($req);
- return $self->handle_response($res->content);
+ return $self->handle_response($res->content);
}
=head2 handle_response( $response )
@@ -87,28 +87,28 @@ Accepts a string containing the complete SOAP response.
=cut
sub handle_response {
- my ($self, $response) = @_;
+ my ($self, $response) = @_;
- # verify the response
- my $x = Net::SAML2::XML::Sig->new({ x509 => 1, cert_text => $self->idp_cert });
- my $ret = $x->verify($response);
- die "bad SOAP response" unless $ret;
+ # verify the response
+ my $x = Net::SAML2::XML::Sig->new({ x509 => 1, cert_text => $self->idp_cert });
+ my $ret = $x->verify($response);
+ die "bad SOAP response" unless $ret;
- # verify the signing certificate
- my $cert = $x->signer_cert;
- my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
- $ret = $ca->verify($cert);
- die "bad signer cert" unless $ret;
+ # verify the signing certificate
+ my $cert = $x->signer_cert;
+ my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+ $ret = $ca->verify($cert);
+ die "bad signer cert" unless $ret;
- my $subject = sprintf("%s (verified)", $cert->subject);
+ my $subject = sprintf("%s (verified)", $cert->subject);
- # parse the SOAP response and return the payload
- my $parser = XML::XPath->new( xml => $response );
- $parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
- $parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
+ # parse the SOAP response and return the payload
+ my $parser = XML::XPath->new( xml => $response );
+ $parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
+ $parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
- my $saml = $parser->findnodes_as_string('/soap-env:Envelope/soap-env:Body/*');
- return ($subject, $saml);
+ my $saml = $parser->findnodes_as_string('/soap-env:Envelope/soap-env:Body/*');
+ return ($subject, $saml);
}
=head2 handle_request( $request )
@@ -120,29 +120,29 @@ Accepts a string containing the complete SOAP request.
=cut
sub handle_request {
- my ($self, $request) = @_;
+ my ($self, $request) = @_;
- my $parser = XML::XPath->new( xml => $request );
- $parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
- $parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
+ my $parser = XML::XPath->new( xml => $request );
+ $parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
+ $parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
- my $saml = $parser->findnodes_as_string('/soap-env:Envelope/soap-env:Body/*');
+ my $saml = $parser->findnodes_as_string('/soap-env:Envelope/soap-env:Body/*');
- if (defined $saml) {
- my $x = Net::SAML2::XML::Sig->new({ x509 => 1, cert_text => $self->idp_cert });
- my $ret = $x->verify($saml);
- die "bad signature" unless $ret;
+ if (defined $saml) {
+ my $x = Net::SAML2::XML::Sig->new({ x509 => 1, cert_text => $self->idp_cert });
+ my $ret = $x->verify($saml);
+ die "bad signature" unless $ret;
- my $cert = $x->signer_cert;
- my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
- $ret = $ca->verify($cert);
- die "bad certificate in request: ".$cert->subject unless $ret;
+ my $cert = $x->signer_cert;
+ my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+ $ret = $ca->verify($cert);
+ die "bad certificate in request: ".$cert->subject unless $ret;
- my $subject = $cert->subject;
- return ($subject, $saml);
- }
+ my $subject = $cert->subject;
+ return ($subject, $saml);
+ }
- return;
+ return;
}
=head2 create_soap_envelope($message)
@@ -152,45 +152,45 @@ Signs and SOAP-wraps the given message.
=cut
sub create_soap_envelope {
- my ($self, $message) = @_;
-
- # sign the message
- my $sig = Net::SAML2::XML::Sig->new({
- x509 => 1,
- key => $self->key,
- cert => $self->cert,
- });
- my $signed_message = $sig->sign($message);
+ my ($self, $message) = @_;
+
+ # sign the message
+ my $sig = Net::SAML2::XML::Sig->new({
+ x509 => 1,
+ key => $self->key,
+ cert => $self->cert,
+ });
+ my $signed_message = $sig->sign($message);
- # OpenSSO ArtifactResolve hack
- #
- # OpenSSO's ArtifactResolve parser is completely hateful. It demands that
- # the order of child elements in an ArtifactResolve message be:
- #
- # 1: saml:Issuer
- # 2: dsig:Signature
- # 3: samlp:Artifact
- #
- # Really.
- #
- if ($signed_message =~ /ArtifactResolve/) {
- $signed_message =~ s!(<dsig:Signature.*?</dsig:Signature>)!!s;
- my $signature = $1;
- $signed_message =~ s/(<\/saml:Issuer>)/$1$signature/;
- }
-
- # test verify
- my $ret = $sig->verify($signed_message);
- die "failed to sign" unless $ret;
-
- my $soap = <<"SOAP";
+ # OpenSSO ArtifactResolve hack
+ #
+ # OpenSSO's ArtifactResolve parser is completely hateful. It demands that
+ # the order of child elements in an ArtifactResolve message be:
+ #
+ # 1: saml:Issuer
+ # 2: dsig:Signature
+ # 3: samlp:Artifact
+ #
+ # Really.
+ #
+ if ($signed_message =~ /ArtifactResolve/) {
+ $signed_message =~ s!(<dsig:Signature.*?</dsig:Signature>)!!s;
+ my $signature = $1;
+ $signed_message =~ s/(<\/saml:Issuer>)/$1$signature/;
+ }
+
+ # test verify
+ my $ret = $sig->verify($signed_message);
+ die "failed to sign" unless $ret;
+
+ my $soap = <<"SOAP";
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
$signed_message
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAP
- return $soap;
+ return $soap;
}
1;
Oops, something went wrong.

0 comments on commit fcd382d

Please sign in to comment.