Merge pull request #9 from timlegge/crypt-openssl-verify

Replace Crypt::OpenSSL::VerifyX509 with Crypt::OpenSSL::Verify

Author: timlegge

.github/workflows/linux.yml

@@ -25,19 +25,9 @@ jobs:
       image: perl:${{ matrix.perl-version }}
     steps:
       - uses: actions/checkout@v1
-      - name: Install Crypt::OpenSSL::VerifyX509
-        run: |
-          curl -sL https://cpanmin.us/ | perl - -nq inc::Module::Install \
-          Module::Install::AuthorRequires Module::Install::AuthorTests \
-          Test::NoTabs Test::Pod Test::Pod::Coverage Test::More Crypt::OpenSSL::X509;
-          git clone https://github.com/timlegge/perl-Crypt-OpenSSL-VerifyX509.git;
-          cd perl-Crypt-OpenSSL-VerifyX509;
-          perl Makefile.PL;
-          make install;
-          cd ..;
       - name: Install Net::SAML2 Depends
         run: |
-          apt-get install libxml2-dev make gcc;
+          apt-get install libxml2 make gcc;
           curl -sL https://cpanmin.us/ | perl - -nq --installdeps . ;
       - name: Build Module
         run: |

Changes

@@ -1,10 +1,30 @@
 Revision history for Perl extension Net::SAML2.
 
+0.30-TRIAL    13-Jan-2021
+
+        Significant Changes
+
+            1. Replace Crypt::OpenSSL::Verify
+            2. Merge latest XML::Sig
+
+        Warning: This release require the installation of Crypt::OpenSSL::Verify.
+
+        TBD     Update Changes and Increment version
+        ccaa892 Remove the installation of Crypt::OpenSSL::VerifyX509 from action
+        36d0a5c Move to Crypt-OpenSSL-Verify as Crypt-OpenSSL-Verify is not supported
+        af050d5 Merge pull request #8 from timlegge/merge-xml-sig
+        91208a2 Update dependencies for Net::SAML2::XML::Sig
+        359a0bd Merge XML::Sig version 0.39
+        200c0ae Update some documentation details
+        ed3c265 Merge XML::Sig version 0.38
+        dfefef6 Remove XML::Lib added XML Declaration from Signed XML
+        a39774f Copy updated XML::Sig and update name and version
+
 0.29    12-Jan-2021
 
         Small release to update issues location to be github
 
-        TBD     Update Changes and Increment version
+        6a03758 Update Changes and Increment version
         08e1a17 Fixes #7 - Move issues to github
 
 0.28    04-Jul-2020

Makefile.PL

@@ -22,7 +22,7 @@ my %WriteMakefileArgs = (
     "Crypt::OpenSSL::DSA" => 0,
     "Crypt::OpenSSL::RSA" => 0,
     "Crypt::OpenSSL::Random" => 0,
-    "Crypt::OpenSSL::VerifyX509" => 0,
+    "Crypt::OpenSSL::Verify" => 0,
     "Crypt::OpenSSL::X509" => 0,
     "DateTime" => 0,
     "DateTime::Format::XSD" => 0,
@@ -68,7 +68,7 @@ my %WriteMakefileArgs = (
     "Test::Pod::Coverage" => "1.04",
     "XML::LibXML::XPathContext" => 0
   },
-  "VERSION" => "0.29",
+  "VERSION" => "0.30",
   "test" => {
     "TESTS" => "t/*.t t/author/*.t"
   }
@@ -82,7 +82,7 @@ my %FallbackPrereqs = (
   "Crypt::OpenSSL::DSA" => 0,
   "Crypt::OpenSSL::RSA" => 0,
   "Crypt::OpenSSL::Random" => 0,
-  "Crypt::OpenSSL::VerifyX509" => 0,
+  "Crypt::OpenSSL::Verify" => 0,
   "Crypt::OpenSSL::X509" => 0,
   "DateTime" => 0,
   "DateTime::Format::XSD" => 0,

cpanfile

@@ -1,10 +1,12 @@
+# Do not edit this file directly. To change prereqs, edit the `dist.ini` file.
+
 requires "Carp" => "0";
 requires "Class::Accessor" => "0";
 requires "Crypt::OpenSSL::Bignum" => "0";
 requires "Crypt::OpenSSL::DSA" => "0";
 requires "Crypt::OpenSSL::RSA" => "0";
 requires "Crypt::OpenSSL::Random" => "0";
-requires "Crypt::OpenSSL::VerifyX509" => "0";
+requires "Crypt::OpenSSL::Verify" => "0";
 requires "Crypt::OpenSSL::X509" => "0";
 requires "DateTime" => "0";
 requires "DateTime::Format::XSD" => "0";

lib/Net/SAML2.pm

@@ -4,7 +4,7 @@ use warnings;
 
 require 5.008_001;
 
-our $VERSION = '0.29';
+our $VERSION = '0.30';
 $VERSION = eval {$VERSION};
 
 =head1 NAME

lib/Net/SAML2/Binding/POST.pm

@@ -25,7 +25,7 @@ Net::SAML2::Binding::POST - HTTP POST binding for SAML2
 
 use Net::SAML2::XML::Sig;
 use MIME::Base64 qw/ decode_base64 /;
-use Crypt::OpenSSL::VerifyX509;
+use Crypt::OpenSSL::Verify;
 
 =head2 new( )
 
@@ -69,7 +69,7 @@ sub handle_response {
         my $cert = $x->signer_cert
             or die "Certificate not provided and not in SAML Response, cannot validate";
 
-        my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+        my $ca = Crypt::OpenSSL::Verify->new($self->cacert, { strict_certs => 0, });
         if ($ca->verify($cert)) {
             return sprintf("%s (verified)", $cert->subject);
         } else {

lib/Net/SAML2/Binding/SOAP.pm

@@ -121,7 +121,7 @@ sub handle_response {
 
     # verify the signing certificate
     my $cert = $x->signer_cert;
-    my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+    my $ca = Crypt::OpenSSL::Verify->new($self->cacert, { strict_certs => 0, });
     $ret = $ca->verify($cert);
     die "bad signer cert" unless $ret;
 
@@ -159,7 +159,7 @@ sub handle_request {
         die "bad signature" unless $ret;
 
         my $cert = $x->signer_cert;
-        my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+        my $ca = Crypt::OpenSSL::Verify->new($self->cacert, { strict_certs => 0, });
         $ret = $ca->verify($cert);
         die "bad certificate in request: ".$cert->subject unless $ret;
 

lib/Net/SAML2/IdP.pm

@@ -16,7 +16,7 @@ Net::SAML2::IdP - SAML Identity Provider object
 
 =cut
 
-use Crypt::OpenSSL::VerifyX509;
+use Crypt::OpenSSL::Verify;
 use Crypt::OpenSSL::X509;
 use HTTP::Request::Common;
 use LWP::UserAgent;
@@ -180,7 +180,7 @@ sub BUILD {
     my($self) = @_;
 
     if ($self->cacert) {
-        my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+        my $ca = Crypt::OpenSSL::Verify->new($self->cacert, { strict_certs => 0, });
 
         for my $use (keys %{$self->certs}) {
             my $cert = Crypt::OpenSSL::X509->new_from_string($self->certs->{$use});

lib/Net/SAML2/XML/Sig.pm

@@ -36,7 +36,7 @@ use vars qw($VERSION @EXPORT_OK %EXPORT_TAGS $DEBUG);
 
 $DEBUG = 0;
 # Based on XML::Sig VERSION = '0.39';
-$VERSION = '0.29';
+$VERSION = '0.30';
 
 use base qw(Class::Accessor);
 Net::SAML2::XML::Sig->mk_accessors(qw(key));

lib/Net/SAML2/XML/Util.pm

@@ -9,7 +9,7 @@ use XML::Tidy;
 use vars qw($VERSION @EXPORT_OK %EXPORT_TAGS $DEBUG);
 
 $DEBUG = 0;
-$VERSION = '0.29';
+$VERSION = '0.30';
 
 # We are exporting functions
 use base qw/Exporter/;

t/01-create-idp.t

@@ -55,8 +55,6 @@ Iavyic/p4gZtXckweq+VTn9CdZp6ZTQtVw==
 </EntityDescriptor>
 XML
 
-my $override = override_verify_x509_verify(1);
-
 my $idp = Net::SAML2::IdP->new_from_xml(
     xml    => $xml,
     cacert => 't/cacert.pem'

t/04-response.t

@@ -61,8 +61,6 @@ XML
 
 my $response = encode_base64($xml);
 
-my $override = override_verify_x509_verify(1);
-
 my $sp = net_saml2_sp();
 
 my $post = $sp->post_binding;

t/05-soap-binding.t

@@ -5,8 +5,6 @@ use Net::SAML2::IdP;
 
 use LWP::UserAgent;
 
-my $override = override_verify_x509_verify(1);
-
 my $sp = net_saml2_sp();
 
 my $metadata = path('t/idp-metadata.xml')->slurp;

t/06-redirect-binding.t

@@ -14,13 +14,6 @@ my $idp = Net::SAML2::IdP->new_from_xml(
 
 isa_ok($idp, "Net::SAML2::IdP");
 
-my $override = override_verify_x509_verify(1);
-$override->override(
-    'Net::SAML2::Util::generate_id' => sub {
-        return 'myid';
-    }
-);
-
 my $sso_url = $idp->sso_url($idp->binding('redirect'));
 is(
     $sso_url,

t/lib/Test/Net/SAML2/Util.pm

@@ -8,8 +8,6 @@ require Exporter;
 our @ISA    = qw(Exporter);
 our @EXPORT = qw(
     get_xpath
-    override
-    override_verify_x509_verify
     test_xml_attribute_ok
     test_xml_value_ok
     net_saml2_sp
@@ -84,28 +82,6 @@ sub test_xml_value_ok {
     return 0;
 }
 
-sub override {
-  return Sub::Override->override(@_);
-}
-
-# On debian testing we have an issue with an underlying module. For one
-# reason or another I have the module installed, but it breaks on
-# reinstallation. So we mock the module
-#
-# TODO: https://gitlab.com/waterkip/perl-net-saml2/issues/1
-sub override_verify_x509_verify {
-    my $return_ok = shift;
-
-    return override(
-        'Crypt::OpenSSL::VerifyX509::verify' => sub {
-            return $return_ok if $return_ok;
-            die
-
-            "override of Crypt::OpenSSL::VerifyX509::verify says failure!";
-        }
-    );
-}
-
 sub looks_like_a_cert {
     my $cert = shift;
     lives_ok(