Move to Crypt-OpenSSL-Verify as Crypt-OpenSSL-Verify is not supported

timlegge · timlegge · commit 36d0a5ccfe56 · 2021-01-13T20:14:45.000-04:00
diff --git a/Makefile.PL b/Makefile.PL
@@ -22,7 +22,7 @@ my %WriteMakefileArgs = (
     "Crypt::OpenSSL::DSA" => 0,
     "Crypt::OpenSSL::RSA" => 0,
     "Crypt::OpenSSL::Random" => 0,
-    "Crypt::OpenSSL::VerifyX509" => 0,
+    "Crypt::OpenSSL::Verify" => 0,
     "Crypt::OpenSSL::X509" => 0,
     "DateTime" => 0,
     "DateTime::Format::XSD" => 0,
@@ -82,7 +82,7 @@ my %FallbackPrereqs = (
   "Crypt::OpenSSL::DSA" => 0,
   "Crypt::OpenSSL::RSA" => 0,
   "Crypt::OpenSSL::Random" => 0,
-  "Crypt::OpenSSL::VerifyX509" => 0,
+  "Crypt::OpenSSL::Verify" => 0,
   "Crypt::OpenSSL::X509" => 0,
   "DateTime" => 0,
   "DateTime::Format::XSD" => 0,
diff --git a/cpanfile b/cpanfile
@@ -4,7 +4,7 @@ requires "Crypt::OpenSSL::Bignum" => "0";
 requires "Crypt::OpenSSL::DSA" => "0";
 requires "Crypt::OpenSSL::RSA" => "0";
 requires "Crypt::OpenSSL::Random" => "0";
-requires "Crypt::OpenSSL::VerifyX509" => "0";
+requires "Crypt::OpenSSL::Verify" => "0";
 requires "Crypt::OpenSSL::X509" => "0";
 requires "DateTime" => "0";
 requires "DateTime::Format::XSD" => "0";
diff --git a/lib/Net/SAML2/Binding/POST.pm b/lib/Net/SAML2/Binding/POST.pm
@@ -25,7 +25,7 @@ Net::SAML2::Binding::POST - HTTP POST binding for SAML2
 
 use Net::SAML2::XML::Sig;
 use MIME::Base64 qw/ decode_base64 /;
-use Crypt::OpenSSL::VerifyX509;
+use Crypt::OpenSSL::Verify;
 
 =head2 new( )
 
@@ -69,7 +69,7 @@ sub handle_response {
         my $cert = $x->signer_cert
             or die "Certificate not provided and not in SAML Response, cannot validate";
 
-        my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+        my $ca = Crypt::OpenSSL::Verify->new($self->cacert, { strict_certs => 0, });
         if ($ca->verify($cert)) {
             return sprintf("%s (verified)", $cert->subject);
         } else {
diff --git a/lib/Net/SAML2/Binding/SOAP.pm b/lib/Net/SAML2/Binding/SOAP.pm
@@ -121,7 +121,7 @@ sub handle_response {
 
     # verify the signing certificate
     my $cert = $x->signer_cert;
-    my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+    my $ca = Crypt::OpenSSL::Verify->new($self->cacert, { strict_certs => 0, });
     $ret = $ca->verify($cert);
     die "bad signer cert" unless $ret;
 
@@ -159,7 +159,7 @@ sub handle_request {
         die "bad signature" unless $ret;
 
         my $cert = $x->signer_cert;
-        my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+        my $ca = Crypt::OpenSSL::Verify->new($self->cacert, { strict_certs => 0, });
         $ret = $ca->verify($cert);
         die "bad certificate in request: ".$cert->subject unless $ret;
 
diff --git a/lib/Net/SAML2/IdP.pm b/lib/Net/SAML2/IdP.pm
@@ -16,7 +16,7 @@ Net::SAML2::IdP - SAML Identity Provider object
 
 =cut
 
-use Crypt::OpenSSL::VerifyX509;
+use Crypt::OpenSSL::Verify;
 use Crypt::OpenSSL::X509;
 use HTTP::Request::Common;
 use LWP::UserAgent;
@@ -180,7 +180,7 @@ sub BUILD {
     my($self) = @_;
 
     if ($self->cacert) {
-        my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
+        my $ca = Crypt::OpenSSL::Verify->new($self->cacert, { strict_certs => 0, });
 
         for my $use (keys %{$self->certs}) {
             my $cert = Crypt::OpenSSL::X509->new_from_string($self->certs->{$use});
diff --git a/t/01-create-idp.t b/t/01-create-idp.t
@@ -55,8 +55,6 @@ Iavyic/p4gZtXckweq+VTn9CdZp6ZTQtVw==
 </EntityDescriptor>
 XML
 
-my $override = override_verify_x509_verify(1);
-
 my $idp = Net::SAML2::IdP->new_from_xml(
     xml    => $xml,
     cacert => 't/cacert.pem'
diff --git a/t/04-response.t b/t/04-response.t
@@ -61,8 +61,6 @@ XML
 
 my $response = encode_base64($xml);
 
-my $override = override_verify_x509_verify(1);
-
 my $sp = net_saml2_sp();
 
 my $post = $sp->post_binding;
diff --git a/t/05-soap-binding.t b/t/05-soap-binding.t
@@ -5,8 +5,6 @@ use Net::SAML2::IdP;
 
 use LWP::UserAgent;
 
-my $override = override_verify_x509_verify(1);
-
 my $sp = net_saml2_sp();
 
 my $metadata = path('t/idp-metadata.xml')->slurp;
diff --git a/t/06-redirect-binding.t b/t/06-redirect-binding.t
@@ -14,13 +14,6 @@ my $idp = Net::SAML2::IdP->new_from_xml(
 
 isa_ok($idp, "Net::SAML2::IdP");
 
-my $override = override_verify_x509_verify(1);
-$override->override(
-    'Net::SAML2::Util::generate_id' => sub {
-        return 'myid';
-    }
-);
-
 my $sso_url = $idp->sso_url($idp->binding('redirect'));
 is(
     $sso_url,
diff --git a/t/lib/Test/Net/SAML2/Util.pm b/t/lib/Test/Net/SAML2/Util.pm
@@ -8,8 +8,6 @@ require Exporter;
 our @ISA    = qw(Exporter);
 our @EXPORT = qw(
     get_xpath
-    override
-    override_verify_x509_verify
     test_xml_attribute_ok
     test_xml_value_ok
     net_saml2_sp
@@ -84,28 +82,6 @@ sub test_xml_value_ok {
     return 0;
 }
 
-sub override {
-  return Sub::Override->override(@_);
-}
-
-# On debian testing we have an issue with an underlying module. For one
-# reason or another I have the module installed, but it breaks on
-# reinstallation. So we mock the module
-#
-# TODO: https://gitlab.com/waterkip/perl-net-saml2/issues/1
-sub override_verify_x509_verify {
-    my $return_ok = shift;
-
-    return override(
-        'Crypt::OpenSSL::VerifyX509::verify' => sub {
-            return $return_ok if $return_ok;
-            die
-
-            "override of Crypt::OpenSSL::VerifyX509::verify says failure!";
-        }
-    );
-}
-
 sub looks_like_a_cert {
     my $cert = shift;
     lives_ok(
