Replace XML::XPath with XML::libXML

Author: timlegge

Makefile.PL

@@ -47,7 +47,6 @@ my %WriteMakefileArgs = (
     "XML::LibXML" => 0,
     "XML::Tidy" => 0,
     "XML::Writer" => "0.625",
-    "XML::XPath" => 0,
     "base" => 0,
     "constant" => 0,
     "namespace::autoclean" => 0,
@@ -122,7 +121,6 @@ my %FallbackPrereqs = (
   "XML::LibXML::XPathContext" => 0,
   "XML::Tidy" => 0,
   "XML::Writer" => "0.625",
-  "XML::XPath" => 0,
   "base" => 0,
   "constant" => 0,
   "namespace::autoclean" => 0,

cpanfile

@@ -31,7 +31,6 @@ requires "XML::Generator" => "0";
 requires "XML::LibXML" => "0";
 requires "XML::Tidy" => "0";
 requires "XML::Writer" => "0.625";
-requires "XML::XPath" => "0";
 requires "base" => "0";
 requires "constant" => "0";
 requires "namespace::autoclean" => "0";

lib/Net/SAML2/Binding/SOAP.pm

@@ -23,7 +23,7 @@ Net::SAML2::Binding::Artifact - SOAP binding for SAML2
 =cut
 
 use Net::SAML2::XML::Sig;
-use XML::XPath;
+use XML::LibXML;
 use LWP::UserAgent;
 use HTTP::Request::Common;
 
@@ -135,9 +135,15 @@ sub handle_response {
     my $subject = sprintf("%s (verified)", $cert->subject);
 
     # parse the SOAP response and return the payload
-    my $parser = XML::XPath->new( xml => no_comments($response) );
-    $parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
-    $parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
+    my $dom = XML::LibXML->load_xml(
+                    string => no_comments($response),
+                    no_network => 1,
+                    load_ext_dtd => 0,
+                    expand_entities => 0 );
+
+    my $parser = XML::LibXML::XPathContext->new($dom);
+    $parser->registerNs('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
+    $parser->registerNs('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
 
     my $saml = $parser->findnodes_as_string('/soap-env:Envelope/soap-env:Body/*');
     return ($subject, $saml);

lib/Net/SAML2/IdP.pm

@@ -20,7 +20,7 @@ use Crypt::OpenSSL::Verify;
 use Crypt::OpenSSL::X509;
 use HTTP::Request::Common;
 use LWP::UserAgent;
-use XML::XPath;
+use XML::LibXML;
 
 =head2 new( )
 
@@ -74,9 +74,15 @@ document.
 sub new_from_xml {
     my($class, %args) = @_;
 
-    my $xpath = XML::XPath->new(xml => no_comments($args{xml}));
-    $xpath->set_namespace('md', 'urn:oasis:names:tc:SAML:2.0:metadata');
-    $xpath->set_namespace('ds', 'http://www.w3.org/2000/09/xmldsig#');
+    my $dom = XML::LibXML->load_xml(
+                    string => no_comments($args{xml}),
+                    no_network => 1,
+                    load_ext_dtd => 0,
+                    expand_entities => 0 );
+
+    my $xpath = XML::LibXML::XPathContext->new($dom);
+    $xpath->registerNs('md', 'urn:oasis:names:tc:SAML:2.0:metadata');
+    $xpath->registerNs('ds', 'http://www.w3.org/2000/09/xmldsig#');
 
     my $data;
 
@@ -157,7 +163,7 @@ sub new_from_xml {
     }
 
     my $self = $class->new(
-        entityid       => $xpath->findvalue('//md:EntityDescriptor/@entityID')->value,
+        entityid       => $xpath->findvalue('//md:EntityDescriptor/@entityID'),
         sso_urls       => $data->{SSO},
         slo_urls       => $data->{SLO} || {},
         art_urls       => $data->{Art} || {},

lib/Net/SAML2/Protocol/Assertion.pm

@@ -5,7 +5,7 @@ use MooseX::Types::Common::String qw/ NonEmptySimpleStr /;
 use DateTime;
 use DateTime::Format::XSD;
 use Net::SAML2::XML::Util qw/ no_comments /;
-use XML::XPath;
+use XML::LibXML;
 
 with 'Net::SAML2::Role::ProtocolMessage';
 
@@ -27,7 +27,7 @@ has 'nameid'            => (isa => 'Str',               is => 'ro', required =>
 has 'not_before'        => (isa => DateTime,            is => 'ro', required => 1);
 has 'not_after'         => (isa => DateTime,            is => 'ro', required => 1);
 has 'audience'          => (isa => NonEmptySimpleStr,   is => 'ro', required => 1);
-has 'xpath'             => (isa => 'XML::XPath',        is => 'ro', required => 1);
+has 'xpath'             => (isa => 'XML::LibXML::XPathContext',        is => 'ro', required => 1);
 has 'in_response_to'    => (isa => 'Str',               is => 'ro', required => 1);
 has 'response_status'   => (isa => 'Str',               is => 'ro', required => 1);
 
@@ -55,10 +55,15 @@ XML data
 sub new_from_xml {
     my($class, %args) = @_;
 
-    my $xpath = XML::XPath->new(xml => no_comments($args{xml}));
+    my $dom = XML::LibXML->load_xml(
+                    string => no_comments($args{xml}),
+                    no_network => 1,
+                    load_ext_dtd => 0,
+                    expand_entities => 0 );
 
-    $xpath->set_namespace('saml',  'urn:oasis:names:tc:SAML:2.0:assertion');
-    $xpath->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
+    my $xpath = XML::LibXML::XPathContext->new($dom);
+    $xpath->registerNs('saml',  'urn:oasis:names:tc:SAML:2.0:assertion');
+    $xpath->registerNs('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
 
     my $attributes = {};
     for my $node (
@@ -73,7 +78,7 @@ sub new_from_xml {
     my $not_before;
     if($xpath->findvalue('//saml:Conditions/@NotBefore')) {
         $not_before = DateTime::Format::XSD->parse_datetime(
-            $xpath->findvalue('//saml:Conditions/@NotBefore')->value);
+            $xpath->findvalue('//saml:Conditions/@NotBefore'));
     }
     else {
         $not_before = DateTime->now();
@@ -82,24 +87,24 @@ sub new_from_xml {
     my $not_after;
     if($xpath->findvalue('//saml:Conditions/@NotOnOrAfter')) {
         $not_after = DateTime::Format::XSD->parse_datetime(
-            $xpath->findvalue('//saml:Conditions/@NotOnOrAfter')->value);
+            $xpath->findvalue('//saml:Conditions/@NotOnOrAfter'));
     }
     else {
         $not_after = DateTime->from_epoch(epoch => time() + 1000);
     }
 
     my $self = $class->new(
-        issuer         => $xpath->findvalue('//saml:Assertion/saml:Issuer')->value,
-        destination    => $xpath->findvalue('/samlp:Response/@Destination')->value,
+        issuer         => $xpath->findvalue('//saml:Assertion/saml:Issuer'),
+        destination    => $xpath->findvalue('/samlp:Response/@Destination'),
         attributes     => $attributes,
-        session        => $xpath->findvalue('//saml:AuthnStatement/@SessionIndex')->value,
-        nameid         => $xpath->findvalue('//saml:Subject/saml:NameID')->value,
-        audience       => $xpath->findvalue('//saml:Conditions/saml:AudienceRestriction/saml:Audience')->value,
+        session        => $xpath->findvalue('//saml:AuthnStatement/@SessionIndex'),
+        nameid         => $xpath->findvalue('//saml:Subject/saml:NameID'),
+        audience       => $xpath->findvalue('//saml:Conditions/saml:AudienceRestriction/saml:Audience'),
         not_before     => $not_before,
         not_after      => $not_after,
         xpath          => $xpath,
-        in_response_to => $xpath->findvalue('//saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/@InResponseTo')->value,
-        response_status => $xpath->findvalue('//saml2p:Response/saml2p:Status/saml2p:StatusCode/@Value')->value,
+        in_response_to => $xpath->findvalue('//saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/@InResponseTo'),
+        response_status => $xpath->findvalue('//samlp:Response/samlp:Status/samlp:StatusCode/@Value'),
     );
 
     return $self;

lib/Net/SAML2/Protocol/LogoutRequest.pm

@@ -76,17 +76,23 @@ XML data
 sub new_from_xml {
     my ($class, %args) = @_;
 
-    my $xpath = XML::XPath->new( xml => no_comments($args{xml}) );
-    $xpath->set_namespace('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
-    $xpath->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
+    my $dom = XML::LibXML->load_xml(
+                    string => no_comments($args{xml}),
+                    no_network => 1,
+                    load_ext_dtd => 0,
+                    expand_entities => 0 );
+
+    my $xpath = XML::LibXML::XPathContext->new($dom);
+    $xpath->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
+    $xpath->registerNs('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
 
     my $self = $class->new(
-        id            => $xpath->findvalue('/samlp:LogoutRequest/@ID')->value,
-        session       => $xpath->findvalue('/samlp:LogoutRequest/samlp:SessionIndex')->value,
-        issuer        => $xpath->findvalue('/samlp:LogoutRequest/saml:Issuer')->value,
-        nameid        => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID')->value,
-        nameid_format => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID/@Format')->value,
-        destination   => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID/@NameQualifier')->value,
+        id            => $xpath->findvalue('/samlp:LogoutRequest/@ID'),
+        session       => $xpath->findvalue('/samlp:LogoutRequest/samlp:SessionIndex'),
+        issuer        => $xpath->findvalue('/samlp:LogoutRequest/saml:Issuer'),
+        nameid        => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID'),
+        nameid_format => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID/@Format'),
+        destination   => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID/@NameQualifier'),
     );
 
     return $self;