File Coverage

blib/lib/Net/SAML2/Binding/POST.pm

Criterion	Covered	Total	%
statement	32	34	94.1
branch	5	10	50.0
condition			n/a
subroutine	7	7	100.0
pod	1	1	100.0
total	45	52	86.5

line	stmt	bran	sub	pod	time	code
1						package Net::SAML2::Binding::POST;
2
3	13		13		116	use strict;
	13				29
	13				461
4	13		13		80	use warnings;
	13				35
	13				388
5
6	13		13		71	use Moose;
	13				30
	13				129
7
8						our $VERSION = '0.42';
9
10						# ABSTRACT: Net::SAML2::Binding::POST - HTTP POST binding for SAML
11
12
13	13		13		113392	use Net::SAML2::XML::Sig;
	13				64
	13				134
14	13		13		963	use MIME::Base64 qw/ decode_base64 /;
	13				33
	13				843
15	13		13		6886	use Crypt::OpenSSL::Verify;
	13				10573
	13				3365
16
17
18						has 'cert_text' => (isa => 'Str', is => 'ro');
19						has 'cacert' => (isa => 'Maybe[Str]', is => 'ro');
20
21
22						sub handle_response {
23	2		2	1	791	my ($self, $response) = @_;
24
25						# unpack and check the signature
26	2				81	my $xml = decode_base64($response);
27	2				11	my $xml_opts = { x509 => 1 };
28	2	50			80	$xml_opts->{ cert_text } = $self->cert_text if ($self->cert_text);
29	2				8	$xml_opts->{ exclusive } = 1;
30	2				7	$xml_opts->{ no_xml_declaration } = 1;
31	2				27	my $x = Net::SAML2::XML::Sig->new($xml_opts);
32	2				18	my $ret = $x->verify($xml);
33	2	50			25	die "signature check failed" unless $ret;
34
35	2	50			85	if ($self->cacert) {
36	2	50			12	my $cert = $x->signer_cert
37						or die "Certificate not provided and not in SAML Response, cannot validate";
38
39	2				62	my $ca = Crypt::OpenSSL::Verify->new($self->cacert, { strict_certs => 0, });
40	2	50			349	if ($ca->verify($cert)) {
41	2				915	return sprintf("%s (verified)", $cert->subject);
42						} else {
43	0					return 0;
44						}
45						}
46
47	0					return 1;
48						}
49
50						__PACKAGE__->meta->make_immutable;
51
52						__END__
53
54						=pod
55
56						=encoding UTF-8
57
58						=head1 NAME
59
60						Net::SAML2::Binding::POST - Net::SAML2::Binding::POST - HTTP POST binding for SAML
61
62						=head1 VERSION
63
64						version 0.42
65
66						=head1 SYNOPSIS
67
68						my $post = Net::SAML2::Binding::POST->new(
69						cacert => '/path/to/ca-cert.pem'
70						);
71						my $ret = $post->handle_response(
72						$saml_response
73						);
74
75						=head1 NAME
76
77						Net::SAML2::Binding::POST - HTTP POST binding for SAML2
78
79						=head1 METHODS
80
81						=head2 new( )
82
83						Constructor. Returns an instance of the POST binding.
84
85						Arguments:
86
87						=over
88
89						=item B<cacert>
90
91						path to the CA certificate for verification
92
93						=back
94
95						=head2 handle_response( $response )
96
97						Decodes and verifies the response provided, which should be the raw
98						Base64-encoded response, from the SAMLResponse CGI parameter.
99
100						=head1 AUTHOR
101
102						Chris Andrews <chrisa@cpan.org>
103
104						=head1 COPYRIGHT AND LICENSE
105
106						This software is copyright (c) 2021 by Chris Andrews and Others, see the git log.
107
108						This is free software; you can redistribute it and/or modify it under
109						the same terms as the Perl 5 programming language system itself.
110
111						=cut