Merge pull request chrisa#1 from timlegge/dev

Merge Changes to Remove Comments from XML

Author: timlegge

Makefile.PL

@@ -9,6 +9,7 @@ name 'Net-SAML2';
 all_from 'lib/Net/SAML2.pm';
 
 requires 'XML::XPath';
+requires 'XML::Tidy';
 requires 'XML::Generator';
 requires 'XML::Writer';
 requires 'Crypt::OpenSSL::RSA';

README

@@ -6,6 +6,7 @@ supporting the Web Browser SSO profile.
 Major dependencies:
 
  * XML::XPath
+ * XML::Tidy
  * Crypt::OpenSSL::RSA
  * Crypt::OpenSSL::X509
  * Crypt::OpenSSL::VerifyX509

lib/Net/SAML2/Binding/POST.pm

@@ -5,6 +5,7 @@ use warnings;
 
 use Moose;
 use MooseX::Types::Moose qw/ Str /;
+use Net::SAML2::XML::Util qw/ no_comments /;
 
 =head1 NAME
 
@@ -57,25 +58,25 @@ sub handle_response {
     my ($self, $response) = @_;
 
     # unpack and check the signature
-    my $xml = decode_base64($response);
+    my $xml = no_comments(decode_base64($response));
     my $xml_opts = { x509 => 1 };
     $xml_opts->{ cert_text } = $self->cert_text if ($self->cert_text);
     my $x = Net::SAML2::XML::Sig->new($xml_opts);
     my $ret = $x->verify($xml);
     die "signature check failed" unless $ret;
-    
+
     if ($self->cacert) {
         my $cert = $x->signer_cert
             or die "Certificate not provided and not in SAML Response, cannot validate";
-    
+
         my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
         if ($ca->verify($cert)) {
             return sprintf("%s (verified)", $cert->subject);
         } else {
             return 0;
         }
     }
-    
+
     return 1;
 }
 

lib/Net/SAML2/Binding/SOAP.pm

@@ -2,6 +2,7 @@ package Net::SAML2::Binding::SOAP;
 use Moose;
 use MooseX::Types::Moose qw/ Str Object /;
 use MooseX::Types::URI qw/ Uri /;
+use Net::SAML2::XML::Util qw/ no_comments /;
 
 =head1 NAME
 
@@ -124,7 +125,7 @@ sub handle_response {
     my $subject = sprintf("%s (verified)", $cert->subject);
 
     # parse the SOAP response and return the payload
-    my $parser = XML::XPath->new( xml => $response );
+    my $parser = XML::XPath->new( xml => no_comments($response) );
     $parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
     $parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
 
@@ -143,7 +144,7 @@ Accepts a string containing the complete SOAP request.
 sub handle_request {
     my ($self, $request) = @_;
 
-    my $parser = XML::XPath->new( xml => $request );
+    my $parser = XML::XPath->new( xml => no_comments($request) );
     $parser->set_namespace('soap-env', 'http://schemas.xmlsoap.org/soap/envelope/');
     $parser->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
 

lib/Net/SAML2/IdP.pm

@@ -2,6 +2,7 @@ package Net::SAML2::IdP;
 use Moose;
 use MooseX::Types::Moose qw/ Str Object HashRef ArrayRef /;
 use MooseX::Types::URI qw/ Uri /;
+use Net::SAML2::XML::Util qw/ no_comments /;
 
 =head1 NAME
 
@@ -59,7 +60,7 @@ sub new_from_url {
 
     my $res = $ua->request($req);
     die "no metadata" unless $res->is_success;
-    my $xml = $res->content;
+    my $xml = no_comments($res->content);
 
     return $class->new_from_xml(xml => $xml, cacert => $args{cacert});
 }
@@ -74,7 +75,7 @@ document.
 sub new_from_xml {
     my($class, %args) = @_;
 
-    my $xpath = XML::XPath->new(xml => $args{xml});
+    my $xpath = XML::XPath->new(xml => no_comments($args{xml}));
     $xpath->set_namespace('md', 'urn:oasis:names:tc:SAML:2.0:metadata');
     $xpath->set_namespace('ds', 'http://www.w3.org/2000/09/xmldsig#');
 
@@ -126,12 +127,12 @@ sub new_from_xml {
         $data->{NameIDFormat}->{unspecified} = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified';
         $data->{DefaultFormat} = 'unspecified' unless exists $data->{DefaultFormat};
     }
-    
+ 
     for my $key (
         $xpath->findnodes('//md:EntityDescriptor/md:IDPSSODescriptor/md:KeyDescriptor'))
     {
         my $use = $key->getAttribute('use') || 'signing';
-        
+ 
         # We can't select by ds:KeyInfo/ds:X509Data/ds:X509Certificate
         # because of https://rt.cpan.org/Public/Bug/Display.html?id=8784
         my ($text)
@@ -172,7 +173,7 @@ sub new_from_xml {
 
 sub BUILD {
     my($self) = @_;
-    
+ 
     if ($self->cacert) {
         my $ca = Crypt::OpenSSL::VerifyX509->new($self->cacert);
 

lib/Net/SAML2/Protocol/Assertion.pm

@@ -5,6 +5,7 @@ use MooseX::Types::DateTime qw/ DateTime /;
 use MooseX::Types::Common::String qw/ NonEmptySimpleStr /;
 use DateTime;
 use DateTime::Format::XSD;
+use Net::SAML2::XML::Util qw/ no_comments /;
 
 with 'Net::SAML2::Role::ProtocolMessage';
 
@@ -53,7 +54,8 @@ XML data
 sub new_from_xml {
     my($class, %args) = @_;
 
-    my $xpath = XML::XPath->new(xml => $args{xml});
+    my $xpath = XML::XPath->new(xml => no_comments($args{xml}));
+
     $xpath->set_namespace('saml',  'urn:oasis:names:tc:SAML:2.0:assertion');
     $xpath->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
 
@@ -126,10 +128,10 @@ sub valid {
 
     return 0 unless defined $audience;
     return 0 unless($audience eq $self->audience);
-    
+ 
     return 0 unless !defined $in_response_to
         or $in_response_to eq $self->in_response_to;
-    
+
     my $now = DateTime::->now;
 
     # not_before is "NotBefore" element - exact match is ok

lib/Net/SAML2/Protocol/AuthnRequest.pm

@@ -73,8 +73,8 @@ sub as_xml {
     my ($self) = @_;
     my $saml = 'urn:oasis:names:tc:SAML:2.0:assertion';
     my $samlp = 'urn:oasis:names:tc:SAML:2.0:protocol';
-    my $x = XML::Writer->new( 
-        OUTPUT => 'self', 
+    my $x = XML::Writer->new(
+        OUTPUT => 'self',
         NAMESPACES => 1,
         FORCED_NS_DECLS => [$saml, $samlp],
         PREFIX_MAP => {
@@ -88,9 +88,9 @@ sub as_xml {
             IssueInstant => $self->issue_instant,
             Version => '2.0',
         };
-        
+
         my $issuer_attrs = {};
-        
+
         my $protocol_bindings = {
             'HTTP-POST' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
         };
@@ -119,7 +119,7 @@ sub as_xml {
                 }
             }
         }
-    
+
     $x->startTag([$samlp, 'AuthnRequest'], %$req_atts);
     $x->dataElement([$saml, 'Issuer'], $self->issuer, %$issuer_attrs);
     if ($self->nameid) {

lib/Net/SAML2/Protocol/LogoutRequest.pm

@@ -2,6 +2,7 @@ package Net::SAML2::Protocol::LogoutRequest;
 use Moose;
 use MooseX::Types::Common::String qw/ NonEmptySimpleStr /;
 use MooseX::Types::URI qw/ Uri /;
+use Net::SAML2::XML::Util qw/ no_comments /;
 
 with 'Net::SAML2::Role::ProtocolMessage';
 
@@ -75,7 +76,7 @@ XML data
 sub new_from_xml {
     my ($class, %args) = @_;
 
-    my $xpath = XML::XPath->new( xml => $args{xml} );
+    my $xpath = XML::XPath->new( xml => no_comments($args{xml}) );
     $xpath->set_namespace('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
     $xpath->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
 

lib/Net/SAML2/Protocol/LogoutResponse.pm

@@ -2,6 +2,7 @@ package Net::SAML2::Protocol::LogoutResponse;
 use Moose;
 use MooseX::Types::Moose qw/ Str /;
 use MooseX::Types::URI qw/ Uri /;
+use Net::SAML2::XML::Util qw/ no_comments /;
 
 with 'Net::SAML2::Role::ProtocolMessage';
 
@@ -69,7 +70,7 @@ XML data
 sub new_from_xml {
     my ($class, %args) = @_;
 
-    my $xpath = XML::XPath->new( xml => $args{xml} );
+    my $xpath = XML::XPath->new( xml => no_comments($args{xml}) );
     $xpath->set_namespace('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
     $xpath->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
 

lib/Net/SAML2/SP.pm

@@ -37,7 +37,7 @@ base for all SP service URLs
 
 =item B<id>
 
-SP's identity URI. 
+SP's identity URI.
 
 =item B<cert>