Merge pull request #3 from perl-net-saml2/remove-pari

timlegge · web-flow · commit 93228a70cc13 · 2023-03-09T22:06:55.000-04:00
Remove requirement for pari and Crypt::Random
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
@@ -9,19 +9,21 @@ jobs:
     strategy:
       matrix:
         perl-version:
-          - '5.8'
-          - '5.10'
-          - '5.12'
-          - '5.14'
-          - '5.16'
-          - '5.18'
-          - '5.20'
-          - '5.22'
-          - '5.24'
+          - '5.8-buster'
+          - '5.10-buster'
+          - '5.12-buster'
+          - '5.14-buster'
+          - '5.16-buster'
+          - '5.18-buster'
+          - '5.20-buster'
+          - '5.22-buster'
+          - '5.24-buster'
           - '5.26'
           - '5.28'
           - '5.30'
           - '5.32'
+          - '5.34'
+          - '5.36'
     container:
       image: perl:${{ matrix.perl-version }}
     steps:
diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml
@@ -10,9 +10,9 @@ jobs:
         perl: [ '5.32', '5.30', '5.28' ]
     name: Perl ${{ matrix.perl }} on ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up perl
-        uses: shogo82148/actions-setup-perl@v1.10.0
+        uses: shogo82148/actions-setup-perl@v1
         with:
           perl-version: ${{ matrix.perl }}
           distribution: strawberry
diff --git a/Makefile.PL b/Makefile.PL
@@ -21,17 +21,22 @@ my %WriteMakefileArgs = (
     "Crypt::Mode::CBC" => 0,
     "Crypt::OpenSSL::X509" => 0,
     "Crypt::PK::RSA" => 0,
-    "Crypt::Random" => 0,
+    "Crypt::PRNG" => 0,
     "MIME::Base64" => 0,
     "XML::LibXML" => 0,
     "strict" => 0,
     "vars" => 0,
     "warnings" => 0
   },
   "TEST_REQUIRES" => {
+    "Crypt::OpenSSL::Guess" => 0,
+    "Exporter" => 0,
     "File::Slurper" => 0,
     "File::Which" => 0,
-    "Test::More" => 0
+    "Import::Into" => 0,
+    "Test::Lib" => 0,
+    "Test::More" => 0,
+    "namespace::autoclean" => 0
   },
   "VERSION" => "0.09",
   "test" => {
@@ -44,14 +49,19 @@ my %FallbackPrereqs = (
   "Carp" => 0,
   "Crypt::AuthEnc::GCM" => "0.062",
   "Crypt::Mode::CBC" => 0,
+  "Crypt::OpenSSL::Guess" => 0,
   "Crypt::OpenSSL::X509" => 0,
   "Crypt::PK::RSA" => 0,
-  "Crypt::Random" => 0,
+  "Crypt::PRNG" => 0,
+  "Exporter" => 0,
   "File::Slurper" => 0,
   "File::Which" => 0,
+  "Import::Into" => 0,
   "MIME::Base64" => 0,
+  "Test::Lib" => 0,
   "Test::More" => 0,
   "XML::LibXML" => 0,
+  "namespace::autoclean" => 0,
   "strict" => 0,
   "vars" => 0,
   "warnings" => 0
diff --git a/cpanfile b/cpanfile
@@ -5,7 +5,7 @@ requires "Crypt::AuthEnc::GCM" => "0.062";
 requires "Crypt::Mode::CBC" => "0";
 requires "Crypt::OpenSSL::X509" => "0";
 requires "Crypt::PK::RSA" => "0";
-requires "Crypt::Random" => "0";
+requires "Crypt::PRNG" => "0";
 requires "MIME::Base64" => "0";
 requires "XML::LibXML" => "0";
 requires "perl" => "5.008";
@@ -14,9 +14,14 @@ requires "vars" => "0";
 requires "warnings" => "0";
 
 on 'test' => sub {
+  requires "Crypt::OpenSSL::Guess" => "0";
+  requires "Exporter" => "0";
   requires "File::Slurper" => "0";
   requires "File::Which" => "0";
+  requires "Import::Into" => "0";
+  requires "Test::Lib" => "0";
   requires "Test::More" => "0";
+  requires "namespace::autoclean" => "0";
 };
 
 on 'configure' => sub {
diff --git a/dist.ini b/dist.ini
@@ -18,7 +18,6 @@ Crypt::OpenSSL::X509 = 0
 MIME::Base64 = 0
 XML::LibXML = 0
 Crypt::Mode::CBC = 0
-Crypt::Random = 0
 Crypt::AuthEnc::GCM = 0.062
 
 [Prereqs / TestRequires]
diff --git a/lib/XML/Enc.pm b/lib/XML/Enc.pm
@@ -12,7 +12,7 @@ use Crypt::PK::RSA;
 use Crypt::Mode::CBC;
 use Crypt::AuthEnc::GCM 0.062;
 use MIME::Base64 qw/decode_base64 encode_base64/;
-use Crypt::Random qw( makerandom_octet );
+use Crypt::PRNG qw( random_bytes );
 
 use vars qw($VERSION @EXPORT_OK %EXPORT_TAGS $DEBUG);
 
@@ -500,8 +500,8 @@ sub _EncryptData {
     my $ivsize  = $encmethods{$method}->{ivsize};
     my $keysize = $encmethods{$method}->{keysize};
 
-    my $iv      = makerandom_octet ( Length => $ivsize);
-    ${$key}     = makerandom_octet ( Length => $keysize);
+    my $iv      = random_bytes ( $ivsize);
+    ${$key}     = random_bytes ( $keysize);
 
     if (defined $encmethods{$method} & $method !~ /gcm/ ){
         my $cbc = Crypt::Mode::CBC->new($encmethods{$method}->{modename}, 0);
diff --git a/t/06-test-encryption-methods.t b/t/06-test-encryption-methods.t
@@ -1,9 +1,10 @@
 use strict;
 use warnings;
 use Test::More tests => 126;
+use Test::Lib;
+use Test::XML::Enc;
 use XML::Enc;
 use MIME::Base64 qw/decode_base64 encode_base64/;
-use File::Which;
 
 my $xml = <<'XML';
 <?xml version="1.0"?>
@@ -16,6 +17,9 @@ my @key_methods     = qw/rsa-1_5 rsa-oaep-mgf1p/;
 my @data_methods    = qw/aes128-cbc aes192-cbc aes256-cbc tripledes-cbc aes128-gcm aes192-gcm aes256-gcm/;
 my @oaep_mgf_algs   = qw/mgf1sha1 mgf1sha224 mgf1sha256 mgf1sha384 mgf1sha512/;
 
+my $xmlsec = get_xmlsec_features();
+my $lax_key_search = $xmlsec->{lax_key_search} ? '--lax_key_search': '';
+
 foreach my $km (@key_methods) {
     foreach my $dm (@data_methods) {
         my $encrypter = XML::Enc->new(
@@ -34,16 +38,16 @@ foreach my $km (@key_methods) {
         ok($encrypter->decrypt($encrypted) =~ /XML-SIG_1/, "Successfully Decrypted with XML::Enc");
 
         SKIP: {
-            skip "xmlsec1 not installed", 2 unless which('xmlsec1');
+            skip "xmlsec1 not installed", 2 unless $xmlsec->{installed};
             my $version;
             if (`xmlsec1 version` =~ m/(\d+\.\d+\.\d+)/) {
                 $version = $1;
             };
-            skip "xmlsec version 1.2.27 minimum for GCM", 2 if $version lt '1.2.27';
+            skip "xmlsec version 1.2.27 minimum for GCM", 2 if ! $xmlsec->{aes_gcm};
             ok( open XML, '>', 'tmp.xml' );
             print XML $encrypted;
             close XML;
-            my $verify_response = `xmlsec1 --decrypt --privkey-pem t/sign-private.pem tmp.xml 2>&1`;
+            my $verify_response = `xmlsec1 --decrypt $lax_key_search --privkey-pem t/sign-private.pem tmp.xml 2>&1`;
             ok( $verify_response =~ m/XML-SIG_1/, "Successfully decrypted with xmlsec1" )
                 or warn "calling xmlsec1 failed: '$verify_response'\n";
             unlink 'tmp.xml';
diff --git a/t/07-decrypt-xmlsec.t b/t/07-decrypt-xmlsec.t
@@ -1,9 +1,10 @@
 use strict;
 use warnings;
 use Test::More tests => 70;
+use Test::Lib;
+use Test::XML::Enc;
 use XML::Enc;
 use MIME::Base64 qw/decode_base64/;
-use File::Which;
 use File::Slurper qw/read_text/;
 
 my $plaintext = <<'UNENCRYPTED';
@@ -41,6 +42,9 @@ my %sesskey = (
                 'aes256-gcm'    => 'aes-256-GCM',
             );
 
+my $xmlsec = get_xmlsec_features();
+my $lax_key_search = $xmlsec->{lax_key_search} ? '--lax-key-search' :  '';
+
 foreach my $km (@key_methods) {
     foreach my $dm (@data_methods) {
 
@@ -103,13 +107,9 @@ XML Security Library example: Original XML
 CONTENT
 
 SKIP: {
-            skip "xmlsec1 not installed", 5 unless which('xmlsec1');
+            skip "xmlsec1 not installed", 5 unless $xmlsec->{installed};
             skip "xmlsec1 no support for MGF element", 5 if $km eq 'rsa-oaep';
-            my $version;
-            if (`xmlsec1 version` =~ m/(\d+\.\d+\.\d+)/) {
-                $version = $1;
-            };
-            skip "xmlsec version 1.2.27 minimum for GCM", 5 if $version lt '1.2.27';
+            skip "xmlsec version 1.2.27 minimum for GCM", 5 if ! $xmlsec->{aes_gcm};
 
             ok( open XML, '>', 'plaintext.xml' );
             print XML $plaintext;
@@ -120,7 +120,7 @@ SKIP: {
             close ELEMENT;
 
             # Encrypt using xmlsec
-            my $encrypt_response = `xmlsec1 encrypt --pubkey-cert-pem t/sign-certonly.pem --session-key $sesskey{$dm} --xml-data plaintext.xml --output encrypted-element.xml element_tmpl.xml 2>&1`;
+            my $encrypt_response = `xmlsec1 encrypt $lax_key_search --pubkey-cert-pem t/sign-certonly.pem --session-key $sesskey{$dm} --xml-data plaintext.xml --output encrypted-element.xml element_tmpl.xml 2>&1`;
 
             my $encrypted = read_text('encrypted-element.xml');
 
@@ -143,7 +143,7 @@ SKIP: {
             print CONTENT $content_tmpl;
             close CONTENT;
 
-            $encrypt_response = `xmlsec1 encrypt --pubkey-cert-pem t/sign-certonly.pem   --session-key $sesskey{$dm} --xml-data plaintext.xml --output encrypted-content.xml --node-xpath '/PayInfo/CreditCard/Number' content-template.xml 2>&1`;
+            $encrypt_response = `xmlsec1 encrypt $lax_key_search --pubkey-cert-pem t/sign-certonly.pem   --session-key $sesskey{$dm} --xml-data plaintext.xml --output encrypted-content.xml --node-xpath '/PayInfo/CreditCard/Number' content-template.xml 2>&1`;
 
             $encrypted = read_text('encrypted-content.xml');
 
diff --git a/t/lib/Test/XML/Enc.pm b/t/lib/Test/XML/Enc.pm
@@ -0,0 +1,46 @@
+package Test::XML::Enc;
+use strict;
+use warnings;
+use namespace::autoclean ();
+
+use Test::Lib;
+
+# ABSTRACT: Test module for XML::Enc
+
+use Import::Into;
+
+use Test::XML::Enc::Util ();
+
+sub import {
+
+    my $caller_level = 1;
+
+    my @imports = qw(
+        Test::XML::Enc::Util
+        namespace::autoclean
+        strict
+        warnings
+    );
+
+    $_->import::into($caller_level) for @imports;
+}
+
+=head1 DESCRIPTION
+
+Main test module for XML::Enc
+
+=head1 SYNOPSIS
+
+  use Test::Lib;
+  use Test::XML::Enc;
+
+  # tests here
+
+  ...;
+
+  done_testing();
+
+=cut
+
+1;
+__END__
diff --git a/t/lib/Test/XML/Enc/Util.pm b/t/lib/Test/XML/Enc/Util.pm
@@ -0,0 +1,102 @@
+package Test::XML::Enc::Util;
+use warnings;
+use strict;
+
+# ABSTRACT: Utils for testsuite of XML::Enc
+
+require Exporter;
+our @ISA    = qw(Exporter);
+our @EXPORT = qw(
+    get_xmlsec_features
+    get_openssl_features
+ );
+
+our @EXPORT_OK;
+
+our %EXPORT_TAGS = (
+    all => [@EXPORT, @EXPORT_OK],
+);
+
+use File::Which;
+use Crypt::OpenSSL::Guess;
+
+#########################################################################
+# get_xmlsec_features
+#
+# Parameter:    none
+#
+# Returns a hash of the major, minor and letter version of xmlsec
+# it also sets features to true or false depending if it is supported
+# in the version that is installed
+#
+# Response: hash
+#
+#       %features = (
+#                   installed   => 1,
+#                   major       => '1',
+#                   minor       => '3',
+#                   patch       => '0',
+#                   ripemd160   => 0,
+#       );
+##########################################################################
+sub get_xmlsec_features {
+    return unless which('xmlsec1');
+
+    my ($cmd, $ver, $engine) = split / /, (`xmlsec1 --version`);
+    my ($major, $minor, $patch) = split /\./, $ver;
+
+    my %xmlsec = (
+                    installed   => 1,
+                    major       => $major,
+                    minor       => $minor,
+                    patch       => $patch,
+                    ripemd160   => ($major >= 1 and $minor >= 3) ? 1 : 0,
+                    aes_gcm     => ($major >= 1 and $minor >= 2 and $patch >= 27) ? 1 : 0,
+                    lax_key_search => ($major >= 1 and $minor >= 3) ? 1 : 0,
+                );
+    return \%xmlsec;
+}
+
+#########################################################################
+# get_openssl_features
+#
+# Parameter:    none
+#
+# Returns a hash of the major, minor and letter version of openssl
+# it also sets features to true or false depending if it is supported
+# in the version that is installed
+#
+# Response: hash
+#
+#       %features = (
+#                   major       => '3.0',
+#                   minor       => '0',
+#                   letter      => '',
+#                   ripemd160   => 0,
+#       );
+##########################################################################
+sub get_openssl_features {
+    my ($major, $minor, $letter) = Crypt::OpenSSL::Guess->openssl_version();
+
+    my %openssl = (
+                    major       => $major,
+                    minor       => $minor,
+                    letter      => (defined $letter) ? $letter : '',
+                    ripemd160   => ($major eq '3.0' and ($minor >= 0) and ($minor <= 7)) ? 0 : 1,
+                );
+    return \%openssl;
+}
+
+1;
+
+__END__
+
+=head1 DESCRIPTION
+
+=head1 SYNOPSIS
+
+    use Test::XML::Enc;
+
+    my $features = get_xmlsec_features();
+    my $features = get_openssl_features();
+    # go from here
