view release on metacpan or  search on metacpan

lib/Net/SPID/SAML.pm  view on Meta::CPAN

sub idps {
    my ($self) = @_;
    
    return $self->_idp;
}

sub get_idp {
    my ($self, $idp_entityid) = @_;
    
    return $self->_idp->{$idp_entityid};
}

sub parse_response {
    my ($self, $payload, $in_response_to) = @_;
    
    my $a = Net::SPID::SAML::In::Response->new(
        _spid       => $self,
        base64      => $payload,
    );
    
    # Validate response. This will throw an exception in case of failure.
    $a->validate(in_response_to => $in_response_to);
    
    return $a;
}

sub parse_logoutresponse {
    my ($self, $payload, $url, $in_response_to) = @_;
    
    my $r = Net::SPID::SAML::In::LogoutResponse->new(
        _spid       => $self,
        base64      => $payload,
        url         => $url,
    );
    
    # Validate response. This will throw an exception in case of failure.
    $r->validate(in_response_to => $in_response_to);
    
    return $r;
}

sub parse_logoutrequest {
    my ($self, $payload, $url) = @_;
    
    my $r = Net::SPID::SAML::In::LogoutRequest->new(
        _spid       => $self,
        base64      => $payload,
        url         => $url,
    );
    
    # Validate request. This will throw an exception in case of failure.
    $r->validate;
    
    return $r;
}

sub metadata {
    my ($self) = @_;
    
    my $md   = 'urn:oasis:names:tc:SAML:2.0:metadata';
    my $dsig = 'http://www.w3.org/2000/09/xmldsig#';
    my $x = XML::Writer->new( 
        OUTPUT          => 'self', 
        NAMESPACES      => 1,
        PREFIX_MAP      => {
            $md   => 'md',
            $dsig => 'ds',
        },
    );
    
    my $ID = $self->sp_entityid;
    $ID =~ s/[^a-z0-9_-]/_/g;
    $x->startTag([$md, 'EntityDescriptor'],
        entityID => $self->sp_entityid,
        ID => $ID);
    
    $x->startTag([$md, 'SPSSODescriptor'],
        protocolSupportEnumeration => 'urn:oasis:names:tc:SAML:2.0:protocol',
        AuthnRequestsSigned => 'true',
        WantAssertionsSigned => 'true');
    
    {
        $x->startTag([$md, 'KeyDescriptor'], use => 'signing');
        $x->startTag([$dsig, 'KeyInfo']);
        $x->startTag([$dsig, 'X509Data']);
        
        my $cert = $self->sp_cert->as_string;
        $cert =~ s/^-+BEGIN CERTIFICATE-+\n//;
        $cert =~ s/\n-+END CERTIFICATE-+\n?//;
        $x->dataElement([$dsig, 'X509Certificate'], $cert);
        
        $x->endTag(); #ds:X509Data
        $x->endTag(); #ds:KeyInfo
        $x->endTag(); #KeyDescriptor
    }
    $x->dataElement([$md, 'NameIDFormat'],
        'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
    
    foreach my $acs_index (0..$#{$self->sp_assertionconsumerservice}) {
        $x->emptyTag([$md, 'SingleSignOnService'],
            Location => $self->sp_assertionconsumerservice->[$acs_index],
            index => $acs_index,
            isDefault => $acs_index ? 'false' : 'true');
    }
    
    foreach my $url (keys %{$self->sp_singlelogoutservice}) {
        my $binding = 'urn:oasis:names:tc:SAML:2.0:bindings:'
            . $self->sp_singlelogoutservice->{$url};
        $x->emptyTag([$md, 'SingleLogoutService'],
            Location => $url,
            Binding => $binding);
    }
    
    foreach my $attr_index (0..$#{$self->sp_attributeconsumingservice}) {
        my $attr = $self->sp_attributeconsumingservice->[$attr_index];
        $x->startTag([$md, 'AttributeConsumingService'], index => $attr_index);
        $x->dataElement([$md, 'ServiceName'], $attr->{servicename});
        $x->dataElement([$md, 'RequestedAttribute'], $_)
            for @{$attr->{attributes}};
        $x->endTag();
    }
    
    $x->endTag(); #SPSSODescriptor
    $x->endTag(); #EntityDescriptor
    
    return $x->to_string;
}

1;

__END__

=pod

=encoding UTF-8

=head1 NAME

Net::SPID::SAML

=head1 VERSION

version 0.15

=head1 SYNOPSIS

    use Net::SPID;
    
    my $spid = Net::SPID->new(
        sp_entityid     => 'https://www.prova.it/',