Use Test::XML::Enc to determine xmlsec features

timlegge · timlegge · commit 9ee72a9ed79a · 2023-03-08T19:19:33.000-04:00
diff --git a/Makefile.PL b/Makefile.PL
@@ -29,9 +29,14 @@ my %WriteMakefileArgs = (
     "warnings" => 0
   },
   "TEST_REQUIRES" => {
+    "Crypt::OpenSSL::Guess" => 0,
+    "Exporter" => 0,
     "File::Slurper" => 0,
     "File::Which" => 0,
-    "Test::More" => 0
+    "Import::Into" => 0,
+    "Test::Lib" => 0,
+    "Test::More" => 0,
+    "namespace::autoclean" => 0
   },
   "VERSION" => "0.09",
   "test" => {
@@ -44,14 +49,19 @@ my %FallbackPrereqs = (
   "Carp" => 0,
   "Crypt::AuthEnc::GCM" => "0.062",
   "Crypt::Mode::CBC" => 0,
+  "Crypt::OpenSSL::Guess" => 0,
   "Crypt::OpenSSL::X509" => 0,
   "Crypt::PK::RSA" => 0,
   "Crypt::PRNG" => 0,
+  "Exporter" => 0,
   "File::Slurper" => 0,
   "File::Which" => 0,
+  "Import::Into" => 0,
   "MIME::Base64" => 0,
+  "Test::Lib" => 0,
   "Test::More" => 0,
   "XML::LibXML" => 0,
+  "namespace::autoclean" => 0,
   "strict" => 0,
   "vars" => 0,
   "warnings" => 0
diff --git a/cpanfile b/cpanfile
@@ -14,9 +14,14 @@ requires "vars" => "0";
 requires "warnings" => "0";
 
 on 'test' => sub {
+  requires "Crypt::OpenSSL::Guess" => "0";
+  requires "Exporter" => "0";
   requires "File::Slurper" => "0";
   requires "File::Which" => "0";
+  requires "Import::Into" => "0";
+  requires "Test::Lib" => "0";
   requires "Test::More" => "0";
+  requires "namespace::autoclean" => "0";
 };
 
 on 'configure' => sub {
diff --git a/t/06-test-encryption-methods.t b/t/06-test-encryption-methods.t
@@ -1,9 +1,10 @@
 use strict;
 use warnings;
 use Test::More tests => 126;
+use Test::Lib;
+use Test::XML::Enc;
 use XML::Enc;
 use MIME::Base64 qw/decode_base64 encode_base64/;
-use File::Which;
 
 my $xml = <<'XML';
 <?xml version="1.0"?>
@@ -16,6 +17,9 @@ my @key_methods     = qw/rsa-1_5 rsa-oaep-mgf1p/;
 my @data_methods    = qw/aes128-cbc aes192-cbc aes256-cbc tripledes-cbc aes128-gcm aes192-gcm aes256-gcm/;
 my @oaep_mgf_algs   = qw/mgf1sha1 mgf1sha224 mgf1sha256 mgf1sha384 mgf1sha512/;
 
+my $xmlsec = get_xmlsec_features();
+my $lax_key_search = $xmlsec->{lax_key_search} ? '--lax_key_search': '';
+
 foreach my $km (@key_methods) {
     foreach my $dm (@data_methods) {
         my $encrypter = XML::Enc->new(
@@ -34,16 +38,16 @@ foreach my $km (@key_methods) {
         ok($encrypter->decrypt($encrypted) =~ /XML-SIG_1/, "Successfully Decrypted with XML::Enc");
 
         SKIP: {
-            skip "xmlsec1 not installed", 2 unless which('xmlsec1');
+            skip "xmlsec1 not installed", 2 unless $xmlsec->{installed};
             my $version;
             if (`xmlsec1 version` =~ m/(\d+\.\d+\.\d+)/) {
                 $version = $1;
             };
-            skip "xmlsec version 1.2.27 minimum for GCM", 2 if $version lt '1.2.27';
+            skip "xmlsec version 1.2.27 minimum for GCM", 2 if ! $xmlsec->{aes_gcm};
             ok( open XML, '>', 'tmp.xml' );
             print XML $encrypted;
             close XML;
-            my $verify_response = `xmlsec1 --decrypt --privkey-pem t/sign-private.pem tmp.xml 2>&1`;
+            my $verify_response = `xmlsec1 --decrypt $lax_key_search --privkey-pem t/sign-private.pem tmp.xml 2>&1`;
             ok( $verify_response =~ m/XML-SIG_1/, "Successfully decrypted with xmlsec1" )
                 or warn "calling xmlsec1 failed: '$verify_response'\n";
             unlink 'tmp.xml';
diff --git a/t/07-decrypt-xmlsec.t b/t/07-decrypt-xmlsec.t
@@ -1,9 +1,10 @@
 use strict;
 use warnings;
 use Test::More tests => 70;
+use Test::Lib;
+use Test::XML::Enc;
 use XML::Enc;
 use MIME::Base64 qw/decode_base64/;
-use File::Which;
 use File::Slurper qw/read_text/;
 
 my $plaintext = <<'UNENCRYPTED';
@@ -41,6 +42,9 @@ my %sesskey = (
                 'aes256-gcm'    => 'aes-256-GCM',
             );
 
+my $xmlsec = get_xmlsec_features();
+my $lax_key_search = $xmlsec->{lax_key_search} ? '--lax-key-search' :  '';
+
 foreach my $km (@key_methods) {
     foreach my $dm (@data_methods) {
 
@@ -103,13 +107,9 @@ XML Security Library example: Original XML
 CONTENT
 
 SKIP: {
-            skip "xmlsec1 not installed", 5 unless which('xmlsec1');
+            skip "xmlsec1 not installed", 5 unless $xmlsec->{installed};
             skip "xmlsec1 no support for MGF element", 5 if $km eq 'rsa-oaep';
-            my $version;
-            if (`xmlsec1 version` =~ m/(\d+\.\d+\.\d+)/) {
-                $version = $1;
-            };
-            skip "xmlsec version 1.2.27 minimum for GCM", 5 if $version lt '1.2.27';
+            skip "xmlsec version 1.2.27 minimum for GCM", 5 if ! $xmlsec->{aes_gcm};
 
             ok( open XML, '>', 'plaintext.xml' );
             print XML $plaintext;
@@ -120,7 +120,7 @@ SKIP: {
             close ELEMENT;
 
             # Encrypt using xmlsec
-            my $encrypt_response = `xmlsec1 encrypt --pubkey-cert-pem t/sign-certonly.pem --session-key $sesskey{$dm} --xml-data plaintext.xml --output encrypted-element.xml element_tmpl.xml 2>&1`;
+            my $encrypt_response = `xmlsec1 encrypt $lax_key_search --pubkey-cert-pem t/sign-certonly.pem --session-key $sesskey{$dm} --xml-data plaintext.xml --output encrypted-element.xml element_tmpl.xml 2>&1`;
 
             my $encrypted = read_text('encrypted-element.xml');
 
@@ -143,7 +143,7 @@ SKIP: {
             print CONTENT $content_tmpl;
             close CONTENT;
 
-            $encrypt_response = `xmlsec1 encrypt --pubkey-cert-pem t/sign-certonly.pem   --session-key $sesskey{$dm} --xml-data plaintext.xml --output encrypted-content.xml --node-xpath '/PayInfo/CreditCard/Number' content-template.xml 2>&1`;
+            $encrypt_response = `xmlsec1 encrypt $lax_key_search --pubkey-cert-pem t/sign-certonly.pem   --session-key $sesskey{$dm} --xml-data plaintext.xml --output encrypted-content.xml --node-xpath '/PayInfo/CreditCard/Number' content-template.xml 2>&1`;
 
             $encrypted = read_text('encrypted-content.xml');
 
diff --git a/t/lib/Test/XML/Enc.pm b/t/lib/Test/XML/Enc.pm
@@ -0,0 +1,46 @@
+package Test::XML::Enc;
+use strict;
+use warnings;
+use namespace::autoclean ();
+
+use Test::Lib;
+
+# ABSTRACT: Test module for XML::Enc
+
+use Import::Into;
+
+use Test::XML::Enc::Util ();
+
+sub import {
+
+    my $caller_level = 1;
+
+    my @imports = qw(
+        Test::XML::Enc::Util
+        namespace::autoclean
+        strict
+        warnings
+    );
+
+    $_->import::into($caller_level) for @imports;
+}
+
+=head1 DESCRIPTION
+
+Main test module for XML::Enc
+
+=head1 SYNOPSIS
+
+  use Test::Lib;
+  use Test::XML::Enc;
+
+  # tests here
+
+  ...;
+
+  done_testing();
+
+=cut
+
+1;
+__END__
diff --git a/t/lib/Test/XML/Enc/Util.pm b/t/lib/Test/XML/Enc/Util.pm
@@ -0,0 +1,102 @@
+package Test::XML::Enc::Util;
+use warnings;
+use strict;
+
+# ABSTRACT: Utils for testsuite of XML::Enc
+
+require Exporter;
+our @ISA    = qw(Exporter);
+our @EXPORT = qw(
+    get_xmlsec_features
+    get_openssl_features
+ );
+
+our @EXPORT_OK;
+
+our %EXPORT_TAGS = (
+    all => [@EXPORT, @EXPORT_OK],
+);
+
+use File::Which;
+use Crypt::OpenSSL::Guess;
+
+#########################################################################
+# get_xmlsec_features
+#
+# Parameter:    none
+#
+# Returns a hash of the major, minor and letter version of xmlsec
+# it also sets features to true or false depending if it is supported
+# in the version that is installed
+#
+# Response: hash
+#
+#       %features = (
+#                   installed   => 1,
+#                   major       => '1',
+#                   minor       => '3',
+#                   patch       => '0',
+#                   ripemd160   => 0,
+#       );
+##########################################################################
+sub get_xmlsec_features {
+    return unless which('xmlsec1');
+
+    my ($cmd, $ver, $engine) = split / /, (`xmlsec1 --version`);
+    my ($major, $minor, $patch) = split /\./, $ver;
+
+    my %xmlsec = (
+                    installed   => 1,
+                    major       => $major,
+                    minor       => $minor,
+                    patch       => $patch,
+                    ripemd160   => ($major >= 1 and $minor >= 3) ? 1 : 0,
+                    aes_gcm     => ($major >= 1 and $minor >= 2 and $patch >= 27) ? 1 : 0,
+                    lax_key_search => ($major >= 1 and $minor >= 3) ? 1 : 0,
+                );
+    return \%xmlsec;
+}
+
+#########################################################################
+# get_openssl_features
+#
+# Parameter:    none
+#
+# Returns a hash of the major, minor and letter version of openssl
+# it also sets features to true or false depending if it is supported
+# in the version that is installed
+#
+# Response: hash
+#
+#       %features = (
+#                   major       => '3.0',
+#                   minor       => '0',
+#                   letter      => '',
+#                   ripemd160   => 0,
+#       );
+##########################################################################
+sub get_openssl_features {
+    my ($major, $minor, $letter) = Crypt::OpenSSL::Guess->openssl_version();
+
+    my %openssl = (
+                    major       => $major,
+                    minor       => $minor,
+                    letter      => (defined $letter) ? $letter : '',
+                    ripemd160   => ($major eq '3.0' and ($minor >= 0) and ($minor <= 7)) ? 0 : 1,
+                );
+    return \%openssl;
+}
+
+1;
+
+__END__
+
+=head1 DESCRIPTION
+
+=head1 SYNOPSIS
+
+    use Test::XML::Enc;
+
+    my $features = get_xmlsec_features();
+    my $features = get_openssl_features();
+    # go from here
