chrisa · marschap · Aug 4, 2012 · Aug 4, 2012 · Aug 4, 2012 · Aug 4, 2012
diff --git a/Makefile.PL b/Makefile.PL
@@ -29,7 +29,7 @@ requires 'MooseX::Types::DateTime';
 
 # XML::Sig's deps
 requires 'Class::Accessor';
-requires 'Digest::SHA1';
+requires 'Digest::SHA';
 requires 'Crypt::OpenSSL::Bignum';
 requires 'Crypt::OpenSSL::DSA';
 requires 'XML::CanonicalizeXML';

diff --git a/lib/Net/SAML2/Binding/POST.pm b/lib/Net/SAML2/Binding/POST.pm
@@ -8,7 +8,9 @@ Net::SAML2::Binding::POST - HTTP POST binding for SAML2
 
 =head1 SYNOPSIS
 
-  my $post = Net::SAML2::Binding::POST->new;
+  my $post = Net::SAML2::Binding::POST->new(
+    cacert => '/path/to/ca-cert.pem'
+  );
   my $ret = $post->handle_response(
     $saml_response
   );
@@ -21,17 +23,25 @@ use Net::SAML2::XML::Sig;
 use MIME::Base64 qw/ decode_base64 /;
 use Crypt::OpenSSL::VerifyX509;
 
-=head2 new()
+=head2 new( )
 
 Constructor. Returns an instance of the POST binding. 
 
-No arguments.
+Arguments:
+
+=over
+
+=item B<cacert>
+
+path to the CA certificate for verification
+
+=back
 
 =cut
 
 has 'cacert' => (isa => Str, is => 'ro', required => 1);
 
-=head2 handle_response($response)
+=head2 handle_response( $response )
 
 Decodes and verifies the response provided, which should be the raw
 Base64-encoded response, from the SAMLResponse CGI parameter. 

diff --git a/lib/Net/SAML2/Binding/Redirect.pm b/lib/Net/SAML2/Binding/Redirect.pm
@@ -13,6 +13,7 @@ Net::SAML2::Binding::Redirect
     key => 'sign-nopw-cert.pem',
     url => $sso_url,
     param => 'SAMLRequest',
+    cacert => '/path/to/cac-cert.pem'
   );
 
   my $url = $redirect->sign($authnreq);
@@ -45,10 +46,25 @@ Constructor. Creates an instance of the Redirect binding.
 
 Arguments:
 
- * key - the signing key (for creating Redirect URLs)
- * cert - the IdP's signing cert (for verifying Redirect URLs)
- * url - the IdP's SSO service url for the Redirect binding
- * param - the query param name to use (SAMLRequest, SAMLResponse)
+=over
+
+=item B<key>
+
+signing key (for creating Redirect URLs)
+
+=item B<cert>
+
+IdP's signing cert (for verifying Redirect URLs)
+
+=item B<url>
+
+IdP's SSO service url for the Redirect binding
+
+=item B<param>
+
+query param name to use (SAMLRequest, SAMLResponse)
+
+=back
 
 =cut
 
@@ -57,7 +73,7 @@ has 'cert'  => (isa => Str, is => 'ro', required => 1);
 has 'url'   => (isa => Uri, is => 'ro', required => 1, coerce => 1);
 has 'param' => (isa => Str, is => 'ro', required => 1);
 
-=head2 sign($request, $relaystate)
+=head2 sign( $request, $relaystate )
 
 Signs the given request, and returns the URL to which the user's
 browser should be redirected.
@@ -93,7 +109,7 @@ sub sign {
     return $url;
 }
 
-=head2 verify($url)
+=head2 verify( $url )
 
 Decode a Redirect binding URL. 
 

diff --git a/lib/Net/SAML2/Binding/SOAP.pm b/lib/Net/SAML2/Binding/SOAP.pm
@@ -34,12 +34,33 @@ the given IdP service url.
 
 Arguments:
 
- * ua - (optionally) a LWP::UserAgent-compatible UA
- * url - the service URL
- * key - the key to sign with
- * cert - the corresponding certificate
- * idp_cert - the idp's signing certificate
- * cacert - the CA for the SAML CoT
+=over
+
+=item B<ua>
+
+(optional) a LWP::UserAgent-compatible UA
+
+=item B<url>
+
+the service URL
+
+=item B<key>
+
+the key to sign with
+
+=item B<cert>
+
+the corresponding certificate
+
+=item B<idp_cert>
+
+the idp's signing certificate
+
+=item B<cacert>
+
+the CA for the SAML CoT
+
+=back
 
 =cut
 
@@ -52,7 +73,7 @@ has 'cert'     => (isa => Str, is => 'ro', required => 1);
 has 'idp_cert' => (isa => Str, is => 'ro', required => 1);
 has 'cacert'   => (isa => Str, is => 'ro', required => 1);
 
-=head2 request($message)
+=head2 request( $message )
 
 Submit the message to the IdP's service.
 
@@ -145,7 +166,7 @@ sub handle_request {
     return;
 }
 
-=head2 create_soap_envelope($message)
+=head2 create_soap_envelope( $message )
 
 Signs and SOAP-wraps the given message.
 

diff --git a/lib/Net/SAML2/IdP.pm b/lib/Net/SAML2/IdP.pm
@@ -22,11 +22,15 @@ use HTTP::Request::Common;
 use LWP::UserAgent;
 use XML::XPath;
 
-=head2 new
+=head2 new( )
 
 Constructor
 
- * entityID
+=over
+
+=item B<entityid>
+
+=back
 
 =cut
 
@@ -146,7 +150,7 @@ sub BUILD {
     }       
 }
 
-=head2 sso_url($binding)
+=head2 sso_url( $binding )
 
 Returns the url for the SSO service using the given binding. Binding
 name should be the full URI. 
@@ -158,7 +162,7 @@ sub sso_url {
     return $self->sso_urls->{$binding};
 }
 
-=head2 slo_url($binding)
+=head2 slo_url( $binding )
 
 Returns the url for the Single Logout Service using the given
 binding. Binding name should be the full URI.
@@ -170,7 +174,7 @@ sub slo_url {
     return $self->slo_urls->{$binding};
 }
 
-=head2 art_url($binding)
+=head2 art_url( $binding )
 
 Returns the url for the Artifact Resolution service using the given
 binding. Binding name should be the full URI.
@@ -182,9 +186,9 @@ sub art_url {
     return $self->art_urls->{$binding};
 }
 
-=head2 cert($use)
+=head2 cert( $use )
 
-Returns the IdP's certificate for the given use (e.g. 'signing').
+Returns the IdP's certificate for the given use (e.g. C<signing>).
 
 =cut
 
@@ -193,10 +197,10 @@ sub cert {
     return $self->certs->{$use};
 }
 
-=head2 binding($name)
+=head2 binding( $name )
 
-Returns the full Binding URI for the given binding name. Includes this
-module's currently-supported bindings.
+Returns the full Binding URI for the given binding name (i.e. C<redirect> or C<soap>).
+Includes this module's currently-supported bindings.
 
 =cut
 
@@ -215,7 +219,7 @@ sub binding {
     return;
 }
 
-=head2 format($short_name)
+=head2 format( $short_name )
 
 Returns the full NameID Format URI for the given short name.
 
@@ -235,9 +239,8 @@ sub format {
     elsif ($self->default_format) {
         return $self->formats->{$self->default_format};
     }
-    else {
-        return;
-    }
+
+    return;
 }
 
 __PACKAGE__->meta->make_immutable;
diff --git a/lib/Net/SAML2/Protocol/ArtifactResolve.pm b/lib/Net/SAML2/Protocol/ArtifactResolve.pm
@@ -28,9 +28,21 @@ the given issuer and artifact.
 
 Arguments:
 
- * issuer - the issuing SP's identity URI
- * artifact - the artifact to be resolved
- * destination - the IdP's identity URI
+=over
+
+=item B<issuer>
+
+issuing SP's identity URI
+
+=item B<artifact>
+
+artifact to be resolved
+
+=item B<destination>
+
+IdP's identity URI
+
+=back
 
 =cut
 
@@ -39,7 +51,7 @@ has 'issuer'      => (isa => Uri, is => 'ro', required => 1, coerce => 1);
 has 'destination' => (isa => Uri, is => 'ro', required => 1, coerce => 1);
 
 
-=head2 as_xml
+=head2 as_xml( )
 
 Returns the ArtifactResolve request as XML.
 

diff --git a/lib/Net/SAML2/Protocol/Assertion.pm b/lib/Net/SAML2/Protocol/Assertion.pm
@@ -36,6 +36,16 @@ has 'audience'   => (isa => NonEmptySimpleStr, is => 'ro', required => 1);
 Constructor. Creates an instance of the Assertion object, parsing the
 given XML to find the attributes, session and nameid. 
 
+Arguments:
+
+=over
+
+=item B<xml>
+
+XML data
+
+=back
+
 =cut
 
 sub new_from_xml { 
@@ -71,7 +81,7 @@ sub new_from_xml {
     return $self;
 }
 
-=head2 name
+=head2 name( )
 
 Returns the CN attribute, if provided.
 

diff --git a/lib/Net/SAML2/Protocol/AuthnRequest.pm b/lib/Net/SAML2/Protocol/AuthnRequest.pm
@@ -28,16 +28,25 @@ Constructor. Creates an instance of the AuthnRequest object.
 
 Arguments:
 
- * issuer - the SP's identity URI
- * destination - the IdP's identity URI
+=over
+
+=item B<issuer>
+
+SP's identity URI
+
+=item B<destination>
+
+IdP's identity URI
+
+=back
 
 =cut
 
 has 'issuer'        => (isa => Uri, is => 'ro', required => 1, coerce => 1);
 has 'destination'   => (isa => Uri, is => 'ro', required => 1, coerce => 1);
 has 'nameid_format' => (isa => NonEmptySimpleStr, is => 'ro', required => 1);
 
-=head2 as_xml()
+=head2 as_xml( )
 
 Returns the AuthnRequest as XML.