signed_xml 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
data/.gitignore ADDED
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in signed_xml_document.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2013 Todd Thomas
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,29 @@
1
+ # SignedXmlDocument
2
+
3
+ TODO: Write a gem description
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ gem 'signed_xml_document'
10
+
11
+ And then execute:
12
+
13
+ $ bundle
14
+
15
+ Or install it yourself as:
16
+
17
+ $ gem install signed_xml_document
18
+
19
+ ## Usage
20
+
21
+ TODO: Write usage instructions here
22
+
23
+ ## Contributing
24
+
25
+ 1. Fork it
26
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
27
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
28
+ 4. Push to the branch (`git push origin my-new-feature`)
29
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1 @@
1
+ require "bundler/gem_tasks"
@@ -0,0 +1,9 @@
1
+ require 'base64'
2
+
3
+ module SignedXml
4
+ class Base64Transform
5
+ def apply(input)
6
+ Base64.encode64(input)
7
+ end
8
+ end
9
+ end
@@ -0,0 +1,26 @@
1
+ module SignedXml
2
+ class C14NTransform
3
+ include Nokogiri::XML
4
+
5
+ attr_reader :method
6
+ attr_reader :with_comments
7
+
8
+ def initialize(method = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315")
9
+ method, with_comments = method.split('#')
10
+ @method = case method
11
+ when "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" then XML_C14N_1_0
12
+ when "http://www.w3.org/2001/10/xml-exc-c14n" then XML_C14N_EXCLUSIVE_1_0
13
+ when "http://www.w3.org/2006/12/xml-c14n11" then XML_C14N_1_1
14
+ else raise ArgumentError.new("unknown canonicalization method #{method}")
15
+ end
16
+
17
+ @with_comments = !!with_comments
18
+ end
19
+
20
+ def apply(input)
21
+ raise ArgumentError.new("input #{input.inspect}:#{input.class} is not canonicalizable") unless input.respond_to?(:canonicalize)
22
+
23
+ input.canonicalize(method, nil, with_comments)
24
+ end
25
+ end
26
+ end
@@ -0,0 +1,15 @@
1
+ require 'openssl'
2
+
3
+ module SignedXml
4
+ module DigestMethodResolution
5
+ include OpenSSL
6
+
7
+ def digester_for_id(id)
8
+ case id
9
+ when "http://www.w3.org/2000/09/xmldsig#sha1","http://www.w3.org/2000/09/xmldsig#rsa-sha1"
10
+ Digest::SHA1.new
11
+ else raise ArgumentError.new("unknown digest method #{id}")
12
+ end
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,17 @@
1
+ require "openssl"
2
+
3
+ module SignedXml
4
+ class DigestTransform
5
+ include DigestMethodResolution
6
+
7
+ attr_reader :digest
8
+
9
+ def initialize(method_id)
10
+ @digest = digester_for_id(method_id)
11
+ end
12
+
13
+ def apply(input)
14
+ digest.digest(input)
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,36 @@
1
+ require "openssl"
2
+ require "options"
3
+
4
+ module SignedXml
5
+ class Document
6
+ attr_reader :doc
7
+
8
+ def initialize(doc)
9
+ @doc = doc
10
+ end
11
+
12
+ def is_verifiable?
13
+ signatures.any?
14
+ end
15
+
16
+ def is_verified?(opts = {})
17
+ return false unless is_verifiable?
18
+
19
+ signatures.all?(&:is_verified?)
20
+ end
21
+
22
+ private
23
+
24
+ def signatures
25
+ @signatures ||= init_signatures
26
+ end
27
+
28
+ def init_signatures
29
+ signatures = []
30
+ doc.xpath("//ds:Signature", ds: XMLDSIG_NS).each do |signature_node|
31
+ signatures << Signature.new(signature_node)
32
+ end
33
+ signatures
34
+ end
35
+ end
36
+ end
@@ -0,0 +1,10 @@
1
+ module SignedXml
2
+ class EnvelopedSignatureTransform
3
+ def apply(input)
4
+ envelope = Nokogiri::XML::Document.new
5
+ envelope.root = input
6
+ envelope.at_xpath('//ds:Signature', ds: XMLDSIG_NS).remove
7
+ envelope
8
+ end
9
+ end
10
+ end
@@ -0,0 +1,59 @@
1
+ module SignedXml
2
+ class Reference
3
+ include Transformable
4
+
5
+ attr_reader :here, :start
6
+
7
+ def initialize(here)
8
+ @here = here
9
+
10
+ uri = here['URI']
11
+ case uri
12
+ when nil, ""
13
+ @start = here.document.root
14
+ when /^#/
15
+ id = uri.split('#').last
16
+ raise ArgumentError.new("XPointer expressions like #{id} are not yet supported") if id =~ /^xpointer/
17
+ # TODO: handle ID attrs with names other than 'ID'
18
+ @start = here.document.at_xpath("//*[@ID='#{id}']")
19
+ raise ArgumentError.new("no match found for ID #{id}") if @start.nil?
20
+ else raise ArgumentError.new("unsupported Reference URI #{uri}")
21
+ end
22
+
23
+ @transforms = init_transforms
24
+ end
25
+
26
+ def is_verified?
27
+ apply_transforms.chomp == digest_value
28
+ end
29
+
30
+ private
31
+
32
+ def init_transforms
33
+ transforms = []
34
+
35
+ here.xpath('.//ds:Transform', ds: XMLDSIG_NS).each do |transform_node|
36
+ method = transform_node['Algorithm']
37
+ case method
38
+ when "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
39
+ transforms << EnvelopedSignatureTransform.new
40
+ when %r{^http://.*c14n}
41
+ transforms << C14NTransform.new(method)
42
+ else raise ArgumentError.new("unknown transform method #{method}")
43
+ end
44
+ end
45
+
46
+ # If no explicit c14n transform is specified, make sure we do one before digesting.
47
+ transforms << C14NTransform.new unless transforms.last.is_a? C14NTransform
48
+
49
+ digest_method = here.at_xpath('//ds:DigestMethod/@Algorithm', ds: XMLDSIG_NS).value.strip
50
+ transforms << DigestTransform.new(digest_method)
51
+
52
+ transforms << Base64Transform.new
53
+ end
54
+
55
+ def digest_value
56
+ @digest_value ||= here.at_xpath('ds:DigestValue', ds: XMLDSIG_NS).text.strip
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,74 @@
1
+ require 'base64'
2
+
3
+ module SignedXml
4
+ class Signature
5
+ include DigestMethodResolution
6
+
7
+ attr_accessor :here
8
+
9
+ def initialize(here)
10
+ @here = here
11
+ end
12
+
13
+ def is_verified?
14
+ is_signed_info_verified? && are_reference_digests_verified?
15
+ end
16
+
17
+ private
18
+
19
+ def is_signed_info_verified?
20
+ public_key.verify(digester_for_id(signed_info.signature_method), decoded_value, signed_info.apply_transforms)
21
+ end
22
+
23
+ def are_reference_digests_verified?
24
+ references.all?(&:is_verified?)
25
+ end
26
+
27
+ def references
28
+ @references ||= init_references
29
+ end
30
+
31
+ def init_references
32
+ references = []
33
+
34
+ here.xpath('//ds:Reference', ds: XMLDSIG_NS).each do |reference_node|
35
+ references << Reference.new(reference_node)
36
+ end
37
+
38
+ references
39
+ end
40
+
41
+ def decoded_value
42
+ @decoded_value ||= Base64.decode64 value
43
+ end
44
+
45
+ def value
46
+ @value ||= here.at_xpath('//ds:SignatureValue', ds: XMLDSIG_NS).text.strip
47
+ end
48
+
49
+ def signed_info
50
+ @signed_info ||= SignedInfo.new(here.at_xpath("//ds:SignedInfo", ds: XMLDSIG_NS))
51
+ end
52
+
53
+ def public_key
54
+ @public_key ||= x509_certificate.public_key
55
+ end
56
+
57
+ def x509_certificate
58
+ @x509_certificate ||= OpenSSL::X509::Certificate.new(certificate(x509_cert_data))
59
+ end
60
+
61
+ def x509_cert_data
62
+ @x509_cert_data ||= here.at_xpath("//ds:X509Certificate", ds: XMLDSIG_NS).text
63
+ end
64
+
65
+ def certificate(data)
66
+ "-----BEGIN CERTIFICATE-----\n#{wrap_text(data, 64)}-----END CERTIFICATE-----\n"
67
+ end
68
+
69
+ # http://blog.macromates.com/2006/wrapping-text-with-regular-expressions/
70
+ def wrap_text(txt, col = 80)
71
+ txt.gsub(/(.{1,#{col}})( +|$)\n?|(.{#{col}})/, "\\1\\3\n")
72
+ end
73
+ end
74
+ end
@@ -0,0 +1,17 @@
1
+ module SignedXml
2
+ class SignedInfo
3
+ include Transformable
4
+
5
+ attr_reader :start, :signature_method
6
+
7
+ def initialize(here)
8
+ @start = here
9
+
10
+ canonicalization_method = here.at_xpath('//ds:CanonicalizationMethod/@Algorithm', ds: XMLDSIG_NS).value.strip
11
+
12
+ transforms << C14NTransform.new(canonicalization_method)
13
+
14
+ @signature_method = here.at_xpath('//ds:SignatureMethod/@Algorithm', ds: XMLDSIG_NS).value.strip
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,13 @@
1
+ module SignedXml
2
+ module Transformable
3
+ def transforms
4
+ @transforms ||= []
5
+ end
6
+
7
+ def apply_transforms
8
+ transforms.reduce(start) do |input, transform|
9
+ transform.apply(input)
10
+ end
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,3 @@
1
+ module SignedXml
2
+ VERSION = "0.0.1"
3
+ end
data/lib/signed_xml.rb ADDED
@@ -0,0 +1,16 @@
1
+ require 'nokogiri'
2
+
3
+ module SignedXml
4
+ XMLDSIG_NS = "http://www.w3.org/2000/09/xmldsig#"
5
+
6
+ autoload :Transformable, 'signed_xml/transformable'
7
+ autoload :Document, 'signed_xml/document'
8
+ autoload :Signature, 'signed_xml/signature'
9
+ autoload :SignedInfo, 'signed_xml/signed_info'
10
+ autoload :Reference, 'signed_xml/reference'
11
+ autoload :DigestMethodResolution, 'signed_xml/digest_method_resolution'
12
+ autoload :DigestTransform, 'signed_xml/digest_transform'
13
+ autoload :Base64Transform, 'signed_xml/base64_transform'
14
+ autoload :C14NTransform, 'signed_xml/c14n_transform'
15
+ autoload :EnvelopedSignatureTransform, 'signed_xml/enveloped_signature_transform'
16
+ end
@@ -0,0 +1,25 @@
1
+ # -*- encoding: utf-8 -*-
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'signed_xml/version'
5
+
6
+ Gem::Specification.new do |gem|
7
+ gem.name = "signed_xml"
8
+ gem.version = SignedXml::VERSION
9
+ gem.authors = ["Todd Thomas"]
10
+ gem.email = ["todd.thomas@openlogic.com"]
11
+ gem.description = %q{XML Signature verification}
12
+ gem.summary = %q{Provides [incomplete] support for verification of XML Signatures <http://www.w3.org/TR/xmldsig-core>.}
13
+ gem.homepage = ""
14
+
15
+ gem.files = `git ls-files`.split($/)
16
+ gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
17
+ gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
18
+ gem.require_paths = ["lib"]
19
+
20
+ gem.add_dependency "nokogiri", "~> 1.5"
21
+ gem.add_dependency "options"
22
+
23
+ gem.add_development_dependency "rake"
24
+ gem.add_development_dependency "rspec"
25
+ end
@@ -0,0 +1,78 @@
1
+ <?xml version="1.0"?>
2
+ <Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2003-04-17T00:46:02Z" Version="2.0" ID="_c7055387-af61-4fce-8b98-e2927324b306">
3
+ <saml:Issuer>https://www.opensaml.org/IDP"</saml:Issuer>
4
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
7
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
8
+ <ds:Reference URI="">
9
+ <ds:Transforms>
10
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
11
+ </ds:Transforms>
12
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
13
+ <ds:DigestValue>otynz9RFK0/mrkztml+POU0P4Rw=</ds:DigestValue>
14
+ </ds:Reference>
15
+ </ds:SignedInfo>
16
+ <ds:SignatureValue>fMniqoW/jSH7isH7ka+79+WYeiE4O63mA7TdrqOTrh8Q+JZQMsYsbAnx5E7Fo4Fy
17
+ +2yE/6XgCnEUFUvyWK9J5vaS+qzoOH5RZeSDcaSZeM5rP2hW5lf7iTQG/9wLsQUX
18
+ KQRm1/pFgm7yetYr+gfK8yvUMR0pQc4h+vo4wKyQQYpHMlS97BWFoPEvi9F1M0Ld
19
+ 7NxHSHUFGTLqm+664ZTYI3z1k2kZgsuZpwHYCYOx185U383jnW1DruwLD8KE6Nxn
20
+ Wd9imhxAiCV2CMQkjxIkrBM8du47rm+kDToYVgOn9gU15gYAmXUN/4MwF/yvYpQE
21
+ sAs0VcNWD5PRjIviKbRh2Q==</ds:SignatureValue>
22
+ <ds:KeyInfo>
23
+ <ds:X509Data>
24
+
25
+ <ds:X509Certificate>MIIExDCCA6ygAwIBAgIJAJsG6scSiBu+MA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
26
+ VQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEUMBIGA1UEBxMLU3ByaW5nZmll
27
+ bGQxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UECxQK
28
+ QXJyciAmIERlZTELMAkGA1UEAxMCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1w
29
+ bGUub3JnMB4XDTEzMDQxMTAwNTc1MloXDTQwMDgyNzAwNTc1MlowgZwxCzAJBgNV
30
+ BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRQwEgYDVQQHEwtTcHJpbmdmaWVs
31
+ ZDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQLFApB
32
+ cnJyICYgRGVlMQswCQYDVQQDEwJNZTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
33
+ ZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZbhwD884KG1Aj
34
+ ZENyOQw1TpqvMkkxMSIFQwSMPg81JIDgPifCXXHimiNheo99K4TnLAV4V+6sLsP8
35
+ c2pQFr57mDSBo1x1JjSLR/LGD/scqQqzSXNXLNffF7FbH28/wL9+lBrMNxEh5LvT
36
+ Cm+rmnAHdJjGK//BbLE7Vuek3irquUo3OF6HidORr2b86ec4I2gjien3kwgmYc0n
37
+ 7pxjReEeKqpoZ1ytB3PjDlAwJchCTs6i+bmQJ5xqyDn+OHTZutCVCE9DwBLThfGr
38
+ 2j+c7po42EucuS1GMEbHWbEcSCruhQY51iR+hc54TRc/GQbwfVyfOBMJ98s5TASA
39
+ h0Sfw2DlAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUbuT5ExXORlqEIJRWCNvHgBig
40
+ I9swgdEGA1UdIwSByTCBxoAUbuT5ExXORlqEIJRWCNvHgBigI9uhgaKkgZ8wgZwx
41
+ CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRQwEgYDVQQHEwtTcHJp
42
+ bmdmaWVsZDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
43
+ VQQLFApBcnJyICYgRGVlMQswCQYDVQQDEwJNZTEdMBsGCSqGSIb3DQEJARYObWVA
44
+ ZXhhbXBsZS5vcmeCCQCbBurHEogbvjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
45
+ BQUAA4IBAQABGQp+S8TgiPkMqOoHiosApgs/SttQfRZVlmhoqsJQ554xkui75PIo
46
+ RMHd42Ft8PO5aQiqXe6sbGJh9e78pSqdhytrlwIf4OSomJ2ghRGKoPESBnMQGxYT
47
+ vMx/0BvjVj8rNSFmVgTV+foSkJj2tJnr/9ZfYbRPybDRYvDhfnlE7SpfBanKK2r+
48
+ VpLSlm1c6d5cYA5xKUtQgV9wKbMZLl5B75S3CXz1K6TujHN3K/B3a4Hc7AknWqFd
49
+ qsWDWKJjyH3XzQkpPT00TqQOaM9gbYqsLXmiuLzYXV1JQhU1vs29mIIFbtQK0jYd
50
+ YEcPFLoaQoTClLMt9R+6wrJvJ9loh6P8</ds:X509Certificate>
51
+ </ds:X509Data>
52
+ </ds:KeyInfo>
53
+ </ds:Signature>
54
+ <Status>
55
+ <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
56
+ </Status>
57
+ <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_a75adf55-01d7-40cc-929f-dbd8372ebdfc" IssueInstant="2003-04-17T00:46:02Z" Version="2.0">
58
+ <Issuer>https://www.opensaml.org/IDP</Issuer>
59
+ <Subject>
60
+ <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
61
+ scott@example.org
62
+ </NameID>
63
+ <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
64
+ </Subject>
65
+ <Conditions NotBefore="2003-04-17T00:46:02Z" NotOnOrAfter="2003-04-17T00:51:02Z">
66
+ <AudienceRestriction>
67
+ <Audience>http://www.opensaml.org/SP</Audience>
68
+ </AudienceRestriction>
69
+ </Conditions>
70
+ <AuthnStatement AuthnInstant="2003-04-17T00:46:00Z">
71
+ <AuthnContext>
72
+ <AuthnContextClassRef>
73
+ urn:oasis:names:tc:SAML:2.0:ac:classes:Password
74
+ </AuthnContextClassRef>
75
+ </AuthnContext>
76
+ </AuthnStatement>
77
+ </Assertion>
78
+ </Response>
@@ -0,0 +1,78 @@
1
+ <?xml version="1.0"?>
2
+ <Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2003-04-17T00:46:02Z" Version="2.0" ID="_c7055387-af61-4fce-8b98-e2927324b306">
3
+ <saml:Issuer>https://www.opensaml.org/IDP"</saml:Issuer>
4
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
7
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
8
+ <ds:Reference URI="">
9
+ <ds:Transforms>
10
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
11
+ </ds:Transforms>
12
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
13
+ <ds:DigestValue>otynz9RFK0/mrZztml+POU0P4Rw=</ds:DigestValue>
14
+ </ds:Reference>
15
+ </ds:SignedInfo>
16
+ <ds:SignatureValue>fMniqoW/jSH7isH7ka+79+WYeiE4O63mA7TdrqOTrh8Q+JZQMsYsbAnx5E7Fo4Fy
17
+ +2yE/6XgCnEUFUvyWK9J5vaS+qzoOH5RZeSDcaSZeM5rP2hW5lf7iTQG/9wLsQUX
18
+ KQRm1/pFgm7yetYr+gfK8yvUMR0pQc4h+vo4wKyQQYpHMlS97BWFoPEvi9F1M0Ld
19
+ 7NxHSHUFGTLqm+664ZTYI3z1k2kcgsuZpwHYCYOx185U383jnW1DruwLD8KE6Nxn
20
+ Wd9imhxAiCV2CMQkjxIkrBM8du47rm+kDToYVgOn9gU15gYAmXUN/4MwF/yvYpQE
21
+ sAs0VcNWD5PRjIviKbRh2Q==</ds:SignatureValue>
22
+ <ds:KeyInfo>
23
+ <ds:X509Data>
24
+
25
+ <ds:X509Certificate>MIIExDCCA6ygAwIBAgIJAJsG6scSiBu+MA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
26
+ VQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEUMBIGA1UEBxMLU3ByaW5nZmll
27
+ bGQxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UECxQK
28
+ QXJyciAmIERlZTELMAkGA1UEAxMCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1w
29
+ bGUub3JnMB4XDTEzMDQxMTAwNTc1MloXDTQwMDgyNzAwNTc1MlowgZwxCzAJBgNV
30
+ BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRQwEgYDVQQHEwtTcHJpbmdmaWVs
31
+ ZDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQLFApB
32
+ cnJyICYgRGVlMQswCQYDVQQDEwJNZTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
33
+ ZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZbhwD884KG1Aj
34
+ ZENyOQw1TpqvMkkxMSIFQwSMPg81JIDgPifCXXHimiNheo99K4TnLAV4V+6sLsP8
35
+ c2pQFr57mDSBo1x1JjSLR/LGD/scqQqzSXNXLNffF7FbH28/wL9+lBrMNxEh5LvT
36
+ Cm+rmnAHdJjGK//BbLE7Vuek3irquUo3OF6HidORr2b86ec4I2gjien3kwgmYc0n
37
+ 7pxjReEeKqpoZ1ytB3PjDlAwJchCTs6i+bmQJ5xqyDn+OHTZutCVCE9DwBLThfGr
38
+ 2j+c7po42EucuS1GMEbHWbEcSCruhQY51iR+hc54TRc/GQbwfVyfOBMJ98s5TASA
39
+ h0Sfw2DlAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUbuT5ExXORlqEIJRWCNvHgBig
40
+ I9swgdEGA1UdIwSByTCBxoAUbuT5ExXORlqEIJRWCNvHgBigI9uhgaKkgZ8wgZwx
41
+ CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRQwEgYDVQQHEwtTcHJp
42
+ bmdmaWVsZDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
43
+ VQQLFApBcnJyICYgRGVlMQswCQYDVQQDEwJNZTEdMBsGCSqGSIb3DQEJARYObWVA
44
+ ZXhhbXBsZS5vcmeCCQCbBurHEogbvjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
45
+ BQUAA4IBAQABGQp+S8TgiPkMqOoHiosApgs/SttQfRZVlmhoqsJQ554xkui75PIo
46
+ RMHd42Ft8PO5aQiqXe6sbGJh9e78pSqdhytrlwIf4OSomJ2ghRGKoPESBnMQGxYT
47
+ vMx/0BvjVj8rNSFmVgTV+foSkJj2tJnr/9ZfYbRPybDRYvDhfnlE7SpfBanKK2r+
48
+ VpLSlm1c6d5cYA5xKUtQgV9wKbMZLl5B75S3CXz1K6TujHN3K/B3a4Hc7AknWqFd
49
+ qsWDWKJjyH3XzQkpPT00TqQOaM9gbYqsLXmiuLzYXV1JQhU1vs29mIIFbtQK0jYd
50
+ YEcPFLoaQoTClLMt9R+6wrJvJ9loh6P8</ds:X509Certificate>
51
+ </ds:X509Data>
52
+ </ds:KeyInfo>
53
+ </ds:Signature>
54
+ <Status>
55
+ <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
56
+ </Status>
57
+ <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_a75adf55-01d7-40cc-929f-dbd8372ebdfc" IssueInstant="2003-04-17T00:46:02Z" Version="2.0">
58
+ <Issuer>https://www.opensaml.org/IDP</Issuer>
59
+ <Subject>
60
+ <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
61
+ scott@example.org
62
+ </NameID>
63
+ <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
64
+ </Subject>
65
+ <Conditions NotBefore="2003-04-17T00:46:02Z" NotOnOrAfter="2003-04-17T00:51:02Z">
66
+ <AudienceRestriction>
67
+ <Audience>http://www.opensaml.org/SP</Audience>
68
+ </AudienceRestriction>
69
+ </Conditions>
70
+ <AuthnStatement AuthnInstant="2003-04-17T00:46:00Z">
71
+ <AuthnContext>
72
+ <AuthnContextClassRef>
73
+ urn:oasis:names:tc:SAML:2.0:ac:classes:Password
74
+ </AuthnContextClassRef>
75
+ </AuthnContext>
76
+ </AuthnStatement>
77
+ </Assertion>
78
+ </Response>
@@ -0,0 +1,38 @@
1
+ <?xml version="1.0"?>
2
+ <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_dd2d35dad58d4ebb9e3ec8e85d3e234da2cd639962" Version="2.0" IssueInstant="2013-04-08T23:13:22Z" Destination="http://localhost:3000/saml-login" InResponseTo="83767498-2df3-4035-b0a5-8b40212b8fd7"><saml:Issuer>http://localhost/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
3
+ <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
4
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
5
+ <ds:Reference URI="#_dd2d35dad58d4ebb9e3ec8e85d3e234da2cd639962"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>MNf3EJFKtNqL4VLmjQ3ie/quaEY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>yrvpPF7jkXgzu00ro5vY3gpHDzP2rsXdNL6aKwlMgjwMF4EG4RxlmYioGS7ioxyo
6
+ AMCF7TUI7NH5CrVEXM56Rl50uEVLsV9ePvyW1OkfxdUrzJtg9fzAW9OwBj/Xa6Kv
7
+ kfvFu2SND/Ak2JV5GJxBI09fANwrq20xGgtQ3gB8XlSArT+Te4XWxWwViCkIq8pQ
8
+ llZYpN5wba0cJ5gF8ukw1Ypf8Do/fQGxjp50C4wDJ557/TwjBZyqJGXOcbkijb7i
9
+ Mit++q4AfEO1zaDT+PbY4YrqH1gUxBLdCcrZI/EakaJHFjdwk43+yrVWPLRb2OUS
10
+ yF1bxdhBTEWz0c7KtAhjmA==</ds:SignatureValue>
11
+ <ds:KeyInfo><ds:X509Data>
12
+ <ds:X509Certificate>MIIExDCCA6ygAwIBAgIJAJsG6scSiBu+MA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
13
+ VQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEUMBIGA1UEBxMLU3ByaW5nZmll
14
+ bGQxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UECxQK
15
+ QXJyciAmIERlZTELMAkGA1UEAxMCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1w
16
+ bGUub3JnMB4XDTEzMDQxMTAwNTc1MloXDTQwMDgyNzAwNTc1MlowgZwxCzAJBgNV
17
+ BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRQwEgYDVQQHEwtTcHJpbmdmaWVs
18
+ ZDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQLFApB
19
+ cnJyICYgRGVlMQswCQYDVQQDEwJNZTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
20
+ ZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZbhwD884KG1Aj
21
+ ZENyOQw1TpqvMkkxMSIFQwSMPg81JIDgPifCXXHimiNheo99K4TnLAV4V+6sLsP8
22
+ c2pQFr57mDSBo1x1JjSLR/LGD/scqQqzSXNXLNffF7FbH28/wL9+lBrMNxEh5LvT
23
+ Cm+rmnAHdJjGK//BbLE7Vuek3irquUo3OF6HidORr2b86ec4I2gjien3kwgmYc0n
24
+ 7pxjReEeKqpoZ1ytB3PjDlAwJchCTs6i+bmQJ5xqyDn+OHTZutCVCE9DwBLThfGr
25
+ 2j+c7po42EucuS1GMEbHWbEcSCruhQY51iR+hc54TRc/GQbwfVyfOBMJ98s5TASA
26
+ h0Sfw2DlAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUbuT5ExXORlqEIJRWCNvHgBig
27
+ I9swgdEGA1UdIwSByTCBxoAUbuT5ExXORlqEIJRWCNvHgBigI9uhgaKkgZ8wgZwx
28
+ CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRQwEgYDVQQHEwtTcHJp
29
+ bmdmaWVsZDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
30
+ VQQLFApBcnJyICYgRGVlMQswCQYDVQQDEwJNZTEdMBsGCSqGSIb3DQEJARYObWVA
31
+ ZXhhbXBsZS5vcmeCCQCbBurHEogbvjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
32
+ BQUAA4IBAQABGQp+S8TgiPkMqOoHiosApgs/SttQfRZVlmhoqsJQ554xkui75PIo
33
+ RMHd42Ft8PO5aQiqXe6sbGJh9e78pSqdhytrlwIf4OSomJ2ghRGKoPESBnMQGxYT
34
+ vMx/0BvjVj8rNSFmVgTV+foSkJj2tJnr/9ZfYbRPybDRYvDhfnlE7SpfBanKK2r+
35
+ VpLSlm1c6d5cYA5xKUtQgV9wKbMZLl5B75S3CXz1K6TujHN3K/B3a4Hc7AknWqFd
36
+ qsWDWKJjyH3XzQkpPT00TqQOaM9gbYqsLXmiuLzYXV1JQhU1vs29mIIFbtQK0jYd
37
+ YEcPFLoaQoTClLMt9R+6wrJvJ9loh6P8</ds:X509Certificate>
38
+ </ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_6f56d840d8df3697749fc533c9efac5866d5b88dde" Version="2.0" IssueInstant="2013-04-08T23:13:22Z"><saml:Issuer>http://localhost/simplesaml/saml2/idp/metadata.php</saml:Issuer><saml:Subject><saml:NameID SPNameQualifier="http://localhost:3000/" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_3c448bd72f639960c116dc6339a4930e7a4a3e9f3c</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2013-04-08T23:18:22Z" Recipient="http://localhost:3000/saml-login" InResponseTo="83767498-2df3-4035-b0a5-8b40212b8fd7"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2013-04-08T23:12:52Z" NotOnOrAfter="2013-04-08T23:18:22Z"><saml:AudienceRestriction><saml:Audience>http://localhost:3000/</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2013-04-08T23:12:38Z" SessionNotOnOrAfter="2013-04-09T07:13:22Z" SessionIndex="_0c21a3bb421aefe16d6278b10c7924a5d66141922b"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">todd.thomas@openlogic.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
@@ -0,0 +1,5 @@
1
+ <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_dd2d35dad58d4ebb9e3ec8e85d3e234da2cd639962" Version="2.0" IssueInstant="2013-04-08T23:13:22Z" Destination="http://localhost:3000/saml-login" InResponseTo="83767498-2df3-4035-b0a5-8b40212b8fd7"><saml:Issuer>http://localhost/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
2
+ <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
3
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
4
+ <ds:Reference URI="#_dd2d35dad58d4ebb9e3ec8e85d3e234da2cd639962"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue/></ds:Reference></ds:SignedInfo><ds:SignatureValue/>
5
+ <ds:KeyInfo><ds:X509Data><ds:X509Certificate/></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_6f56d840d8df3697749fc533c9efac5866d5b88dde" Version="2.0" IssueInstant="2013-04-08T23:13:22Z"><saml:Issuer>http://localhost/simplesaml/saml2/idp/metadata.php</saml:Issuer><saml:Subject><saml:NameID SPNameQualifier="http://localhost:3000/" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_3c448bd72f639960c116dc6339a4930e7a4a3e9f3c</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2013-04-08T23:18:22Z" Recipient="http://localhost:3000/saml-login" InResponseTo="83767498-2df3-4035-b0a5-8b40212b8fd7"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2013-04-08T23:12:52Z" NotOnOrAfter="2013-04-08T23:18:22Z"><saml:AudienceRestriction><saml:Audience>http://localhost:3000/</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2013-04-08T23:12:38Z" SessionNotOnOrAfter="2013-04-09T07:13:22Z" SessionIndex="_0c21a3bb421aefe16d6278b10c7924a5d66141922b"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">todd.thomas@openlogic.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
@@ -0,0 +1,60 @@
1
+ <Response
2
+ IssueInstant="2003-04-17T00:46:02Z" Version="2.0"
3
+ ID="_c7055387-af61-4fce-8b98-e2927324b306"
4
+ xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
5
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
6
+ <saml:Issuer>https://www.opensaml.org/IDP"</saml:Issuer>
7
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
8
+ <ds:SignedInfo>
9
+ <ds:CanonicalizationMethod
10
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
11
+ <ds:SignatureMethod
12
+ Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
13
+ <ds:Reference URI="">
14
+ <ds:Transforms>
15
+ <ds:Transform
16
+ Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
17
+ </ds:Transforms>
18
+ <ds:DigestMethod
19
+ Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
20
+ <ds:DigestValue/>
21
+ </ds:Reference>
22
+ </ds:SignedInfo>
23
+ <ds:SignatureValue/>
24
+ <ds:KeyInfo>
25
+ <ds:X509Data>
26
+ <ds:X509Certificate>
27
+ </ds:X509Certificate>
28
+ </ds:X509Data>
29
+ </ds:KeyInfo>
30
+ </ds:Signature>
31
+ <Status>
32
+ <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
33
+ </Status>
34
+ <Assertion ID="_a75adf55-01d7-40cc-929f-dbd8372ebdfc"
35
+ IssueInstant="2003-04-17T00:46:02Z" Version="2.0"
36
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
37
+ <Issuer>https://www.opensaml.org/IDP</Issuer>
38
+ <Subject>
39
+ <NameID
40
+ Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
41
+ scott@example.org
42
+ </NameID>
43
+ <SubjectConfirmation
44
+ Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
45
+ </Subject>
46
+ <Conditions NotBefore="2003-04-17T00:46:02Z"
47
+ NotOnOrAfter="2003-04-17T00:51:02Z">
48
+ <AudienceRestriction>
49
+ <Audience>http://www.opensaml.org/SP</Audience>
50
+ </AudienceRestriction>
51
+ </Conditions>
52
+ <AuthnStatement AuthnInstant="2003-04-17T00:46:00Z">
53
+ <AuthnContext>
54
+ <AuthnContextClassRef>
55
+ urn:oasis:names:tc:SAML:2.0:ac:classes:Password
56
+ </AuthnContextClassRef>
57
+ </AuthnContext>
58
+ </AuthnStatement>
59
+ </Assertion>
60
+ </Response>
@@ -0,0 +1,78 @@
1
+ <?xml version="1.0"?>
2
+ <Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2003-04-17T00:46:02Z" Version="2.0" ID="_c7055387-af61-4fce-8b98-e2927324b306">
3
+ <saml:Issuer>https://www.opensaml.org/IDP"</saml:Issuer>
4
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
5
+ <ds:SignedInfo>
6
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
7
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
8
+ <ds:Reference URI="">
9
+ <ds:Transforms>
10
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
11
+ </ds:Transforms>
12
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
13
+ <ds:DigestValue>otynz9RFK0/mrkztml+POU0P4Rw=</ds:DigestValue>
14
+ </ds:Reference>
15
+ </ds:SignedInfo>
16
+ <ds:SignatureValue>fMniqoW/jSH7isH7ka+79+WYeiE4O63mA7TdrqOTrh8Q+JZQMsYsbAnx5E7Fo4Fy
17
+ +2yE/6XgCnEUFUvyWK9J5vaS+qzoOH5RZeSDcaSZeM5rP2hW5lf7iTQG/9wLsQUX
18
+ KQRm1/pFgm7yetYr+gfK8yvUMR0pQc4h+vo4wKyQQYpHMlS97BWFoPEvi9F1M0Ld
19
+ 7NxHSHUFGTLqm+664ZTYI3z1k2kcgsuZpwHYCYOx185U383jnW1DruwLD8KE6Nxn
20
+ Wd9imhxAiCV2CMQkjxIkrBM8du47rm+kDToYVgOn9gU15gYAmXUN/4MwF/yvYpQE
21
+ sAs0VcNWD5PRjIviKbRh2Q==</ds:SignatureValue>
22
+ <ds:KeyInfo>
23
+ <ds:X509Data>
24
+
25
+ <ds:X509Certificate>MIIExDCCA6ygAwIBAgIJAJsG6scSiBu+MA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
26
+ VQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEUMBIGA1UEBxMLU3ByaW5nZmll
27
+ bGQxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UECxQK
28
+ QXJyciAmIERlZTELMAkGA1UEAxMCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1w
29
+ bGUub3JnMB4XDTEzMDQxMTAwNTc1MloXDTQwMDgyNzAwNTc1MlowgZwxCzAJBgNV
30
+ BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRQwEgYDVQQHEwtTcHJpbmdmaWVs
31
+ ZDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQLFApB
32
+ cnJyICYgRGVlMQswCQYDVQQDEwJNZTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
33
+ ZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZbhwD884KG1Aj
34
+ ZENyOQw1TpqvMkkxMSIFQwSMPg81JIDgPifCXXHimiNheo99K4TnLAV4V+6sLsP8
35
+ c2pQFr57mDSBo1x1JjSLR/LGD/scqQqzSXNXLNffF7FbH28/wL9+lBrMNxEh5LvT
36
+ Cm+rmnAHdJjGK//BbLE7Vuek3irquUo3OF6HidORr2b86ec4I2gjien3kwgmYc0n
37
+ 7pxjReEeKqpoZ1ytB3PjDlAwJchCTs6i+bmQJ5xqyDn+OHTZutCVCE9DwBLThfGr
38
+ 2j+c7po42EucuS1GMEbHWbEcSCruhQY51iR+hc54TRc/GQbwfVyfOBMJ98s5TASA
39
+ h0Sfw2DlAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUbuT5ExXORlqEIJRWCNvHgBig
40
+ I9swgdEGA1UdIwSByTCBxoAUbuT5ExXORlqEIJRWCNvHgBigI9uhgaKkgZ8wgZwx
41
+ CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRQwEgYDVQQHEwtTcHJp
42
+ bmdmaWVsZDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
43
+ VQQLFApBcnJyICYgRGVlMQswCQYDVQQDEwJNZTEdMBsGCSqGSIb3DQEJARYObWVA
44
+ ZXhhbXBsZS5vcmeCCQCbBurHEogbvjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
45
+ BQUAA4IBAQABGQp+S8TgiPkMqOoHiosApgs/SttQfRZVlmhoqsJQ554xkui75PIo
46
+ RMHd42Ft8PO5aQiqXe6sbGJh9e78pSqdhytrlwIf4OSomJ2ghRGKoPESBnMQGxYT
47
+ vMx/0BvjVj8rNSFmVgTV+foSkJj2tJnr/9ZfYbRPybDRYvDhfnlE7SpfBanKK2r+
48
+ VpLSlm1c6d5cYA5xKUtQgV9wKbMZLl5B75S3CXz1K6TujHN3K/B3a4Hc7AknWqFd
49
+ qsWDWKJjyH3XzQkpPT00TqQOaM9gbYqsLXmiuLzYXV1JQhU1vs29mIIFbtQK0jYd
50
+ YEcPFLoaQoTClLMt9R+6wrJvJ9loh6P8</ds:X509Certificate>
51
+ </ds:X509Data>
52
+ </ds:KeyInfo>
53
+ </ds:Signature>
54
+ <Status>
55
+ <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
56
+ </Status>
57
+ <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_a75adf55-01d7-40cc-929f-dbd8372ebdfc" IssueInstant="2003-04-17T00:46:02Z" Version="2.0">
58
+ <Issuer>https://www.opensaml.org/IDP</Issuer>
59
+ <Subject>
60
+ <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
61
+ scott@example.org
62
+ </NameID>
63
+ <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
64
+ </Subject>
65
+ <Conditions NotBefore="2003-04-17T00:46:02Z" NotOnOrAfter="2003-04-17T00:51:02Z">
66
+ <AudienceRestriction>
67
+ <Audience>http://www.opensaml.org/SP</Audience>
68
+ </AudienceRestriction>
69
+ </Conditions>
70
+ <AuthnStatement AuthnInstant="2003-04-17T00:46:00Z">
71
+ <AuthnContext>
72
+ <AuthnContextClassRef>
73
+ urn:oasis:names:tc:SAML:2.0:ac:classes:Password
74
+ </AuthnContextClassRef>
75
+ </AuthnContext>
76
+ </AuthnStatement>
77
+ </Assertion>
78
+ </Response>
@@ -0,0 +1,28 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIIExDCCA6ygAwIBAgIJAJsG6scSiBu+MA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
3
+ VQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEUMBIGA1UEBxMLU3ByaW5nZmll
4
+ bGQxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UECxQK
5
+ QXJyciAmIERlZTELMAkGA1UEAxMCTWUxHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1w
6
+ bGUub3JnMB4XDTEzMDQxMTAwNTc1MloXDTQwMDgyNzAwNTc1MlowgZwxCzAJBgNV
7
+ BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRQwEgYDVQQHEwtTcHJpbmdmaWVs
8
+ ZDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQLFApB
9
+ cnJyICYgRGVlMQswCQYDVQQDEwJNZTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
10
+ ZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZbhwD884KG1Aj
11
+ ZENyOQw1TpqvMkkxMSIFQwSMPg81JIDgPifCXXHimiNheo99K4TnLAV4V+6sLsP8
12
+ c2pQFr57mDSBo1x1JjSLR/LGD/scqQqzSXNXLNffF7FbH28/wL9+lBrMNxEh5LvT
13
+ Cm+rmnAHdJjGK//BbLE7Vuek3irquUo3OF6HidORr2b86ec4I2gjien3kwgmYc0n
14
+ 7pxjReEeKqpoZ1ytB3PjDlAwJchCTs6i+bmQJ5xqyDn+OHTZutCVCE9DwBLThfGr
15
+ 2j+c7po42EucuS1GMEbHWbEcSCruhQY51iR+hc54TRc/GQbwfVyfOBMJ98s5TASA
16
+ h0Sfw2DlAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUbuT5ExXORlqEIJRWCNvHgBig
17
+ I9swgdEGA1UdIwSByTCBxoAUbuT5ExXORlqEIJRWCNvHgBigI9uhgaKkgZ8wgZwx
18
+ CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRQwEgYDVQQHEwtTcHJp
19
+ bmdmaWVsZDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
20
+ VQQLFApBcnJyICYgRGVlMQswCQYDVQQDEwJNZTEdMBsGCSqGSIb3DQEJARYObWVA
21
+ ZXhhbXBsZS5vcmeCCQCbBurHEogbvjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
22
+ BQUAA4IBAQABGQp+S8TgiPkMqOoHiosApgs/SttQfRZVlmhoqsJQ554xkui75PIo
23
+ RMHd42Ft8PO5aQiqXe6sbGJh9e78pSqdhytrlwIf4OSomJ2ghRGKoPESBnMQGxYT
24
+ vMx/0BvjVj8rNSFmVgTV+foSkJj2tJnr/9ZfYbRPybDRYvDhfnlE7SpfBanKK2r+
25
+ VpLSlm1c6d5cYA5xKUtQgV9wKbMZLl5B75S3CXz1K6TujHN3K/B3a4Hc7AknWqFd
26
+ qsWDWKJjyH3XzQkpPT00TqQOaM9gbYqsLXmiuLzYXV1JQhU1vs29mIIFbtQK0jYd
27
+ YEcPFLoaQoTClLMt9R+6wrJvJ9loh6P8
28
+ -----END CERTIFICATE-----
@@ -0,0 +1,27 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIIEowIBAAKCAQEA2W4cA/POChtQI2RDcjkMNU6arzJJMTEiBUMEjD4PNSSA4D4n
3
+ wl1x4pojYXqPfSuE5ywFeFfurC7D/HNqUBa+e5g0gaNcdSY0i0fyxg/7HKkKs0lz
4
+ VyzX3xexWx9vP8C/fpQazDcRIeS70wpvq5pwB3SYxiv/wWyxO1bnpN4q6rlKNzhe
5
+ h4nTka9m/OnnOCNoI4np95MIJmHNJ+6cY0XhHiqqaGdcrQdz4w5QMCXIQk7Oovm5
6
+ kCecasg5/jh02brQlQhPQ8AS04Xxq9o/nO6aONhLnLktRjBGx1mxHEgq7oUGOdYk
7
+ foXOeE0XPxkG8H1cnzgTCffLOUwEgIdEn8Ng5QIDAQABAoIBAQCVIe/3SgddaUR7
8
+ Me8M7lIQUhzI4+3N3sxd3YzGAF7/7Uy0Ag3VQ7C0Y1K3LpAyo2HiCZCq7W0YDm+A
9
+ vU0DJ8Z5EXmaHYlyFMVfbvb2oMl07AEZ3dxNw8VBEIgmXxY4HSV7VWxX+8E1hSTK
10
+ 6NKVWjVS98c9zbn7WmjpsX7q1zOKkE7B2uMLZr0Q+5eDRTgNYZdRSKWt5g9KXJrW
11
+ F4ONPSnvEsSWKDylS89JK1jK1Q3neiTHmqpu112m8x5JsQ3OrFNfWmwRxiGbgSXv
12
+ WQnbU+IJ/23f8i/6gwHnYjHpldsxQQFPsrODPQS6vj0OV+ectcp7QneTMF1f4NKW
13
+ QmJTI2KBAoGBAPB8qezibK9OxqLrrLFtqQE1v7m592A59BcujxWJ8nTzRGyLygeG
14
+ rCX/PUv8iSd0BTIFuCSlgy6yqxT8Wko+vzWLtu4rP1Iky9L+12UuJJiK5mA6BC9f
15
+ DMLqNEOR0jO9Y490hYDejH+e0cAY2s0Oh8TUjEP7D/ViFkWSLE5a3kcFAoGBAOd0
16
+ sOq4kFVk/ZiALN/wkaU73qPEpVM8M0W7NwZ6MOXdVvMNLu3An2cf/i2/C6wqG/Ve
17
+ NYCQrCMOBRfEbWDF4KOb/YuOpAgVfZnujOas1TfVsyM06wnkjCvg0DL9qwihMR9K
18
+ SK0c/sIl4ybUNJzwhmx2kPrt8Vk9+gqirGYA+hhhAoGAZe1glC9Pw2nPFQRwmG8T
19
+ H5kpXs2sRJOrmhu4t3dVVS46RQtmoJP66MvqrgcmFpu9C/uSla21ERjXHDjtB+Ta
20
+ ZBaIfR/FYcqIvTAYGSFaj3Dnvcc5ON6/aOmdJzpp7lYKGaZYY0twHzMwUYv3SMws
21
+ zUcNAE8r72QYbnpK3xbyeQUCgYBSPuz++0aOkaxrnGBV0y5uALBEkYQN575wcO5E
22
+ pvbpN5XGGFEsut3pzzyLFPAY5X252xg37zC75Cd7IpmbYbVJbgzSooU3Oiu/nz0C
23
+ WzgI9y8Iu60pfsUwclqJRAqarmy+Ka9ZlIwSgVQOYCmx+uZJdHhgMl0o0RUg4l1Q
24
+ gdhdAQKBgG3U5J6jeHe8svMWO8R3pfFewX427FETnwm5XU/DCeY1xAAEVlsXLgDe
25
+ 3XmaQlskylQJhoP0pImV+snAFTtPYGZM9Wof18FkYxwaCViEwYVr7Z5Gm6GyFKpL
26
+ IiVG3k0XwY/Pgci3Wxw5aZIyS4NBnp8KCXzXAn4nfUbFZt/DXzI6
27
+ -----END RSA PRIVATE KEY-----
@@ -0,0 +1,9 @@
1
+ <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_575136947e054f114761c6df08bd3644f0c2079aae" Version="2.0" IssueInstant="2013-04-12T00:45:07Z" Destination="http://localhost:3000/saml-login" InResponseTo="49246bce-6fc4-43b7-a661-6d5d5b146ea4"><saml:Issuer>http://localhost/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
2
+ <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
3
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
4
+ <ds:Reference URI="#_575136947e054f114761c6df08bd3644f0c2079aae"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>Vb69+UWPYwvAMb4K5aVQvT7Nq2c=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>eMsQ2jp2aY0kqYYDPS0rUJkwNPajXYFjBArqS8n4JuRhjNTpv3mDVmfk/+eUDxHBWfxSFDa5gLN3lgtu6VMwfcJ2zuUmIFtUUpfBcCaeVcc4jDehckSAAYXIlrG3eoPDp3+uU6cS+3gJQPfCfMl7LIKeNZS1yOHgz5XXk9zOo9Y=</ds:SignatureValue>
5
+ <ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_36bb41924d265fa2d92450e85c53c35590bf06c106" Version="2.0" IssueInstant="2013-04-12T00:45:07Z"><saml:Issuer>http://localhost/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
6
+ <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
7
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
8
+ <ds:Reference URI="#_36bb41924d265fa2d92450e85c53c35590bf06c106"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>NRT1gWsxJE1n+kHlHRbEvfQW81I=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>S1eVfcB7Lf0hNdfunOIDivgWL5JPBsEiUgXnNhgx4rbID1WnQv1X3QOt25OWO1RaML9ML61A976AS6CP1s5Z4y2SzHcPDbye3vKll3lbqKj6OQ4H5s1C9Xmy3sJcOIw8aJ+N89KhLckWqy66ec/XybbX3D2RDuzoIg2KmR2Nf14=</ds:SignatureValue>
9
+ <ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID SPNameQualifier="http://localhost:3000/" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_7e3d918ee67356d13c10e088927902206b98c1c2bb</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2013-04-12T00:50:07Z" Recipient="http://localhost:3000/saml-login" InResponseTo="49246bce-6fc4-43b7-a661-6d5d5b146ea4"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2013-04-12T00:44:37Z" NotOnOrAfter="2013-04-12T00:50:07Z"><saml:AudienceRestriction><saml:Audience>http://localhost:3000/</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2013-04-12T00:45:07Z" SessionNotOnOrAfter="2013-04-12T08:45:07Z" SessionIndex="_07a70ed54455feb8685d2b25e292773cd003cd57ac"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">toddthomas@acm.org</saml:AttributeValue></saml:Attribute><saml:Attribute Name="givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">Todd</saml:AttributeValue></saml:Attribute><saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">Thomas</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
@@ -0,0 +1,36 @@
1
+ <Response
2
+ IssueInstant="2003-04-17T00:46:02Z" Version="2.0"
3
+ ID="_c7055387-af61-4fce-8b98-e2927324b306"
4
+ xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
5
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
6
+ <saml:Issuer>https://www.opensaml.org/IDP"</saml:Issuer>
7
+ <Status>
8
+ <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
9
+ </Status>
10
+ <Assertion ID="_a75adf55-01d7-40cc-929f-dbd8372ebdfc"
11
+ IssueInstant="2003-04-17T00:46:02Z" Version="2.0"
12
+ xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
13
+ <Issuer>https://www.opensaml.org/IDP</Issuer>
14
+ <Subject>
15
+ <NameID
16
+ Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
17
+ scott@example.org
18
+ </NameID>
19
+ <SubjectConfirmation
20
+ Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
21
+ </Subject>
22
+ <Conditions NotBefore="2003-04-17T00:46:02Z"
23
+ NotOnOrAfter="2003-04-17T00:51:02Z">
24
+ <AudienceRestriction>
25
+ <Audience>http://www.opensaml.org/SP</Audience>
26
+ </AudienceRestriction>
27
+ </Conditions>
28
+ <AuthnStatement AuthnInstant="2003-04-17T00:46:00Z">
29
+ <AuthnContext>
30
+ <AuthnContextClassRef>
31
+ urn:oasis:names:tc:SAML:2.0:ac:classes:Password
32
+ </AuthnContextClassRef>
33
+ </AuthnContext>
34
+ </AuthnStatement>
35
+ </Assertion>
36
+ </Response>
@@ -0,0 +1,94 @@
1
+ require 'spec_helper'
2
+
3
+ describe SignedXml::Document do
4
+ include SignedXml::DigestMethodResolution
5
+
6
+ let(:resources_path) { File.join(File.dirname(__FILE__), 'resources') }
7
+
8
+ let(:unsigned_doc_nodes) do
9
+ xml_doc_from_file(File.join(resources_path, 'unsigned_saml_response.xml'))
10
+ end
11
+
12
+ let(:unsigned_doc) { SignedXml::Document.new(unsigned_doc_nodes) }
13
+
14
+ let(:signed_doc_nodes) do
15
+ xml_doc_from_file(File.join(resources_path, 'signed_saml_response.xml'))
16
+ end
17
+
18
+ let(:signed_doc) { SignedXml::Document.new(signed_doc_nodes) }
19
+
20
+ it "knows which documents can be verified" do
21
+ unsigned_doc.is_verifiable?.should be false
22
+ signed_doc.is_verifiable?.should be true
23
+ end
24
+
25
+ it "knows unsigned documents can't be verified" do
26
+ unsigned_doc.is_verified?.should be false
27
+ end
28
+
29
+ let(:test_certificate) { OpenSSL::X509::Certificate.new IO.read(File.join(resources_path, 'test_cert.pem')) }
30
+
31
+ it "can read an embedded X.509 certificate" do
32
+ signed_doc.send(:signatures).first.send(:x509_certificate).to_pem.should eq test_certificate.to_pem
33
+ end
34
+
35
+ it "knows the public key of the embedded X.509 certificate" do
36
+ signed_doc.send(:signatures).first.send(:public_key).to_s.should eq test_certificate.public_key.to_s
37
+ end
38
+
39
+ it "knows the signature method of the signed info" do
40
+ digester_for_id(signed_doc.send(:signatures).first.send(:signed_info).signature_method).class.should == OpenSSL::Digest::SHA1
41
+ end
42
+
43
+ it "knows how to canonicalize its signed info" do
44
+ signed_doc.send(:signatures).first.send(:signed_info).transforms.first.method.should == Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
45
+ end
46
+
47
+ it "verifies its signed info" do
48
+ signed_doc.send(:signatures).first.send(:is_signed_info_verified?).should be true
49
+ end
50
+
51
+ it "verifies docs with one enveloped-signature Resource element and embedded X.509 key" do
52
+ signed_doc.is_verified?.should be true
53
+ end
54
+
55
+ let(:same_doc_ref_nodes) do
56
+ xml_doc_from_file(File.join(resources_path, 'same_doc_reference.xml'))
57
+ end
58
+
59
+ let(:same_doc_ref_doc) { SignedXml::Document.new(same_doc_ref_nodes) }
60
+
61
+ it "verifies docs with same-document references" do
62
+ same_doc_ref_doc.is_verified?.should be true
63
+ end
64
+
65
+ let(:two_sig_nodes) do
66
+ xml_doc_from_file(File.join(resources_path, 'two_sig_doc.xml'))
67
+ end
68
+
69
+ let(:two_sig_doc) { SignedXml::Document.new(two_sig_nodes) }
70
+
71
+ it "verifies docs with more than one signature" do
72
+ two_sig_doc.is_verified?.should be true
73
+ end
74
+
75
+ let(:badly_signed_doc_nodes) do
76
+ xml_doc_from_file(File.join(resources_path, 'badly_signed_saml_response.xml'))
77
+ end
78
+
79
+ let(:badly_signed_doc) { SignedXml::Document.new(badly_signed_doc_nodes) }
80
+
81
+ it "fails verification of a badly-signed doc" do
82
+ badly_signed_doc.is_verified?.should be false
83
+ end
84
+
85
+ let(:incorrect_digest_doc_nodes) do
86
+ xml_doc_from_file(File.join(resources_path, 'incorrect_digest_saml_response.xml'))
87
+ end
88
+
89
+ let(:incorrect_digest_doc) { SignedXml::Document.new(incorrect_digest_doc_nodes) }
90
+
91
+ it "fails verification of a doc with an incorrect Resource digest" do
92
+ incorrect_digest_doc.is_verified?.should be false
93
+ end
94
+ end
@@ -0,0 +1,8 @@
1
+ require 'signed_xml'
2
+
3
+ def xml_doc_from_file(path)
4
+ file = File.open(path)
5
+ doc = Nokogiri::XML(file)
6
+ file.close
7
+ doc
8
+ end
metadata ADDED
@@ -0,0 +1,157 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: signed_xml
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Todd Thomas
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2013-04-12 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: nokogiri
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: '1.5'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ~>
28
+ - !ruby/object:Gem::Version
29
+ version: '1.5'
30
+ - !ruby/object:Gem::Dependency
31
+ name: options
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ type: :runtime
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
46
+ - !ruby/object:Gem::Dependency
47
+ name: rake
48
+ requirement: !ruby/object:Gem::Requirement
49
+ none: false
50
+ requirements:
51
+ - - ! '>='
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
58
+ requirements:
59
+ - - ! '>='
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ - !ruby/object:Gem::Dependency
63
+ name: rspec
64
+ requirement: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ! '>='
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ type: :development
71
+ prerelease: false
72
+ version_requirements: !ruby/object:Gem::Requirement
73
+ none: false
74
+ requirements:
75
+ - - ! '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
78
+ description: XML Signature verification
79
+ email:
80
+ - todd.thomas@openlogic.com
81
+ executables: []
82
+ extensions: []
83
+ extra_rdoc_files: []
84
+ files:
85
+ - .gitignore
86
+ - Gemfile
87
+ - LICENSE.txt
88
+ - README.md
89
+ - Rakefile
90
+ - lib/signed_xml.rb
91
+ - lib/signed_xml/base64_transform.rb
92
+ - lib/signed_xml/c14n_transform.rb
93
+ - lib/signed_xml/digest_method_resolution.rb
94
+ - lib/signed_xml/digest_transform.rb
95
+ - lib/signed_xml/document.rb
96
+ - lib/signed_xml/enveloped_signature_transform.rb
97
+ - lib/signed_xml/reference.rb
98
+ - lib/signed_xml/signature.rb
99
+ - lib/signed_xml/signed_info.rb
100
+ - lib/signed_xml/transformable.rb
101
+ - lib/signed_xml/version.rb
102
+ - signed_xml.gemspec
103
+ - spec/resources/badly_signed_saml_response.xml
104
+ - spec/resources/incorrect_digest_saml_response.xml
105
+ - spec/resources/same_doc_reference.xml
106
+ - spec/resources/same_doc_reference_template.xml
107
+ - spec/resources/saml_response_template.xml
108
+ - spec/resources/signed_saml_response.xml
109
+ - spec/resources/test_cert.pem
110
+ - spec/resources/test_key.pem
111
+ - spec/resources/two_sig_doc.xml
112
+ - spec/resources/unsigned_saml_response.xml
113
+ - spec/signed_xml_document_spec.rb
114
+ - spec/spec_helper.rb
115
+ homepage: ''
116
+ licenses: []
117
+ post_install_message:
118
+ rdoc_options: []
119
+ require_paths:
120
+ - lib
121
+ required_ruby_version: !ruby/object:Gem::Requirement
122
+ none: false
123
+ requirements:
124
+ - - ! '>='
125
+ - !ruby/object:Gem::Version
126
+ version: '0'
127
+ segments:
128
+ - 0
129
+ hash: -2293715516306633631
130
+ required_rubygems_version: !ruby/object:Gem::Requirement
131
+ none: false
132
+ requirements:
133
+ - - ! '>='
134
+ - !ruby/object:Gem::Version
135
+ version: '0'
136
+ segments:
137
+ - 0
138
+ hash: -2293715516306633631
139
+ requirements: []
140
+ rubyforge_project:
141
+ rubygems_version: 1.8.25
142
+ signing_key:
143
+ specification_version: 3
144
+ summary: Provides [incomplete] support for verification of XML Signatures <http://www.w3.org/TR/xmldsig-core>.
145
+ test_files:
146
+ - spec/resources/badly_signed_saml_response.xml
147
+ - spec/resources/incorrect_digest_saml_response.xml
148
+ - spec/resources/same_doc_reference.xml
149
+ - spec/resources/same_doc_reference_template.xml
150
+ - spec/resources/saml_response_template.xml
151
+ - spec/resources/signed_saml_response.xml
152
+ - spec/resources/test_cert.pem
153
+ - spec/resources/test_key.pem
154
+ - spec/resources/two_sig_doc.xml
155
+ - spec/resources/unsigned_saml_response.xml
156
+ - spec/signed_xml_document_spec.rb
157
+ - spec/spec_helper.rb