Authen-NZRealMe
view release on metacpan or search on metacpan
lib/Authen/NZRealMe/CommonURIs.pm view on Meta::CPAN
URI to find a prefix.
=head1 IDENTIFIERS
The following token/URI mappings are defined. For simplicity, they are all
available via both the F<URI()> and the F<NS_PAIR()> functions, although not
all the URIs are actually intended to be used as namespaces in XML.
Sources for these URIs:
DSIG_CORE https://www.w3.org/TR/xmldsig-core/#sec-CoreSyntax
DSIG_ALG https://www.w3.org/TR/xmldsig-core/#sec-AlgID
SAML2 https://wiki.oasis-open.org/security/FrontPage#SAML_V2.0_Standard
SOAP11 https://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383494
SOAP12 https://www.w3.org/TR/2007/REC-soap12-part1-20070427/#soapenvelope
WSDL https://www.w3.org/TR/wsdl/#nsprefixes
WSDL_SOAP http://schemas.xmlsoap.org/wsdl/soap12/soap12WSDL.htm
WS_ADDR https://www.w3.org/TR/ws-addr-core/#namespaces
WS_TRUST http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/ws-trust.html#_Toc325658925
WS_SEC http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-SOAPMessageSecurity-v1.1.1-os.html#_Toc307407921
WS_SEC2 http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-SOAPMessageSecurity-v1.1.1-os.html#_Toc307407949
XENC https://www.w3.org/TR/xmlenc-core1/
RM_LOGIN https://developers.realme.govt.nz/how-realme-works/
RM_ASSERT https://developers.realme.govt.nz/how-realme-works/
RM_ICMS RealMe iCMS docs
=over 4
=item ds => http://www.w3.org/2000/09/xmldsig#
XML Digital Signatures namespace URI. Source: [DSIG_CORE].
=item c14n => http://www.w3.org/TR/2001/REC-xml-c14n-20010315
Canonical XML 1.0 (omit comments) transform. Source: [DSIG_ALG].
=item c14n_wc => http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
Canonical XML 1.0 (with comments) transform. Source: [DSIG_ALG].
lib/Authen/NZRealMe/CommonURIs.pm view on Meta::CPAN
=item xenc_rsa_oaep_mgf1p => http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
URI for XML Encryption key transport encryption algorithm "RSA OAEP MGF1P".
Source: [XENC].
=item rsa_1_5 => http://www.w3.org/2001/04/xmlenc#rsa-1_5
URI for XML Encryption key transport encryption algorithm "RSA Version 1.5".
Source: [XENC].
=item sha1 => http://www.w3.org/2000/09/xmldsig#sha1
SHA1 digest transform. Source: [DSIG_ALG].
=item sha256 => http://www.w3.org/2001/04/xmlenc#sha256
SHA256 digest transform. Source: [DSIG_ALG].
=item env_sig => http://www.w3.org/2000/09/xmldsig#enveloped-signature
Enveloped Signature transform. Source: [DSIG_ALG].
=item rsa_sha1 => http://www.w3.org/2000/09/xmldsig#rsa-sha1
RSA with SHA1 digital signature transform. Source: [DSIG_ALG].
=item rsa_sha256 => http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
RSA with SHA256 digital signature transform. Source: [DSIG_ALG].
=item soap11 => http://schemas.xmlsoap.org/soap/envelope/
Namespace URI for SOAP version 1.1 elements. Source: [SOAP11].
=item soap12 => http://www.w3.org/2003/05/soap-envelope
Namespace URI for SOAP version 1.2 elements. Source: [SOAP12].
lib/Authen/NZRealMe/ICMSResolutionRequest.pm view on Meta::CPAN
use Authen::NZRealMe::CommonURIs qw(URI NS_PAIR);
my $ns_soap = [ 'soap' => URI('soap12') ];
my $ns_wsse = [ NS_PAIR('wsse') ];
my $ns_wsu = [ NS_PAIR('wsu') ];
my $ns_wst = [ NS_PAIR('wst') ];
my $ns_wsa = [ NS_PAIR('wsa') ];
my $ns_icms = [ NS_PAIR('icms') ];
my $ns_ds = [ 'dsig' => URI('ds') ];
my @all_ns = (
$ns_soap, $ns_wsse, $ns_wsu, $ns_wst, $ns_wsa, $ns_icms
);
my $wst_validate = URI('wst_validate');
my $wss_saml2 = URI('wss_saml2');
my $wsa_anon = URI('wsa_anon');
sub new {
lib/Authen/NZRealMe/ServiceProvider.pm view on Meta::CPAN
my %options;
$options{algorithm} = 'algorithm_' . $algorithm if $algorithm;
my $signer = $self->_signer(%options);
return $signer->sign(@_);
}
sub sign_query_string {
my($self, $qs) = @_;
$qs .= '&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1';
my $signer = $self->_signer(signature_algorithm => 'rsa_sha1');
my $sig = $signer->create_detached_signature($qs, '');
return $qs . '&Signature=' . uri_escape( $sig );
}
sub _signer {
lib/Authen/NZRealMe/XMLSig.pm view on Meta::CPAN
$Authen::NZRealMe::XMLSig::VERSION = '1.23';
use strict;
use warnings;
=head1 NAME
Authen::NZRealMe::XMLSig - XML digital signature generation/verification
=head1 DESCRIPTION
This module implements the subset of http://www.w3.org/TR/xmldsig-core/
required to interface with the New Zealand RealMe Login service using SAML 2.0
messaging.
=cut
use Carp qw(croak);
use Digest::SHA qw(sha1 sha1_base64 sha256);
use MIME::Base64 qw(encode_base64 decode_base64);
lib/Authen/NZRealMe/XMLSig.pm view on Meta::CPAN
$opt{signature_algorithm} // $self->signature_algorithm()
);
return $self->_sig_as_xml($sig);
}
sub _sig_as_xml {
my($self, $sig) = @_;
my $ns_ds = [ dsig => URI('ds') ];
my $x = XML::Generator->new(':strict', pretty => 2);
my @ref_blocks = map {
my @transforms = map {
$self->_transform_as_xml($x, 'Transform', $ns_ds, $_);
} @{ $_->{transforms} };
$x->Reference($ns_ds, { URI => '#' . $_->{ref_id} },
$x->Transforms($ns_ds,
@transforms,
),
lib/Authen/NZRealMe/XMLSig.pm view on Meta::CPAN
) . '';
my $xc = $self->_xcdom_from_xml($sig_xml, @$ns_ds);
my $doc = $xc->getContextNode();
my($fragment) = [ $xc, $xc->findnodes('/ds:Signature/ds:SignedInfo') ];
my $plaintext = $self->_apply_transform($sig->{c14n}, $fragment);
my $sig_text = "\n" . $self->_create_signature(
$sig->{signature_algorithm},
$plaintext,
);
my($sig_node) = $xc->findnodes('//dsig:SignatureValue')
or die "Failed to find SignatureValue in generated signature XML";
$sig_node->addChild( $doc->ownerDocument->createTextNode($sig_text) );
# Serialising, parsing and reserialising simplifies ns attr and empty tags
return $self->_xml_to_dom( $doc->toStringEC14N() )->toString();
}
sub _transform_as_xml {
my($self, $x, $tag_name, $ns_ds, $trans) = @_;
t/05-common-uris.t view on Meta::CPAN
#!perl
use strict;
use warnings;
use Test::More;
use Authen::NZRealMe::CommonURIs qw(URI NS_PAIR);
my $ds_prefix = 'ds';
my $ds_uri = 'http://www.w3.org/2000/09/xmldsig#';
is(
URI($ds_prefix),
$ds_uri,
"URI for namespace prefix '$ds_prefix'"
);
my @p1 = NS_PAIR($ds_prefix);
is(scalar(@p1), 2, 'namespace prefix => uri pair lookup by prefix');
is($p1[0], $ds_prefix, ' first value is requested prefix');
t/20-request.t view on Meta::CPAN
my $plaintext = "SAMLRequest=$payload&SigAlg=$sig_alg";
($payload, $sig_alg, $sig) = map {
s{%([0-9a-f]{2})}{chr(hex($1))}ieg;
$_;
} ($payload, $sig_alg, $sig);
my $b64chr = '[A-Za-z0-9+/]';
like($payload, qr/^$b64chr{200,}=*$/, 'request payload is base64 encoded');
is($sig_alg, 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
"signature algorithm is correct");
like($sig, qr/^$b64chr{200,}=*$/, 'signature is base64 encoded');
my $cert_path = test_conf_file('sp-sign-crt.pem');
my $signer = Authen::NZRealMe->class_for('xml_signer')->new(
pub_cert_file => $cert_path,
);
ok($signer->verify_detached_signature($plaintext, $sig),
'signature verified successfully using public key from cert');
t/25-request-assertion.t view on Meta::CPAN
my $plaintext = "SAMLRequest=$payload&SigAlg=$sig_alg";
($payload, $sig_alg, $sig) = map {
s{%([0-9a-f]{2})}{chr(hex($1))}ieg;
$_;
} ($payload, $sig_alg, $sig);
my $b64chr = '[A-Za-z0-9+/]';
like($payload, qr/^$b64chr{200,}=*$/, 'request payload is base64 encoded');
is($sig_alg, 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
"signature algorithm is correct");
like($sig, qr/^$b64chr{200,}=*$/, 'signature is base64 encoded');
my $cert_path = test_conf_file('sp-sign-crt.pem');
my $signer = Authen::NZRealMe->class_for('xml_signer')->new(
pub_cert_file => $cert_path,
);
ok($signer->verify_detached_signature($plaintext, $sig),
'signature verified successfully using public key from cert');
t/30-xml-sigs-sha1.t view on Meta::CPAN
use File::Spec;
use lib File::Spec->catdir($FindBin::Bin, 'test-lib');
use AuthenNZRealMeTestHelper;
use AuthenNZRealMeSigTestHelper;
use Authen::NZRealMe;
use XML::LibXML;
use Digest::SHA qw(sha1);
use MIME::Base64 qw(encode_base64);
my $dsig_ns = 'http://www.w3.org/2000/09/xmldsig#';
my $uri_exc_c14n = 'http://www.w3.org/2001/10/xml-exc-c14n#';
my $uri_rsa_sha1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
my $uri_env_sig = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature';
my $uri_sha1 = 'http://www.w3.org/2000/09/xmldsig#sha1';
my $dispatcher = 'Authen::NZRealMe';
my $sig_class = $dispatcher->class_for('xml_signer');
ok($INC{'Authen/NZRealMe/XMLSig.pm'}, "loaded Authen::NZRealMe::XMLSig module");
my $signer = $sig_class->new();
isa_ok($signer, 'Authen::NZRealMe::XMLSig');
is($signer->id_attr, undef, 'no default ID attribute name');
t/30-xml-sigs-sha1.t view on Meta::CPAN
$signer->sign($xml, $target_id);
};
is("$@", '', 'signed doc');
like($signed, qr{\A<.*>\z}s, 'return value look like XML');
my $parser = XML::LibXML->new();
my $dom = $parser->parse_string($signed);
my $doc = $dom->getDocumentElement();
my $xc = XML::LibXML::XPathContext->new($dom);
$xc->registerNs( DSIG => $dsig_ns );
is($doc->nodeName, 'assertion', 'parsed signed assertion');
my @children = $xc->findnodes('/*/*');
is(scalar(@children), 2, 'signed doc has new element under root');
my($sig) = @children;
is($sig->localName, 'Signature', 'is a <Signature> element');
is($sig->namespaceURI, $dsig_ns, 'in xmldsig namespace');
my($c14n_method) = $xc->findvalue(
q{//DSIG:Signature/DSIG:SignedInfo/DSIG:CanonicalizationMethod/@Algorithm}
);
is($c14n_method, $uri_exc_c14n, 'c14n method from SignedInfo');
my($sig_method) = $xc->findvalue(
q{//DSIG:Signature/DSIG:SignedInfo/DSIG:SignatureMethod/@Algorithm}
);
is($sig_method, $uri_rsa_sha1, 'signature method from SignedInfo');
t/30-xml-sigs-sha1.t view on Meta::CPAN
my $bin_digest = sha1($xml);
my $sha1_digest = encode_base64($bin_digest, '');
is($sha1_digest, $digest_from_xml, 'manual digest matches digest from sig');
my($sig_value_from_xml) = $xc->findvalue(
q{//DSIG:Signature/DSIG:SignatureValue}
);
$sig_value_from_xml =~ s/\s+//g;
my($sig_info) = $xc->findnodes(q{//DSIG:Signature/DSIG:SignedInfo});
my $plaintext = $sig_info->toStringEC14N(0, '', [$dsig_ns]);
my($key_text) = slurp_file($key_file);
my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($key_text);
$rsa_key->use_pkcs1_padding();
my $bin_signature = $rsa_key->sign($plaintext);
my $sig_value = encode_base64($bin_signature, '');
is($sig_value, $sig_value_from_xml, 'base64 encoded signature');
##############################################################################
t/32-xml-sigs-sha256.t view on Meta::CPAN
use lib File::Spec->catdir($FindBin::Bin, 'test-lib');
use AuthenNZRealMeTestHelper;
use AuthenNZRealMeSigTestHelper;
use Authen::NZRealMe;
use XML::LibXML;
use Digest::SHA qw(sha256);
use MIME::Base64 qw(encode_base64);
my $algorithm = 'sha256';
my $dsig_ns = 'http://www.w3.org/2000/09/xmldsig#';
my $uri_exc_c14n = 'http://www.w3.org/2001/10/xml-exc-c14n#';
my $uri_rsa_sha256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
my $uri_env_sig = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature';
my $uri_sha256 = 'http://www.w3.org/2001/04/xmlenc#sha256';
my $dispatcher = 'Authen::NZRealMe';
my $sig_class = $dispatcher->class_for('xml_signer');
ok($INC{'Authen/NZRealMe/XMLSig.pm'}, "loaded Authen::NZRealMe::XMLSig module");
my %init = (
signature_algorithm => 'rsa_sha256',
reference_digest_method => 'sha256',
t/32-xml-sigs-sha256.t view on Meta::CPAN
$signer->sign($xml, $target_id);
};
is("$@", '', 'signed doc');
like($signed, qr{\A<.*>\z}s, 'return value look like XML');
my $parser = XML::LibXML->new();
my $dom = $parser->parse_string($signed);
my $doc = $dom->getDocumentElement();
my $xc = XML::LibXML::XPathContext->new($dom);
$xc->registerNs( DSIG => $dsig_ns );
is($doc->nodeName, 'assertion', 'parsed signed assertion');
my @children = $xc->findnodes('/*/*');
is(scalar(@children), 2, 'signed doc has new element under root');
my($sig) = @children;
is($sig->localName, 'Signature', 'is a <Signature> element');
is($sig->namespaceURI, $dsig_ns, 'in xmldsig namespace');
my($c14n_method) = $xc->findvalue(
q{//DSIG:Signature/DSIG:SignedInfo/DSIG:CanonicalizationMethod/@Algorithm}
);
is($c14n_method, $uri_exc_c14n, 'c14n method from SignedInfo');
my($sig_method) = $xc->findvalue(
q{//DSIG:Signature/DSIG:SignedInfo/DSIG:SignatureMethod/@Algorithm}
);
is($sig_method, $uri_rsa_sha256, 'signature method from SignedInfo');
t/32-xml-sigs-sha256.t view on Meta::CPAN
my $bin_digest = sha256($xml);
my $sha1_digest = encode_base64($bin_digest, '');
is($sha1_digest, $digest_from_xml, 'manual digest matches digest from sig');
my($sig_value_from_xml) = $xc->findvalue(
q{//DSIG:Signature/DSIG:SignatureValue}
);
$sig_value_from_xml =~ s/\s+//g;
my($sig_info) = $xc->findnodes(q{//DSIG:Signature/DSIG:SignedInfo});
my $plaintext = $sig_info->toStringEC14N(0, '', [$dsig_ns]);
my($key_text) = slurp_file($key_file);
my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($key_text);
$rsa_key->use_pkcs1_oaep_padding();
$rsa_key->use_sha256_hash();
my $bin_signature = $rsa_key->sign($plaintext);
my $sig_value = encode_base64($bin_signature, '');
is($sig_value, $sig_value_from_xml, 'base64 encoded signature');
##############################################################################
t/35-xml-sig-units.t view on Meta::CPAN
use AuthenNZRealMeTestHelper;
use Authen::NZRealMe;
use XML::LibXML;
my $dispatcher = 'Authen::NZRealMe';
my $sig_class = $dispatcher->class_for('xml_signer');
my $idp_cert_file = test_conf_file('idp-assertion-sign-crt.pem');
my $idp_key_file = test_conf_file('idp-assertion-sign-key.pem');
my @ns_ds = (ds => 'http://www.w3.org/2000/09/xmldsig#');
my($verifier, $signer, $xml, $xc, $node, $input, $output, $error);
##############################################################################
# Transform methods
$verifier = $sig_class->new(
pub_cert_text => slurp_file($idp_cert_file),
);
t/35-xml-sig-units.t view on Meta::CPAN
$xc = parse_xml_to_xc($input, 'doc' => 'https://example.com/doc/');
($frag) = $xc->findnodes('//doc:Doc');
isa_ok($frag => 'XML::LibXML::Element', 'fragment node');
$output = $verifier->_apply_transform($tr_by_name, [$xc, $frag]);
is($output, $expected, 'canonical output (from DOM fragment)');
ok('1', '===== Enveloped Signature =====');
$tr_by_name = $verifier->_find_transform('env_sig');
$tr_by_uri = $verifier->_find_transform('http://www.w3.org/2000/09/xmldsig#enveloped-signature');
is(ref($tr_by_name) => 'HASH', 'found env-sig by name');
is(ref($tr_by_uri) => 'HASH', 'found env-sig by URI');
is($tr_by_name->{uri} => $tr_by_uri->{uri}, 'same transform URI');
is($tr_by_name->{method} => $tr_by_uri->{method}, 'same transform method name');
$input = q{<Doc><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<content>Random stuff goes here</content>
<!-- Nobody would put a comment in their <Signature> -->
</dsig:SignedInfo>
</dsig:Signature>
<Title>Example Document</Title><!-- a comment -->
</Doc>};
$expected = q{<Doc>
<Title>Example Document</Title><!-- a comment -->
</Doc>};
$output = $verifier->_apply_transform($tr_by_name, $input);
isa_ok($output => 'ARRAY', 'fragment node');
$output = $output->[1];
t/35-xml-sig-units.t view on Meta::CPAN
isa_ok($output => 'XML::LibXML::Element', 'transformed document node');
is($output->toStringEC14N(1), $expected, 'env-sig output (from DOM fragment)');
ok('1', '===== SHA1 Digest =====');
$input = q{<Doc>
<Title>Example Document</Title><!-- a comment -->
</Doc>};
$tr_by_name = $verifier->_find_transform('sha1');
$tr_by_uri = $verifier->_find_transform('http://www.w3.org/2000/09/xmldsig#sha1');
is(ref($tr_by_name) => 'HASH', 'found sha1 by name');
is(ref($tr_by_uri) => 'HASH', 'found sha1 by URI');
is($tr_by_name->{uri} => $tr_by_uri->{uri}, 'same transform URI');
is($tr_by_name->{method} => $tr_by_uri->{method}, 'same transform method name');
$output = $verifier->_apply_transform($tr_by_name, $input);
is($output, 'zCGTIejOvqGvd6KSmlk4aFOW4Ro=', 'sha1 digest output (from string)');
# No test for sha1 digest with a DOM fragment as input - since any sane
t/35-xml-sig-units.t view on Meta::CPAN
##############################################################################
# Parse out an 'enveloped signature' from a document
ok('1', '===== Parsing of <Signature> blocks =====');
$verifier = $sig_class->new(
pub_cert_text => slurp_file($idp_cert_file),
);
$xml = q{<Container><Assertion ID="Idd02c7c2232759874e1c205587017bed"><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#Idd02c7c2232759874e1c205587017bed">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>Wgb21Ak30ZPTzFKw5uPlRzVd7zo=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
oO8JbDW0l0b3KmqAu2LryU2gHTQTGaUrwOyURv/r5YHLa3mtqlF4Gkq3qy7kEgCb
Pqwq1JHuvoG1XZ6j0StSkt+mK12AOubIuLXT/SKBU4X7MBv0HwfL5U1XXEMV8mG8
t67f2kdOBJMeVIKU3Unw9fIWhKSjSeTArqNAdk1yCWS2NmpfG7Peu59mwqve7QTh
8KaD9Ro+PYHpYnB2Ah8OPofo7ym0hK85eM753W/SlWBf4aj5yuZGUCPv3k3sXMbe
VJfZ6GIwOJeGPRuGAZe8zDVsuXwnTeB6pW8huqGJduUP/JPi1LaUjpMRG3+R7yAh
IkDsvPCXLAeAjQ7jeucNpg==
</dsig:SignatureValue>
</dsig:Signature>
<Identity>
<Name>Bob</Name><!-- no surname -->
<DateOfBirth>1954-03-21</DateOfBirth>
</Identity>
</Assertion>
<Unsafe>
<Assertion>Elvis is alive</Assertion>
</Unsafe>
</Container>
};
t/35-xml-sig-units.t view on Meta::CPAN
is($c14n->{name} => 'ec14n', ' name');
is($c14n->{uri} => 'http://www.w3.org/2001/10/xml-exc-c14n#', ' uri');
is($c14n->{method} => '_apply_transform_ec14n', ' method');
my $xc_inp = [ $xc, $sig->{sig_info_node} ];
my $sig_info_plaintext = $verifier->_apply_transform($c14n, $xc_inp);
$sig_alg = $sig->{signature_algorithm};
is(ref($sig_alg) => 'HASH', 'signature method is defined');
is($sig_alg->{name} => 'rsa_sha1', ' name');
is($sig_alg->{uri} => 'http://www.w3.org/2000/09/xmldsig#rsa-sha1', ' uri');
is($sig_alg->{sign_method} => '_create_signature_rsa_sha1', ' sign_method');
is($sig_alg->{verify_method} => '_verify_signature_rsa_sha1', ' verify_method');
is($sig->{signature_value} =>
'oO8JbDW0l0b3KmqAu2LryU2gHTQTGaUrwOyURv/r5YHLa3mtqlF4Gkq3qy7kEgCb'
. 'Pqwq1JHuvoG1XZ6j0StSkt+mK12AOubIuLXT/SKBU4X7MBv0HwfL5U1XXEMV8mG8'
. 't67f2kdOBJMeVIKU3Unw9fIWhKSjSeTArqNAdk1yCWS2NmpfG7Peu59mwqve7QTh'
. '8KaD9Ro+PYHpYnB2Ah8OPofo7ym0hK85eM753W/SlWBf4aj5yuZGUCPv3k3sXMbe'
. 'VJfZ6GIwOJeGPRuGAZe8zDVsuXwnTeB6pW8huqGJduUP/JPi1LaUjpMRG3+R7yAh'
. 'IkDsvPCXLAeAjQ7jeucNpg==',
t/35-xml-sig-units.t view on Meta::CPAN
my($ref1) = @$refs;
is(ref($ref1) => 'HASH', 'first (and only) reference');
is($ref1->{ref_id} => 'Idd02c7c2232759874e1c205587017bed', ' ref_id');
my $trans = $ref1->{transforms};
is(ref($trans) => 'ARRAY', ' transforms defined');
is(scalar(@$trans) => 2, ' exactly two in list');
my $t1 = $trans->[0];
is($t1->{name} => 'env_sig', ' t1 name');
is($t1->{uri} => 'http://www.w3.org/2000/09/xmldsig#enveloped-signature', ' t1 uri');
is($t1->{method} => '_apply_transform_env_sig', ' t1 method');
my $t2 = $trans->[1];
is($t2->{name} => 'ec14n', ' t2 name');
is($t2->{uri} => 'http://www.w3.org/2001/10/xml-exc-c14n#', ' t2 uri');
is($t2->{method} => '_apply_transform_ec14n', ' t2 method');
my $digm = $ref1->{digest_method};
is(ref($digm) => 'HASH', ' digest method is defined');
is($digm->{name} => 'sha1', ' name');
is($digm->{uri} => 'http://www.w3.org/2000/09/xmldsig#sha1', ' uri');
is($digm->{method} => '_apply_transform_sha1', ' method');
is($ref1->{digest_value} => 'Wgb21Ak30ZPTzFKw5uPlRzVd7zo=', ' digest_value');
my $id_attr = $verifier->id_attr;
is($id_attr => undef, 'no default attribute name for references');
$node = $ref1->{xml_node};
my $node_xml = $node->toString();
t/35-xml-sig-units.t view on Meta::CPAN
my($assertion) = $xc->findnodes('/Container/Assertion');
$input = [ $xc, $assertion ];
$output = $verifier->_apply_transform($t1, $input);
is(ref($output) => 'ARRAY', 'transform 1 output');
my $x1_node = $output->[1];
isa_ok($x1_node => 'XML::LibXML::Element', 'transformed output node');
my $x1_xml = $x1_node->toString();
like($x1_xml => qr{\A<Assertion\b}, ' top level tag is <Assertion>');
like($x1_xml => qr{<Identity\b}, ' included child tag <Identity>');
like($x1_xml => qr{<!-- no surname -->}, ' included comment');
unlike($x1_xml => qr{<dsig:Signature\b}, ' child tag <Signature> not included');
# Apply second transform listed above
$input = $output;
$output = $verifier->_apply_transform($t2, $input);
is(ref($output) => '', 'transform returned a string');
like($output => qr{\A<Assertion\b}, ' top level tag is <Assertion>');
like($output => qr{<Identity\b}, ' included child tag <Identity>');
unlike($output => qr{<!-- no surname -->}, ' comment omitted');
unlike($output => qr{<dsig:Signature\b}, ' child tag <Signature> not included');
is($output => q{<Assertion ID="Idd02c7c2232759874e1c205587017bed">
<Identity>
<Name>Bob</Name>
<DateOfBirth>1954-03-21</DateOfBirth>
</Identity>
</Assertion>}, ' canonical form');
# Apply digest method
$input = $output;
$output = $verifier->_apply_transform($digm, $input);
t/35-xml-sig-units.t view on Meta::CPAN
my $sig_xml = $signer->_make_sig_xml(
$xc,
references => [
{
ref_id => 'Idd02c7c2232759874e1c205587017bed',
}
],
);
is($sig_xml, q{<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#Idd02c7c2232759874e1c205587017bed">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>Wgb21Ak30ZPTzFKw5uPlRzVd7zo=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
oO8JbDW0l0b3KmqAu2LryU2gHTQTGaUrwOyURv/r5YHLa3mtqlF4Gkq3qy7kEgCbPqwq1JHuvoG1
XZ6j0StSkt+mK12AOubIuLXT/SKBU4X7MBv0HwfL5U1XXEMV8mG8t67f2kdOBJMeVIKU3Unw9fIW
hKSjSeTArqNAdk1yCWS2NmpfG7Peu59mwqve7QTh8KaD9Ro+PYHpYnB2Ah8OPofo7ym0hK85eM75
3W/SlWBf4aj5yuZGUCPv3k3sXMbeVJfZ6GIwOJeGPRuGAZe8zDVsuXwnTeB6pW8huqGJduUP/JPi
1LaUjpMRG3+R7yAhIkDsvPCXLAeAjQ7jeucNpg==
</dsig:SignatureValue>
</dsig:Signature>}, 'generated signature block');
done_testing();
exit;
sub parse_xml_to_xc {
my $xml_source = shift;
my $parser = XML::LibXML->new();
t/39-icms-req.t view on Meta::CPAN
my $sp_key_file = test_conf_file('sp-sign-key.pem');
my $sp_cert_file = test_conf_file('sp-sign-crt.pem');
my @all_ns = (
[ soap12 => 'http://www.w3.org/2003/05/soap-envelope' ],
[ wsse => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' ],
[ wsu => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' ],
[ wst => 'http://docs.oasis-open.org/ws-sx/ws-trust/200512' ],
[ wsa => 'http://www.w3.org/2005/08/addressing' ],
[ icms => 'urn:nzl:govt:ict:stds:authn:deployment:igovt:gls:iCMS:1_0' ],
[ ds => 'http://www.w3.org/2000/09/xmldsig#' ],
);
my $conf_dir = test_conf_dir();
my $sp = Authen::NZRealMe->service_provider(
conf_dir => $conf_dir,
type => 'assertion',
);
ok(1, 'loaded required modules');
t/80-resolve-identity.t view on Meta::CPAN
xml_found_node_ok($xml, q{/soap:Envelope});
xml_node_content_is($xml,
q{/soap:Envelope/soap:Header/wsa:To},
'https://ws.test.logon.fakeme.govt.nz/icms/Validate_v1_1'
);
xml_node_content_is($xml,
q{/soap:Envelope/soap:Header/wsse:Security/ds:Signature/ds:SignedInfo/ds:SignatureMethod/@Algorithm},
'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
);
xml_node_content_is($xml,
q{/soap:Envelope/soap:Header/wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference[1]/ds:DigestMethod/@Algorithm},
'http://www.w3.org/2001/04/xmlenc#sha256'
);
isa_ok($resp => 'Authen::NZRealMe::ResolutionResponse', 'resolution response');
t/82-resolve-identity-sha256.t view on Meta::CPAN
xml_found_node_ok($xml, q{/soap:Envelope});
xml_node_content_is($xml,
q{/soap:Envelope/soap:Header/wsa:To},
'https://ws.test.logon.fakeme.govt.nz/icms/Validate_v1_1'
);
xml_node_content_is($xml,
q{/soap:Envelope/soap:Header/wsse:Security/ds:Signature/ds:SignedInfo/ds:SignatureMethod/@Algorithm},
'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
);
xml_node_content_is($xml,
q{/soap:Envelope/soap:Header/wsse:Security/ds:Signature/ds:SignedInfo/ds:Reference[1]/ds:DigestMethod/@Algorithm},
'http://www.w3.org/2001/04/xmlenc#sha256'
);
isa_ok($resp => 'Authen::NZRealMe::ResolutionResponse', 'resolution response');
t/signed-docs/01-simple-rsa-sha1.xml view on Meta::CPAN
<?xml version="1.0"?>
<Assertion ID="Ib5e950082ce111e988f41b7fadf9e9a3"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Ib5e950082ce111e988f41b7fadf9e9a3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>RSRMgt2nJ2aSXvDoyAS/HNqOFz8=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Jza1i9L+WKt8Xi8Yx9eTCZk6voK5AwKuavym2hlNdha/XClNbC+UHj+Yk87mIjWE
rg9hPOgG7yg09+3gb6SBpxXmrGa4LaQH28hByPSPblgZ3+5VViIliS4IzxbsBXHp
A4Tb+906JgGWVw4L9cqLchXOhB4TMSSUXRlVKWEXiIXCCTL/r9YsB06GOhs6wENZ
mZdiBdd9E+BO5VRapvNuGyWkYWSH/EirtY0/g0yFDLYVHPahkBijpbpBCBi/W2mv
pmW2Z6DJ0Zj2OSm78CvA08ILZhFYfP4I4bGdB9mczABoSUktJfyuaYIQjUYhKi+J
r0Vkdj7/4n32i5D4+wLxOQ==</SignatureValue>
</Signature>
t/signed-docs/02-simple-rsa-sha256.xml view on Meta::CPAN
<?xml version="1.0"?>
<Assertion ID="Ib5e950082ce111e988f41b7fadf9e9a3"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#Ib5e950082ce111e988f41b7fadf9e9a3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>lcdBCAysBLLdG79t9QegGzNxzeK7j1Dz5PBgG9Wlo9Q=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>yhx13PL/avrllbYFHEgT6ZntK4wplZ3VgqnUfRr41cTWTkt8OZ+NW6DwsWW1lOzR
HFjXw47/hk4OnvT4QV8MxyzlWhVdf5Uk+Cc9GmqX+1/Y8uD/IOfnvG9vIU4xfP33
QSILOy3ksXG8P4wG8e/JHpvDjFlzVxAN7Gg7sICMZxGR0+Bgt9d7ZN+ihtB4bLX9
tzhHa8qCB0SMkWbs0eYdsBSL/d6OrI3543uSI3OYCgxH/+YPPvKqgxOBxwhVvPEx
t/signed-docs/10-login-assertion-rsa-sha1.xml view on Meta::CPAN
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.logon.fakeme.govt.nz/saml2</saml:Issuer>
<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="se4a936f0ba782ef198f8f06cac15d9592efe18c16" InResponseTo="f1336050622595451077ff6417b42ebe1b841cd2d" Version="2.0" IssueInstant="2015-11-14T21:08:29Z" Destination="https://test....
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.logon.fakeme.govt.nz/saml2</saml:Issuer>
<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="se342528062b725c2e1a9aafb3b1f9454609a4bde5" IssueInstant="2015-11-14T21:08:29Z" Version="2.0">
<saml:Issuer>https://test.logon.fakeme.govt.nz/saml2</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#se342528062b725c2e1a9aafb3b1f9454609a4bde5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>QsSsfMHtiJfYSj/YMGWHAOHuDbA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Tgrix4i+hLlCJQgTOX5jPOBctLmKyKZGI88/jUZin71HLTw/dAPCFRbmhy7YB18w
CfryYZOeG2MKb+tSXTXcExN3aScKr3XSLvU3+0n3mGGSpjRoFVxrXIqPTHPm9BSv
XSAxutszN+v1juy/yvgbK7tZGYj/qm7IXJjeAKAmpwmjGSwllC9HwAGDxxSWCe40
RwuAy6vIXny5GAWAzymnXCHgPVqJjjF0+htIHi4MWYEuMlZ17i6NVKWL2xEgtY6f
MJGQv9d6VXdvSrydOhMpDKi30o+uBqiphe+H9W3SnuprxOVvdUZ4tg/Y6GeQ4lf7
uaCNY8k1+UlGqYPAK2S6bg==</ds:SignatureValue>
<ds:KeyInfo>
t/signed-docs/11-login-assertion-rsa-sha256.xml view on Meta::CPAN
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.logon.fakeme.govt.nz/saml2</saml:Issuer>
<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="sfd16f287f31f33ce7e0e7c538421613e79bb4cd95" InResponseTo="a9a9a51c7d0728ba4c2903e2de9dc09b1dbaea0a5" Version="2.0" IssueInstant="2015-09-11T21:37:29Z" Destination="https://tes...
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.logon.fakeme.govt.nz/saml2</saml:Issuer>
<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s5405e59611f4be02416a7d5fe32ad2daa1c778354" IssueInstant="2015-09-11T21:37:29Z" Version="2.0">
<saml:Issuer>https://test.logon.fakeme.govt.nz/saml2</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#s5405e59611f4be02416a7d5fe32ad2daa1c778354">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>SPBs+d5V7StK/btj7t9JSQrU8IUUiSprn6fmvU7EAXY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>DgTU6wPmYzialRBJ4qRGpO74YCTnqwiu+whDhz8ZvWvW3bTEAmL45lzA/iw7do5q
OOoHWbFWBOiUquG7h0GhKhs6BdxWZ+emQJd2vO3p4P1HMaBHgngkwrUPnnt+d9nc
l8/OFNtG813MNGMSpO/HDeeiOPwimAHTUdXEzhGGLQ9+SSafvjXaTmT8PcDyLcY5
inDPWVKI++9ZkjvTxRw22y+0GutqyVXYV3D4IR0l6svfFMCjUbyQHqNoGofuXU66
t/signed-docs/20-identity-assertion-rsa-sha1.xml view on Meta::CPAN
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Body><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s207fec6cd451cbc7073b01d8dd907edaf7c2040ba" InResponseTo="d2fc1de338a84b2cb5a6...
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s25561e95ea40a6fa337adfcbfb61343385a0a3f57" InResponseTo="fb015601b411971db9e258f12f4b1c107" Version="2.0" IssueInstant="2014-05-29T20:50:52Z" Destination="https://...
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s232bee9e49e5da3050735c11aa1e412f5a298cd28" IssueInstant="2014-05-29T20:50:52Z" Version="2.0">
<saml:Issuer>https://test.fakeme.govt.nz/fakemetest/fakemeidp</saml:Issuer><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#s232bee9e49e5da3050735c11aa1e412f5a298cd28">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>xReppELzBkxVTck/G0Ps6gDOGxA=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>NboUAPyKAAusmp8pG1RY+U2qqWRkPRxFK/q6kitMNEifYmxapCssYPHQtHBf8xS5E1txpvMfSW/R
VxYw7RnR53sXj4/hUl48h/bIT867cnAzrHzXivpkhGmIYUgHm5RIY0UFYZLEWrDrTkpLgDwNThLl
BQdYZa3zOH/PcXmZKelbc1twAY60NrZ3Wd61RCigrY5CKS1FldCkdikgq/1dnp40P/gWZFQn+L9B
TMd7k5Lvpq/9X6EUoQm//pflWXiKPq6K9h6Fv8EyW2FVbUnFVJ5g0bKGUPcMk8sk9PMQu6S0NCfW
k3YGo67HtDxsr4UE4tLI/FYg6zVDi3kG4KLxEg==
</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509Certificate>
MIIDLzCCAhegAwIBAgIJAJys5okjA3N3MA0GCSqGSIb3DQEBBQUAMC4xLDAqBgNV
BAMMI3Rlc3Quc2lnbmluZy5hY2NvdW50LmZha2VtZS5nb3Z0Lm56MB4XDTE0MDUz
MDAwNTkwMFoXDTE0MDYyOTAwNTkwMFowLjEsMCoGA1UEAwwjdGVzdC5zaWduaW5n
LmFjY291bnQuZmFrZW1lLmdvdnQubnowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDNQWtXKquqhfJt/X8C8Gyg9+2LrhcCvQdyXnTVAITItV1kTk+l2tze
QNo7yU0Z9i692Gn+UBobPoRwmHgCXu6ZyKxH1qOBqwnqyhhezYSQNm8ReBaSPlP1
yYswDvY+/N9MBAcZvCt8BSNz4Tsv+gP7WrHOx5U0zrSkVcEGhaCcLFsdo3R2SMFP
xvVpRmIqRPKzyANZqyoMtoRnIhxyuppaO1fSKvy1TG0SK7dLDVWIn2NPMZMpvZsG
9JorBAeit5nO/eE8GSxe/i8lvjIuZS/Rc57+71RmeemFz+MbIGZ4tU+YqY0SupXz
24E0dIsMzSl3rXEU/VD9L4etaxz0pz4ZAgMBAAGjUDBOMB0GA1UdDgQWBBQfsK+Y
Bi2/Vk+Fvyc22UEvhx1QQTAfBgNVHSMEGDAWgBQfsK+YBi2/Vk+Fvyc22UEvhx1Q
QTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBXgE/zv3lWxf7e3nGc
Xpl6JBPv2cB7nwDjeoDxRwx2oThuRoFLtrFmjonrUZIMUWapUBGA+/WjMlq9GuB2
a1UUx4izOPX9QDHzPTewuDO4tiyI+vTXrXno+8CW7wOi9OwOVaiY8X677nPhJUIP
LBcBdweYxC7nLdhNLKEXMyRXlg/mD5ACDQAAiUbs/yx3Br4K3YQyM7oZOCAfJR4+
whCR4OTRYNM1bH7LQNM88N6EPyRnkP3mJpu0HH2wNFOc1hfF2hq9Icwu3VhsQLnm
nv8TV6OwdEoqMNCPozBegc27rf6AixerOnOJk1hMVLq4GM3Dy0O1qPC3tniFbzUv
gCNF
</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
</dsig:Signature><saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://test.fakeme.govt.nz/fakemetest/fakemeidp">fb015601b411971db9e258f12f4b1c107</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm...
<saml:SubjectConfirmationData InResponseTo="fb015601b411971db9e258f12f4b1c107" NotOnOrAfter="2014-05-29T21:00:52Z" Recipient="https://samltest.taka.wgtn.cat-it.co.nz/saml2/acs"/></saml:SubjectConfirmation>
</saml:Subject><saml:Conditions NotBefore="2014-05-29T20:40:52Z" NotOnOrAfter="2014-05-29T21:00:52Z">
<saml:AudienceRestriction>
<saml:Audience>https://www.example.govt.nz/app/sample-identity</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-05-29T20:48:08Z" SessionIndex="s2c4b3c5e2c06fcd517b9124ae6198a7a0cb352401"><saml:AuthnContext><saml:AuthnContextClassRef>urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:ModStrength</saml:AuthnCon...
t/signed-docs/30-encrypted-assertion-and-flt-json.xml view on Meta::CPAN
<?xml version="1.0"?>
<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_5d390cd7-ec58-43d6-8b51-89867380e95b" InResponseTo="d70e226fd22aea999d43b...
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://test.fakeme.govt.nz/saml2</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:EncryptedAssertion>
<saml:Assertion xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_836fed88-04ee-4c4a-92ad-dd80ea49bf93" Version="2.0" IssueInstant="2020-11-26T01:17:56.5607921Z">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://test.fakeme.govt.nz/saml2</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_836fed88-04ee-4c4a-92ad-dd80ea49bf93">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="saml samlp xenc xs"/>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>7poBpKNklnk/CXRtoAH2fqx6pnq5F91P2wGjHXnbfHA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>A7SnHvFt6F/mc5CeI8wTRAyM6Yn8/vhyRj7O3I4MlbdHlsCDpwsMZyeK6utNR3XO
Q9cQHHtB9pXWQqtrj0caqCeiidziE/3fAasHzi0JfpQRl3DMbfYwQo9S2Ko2giu3
t/signed-docs/README view on Meta::CPAN
The 'xmlsec' tool (https://www.aleksey.com/xmlsec/) was used from the
command-line as follows:
1. Install debian package 'xmlsec1'.
2. Create an unsigned XML document (e.g.: doc.xml).
3. Add a template <Signature /> element like this (vary as required):
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue/>
</Reference>
</SignedInfo>
<SignatureValue/>
</Signature>
4. Fill in the URI attribute of the <Reference> element with "#id-value" where
"id-value" matches an attribute called (for example) "ID".
5. Sign using a command like this (in this example, the ID attribute was on an
t/test-conf/metadata-assertion-idp.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
entityID="https://test.fakeme.govt.nz/fakemetest/fakemeidp"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor
WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIDLzCCAhegAwIBAgIJAJys5okjA3N3MA0GCSqGSIb3DQEBBQUAMC4xLDAqBgNV
BAMMI3Rlc3Quc2lnbmluZy5hY2NvdW50LmZha2VtZS5nb3Z0Lm56MB4XDTE0MDUz
MDAwNTkwMFoXDTE0MDYyOTAwNTkwMFowLjEsMCoGA1UEAwwjdGVzdC5zaWduaW5n
LmFjY291bnQuZmFrZW1lLmdvdnQubnowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDNQWtXKquqhfJt/X8C8Gyg9+2LrhcCvQdyXnTVAITItV1kTk+l2tze
QNo7yU0Z9i692Gn+UBobPoRwmHgCXu6ZyKxH1qOBqwnqyhhezYSQNm8ReBaSPlP1
yYswDvY+/N9MBAcZvCt8BSNz4Tsv+gP7WrHOx5U0zrSkVcEGhaCcLFsdo3R2SMFP
xvVpRmIqRPKzyANZqyoMtoRnIhxyuppaO1fSKvy1TG0SK7dLDVWIn2NPMZMpvZsG
t/test-conf/metadata-assertion-sp.xml view on Meta::CPAN
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
validUntil="2014-08-15T06:22:16Z"
entityID="https://www.example.govt.nz/app/sample-identity">
<SPSSODescriptor WantAssertionsSigned="true"
AuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDxTCCAq2gAwIBAgIIUYj2Ddm1I5QwDQYJKoZIhvcNAQEFBQAwSzEoMCYGA1UE
AxMfbXRzLnNhLnNhbWwuc2lnLmV4YW1wbGUuZ292dC5uejEfMB0GA1UEChMWRGVw
t/test-conf/metadata-login-idp.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
entityID="https://test.fakeme.govt.nz/saml2"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor
WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIDLzCCAhegAwIBAgIJAJys5okjA3N3MA0GCSqGSIb3DQEBBQUAMC4xLDAqBgNV
BAMMI3Rlc3Quc2lnbmluZy5hY2NvdW50LmZha2VtZS5nb3Z0Lm56MB4XDTE0MDUz
MDAwNTkwMFoXDTE0MDYyOTAwNTkwMFowLjEsMCoGA1UEAwwjdGVzdC5zaWduaW5n
LmFjY291bnQuZmFrZW1lLmdvdnQubnowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDNQWtXKquqhfJt/X8C8Gyg9+2LrhcCvQdyXnTVAITItV1kTk+l2tze
QNo7yU0Z9i692Gn+UBobPoRwmHgCXu6ZyKxH1qOBqwnqyhhezYSQNm8ReBaSPlP1
yYswDvY+/N9MBAcZvCt8BSNz4Tsv+gP7WrHOx5U0zrSkVcEGhaCcLFsdo3R2SMFP
xvVpRmIqRPKzyANZqyoMtoRnIhxyuppaO1fSKvy1TG0SK7dLDVWIn2NPMZMpvZsG
t/test-conf/metadata-login-sp.xml view on Meta::CPAN
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
validUntil="2014-08-15T06:22:16Z"
entityID="https://www.example.govt.nz/app/sample-login">
<SPSSODescriptor WantAssertionsSigned="true"
AuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDxTCCAq2gAwIBAgIIUYj2Ddm1I5QwDQYJKoZIhvcNAQEFBQAwSzEoMCYGA1UE
AxMfbXRzLnNhLnNhbWwuc2lnLmV4YW1wbGUuZ292dC5uejEfMB0GA1UEChMWRGVw
t/test-data/encrypted-assertion-and-flt-json.xml.template view on Meta::CPAN
Version="2.0"
IssueInstant="2020-11-26T01:17:56.6557903Z"
Destination="https://www.example.govt.nz/app/sample/login-acs">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://test.fakeme.govt.nz/saml2</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:EncryptedAssertion>
<saml:Assertion xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_836fed88-04ee-4c4a-92ad-dd80ea49bf93" Version="2.0" IssueInstant="2020-11-26T01:17:56.5607921Z">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://test.fakeme.govt.nz/saml2</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_836fed88-04ee-4c4a-92ad-dd80ea49bf93">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="saml samlp xenc xs"/>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
</SignatureValue>
t/test-data/icms-req-unsigned.xml view on Meta::CPAN
<wsu:Timestamp wsu:Id="a00d40059264bb32f4f774bc3378c7addb0140a5b">
<wsu:Created>2019-02-14T08:29:56Z</wsu:Created>
<wsu:Expires>2019-02-14T08:34:56Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="c37b3b3b88c6b5d4fe2b8b7460bcdbdd393e262d2">
<wst:RequestSecurityToken>
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate</wst:RequestType>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:ValidateTarget><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_57c78500-30cc-11e9-ae4b-5397601cc114" IssueInstant="2015-08-08T03:03:48.490Z" Version="2.0"><dsig:Signatur...
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#_57c78500-30cc-11e9-ae4b-5397601cc114">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>FmYje7BSRNSveQEqNXhchUtz7bE=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
ZLsY1q2NRGykReW9FRFXFElHtzk2C/JEWK/7VhEoqZfUhcmpPxyTLHJnfYbZBJImo4Eb0cPTWa3/
A8BCdE/5TD0/K0t4vVi1UUCKw2H3yv3Yew8lm4JBd2PZ/mc83+Wib5Z1WR5wcpm7Avyzn4/F0/gC
IkGdqw9cwb2yz/F8szfoQz9MAHmByO8VVLGCWSVyxKnB5MxdND3Tdn05JWIxJ+bVt/sCfjexxq9R
JktDW9n2O3Ke/L4/ZEHwwPEdurCp8MaflrB/wmSqmtJ0Qf+QPfkXvtQP20zPEGFOaNtYrUobW1jJ
xf43E/AxxZzq4FagsancK5Uq/hexOdIo9tvXXQ==
</dsig:SignatureValue>
</dsig:Signature>
<saml2:Issuer>https://test.logon.fakeme.govt.nz/icms</saml2:Issuer>
<saml2:Subject>
<saml2:EncryptedID>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_27ac55263f1b9a230d9d65af8503cc5a" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_6f6a9156ab07f772d0cdbe3590d93a55"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>bheuUITkTQ72zvcV7tZfxeVldZAHbkOeMiTGbwq4DQZafZ6yxiBbLbwJ5tnPKSzbvDFQ3TzIrXjg1b5L81X3sYhnh9rx8Pvc6sHI17dL7bpIUY9jUi/5jzGKqnZ+sVYtbR27fF5+8c80T0M5YiihJaOAO1brAU4azhLcbn3DMbSogDDchCROH7z/fCBFJdeoAmj1OaDAf7HLIzL/qYCa8MHkeQtc7q...
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_6f6a9156ab07f772d0cdbe3590d93a55">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<xenc:CipherData>
<xenc:CipherValue>9n0GRJATQAKkxXRYVtskYvaGiw8VqP2+L9teZ72biAyxCrWgHBz8m9zfsL9A85vwPn1tvK0iVBPQ+rfncZLYdDJi/y/aETs/Iq9XSI00R6noMwVHSe1EhJLIEP7lb4l0vs9S11QfGG8zmKrMWFBS0Kl2e58f9pF9Le0LTfAwvOucR2rDgbuZn3TEKZ26ra68VTNMNuBRpyMVisA4Wk10/3Ur1V+zma...
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_27ac55263f1b9a230d9d65af8503cc5a"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml2:EncryptedID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
t/test-data/icms-response-1.xml view on Meta::CPAN
<wsu:Timestamp wsu:Id="TS-233513">
<wsu:Created>2014-05-29T20:54:08.123Z</wsu:Created>
<wsu:Expires>2014-05-29T20:59:08.123Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-151184977">
<wst:RequestSecurityTokenResponse xmlns:icms="urn:nzl:govt:ict:stds:authn:deployment:igovt:gls:iCMS:1_0" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsse="http://docs.oasis-open....
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:RequestedSecurityToken>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="I6de7887882fb42908ca6a291c7fb1dc8" IssueInstant="2014-06-04T02:17:58.881Z" Version="2.0"><dsig:Signature xmlns:dsig="http://w...
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="#I6de7887882fb42908ca6a291c7fb1dc8">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>treXvgaW2xJdHw6qYuTKWq5YdqI=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
VgtJ9fKpi3ZtP++oIJ3w3Msulep/jQylSEtiACP/9qnVb3gzsXJ2/ZNRCfX4+ebbsgIo9YQq5JjU
Tr9IYHUYyNHihRBvPFdu+tus3G2rXoDXjTqhP6EyNhlrGt3IFQFFYaM1InUJ3eJGBquD6wvKzJ6g
DAQ03J542WT8Sp4ivPqp7CkSEVy9vem7V4plFjWRzFxNlo44xf+XNDW6TW7Ah5LuJ7S6vwuYU55F
Hnxzf2qRmvXzZ5vsYxo4P/Xxz4vm0Yjxs/qWSS7zPtq0oyk2y2GRhN00d3gEYBUwM05bU84cKXyJ
PrI/YtVINu/5BwAQQz0TvYIQPhO31vtM+KU3tw==
</dsig:SignatureValue>
</dsig:Signature>
<saml2:Issuer>https://test.logon.fakeme.govt.nz/icms</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://test.logon.fakeme.govt.nz/saml2" SPNameQualifier="https://www.example.govt.nz/app/sample-identity">BLAHBLAHBLAH</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
</saml2:Subject>
<saml2:Conditions NotBefore="2014-05-29T20:54:08.000Z" NotOnOrAfter="2014-05-29T21:54:08.123Z">
<saml2:AudienceRestriction>
<saml2:Audience>https://www.example.govt.nz/app/sample-identity</saml2:Audience>
<saml2:Audience>https://test.logon.fakeme.govt.nz/icms#Issue</saml2:Audience>
</saml2:AudienceRestriction>
t/test-data/identity-assertion-1.xml view on Meta::CPAN
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Body><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s207fec6cd451cbc7073b01d8dd907edaf7c2040ba" InResponseTo="d2fc1de338a84b2cb5a6...
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s25561e95ea40a6fa337adfcbfb61343385a0a3f57" InResponseTo="fb015601b411971db9e258f12f4b1c107" Version="2.0" IssueInstant="2014-05-29T20:50:52Z" Destination="https://...
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s232bee9e49e5da3050735c11aa1e412f5a298cd28" IssueInstant="2014-05-29T20:50:52Z" Version="2.0">
<saml:Issuer>https://test.fakeme.govt.nz/fakemetest/fakemeidp</saml:Issuer><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#s232bee9e49e5da3050735c11aa1e412f5a298cd28">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>xReppELzBkxVTck/G0Ps6gDOGxA=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>NboUAPyKAAusmp8pG1RY+U2qqWRkPRxFK/q6kitMNEifYmxapCssYPHQtHBf8xS5E1txpvMfSW/R
VxYw7RnR53sXj4/hUl48h/bIT867cnAzrHzXivpkhGmIYUgHm5RIY0UFYZLEWrDrTkpLgDwNThLl
BQdYZa3zOH/PcXmZKelbc1twAY60NrZ3Wd61RCigrY5CKS1FldCkdikgq/1dnp40P/gWZFQn+L9B
TMd7k5Lvpq/9X6EUoQm//pflWXiKPq6K9h6Fv8EyW2FVbUnFVJ5g0bKGUPcMk8sk9PMQu6S0NCfW
k3YGo67HtDxsr4UE4tLI/FYg6zVDi3kG4KLxEg==
</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509Certificate>
MIIDLzCCAhegAwIBAgIJAJys5okjA3N3MA0GCSqGSIb3DQEBBQUAMC4xLDAqBgNV
BAMMI3Rlc3Quc2lnbmluZy5hY2NvdW50LmZha2VtZS5nb3Z0Lm56MB4XDTE0MDUz
MDAwNTkwMFoXDTE0MDYyOTAwNTkwMFowLjEsMCoGA1UEAwwjdGVzdC5zaWduaW5n
LmFjY291bnQuZmFrZW1lLmdvdnQubnowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDNQWtXKquqhfJt/X8C8Gyg9+2LrhcCvQdyXnTVAITItV1kTk+l2tze
QNo7yU0Z9i692Gn+UBobPoRwmHgCXu6ZyKxH1qOBqwnqyhhezYSQNm8ReBaSPlP1
yYswDvY+/N9MBAcZvCt8BSNz4Tsv+gP7WrHOx5U0zrSkVcEGhaCcLFsdo3R2SMFP
xvVpRmIqRPKzyANZqyoMtoRnIhxyuppaO1fSKvy1TG0SK7dLDVWIn2NPMZMpvZsG
9JorBAeit5nO/eE8GSxe/i8lvjIuZS/Rc57+71RmeemFz+MbIGZ4tU+YqY0SupXz
24E0dIsMzSl3rXEU/VD9L4etaxz0pz4ZAgMBAAGjUDBOMB0GA1UdDgQWBBQfsK+Y
Bi2/Vk+Fvyc22UEvhx1QQTAfBgNVHSMEGDAWgBQfsK+YBi2/Vk+Fvyc22UEvhx1Q
QTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBXgE/zv3lWxf7e3nGc
Xpl6JBPv2cB7nwDjeoDxRwx2oThuRoFLtrFmjonrUZIMUWapUBGA+/WjMlq9GuB2
a1UUx4izOPX9QDHzPTewuDO4tiyI+vTXrXno+8CW7wOi9OwOVaiY8X677nPhJUIP
LBcBdweYxC7nLdhNLKEXMyRXlg/mD5ACDQAAiUbs/yx3Br4K3YQyM7oZOCAfJR4+
whCR4OTRYNM1bH7LQNM88N6EPyRnkP3mJpu0HH2wNFOc1hfF2hq9Icwu3VhsQLnm
nv8TV6OwdEoqMNCPozBegc27rf6AixerOnOJk1hMVLq4GM3Dy0O1qPC3tniFbzUv
gCNF
</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
</dsig:Signature><saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://test.fakeme.govt.nz/fakemetest/fakemeidp">fb015601b411971db9e258f12f4b1c107</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm...
<saml:SubjectConfirmationData InResponseTo="fb015601b411971db9e258f12f4b1c107" NotOnOrAfter="2014-05-29T21:00:52Z" Recipient="https://samltest.taka.wgtn.cat-it.co.nz/saml2/acs"/></saml:SubjectConfirmation>
</saml:Subject><saml:Conditions NotBefore="2014-05-29T20:40:52Z" NotOnOrAfter="2014-05-29T21:00:52Z">
<saml:AudienceRestriction>
<saml:Audience>https://www.example.govt.nz/app/sample-identity</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-05-29T20:48:08Z" SessionIndex="s2c4b3c5e2c06fcd517b9124ae6198a7a0cb352401"><saml:AuthnContext><saml:AuthnContextClassRef>urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:ModStrength</saml:AuthnCon...
t/test-data/identity-assertion-2.xml view on Meta::CPAN
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Body><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s207fec6cd451cbc7073b01d8dd907edaf7c2040ba" InResponseTo="d2fc1de338a84b2cb5a6...
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s25561e95ea40a6fa337adfcbfb61343385a0a3f57" InResponseTo="fb015601b411971db9e258f12f4b1c107" Version="2.0" IssueInstant="2014-05-29T20:50:52Z" Destination="https://...
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s232bee9e49e5da3050735c11aa1e412f5a298cd28" IssueInstant="2014-05-29T20:50:52Z" Version="2.0">
<saml:Issuer>https://test.fakeme.govt.nz/fakemetest/fakemeidp</saml:Issuer><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<dsig:Reference URI="#s232bee9e49e5da3050735c11aa1e412f5a298cd28">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<dsig:DigestValue>FJ1TaTJdhb37eV8vo71yBOAbUN7ACSVQCnSyMQugcZ0=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
F3Xuy/jRV3EsfD7RelsSGK8H4fB0mgCFeZ6iU1IiqTO9uzU5y6dkmrXKA7dRoQOT9I6C/yXzVbfn
2kpLX5OFQV3tHY8AHkhAlP/5LLmIpcopeE+0Zv7ARnqqZ6YdwxiJyYEo5WOkJhBTUKvxwVNyBQvo
KEoxncjvUs+SdS86eKOCsEc/SsfG1TXeuxmgzPa7SOHaZPsZT5ei0wEw1a6T8OpDaIqtlMlG7ggo
tgb137D4l8ZRzIrlc9QtirtNItG7bYZUvKACFi1GInUTuHGyObayUI49cDh7p26vlhUntQwavoVZ
6rYPhnBRNenWauw9irGjkk0JyGUYW+Kmczl3uA==
</dsig:SignatureValue>
</dsig:Signature><saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://test.fakeme.govt.nz/fakemetest/fakemeidp">fb015601b411971db9e258f12f4b1c107</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm...
<saml:SubjectConfirmationData InResponseTo="fb015601b411971db9e258f12f4b1c107" NotOnOrAfter="2014-05-29T21:00:52Z" Recipient="https://samltest.taka.wgtn.cat-it.co.nz/saml2/acs"/></saml:SubjectConfirmation>
</saml:Subject><saml:Conditions NotBefore="2014-05-29T20:40:52Z" NotOnOrAfter="2014-05-29T21:00:52Z">
<saml:AudienceRestriction>
<saml:Audience>https://www.example.govt.nz/app/sample-identity</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-05-29T20:48:08Z" SessionIndex="s2c4b3c5e2c06fcd517b9124ae6198a7a0cb352401"><saml:AuthnContext><saml:AuthnContextClassRef>urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:ModStrength</saml:AuthnCon...
t/test-data/login-assertion-1.xml view on Meta::CPAN
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Body><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s20562d9d04a8f7297cfb33182d6a2ed02b8ea0264" InResponseTo="c8d65e05aaf7a30062ee...
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s283e58e2b048968485a1828bfa314cc4fa130f3d4" InResponseTo="d41d8cd98f00b204e9800998ecf8427e2" Version="2.0" IssueInstant="2015-02-19T17:48:06Z" Destination="https://...
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s0ed0e67f384be96ff0c472223b3888f90be041b1b" IssueInstant="2015-02-19T17:48:06Z" Version="2.0">
<saml:Issuer>https://test.fakeme.govt.nz/saml2</saml:Issuer><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#s0ed0e67f384be96ff0c472223b3888f90be041b1b">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>giS0uGJLUUpvoaNSnSEtphftmBg=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
pu6UB2FLL25P0174JRzc693nkdyXH2Zvq+uEVGPQSXBpCv//oQZ1FOqz5Eynuk9WvvZuXOaWZwCo
lEXtaLnjOZpfCyXaBIVVCyaz5RPj5vDfAzb+NDso/DftsTge+/Hnelk3Jl+Sbm8Q9ZBXoJEiTo7v
mL3YSs8g3LSN+XHq67/Zp0s1z4UygZb5G7r5vPEm7gB2WROWCh4Fq0daGP7gNjMwNV8u7Yiwl/Sh
J9SRTy6XBjEtMhksqE0C7e0m2WTWbbsO01syzb4DMFkBKNSKbGfMeOXbGaCF/xeMfgnR7HajJu7o
uNV12UUeHcqXBJ0bKZiFm5Y2hcPik61MceaWxw==
</dsig:SignatureValue>
</dsig:Signature><saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://test.fakeme.govt.nz/saml2" SPNameQualifier="https://www.example.govt.nz/app/sample-login">CHC600C1AE5D993A8AE7E382006E9521C07</saml:NameID><saml:Subject...
<saml:SubjectConfirmationData InResponseTo="d41d8cd98f00b204e9800998ecf8427e2" NotOnOrAfter="2015-02-19T17:53:06Z" Recipient="https://www.example.govt.nz/app/sample/login-acs"/></saml:SubjectConfirmation>
</saml:Subject><saml:Conditions NotBefore="2015-02-19T17:46:06Z" NotOnOrAfter="2015-02-19T17:53:06Z">
<saml:AudienceRestriction>
<saml:Audience>https://www.example.govt.nz/app/sample-login</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2015-02-19T17:48:06Z" SessionIndex="s2e22274633b868406b3a7c47de6533bd82e392603"><saml:AuthnContext><saml:AuthnContextClassRef>urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:LowStrength</saml:AuthnCon...
( run in 1.146 second using v1.01-cache-2.11-cpan-71847e10f99 )