XML-Sig
view release on metacpan or search on metacpan
0.65 -- Tue Nov 21 18:35:23 AST 2023
[Notable Changes since 0.64]
Mostly minor fixes to the test suite.
Change to how a Signature is added to the signed document to improve compatibility
- 58b41bb Remove eol spaces
- 57d1835 Skip xmlsec1 tests for sha1 digests or signature algorithms if sha1 is disabled
- 496d413 Add test for fix_namespace
- e03af99 Change how the Signature is added to a signed document
The namespace xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
should be kept at the Signature level not moved to the Signed tag
- 3442140 Remove unused code
- 3243b61 Remove useless signing test
- 23a688d Fix developer test for t/008-sign_saml.t
- 5084ea4 Remove namespace::autoclean
- 6ff436d Run CI with Net::SAML2 install
- ee583a2 Add Coveralls to XML::Sig
- c70914b Update testsuite
- f1b8710 v0.64
<?xml version="1.0"?>
<foo ID="abc">
<bar>123</bar>
</foo>
Now, let's insert a signature:
<?xml version="1.0"?>
<foo ID="abc">
<bar>123</bar>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#abc">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>9kpmrvv3peVJpNSTRycrV+jeHVY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
HXUBnMgPJf//j4ihaWnaylNwAR5AzDFY83HljFIlLmTqX1w1C72ZTuRObvYve8TNEbVsQlTQkj4R
hiY0pgIMQUb75GLYFtc+f0YmBZf5rCWY3NWzo432D3ogAvpEzYXEQPmicWe2QozQhybaz9/wrYki
XiXY+57fqCkf7aT8Bb6G+fn7Aj8gnZFLkmKxwCdyGsIZOIZdQ8MWpeQrifxBR0d8W1Zm6ix21WNv
ONt575h7VxLKw8BDhNPS0p8CS3hOnSk29stpiDMCHFPxAwrbKVL1kGDLaLZn1q8nNRmH8oFxG15l
UmS3JXDZAss8gZhU7g9T4XllCqjrAvzPLOFdeQ==
</SignatureValue>
OSMsf0TX+OdlbH079AsxOwoUjlzjuKdCiFPdU6yAJw==
</Modulus>
<Exponent>Iw==</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</foo>
SEE ALSO
<http://www.w3.org/TR/xmldsig-core/>
VERSION CONTROL
<https://github.com/perl-net-saml2/perl-XML-Sig>
AUTHORS and CREDITS
Author: Byrne Reese <byrne@majordojo.com>
Thanks to Manni Heumann who wrote Google::SAML::Response from which this
module borrows heavily in order to create digital signatures.
lib/XML/Sig.pm view on Meta::CPAN
XML::Sig->mk_accessors(qw(key));
use Digest::SHA qw(sha1 sha224 sha256 sha384 sha512 hmac_sha1 hmac_sha256 hmac_sha384 hmac_sha512);
use Crypt::Digest::RIPEMD160 qw/ripemd160/;
use XML::LibXML;
use MIME::Base64;
use Carp;
use constant TRANSFORM_ENV_SIG => 'http://www.w3.org/2000/09/xmldsig#enveloped-signature';
use constant TRANSFORM_C14N => 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
use constant TRANSFORM_C14N_COMMENTS => 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments';
use constant TRANSFORM_C14N_V1_1 => 'http://www.w3.org/TR/2008/REC-xml-c14n11-20080502';
use constant TRANSFORM_C14N_V1_1_COMMENTS => 'http://www.w3.org/TR/2008/REC-xml-c14n11-20080502#WithComments';
use constant TRANSFORM_EXC_C14N => 'http://www.w3.org/2001/10/xml-exc-c14n#';
use constant TRANSFORM_EXC_C14N_COMMENTS => 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments';
sub DESTROY { }
$| = 1; # autoflush
lib/XML/Sig.pm view on Meta::CPAN
my $self = shift;
my ($xml) = @_;
die "You cannot sign XML without a private key." unless $self->key || $self->{ hmac_key };
local $XML::LibXML::skipXMLDeclaration = $self->{ no_xml_declaration };
my $dom = $self->_load_xml($xml);
$self->{ parser } = XML::LibXML::XPathContext->new($dom);
$self->{ parser }->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$self->{ parser }->registerNs('ec', 'http://www.w3.org/2001/10/xml-exc-c14n#');
$self->{ parser }->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
if ($self->{ns}) {
foreach (keys %{$self->{ns}}) {
$self->{ parser }->registerNs($_, $self->{ns}{$_});
}
}
print ("Signing XML\n") if $DEBUG;
lib/XML/Sig.pm view on Meta::CPAN
# Create a Signature xml fragment including SignedInfo section
my $signature_xml = $self->_signature_xml( $signed_info, 'REPLACE SIGNATURE ' . $signid );
print ("Sign ID: $signid\n") if $DEBUG;
# Get the XML note to sign base on the ID
my $xml = $self->_get_xml_to_sign($signid);
# Canonicalize the XML to http://www.w3.org/2001/10/xml-exc-c14n#
# TODO Change the Canonicalization method in the xml fragment from _signedinfo_xml
# <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
# <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
my $xml_canon = $xml->toStringEC14N();
if(my $ref = Digest::SHA->can($self->{ digest_hash })) {
$self->{digest_method} = $ref;
}
elsif ( $ref = Crypt::Digest::RIPEMD160->can($self->{ digest_hash })) {
$self->{digest_method} = $ref;
}
else {
die("Can't handle $self->{ digest_hash }");
lib/XML/Sig.pm view on Meta::CPAN
# Display the ID of the XML being signed for debugging
my $reference = $signid; #$self->{parser}->findvalue('//@ID', $xml);
print (" Reference URI: $reference\n") if $DEBUG;
local $XML::LibXML::skipXMLDeclaration = $self->{ no_xml_declaration };
my $signature_dom = $self->_load_xml($signature_xml);
my $xpath = XML::LibXML::XPathContext->new($signature_dom);
$xpath->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$xpath->registerNs('ec', 'http://www.w3.org/2001/10/xml-exc-c14n#');
# Canonicalize the SignedInfo to http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
# TODO Change the Canonicalization method in the xml fragment from _signedinfo_xml
my ($signature_node) = $xpath->findnodes(
'/dsig:Signature', $signature_xml);
my ($signed_info_node) = $xpath->findnodes(
'/dsig:Signature/dsig:SignedInfo',$signature_xml);
# Add the digest value to the Signed info
my ($digest_value_node) = $xpath->findnodes(
'/dsig:Signature/dsig:SignedInfo/dsig:Reference/dsig:DigestValue', $signature_xml);
$digest_value_node->removeChildNodes();
$digest_value_node->appendText($digest);
# At this point the SignedInfo includes the information
# to allow us to use the _canonicalize_xml with the $signature_node
my $signed_info_canon = $self->_canonicalize_xml($signed_info_node, $signature_node);
# Calculate the signature of the Canonical Form of SignedInfo
my $signature;
if ($self->{key_type} eq 'dsa') {
lib/XML/Sig.pm view on Meta::CPAN
} else {
if ( defined $self->{ hmac_key } ) {
$signature = encode_base64( $self->_calc_hmac_signature( $signed_info_canon ), "\n" );
} else {
die "No Signature signing method provided";
}
}
# Add the Signature to the SignatureValue
my ($signature_value_node) = $xpath->findnodes(
'/dsig:Signature/dsig:SignatureValue', $signature_xml);
$signature_value_node->removeChildNodes();
$signature_value_node->appendText($signature);
my $set = $xpath->findnodes('dsig:Signature');
my $node = $set->get_node(1)->cloneNode( 1 );
my $root = $dom->findnodes("//*[\@ID=\'$signid\']");
my $loc = $root->shift();
$loc->addChild($node);
print ("\n\n\n SignatureValue:\n" . $signature_value_node . "\n\n\n") if $DEBUG;
}
lib/XML/Sig.pm view on Meta::CPAN
sub verify {
my $self = shift;
delete $self->{signer_cert};
my $xml = shift;
my $dom = $self->_load_xml($xml);
$self->{ parser } = XML::LibXML::XPathContext->new($dom);
$self->{ parser }->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$self->{ parser }->registerNs('ec', 'http://www.w3.org/2001/10/xml-exc-c14n#');
$self->{ parser }->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
$self->{ parser }->registerNs('ecdsa', 'http://www.w3.org/2001/04/xmldsig-more#');
my $signature_nodeset = $self->{ parser }->findnodes('//dsig:Signature');
my $key_to_verify;
if ($self->{id_attr}) {
if ($self->{ns}) {
foreach (keys %{$self->{ns}}) {
$self->{ parser }->registerNs($_, $self->{ns}{$_});
}
}
$key_to_verify = $self->_get_ids_to_sign();
}
lib/XML/Sig.pm view on Meta::CPAN
die 'XML::Sig - XML does not include any signatures' if $numsigs <= 0;
# Loop through each Signature in the document checking each
my $i;
while (my $signature_node = $signature_nodeset->shift()) {
$i++;
print ("\nSignature $i\n") if $DEBUG;
# Get SignedInfo Reference ID
my $reference = $self->{ parser }->findvalue(
'dsig:SignedInfo/dsig:Reference/@URI', $signature_node);
$reference =~ s/#//g;
print(" Reference URI: $reference\n") if $DEBUG;
if ($key_to_verify && $key_to_verify ne $reference) {
print ("Skipping reference URI: $reference, does not match required option\n") if $DEBUG;
next;
}
# The reference ID must point to something in the document
lib/XML/Sig.pm view on Meta::CPAN
if ($numsigs <= 1) {
return 0;
}
else {
next;
}
}
# Get SignedInfo DigestMethod Algorithim
my $digest_method = $self->{ parser }->findvalue(
'dsig:SignedInfo/dsig:Reference/dsig:DigestMethod/@Algorithm', $signature_node);
$digest_method =~ s/^.*[#]//;
print (" Digest Method: $digest_method\n") if $DEBUG;
# Get the DigestValue used to verify Canonical XML
# Note that the digest may have embedded newlines in the XML
# Decode the base64 and encode it with no newlines
my $refdigest = encode_base64(decode_base64(_trim($self->{ parser }->findvalue(
'dsig:SignedInfo/dsig:Reference/dsig:DigestValue', $signature_node))), "");
print (" Digest Value: $refdigest\n") if $DEBUG;
# Get the SignatureValue used to verify the SignedInfo
my $signature = _trim($self->{ parser }->findvalue('dsig:SignatureValue', $signature_node));
print (" Signature: $signature\n") if $DEBUG;
# Get SignatureMethod Algorithim
my $signature_method = $self->{ parser }->findvalue(
'dsig:SignedInfo/dsig:SignatureMethod/@Algorithm', $signature_node);
$signature_method =~ s/^.*[#]//;
$signature_method =~ s/^rsa-//;
$signature_method =~ s/^dsa-//;
$signature_method =~ s/^ecdsa-//;
$signature_method =~ s/^hmac-//;
$self->{ sig_hash } = $signature_method;
print (" SignatureMethod: $signature_method\n") if $DEBUG;
# Get the SignedInfo and obtain its Canonical form
my ($signed_info) = $self->{ parser }->findnodes('dsig:SignedInfo', $signature_node);
my $signed_info_canon = $self->_canonicalize_xml($signed_info, $signature_node);
print "$signed_info_canon\n" if $DEBUG;
if(my $ref = Digest::SHA->can($signature_method)) {
$self->{sig_method} = $ref;
}
elsif ( $ref = Crypt::Digest::RIPEMD160->can( $signature_method )) {
$self->{sig_method} = $ref;
}
lib/XML/Sig.pm view on Meta::CPAN
my %verify_dispatch = (
'X509Data' => '_verify_x509',
'RSAKeyValue' => '_verify_rsa',
'DSAKeyValue' => '_verify_dsa',
'ECDSAKeyValue' => '_verify_ecdsa',
);
my $keyinfo_nodeset;
foreach my $key_info_sig_type ( qw/X509Data RSAKeyValue DSAKeyValue ECDSAKeyValue/ ) {
if ( $key_info_sig_type eq 'X509Data' ) {
$keyinfo_nodeset = $self->{ parser }->find(
"dsig:KeyInfo/dsig:$key_info_sig_type", $signature_node);
#print (" keyinfo_nodeset X509Data: $keyinfo_nodeset\n") if $DEBUG;
} else {
$keyinfo_nodeset = $self->{ parser }->find(
"dsig:KeyInfo/dsig:KeyValue/dsig:$key_info_sig_type", $signature_node);
#print (" keyinfo_nodeset [DR]SAKeyValue: $keyinfo_nodeset\n") if $DEBUG;
}
if ( $keyinfo_nodeset->size ) {
my $verify_method = $verify_dispatch{$key_info_sig_type};
print (" Verify Method: $verify_method\n") if $DEBUG;
if ( ! $self->$verify_method($keyinfo_nodeset->get_node(0),
$signed_info_canon, $signature) ) {
print ("keyinfo_nodeset->get_node: " . $keyinfo_nodeset->get_node(0) . "\n") if $DEBUG;
print STDERR "Failed to verify using $verify_method\n";
return 0;
lib/XML/Sig.pm view on Meta::CPAN
##
## Returns: XML NodeSet for with ID equal to the URI
##
## Find the XML node with the ID = $URI and return the
## XML NodeSet
##
sub _get_signed_xml {
my $self = shift;
my ($context) = @_;
my $id = $self->{parser}->findvalue('./dsig:SignedInfo/dsig:Reference/@URI', $context);
$id =~ s/^#//;
print (" Signed XML id: $id\n") if $DEBUG;
$self->{'sign_id'} = $id;
my $xpath = "//*[\@ID='$id']";
return $self->_get_node( $xpath, $context );
}
##
## _transform($xml, $context)
lib/XML/Sig.pm view on Meta::CPAN
##
## Returns: string Transformed XML
##
## Canonicalizes/Transforms xml based on the Transforms
## from the SignedInfo.
##
sub _transform {
my $self = shift;
my ($xml, $context) = @_;
$context->setNamespace( 'http://www.w3.org/2000/09/xmldsig#', 'dsig' );
my $transforms = $self->{parser}->find(
'dsig:SignedInfo/dsig:Reference/dsig:Transforms/dsig:Transform',
$context
);
print "_transform\n" if $DEBUG;
foreach my $node ($transforms->get_nodelist) {
my $alg = $node->getAttribute('Algorithm');
print " Algorithm: $alg\n" if $DEBUG;
if ($alg eq TRANSFORM_ENV_SIG) {
# TODO the xml being passed here currently has the
lib/XML/Sig.pm view on Meta::CPAN
sub _verify_rsa {
my $self = shift;
my ($context,$canonical,$sig) = @_;
eval {
require Crypt::PK::RSA;
};
confess "Crypt::PK::RSA needs to be installed so
that we can handle X509 certificates" if $@;
# Generate Public Key from XML
my $mod = _trim($self->{parser}->findvalue('dsig:Modulus', $context));
my $modBin = decode_base64( $mod );
my $exp = _trim($self->{parser}->findvalue('dsig:Exponent', $context));
my $expBin = decode_base64( $exp );
my $n = unpack("H*", $modBin);
my $e = unpack("H*", $expBin);
my $pk = Crypt::PK::RSA->new();
my $rsa_pub = $pk->import_key({N => $n, e => $e});
# Decode signature and verify
my $bin_signature = decode_base64($sig);
return 1 if ($rsa_pub->verify_message( $bin_signature, $canonical, $self->{ sig_hash }, "v1.5"));
lib/XML/Sig.pm view on Meta::CPAN
sub _verify_x509 {
my $self = shift;
my ($context,$canonical,$sig) = @_;
eval {
require Crypt::OpenSSL::X509;
};
confess "Crypt::OpenSSL::X509 needs to be installed so that we can handle X509 certificates" if $@;
# Generate Public Key from XML
my $certificate = _trim($self->{parser}->findvalue('dsig:X509Certificate', $context));
# This is added because the X509 parser requires it for self-identification
$certificate = $self->_clean_x509($certificate);
my $cert = Crypt::OpenSSL::X509->new_from_string($certificate);
return $self->_verify_x509_cert($cert, $canonical, $sig);
}
##
lib/XML/Sig.pm view on Meta::CPAN
##
sub _verify_dsa {
my $self = shift;
my ($context,$canonical,$sig) = @_;
confess "Crypt::OpenSSL::DSA >= 0.20 needs to be installed so
that we can handle DSA signatures" if ! $self->check_dsa_version();
# Generate Public Key from XML
my $p = decode_base64(_trim($self->{parser}->findvalue('dsig:P', $context)));
my $q = decode_base64(_trim($self->{parser}->findvalue('dsig:Q', $context)));
my $g = decode_base64(_trim($self->{parser}->findvalue('dsig:G', $context)));
my $y = decode_base64(_trim($self->{parser}->findvalue('dsig:Y', $context)));
my $dsa_pub = Crypt::OpenSSL::DSA->new();
$dsa_pub->set_p($p);
$dsa_pub->set_q($q);
$dsa_pub->set_g($g);
$dsa_pub->set_pub_key($y);
# Decode signature and verify
my $bin_signature = decode_base64($sig);
# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-SignatureAlg
# The output of the DSA algorithm consists of a pair of integers
# The signature value consists of the base64 encoding of the
# concatenation of r and s in that order ($r . $s)
# Binary Signature is stored as a concatenation of r and s
my $sig_size = ($dsa_pub->get_sig_size - 8)/2;
my $unpk = "a" . $sig_size . "a" . $sig_size;
my ($r, $s) = unpack($unpk, $bin_signature);
# Create a new Signature Object from r and s
my $sigobj = Crypt::OpenSSL::DSA::Signature->new();
lib/XML/Sig.pm view on Meta::CPAN
## Verify the ECDSA signature of Canonical XML
##
sub _verify_ecdsa {
my $self = shift;
my ($context,$canonical,$sig) = @_;
eval {require Crypt::PK::ECC; CryptX->VERSION('0.036'); 1}
or confess "Crypt::PK::ECC 0.036+ needs to be installed so
that we can handle ECDSA signatures";
# Generate Public Key from XML
my $oid = _trim($self->{parser}->findvalue('.//dsig:NamedCurve/@URN', $context));
use URI ();
my $u1 = URI->new($oid);
$oid = $u1->nss;
my %curve_name = (
'1.2.840.10045.3.1.1' => 'secp192r1',
'1.3.132.0.33' => 'secp224r1',
'1.2.840.10045.3.1.7' => 'secp256r1',
'1.3.132.0.34' => 'secp384r1',
'1.3.132.0.35' => 'secp521r1',
'1.3.36.3.3.2.8.1.1.1' => 'brainpoolP160r1',
'1.3.36.3.3.2.8.1.1.3' => 'brainpoolP192r1',
'1.3.36.3.3.2.8.1.1.5' => 'brainpoolP224r1',
'1.3.36.3.3.2.8.1.1.7' => 'brainpoolP256r1',
'1.3.36.3.3.2.8.1.1.9' => 'brainpoolP320r1',
'1.3.36.3.3.2.8.1.1.11' => 'brainpoolP384r1',
'1.3.36.3.3.2.8.1.1.13' => 'brainpoolP512r1',
);
my $x = $self->{parser}->findvalue('.//dsig:PublicKey/dsig:X/@Value', $context);
my $y = $self->{parser}->findvalue('.//dsig:PublicKey/dsig:Y/@Value', $context);
my $ecdsa_pub = Crypt::PK::ECC->new();
$ecdsa_pub->import_key({
kty => "EC",
curve_name => $curve_name{ $oid },
pub_x => $x,
pub_y => $y,
});
lib/XML/Sig.pm view on Meta::CPAN
if ( $ecdsa_key ) {
$self->{ key_obj } = $ecdsa_key;
my $key_hash = $ecdsa_key->key2hash;
my $oid = $key_hash->{ curve_oid };
my $x = $key_hash->{ pub_x };
my $y = $key_hash->{ pub_y };
$self->{KeyInfo} = "<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:ECDSAKeyValue>
<dsig:DomainParameters>
<dsig:NamedCurve URN=\"urn:oid:$oid\" />
</dsig:DomainParameters>
<dsig:PublicKey>
<dsig:X Value=\"$x\" />
<dsig:Y Value=\"$y\" />
</dsig:PublicKey>
</dsig:ECDSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>";
$self->{key_type} = 'ecdsa';
}
else {
confess "did not get a new Crypt::PK::ECC object";
}
}
##
## _load_dsa_key($key_text)
##
lib/XML/Sig.pm view on Meta::CPAN
my $dsa_key = Crypt::OpenSSL::DSA->read_priv_key_str( $key_text );
if ( $dsa_key ) {
$self->{ key_obj } = $dsa_key;
my $g = encode_base64( $dsa_key->get_g(), '' );
my $p = encode_base64( $dsa_key->get_p(), '' );
my $q = encode_base64( $dsa_key->get_q(), '' );
my $y = encode_base64( $dsa_key->get_pub_key(), '' );
$self->{KeyInfo} = "<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:DSAKeyValue>
<dsig:P>$p</dsig:P>
<dsig:Q>$q</dsig:Q>
<dsig:G>$g</dsig:G>
<dsig:Y>$y</dsig:Y>
</dsig:DSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>";
$self->{key_type} = 'dsa';
}
else {
confess "did not get a new Crypt::PK::RSA object";
}
}
##
## _load_rsa_key($key_text)
##
lib/XML/Sig.pm view on Meta::CPAN
my $rsaKey = $pk->import_key(\$key_text);
if ( $rsaKey ) {
$self->{ key_obj } = $rsaKey;
$self->{ key_type } = 'rsa';
if (!$self->{ x509 }) {
my $key_params = $rsaKey->key2hash;
my $exp = encode_base64(pack("H*", $key_params->{e}), '');
my $mod = encode_base64(pack("H*", $key_params->{N}), '');
$self->{KeyInfo} = "<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus>$mod</dsig:Modulus>
<dsig:Exponent>$exp</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>";
}
}
else {
confess "did not get a new Crypt::PK::RSA object";
}
}
##
## _load_hmac_key_info()
##
lib/XML/Sig.pm view on Meta::CPAN
## Populate:
## self->{KeyInfo}
##
sub _load_hmac_key_info {
my $self = shift;
if (! defined $self->{ key_name }) {
return;
}
$self->{KeyInfo} = qq{<dsig:KeyInfo><dsig:KeyName>$self->{key_name}</dsig:KeyName></dsig:KeyInfo>};
}
##
## _load_x509_key($key_text)
##
## Arguments:
## $key_text: string RSA Private Key as String
##
## Returns: nothing
##
lib/XML/Sig.pm view on Meta::CPAN
my $text = '';
local $/ = undef;
$text = <$CERT>;
close $CERT;
my $cert = Crypt::OpenSSL::X509->new_from_string($text);
if ( $cert ) {
$self->{ cert_obj } = $cert;
my $cert_text = $cert->as_string;
$cert_text =~ s/-----[^-]*-----//gm;
$self->{KeyInfo} = "<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>\n"._trim($cert_text)."\n</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>";
}
else {
confess "Could not load certificate from $file";
}
}
else {
confess "Could not find certificate file $file";
}
return;
lib/XML/Sig.pm view on Meta::CPAN
};
confess "Crypt::OpenSSL::X509 needs to be installed so that we can handle X509 certs." if $@;
my $text = $self->{ cert_text };
my $cert = Crypt::OpenSSL::X509->new_from_string($text);
if ( $cert ) {
$self->{ cert_obj } = $cert;
my $cert_text = $cert->as_string;
$cert_text =~ s/-----[^-]*-----//gm;
$self->{KeyInfo} = "<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>\n"._trim($cert_text)."\n</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>";
}
else {
confess "Could not load certificate from given text.";
}
return;
}
##
## _load_key($file)
lib/XML/Sig.pm view on Meta::CPAN
## $signature_value String Base64 Signature Value
##
## Returns: string XML fragment
##
## Create a XML string of the Signature
##
sub _signature_xml {
my $self = shift;
my ($signed_info,$signature_value) = @_;
return qq{<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
$signed_info
<dsig:SignatureValue>$signature_value</dsig:SignatureValue>
$self->{KeyInfo}
</dsig:Signature>};
}
##
## _signedinfo_xml($digest_xml)
##
## Arguments:
## $digest_xml string XML String Fragment
##
## Returns: string XML fragment
##
lib/XML/Sig.pm view on Meta::CPAN
sub _signedinfo_xml {
my $self = shift;
my ($digest_xml) = @_;
my $algorithm;
if (! defined $self->{key_type} && defined $self->{ hmac_key } ) {
$self->{key_type} = 'hmac';
}
if ( $self->{ sig_hash } eq 'sha1' && $self->{key_type} ne 'ecdsa' ) {
$algorithm = "http://www.w3.org/2000/09/xmldsig#$self->{key_type}-$self->{ sig_hash }";
}
elsif ( $self->{key_type} eq 'ecdsa' ) {
if ( $self->{ sig_hash } eq 'ripemd160' || $self->{ sig_hash } eq 'whirlpool' ) {
$algorithm = "http://www.w3.org/2007/05/xmldsig-more#$self->{key_type}-$self->{ sig_hash }";
}
else {
$algorithm = "http://www.w3.org/2001/04/xmldsig-more#$self->{key_type}-$self->{ sig_hash }";
}
}
elsif ( $self->{ key_type } eq 'dsa' && $self->{ sig_hash } eq 'sha256') {
$algorithm = "http://www.w3.org/2009/xmldsig11#$self->{key_type}-$self->{ sig_hash }";
}
else {
$algorithm = "http://www.w3.org/2001/04/xmldsig-more#$self->{key_type}-$self->{ sig_hash }";
}
#return qq{<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
return qq{<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="$algorithm" />
$digest_xml
</dsig:SignedInfo>};
}
##
## _reference_xml($id)
##
## Arguments:
## $id string XML ID related to the URI
## $digest string Base64 encoded digest
##
## Returns: string XML fragment
##
## Create a XML string of the Reference
##
sub _reference_xml {
my $self = shift;
my $id = shift;
my ($digest) = @_;
my $algorithm;
if ( $self->{ digest_hash } eq 'sha1') {
$algorithm = "http://www.w3.org/2000/09/xmldsig#$self->{ digest_hash }";
}
elsif (($self->{ digest_hash } eq 'sha224') || ($self->{ digest_hash } eq 'sha384')) {
$algorithm = "http://www.w3.org/2001/04/xmldsig-more#$self->{ digest_hash }";
}
else {
$algorithm = "http://www.w3.org/2001/04/xmlenc#$self->{ digest_hash }";
}
return qq{<dsig:Reference URI="#$id">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="$algorithm" />
<dsig:DigestValue>$digest</dsig:DigestValue>
</dsig:Reference>};
}
##
## _canonicalize_xml($xml, $context)
##
## Arguments:
## $xml: string XML NodeSet
## $context: string XML Context
##
lib/XML/Sig.pm view on Meta::CPAN
##
## Canonicalizes xml based on the CanonicalizationMethod
## from the SignedInfo.
##
sub _canonicalize_xml {
my $self = shift;
my ($xml, $context) = @_;
print ("_canonicalize_xml:\n") if $DEBUG;
my $canon_method = $self->{ parser }->findnodes(
'dsig:SignedInfo/dsig:CanonicalizationMethod', $context
);
foreach my $node ($canon_method->get_nodelist) {
my $alg = $node->getAttribute('Algorithm');
print (" Canon Method: $alg\n") if $DEBUG;
if ($alg eq TRANSFORM_C14N) {
print (" toStringC14N\n") if $DEBUG;
$xml = $xml->toStringC14N();
}
lib/XML/Sig.pm view on Meta::CPAN
$self->{sig_method} = $ref;
}
else {
die("Can't handle $self->{ sig_hash }");
}
# DSA 1024-bit only permits the signing of 20 bytes or less, hence the sha1
# DSA 2048-bit only permits the signing sha256
my $bin_signature = $self->{key_obj}->do_sign( $self->{ sig_method }($signed_info_canon) );
# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-SignatureAlg
# The output of the DSA algorithm consists of a pair of integers
# The signature value consists of the base64 encoding of the
# concatenation of r and s in that order ($r . $s)
my $r = $bin_signature->get_r;
my $s = $bin_signature->get_s;
my $sig_size = ($self->{key_obj}->get_sig_size - 8) * 8;
my $rs = _zero_fill_buffer($sig_size);
_concat_dsa_sig_r_s(\$rs, $r, $s, $sig_size);
lib/XML/Sig.pm view on Meta::CPAN
<?xml version="1.0"?>
<foo ID="abc">
<bar>123</bar>
</foo>
Now, let's insert a signature:
<?xml version="1.0"?>
<foo ID="abc">
<bar>123</bar>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#abc">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>9kpmrvv3peVJpNSTRycrV+jeHVY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
HXUBnMgPJf//j4ihaWnaylNwAR5AzDFY83HljFIlLmTqX1w1C72ZTuRObvYve8TNEbVsQlTQkj4R
hiY0pgIMQUb75GLYFtc+f0YmBZf5rCWY3NWzo432D3ogAvpEzYXEQPmicWe2QozQhybaz9/wrYki
XiXY+57fqCkf7aT8Bb6G+fn7Aj8gnZFLkmKxwCdyGsIZOIZdQ8MWpeQrifxBR0d8W1Zm6ix21WNv
ONt575h7VxLKw8BDhNPS0p8CS3hOnSk29stpiDMCHFPxAwrbKVL1kGDLaLZn1q8nNRmH8oFxG15l
UmS3JXDZAss8gZhU7g9T4XllCqjrAvzPLOFdeQ==
</SignatureValue>
lib/XML/Sig.pm view on Meta::CPAN
</Modulus>
<Exponent>Iw==</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</foo>
=head1 SEE ALSO
L<http://www.w3.org/TR/xmldsig-core/>
=head1 VERSION CONTROL
L<https://github.com/perl-net-saml2/perl-XML-Sig>
=head1 AUTHORS and CREDITS
Author: Byrne Reese <byrne@majordojo.com>
Thanks to Manni Heumann who wrote Google::SAML::Response from
t/008_sign_saml.t view on Meta::CPAN
$ret = $sig->verify($signed);
ok($ret, "Verified SAML metadata signature");
my $xp = XML::LibXML::XPathContext->new(
XML::LibXML->load_xml(string => $signed)
);
my %ns = (
md => 'urn:oasis:names:tc:SAML:2.0:metadata',
ds => 'http://www.w3.org/2000/09/xmldsig#'
);
$xp->registerNs($_, $ns{$_}) foreach keys %ns;
my $nodes = $xp->findnodes('//ds:Signature');
is($nodes->size, 1, "Found only one signature node");
my $node = $nodes->get_node(1);
is($node->nodePath, '/md:EntityDescriptor/dsig:Signature', ".. and on the correct node path");
done_testing;
t/026_do-not-move-namespace-to-parent.t view on Meta::CPAN
<saml:AuthnContextClassRef>ConveniosScheme</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
THIRDPARTY
local $XML::LibXML::skipXMLDeclaration = 1;
my $orig = XML::LibXML->load_xml( string => $xml );
my $oxc = XML::LibXML::XPathContext->new($orig);
$oxc->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$oxc->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
$oxc->registerNs('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
my $uri = qr{http://www.w3.org/2000/09/xmldsig#};
my $attributes = get_attributes($oxc, '/samlp:Response/saml:Assertion');
my ($names, $uris) = get_namespaces($attributes);
ok(!grep ( /dsig/ , @{$names}), 'Did not find dsig in Original Assertion');
ok(!grep ( /$uri/ , @{$uris}), 'Did not find http://www.w3.org/2000/09/xmldsig# in Original Assertion');
$attributes = get_attributes($oxc, '/samlp:Response');
($names, $uris) = get_namespaces($attributes);
ok(!grep ( /dsig/ , @{$names}), 'Did not find dsig in Original Response');
ok(!grep ( /$uri/ , @{$uris}), 'Did not find http://www.w3.org/2000/09/xmldsig# in Original Response');
my $sig = XML::Sig->new(
{
key => 't/rsa.private.key',
cert => 't/rsa.cert.pem',
id_attr => '//saml:Assertion'
});
my $signed = $sig->sign($xml);
my $dom = XML::LibXML->load_xml( string => $signed );
my $xc = XML::LibXML::XPathContext->new($dom);
$xc->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$xc->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
$xc->registerNs('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
$attributes = get_attributes($xc, '/samlp:Response/saml:Assertion');
($names, $uris) = get_namespaces($attributes);
ok(!grep ( /dsig/ , @{$names}), 'Did not find dsig in Assertion');
ok(!grep ( /$uri/ , @{$uris}), 'Did not find http://www.w3.org/2000/09/xmldsig# in Assertion');
$attributes = get_attributes($xc, '/samlp:Response');
($names, $uris) = get_namespaces($attributes);
ok(!grep ( /dsig/ , @{$names}), 'Did not find dsig in Response');
ok(!grep ( /$uri/ , @{$uris}), 'Did not find http://www.w3.org/2000/09/xmldsig# in Response');
sub get_attributes {
my $xpc = shift;
my $xpath = shift;
my $nodes = $xpc->findnodes($xpath);
if ($nodes->size == 0) {
die "Unable to find a samlp:Response";
}
t/issues/issue-20.xml view on Meta::CPAN
<?xml version="1.0"?>
<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="http://localhost:3000/s...
QEuBzFvHrc6MI12L+zac0A==</ns2:DigestValue></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue>ql3d/EaUGmtc1PvYQo6kvgF0BLBRKlAWGsIspvb52dyWN/x//gjgQ8aV3m6hWFk4
S/uvmXtaTixSv+wX4+o0s3cF0z6LdZvcIhwoUj7xONJ6Lck7M3HVnnQI+9CaVLsx
MBOIMsnnPg7JNhOsmmfc7t0pvLHEgNY7zLB2rxaHxxpFcQFEDUZ80EOjxkkwVHlm
dYbDLyRthW4mOftZHU3BP25t39NmfVtWsCi0GNV6XEdY9+lwXvNk52FGiYdqKheP
2LDKLJyevt4LLhFSVPLQYjPoGseAdRceCFegYLbE0Iuf4WQ0fLkp14QTwrAFZVgM
Nn1wnCg9WyNwclhWnQWyEA==</ns2:SignatureValue><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICtDCCAZwCCQDQQ+FCxgMN6jANBgkqhkiG9w0BAQsFADAcMQswCQYDVQQGEwJJVDENMAsGA1UEBwwEUm9tYTAeFw0xODA2MjYxMDM5MzBaFw0xOTA2MjYxMDM5MzBaMBwxCzAJBgNVBAYTAklUMQ0wCwYDV...
t/issues/issue-31.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://docker-foswiki.local/bin/login" ID="YCEYAD0JHOMB0U322LAU16ZP1V40...
t/issues/issue-38.xml view on Meta::CPAN
<?xml version="1.0" encoding="utf-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="_dc503975-dcc8-4b3a-ae2e-0c6642f9e1e8" Version="2.0" IssueInstant="2021-11-25T14:17:26.184Z" Destination="http://localhost:3000/con...
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/someguid</Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="_some_guid" IssueInstant="2021-11-25T14:17:26.168Z" Version="2.0">
<Issuer>https://sts.windows.net/some_guid/</Issuer>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">myuser@netsaml2</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="NETSAML2_6c11b211b1857bd1f3833ad50392fe1c" NotOnOrAfter="2021-11-25T15:17:26.059Z" Recipient="http://localhost:3000/consumer-post"/>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2021-11-25T14:12:26.059Z" NotOnOrAfter="2021-11-25T15:17:26.059Z">
<AudienceRestriction>
<Audience>http://localhost:3000</Audience>
t/issues/issue-38.xml view on Meta::CPAN
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>myuser@netsaml2</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement AuthnInstant="2021-11-25T08:29:25.523Z" SessionIndex="_someguid">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#_some_guid">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>E400yOK9ce0mM6X862B0BCImA6E=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>K/NGRTKfRn8aOUKlRcJL5mzsL2kqRLsuOihCQuqZiS/6OxU2pVFllP31y9AF+DO7NpNC/kutCsFD
GjdrT7LQqNK4lcrJYA3gYdxjmhU8BqEztb+KVQ5PAQY/LvC5v8WQBYBJXo5gpHwnRBgW2C/KCYcg
0dT27e4fkuxfLzrsLjNYAl7zvPUwb59iOa/B1TnHk54HbfBmIlfZLdRqdBkkopKD97zhhBswkFwQ
8AjmNvHneUpSMLAE70SMcBT3P9ryI3aIIGCVqmU+72Jp8Tdx7Aa65ZaPgGWtlR69PEL0HqKfkZfk
/4toAb6fx0TjxfdzWqmQJgm9hZsph7rh5SR0uw==
</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
MIIFuDCCA6CgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCQ0Ex
FjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxHTAbBgNVBAoMFENyeXB0LU9wZW5TU0wt
VmVyaWZ5MTUwMwYDVQQDDCxDcnlwdC1PcGVuU1NMLVZlcmlmeSBTSEEtMjU2IElu
dGVybWVkaWF0ZSBDQTAeFw0yMTA3MDMyMTAyMjRaFw0zMTA3MDEyMTAyMjRaMGcx
CzAJBgNVBAYTAkNBMRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRAwDgYDVQQHDAdN
b25jdG9uMRAwDgYDVQQKDAdYTUwtU2lnMRwwGgYDVQQDDBN4bWwtc2lnLmV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkqxhCTOB2Xx
FxCNWJt0bLWRQva6qOAPKiqlLfgJjG+YY2JaPtpO7WNV5oVqv9F21V/wgOkcQTZZ
QQQl/L/eXlnFpJeSpF31dupLnzrBU29qWjedNCkj+y01sprJG+c++2d2jV8Qccp5
5SklALtXYZ3K5OfILy4dFEqUyW0/Bk7Y/PdrAacAazumdNW2nw/ajbiXbUfm55Qe
t/issues/issue-38.xml view on Meta::CPAN
G/adtWAt8zRoejFob8W5aCA36uNoQLvdaMwXYNsJkzDNEmCB6vf3A28bVI+mlnt1
+h3f0bkwxwHP2qYL8RneCL65GG+SWXHIipS/ZA5225mmT1oLo9xKeGK6vBgsOUum
vxDgzmYyeGZYKpACWbOI7lR3C6PMR0oLKManLdb+ymngIk0bKB+Y2gr5cq/zURv8
casiikjZT3MycPRV1AfQ3MYuXg6z4izkcG1U98E9Hr5p1gFsITmaY0aeK01a6xhx
XkWKFTbraDn5ouTVMutW8xaVPU60zpYOcynxtRdgnYdmRR+c9dcD2xQmjtohuLxq
RASCBC9iO7qTYkQvNW+yb63xbPDG05nokAfXpbp5hYVU8FYZHi8qOPtiaWiN9wbt
ijsxDKZEcfiSGH5AEnkoaRCEqvbSNdtlbfYeDEnonsOZi9c+Kdl6A4PvOzTexwmi
KPVgT8evWpQbubENw66vUOTqgkI+Bhbn87e1VELNUy+Uwz2OOcLEVvNkx0owswrH
ujwb1+y1SYnlalLUt7PzEW85RNqVewGsHE8SD/1s70eYNYp7YJwLGPKJfyr3LvSl
0qRfrYNhlewPc1MSVx7IFCZ4Qg+GFhg8TnEELQ==
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></Assertion>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#_dc503975-dcc8-4b3a-ae2e-0c6642f9e1e8">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>hkVXxlRVP4FeVnxBFgE0EX9pnsE=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>f1Q6uq4fvvcgLVt0rIdrqpAsRYEFcksLY0Mbo/fVlZVgB9ucXTviceXhkhQgMWmg188Zy4NHbClc
Qryr/Dj0U4fzR/VYDvDy1jsczCMm1uPa2D2BeikmLEGugBE/qiG9ftH/K3gnYgznVBt26gEqUeYr
m4+c8dlpxsaXnSw3EUY8aZTU+tl1JvjhAnI53rHII1WoUSBZwt7RpY9uXQed0aGA0OJreLzoQa2k
Rs6z74ois2MKMicKCqW5/eokwfEyccqXW8uFYQ+EkuqZVNxOL0tmu4MrpSQVZ2NC/osBtCWMK7oc
nlqaMqytPkTO4rcweMGGmybtqiwiL3y3GLYbWg==
</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
MIIFuDCCA6CgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCQ0Ex
FjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxHTAbBgNVBAoMFENyeXB0LU9wZW5TU0wt
VmVyaWZ5MTUwMwYDVQQDDCxDcnlwdC1PcGVuU1NMLVZlcmlmeSBTSEEtMjU2IElu
dGVybWVkaWF0ZSBDQTAeFw0yMTA3MDMyMTAyMjRaFw0zMTA3MDEyMTAyMjRaMGcx
CzAJBgNVBAYTAkNBMRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRAwDgYDVQQHDAdN
b25jdG9uMRAwDgYDVQQKDAdYTUwtU2lnMRwwGgYDVQQDDBN4bWwtc2lnLmV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkqxhCTOB2Xx
FxCNWJt0bLWRQva6qOAPKiqlLfgJjG+YY2JaPtpO7WNV5oVqv9F21V/wgOkcQTZZ
QQQl/L/eXlnFpJeSpF31dupLnzrBU29qWjedNCkj+y01sprJG+c++2d2jV8Qccp5
5SklALtXYZ3K5OfILy4dFEqUyW0/Bk7Y/PdrAacAazumdNW2nw/ajbiXbUfm55Qe
t/issues/issue-38.xml view on Meta::CPAN
G/adtWAt8zRoejFob8W5aCA36uNoQLvdaMwXYNsJkzDNEmCB6vf3A28bVI+mlnt1
+h3f0bkwxwHP2qYL8RneCL65GG+SWXHIipS/ZA5225mmT1oLo9xKeGK6vBgsOUum
vxDgzmYyeGZYKpACWbOI7lR3C6PMR0oLKManLdb+ymngIk0bKB+Y2gr5cq/zURv8
casiikjZT3MycPRV1AfQ3MYuXg6z4izkcG1U98E9Hr5p1gFsITmaY0aeK01a6xhx
XkWKFTbraDn5ouTVMutW8xaVPU60zpYOcynxtRdgnYdmRR+c9dcD2xQmjtohuLxq
RASCBC9iO7qTYkQvNW+yb63xbPDG05nokAfXpbp5hYVU8FYZHi8qOPtiaWiN9wbt
ijsxDKZEcfiSGH5AEnkoaRCEqvbSNdtlbfYeDEnonsOZi9c+Kdl6A4PvOzTexwmi
KPVgT8evWpQbubENw66vUOTqgkI+Bhbn87e1VELNUy+Uwz2OOcLEVvNkx0owswrH
ujwb1+y1SYnlalLUt7PzEW85RNqVewGsHE8SD/1s70eYNYp7YJwLGPKJfyr3LvSl
0qRfrYNhlewPc1MSVx7IFCZ4Qg+GFhg8TnEELQ==
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></samlp:Response>
t/signed/inclusive.xml view on Meta::CPAN
<?xml version="1.0" standalone="yes"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Destination="http://sso.dev.venda.com/opensso" IssueInstant="2019-04-30T22:07:47Z" ID="e4e5f022bef0f941a8c4ff0ab8cb2fea" Version...
<saml:Issuer>http://localhost:3000</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#...
t/signed/inclusive2.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="samlr-26a4eb6c-e271-11e1-a29c-000a27020041" InResponseTo="samlr-26a4e82e-e271-11e1-a29c-000a27020041" Version="2.0" IssueInstant...
t/signed/logout_response.xml view on Meta::CPAN
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Body><samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="sd8de04dca9ee5acc72d3f047b2b434e20a1b8a6b" InResponseTo="21B78E9C6C8ECF16F01E4A0...
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://openam.nodnol.org:8080/opensso</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#sd8de04dca9ee5acc72d3f047b2b434e20a1b8a6b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>fwaRmucO1+jis6PQGzKJ6exYo4M=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
TED3k3U9ho1+vCWk09WnkhcIPMRYlMwJE0InO5Vww9p/vz1LfkL8p5jNivPD/qSmoPczrMFehI/k
31HxjDGbX3qpqypbovQAvT9j2GOm/4hR5qR4U2LNxXl0Umw2Zi1ntZpcONBtc3BFqxJ3xM6Cwv2U
y0ubt2L6xc9KRu2BVo0=
</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
t/signed/one-of-three-sigs-unassocated.xml view on Meta::CPAN
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="pfx9ce8679a-1bf6-1cb6-d064-64e39f6775b1" IssueInstant="2020-11-22T15:36:10.176Z" InResponseTo="inResponseToAAA" De...
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pfx9ce8679a-1bf6-1cb6-d064-64e39f6775b1"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:Dige...
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDCTCCAnKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMRQwEgYDVQQDEwtjYXByaXphLmNvbTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMRAwDgYDVQQKEwdTYW1saW5nMRAwDgYDVQQLEwdTYW1saW5nMB4XDTIwMTExO...
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pfx0ffc6b04-7b50-dca6-2868-86519ebc275e"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:Dige...
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDCTCCAnKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMRQwEgYDVQQDEwtjYXByaXphLmNvbTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMRAwDgYDVQQKEwdTYW1saW5nMRAwDgYDVQQLEwdTYW1saW5nMB4XDTIwMTExO...
t/signed/saml_request-xmlsec1-dsa-signed.xml view on Meta::CPAN
<?xml version="1.0"?>
<samlp:ArtifactResolve xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cce4ee769ed970b501d680f697989d14" IssueInstant="2010-09-18T17:33:01Z" Version="2.0">
<!-- this is a comment - we can still sign and verify -->
<saml:Issuer>http://dev/cgi-bin/zxidhlo.pl?o=B</saml:Issuer>
<samlp:Artifact>AAQAALN+k3vq4G80Xko1XPLwwxsvPbU/JPFWdERp73EBAjuV4yT7ce9UMDQ=</samlp:Artifact>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<dsig:Reference URI="#_cce4ee769ed970b501d680f697989d14">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>k6gGihHGVnQZp9UDE91kH27tnq8=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>Z4e1cwfEgXMC7l5a1Pf3eruB/zoP16c1fhzpbFeZHd1DQAym9VdkPw==</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:DSAKeyValue>
<dsig:P>
3F1cWxyKaQ3LvrmNQ3VhC8V1V6D8kG0BTaNDcBCOvv6QCs+C47dwl2XQYTFFFj2h
4JDh9Lb0iN/7SeyX6TDm+lZzC+NaDzsM3MkEFDjGRD1Nmv7U9qKXlt926XAmnaJa
h+7TEMZnQpfp7sw3gx9ySg2wOrxcsJron2M9BaXNZqE=
</dsig:P>
<dsig:Q>
rV9QMZEZe+gHIYZ0bkmCtFTwKyc=
</dsig:Q>
<dsig:G>
p//HjldAAFBB4ZQJuoLIw62OZoLrZCJaTmcH+btMxz7y2GpagNemN6IAHfFiZ6eU
5fSI+BZX2dnOTnG4rp4ZR2HSUQxk4SFTDduwidVx74KnOgGc6uC5h7sFI0EyGN5N
h0Sy8qVA2A4MGcYcN/mIRvzcNvpRDDzyw19EREK4tFg=
</dsig:G>
<dsig:Y>
Ncpnjk0HvI1GuGrgGS3WegzXVZw3eY/WHuopfkEams5n1GF/y0pewgiZBcQkLOcL
riwMWeg1NS87UNk0IWo9Md9OvYFL0Ss0cK6f8IPNDBFDX4QpRf/D8n10v78PWGjr
xlV5NRm2EVrEMSrFaUGlUlEuoxi0UrDLE/8yz7QXJZU=
</dsig:Y>
</dsig:DSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>
</dsig:Signature></samlp:ArtifactResolve>
t/signed/saml_request-xmlsec1-rsa-signed.xml view on Meta::CPAN
<?xml version="1.0"?>
<samlp:ArtifactResolve xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cce4ee769ed970b501d680f697989d14" IssueInstant="2010-09-18T17:33:01Z" Version="2.0">
<!-- this is a comment - we can still sign and verify -->
<saml:Issuer>http://dev/cgi-bin/zxidhlo.pl?o=B</saml:Issuer>
<samlp:Artifact>AAQAALN+k3vq4G80Xko1XPLwwxsvPbU/JPFWdERp73EBAjuV4yT7ce9UMDQ=</samlp:Artifact>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#_cce4ee769ed970b501d680f697989d14">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>k6gGihHGVnQZp9UDE91kH27tnq8=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>lY+LCGRQm3HwHx0x58xgQxkCCuvSwxcre2y8QKzmGHygjlIZEwEdvESjqLwKhAIf
ITdI6kB17UFLalBx9vEYAvy4x3/S4kROYH0cGXvDcCytdoTupR5c7tWqofcC7TC9
9j+F7R89QCZ6QNKZEigZ3++2Ss8rOIyxKdueUCkiCxlmfOj2Kp9pQyCUF36iJ7Oj
gd+qfCq3wOBTlZeCNl38swR7UnvYILE+HfqtStjJ9ygnwSdPjpE0/rwVdjs0jxcP
aGp5DAzXljOiNlIX0MNVy9W9TuhL9yp7SgAcaFh+eSelJCuiLq/vMc+g7UdNTpZr
syolUtxLJ0mLYbqnmmtODw==</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
MIIFuDCCA6CgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCQ0Ex
FjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxHTAbBgNVBAoMFENyeXB0LU9wZW5TU0wt
VmVyaWZ5MTUwMwYDVQQDDCxDcnlwdC1PcGVuU1NMLVZlcmlmeSBTSEEtMjU2IElu
dGVybWVkaWF0ZSBDQTAeFw0yMDA2MDMwMjM4MjJaFw0yMTA2MTMwMjM4MjJaMGcx
CzAJBgNVBAYTAkNBMRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRAwDgYDVQQHDAdN
b25jdG9uMRAwDgYDVQQKDAdYTUwtU2lnMRwwGgYDVQQDDBN4bWwtc2lnLmV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkqxhCTOB2Xx
FxCNWJt0bLWRQva6qOAPKiqlLfgJjG+YY2JaPtpO7WNV5oVqv9F21V/wgOkcQTZZ
QQQl/L/eXlnFpJeSpF31dupLnzrBU29qWjedNCkj+y01sprJG+c++2d2jV8Qccp5
5SklALtXYZ3K5OfILy4dFEqUyW0/Bk7Y/PdrAacAazumdNW2nw/ajbiXbUfm55Qe
t/signed/saml_request-xmlsec1-rsa-signed.xml view on Meta::CPAN
8qTWnB91DmyvBAI4V2l81bu8X2+HoBwK8YMn9+/mPVHBWfhhFuNZmDfAn7r2fA5o
rPZda9aw1IkH2KU4dl0lVAQdCDiDP3pow9+LQw/CRouqSsDwD4AepRVfgL0oaR/c
GoJJ94A4vEq2KMk3s8fke/wY5vSPyTEZfOdjkeMeHyl94MP3ntftArVmTN9I9Ge2
jcr4+c19buluYUDm0uS0LmIU+EqrtVKe81Vfo1Yw3gfZaMu6QPh0x3t11g9IDjVP
SG+Hv2YDtv6kvq0n/wR2rugIS/4MkKCIX7s4iphZ1gn6VD1ioG73YIidTCLlhwN6
hQi47lefGJ0tHMBrTqdUlJzwrYI7dAA+k/gHmautaAwgxGOsOrh0jR0i6IduPveE
2RDYQ1o07Bs9it0nJKOwZJxu7lYCrCCkumEyJsRrtutFfVNs0NJ6oYHPUwBtMp5x
guwuWkGWaDjeWZqPWSM5dB9RGCabiSC6/wiV6euKx99pBXKxEm5hjwIbAw3FZDJv
rtSTf7mzMXCplGYhk7pW+b0faYo9yR3Bt41klT3ynReHNfxfdT+Md2SPUn6zoEPE
zCtB4QhckJIeDQmaChU08zKMPU2d080HsjLYyw==
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></samlp:ArtifactResolve>
t/signed/saml_response.xml view on Meta::CPAN
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s227ad1998f82a10377ac96ad766cecc1c4a32243c" IssueInstant="2010-09-16T12:49:41Z" Version="2.0">
<saml:Issuer>http://openam.nodnol.org:8080/opensso</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#s227ad1998f82a10377ac96ad766cecc1c4a32243c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>S84coogDx7tiP5j2gogV46kgZgo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
oEEq4dpVudJ17AqEkl+rf2lFpiLqv/SJMggaBilmg7/WuXI+fTn3+185iIHnK8qxv4d97Uy4rXXA
KvutzluUhfAX1THLzFur/YmaTQt8j580uBWoPKZYkCCXARYkUrmQsiDXK7xrbyRFwBCUR03YkfaF
ubVGqu9fxK3uCp09OAg=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
t/signed/unassociated-signature-issue.xml view on Meta::CPAN
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="pfx9ce8679a-1bf6-1cb6-d064-64e39f6775b1" IssueInstant="2020-11-22T15:36:10.176Z" InResponseTo="inResponseToAAA" De...
t/signed/xmlsec1-signed-dsa-multiple.xml view on Meta::CPAN
<?xml version="1.0" encoding="utf-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="identifier_1" InResponseTo="identifier_1" Version="2.0" IssueInstant="2004-12-05...
<saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="identifier_2" Version="2.0" IssueInstant="2004-12-05T09:22:05Z">
<saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
<!-- a POSTed assertion MUST be signed -->
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
3f7b3dcf-1674-4ecd-92c8-1544f346baf8
</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="identifier_1" Recipient="https://sp.example.com/SAML2/SSO/POST" NotOnOrAfter="2004-12-05T09:27:05Z"/>
</saml:SubjectConfirmation>
</saml:Subject>
t/signed/xmlsec1-signed-dsa-multiple.xml view on Meta::CPAN
<saml:Audience>https://sp.example.com/SAML2</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2004-12-05T09:22:00Z" SessionIndex="identifier_3">
<saml:AuthnContext>
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<dsig:Reference URI="#identifier_2">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>WHNwnt7MBsBUujGCiQUCQKV60Y0=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>Qu/68YFY859lFyFd6pyAL/jOYvoJQOPggni5Z+SCKRYgb+PMp8IO4Q==</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:DSAKeyValue>
</dsig:DSAKeyValue>
</dsig:KeyInfo>
</dsig:Signature></saml:Assertion>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<dsig:Reference URI="#identifier_1">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue/>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:DSAKeyValue>
</dsig:DSAKeyValue>
</dsig:KeyInfo>
</dsig:Signature></samlp:Response>
t/signed/xmlsec1-signed-rsa-multiple.xml view on Meta::CPAN
<?xml version="1.0" encoding="utf-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="identifier_1" InResponseTo="identifier_1" Version="2.0" IssueInstant="2004-12-05...
<saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="identifier_2" Version="2.0" IssueInstant="2004-12-05T09:22:05Z">
<saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
<!-- a POSTed assertion MUST be signed -->
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
3f7b3dcf-1674-4ecd-92c8-1544f346baf8
</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="identifier_1" Recipient="https://sp.example.com/SAML2/SSO/POST" NotOnOrAfter="2004-12-05T09:27:05Z"/>
</saml:SubjectConfirmation>
</saml:Subject>
t/signed/xmlsec1-signed-rsa-multiple.xml view on Meta::CPAN
<saml:Audience>https://sp.example.com/SAML2</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2004-12-05T09:22:00Z" SessionIndex="identifier_3">
<saml:AuthnContext>
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#identifier_2">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>WHNwnt7MBsBUujGCiQUCQKV60Y0=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>PnEOz3n0wQnNEXIZUvwHyprg6Xs4qobuAkFsMWqd+2KzK7xqlbr+evydmeT35hfXSbtNzLlU7Mq3
ALnWzpY+rmnCt09mGKIbFfvs9Uf2AI0+vZWv3qdJ3/RxfcIAazX1FTk3aQbWBBNKPweYGVdsgSff
/U1eToPxWPM4iAzCCU0DG7TLOCstXUbqldvaYmn/aQ6MGKa0RrpGAOqyMEPz0M+yk2YCQB1JWNa9
wjiPcGTBxH7B4+84zFBRgPC7tMCX8HoTDUjm32QPN38tcimL5UY7emBXe580O0+WpNrnykS7lKZJ
IfRqydSPrQrwSxV61tX4ip2mUli4RxG/+h5LSA==
</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
MIIFuDCCA6CgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCQ0Ex
FjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxHTAbBgNVBAoMFENyeXB0LU9wZW5TU0wt
VmVyaWZ5MTUwMwYDVQQDDCxDcnlwdC1PcGVuU1NMLVZlcmlmeSBTSEEtMjU2IElu
dGVybWVkaWF0ZSBDQTAeFw0yMDA2MDMwMjM4MjJaFw0yMTA2MTMwMjM4MjJaMGcx
CzAJBgNVBAYTAkNBMRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRAwDgYDVQQHDAdN
b25jdG9uMRAwDgYDVQQKDAdYTUwtU2lnMRwwGgYDVQQDDBN4bWwtc2lnLmV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkqxhCTOB2Xx
FxCNWJt0bLWRQva6qOAPKiqlLfgJjG+YY2JaPtpO7WNV5oVqv9F21V/wgOkcQTZZ
QQQl/L/eXlnFpJeSpF31dupLnzrBU29qWjedNCkj+y01sprJG+c++2d2jV8Qccp5
5SklALtXYZ3K5OfILy4dFEqUyW0/Bk7Y/PdrAacAazumdNW2nw/ajbiXbUfm55Qe
t/signed/xmlsec1-signed-rsa-multiple.xml view on Meta::CPAN
8qTWnB91DmyvBAI4V2l81bu8X2+HoBwK8YMn9+/mPVHBWfhhFuNZmDfAn7r2fA5o
rPZda9aw1IkH2KU4dl0lVAQdCDiDP3pow9+LQw/CRouqSsDwD4AepRVfgL0oaR/c
GoJJ94A4vEq2KMk3s8fke/wY5vSPyTEZfOdjkeMeHyl94MP3ntftArVmTN9I9Ge2
jcr4+c19buluYUDm0uS0LmIU+EqrtVKe81Vfo1Yw3gfZaMu6QPh0x3t11g9IDjVP
SG+Hv2YDtv6kvq0n/wR2rugIS/4MkKCIX7s4iphZ1gn6VD1ioG73YIidTCLlhwN6
hQi47lefGJ0tHMBrTqdUlJzwrYI7dAA+k/gHmautaAwgxGOsOrh0jR0i6IduPveE
2RDYQ1o07Bs9it0nJKOwZJxu7lYCrCCkumEyJsRrtutFfVNs0NJ6oYHPUwBtMp5x
guwuWkGWaDjeWZqPWSM5dB9RGCabiSC6/wiV6euKx99pBXKxEm5hjwIbAw3FZDJv
rtSTf7mzMXCplGYhk7pW+b0faYo9yR3Bt41klT3ynReHNfxfdT+Md2SPUn6zoEPE
zCtB4QhckJIeDQmaChU08zKMPU2d080HsjLYyw==
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></saml:Assertion>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#identifier_1">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>MMATGDLt1nwo9bLT5pgkdPTHHxY=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>UoeieeRUkdQzqf1ZzQqFn94Zod3HYprC/Bt0PO21CH0XjyjpPMNRklwvPieuoNZpAI5yPAweHo92
TnUhosDcujZIQeY3/+owdhJcx5dZOobi3BuFi8f1kfXCQiXyFSv+iJYGiT0B77GuhwJODhyc1tuu
SeuQYmQpmn+r6m5G2yxQ/myT2IxPTuR6+21LIX61AXIUekh7KEhJAkW+VnVbAHePO9BA/jPDhI8Z
1IzUKVuqrx9ep//8fW+QPzU8TrQwj7s2/GiBNe9DxOfhsyV3GSmKFbFaM7N5Y6WYZ0al3ho//4Pu
zBkHlnjBbo6IFMrlymkbRP5ThfF6w5POoxEwkg==
</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
MIIFuDCCA6CgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCQ0Ex
FjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxHTAbBgNVBAoMFENyeXB0LU9wZW5TU0wt
VmVyaWZ5MTUwMwYDVQQDDCxDcnlwdC1PcGVuU1NMLVZlcmlmeSBTSEEtMjU2IElu
dGVybWVkaWF0ZSBDQTAeFw0yMDA2MDMwMjM4MjJaFw0yMTA2MTMwMjM4MjJaMGcx
CzAJBgNVBAYTAkNBMRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRAwDgYDVQQHDAdN
b25jdG9uMRAwDgYDVQQKDAdYTUwtU2lnMRwwGgYDVQQDDBN4bWwtc2lnLmV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkqxhCTOB2Xx
FxCNWJt0bLWRQva6qOAPKiqlLfgJjG+YY2JaPtpO7WNV5oVqv9F21V/wgOkcQTZZ
QQQl/L/eXlnFpJeSpF31dupLnzrBU29qWjedNCkj+y01sprJG+c++2d2jV8Qccp5
5SklALtXYZ3K5OfILy4dFEqUyW0/Bk7Y/PdrAacAazumdNW2nw/ajbiXbUfm55Qe
t/signed/xmlsec1-signed-rsa-multiple.xml view on Meta::CPAN
8qTWnB91DmyvBAI4V2l81bu8X2+HoBwK8YMn9+/mPVHBWfhhFuNZmDfAn7r2fA5o
rPZda9aw1IkH2KU4dl0lVAQdCDiDP3pow9+LQw/CRouqSsDwD4AepRVfgL0oaR/c
GoJJ94A4vEq2KMk3s8fke/wY5vSPyTEZfOdjkeMeHyl94MP3ntftArVmTN9I9Ge2
jcr4+c19buluYUDm0uS0LmIU+EqrtVKe81Vfo1Yw3gfZaMu6QPh0x3t11g9IDjVP
SG+Hv2YDtv6kvq0n/wR2rugIS/4MkKCIX7s4iphZ1gn6VD1ioG73YIidTCLlhwN6
hQi47lefGJ0tHMBrTqdUlJzwrYI7dAA+k/gHmautaAwgxGOsOrh0jR0i6IduPveE
2RDYQ1o07Bs9it0nJKOwZJxu7lYCrCCkumEyJsRrtutFfVNs0NJ6oYHPUwBtMp5x
guwuWkGWaDjeWZqPWSM5dB9RGCabiSC6/wiV6euKx99pBXKxEm5hjwIbAw3FZDJv
rtSTf7mzMXCplGYhk7pW+b0faYo9yR3Bt41klT3ynReHNfxfdT+Md2SPUn6zoEPE
zCtB4QhckJIeDQmaChU08zKMPU2d080HsjLYyw==
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></samlp:Response>
t/unsigned/saml_metadata.xml view on Meta::CPAN
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="http://localhost:3000" ID="_8f32b973-729a-48fd-9275-0887f06e1cc8">
<md:SPSSODescriptor ID="NETSAML2_1c3b4c4d82aad0d9ecc41e400ef4079e" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="0" WantAssertionsSigned="0" errorURL="http://localhost:3000/error">
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQUFADA3MQswCQYDVQQGEwJVUzEO
MAwGA1UECgwFbG9jYWwxCzAJBgNVBAsMAmN0MQswCQYDVQQDDAJDQTAeFw0xMDEw
MDYxMjM4MTRaFw0xMTEwMDYxMjM4MTRaMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQK
DAVsb2NhbDELMAkGA1UECwwCY3QxDTALBgNVBAMMBHNhbWwxHDAaBgkqhkiG9w0B
CQEWDXNhbWxAY3QubG9jYWwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMhu
t/unsigned/xml-sig-unsigned-dsa-multiple.xml view on Meta::CPAN
<?xml version="1.0" encoding="utf-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="identifier_1" InResponseTo="identifier_1" Version="2.0" IssueInstant="2004-12-05...
<saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="identifier_2" Version="2.0" IssueInstant="2004-12-05T09:22:05Z">
<saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
<!-- a POSTed assertion MUST be signed -->
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
3f7b3dcf-1674-4ecd-92c8-1544f346baf8
</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="identifier_1" Recipient="https://sp.example.com/SAML2/SSO/POST" NotOnOrAfter="2004-12-05T09:27:05Z"/>
</saml:SubjectConfirmation>
</saml:Subject>
t/unsigned/xml-sig-unsigned-dsa-multiple.xml view on Meta::CPAN
<saml:Audience>https://sp.example.com/SAML2</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2004-12-05T09:22:00Z" SessionIndex="identifier_3">
<saml:AuthnContext>
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<dsig:Reference URI="#identifier_2">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:DSAKeyValue>
<dsig:P>
</dsig:P>
<dsig:Q>
</dsig:Q>
<dsig:G>
</dsig:G>
<dsig:Y>
</dsig:Y>
</dsig:DSAKeyValue>
</dsig:KeyInfo>
</dsig:Signature></saml:Assertion>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<dsig:Reference URI="#identifier_1">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:DSAKeyValue>
<dsig:P>
</dsig:P>
<dsig:Q>
</dsig:Q>
<dsig:G>
</dsig:G>
<dsig:Y>
</dsig:Y>
</dsig:DSAKeyValue>
</dsig:KeyInfo>
</dsig:Signature></samlp:Response>
t/unsigned/xml-sig-unsigned-rsa-multiple.xml view on Meta::CPAN
<?xml version="1.0" encoding="utf-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="identifier_1" InResponseTo="identifier_1" Version="2.0" IssueInstant="2004-12-05...
<saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="identifier_2" Version="2.0" IssueInstant="2004-12-05T09:22:05Z">
<saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
<!-- a POSTed assertion MUST be signed -->
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
3f7b3dcf-1674-4ecd-92c8-1544f346baf8
</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="identifier_1" Recipient="https://sp.example.com/SAML2/SSO/POST" NotOnOrAfter="2004-12-05T09:27:05Z"/>
</saml:SubjectConfirmation>
</saml:Subject>
t/unsigned/xml-sig-unsigned-rsa-multiple.xml view on Meta::CPAN
<saml:Audience>https://sp.example.com/SAML2</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2004-12-05T09:22:00Z" SessionIndex="identifier_3">
<saml:AuthnContext>
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#identifier_2">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></saml:Assertion>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#identifier_1">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></samlp:Response>
t/xmlsec-keys.xml view on Meta::CPAN
<?xml version="1.0"?>
<Keys xmlns="http://www.aleksey.com/xmlsec/2002">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>tim</KeyName>
<KeyValue>
<HMACKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">0xXHREA0s/rJwUIa9diyTJVhHgMs8OgMpp7FvGnUH1TApJeCq+PwZKcVCQQmaNNn
yl5pRE67PP9+f9og/JIg3TdJBbzMR/XVjowRQWY4tM4iufz+TIcgjLtPGgriQ+vk
1ABik1RrS9rZzxgCSvizfUmDaNsS/oIHhyVXoc2JXTM=</HMACKeyValue>
</KeyValue>
</KeyInfo>
</Keys>
( run in 1.814 second using v1.01-cache-2.11-cpan-71847e10f99 )