backport-encrypted-private-key.patch
bindings/python/tests/profiles_tests.py | ||
---|---|---|
43 | 43 |
srcdir = os.environ.get('srcdir', '.') |
44 | 44 |
dataDir = '%s/../../../tests/data' % srcdir |
45 | 45 | |
46 |
def server(local_name, remote_role, remote_name): |
|
47 |
pwd = os.path.join(dataDir, local_name, 'password') |
|
48 |
password = None |
|
49 |
if os.path.exists(pwd): |
|
50 |
password = file(pwd).read() |
|
51 |
s = lasso.Server(os.path.join(dataDir, local_name, 'metadata.xml'), |
|
52 |
os.path.join(dataDir, local_name, 'private-key.pem'), |
|
53 |
password) |
|
54 |
s.addProvider(remote_role, os.path.join(dataDir, remote_name, 'metadata.xml')) |
|
55 |
return s |
|
56 | ||
46 | 57 | |
47 | 58 |
class ServerTestCase(unittest.TestCase): |
48 | 59 |
def test01(self): |
... | ... | |
208 | 219 |
self.failUnless('<action2>do action 2</action2>' in extensionsList[0]) |
209 | 220 |
self.failUnless('<action3>do action 3</action3>' in extensionsList[0]) |
210 | 221 | |
222 |
def test_05(self): |
|
223 |
'''Login test between SP and IdP with encrypted private keys''' |
|
224 |
sp_server = server('sp7-saml2', lasso.PROVIDER_ROLE_IDP, 'idp7-saml2') |
|
225 |
idp_server = server('idp7-saml2', lasso.PROVIDER_ROLE_SP, 'sp7-saml2') |
|
226 | ||
227 |
sp_login = lasso.Login(sp_server) |
|
228 |
sp_login.initAuthnRequest() |
|
229 |
sp_login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST; |
|
230 |
sp_login.buildAuthnRequestMsg() |
|
231 |
idp_login = lasso.Login(idp_server) |
|
232 |
# idp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE) |
|
233 |
idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1]) |
|
234 |
idp_login.validateRequestMsg(True, True) |
|
235 |
idp_login.buildAssertion("None", "None", "None", "None", "None") |
|
236 |
idp_login.buildAuthnResponseMsg() |
|
237 |
# sp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE) |
|
238 |
sp_login.processAuthnResponseMsg(idp_login.msgBody) |
|
239 |
sp_login.acceptSso() |
|
211 | 240 | |
212 | 241 |
class LogoutTestCase(unittest.TestCase): |
213 | 242 |
def test01(self): |
lasso/saml-2.0/assertion_query.c | ||
---|---|---|
292 | 292 |
response->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE; |
293 | 293 |
} |
294 | 294 |
response->private_key_file = g_strdup(profile->server->private_key); |
295 |
response->private_key_password = g_strdup(profile->server->private_key_password); |
|
295 | 296 |
response->certificate_file = g_strdup(profile->server->certificate); |
296 | 297 | |
297 | 298 |
/* verify signature status */ |
... | ... | |
346 | 347 |
response->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE; |
347 | 348 |
} |
348 | 349 |
response->private_key_file = g_strdup(profile->server->private_key); |
350 |
response->private_key_password = g_strdup(profile->server->private_key_password); |
|
349 | 351 |
response->certificate_file = g_strdup(profile->server->certificate); |
350 | 352 |
return 0; |
351 | 353 |
} |
lasso/saml-2.0/login.c | ||
---|---|---|
144 | 144 |
if (must_sign) { |
145 | 145 |
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_file = |
146 | 146 |
g_strdup(profile->server->private_key); |
147 |
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_password = |
|
148 |
g_strdup(profile->server->private_key_password); |
|
147 | 149 |
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->certificate_file = |
148 | 150 |
g_strdup(profile->server->certificate); |
149 | 151 |
} |
... | ... | |
867 | 869 |
} |
868 | 870 |
assertion->sign_method = profile->server->signature_method; |
869 | 871 |
assertion->private_key_file = g_strdup(profile->server->private_key); |
872 |
assertion->private_key_password = g_strdup(profile->server->private_key_password); |
|
870 | 873 |
assertion->certificate_file = g_strdup(profile->server->certificate); |
871 | 874 | |
872 | 875 |
/* Save encryption material in assertion private datas to be able to encrypt later */ |
... | ... | |
985 | 988 | |
986 | 989 |
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_file = |
987 | 990 |
g_strdup(profile->server->private_key); |
991 |
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_password = |
|
992 |
g_strdup(profile->server->private_key_password); |
|
988 | 993 |
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->certificate_file = |
989 | 994 |
g_strdup(profile->server->certificate); |
990 | 995 |
profile->msg_body = lasso_node_export_to_soap(profile->request); |
... | ... | |
1036 | 1041 | |
1037 | 1042 |
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->private_key_file = |
1038 | 1043 |
g_strdup(profile->server->private_key); |
1044 |
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->private_key_password = |
|
1045 |
g_strdup(profile->server->private_key_password); |
|
1039 | 1046 |
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->certificate_file = |
1040 | 1047 |
g_strdup(profile->server->certificate); |
1041 | 1048 | |
... | ... | |
1397 | 1404 | |
1398 | 1405 |
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->private_key_file = |
1399 | 1406 |
g_strdup(profile->server->private_key); |
1407 |
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->private_key_password = |
|
1408 |
g_strdup(profile->server->private_key_password); |
|
1400 | 1409 |
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->certificate_file = |
1401 | 1410 |
g_strdup(profile->server->certificate); |
1402 | 1411 |
lasso/saml-2.0/logout.c | ||
---|---|---|
199 | 199 |
} |
200 | 200 |
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_file = |
201 | 201 |
g_strdup(profile->server->private_key); |
202 |
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_password = |
|
203 |
g_strdup(profile->server->private_key_password); |
|
202 | 204 |
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->certificate_file = |
203 | 205 |
g_strdup(profile->server->certificate); |
204 | 206 | |
... | ... | |
299 | 301 |
response->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE; |
300 | 302 |
} |
301 | 303 |
response->private_key_file = g_strdup(profile->server->private_key); |
304 |
response->private_key_password = g_strdup(profile->server->private_key_password); |
|
302 | 305 |
response->certificate_file = g_strdup(profile->server->certificate); |
303 | 306 | |
304 | 307 |
/* verify signature status */ |
... | ... | |
466 | 469 |
response->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE; |
467 | 470 |
} |
468 | 471 |
response->private_key_file = g_strdup(profile->server->private_key); |
472 |
response->private_key_password = g_strdup(profile->server->private_key_password); |
|
469 | 473 |
response->certificate_file = g_strdup(profile->server->certificate); |
470 | 474 |
} |
471 | 475 |
lasso/saml-2.0/profile.c | ||
---|---|---|
340 | 340 |
response->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE; |
341 | 341 |
} |
342 | 342 |
response->private_key_file = g_strdup(profile->server->private_key); |
343 |
response->private_key_password = g_strdup(profile->server->private_key_password); |
|
343 | 344 |
response->certificate_file = g_strdup(profile->server->certificate); |
344 | 345 | |
345 | 346 |
profile->response = LASSO_NODE(response); |
... | ... | |
791 | 792 |
request_abstract->sign_type = server->certificate ? LASSO_SIGNATURE_TYPE_WITHX509 : |
792 | 793 |
LASSO_SIGNATURE_TYPE_SIMPLE; |
793 | 794 |
lasso_assign_string(request_abstract->private_key_file, server->private_key); |
795 |
lasso_assign_string(request_abstract->private_key_password, server->private_key_password); |
|
794 | 796 |
lasso_assign_string(request_abstract->certificate_file, server->certificate); |
795 | 797 | |
796 | 798 |
cleanup: |
... | ... | |
935 | 937 |
response_abstract->sign_type = server->certificate ? LASSO_SIGNATURE_TYPE_WITHX509 : |
936 | 938 |
LASSO_SIGNATURE_TYPE_SIMPLE; |
937 | 939 |
lasso_assign_string(response_abstract->private_key_file, server->private_key); |
940 |
lasso_assign_string(response_abstract->private_key_password, server->private_key_password); |
|
938 | 941 |
lasso_assign_string(response_abstract->certificate_file, server->certificate); |
939 | 942 | |
940 | 943 |
cleanup: |
... | ... | |
1039 | 1042 |
} |
1040 | 1043 |
if (sign && lasso_flag_add_signature) { |
1041 | 1044 |
result = lasso_query_sign(unsigned_query, profile->server->signature_method, |
1042 |
profile->server->private_key); |
|
1045 |
profile->server->private_key, profile->server->private_key_password);
|
|
1043 | 1046 |
lasso_release_string(unsigned_query); |
1044 | 1047 |
} else { |
1045 | 1048 |
result = unsigned_query; |
lasso/xml/private.h | ||
---|---|---|
121 | 121 |
xmlSecKeysMngr* lasso_load_certs_from_pem_certs_chain_file (const char *file); |
122 | 122 | |
123 | 123 |
char* lasso_query_sign(char *query, LassoSignatureMethod sign_method, |
124 |
const char *private_key_file); |
|
124 |
const char *private_key_file, const char *private_key_password);
|
|
125 | 125 | |
126 | 126 |
int lasso_query_verify_signature(const char *query, const xmlSecKey *public_key); |
127 | 127 | |
... | ... | |
130 | 130 |
char** urlencoded_to_strings(const char *str); |
131 | 131 | |
132 | 132 |
int lasso_sign_node(xmlNode *xmlnode, const char *id_attr_name, const char *id_value, |
133 |
const char *private_key_file, const char *certificate_file); |
|
133 |
const char *private_key_file, const char *private_key_password, |
|
134 |
const char *certificate_file); |
|
134 | 135 | |
135 | 136 |
int lasso_verify_signature(xmlNode *signed_node, xmlDoc *doc, const char *id_attr_name, |
136 | 137 |
xmlSecKeysMngr *keys_manager, xmlSecKey *public_key, |
lasso/xml/saml-2.0/saml2_assertion.c | ||
---|---|---|
98 | 98 |
G_STRUCT_OFFSET(LassoSaml2Assertion, sign_method), NULL, NULL, NULL}, |
99 | 99 |
{ "PrivateKeyFile", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, |
100 | 100 |
G_STRUCT_OFFSET(LassoSaml2Assertion, private_key_file), NULL, NULL, NULL}, |
101 |
{ "PrivateKeyPassword", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, |
|
102 |
G_STRUCT_OFFSET(LassoSaml2Assertion, private_key_password), NULL, NULL, NULL}, |
|
101 | 103 |
{ "CertificateFile", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, |
102 | 104 |
G_STRUCT_OFFSET(LassoSaml2Assertion, certificate_file), NULL, NULL, NULL}, |
103 | 105 |
{ "EncryptionActivated", SNIPPET_ATTRIBUTE | SNIPPET_BOOLEAN | SNIPPET_LASSO_DUMP, |
... | ... | |
129 | 131 |
"No Private Key set for signing saml2:Assertion"); |
130 | 132 |
} else { |
131 | 133 |
rc = lasso_sign_node(xmlnode, "ID", assertion->ID, |
132 |
assertion->private_key_file, assertion->certificate_file); |
|
134 |
assertion->private_key_file, assertion->private_key_password, assertion->certificate_file);
|
|
133 | 135 |
if (rc != 0) { |
134 | 136 |
message(G_LOG_LEVEL_WARNING, "Signing of saml2:Assertion failed: %s", lasso_strerror(rc)); |
135 | 137 |
} |
lasso/xml/saml-2.0/saml2_assertion.h | ||
---|---|---|
77 | 77 |
LassoSignatureType sign_type; |
78 | 78 |
LassoSignatureMethod sign_method; |
79 | 79 |
char *private_key_file; |
80 |
char *private_key_password; |
|
80 | 81 |
char *certificate_file; |
81 | 82 |
gboolean encryption_activated; |
82 | 83 |
char *encryption_public_key_str; |
lasso/xml/saml-2.0/samlp2_request_abstract.c | ||
---|---|---|
84 | 84 |
G_STRUCT_OFFSET(LassoSamlp2RequestAbstract, sign_method), NULL, NULL, NULL}, |
85 | 85 |
{ "PrivateKeyFile", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, |
86 | 86 |
G_STRUCT_OFFSET(LassoSamlp2RequestAbstract, private_key_file), NULL, NULL, NULL}, |
87 |
{ "PrivateKeyPassword", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, |
|
88 |
G_STRUCT_OFFSET(LassoSamlp2RequestAbstract, private_key_password), NULL, NULL, NULL}, |
|
87 | 89 |
{ "CertificateFile", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, |
88 | 90 |
G_STRUCT_OFFSET(LassoSamlp2RequestAbstract, certificate_file), NULL, NULL, NULL}, |
89 | 91 | |
... | ... | |
127 | 129 |
"No Private Key set for signing samlp2:RequestAbstract"); |
128 | 130 |
} else { |
129 | 131 |
rc = lasso_sign_node(xmlnode, "ID", request->ID, |
130 |
request->private_key_file, request->certificate_file); |
|
132 |
request->private_key_file, request->private_key_password, request->certificate_file);
|
|
131 | 133 |
if (rc != 0) { |
132 | 134 |
message(G_LOG_LEVEL_WARNING, "Signing of samlp2:RequestAbstract failed: %s", lasso_strerror(rc)); |
133 | 135 |
} |
lasso/xml/saml-2.0/samlp2_request_abstract.h | ||
---|---|---|
69 | 69 |
LassoSignatureType sign_type; |
70 | 70 |
LassoSignatureMethod sign_method; |
71 | 71 |
char *private_key_file; |
72 |
char *private_key_password; |
|
72 | 73 |
char *certificate_file; |
73 | 74 | |
74 | 75 |
}; |
lasso/xml/saml-2.0/samlp2_status_response.c | ||
---|---|---|
89 | 89 |
G_STRUCT_OFFSET(LassoSamlp2StatusResponse, sign_method), NULL, NULL, NULL}, |
90 | 90 |
{ "PrivateKeyFile", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, |
91 | 91 |
G_STRUCT_OFFSET(LassoSamlp2StatusResponse, private_key_file), NULL, NULL, NULL}, |
92 |
{ "PrivateKeyPassword", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, |
|
93 |
G_STRUCT_OFFSET(LassoSamlp2StatusResponse, private_key_password), NULL, NULL, NULL}, |
|
92 | 94 |
{ "CertificateFile", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, |
93 | 95 |
G_STRUCT_OFFSET(LassoSamlp2StatusResponse, certificate_file), NULL, NULL, NULL}, |
94 | 96 | |
... | ... | |
132 | 134 |
"No Private Key set for signing samlp2:StatusResponse"); |
133 | 135 |
} else { |
134 | 136 |
rc = lasso_sign_node(xmlnode, "ID", response->ID, |
135 |
response->private_key_file, response->certificate_file); |
|
137 |
response->private_key_file, response->private_key_password, response->certificate_file);
|
|
136 | 138 |
if (rc != 0) { |
137 | 139 |
message(G_LOG_LEVEL_WARNING, "Signing of samlp2:StatusResponse failed: %s", lasso_strerror(rc)); |
138 | 140 |
} |
lasso/xml/saml-2.0/samlp2_status_response.h | ||
---|---|---|
72 | 72 |
LassoSignatureType sign_type; |
73 | 73 |
LassoSignatureMethod sign_method; |
74 | 74 |
char *private_key_file; |
75 |
char *private_key_password; |
|
75 | 76 |
char *certificate_file; |
76 | 77 | |
77 | 78 |
}; |
lasso/xml/saml_assertion.c | ||
---|---|---|
165 | 165 |
"No Private Key set for signing saml:Assertion"); |
166 | 166 |
} else { |
167 | 167 |
rc = lasso_sign_node(xmlnode, "AssertionID", assertion->AssertionID, |
168 |
assertion->private_key_file, assertion->certificate_file); |
|
168 |
assertion->private_key_file, NULL, assertion->certificate_file);
|
|
169 | 169 |
if (rc != 0) { |
170 | 170 |
message(G_LOG_LEVEL_WARNING, "Signing of saml:Assertion failed: %s", lasso_strerror(rc)); |
171 | 171 |
} |
lasso/xml/samlp_request_abstract.c | ||
---|---|---|
93 | 93 |
"No Private Key set for signing samlp:RequestAbstract"); |
94 | 94 |
} else { |
95 | 95 |
rc = lasso_sign_node(xmlnode, "RequestID", request->RequestID, |
96 |
request->private_key_file, request->certificate_file); |
|
96 |
request->private_key_file, NULL, request->certificate_file);
|
|
97 | 97 |
if (rc != 0) { |
98 | 98 |
message(G_LOG_LEVEL_WARNING, "Signing of samlp:RequestAbstract failed: %s", lasso_strerror(rc)); |
99 | 99 |
} |
lasso/xml/samlp_response_abstract.c | ||
---|---|---|
97 | 97 |
"No Private Key set for signing samlp:ResponseAbstract"); |
98 | 98 |
} else { |
99 | 99 |
rc = lasso_sign_node(xmlnode, "ResponseID", response->ResponseID, |
100 |
response->private_key_file, response->certificate_file); |
|
100 |
response->private_key_file, NULL, response->certificate_file);
|
|
101 | 101 |
if (rc != 0) { |
102 | 102 |
message(G_LOG_LEVEL_WARNING, "Signing of samlp:ResponseAbstract failed: %s", lasso_strerror(rc)); |
103 | 103 |
} |
lasso/xml/tools.c | ||
---|---|---|
379 | 379 |
* Return value: a newly allocated query signed or NULL if an error occurs. |
380 | 380 |
**/ |
381 | 381 |
char* |
382 |
lasso_query_sign(char *query, LassoSignatureMethod sign_method, const char *private_key_file) |
|
382 |
lasso_query_sign(char *query, LassoSignatureMethod sign_method, const char *private_key_file, |
|
383 |
G_GNUC_UNUSED const char *private_key_password) |
|
383 | 384 |
{ |
384 | 385 |
BIO *bio = NULL; |
385 | 386 |
char *digest = NULL; /* 160 bit buffer */ |
... | ... | |
433 | 434 |
/* calculate signature value */ |
434 | 435 |
if (sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) { |
435 | 436 |
/* load private key */ |
436 |
rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
|
|
437 |
rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, (void*)private_key_password);
|
|
437 | 438 |
if (rsa == NULL) { |
438 | 439 |
goto done; |
439 | 440 |
} |
... | ... | |
443 | 444 |
status = RSA_sign(NID_sha1, (unsigned char*)digest, 20, sigret, &siglen, rsa); |
444 | 445 |
RSA_free(rsa); |
445 | 446 |
} else if (sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) { |
446 |
dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL);
|
|
447 |
dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, (void*)private_key_password);
|
|
447 | 448 |
if (dsa == NULL) { |
448 | 449 |
goto done; |
449 | 450 |
} |
... | ... | |
744 | 745 | |
745 | 746 |
int |
746 | 747 |
lasso_sign_node(xmlNode *xmlnode, const char *id_attr_name, const char *id_value, |
747 |
const char *private_key_file, const char *certificate_file) |
|
748 |
const char *private_key_file, G_GNUC_UNUSED const char* private_key_password, const char *certificate_file)
|
|
748 | 749 |
{ |
749 | 750 |
xmlDoc *doc; |
750 | 751 |
xmlNode *sign_tmpl, *old_parent; |
... | ... | |
769 | 770 |
if (access(private_key_file, R_OK) == 0) { |
770 | 771 |
dsig_ctx->signKey = xmlSecCryptoAppKeyLoad(private_key_file, |
771 | 772 |
xmlSecKeyDataFormatPem, |
772 |
NULL, NULL, NULL);
|
|
773 |
private_key_password, NULL, NULL);
|
|
773 | 774 |
} else { |
774 | 775 |
int len = private_key_file ? strlen(private_key_file) : 0; |
775 | 776 |
dsig_ctx->signKey = xmlSecCryptoAppKeyLoadMemory((xmlSecByte*)private_key_file, len, |
776 |
xmlSecKeyDataFormatPem, NULL, NULL, NULL);
|
|
777 |
xmlSecKeyDataFormatPem, private_key_password, NULL, NULL);
|
|
777 | 778 |
} |
778 | 779 |
if (dsig_ctx->signKey == NULL) { |
779 | 780 |
xmlSecDSigCtxDestroy(dsig_ctx); |
lasso/xml/xml.c | ||
---|---|---|
390 | 390 | |
391 | 391 |
unsigned_query = lasso_node_build_query(node); |
392 | 392 |
if (private_key_file) { |
393 |
query = lasso_query_sign(unsigned_query, sign_method, private_key_file); |
|
393 |
query = lasso_query_sign(unsigned_query, sign_method, private_key_file, NULL);
|
|
394 | 394 |
} else { |
395 | 395 |
lasso_transfer_string(query, unsigned_query); |
396 | 396 |
} |
tests/data/idp7-saml2/metadata.xml | ||
---|---|---|
1 |
<?xml version="1.0"?> |
|
2 |
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" |
|
3 |
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" |
|
4 |
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" |
|
5 |
entityID="http://idp5/metadata"> |
|
6 |
<IDPSSODescriptor |
|
7 |
WantAuthnRequestsSigned="true" |
|
8 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
9 |
<KeyDescriptor use="signing"> |
|
10 |
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> |
|
11 |
<ds:X509Data><ds:X509Certificate> |
|
12 |
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP |
|
13 |
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91 |
|
14 |
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5 |
|
15 |
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF |
|
16 |
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw |
|
17 |
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq |
|
18 |
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m |
|
19 |
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u |
|
20 |
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH |
|
21 |
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi |
|
22 |
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA |
|
23 |
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 |
|
24 |
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G |
|
25 |
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB |
|
26 |
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ |
|
27 |
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa |
|
28 |
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew |
|
29 |
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP |
|
30 |
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR |
|
31 |
LlTxKnCrWAXftSm1rNtewTsF |
|
32 |
</ds:X509Certificate></ds:X509Data> |
|
33 |
</ds:KeyInfo> |
|
34 |
</KeyDescriptor> |
|
35 |
<KeyDescriptor use="encryption"> |
|
36 |
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> |
|
37 |
<ds:KeyValue> |
|
38 |
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP |
|
39 |
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91 |
|
40 |
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5 |
|
41 |
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF |
|
42 |
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw |
|
43 |
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq |
|
44 |
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m |
|
45 |
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u |
|
46 |
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH |
|
47 |
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi |
|
48 |
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA |
|
49 |
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 |
|
50 |
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G |
|
51 |
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB |
|
52 |
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ |
|
53 |
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa |
|
54 |
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew |
|
55 |
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP |
|
56 |
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR |
|
57 |
LlTxKnCrWAXftSm1rNtewTsF |
|
58 |
</ds:KeyValue> |
|
59 |
</ds:KeyInfo> |
|
60 |
</KeyDescriptor> |
|
61 | ||
62 |
<ArtifactResolutionService isDefault="true" index="0" |
|
63 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
64 |
Location="http://idp5/artifact" /> |
|
65 |
<SingleLogoutService |
|
66 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
67 |
Location="http://idp5/singleLogoutSOAP" /> |
|
68 |
<SingleLogoutService |
|
69 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
70 |
Location="http://idp5/singleLogout" |
|
71 |
ResponseLocation="http://idp5/singleLogoutReturn" /> |
|
72 |
<ManageNameIDService |
|
73 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
74 |
Location="http://idp5/manageNameIdSOAP" /> |
|
75 |
<ManageNameIDService |
|
76 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
77 |
Location="http://idp5/manageNameId" |
|
78 |
ResponseLocation="http://idp5/manageNameIdReturn" /> |
|
79 |
<SingleSignOnService |
|
80 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
81 |
Location="http://idp5/singleSignOn" /> |
|
82 |
<SingleSignOnService |
|
83 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
84 |
Location="http://idp5/singleSignOnSOAP" /> |
|
85 |
</IDPSSODescriptor> |
|
86 |
<AuthnAuthorityDescriptor |
|
87 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
88 |
<AuthnQueryService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authnQueryService"/> |
|
89 |
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/authnAuthAssertionIDRequestService"/> |
|
90 |
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> |
|
91 |
</AuthnAuthorityDescriptor> |
|
92 |
<PDPDescriptor |
|
93 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
94 |
<AuthzService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authzService"/> |
|
95 |
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/PDPAuthAssertionIDRequestService"/> |
|
96 |
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:kerberos</NameIDFormat> |
|
97 |
</PDPDescriptor> |
|
98 |
<AttributeAuthorityDescriptor |
|
99 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
100 |
<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/attributeService"/> |
|
101 |
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/AttributeAuthAssertionIDRequestService"/> |
|
102 |
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat> |
|
103 |
</AttributeAuthorityDescriptor> |
|
104 |
<Organization> |
|
105 |
<OrganizationName xml:lang="en">Entr'ouvert</OrganizationName> |
|
106 |
</Organization> |
|
107 | ||
108 |
</EntityDescriptor> |
tests/data/idp7-saml2/password | ||
---|---|---|
1 |
geronimo |
tests/data/idp7-saml2/private-key.pem | ||
---|---|---|
1 |
-----BEGIN RSA PRIVATE KEY----- |
|
2 |
Proc-Type: 4,ENCRYPTED |
|
3 |
DEK-Info: AES-256-CBC,41BE9422FBDF1769BFEF03F9116F7A86 |
|
4 | ||
5 |
qKrThgVCsCb5Lx/7RIpwuvDZi6gvxEFb33QEjIEWdZ+ad0dkGRvxrIqqj+XvHEeW |
|
6 |
V57oPO1sFAlgb+zBrGZpqItCAJEqC4NU55SwKZpKUtT0XdlHFRyfORlBwzb0qW/3 |
|
7 |
dZbyhsEm+164MdXsCZiUYS/VAm8b1pYmBIkoPSZMMnPljNYVigRpYttF9dwMYgTQ |
|
8 |
u/FwRS696qGSyo7ko00P8UbtTLgM+ufkCFNld6uxYphSNXAQyRQz4vQs97emNE58 |
|
9 |
4JB5//0agCOa9qUz14ZQSpM2JyoevMHUOHyjbGJOLsCMPnQEboKvgj0gsZcgP2Ys |
|
10 |
K4Nf/EQKadBbXpK4olxz50e6ybR0i7nylYsu7YVFyFR9GWbra29OAYEPvQxvBll7 |
|
11 |
RIoZ4hI0ZgBY0qFFcyZbKH94Pqk5w0QSjfkHPcH/WL0UjLb+n59KsIUnmZ3dtiF9 |
|
12 |
9mdE71wq94jOcqibjVmUy3Gyw4COZKTTjq9ptuLBC6fEPxGh6dfpSSV431Wpvpxy |
|
13 |
OE15vfeT1i/ymH0ckWsQXgUqZ6QTuaTvlu5JpD94Blu7p6Rzj5fxEnLhOtwjXWpq |
|
14 |
k6MAlS9bKhGbPbnzAqm5HkRypgDaNBPRXZhb9LClB5ysfjZRNdxCWrWusEGEtioQ |
|
15 |
TdkPsUZ78d8m3u+FvOM2mTVkQBa6sAEl1l8fuOITuaNCYLBIIhyAvJfXRHhOC+zs |
|
16 |
nvS6DX+3bZupxFJFcMi9fqlmz0QSXj4tKlbHY/xo3dGqQj5BWyibo8tDVhVIYy99 |
|
17 |
zo/t8J0LTfSSCIvoV2gFHSoC7RIJ9Q25L0AV6TQiB2F/7FTeznfd7Tk9ZHokmiED |
|
18 |
5VAKGRjDmPCZIJr2pbeEmwzs3r/p53JfLyNProv+ljTJLgdFtG1en5A3MsmymR0c |
|
19 |
LTIxHWZjAwl7ai1yGghzqVYllm+OFjo6LsSusbuQwKs+Bo9qZPCBb10gQGur+ZR8 |
|
20 |
r9Vfd3WV/WMJfi8Ciogd+uXhPzVxf5PyBvZh9vwqXHSB9YLxe+NpAxLxF5OuZmJx |
|
21 |
VBdTA5y19XUvyucOOxjcJZaZTP6BYADsaUxhQIQHfyUtk6Y7Iwk2Abf4TQIuC5x6 |
|
22 |
XEeRSmbKPCkuKh9L0H4KcK6hmFSyh7AICpUEW7tcMtK9HaZT/K5jsHPkG5q/3GXh |
|
23 |
ed7e0QaA2Qc0uAvoFgGTPkgE6Nym30R6NUlnHl2T3gK9Ei6fQKdTYPYgRXAKmbNO |
|
24 |
Wp0cjQ7w1zUNjoxkACX2Br2xm3DhnLVFPj6AWpnCsTtQA3ecgIzvSZugxpr0muP0 |
|
25 |
SIPpBuyko+t0YQjP3DOZxeiLQ5o+3VxI749KfDuaNZsDN7ZPso7Pt1oG34uGgsFl |
|
26 |
UypVEv+CgzTkepPPqJTWgK5VfNrSK3ev7Is90bpiyjwqywlwYaZUOXBm+wBwUmtH |
|
27 |
T+lLtw00R5JGolA4I2MCd4PTauzbj30jLYJWLLW8sZcfMgpwnKUNtVwRaDMnOXIA |
|
28 |
eX0cesfIbMiYF1sgR2Lqar/uqSJf1Kx8xIFdvqYZWsudF0ij4fva4xtCc0bgrnSy |
|
29 |
lz91YgfF95hTd/qcCiO5GQxScG7umtUZLYmZKqtYKDjCkvtvnGFhqB5Ie21DK6OX |
|
30 |
-----END RSA PRIVATE KEY----- |
tests/data/sp7-saml2/metadata.xml | ||
---|---|---|
1 |
<?xml version="1.0"?> |
|
2 |
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" |
|
3 |
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" |
|
4 |
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" |
|
5 |
entityID="http://sp7/metadata"> |
|
6 |
<SPSSODescriptor |
|
7 |
AuthnRequestsSigned="true" |
|
8 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
9 | ||
10 |
<KeyDescriptor use="signing"> |
|
11 |
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> |
|
12 |
<ds:KeyValue>-----BEGIN PUBLIC KEY----- |
|
13 |
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN0uVeOaTMQjhFlwGv/yBiGOdHDwiHb3 |
|
14 |
BD+ALxLgfcd9LpbAePbKk4Tx/juoEEPT3guQD0zyg0IcqkXO/JxrPa0CAwEAAQ== |
|
15 |
-----END PUBLIC KEY-----</ds:KeyValue> |
|
16 |
</ds:KeyInfo> |
|
17 |
</KeyDescriptor> |
|
18 | ||
19 |
<SingleLogoutService |
|
20 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
21 |
Location="http://sp7/singleLogoutSOAP" /> |
|
22 |
<SingleLogoutService |
|
23 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
24 |
Location="http://sp7/singleLogout" |
|
25 |
ResponseLocation="http://sp7/singleLogoutReturn" /> |
|
26 |
<ManageNameIDService |
|
27 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
28 |
Location="http://sp7/manageNameIdSOAP" /> |
|
29 |
<ManageNameIDService |
|
30 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
31 |
Location="http://sp7/manageNameId" |
|
32 |
ResponseLocation="http://sp7/manageNameIdReturn" /> |
|
33 |
<AssertionConsumerService isDefault="true" index="0" |
|
34 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" |
|
35 |
Location="http://sp7/singleSignOnArtifact" /> |
|
36 |
<AssertionConsumerService index="1" |
|
37 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" |
|
38 |
Location="http://sp7/singleSignOnPost" /> |
|
39 |
<AssertionConsumerService index="2" |
|
40 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" |
|
41 |
Location="http://sp7/singleSignOnSOAP" /> |
|
42 |
</SPSSODescriptor> |
|
43 |
<Organization> |
|
44 |
<OrganizationName xml:lang="en">Lasso Test SP7</OrganizationName> |
|
45 |
</Organization> |
|
46 |
</EntityDescriptor> |
tests/data/sp7-saml2/password | ||
---|---|---|
1 |
geronimo |
tests/data/sp7-saml2/private-key.pem | ||
---|---|---|
1 |
-----BEGIN RSA PRIVATE KEY----- |
|
2 |
Proc-Type: 4,ENCRYPTED |
|
3 |
DEK-Info: AES-256-CBC,EF4EF473516D85011B23403600D01371 |
|
4 | ||
5 |
kwbLjFZ8SsSyhTosBKpU1N5hvh4INRpJkXmj8aNHppz75nyGTo/jar+FRD6LA0fX |
|
6 |
3dbXdcHveUHSFs9t2AADQfVAJUbZU0D3bN0horJljA+ymiZ22Fr421cdxqbd2+1U |
|
7 |
4ZmPKF+w/ALkal821a2+br/OP6V1mA4KH7/YScmSGKGKkl1TZ/5cV8bjwAQGJyck |
|
8 |
4e0loU9yrAkw3oua1bWAudl7suS62K0AQA3K5lmfUld3JNzO/TQq2qIcvJVU1hEi |
|
9 |
UtE8biPKjcNOdEcz98+hgsHd1+jBR4tazaaib92P3ga7IgAr+AGwoHd6wBh5q11+ |
|
10 |
1/cNTH8MC2AbQhhll4e9bo7A/RmorqvIUQ4/7b8lBzi8JbcgME3UOhBJqSzkgnTb |
|
11 |
emO3IOAQHLbcvel03MbiwS8nhKjdldNdj2NudHD8FPI= |
|
12 |
-----END RSA PRIVATE KEY----- |