Skip to content

Commit 7548523

Browse files
mrvanesmrvanes
committed
Add tests
1 parent 6a2b609 commit 7548523

File tree

6 files changed

+236
-3
lines changed

6 files changed

+236
-3
lines changed

src/xmlsec/__init__.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -321,17 +321,18 @@ def _verify(t, keyspec, sig_path=".//{%s}Signature" % NS['ds'], drop_signature=F
321321
except ExtensionNotFound:
322322
pass
323323
else:
324+
log.debug("CA=true cert")
324325
# If this_cert a CA cert it is probably not the signing cert
325326
if bc.value.ca is True:
326327
# Find X509Certificate in signature that is child of the root element
327-
cert = t.find("/ds:Signature/ds:KeyInfo/ds:X509Data/ds:X509Certificate", namespaces=NS)
328+
cert = t.find(".//ds:Signature/ds:KeyInfo/ds:X509Data/ds:X509Certificate", namespaces=NS)
328329
if cert is not None:
329330
certspec = "-----BEGIN CERTIFICATE-----\n" + cert.text.strip() + "\n-----END CERTIFICATE-----"
330331
embedded_cert = load_pem_x509_certificate(certspec.encode())
331332
try:
332333
embedded_cert.verify_directly_issued_by(this_cert.key)
333334
except Exception:
334-
raise XMLSigException("Metadata certificate not signed by CA")
335+
pass
335336
else:
336337
this_cert.key = embedded_cert
337338

src/xmlsec/test/data/verify/ca-verify/in.xml

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
<?xml version="1.0" encoding="UTF-8" standalone="no"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" ID="idm140120993870624" entityID="https://engine.test.surfconext.nl/authentication/idp/metadata" validUntil="2023-07-18T06:46:01Z"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
2+
<ds:SignedInfo>
3+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
4+
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
5+
<ds:Reference URI="#idm140120993870624">
6+
<ds:Transforms>
7+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
8+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
9+
</ds:Transforms>
10+
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
11+
<ds:DigestValue>nFmEOBy0lWykN/Adeg92P15qmYqGf0+jr4vGhKmnkfw=</ds:DigestValue>
12+
</ds:Reference>
13+
</ds:SignedInfo>
14+
<ds:SignatureValue>
15+
ElClJWEtE4Lil/X8aIm/oQXlhbWpPm0LMraUTfxXA0f21i1KmfrkEkxWfhUTYeR4URoYgMqG0pXM
16+
u2HWKYexRth+oFSBZcnpYf37h5IqTBlwEwLMwU/v0vu8qRuiDPX61YtT/5zzSZXU0KTFBLq0f5+G
17+
RyFhLD7rUm96nJNswD4JRENhRao4ldfoKyk8POVsLEBbW0hRZ87/eXfiTLaP3y3amBcNCc6TNi1T
18+
XdnqXFEF54mhVWCWIv9Q3eAGIcyMouQy1edk4PIVnNj0Uov/DeitEJUTE6UC+L7oZNxthg4zT7vN
19+
wLXPp68vXKb7SyGy+xEu/91LcuVuNe5RHQCLCOCQFmEBkTjEVtijnKYrqb2pYUe4goXx+oG20lUZ
20+
tgDdSvpSXtiXREJS8PL1rDCIUwCXiND0ZB7ehXRhnTBmh8kpBjShjSfikWkAEWskcn/GD79bxUDF
21+
k4j3EKELGOT/9LdbedRQQFL4Mvn8BiJuOiGlwQvTpmRC/E2t2DPVSK1G
22+
</ds:SignatureValue>
23+
<ds:KeyInfo>
24+
<ds:KeyValue>
25+
<ds:RSAKeyValue>
26+
<ds:Modulus>
27+
tVo9TGMM2OuOlmvbXeM1GW+Vtu/nGwEYTWyGbLXlCD1erp8aDurRwiyYUcQuKQU0LHa4X4Yd/rOa
28+
8JvJo4SbNq3IkJAnT4k5fOtI6ooYVouWxV8hl+aNVOZmYKJlE/qO/p1I9HrdZf5GxSdBqiCrX9Lj
29+
4+0f86k6ank9HOlRcXIVOiwPBjiPcOVyCEhBovyFpQysjOvSNw5mwoqf65vLupCENKql4efJTTTr
30+
GcPFmKJAlz9CDxUFqT5CgtVRmLYr8Ci887zcUhnLr6d/bovt+4a3Y6ok8SuvGePLyepfirCT/o6Q
31+
12AWBPzbElWHs9721Uwf5euuMrwXyshiBxw3U6uWpCwkA4GEM43jTlNaEmW3LLm9JPqLKezBRpLJ
32+
WEYS29FfbV9F7vu418xrYT1FonDdF3ZR0tCTpUoDgX7T5/JHKmDTBdCGVXulfwFYH4+P+Ig5Nzip
33+
fRUXLRad5EmvBsyyG46pmF6RhiBLHulNoH6h0vVh7uKHXyh+64Q94WbL
34+
</ds:Modulus>
35+
<ds:Exponent>AQAB</ds:Exponent>
36+
</ds:RSAKeyValue>
37+
</ds:KeyValue>
38+
<ds:X509Data>
39+
<ds:X509Certificate>
40+
MIIFbjCCA1agAwIBAgIQagXJvtKqIRRO8zD41OktRjANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQG
41+
EwJOTDEQMA4GA1UEBwwHVXRyZWNodDEQMA4GA1UECAwHVXRyZWNodDESMBAGA1UECgwJU1VSRiBC
42+
LlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSAwHgYDVQQDDBdTVVJGY29uZXh0IENBIDIwMjMgVEVT
43+
VDAeFw0yMzA2MDcxMTQxNDRaFw0yNTA2MDYxMTQxNDRaMIGVMQswCQYDVQQGEwJOTDEQMA4GA1UE
44+
BwwHVXRyZWNodDEQMA4GA1UECAwHVXRyZWNodDESMBAGA1UECgwJU1VSRiBCLlYuMRMwEQYDVQQL
45+
DApTVVJGY29uZXh0MTkwNwYDVQQDDDBTVVJGY29uZXh0IHRlc3QgZW52aXJvbm1lbnQgbWV0YWRh
46+
dGEgc2lnbmVyIDIwMjMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC1Wj1MYwzY646W
47+
a9td4zUZb5W27+cbARhNbIZsteUIPV6unxoO6tHCLJhRxC4pBTQsdrhfhh3+s5rwm8mjhJs2rciQ
48+
kCdPiTl860jqihhWi5bFXyGX5o1U5mZgomUT+o7+nUj0et1l/kbFJ0GqIKtf0uPj7R/zqTpqeT0c
49+
6VFxchU6LA8GOI9w5XIISEGi/IWlDKyM69I3DmbCip/rm8u6kIQ0qqXh58lNNOsZw8WYokCXP0IP
50+
FQWpPkKC1VGYtivwKLzzvNxSGcuvp39ui+37hrdjqiTxK68Z48vJ6l+KsJP+jpDXYBYE/NsSVYez
51+
3vbVTB/l664yvBfKyGIHHDdTq5akLCQDgYQzjeNOU1oSZbcsub0k+osp7MFGkslYRhLb0V9tX0Xu
52+
+7jXzGthPUWicN0XdlHS0JOlSgOBftPn8kcqYNMF0IZVe6V/AVgfj4/4iDk3OKl9FRctFp3kSa8G
53+
zLIbjqmYXpGGIEse6U2gfqHS9WHu4odfKH7rhD3hZssCAwEAAaNSMFAwHQYDVR0OBBYEFNclSgPT
54+
rGp4QJQZGjFu6VEBTX4PMB8GA1UdIwQYMBaAFI5kmzwW92s2rRY2B5NNjSYI2oj1MA4GA1UdDwEB
55+
/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAORNL7FGBkeq6u/rmcNf+jZZz27vw86COPOiN6ygT
56+
yxaBq5fmJ4JZlDnlfO4C/4iek2QjKdgPlpvATGUUMXJdO6a7A3/vXNuoIGu3Ug9GW4vpTVPulaYZ
57+
edPHC8zBsxwRKwxpSTda7ubWDxH3vUxHz/zDOD2O71O6KFj6Ph8JXwa3TLH0xRN5CXa0UMKX0S+c
58+
k8MahCYnMtd99EBL/uOr0+D4q2HwxDRDpL4I9yRwyWxCafoR+6OfzO/vc/SGcjEk/9s0DrMKDkDT
59+
JlE9eZbaaWFFCkAkg3LHHLMYjykcTvjDEV75OohYcEC5/6uKHcB/ZQjHwkPBqv9pUF897yZ7sxS6
60+
6GEJmqqVIC+ayWRvC8N+UmvMGWAdohrY7r7CPeTE+iVHaeB7xGTSI9BhTEv3yMNHhqzqIOvgr8h5
61+
iCv7B5hQL+V7MRqD7e7X9uRR7wbyGmwT4p4VFbz5VqthCOFobsMxam9Axt+saebRyH6Mg3Ro9D5W
62+
gGoZmTP1yyiMrmEHQdf9+iblbfTbRW0irlaX5t58fWB1u4QZqcamlhVcl65Fub0g+QkSyGDMD9G5
63+
7z3CKOluNy6TxFZOxMynY6CEtaozDaiETm7NaNC1lkhi+SOHKRX5+q0KqJdnEC7GOX69hSDsCT90
64+
5dpVnr8JgFKoUfXWSmbwTMj45190dw7RMzk=
65+
</ds:X509Certificate>
66+
</ds:X509Data>
67+
</ds:KeyInfo>
68+
</ds:Signature><md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:Extensions><mdui:UIInfo><mdui:DisplayName xml:lang="nl">SURFconext TEST</mdui:DisplayName><mdui:DisplayName xml:lang="en">SURFconext TEST</mdui:DisplayName><mdui:Description xml:lang="nl">SURFconext TEST</mdui:Description><mdui:Description xml:lang="en">SURFconext TEST</mdui:Description><mdui:Logo height="160" width="200">https://static.surfconext.nl/media/idp/surfconext.png</mdui:Logo><mdui:Keywords xml:lang="en">SURFconext engine</mdui:Keywords><mdui:Keywords xml:lang="nl">SURFconext engine</mdui:Keywords></mdui:UIInfo></md:Extensions><md:KeyDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" use="signing"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIE7TCCA1WgAwIBAgIJANrbxA3xAUIIMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDESMBAGA1UECgwJU1VSRiBCLlYuMRgwFgYDVQQLDA9TVVJGY29uZXh0IFRFU1QxKzApBgNVBAMMImVuZ2luZS50ZXN0LnN1cmZjb25leHQubmwgMjAyMzA0MDMwHhcNMjMwNDAzMTI1ODA0WhcNMjgwNDAyMTI1ODA0WjCBjDELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxEjAQBgNVBAoMCVNVUkYgQi5WLjEYMBYGA1UECwwPU1VSRmNvbmV4dCBURVNUMSswKQYDVQQDDCJlbmdpbmUudGVzdC5zdXJmY29uZXh0Lm5sIDIwMjMwNDAzMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAx+vZHDla/MMnksJjWfKwXXl7cmW9sEaavn3xNEGa9qjxA5GZXwQjSIrKwB9LLZLIPQIjyIzUJDl1oUrx3TYEg8wjYGs/PhavVLdlpJTqPHoSGKpHBQBoAqaN3hT9ahFkD3RyamLOWX0o4lOnManIuWMhdQe5qVbQehlbpKLbsLIApYryE2aTICQ0KxB1aobbudaslujYXuqAC8SZaP+lbZ7Pa9NkLI03UDk8wO5ZpCA/vad/6/QTfMqPrXM8xho8YjIXgUDSPbyyi8R0I6vDlk1asH2e8ujmregrSBu02reQLft4Drr1xBWLc7y23mFcixjEa1fynWcVvshfVJe2Syk+1Mak3TuAW2+/i6n8GcQejH5UgVBRpOi/XE9Gw37ImD4sld2kDnztsoqF1+LGTciolPJiB1mja6Ew9NRKy1y3waM3ZTKZyHg+GKZumtmTw+4dC72MnH8lkiB8iYInPB5jvUK/c14rDmOzaGWJavjLnxy8UXuKCJJUOMz0JxWlAgMBAAGjUDBOMB0GA1UdDgQWBBQC4qy6CHN6ndJyqycDbZYtOrjESDAfBgNVHSMEGDAWgBQC4qy6CHN6ndJyqycDbZYtOrjESDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBgQAvrqfrfeY4J+wpSaaGHD53Z7X8SZx0jyHUbszYrKlAgxNO8bo0zbbCSkaJ/DJx7XmY2e1Po3u/qrYa3PQSlC31iQCF+8StLtGFdRLPAabl8OS5YqvOyHF0LHqhnJGkIgWIadkwlez4O4fA1X7JDk3K9oz/thR5xsJY31yCFxIWSaQVEW8j1vKcb0jK7ig7JHa7APvZNQY2A9Y06YhFEeNCu8MjmTHtY3Khko3PrsTIzXcUxWCztjvCmv4y7Jzhn4WzRKpRRskzaU6fZ6lty6Fk5L5u0PTfDQ8YNzgxfniIjdkeBLxSmvvoL6BhhDhwlHoSGekmDnyVh0n9qUKp5uBNsdy6LsQF6KJ1jNEN0raMOf3FS1bt0SWPTpZoXEEM6ao6TlfndvDX2zKzUdhE82QpNXThHZXrF6w3lgMyUugcxlvC2OwsJzmYH8fSU+xxSO8TrwDd9unmy+4hGfF3Gm7Oj+AI+6czR7VWtqz1dcV1sfi/fc9EVUD15XCiPD38F9s=
69+
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://engine.test.surfconext.nl/authentication/idp/single-sign-on/key:20230403"/></md:IDPSSODescriptor><md:Organization><md:OrganizationName xml:lang="en">SURF BV</md:OrganizationName><md:OrganizationDisplayName xml:lang="en">SURF</md:OrganizationDisplayName><md:OrganizationURL xml:lang="en">http://www.surf.nl</md:OrganizationURL></md:Organization><md:ContactPerson contactType="administrative"><md:GivenName>SURFconext support</md:GivenName><md:EmailAddress>mailto:[email protected]</md:EmailAddress></md:ContactPerson><md:ContactPerson contactType="technical"><md:GivenName>SURFconext support</md:GivenName><md:EmailAddress>mailto:[email protected]</md:EmailAddress></md:ContactPerson><md:ContactPerson contactType="support"><md:GivenName>SURFconext support</md:GivenName><md:EmailAddress>mailto:[email protected]</md:EmailAddress></md:ContactPerson></md:EntityDescriptor>

src/xmlsec/test/data/verify/ca-verify/signer.crt

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIF6TCCA9GgAwIBAgIUZkAtAMq3MoAsv04NiueceOX/1FQwDQYJKoZIhvcNAQEL
3+
BQAwfDELMAkGA1UEBhMCTkwxEDAOBgNVBAcMB1V0cmVjaHQxEDAOBgNVBAgMB1V0
4+
cmVjaHQxEjAQBgNVBAoMCVNVUkYgQi5WLjETMBEGA1UECwwKU1VSRmNvbmV4dDEg
5+
MB4GA1UEAwwXU1VSRmNvbmV4dCBDQSAyMDIzIFRFU1QwHhcNMjMwNjA3MTEzODQz
6+
WhcNNDMwNjAyMTEzODQzWjB8MQswCQYDVQQGEwJOTDEQMA4GA1UEBwwHVXRyZWNo
7+
dDEQMA4GA1UECAwHVXRyZWNodDESMBAGA1UECgwJU1VSRiBCLlYuMRMwEQYDVQQL
8+
DApTVVJGY29uZXh0MSAwHgYDVQQDDBdTVVJGY29uZXh0IENBIDIwMjMgVEVTVDCC
9+
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOOGems+UP/l7x2m7z3jvLJ3
10+
TR4zFjmBxNVbuWQULbYZT+Bo24e6w05L3hzrI2detAKkvwvCGnmy13WBV2K8JTtC
11+
8an9VT/naXvRT/rmV3J5ptR8soVjbfEoUce1eIqrUeU88ZRDB3S50g5xPnzFagEH
12+
qabPl9S8ddb24mmMlteIhoXlLuYcj9bLR198Oph3atzAyPzuyvtzXes0+yaz7zRV
13+
WmJYP3rnF/ALmoz88RcqmdWsMOcoyQFWK1I/XyXCTCLLCCRG79BIvz7K4utBbSUV
14+
Qnwiyr+zivOJc0uMFxDPEdGj0dBUrNtopnS9trNiynMb6z/xXDYuL0NAJ4f0V+Oy
15+
16k5ZTkMkZow+XdUIuwQTOU1DiLKQb8P2nG9FCeEKtTLKiNjtAfkuliAWHvifk+G
16+
x8IgX0QuLx+tV0j9lU2Vw3b6YzeOddfhPq82sZ6K6Xfjm/VhsH0aE1A7RDHmP3oT
17+
L72fYNIqgEmUzCCqUu5mGUde7A6KcSlh0iLwKVBj2daX+N0mj1A3yzXzJGKrl3mP
18+
v/f8fj7YkOK2bH23pe/aDYNXLBONzCb1Y1BkUDB48Yaesw5ezN1dMsPuQY1ivj8T
19+
ZSRQX3iyXiXjiOtNbspEluzdC8fAuTMGgPvcf0xyI7SnEY3Sgs1hBecEkUj6OaFC
20+
NVH/NGFW1LK+oyT07p1JAgMBAAGjYzBhMB0GA1UdDgQWBBSOZJs8FvdrNq0WNgeT
21+
TY0mCNqI9TAfBgNVHSMEGDAWgBSOZJs8FvdrNq0WNgeTTY0mCNqI9TAPBgNVHRMB
22+
Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAHt1I
23+
ZMLlGndRgo3c5v2IrhjpEDz0FbfKQnF4hDbXFgVny1dA+WoIvbP3RwNLhpHXe4SI
24+
m0d/+hvMtY7UYbnbe8PRRgERGHhJZFQapqyJp2OB3srRAjGPX+h57ZBnwdysx5i7
25+
Fq84pKFUk8++nEaWoYjURP8Z4zVNXkJR/Ej04UZaRgBKFoVBFjAU/30uD4GFINXY
26+
iTmBX5jQSjTvDis4h6UVJf7se1tujdEqcR4+jEAS91tdj8cN71Kt3MctrA22neXP
27+
bi109WX0Ri165HOXtWnnsU2bWbo1nKMArXRrWq07s2DNkR3Rnvpy6KysJwPhUFL1
28+
5VXnzAZUdnVB+n4WmmS0fHU+0K6ePPW2I1mwHBIXydRsYTVxRgQN0qpar5HGXnkf
29+
5iMsVi8V1QzEjMw8eqHBoioL8g1MgWUDC0xjXM3PJ55S/9vYMMdwZGTKD2C877kl
30+
O/0dal2y8e5+KNBUKGgHUQpq1+15x1xSbAL12yr9uRQdo3uCbjDygeQ3PyxVHT67
31+
38kC3ZCtz8ZjJNKeLLWh01iMeBBX9rscI0e0EGlsWpeui5b92B0zjmNevysCC8rM
32+
7Zqugf4rYCKFqmYCXob1rtIZSjRiDOTDXtebHhzXqnZJevvlvxsj3VLX7KhPAqia
33+
VjOtlDwDx+S8XC4yv2j926yoXonHpIg1uswWVLE=
34+
-----END CERTIFICATE-----

src/xmlsec/test/data/verify/ca-xml/in.xml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
<?xml version="1.0"?>
2+
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="http://idp.l/saml/saml2/idp/metadata.php" ID="_c7dd5a7662f57b999c88d730f8ec1bd315131b97a3d9d3ebdd985c4b158eebea"><ds:Signature>
3+
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
4+
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
5+
<ds:Reference URI="#_c7dd5a7662f57b999c88d730f8ec1bd315131b97a3d9d3ebdd985c4b158eebea"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>at5rx450yGfOMVLgwBHQCQqBrIsWC5dDtfcVebP64wM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>ssfd7Ey9P2DeSbDv6hlv8QshreycJP0amXZ29+IgcaE4kT6s8jBIMid1rAVlqMSgTwJHWWAAq7KJkFHxv/EitCYPVzcoXMBspG/EZGtoMawTI1FoJi0lY7TAu7iugR8IdbUDN+5hp7Z3e4ZuR5d/imjpqEpMJHhorKfzBa2QX3XLZFl1u78tUOsTfwMtdgUF7SkPSYVtClo9U4ew7Q+uc5pz/qpoXKng+qjt47H8d4XOMb3VIOSrSvTWrAg9v0bim51g7GFJ20YUbhZVKS9Q6WMchu6feKHW7i//RbYFCrb2JMdZQ7Jl1HvTPo97Z4YL2RXQ7oaVt0G3B2g+hhp+bOoOYbi0Pk8DQPE80y3SUSltUkSuTXEBSiSWx6cT1d+LvvG2w+8auiNvLoCaDZD8lSHPqrNDEp5v7vJgVKzRmtZzSFR8NE/4j5FUfhGwpugF4GLwe1gjKTxzlhluuEaISi0Tg0zxVLkgdJDUy1b3CbmL7wubIhX9g6lFYl6PGpgk</ds:SignatureValue>
6+
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEczCCAtugAwIBAgIUEW26i37QMELeoYEvHNSdG7hXJo8wDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCTkwxDzANBgNVBAoMBnNlcnZlcjEPMA0GA1UEAwwGc2VydmVyMRowGAYJKoZIhvcNAQkBFgtpbmZvQHNlcnZlcjAeFw0yMzA3MDQxNDI2MDJaFw0zMzA3MDExNDI2MDJaMEsxCzAJBgNVBAYTAk5MMQ8wDQYDVQQKDAZzZXJ2ZXIxDzANBgNVBAMMBnNlcnZlcjEaMBgGCSqGSIb3DQEJARYLaW5mb0BzZXJ2ZXIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC1/jNjnP1otOkSiLu/zNn+78lr4HkEL0eLosW796ScN3rGx/Dz9OFSxpOK6dE5dimQKzPpjIb0hdYVgHlw1gId0CM2kq1+oCtszntk9E5ERi/N/34ZBUNWtYcbB6wgNb+cv56YFkbC3dVntX9GqDS1MkKHJkdTPUjpIhFN1h8dAtxCBRSHT5jzoJpAJJxNJqlnhvObiiMkQy4Gzy2wHpaSh6tX0nJmMBd6MdqnyKbq6p12Laml5yfFFkN7QkdnEzprjUQ9IMNkQRoEzsNbYcw9Edwuo1TQzr4kUdSciqbfrhtvGCwK31AWfRfdai5hjVYhFGnm8xleX/Mv2MMWkcII5s2Umum7Wo7Mr+Pq2Cn/95AlagG0EaVn119YYIdJWLgQjzvoFBNANy4QbHJYQCzxlytb7oHxPuuVLjyEKlYnhN0nRgBjaaS0nknRfq6kHuuyqvvEoqyrvm9Ihjy/u63T/7KtF3n0nbF0jp79vfDdFKJlAcn4oK38thzqCeNa7oUCAwEAAaNPME0wGwYDVR0RBBQwEoIGc2VydmVygggqLnNlcnZlcjAPBgNVHRMECDAGAQH/AgEAMB0GA1UdDgQWBBRqTmwEI+qB17U+WiOVOvgnmwdzdzANBgkqhkiG9w0BAQsFAAOCAYEAJMVeW/JQFyBzOgK6TFKPvHn+SmNq9d53jNWtfb/YwHM+cDBFVA5OC4X0ZN+5ktzgnMWKnlwJOYdXoFOJOb2ADk5P9TM2shbrfQ3L3dYNIUsX2OXBqYvmP7WvA0mf58+MjniE7tcTJfLRD3mX9gPK0e5xpy2zoZYN/xJ6Ga+DVu+I1ZiMVzXlzDJdK+Ow+N37bRBBfqT0oBv3yLSppo+6y0lKC3pFEpsUZ/l1GKnC56t+WgliiaMJR1bDZJFhbh6etOlXKTvz3JsPcJleNoZN2a/o1TmBQkgn88Wvi7oGl7KNYcwgDHvHh8KcFWI6y6+vqYb6vBQ2UKL2RFb8a27Exj8+SE2vR/HuqLIOZbQ1cdoL3sC2BVhwkdHDhj86bdBFadgQVr2auxG1mUYXzrEaZMtOIxMvWxQBDx+zLpMvnSq6rXgOVdhrr/xJpGPKDYcesitLDI9czDW+aGZXV2Adl58HNUVLr0h2gcHFYZ+KNMTrbruuBS/E4yIgwG6mN4bQ</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
7+
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
8+
<md:KeyDescriptor use="signing">
9+
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
10+
<ds:X509Data>
11+
<ds:X509Certificate>MIIEczCCAtugAwIBAgIUEW26i37QMELeoYEvHNSdG7hXJo8wDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCTkwxDzANBgNVBAoMBnNlcnZlcjEPMA0GA1UEAwwGc2VydmVyMRowGAYJKoZIhvcNAQkBFgtpbmZvQHNlcnZlcjAeFw0yMzA3MDQxNDI2MDJaFw0zMzA3MDExNDI2MDJaMEsxCzAJBgNVBAYTAk5MMQ8wDQYDVQQKDAZzZXJ2ZXIxDzANBgNVBAMMBnNlcnZlcjEaMBgGCSqGSIb3DQEJARYLaW5mb0BzZXJ2ZXIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC1/jNjnP1otOkSiLu/zNn+78lr4HkEL0eLosW796ScN3rGx/Dz9OFSxpOK6dE5dimQKzPpjIb0hdYVgHlw1gId0CM2kq1+oCtszntk9E5ERi/N/34ZBUNWtYcbB6wgNb+cv56YFkbC3dVntX9GqDS1MkKHJkdTPUjpIhFN1h8dAtxCBRSHT5jzoJpAJJxNJqlnhvObiiMkQy4Gzy2wHpaSh6tX0nJmMBd6MdqnyKbq6p12Laml5yfFFkN7QkdnEzprjUQ9IMNkQRoEzsNbYcw9Edwuo1TQzr4kUdSciqbfrhtvGCwK31AWfRfdai5hjVYhFGnm8xleX/Mv2MMWkcII5s2Umum7Wo7Mr+Pq2Cn/95AlagG0EaVn119YYIdJWLgQjzvoFBNANy4QbHJYQCzxlytb7oHxPuuVLjyEKlYnhN0nRgBjaaS0nknRfq6kHuuyqvvEoqyrvm9Ihjy/u63T/7KtF3n0nbF0jp79vfDdFKJlAcn4oK38thzqCeNa7oUCAwEAAaNPME0wGwYDVR0RBBQwEoIGc2VydmVygggqLnNlcnZlcjAPBgNVHRMECDAGAQH/AgEAMB0GA1UdDgQWBBRqTmwEI+qB17U+WiOVOvgnmwdzdzANBgkqhkiG9w0BAQsFAAOCAYEAJMVeW/JQFyBzOgK6TFKPvHn+SmNq9d53jNWtfb/YwHM+cDBFVA5OC4X0ZN+5ktzgnMWKnlwJOYdXoFOJOb2ADk5P9TM2shbrfQ3L3dYNIUsX2OXBqYvmP7WvA0mf58+MjniE7tcTJfLRD3mX9gPK0e5xpy2zoZYN/xJ6Ga+DVu+I1ZiMVzXlzDJdK+Ow+N37bRBBfqT0oBv3yLSppo+6y0lKC3pFEpsUZ/l1GKnC56t+WgliiaMJR1bDZJFhbh6etOlXKTvz3JsPcJleNoZN2a/o1TmBQkgn88Wvi7oGl7KNYcwgDHvHh8KcFWI6y6+vqYb6vBQ2UKL2RFb8a27Exj8+SE2vR/HuqLIOZbQ1cdoL3sC2BVhwkdHDhj86bdBFadgQVr2auxG1mUYXzrEaZMtOIxMvWxQBDx+zLpMvnSq6rXgOVdhrr/xJpGPKDYcesitLDI9czDW+aGZXV2Adl58HNUVLr0h2gcHFYZ+KNMTrbruuBS/E4yIgwG6mN4bQ</ds:X509Certificate>
12+
</ds:X509Data>
13+
</ds:KeyInfo>
14+
</md:KeyDescriptor>
15+
<md:KeyDescriptor use="encryption">
16+
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
17+
<ds:X509Data>
18+
<ds:X509Certificate>MIIEczCCAtugAwIBAgIUEW26i37QMELeoYEvHNSdG7hXJo8wDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCTkwxDzANBgNVBAoMBnNlcnZlcjEPMA0GA1UEAwwGc2VydmVyMRowGAYJKoZIhvcNAQkBFgtpbmZvQHNlcnZlcjAeFw0yMzA3MDQxNDI2MDJaFw0zMzA3MDExNDI2MDJaMEsxCzAJBgNVBAYTAk5MMQ8wDQYDVQQKDAZzZXJ2ZXIxDzANBgNVBAMMBnNlcnZlcjEaMBgGCSqGSIb3DQEJARYLaW5mb0BzZXJ2ZXIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC1/jNjnP1otOkSiLu/zNn+78lr4HkEL0eLosW796ScN3rGx/Dz9OFSxpOK6dE5dimQKzPpjIb0hdYVgHlw1gId0CM2kq1+oCtszntk9E5ERi/N/34ZBUNWtYcbB6wgNb+cv56YFkbC3dVntX9GqDS1MkKHJkdTPUjpIhFN1h8dAtxCBRSHT5jzoJpAJJxNJqlnhvObiiMkQy4Gzy2wHpaSh6tX0nJmMBd6MdqnyKbq6p12Laml5yfFFkN7QkdnEzprjUQ9IMNkQRoEzsNbYcw9Edwuo1TQzr4kUdSciqbfrhtvGCwK31AWfRfdai5hjVYhFGnm8xleX/Mv2MMWkcII5s2Umum7Wo7Mr+Pq2Cn/95AlagG0EaVn119YYIdJWLgQjzvoFBNANy4QbHJYQCzxlytb7oHxPuuVLjyEKlYnhN0nRgBjaaS0nknRfq6kHuuyqvvEoqyrvm9Ihjy/u63T/7KtF3n0nbF0jp79vfDdFKJlAcn4oK38thzqCeNa7oUCAwEAAaNPME0wGwYDVR0RBBQwEoIGc2VydmVygggqLnNlcnZlcjAPBgNVHRMECDAGAQH/AgEAMB0GA1UdDgQWBBRqTmwEI+qB17U+WiOVOvgnmwdzdzANBgkqhkiG9w0BAQsFAAOCAYEAJMVeW/JQFyBzOgK6TFKPvHn+SmNq9d53jNWtfb/YwHM+cDBFVA5OC4X0ZN+5ktzgnMWKnlwJOYdXoFOJOb2ADk5P9TM2shbrfQ3L3dYNIUsX2OXBqYvmP7WvA0mf58+MjniE7tcTJfLRD3mX9gPK0e5xpy2zoZYN/xJ6Ga+DVu+I1ZiMVzXlzDJdK+Ow+N37bRBBfqT0oBv3yLSppo+6y0lKC3pFEpsUZ/l1GKnC56t+WgliiaMJR1bDZJFhbh6etOlXKTvz3JsPcJleNoZN2a/o1TmBQkgn88Wvi7oGl7KNYcwgDHvHh8KcFWI6y6+vqYb6vBQ2UKL2RFb8a27Exj8+SE2vR/HuqLIOZbQ1cdoL3sC2BVhwkdHDhj86bdBFadgQVr2auxG1mUYXzrEaZMtOIxMvWxQBDx+zLpMvnSq6rXgOVdhrr/xJpGPKDYcesitLDI9czDW+aGZXV2Adl58HNUVLr0h2gcHFYZ+KNMTrbruuBS/E4yIgwG6mN4bQ</ds:X509Certificate>
19+
</ds:X509Data>
20+
</ds:KeyInfo>
21+
</md:KeyDescriptor>
22+
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://idp.l/saml/saml2/idp/SingleLogoutService.php"/>
23+
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
24+
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://idp.l/saml/saml2/idp/SSOService.php"/>
25+
</md:IDPSSODescriptor>
26+
<md:ContactPerson contactType="technical">
27+
<md:GivenName>Administrator</md:GivenName>
28+
<md:EmailAddress>mailto:[email protected]</md:EmailAddress>
29+
</md:ContactPerson>
30+
</md:EntityDescriptor>

0 commit comments

Comments
 (0)