Merge STORK2 fakeIDL extension into development branch

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2015-01-23 12:21:56 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2015-01-23 12:21:56 +0100
commit: 349caa6f3b097117f6957f503c779d68a5283a06 (patch)
tree: 015fd4bd40b00c721d8659c2f65c54d682e10a01
parent: 2195b00332cc6cba95f9ebec67dfdb230ee600f8 (diff)
parent: 81f8e1dc93570ff15f122f1c30fe6cb90e3158f0 (diff)
download: moa-id-spss-349caa6f3b097117f6957f503c779d68a5283a06.tar.gz
moa-id-spss-349caa6f3b097117f6957f503c779d68a5283a06.tar.bz2
moa-id-spss-349caa6f3b097117f6957f503c779d68a5283a06.zip
7 files changed, 153 insertions, 17 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 5fb4d6be8..5d816be1b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -992,7 +992,13 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
             //resign IDL
 			IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
 			Element resignedilAssertion;
-			resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion());    				    				
+
+			AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+			if (config.isIdentityLinkResigning()) {
+				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey());
+			} else {
+				resignedilAssertion = businessServiceIdl.getSamlAssertion();
+			}
 			IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
 			IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink();
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index e2802c1d2..a5783bfb7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -106,7 +106,7 @@ public class IdentityLinkAssertionParser {
       + PDATA
       + "Person";
   /** Xpath expression to the PersonData GivenName element */      
-  private static final String PERSON_GIVEN_NAME_XPATH =
+  public static final String PERSON_GIVEN_NAME_XPATH =
     PERSON_XPATH
     	+ "/"
       + PDATA
@@ -114,7 +114,7 @@ public class IdentityLinkAssertionParser {
       + PDATA
       + "GivenName";
   /** Xpath expression to the PersonData FamilyName element */
-  private static final String PERSON_FAMILY_NAME_XPATH =
+  public static final String PERSON_FAMILY_NAME_XPATH =
     PERSON_XPATH
     	+ "/"
       + PDATA
@@ -122,7 +122,7 @@ public class IdentityLinkAssertionParser {
       + PDATA
       + "FamilyName";
   /** Xpath expression to the PersonData DateOfBirth element */
-  private static final String PERSON_DATE_OF_BIRTH_XPATH =
+  public static final String PERSON_DATE_OF_BIRTH_XPATH =
     PERSON_XPATH
     	+ "/"
       + PDATA
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 4cd192070..10d0ddbc4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -48,6 +48,8 @@ import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 import org.opensaml.saml2.core.StatusCode;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
@@ -55,6 +57,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.stork.STORKException;
 import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
@@ -64,9 +67,12 @@ import at.gv.egovernment.moa.id.moduls.ModulUtils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
 import at.gv.util.xsd.xmldsig.SignatureType;
 import at.gv.util.xsd.xmldsig.X509DataType;
 import eu.stork.oasisdss.api.ApiUtils;
@@ -360,14 +366,61 @@ public class PEPSConnectorServlet extends AuthServlet {
 	        	targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
 	        }
 			
-			Logger.debug("Starting connecting SZR Gateway");
-			//contact SZR Gateway
 			IdentityLink identityLink = null;
 			try {
-				identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
+				AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+				if(config.isStorkFakeIdLActive() && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) {
+					// create fake IdL
+					// - fetch IdL template from resources
+					InputStream s = PEPSConnectorServlet.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
+					Element idlTemplate = DOMUtils.parseXmlValidating(s);
+
+				    identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
+
+				    // replace data
+		            Element idlassertion = identityLink.getSamlAssertion();
+		            // - set bpk/wpbk;
+			        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+			        if(!STORKResponseProcessor.hasAttribute("eIdentifier", attributeList))
+			        	throw new STORKException("eIdentifier is missing");
+			        String eIdentifier = STORKResponseProcessor.getAttributeValue("eIdentifier", attributeList, false);
+			        prIdentification.getFirstChild().setNodeValue(eIdentifier);
+
+			        // - set last name
+			        Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+			        if(!STORKResponseProcessor.hasAttribute("surname", attributeList))
+			        	throw new STORKException("surname is missing");
+					String familyName = STORKResponseProcessor.getAttributeValue("surname", attributeList, false);
+					prFamilyName.getFirstChild().setNodeValue(familyName);
+
+			        // - set first name
+			        Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
+			        if(!STORKResponseProcessor.hasAttribute("givenName", attributeList))
+			        	throw new STORKException("givenName is missing");
+					String givenName = STORKResponseProcessor.getAttributeValue("givenName", attributeList, false);
+					prGivenName.getFirstChild().setNodeValue(givenName);
+
+			        // - set date of birth
+			        Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+			        if(!STORKResponseProcessor.hasAttribute("dateOfBirth", attributeList))
+			        	throw new STORKException("dateOfBirth is missing");
+					String dateOfBirth = STORKResponseProcessor.getAttributeValue("dateOfBirth", attributeList, false);
+					prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
+
+		            identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink();
+
+		            //resign IDL
+					IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+					Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), config.getStorkFakeIdLResigningKey());
+					identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
+				} else {
+					//contact SZR Gateway
+					Logger.debug("Starting connecting SZR Gateway");
+					identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
 																		  oaParam.getFriendlyName(), 
 																		  targetType, null, 
 																		  oaParam.getMandateProfiles(), citizenSignature);
+				}
 			} catch (STORKException e) {
 				// this is really nasty but we work against the system here. We are supposed to get the gender attribute from
 				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index 7113dcf70..ea1526ff0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -102,7 +102,7 @@ public class STORKResponseProcessor {
 	private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException {
 		return getAttributeValue(attributeName, attributeList, true);
 	}
-	private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList, boolean throwException) throws STORKException {
+	public static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList, boolean throwException) throws STORKException {
 		try {
 			String result = attributeList.get(attributeName).getValue().get(0);
 			Logger.trace(attributeName + " : " + result);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index dae5ffcef..2a016fa8b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -53,6 +53,7 @@ import java.io.IOException;
 import java.math.BigInteger;
 import java.net.MalformedURLException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
@@ -1007,6 +1008,39 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 		  return null;
   }
   
+  /**
+   * Checks if is fakeIdL is activated.
+   *
+   * @return true, if fake IdLs are available for stork
+   */
+  public boolean isStorkFakeIdLActive() {
+	  String prop = props.getProperty("stork.fakeIdL.active", "false");
+	  return Boolean.valueOf(prop);
+  }
+
+  /**
+   * Gets the countries which will receive a fake IdL
+   *
+   * @return the countries
+   */
+  public List<String> getStorkFakeIdLCountries() {
+	  String prop = props.getProperty("stork.fakeIdL.countries", "");
+	  return Arrays.asList(prop.replaceAll(" ", "").split(","));
+  }
+
+  /**
+   * Gets the resigning key (group) for the stork fake IdL.
+   *
+   * @return the resigning key
+   */
+  public String getStorkFakeIdLResigningKey() {
+	  String prop = props.getProperty("stork.fakeIdL.keygroup");
+	  if (MiscUtil.isNotEmpty(prop))
+		  return prop;
+	  else
+		  return null;
+  }
+
   public boolean isMonitoringActive() {
 	  String prop = props.getProperty("configuration.monitoring.active", "false");
 	  return Boolean.valueOf(prop);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
index 090bea486..520b81b17 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -71,13 +71,9 @@ public class IdentityLinkReSigner {
 		return instance;
 	}
 	
-	public Element resignIdentityLink(Element idl) throws MOAIDException {
+	public Element resignIdentityLink(Element idl, String keyGroupId) throws MOAIDException {
 		
 		try {
-			AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
-						
-			if (config.isIdentityLinkResigning()) {
-				
 				if (idl == null) {
 					Logger.warn("IdentityLink is empty");
 					return null;
@@ -91,7 +87,6 @@ public class IdentityLinkReSigner {
 				
 				SPSSFactory spssFac = SPSSFactory.getInstance();
 				
-				String keyGroupId = config.getIdentityLinkResigningKey();
 				if (MiscUtil.isEmpty(keyGroupId)) {
 					Logger.warn("No IdentityLink reSigning-Key definded");
 					throw new MOAIDException("config.19", new Object[]{});
@@ -166,9 +161,6 @@ public class IdentityLinkReSigner {
 			    	Logger.warn("Allgemeiner Fehler beim Aufruf von MOA-SS: Unbekannter ResponseType von MOA-SS");
 			    	throw new MOAIDException("builder.05", new Object[]{});
 			    }
-			    				
-			} else 
-				return idl;
 						
 		} catch (ConfigurationException e) {
 			Logger.warn("Configuration can not be loaded", e);
diff --git a/id/server/idserverlib/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml b/id/server/idserverlib/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml
new file mode 100644
index 000000000..09084a34f
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/xmldata/fakeIdL_IdL_template.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" IssueInstant="2012-08-22T11:07:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+	<saml:AttributeStatement>
+		<saml:Subject>
+			<saml:SubjectConfirmation>
+				<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+				<saml:SubjectConfirmationData>
+					<pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type></pr:Identification><pr:Name><pr:GivenName>XXXRúùd</pr:GivenName><pr:FamilyName primary="undefined">XXXVàn Nisteĺrooy</pr:FamilyName></pr:Name><pr:DateOfBirth>1969-02-13</pr:DateOfBirth></pr:Person>
+				</saml:SubjectConfirmationData>
+			</saml:SubjectConfirmation>
+		</saml:Subject>
+	<saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><ecdsa:ECDSAKeyValue><ecdsa:DomainParameters><ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/></ecdsa:DomainParameters><ecdsa:PublicKey><ecdsa:X Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" si:type="ecdsa:PrimeFieldElemType"/><ecdsa:Y Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" si:type="ecdsa:PrimeFieldElemType"/></ecdsa:PublicKey></ecdsa:ECDSAKeyValue></saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><dsig:RSAKeyValue><dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/
+t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm
+P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg
+gaM2EyuB1HxH8/+Mfqa4UgeqIH65</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></saml:AttributeValue></saml:Attribute></saml:AttributeStatement>
+	<dsig:Signature>
+		<dsig:SignedInfo>
+			<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+			<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+			<dsig:Reference URI="">
+				<dsig:Transforms>
+					<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+						<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>
+					</dsig:Transform>
+					<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+				</dsig:Transforms>
+				<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<dsig:DigestValue>KEQEPY2O3Z3IRaISSSoRZVPzsHE=</dsig:DigestValue>
+			</dsig:Reference>
+			<dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest">
+				<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<dsig:DigestValue>gzGhjH1kdmPcPbgen0xojNIoJLk=</dsig:DigestValue>
+			</dsig:Reference>
+		</dsig:SignedInfo>
+		<dsig:SignatureValue>
+    06wqWHgplwpu3N5HMhzb6QC5NkXMO1z4N4oc1L6eDqwZlvFJ9X1XGW//QqviKO9oog3il7IzdfJwnjygR4trgGCIqx+JYCDHJCrG9l8zlxlSW0ZqfsygGXthutcQ1aeUpfO6jYuhnWOUywa8BgzukRtWT+AOJBQZPRYTb8IBmey+uAwlhFLni94eMOd81l+efCvkWi3jRajwsG8ZOaNxSZT3aEV5vj+32Aqtx2MPEVzQWtIA7GqZi+EzcdSdHQvHhg7UB+8kqbU70ENAJbEMTANFZYvLOJ0Om9KfDtPf/+R2TvTc360fNo9RnPl04pHPhCIjcGZhFZorBpUhXFwd2Q==
+  </dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
+		<dsig:Object>
+			<dsig:Manifest Id="manifest">
+				<dsig:Reference URI="">
+					<dsig:Transforms>
+						<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+							<dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath>
+						</dsig:Transform>
+					</dsig:Transforms>
+					<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+					<dsig:DigestValue>8e7RjLnA4Mgltq5ruIJzheKGxu0=</dsig:DigestValue>
+				</dsig:Reference>
+			</dsig:Manifest>
+		</dsig:Object>
+	</dsig:Signature>
+</saml:Assertion>
+\ No newline at end of file
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2015-01-23 12:21:56 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2015-01-23 12:21:56 +0100
commit	349caa6f3b097117f6957f503c779d68a5283a06 (patch)
tree	015fd4bd40b00c721d8659c2f65c54d682e10a01
parent	2195b00332cc6cba95f9ebec67dfdb230ee600f8 (diff)
parent	81f8e1dc93570ff15f122f1c30fe6cb90e3158f0 (diff)
download	moa-id-spss-349caa6f3b097117f6957f503c779d68a5283a06.tar.gz moa-id-spss-349caa6f3b097117f6957f503c779d68a5283a06.tar.bz2 moa-id-spss-349caa6f3b097117f6957f503c779d68a5283a06.zip