summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2016-12-09 16:45:33 +0100
committerLeif Johansson <leifj@sunet.se>2016-12-09 16:45:33 +0100
commit69a138022ced0f75643ac27888fd6fe6e3499875 (patch)
tree997d36c503740ef9d4c756995fc1ff6b8251901c
parent3ad5ce5f81f34a5cc198d90c6ed873e0803cca52 (diff)
sign with sha256
-rw-r--r--swamid2016.mk2
-rw-r--r--xslt/sign-luna-sha256.xsl48
2 files changed, 49 insertions, 1 deletions
diff --git a/swamid2016.mk b/swamid2016.mk
index 905d8663..f1287495 100644
--- a/swamid2016.mk
+++ b/swamid2016.mk
@@ -1,6 +1,6 @@
SIGNER := xmlsign -k http://swamid-hsmproxy.docker:8000/swamid/swamid2 -c /opt/swamid-credentials/md-signer2.crt
DEST := /opt/published-metadata/mds.swamid.se
BASEURL:= http://mds.swamid.se/md
-SIGN := xslt/sign-luna.xsl
+SIGN := xslt/sign-luna-sha256.xsl
CERT := /opt/swamid-credentials/swamid-signer.crt
SITE := site/mds.swamid.se
diff --git a/xslt/sign-luna-sha256.xsl b/xslt/sign-luna-sha256.xsl
new file mode 100644
index 00000000..36da52e9
--- /dev/null
+++ b/xslt/sign-luna-sha256.xsl
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet version="1.0"
+ xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:exsl="http://exslt.org/common"
+ xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
+ extension-element-prefixes="exsl"
+ xmlns:shibmd="urn:mace:shibboleth:metadata:1.0">
+
+ <xsl:output method="xml" indent="yes" encoding="UTF-8"/>
+
+ <xsl:template match="/md:EntitiesDescriptor">
+ <md:EntitiesDescriptor>
+ <xsl:apply-templates select="@*|text()|comment()"/>
+ <ds:Signature>
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha256" />
+ <ds:Reference>
+ <xsl:attribute name="URI"><xsl:text>#</xsl:text><xsl:value-of select="@ID"/></xsl:attribute>
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />
+ <ds:DigestValue></ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue/>
+ </ds:Signature>
+ <xsl:apply-templates/>
+ </md:EntitiesDescriptor>
+ </xsl:template>
+
+ <xsl:template match="text()|comment()|@*">
+ <xsl:copy/>
+ </xsl:template>
+
+ <xsl:template match="*">
+ <xsl:copy>
+ <xsl:apply-templates select="node()|@*"/>
+ </xsl:copy>
+ </xsl:template>
+
+</xsl:stylesheet>