diff options
author | Leif Johansson <leifj@sunet.se> | 2016-12-09 16:45:33 +0100 |
---|---|---|
committer | Leif Johansson <leifj@sunet.se> | 2016-12-09 16:45:33 +0100 |
commit | 69a138022ced0f75643ac27888fd6fe6e3499875 (patch) | |
tree | 997d36c503740ef9d4c756995fc1ff6b8251901c | |
parent | 3ad5ce5f81f34a5cc198d90c6ed873e0803cca52 (diff) |
sign with sha256
-rw-r--r-- | swamid2016.mk | 2 | ||||
-rw-r--r-- | xslt/sign-luna-sha256.xsl | 48 |
2 files changed, 49 insertions, 1 deletions
diff --git a/swamid2016.mk b/swamid2016.mk index 905d8663..f1287495 100644 --- a/swamid2016.mk +++ b/swamid2016.mk @@ -1,6 +1,6 @@ SIGNER := xmlsign -k http://swamid-hsmproxy.docker:8000/swamid/swamid2 -c /opt/swamid-credentials/md-signer2.crt DEST := /opt/published-metadata/mds.swamid.se BASEURL:= http://mds.swamid.se/md -SIGN := xslt/sign-luna.xsl +SIGN := xslt/sign-luna-sha256.xsl CERT := /opt/swamid-credentials/swamid-signer.crt SITE := site/mds.swamid.se diff --git a/xslt/sign-luna-sha256.xsl b/xslt/sign-luna-sha256.xsl new file mode 100644 index 00000000..36da52e9 --- /dev/null +++ b/xslt/sign-luna-sha256.xsl @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsl:stylesheet version="1.0" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:exsl="http://exslt.org/common" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="@*|text()|comment()"/> + <ds:Signature> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> + <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha256" /> + <ds:Reference> + <xsl:attribute name="URI"><xsl:text>#</xsl:text><xsl:value-of select="@ID"/></xsl:attribute> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" /> + <ds:DigestValue></ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue/> + </ds:Signature> + <xsl:apply-templates/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> |