diff options
| author | Leif Johansson <leifj@sunet.se> | 2011-12-01 12:16:18 +0100 |
|---|---|---|
| committer | Leif Johansson <leifj@sunet.se> | 2011-12-01 12:16:18 +0100 |
| commit | 690c114b5299bea7c6e047ee1f605750353aed09 (patch) | |
| tree | 5de88ea9607b9ad841839574bdb88fd55e184710 | |
| parent | eb58972e5c764b1b3f6c21319909f8220bbeccc5 (diff) | |
signature xsl
| -rw-r--r-- | Makefile | 10 | ||||
| -rw-r--r-- | xslt/sign.xsl | 50 |
2 files changed, 54 insertions, 6 deletions
@@ -23,13 +23,11 @@ MXML=$(shell echo *.mxml) sign: keys swamid nya nya-testing swamid-testing swamid-testing-idp upstream projects swamid-ki-sll %.sig: %.mxml - xsltproc $(XSLTDEFS) --xinclude $(TRANSFORM) $< > $*.tbs - #xsltproc $(XSLTDEFS) --xinclude xslt/swamid-sign.xsl $< > $*.tbs - samlsign -s -c $(CERT) -k $(KEY) -f $*.tbs > $@ - #xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --output $@ $*.tbs + xsltproc $(XSLTDEFS) --xinclude $(TRANSFORM) $< > $*.n + xsltproc $(XSLTDEFS) --xinclude xslt/sign.xsl $*.n > $*.tbs + xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --output $@ $*.tbs xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $@ - samlsign -c $(CERT) -f $@ - rm -f $*.tbs + rm -f $*.tbs $*.n %.pub: %.sig samlsign -c $(CERT) -f $< && xmllint --c14 $< > $(DEST)/$*.xml diff --git a/xslt/sign.xsl b/xslt/sign.xsl new file mode 100644 index 00000000..39c39f88 --- /dev/null +++ b/xslt/sign.xsl @@ -0,0 +1,50 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:exsl="http://exslt.org/common" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="@*|text()|comment()"/> + <ds:Signature> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> + <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> + <ds:Reference URI=""> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <ds:DigestValue></ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue/> + <ds:KeyInfo> + <ds:X509Data> + </ds:X509Data> + </ds:KeyInfo> + </ds:Signature> + <xsl:apply-templates/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> |