• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• SAMLRaider-master
  • src
    • main
      • resources
        • examples
          • private_key_pkcs8_p4ssw0rd.pem
          • private_key_rsa.der
          • private_key_pkcs8.der
          • private_key_pkcs8.pem
          • certificate.pem
          • public_key.pem
          • private_key_rsa.pem
          • private_key_pkcs8_p4ssw0rd.der
          • example.org_chain.pem
          • public_key.der
      • java
        • burp
          • BurpExtender.java
        • application
          • BurpCertificateBuilder.java
          • CertificateTabController.java
          • SAMLHighlighter.java
          • SamlTabController.java
        • helpers
          • Flags.java
          • X509KeySelector.java
          • CertificateHelper.java
          • HTTPHelpers.java
          • XSWHelpers.java
          • diff_match_patch.java
          • FileHelper.java
          • XMLHelpers.java
        • gui
          • SignatureHelpWindow.java
          • SamlPanelAction.java
          • SamlMain.java
          • SamlPanelInfo.java
          • CertificateTab.java
          • ImagePanel.java
          • XSWHelpWindow.java
        • model
          • ObjectIdentifier.java
          • BurpCertificateExtension.java
          • BurpCertificate.java
          • BurpCertificateStore.java
    • test
      • resources
        • samlwin_pkcs8.key
        • private_key.pem
        • hsr_chain.pem
        • private_key_pkcs8.pem
        • samlwin.pem
        • hsr.pem
      • java
        • application
          • CertificateGui.java
          • CloneCertificateTest.java
          • ImportReadExportCertificateTest.java
          • CloneCertificateChainTest.java
          • FakeBurpCertificateBuilder.java
          • CreateCertificateTest.java
          • ImportCertificateChainTest.java
          • CertificateStoreTest.java
          • XMLHelpersTest.java
          • HTTPHelpersTest.java
  • pom.xml
  • BappDescription.html
  • LICENSE
  • lib
    • .gitkeep
  • README.md
  • scripts
    • samltest
      • saml_response.xml
      • saml_response
      • xxe_test
      • saml_request
      • samltest
      • saml_request.xml
      • xxe_test.xml
    • certificates
      • saml.crt
      • ca.crt
      • saml.p12.pem
      • makecert
      • ca.srl
      • saml.p12
      • saml.csr
      • ca.key
      • saml.key
  • BappManifest.bmf
  • .gitignore
  • .project
  • .classpath
  • doc
    • cloned.cert
    • original.cert

package application;

import static org.junit.Assert.assertEquals;
import helpers.XMLHelpers;
import helpers.XSWHelpers;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;

import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;

import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

public class XMLHelpersTest {

	XMLHelpers xmlHelpers = new XMLHelpers();
	XSWHelpers xswHelpers = new XSWHelpers();
	
	private String message = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>");
	
	private String messageWithoutSig = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>");

	private String messageWithLineReturns = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer>\n      <samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>");
	
	private String messageTwoAssertions = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>");
	
	private String messageInvalid = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/><ds:DigestValue>L4vRkr4u/KZEn+Tf+xa9oJyZpT8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>QISWFHiNDwkmNcryuJ9/uwmpjR9QTOkKqGHlKW9TO0tJHw1piP27bKPfwAh0NfI1yh95YIASScMytnX65M61nJ5PgJfBkSywqUXwoePCCBUS4cH3ykE2DXij4Kzb2ljxJrHQxJTKLSb2I91D5Y6yD0v5cG3nvgLKUeYeElLAqLHgr10uVrown5167U/DiRT4GtSgzq2ClOtHllUf3cutlM74m3js30JYkPPPYQF06I/CWiek8CjXkCb0WjirV6rRE9CZfMBaAy8Vns5D6fgPCf/3eeUrnK7b/zvLsx4B7gtNULOqV8naqr1BLX0hs1TYfRwg+gP4TzuKnuzDBoMhpw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIC5DCCAcygAwIBAgIQPSAUMBu4DLhLwPdKY1ftaTANBgkqhkiG9w0BAQUFADAbMRkwFwYDVQQDExBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MDkwM1oXDTE2MDIyNTAwMDAwMFowGzEZMBcGA1UEAxMQU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALM5pVag9po8XFVqfq4hM2KRek95dV0Nsz/XRWHPmn4nNZOYEQrrL2RTBegnnMsOi78j4qbHb77Uc7EmSnUqh1tT2aT5ma1EFhcHH9cGkrs9+2eJW4/zKGae1qMmJI0WLS/i3jXO8WSxxXHI1esuwHNl+HNEBzXjBEDDxt98P+xKb/HVWJJz3KB3Y+0UVpKxKH1jOYQ7KbU43skuJDCeuawFZ7U8B0onrqXLdCMGKrU1P3ODl28cupCEKyNXzd2W880m5o2pg0nxPEY8P8PM1quajXipBc19iJdpjd0qo/8oc9Q4oKr4In2JdNQWzGvdwPzn4+R/lT457zYxIXrI3r0CAwEAAaMkMCIwCwYDVR0PBAQDAgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQCpCmFlFeyGxEgLv+7KGCohplch7ESfThJJDhq448c1MQJt3V/f7tkJM8Rc2U0uUOL3aL33u7ne2fFlFlfqltPaT+ZztF1DppV0454GuS5uA2E+tKFZhE1NdXJz8XR0VsDItNhpxmSohesu3FVYVRqLPllKOLcQOFMJpEMxM+/AUG0yKWHUV2+lhsnQZ+jFkptI6hjmjmxsXAteSIz8ppknv2pOO+1OZjS57P46nQHn7TKkNzn6HEX1GYhUILDRA0SdxZtstv4OrEoSZi5XNRq3Qih+cL/KQALXkXGi3CFi7flvYodTQDGaZJAKHjftzeJsBM46QSL9t9T7Bpnnc7J9</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnStatement></Assertion></samlp:Response>");
	
	private String messageSimpleSAMLphpWithSig = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Response ID=\"_dfbd7abd-9428-43f0-8007-3f86b6319521\" Version=\"2.0\" IssueInstant=\"2015-04-29T07:51:02.830Z\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" InResponseTo=\"_0ce536c6d1bb7221ba1bbf149099ddb65da778e863\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\" /></samlp:Status><Assertion ID=\"_8cdb6454-ae3f-45ae-bab4-364a8fb0d6c6\" IssueInstant=\"2015-04-29T07:51:02.830Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\" /><ds:Reference URI=\"#_8cdb6454-ae3f-45ae-bab4-364a8fb0d6c6\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><ds:DigestValue>l/VEXpFdIX8JD/wuzx9I8do/ealANYUJutHFa7IPbhE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>J7IkwePDBioYKGEVl866P+CKauhTny/4Kf1mjuzs2buXwCs6y/l7P3F4UzwNJHWFPwfax+YXsAO8dDWzOdb6oHs5w5zSXD+AKJBglaLnsJKVWmE+lHub+Y1ZPP4PK8OT95x3e4eX+xqL5YGeneFLCgOdzLegvgUNFghR/IX6Qh5esFUDSjWP5kzThPw2Yu83zkP3XkeYHpAV4e8IIOdIeZZvHCt88N+wcJt9sH59Pt8erKHnkq6/RVNwwa6IcHnqXAI4QQtbYcXCKo5al7IFrBEeeRScz3OaKhCbzu9GCkcPFiwsCABiewwlee5Mt7SYddNSq0Qvcuv3FF0zlIEKpA==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_0ce536c6d1bb7221ba1bbf149099ddb65da778e863\" NotOnOrAfter=\"2015-04-29T07:56:02.830Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" /></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-29T07:51:02.828Z\" NotOnOrAfter=\"2015-04-29T08:51:02.828Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-29T07:51:02.787Z\" SessionIndex=\"_8cdb6454-ae3f-45ae-bab4-364a8fb0d6c6\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>");
	
	private String messageEncrypted = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_c91ef060-b295-4fed-8e0c-5a7e9e691844\" InResponseTo=\"_b5212c48765a47e75887782eb94966fb\" IssueInstant=\"2015-05-14T06:40:53.445Z\" Version=\"2.0\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><EncryptedAssertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><xenc:EncryptedData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" Type=\"http://www.w3.org/2001/04/xmlenc#Element\"><xenc:EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"/><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><e:EncryptedKey xmlns:e=\"http://www.w3.org/2001/04/xmlenc#\"><e:EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/></e:EncryptionMethod><KeyInfo><ds:X509Data xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509IssuerSerial><ds:X509IssuerName>CN=signing samlwin.saml.lan</ds:X509IssuerName><ds:X509SerialNumber>16194691477482540397</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></KeyInfo><e:CipherData><e:CipherValue>ShP1bI35N39Fkskz4CE/oNCGRQnmB3M59fRpU2VaXT0DVPJxPdxqFBbrO77DnRMRHTNH46a3m7ryWCE8vxUcBk3Q+rfOjM+BbHzIPk0wOBQHPoVflIFmj18fX73uzpCPhIBUtdcu4I19vzN02P6Ed/Mhl+y9VQAhFHaA5F+vUdrdbJRtq3Oqb6Qu2G6Xtge1S+BJhLgoOTyyOzp3asrkbVQhTb/fFuPl6e/xjMdO0yOUic6W6j/LF3hDZGtiEQK/YyPvt4FPeC7hdes8fuvcEDHMHMQcwgQND/YBIEK0Ig+yde7iJKnOxzuCjHfu4ZLWAMzrzsj62CHY8fISsAV8Lw==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo><xenc:CipherData><xenc:CipherValue>fBoTiF9Lc9tkcy43t0eiR3ADtfmVgXWYTycWV6xgZbLu6V7TEuaDr/1Yn5ORGRPzKahulApJhcXv8ysmiM1OAdUXVz+tv0GPr71A0ymP/kBm8YyA+ea1KyHpJebAUdMzRJ4K3utea3XflZ2dsMwjIxUybxHSk6b/Qv3qbUvBnxZ2IsfrKrbN2Hk3/xNVPowD3s3J9+2Jf6j5E878GWm9nrWocIPqWb/uDfcn+1qH+vUCBK5Zbqx9FZg9erON2hXL8qpttv5bv48G2rrAVOl8x3S5kH/HNjtKApmyKXeMLBgNjMMDcbEyamuQt2QBMlivFZNGc9DcxyUCU07eCzM8aQ4MtdHFv50OESETQxG8I7otmUunnaEDt/nNLghYcw88CwgsBlPznytWfkla7ejPt8Hd1ub5b6qfstpWe7iXWBHeROYuLHub3Y1kYhWnFH2IZCISocezp08KbF8c5kwz6DmQ44ZnS/0pR57cA/gZVMsDe6owDTc2ix52IYi6Ae+mPqX52PB4/i904DvCUX4FPBR1+cuC+4gnMJhrMFqNVEdX+xddQ5Rz5jFSxQSAmnfc+TDx/O/X7Oi2uunKPnx6VNdCIF1aAzCmemcAE2bJk3bEMigyb+o08oR9CQpwAcOOXogJjYRTuGjZ9EIfnHIwkyVil+HOnTixRQ7mhjLD/gLaxSztY57E5n7faN5CZMDiZPneUSwxNK8cGlo2RMujIFJMOfA4IhVLC9AMmhS261YTN4d1u1a53qtmMvUW3OEBn1dtOBcxTocrvXs9VlOwWWQB8zOUTDj1K2SU6VSST9PrxGean57lxeTXd6pWJXXqDqgDOQbSavvUMk0dcEYYJs9NMa4nIlX/674yyfNeQNo3FX81KZ6rNEhyYumB6nV3WPyuPZ2IzcmO2Rrz3jFYpY7q7/p3QCZLjOrMI2XahaVi7JE1F7Xof32zTgraM0zwTd2cjRzvyrIfTlRJB2I5LJdkZT/9RnW5DtozqOHp0QbcZWd7ThgTrjbKnmvKwM2c07b5onurjqimS3bLvUy0Jb1yzjosGKWiMMpo5AesRBKHzZy/6M5rW/murJFKghBWE6WYJEOx36ubYrmAngru2IsbRxOy2VWfK6ZP9BVqz3920ukunAGYjCphgD/xYbZFtaYQPEV/Ra5nOXCHOQjfnMgNIpZKOnKzZi3wFObsuokdng3upU1KVsaG7ymEzinJj8Ly5fph8KSZS0b9D+0RSVI24P9aiOHiRfSH976u/JEV/8Om/Dqcf074GjuqZQhglzc8sMRX1oguGJGbX6Xn5p4N7yjOQeXEATHxajwVfIcMuPEpHcgQhh+V1w9rNTQxfw5uZQN/r42uHrFXtkdbCWF2nYLzSLfSVQXUScjiDgDlh48ykzTeJBR6A0gSK7LylbnU7Uyv4ldvQz1lrMc3Zg0r5JQcAIP8iRSSm6f2KkNKACXQmC5seKlkU3ORPBgB9iwxKsbjpvvkk9o2s7hah0r1+BozskWvd650llJInD59edvJUC2YsndRwNmwDkLEMgIQhDMdBrXh+E0QGEvNitkRsggyo6zzJuASBArU62sTfAIXh9z3z8WCaO8mxSwWJZrLmfe/6ozW6UKP46cgzdyk51Y92RvOp73BN7WdyG6tfi4awZOQWQesfdJw7NqgpgxJksBb7z0PLcjVVxNHsbH6oVxvFjCycxCiKTSdVjbnAWD1/QzCANTvcXp9gs01JRlLLoeZrB24O4Y6610aaR/msiAHkvaIPmbmD15snSpTk6E9eY2mOLqlQvEoEmXulj8bEE/5rGXYL9HTAVSo7aDckCpo/yJNsKt0+hR6WWQqlielE20EtIhSRLN27tJ3lYsddcQ/0JeHIQg4MeseaavxyzwhLadnWFjbO84rQEIXHTkb9QZO7T2wfi9Ii1orGn0FHnKlEjxxfFyEDjHVNywP/ZJOQXzk+JEnfwXallnUXErTHrDJn6vAl+WHEQ+hVyiAD+rhfzclm4U0+G7QJl2/0KCDohUj3gtI7tCx03kRiyq8d3sxIk2KogNkRyN3PRQSal2pMoE1lzsiBgdVivTjo6HxtwGVjfk2inXKgeREXM8+RXexyCvklcvQ0DIGm2NGLiVkhHzJNl08B6abHntcWkq3fi8qII8dJ2aya5BTTANlAJr+3zEgG+3jPWPOJs3qABsJqshDG0A6s/zcDvOGbNV2nSA3BGmurLfJz1wnNTHyKxK0Tq1kWtrMeOxuHZHiirrLalzIUHYaTjwf7d01viW6wPvjJErOCjcNmSW/WcIxpXGTsOikmuPDS0pmw0/scQ3NZ+tOaA5Pwlw7Fj/o49l050beOLeXQaq2jNPti0n7XZHDu9a8ma3SwqrwAfnisQMn/wCeI6n30a5T/iyApAOrPcPrnfBCd0JTDiBzeIqcaLHeiPIPmLAjka4WNfVukoHYNF3HHkjX8kbMrJEmyubSNKKokfEDYt/lp3ISvEW2AMrFrnVzAYazefFhWwQMgKrQisW/XjUIx8rf92xEiTMHT0PSOQ9qIg0Y4QZlbdOcc/SR45UOyN/wqCbO8coN1XAsLA3C4R2bouTBKtJ6UuYzOT4RCLlWTU7kV3BxMr1qTV0kobRXXotPq/kczrj9VZptpOKsU8wqXfFRtPmRH0TBAY6kbxbn9eEEOBthPfBpd0vGwjtltndNajNmtXJkb55lQvZtXN7C5p3IFRDfRpR88rE9LgHx3pSvuniqJk7maHYcW3NGTqeRv8GBrZpcDpIOv0jIr6+VpclIS38K/RPiHnG6QyDVXMbFlp7yCfB6Cu/wt38vljsdE8EOSsZBEqdlBZHdDjYNvdbE7pkT4nmmXrPb98aNtwFmAhH3sefqCsM8FWxJRpBSGWIAOkC2yNPVXe1uwDwtf/YJjoNwebbK6ZUVGDNArQbwFfcEbXPfA8MlwvQwGvXueUrIGLvz7pIQSgxWxdr5atitPOAtzjkueT4+BYSELrkHQrhd2+9VTAlajFdLCFN2/8Lv/waXs2m+DS7DBRaMDHdzi8Wq/ZydmsiTpRxVLBf4Cm33C+xGMt3A1WiCYU36QmlstepOe2KhBmVrFzCjOMgeEb/kcapMt9jjEsXFsi4BOusSN1Hh4UCgtu5ej5p+4En8DbyVmz0DvkWY7XWpMDGFEdIb0BjrM/prkLhEE7OJDMIizsa2Et53jcYudOqdQVXEuF7xxPXLwrwWkElU7jB73B4ZzQaJPLD52vEYAw3G9OpSROTmSZ8eq1D2ve/zHk56mW4rBgfCXZyqS7Z5/Vu+XYyaRXvB3JbhXei0SCKcgZXLBdNMdq6Kf2shgZW+XFSOXKGldITJ+z2iCxEO4y24u4fpRvq4ij58apIMsXtoJCkOwEa7d3M2EeiyD8AEPfkPb6s9dRKa+hwWwx7ZsQzx/hJH5dCCswU0rsB26vCMwUsJbeb6uyOi9ank0vM7C0XjZx48LgFykZkfEnNVCVQfwJLPg5HEZnxRpck9fSHGh9WCEWg0YLjAQHUjmiOY0gnv3rsaf1rh161tkC0r2m11YRJpqDXo49NPigRHMCY/m+y+N22L0rkfFeH+xo2MLmt5zkKZp/n6vCSU05vsK4gNjLB3CjG/3XQbm68w6wU9oneWzwIXjV0ZFA+EeyN0Ak2BlOnolbnAl0Pxobi+iPoUE7p5Q0W0sXCnhDkBSpiO5jNXRtnGESc1+5Fxu+N05qwVhfbstSU0WA5FV8dnfr5RVTL84HYYLvDYkGoJ2LGWA0e6nzRe2tnPAaF6rBBeEcNmb+3ue3MQc/kvVSsV2CJ3Kz0AjDJ2AR2gP+5WlXJth9k3ag87c4vIQQPkhrhycwpBOHLucd6dUfn8BWMtXf/JFoY2VjJc2krkF8cTtUUilrAi3nEVv55j6BymCnZdv+VfL8Vj/5ujnlYFXmvPxj+vPnmJIGLwyJdxzeqHevF868QjjBpXnyQkzK3ZXUoDYKQkTZPQhZMAuS5SiBwlK5IBUYY6QXIC6p9+eBfJzfA7DTb5irM6hRaGohHCudWpjAmuHHR/34x+Jv5Ay2mot/CaBsgdLpKpnXDx2Fh6BT17g0CBlsF7FTtxXq7Gec0IqDOUIyNgdylgcSeT8wr+IAzWB87eThCNVR5fu+WHNZcuP2YgXsyUQTPLCUDi6n/Ljj9SKIR8rc/3sNZGp4b+BJ/L7R5z7iKRr51OYqYG/+ioNlzEDXvSwnboGe7mfp0CLcx+dPBVGpou97ADkZqzUtaTf5bI3bCStD2vu6L0ZX9U9c3k3n5JQ7xXB1GACDft8ELE8RehxXq5dLAokCXjR7KELDk1re0GuKlGp4aefNjCTlbJ70YpwZHseJyh6fJfP6xUi5i/WyNBt2zCFiH/6NAgWA89ZtPjJxJfymnTIMdG/uyRujoIM8dkpZ2PZ5ZHOSoK4FYphDIvKn5pIxmoXYGJWI94wnCaNtwDIjC3xUvGWoQzC0HgVGFumM6/NGFsk9a1gPxLpquXps4aNIdpfzP3euaTBabHvfRNr4+YFQ1E1w5ctODJ2iyG237tMYJqdm7SeCuVHZeZnkJMqXT1m8C9QfSUcorLZz6o9T5K0M+Lvg4JZ0lxuepCZgcACALxTFYLMuEela97ipWFGm32t2kRToqlJ62PFIPNtlNlEWnjPkxV9IA/JridpZbT1xqjhsqQQ8rtchq2eAhQQdJlwT3nnZsZA+a/xsL52rirDpdNH6RYmMMY44qAN9hAMG6/6FrJIb+D6Vvy0mBHUJiP6zXCfKVAdlviW1mLkuRDsncy0+19OUvQVgxkIlg+EvKMPV0s7UF3ujLwvzwnjxda+/RjZEwyUyNcdX/+AJgGPAeVfilO/e0XCuBDznPSGdN5kSGb</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></EncryptedAssertion></samlp:Response>");
	
	private String messageSignedResponse = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" ID=\"_170ee00b-9058-4818-b964-947a7d1c9675\" InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" IssueInstant=\"2015-05-15T16:26:03.447Z\" Version=\"2.0\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_170ee00b-9058-4818-b964-947a7d1c9675\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>CwbbeV6mb8vJblqaOwQ53liVWEXFQGubZQsQURUulqA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>YEb3//IWOT5yyksFjyKQI1pOD6bAFm/f/5G2B3flIW92spmWIAaNCt+V1CLm/VILLpcLU71iFKQJ cDMLeXr5iJN4QYlLNAjTsKQEWvRZvjK57IxTidfXU0GFWTAnLKSwZ0g/A5Ch3D18Nv3r1wlMBrk2 hiP8NsRgJscb/di3eHeFsuqNZiUfpDNwPhW5QO8RN0A6HmhKVnlaFFSRS6RwUnQAmJ6pxC0dlO20 +0G3N/E6uvhd/1J/YT/6lFM3MFNjwwvnL1CzTUjXZr6OOebeZZYkm6eWRM0kqo7mIqyD7TT0Yq+6 e9Yhf/z7ICKJEKzPoyTdth/UOte0ZqkO4M4vxA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\" IssueInstant=\"2015-05-15T16:26:03.446Z\" Version=\"2.0\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>89ahTmFWAyz+C0Px+UMwzB9zhhR4WbEoJTxWaKbtCVI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pBXikXVt2hXjlDQr+yZl13tGq5d+joR4J5eiNAmorcSjFZ07bAap6RReU6iHR4I+fFfB0POZRstZ CjKqFfZnlIt/RLUiNotMsy0GcaUKCAtqXp6DN/Bov1LwYb3nDQHH4fO9FSCpGj1jXA+iFmkrbNVr 6DUHZcvkdkl9VC4TJx0YoisS39jAmtsVJrVjLkQ5qprhAzZuGWPX3eF3McrzkDfDixth2I6q7NF9 sfcBXhJu+YINIMXuhn9CF2wCOnQkHTHKwY4gv6KKZ7Ht4h9hsVYJllfwMDQEFBAGGkGTvSQtlus6 gfPqYB3yd5Rt12Jy67s4FYsPGOw8h7ow7mxakQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" NotOnOrAfter=\"2015-05-15T16:31:03.447Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-05-15T16:26:03.444Z\" NotOnOrAfter=\"2015-05-15T17:26:03.444Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Domänen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-05-15T16:17:15.028Z\" SessionIndex=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>");
	
	private String messageExampleSalesforce = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response ID=\"_257f9d9e9fa14962c0803903a6ccad931245264310738\" IssueInstant=\"2009-06-17T18:45:10.738Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><saml:Issuer Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">https://www.salesforce.com</saml:Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><saml:Assertion ID=\"_3c39bc0fe7b13769cab2f6f45eba801b1245264310738\" IssueInstant=\"2009-06-17T18:45:10.738Z\" Version=\"2.0\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:Issuer Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">https://www.salesforce.com</saml:Issuer><saml:Signature xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:SignedInfo><saml:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><saml:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/><saml:Reference URI=\"#_3c39bc0fe7b13769cab2f6f45eba801b1245264310738\"><saml:Transforms><saml:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><saml:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"><InclusiveNamespaces PrefixList=\"ds saml xs\"/></saml:Transform></saml:Transforms><saml:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/><saml:DigestValue>vzR9Hfp8d16576tEDeq/zhpmLoo=</saml:DigestValue></saml:Reference></saml:SignedInfo><saml:SignatureValue>AzID5hhJeJlG2llUDvZswNUrlrPtR7S37QYH2W+Un1n8c6kTC Xr/lihEKPcA2PZt86eBntFBVDWTRlh/W3yUgGOqQBJMFOVbhK M/CbLHbBUVT5TcxIqvsNvIFdjIGNkf1W0SBqRKZOJ6tzxCcLo 9dXqAyAUkqDpX5+AyltwrdCPNmncUM4dtRPjI05CL1rRaGeyX 3kkqOL8p0vjm0fazU5tCAJLbYuYgU1LivPSahWNcpvRSlCI4e Pn2oiVDyrcc4et12inPMTc2lGIWWWWJyHOPSiXRSkEAIwQVjf Qm5cpli44Pv8FCrdGWpEE0yXsPBvDkM9jIzwCYGG2fKaLBag==</saml:SignatureValue><saml:KeyInfo><saml:X509Data><saml:X509Certificate>MIIEATCCAumgAwIBAgIBBTANBgkqhkiG9w0BAQ0FADCBgzELM [Certificate truncated for readability...]</saml:X509Certificate></saml:X509Data></saml:KeyInfo></saml:Signature><saml:Subject xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">[email protected]</saml:NameID><saml:SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><saml:SubjectConfirmationData NotOnOrAfter=\"2009-06-17T18:50:10.738Z\" Recipient=\"https://login.www.salesforce.com\"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore=\"2009-06-17T18:45:10.738Z\" NotOnOrAfter=\"2009-06-17T18:50:10.738Z\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:AudienceRestriction><saml:Audience>https://saml.salesforce.com</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant=\"2009-06-17T18:45:10.738Z\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:Attribute Name=\"portal_id\"><saml:AttributeValue>060D00000000\nSHZ</saml:AttributeValue></saml:Attribute><saml:Attribute Name=\"organization_id\"><saml:AttributeValue>00DD0000000F7L5</saml:AttributeValue></saml:Attribute><saml:Attribute Name=\"ssostartpage\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified\"><saml:AttributeValue>http://www.salesforce.com/security/saml/saml20-gen.jsp</saml:AttributeValue></saml:Attribute><saml:Attribute Name=\"logouturl\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml:AttributeValue>http://www.salesforce.com/security/del_auth/SsoLogoutPage.html</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>");

	
	@Before
	public void setUp() throws Exception {
	}

	@After
	public void tearDown() throws Exception {
	}

	@Test
	public void testGetSignature() throws SAXException {
		
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		NodeList nl = xmlHelpers.getSignatures(document);
		assertEquals(1, nl.getLength());
	}
	
	@Test 
	public void testRemoveSignature() throws SAXException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		assertEquals(1, xmlHelpers.removeAllSignatures(document));
		assert(messageWithoutSig.equals(xmlHelpers.getStringOfDocument(document, 0, false)));
		assertEquals(messageWithoutSig, xmlHelpers.getStringOfDocument(document, 0, false));
	}
	
	@Test
	public void testEncoding() throws SAXException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		String message = xmlHelpers.getStringOfDocument(document, 0, false);
		assertEquals(true, message.contains("�"));
	}
	
	@Test
	public void testGetStringOfDocumentAndGetXMLDocument() throws SAXException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		String mess = xmlHelpers.getStringOfDocument(document, 2, true);
		Document document2 = xmlHelpers.getXMLDocumentOfSAMLMessage(mess);
		assertEquals(message, xmlHelpers.getStringOfDocument(document2, 0, false));
	}
	
	@Test(expected=SAXException.class)
	public void testGetXMLDocumentInvalid() throws SAXException{
		//deactivate ErrorStream because an error should be displayed
		PrintStream original = System.err;
	    System.setErr(new PrintStream(new OutputStream() {
	                public void write(int b) {
	                }
	            }));
	    xmlHelpers.getXMLDocumentOfSAMLMessage(messageInvalid);
	    System.setOut(original);
	}
	
	@Test
	public void testGetIssuer() throws SAXException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		assertEquals(true, xmlHelpers.getIssuer(document).equals("http://SAMLWIN.saml.lan/adfs/services/trust"));
	}
	
	@Test
	public void testGetAssertions() throws SAXException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		NodeList nl = xmlHelpers.getAssertions(document);
		assertEquals(1, nl.getLength());
		
		Document document2 = xmlHelpers.getXMLDocumentOfSAMLMessage(messageTwoAssertions);
		NodeList nl2 = xmlHelpers.getAssertions(document2);
		assertEquals(2, nl2.getLength());
	}

	@Test
	public void testSignXMLWithoutValidAlgorithm() throws SAXException, CertificateException, FileNotFoundException, NoSuchAlgorithmException, InvalidKeySpecException, MarshalException, XMLSignatureException, IOException{
    		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageWithoutSig);
    		Element assertion = (Element) xmlHelpers.getAssertions(document).item(0);
    		xmlHelpers.signAssertion(document, xmlHelpers.getSignatureAlgorithm(assertion), xmlHelpers.getDigestAlgorithm(assertion),loadTestCert(), loadTestKey());
	}
	
	@Test
	public void testValidateSignature() throws Exception{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageWithoutSig);
		Element assertion = (Element) xmlHelpers.getAssertions(document).item(0);
		xmlHelpers.signAssertion(document, xmlHelpers.getSignatureAlgorithm(assertion), xmlHelpers.getDigestAlgorithm(assertion),loadTestCert(), loadTestKey());
		assertEquals(true, xmlHelpers.validateSignature(document));
	}
	
	@Test
	public void testValidateSignatureFromString() throws Exception{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageWithoutSig);
		Element assertion = (Element) xmlHelpers.getAssertions(document).item(0);
		xmlHelpers.signAssertion(document, xmlHelpers.getSignatureAlgorithm(assertion), xmlHelpers.getDigestAlgorithm(assertion),loadTestCert(), loadTestKey());
		String str = xmlHelpers.getString(document);
		Document document2 = xmlHelpers.getXMLDocumentOfSAMLMessage(str);
		xmlHelpers.setIDAttribute(document2);
		assertEquals(true, xmlHelpers.validateSignature(document2));
	}
	
	@Test
	public void testReplaceWithCanonicalization() throws Exception{
		Document documentInit = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSimpleSAMLphpWithSig);
		String SAMLMessage = xmlHelpers.getStringOfDocument(documentInit, 2, true);
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(SAMLMessage);
		xmlHelpers.removeAllSignatures(document);
		xmlHelpers.removeEmptyTags(document);
		String string = null;
		
		string = xmlHelpers.getString(document);
		
		Document documentCanon = xmlHelpers.getXMLDocumentOfSAMLMessage(string);
		Element assertion = (Element) xmlHelpers.getAssertions(documentCanon).item(0);
		xmlHelpers.signAssertion(documentCanon, xmlHelpers.getSignatureAlgorithm(assertion), xmlHelpers.getDigestAlgorithm(assertion),loadTestCert(), loadTestKey());
		String signed = xmlHelpers.getString(documentCanon);
		Document documentSigned = xmlHelpers.getXMLDocumentOfSAMLMessage(signed);
		xmlHelpers.setIDAttribute(documentSigned);

		assertEquals(true, xmlHelpers.validateSignature(documentSigned));
	}
	
	@Test
	public void testSignResponse() throws Exception{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageWithoutSig);
		xmlHelpers.signMessage(document, "", "",loadTestCert(), loadTestKey());
		assertEquals(true, xmlHelpers.validateSignature(document));
	}
	
	@Test
	public void testSignMessageWithAssertionSignature() throws Exception{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		NodeList responses = xmlHelpers.getResponse(document);
		String signAlgorithm = xmlHelpers.getSignatureAlgorithm(responses.item(0));
		String digestAlgorithm = xmlHelpers.getDigestAlgorithm(responses.item(0));
		xmlHelpers.removeOnlyMessageSignature(document);
		xmlHelpers.signMessage(document, signAlgorithm, digestAlgorithm,loadTestCert(), loadTestKey());
		assertEquals(true, xmlHelpers.validateSignature(document));
	}

	@Test
	public void testSignMessageWithLineReturns() throws Exception{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageWithLineReturns);
		xmlHelpers.signMessage(document, "", "",loadTestCert(), loadTestKey());
		assertEquals(true, xmlHelpers.validateSignature(document));
	}
	
	@Test
	public void testEncryptedAssertions() throws SAXException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageEncrypted);
		NodeList nl = xmlHelpers.getEncryptedAssertions(document);
		assertEquals(1, nl.getLength());
	}
	
	@Test
	public void testGetSigningAlgorithm() throws SAXException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		Element assertion = (Element) xmlHelpers.getAssertions(document).item(0);
		assertEquals("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", xmlHelpers.getSignatureAlgorithm(assertion));
	}
	
	@Test
	public void testGetDigestAlgorithm() throws SAXException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		Element assertion = (Element) xmlHelpers.getAssertions(document).item(0);
		assertEquals("http://www.w3.org/2001/04/xmlenc#sha256", xmlHelpers.getDigestAlgorithm(assertion));
	}
	
	@Test
	public void testGetEncryptionMethod() throws SAXException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageEncrypted);
		Element assertion = (Element) xmlHelpers.getEncryptedAssertions(document).item(0);
		assertEquals("http://www.w3.org/2001/04/xmlenc#aes256-cbc", xmlHelpers.getEncryptionMethod(assertion));
	}
	
	@Test
	public void testGetEncryptionMethodNotEncrypted() throws SAXException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		NodeList nl = xmlHelpers.getAssertions(document);
		assertEquals("no encryption", xmlHelpers.getEncryptionMethod(nl.item(0)));
	}
	
	@Test
	public void testGetCertificateOfAssertion() throws SAXException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		Element assertion = (Element) xmlHelpers.getAssertions(document).item(0);
		String expected = ("MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==");
		assertEquals(expected, xmlHelpers.getCertificate(assertion));
	}
	
	@Test
	public void testGetCertificateOfResponse() throws SAXException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSignedResponse);
		String expected = ("MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=");
		assertEquals(expected, xmlHelpers.getCertificate(document.getDocumentElement()));
	}
	
	@Test
	public void testRemoveOnlyMessageSignature() throws SAXException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSignedResponse);
		xmlHelpers.removeOnlyMessageSignature(document);
		assertEquals(1, xmlHelpers.getSignatures(document).getLength());
	}
	
	@Test
	public void testXSW() throws SAXException, ParserConfigurationException, TransformerException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSignedResponse);
		Element response = (Element) document.getElementsByTagNameNS("*", "Response").item(0);
		Element assertion = (Element) response.getElementsByTagNameNS("*", "Assertion").item(0);
		DocumentBuilderFactory documentBuilderFactory = xmlHelpers.getDBF();
		DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
		Document newDoc = documentBuilder.newDocument();
		Element newRootResponse = (Element) newDoc.importNode(response, false);
		Element newAssertion = (Element) newDoc.importNode(assertion, true);
		newRootResponse.setAttribute("ID", "_evil_response_ID");
		newDoc.appendChild(newRootResponse);
		newDoc.adoptNode(response);
		Element clonedAssertion = (Element) newAssertion.cloneNode(true);
		clonedAssertion.setAttribute("ID", "_evil_Assertion_ID");
		newRootResponse.appendChild(response);
		newRootResponse.appendChild(clonedAssertion);
		Element newClonedSignature = (Element) clonedAssertion.getElementsByTagNameNS("*", "Signature").item(0);
		clonedAssertion.removeChild(newClonedSignature);
	}
	
	@Test
	public void testXSW5() throws SAXException, ParserConfigurationException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		xswHelpers.applyXSW("XSW5", document);
		assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_evil_assertion_ID\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false));
	}
	
	@Test
	public void testXSW6() throws SAXException, ParserConfigurationException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		xswHelpers.applyXSW("XSW6", document);
		assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_evil_assertion_ID\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false));
	}
	
	@Test
	public void testXSW7() throws SAXException, ParserConfigurationException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		xswHelpers.applyXSW("XSW7", document);
		assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Extensions><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></Extensions><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false));
	}
	
	@Test
	public void testXSW8() throws SAXException, ParserConfigurationException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		xswHelpers.applyXSW("XSW8", document);
		assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo><Object><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></Object></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false));
	}
	
	@Test
	public void testXSW3() throws SAXException, ParserConfigurationException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		xswHelpers.applyXSW("XSW3", document);
		assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_evil_assertion_ID\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false));
	}
	
	@Test
	public void testXSW4() throws SAXException, ParserConfigurationException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message);
		xswHelpers.applyXSW("XSW4", document);
		assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_evil_assertion_ID\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false));
	}
	
	@Test
	public void testXSW2() throws SAXException, ParserConfigurationException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSignedResponse);
		xswHelpers.applyXSW("XSW2", document);
		assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" ID=\"_evil_response_ID\" InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" IssueInstant=\"2015-05-15T16:26:03.447Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" ID=\"_170ee00b-9058-4818-b964-947a7d1c9675\" InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" IssueInstant=\"2015-05-15T16:26:03.447Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\" IssueInstant=\"2015-05-15T16:26:03.446Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>89ahTmFWAyz+C0Px+UMwzB9zhhR4WbEoJTxWaKbtCVI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pBXikXVt2hXjlDQr+yZl13tGq5d+joR4J5eiNAmorcSjFZ07bAap6RReU6iHR4I+fFfB0POZRstZ CjKqFfZnlIt/RLUiNotMsy0GcaUKCAtqXp6DN/Bov1LwYb3nDQHH4fO9FSCpGj1jXA+iFmkrbNVr 6DUHZcvkdkl9VC4TJx0YoisS39jAmtsVJrVjLkQ5qprhAzZuGWPX3eF3McrzkDfDixth2I6q7NF9 sfcBXhJu+YINIMXuhn9CF2wCOnQkHTHKwY4gv6KKZ7Ht4h9hsVYJllfwMDQEFBAGGkGTvSQtlus6 gfPqYB3yd5Rt12Jy67s4FYsPGOw8h7ow7mxakQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" NotOnOrAfter=\"2015-05-15T16:31:03.447Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-05-15T16:26:03.444Z\" NotOnOrAfter=\"2015-05-15T17:26:03.444Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Domänen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-05-15T16:17:15.028Z\" SessionIndex=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_170ee00b-9058-4818-b964-947a7d1c9675\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>CwbbeV6mb8vJblqaOwQ53liVWEXFQGubZQsQURUulqA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>YEb3//IWOT5yyksFjyKQI1pOD6bAFm/f/5G2B3flIW92spmWIAaNCt+V1CLm/VILLpcLU71iFKQJ cDMLeXr5iJN4QYlLNAjTsKQEWvRZvjK57IxTidfXU0GFWTAnLKSwZ0g/A5Ch3D18Nv3r1wlMBrk2 hiP8NsRgJscb/di3eHeFsuqNZiUfpDNwPhW5QO8RN0A6HmhKVnlaFFSRS6RwUnQAmJ6pxC0dlO20 +0G3N/E6uvhd/1J/YT/6lFM3MFNjwwvnL1CzTUjXZr6OOebeZZYkm6eWRM0kqo7mIqyD7TT0Yq+6 e9Yhf/z7ICKJEKzPoyTdth/UOte0ZqkO4M4vxA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\" IssueInstant=\"2015-05-15T16:26:03.446Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>89ahTmFWAyz+C0Px+UMwzB9zhhR4WbEoJTxWaKbtCVI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pBXikXVt2hXjlDQr+yZl13tGq5d+joR4J5eiNAmorcSjFZ07bAap6RReU6iHR4I+fFfB0POZRstZ CjKqFfZnlIt/RLUiNotMsy0GcaUKCAtqXp6DN/Bov1LwYb3nDQHH4fO9FSCpGj1jXA+iFmkrbNVr 6DUHZcvkdkl9VC4TJx0YoisS39jAmtsVJrVjLkQ5qprhAzZuGWPX3eF3McrzkDfDixth2I6q7NF9 sfcBXhJu+YINIMXuhn9CF2wCOnQkHTHKwY4gv6KKZ7Ht4h9hsVYJllfwMDQEFBAGGkGTvSQtlus6 gfPqYB3yd5Rt12Jy67s4FYsPGOw8h7ow7mxakQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" NotOnOrAfter=\"2015-05-15T16:31:03.447Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-05-15T16:26:03.444Z\" NotOnOrAfter=\"2015-05-15T17:26:03.444Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Domänen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-05-15T16:17:15.028Z\" SessionIndex=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false));
	}
	
	@Test
	public void testXSW1() throws SAXException, ParserConfigurationException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSignedResponse);
		xswHelpers.applyXSW("XSW1", document);
		assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
				"<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" ID=\"_evil_response_ID\" InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" IssueInstant=\"2015-05-15T16:26:03.447Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_170ee00b-9058-4818-b964-947a7d1c9675\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>CwbbeV6mb8vJblqaOwQ53liVWEXFQGubZQsQURUulqA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>YEb3//IWOT5yyksFjyKQI1pOD6bAFm/f/5G2B3flIW92spmWIAaNCt+V1CLm/VILLpcLU71iFKQJ cDMLeXr5iJN4QYlLNAjTsKQEWvRZvjK57IxTidfXU0GFWTAnLKSwZ0g/A5Ch3D18Nv3r1wlMBrk2 hiP8NsRgJscb/di3eHeFsuqNZiUfpDNwPhW5QO8RN0A6HmhKVnlaFFSRS6RwUnQAmJ6pxC0dlO20 +0G3N/E6uvhd/1J/YT/6lFM3MFNjwwvnL1CzTUjXZr6OOebeZZYkm6eWRM0kqo7mIqyD7TT0Yq+6 e9Yhf/z7ICKJEKzPoyTdth/UOte0ZqkO4M4vxA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo><samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" ID=\"_170ee00b-9058-4818-b964-947a7d1c9675\" InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" IssueInstant=\"2015-05-15T16:26:03.447Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\" IssueInstant=\"2015-05-15T16:26:03.446Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>89ahTmFWAyz+C0Px+UMwzB9zhhR4WbEoJTxWaKbtCVI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pBXikXVt2hXjlDQr+yZl13tGq5d+joR4J5eiNAmorcSjFZ07bAap6RReU6iHR4I+fFfB0POZRstZ CjKqFfZnlIt/RLUiNotMsy0GcaUKCAtqXp6DN/Bov1LwYb3nDQHH4fO9FSCpGj1jXA+iFmkrbNVr 6DUHZcvkdkl9VC4TJx0YoisS39jAmtsVJrVjLkQ5qprhAzZuGWPX3eF3McrzkDfDixth2I6q7NF9 sfcBXhJu+YINIMXuhn9CF2wCOnQkHTHKwY4gv6KKZ7Ht4h9hsVYJllfwMDQEFBAGGkGTvSQtlus6 gfPqYB3yd5Rt12Jy67s4FYsPGOw8h7ow7mxakQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" NotOnOrAfter=\"2015-05-15T16:31:03.447Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-05-15T16:26:03.444Z\" NotOnOrAfter=\"2015-05-15T17:26:03.444Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Domänen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-05-15T16:17:15.028Z\" SessionIndex=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response></ds:Signature><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\" IssueInstant=\"2015-05-15T16:26:03.446Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>89ahTmFWAyz+C0Px+UMwzB9zhhR4WbEoJTxWaKbtCVI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pBXikXVt2hXjlDQr+yZl13tGq5d+joR4J5eiNAmorcSjFZ07bAap6RReU6iHR4I+fFfB0POZRstZ CjKqFfZnlIt/RLUiNotMsy0GcaUKCAtqXp6DN/Bov1LwYb3nDQHH4fO9FSCpGj1jXA+iFmkrbNVr 6DUHZcvkdkl9VC4TJx0YoisS39jAmtsVJrVjLkQ5qprhAzZuGWPX3eF3McrzkDfDixth2I6q7NF9 sfcBXhJu+YINIMXuhn9CF2wCOnQkHTHKwY4gv6KKZ7Ht4h9hsVYJllfwMDQEFBAGGkGTvSQtlus6 gfPqYB3yd5Rt12Jy67s4FYsPGOw8h7ow7mxakQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" NotOnOrAfter=\"2015-05-15T16:31:03.447Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-05-15T16:26:03.444Z\" NotOnOrAfter=\"2015-05-15T17:26:03.444Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Domänen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-05-15T16:17:15.028Z\" SessionIndex=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false));

	}
	
	@Test
	public void testSalesforceNamespaceProblem() throws SAXException, IOException{
		Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageExampleSalesforce);
		assertEquals(messageExampleSalesforce, xmlHelpers.getStringOfDocument(document, 0, false));
	}
	
	public X509Certificate loadTestCert() throws CertificateException, FileNotFoundException {
		CertificateFactory cf = CertificateFactory.getInstance("X.509");
		return (X509Certificate) cf.generateCertificate(new FileInputStream("src/test/resources/samlwin.pem"));
	}

	public PrivateKey loadTestKey() throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
		PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(Files.readAllBytes(Paths.get("src/test/resources/samlwin_pkcs8.key")));
		KeyFactory kf = KeyFactory.getInstance("RSA");
		return kf.generatePrivate(ks);
	}
	
	
	
}