package application; import static org.junit.Assert.assertEquals; import helpers.XMLHelpers; import helpers.XSWHelpers; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.OutputStream; import java.io.PrintStream; import java.nio.file.Files; import java.nio.file.Paths; import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import javax.xml.crypto.MarshalException; import javax.xml.crypto.dsig.XMLSignatureException; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.junit.After; import org.junit.Before; import org.junit.Test; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; public class XMLHelpersTest { XMLHelpers xmlHelpers = new XMLHelpers(); XSWHelpers xswHelpers = new XSWHelpers(); private String message = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>"); private String messageWithoutSig = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>"); private String messageWithLineReturns = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer>\n <samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>"); private String messageTwoAssertions = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>"); private String messageInvalid = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/><ds:DigestValue>L4vRkr4u/KZEn+Tf+xa9oJyZpT8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>QISWFHiNDwkmNcryuJ9/uwmpjR9QTOkKqGHlKW9TO0tJHw1piP27bKPfwAh0NfI1yh95YIASScMytnX65M61nJ5PgJfBkSywqUXwoePCCBUS4cH3ykE2DXij4Kzb2ljxJrHQxJTKLSb2I91D5Y6yD0v5cG3nvgLKUeYeElLAqLHgr10uVrown5167U/DiRT4GtSgzq2ClOtHllUf3cutlM74m3js30JYkPPPYQF06I/CWiek8CjXkCb0WjirV6rRE9CZfMBaAy8Vns5D6fgPCf/3eeUrnK7b/zvLsx4B7gtNULOqV8naqr1BLX0hs1TYfRwg+gP4TzuKnuzDBoMhpw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIC5DCCAcygAwIBAgIQPSAUMBu4DLhLwPdKY1ftaTANBgkqhkiG9w0BAQUFADAbMRkwFwYDVQQDExBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MDkwM1oXDTE2MDIyNTAwMDAwMFowGzEZMBcGA1UEAxMQU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALM5pVag9po8XFVqfq4hM2KRek95dV0Nsz/XRWHPmn4nNZOYEQrrL2RTBegnnMsOi78j4qbHb77Uc7EmSnUqh1tT2aT5ma1EFhcHH9cGkrs9+2eJW4/zKGae1qMmJI0WLS/i3jXO8WSxxXHI1esuwHNl+HNEBzXjBEDDxt98P+xKb/HVWJJz3KB3Y+0UVpKxKH1jOYQ7KbU43skuJDCeuawFZ7U8B0onrqXLdCMGKrU1P3ODl28cupCEKyNXzd2W880m5o2pg0nxPEY8P8PM1quajXipBc19iJdpjd0qo/8oc9Q4oKr4In2JdNQWzGvdwPzn4+R/lT457zYxIXrI3r0CAwEAAaMkMCIwCwYDVR0PBAQDAgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQCpCmFlFeyGxEgLv+7KGCohplch7ESfThJJDhq448c1MQJt3V/f7tkJM8Rc2U0uUOL3aL33u7ne2fFlFlfqltPaT+ZztF1DppV0454GuS5uA2E+tKFZhE1NdXJz8XR0VsDItNhpxmSohesu3FVYVRqLPllKOLcQOFMJpEMxM+/AUG0yKWHUV2+lhsnQZ+jFkptI6hjmjmxsXAteSIz8ppknv2pOO+1OZjS57P46nQHn7TKkNzn6HEX1GYhUILDRA0SdxZtstv4OrEoSZi5XNRq3Qih+cL/KQALXkXGi3CFi7flvYodTQDGaZJAKHjftzeJsBM46QSL9t9T7Bpnnc7J9</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnStatement></Assertion></samlp:Response>"); private String messageSimpleSAMLphpWithSig = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Response ID=\"_dfbd7abd-9428-43f0-8007-3f86b6319521\" Version=\"2.0\" IssueInstant=\"2015-04-29T07:51:02.830Z\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" InResponseTo=\"_0ce536c6d1bb7221ba1bbf149099ddb65da778e863\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\" /></samlp:Status><Assertion ID=\"_8cdb6454-ae3f-45ae-bab4-364a8fb0d6c6\" IssueInstant=\"2015-04-29T07:51:02.830Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\" /><ds:Reference URI=\"#_8cdb6454-ae3f-45ae-bab4-364a8fb0d6c6\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><ds:DigestValue>l/VEXpFdIX8JD/wuzx9I8do/ealANYUJutHFa7IPbhE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>J7IkwePDBioYKGEVl866P+CKauhTny/4Kf1mjuzs2buXwCs6y/l7P3F4UzwNJHWFPwfax+YXsAO8dDWzOdb6oHs5w5zSXD+AKJBglaLnsJKVWmE+lHub+Y1ZPP4PK8OT95x3e4eX+xqL5YGeneFLCgOdzLegvgUNFghR/IX6Qh5esFUDSjWP5kzThPw2Yu83zkP3XkeYHpAV4e8IIOdIeZZvHCt88N+wcJt9sH59Pt8erKHnkq6/RVNwwa6IcHnqXAI4QQtbYcXCKo5al7IFrBEeeRScz3OaKhCbzu9GCkcPFiwsCABiewwlee5Mt7SYddNSq0Qvcuv3FF0zlIEKpA==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_0ce536c6d1bb7221ba1bbf149099ddb65da778e863\" NotOnOrAfter=\"2015-04-29T07:56:02.830Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" /></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-29T07:51:02.828Z\" NotOnOrAfter=\"2015-04-29T08:51:02.828Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-29T07:51:02.787Z\" SessionIndex=\"_8cdb6454-ae3f-45ae-bab4-364a8fb0d6c6\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>"); private String messageEncrypted = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_c91ef060-b295-4fed-8e0c-5a7e9e691844\" InResponseTo=\"_b5212c48765a47e75887782eb94966fb\" IssueInstant=\"2015-05-14T06:40:53.445Z\" Version=\"2.0\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><EncryptedAssertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><xenc:EncryptedData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" Type=\"http://www.w3.org/2001/04/xmlenc#Element\"><xenc:EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"/><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><e:EncryptedKey xmlns:e=\"http://www.w3.org/2001/04/xmlenc#\"><e:EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/></e:EncryptionMethod><KeyInfo><ds:X509Data xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509IssuerSerial><ds:X509IssuerName>CN=signing samlwin.saml.lan</ds:X509IssuerName><ds:X509SerialNumber>16194691477482540397</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></KeyInfo><e:CipherData><e:CipherValue>ShP1bI35N39Fkskz4CE/oNCGRQnmB3M59fRpU2VaXT0DVPJxPdxqFBbrO77DnRMRHTNH46a3m7ryWCE8vxUcBk3Q+rfOjM+BbHzIPk0wOBQHPoVflIFmj18fX73uzpCPhIBUtdcu4I19vzN02P6Ed/Mhl+y9VQAhFHaA5F+vUdrdbJRtq3Oqb6Qu2G6Xtge1S+BJhLgoOTyyOzp3asrkbVQhTb/fFuPl6e/xjMdO0yOUic6W6j/LF3hDZGtiEQK/YyPvt4FPeC7hdes8fuvcEDHMHMQcwgQND/YBIEK0Ig+yde7iJKnOxzuCjHfu4ZLWAMzrzsj62CHY8fISsAV8Lw==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo><xenc:CipherData><xenc:CipherValue>fBoTiF9Lc9tkcy43t0eiR3ADtfmVgXWYTycWV6xgZbLu6V7TEuaDr/1Yn5ORGRPzKahulApJhcXv8ysmiM1OAdUXVz+tv0GPr71A0ymP/kBm8YyA+ea1KyHpJebAUdMzRJ4K3utea3XflZ2dsMwjIxUybxHSk6b/Qv3qbUvBnxZ2IsfrKrbN2Hk3/xNVPowD3s3J9+2Jf6j5E878GWm9nrWocIPqWb/uDfcn+1qH+vUCBK5Zbqx9FZg9erON2hXL8qpttv5bv48G2rrAVOl8x3S5kH/HNjtKApmyKXeMLBgNjMMDcbEyamuQt2QBMlivFZNGc9DcxyUCU07eCzM8aQ4MtdHFv50OESETQxG8I7otmUunnaEDt/nNLghYcw88CwgsBlPznytWfkla7ejPt8Hd1ub5b6qfstpWe7iXWBHeROYuLHub3Y1kYhWnFH2IZCISocezp08KbF8c5kwz6DmQ44ZnS/0pR57cA/gZVMsDe6owDTc2ix52IYi6Ae+mPqX52PB4/i904DvCUX4FPBR1+cuC+4gnMJhrMFqNVEdX+xddQ5Rz5jFSxQSAmnfc+TDx/O/X7Oi2uunKPnx6VNdCIF1aAzCmemcAE2bJk3bEMigyb+o08oR9CQpwAcOOXogJjYRTuGjZ9EIfnHIwkyVil+HOnTixRQ7mhjLD/gLaxSztY57E5n7faN5CZMDiZPneUSwxNK8cGlo2RMujIFJMOfA4IhVLC9AMmhS261YTN4d1u1a53qtmMvUW3OEBn1dtOBcxTocrvXs9VlOwWWQB8zOUTDj1K2SU6VSST9PrxGean57lxeTXd6pWJXXqDqgDOQbSavvUMk0dcEYYJs9NMa4nIlX/674yyfNeQNo3FX81KZ6rNEhyYumB6nV3WPyuPZ2IzcmO2Rrz3jFYpY7q7/p3QCZLjOrMI2XahaVi7JE1F7Xof32zTgraM0zwTd2cjRzvyrIfTlRJB2I5LJdkZT/9RnW5DtozqOHp0QbcZWd7ThgTrjbKnmvKwM2c07b5onurjqimS3bLvUy0Jb1yzjosGKWiMMpo5AesRBKHzZy/6M5rW/murJFKghBWE6WYJEOx36ubYrmAngru2IsbRxOy2VWfK6ZP9BVqz3920ukunAGYjCphgD/xYbZFtaYQPEV/Ra5nOXCHOQjfnMgNIpZKOnKzZi3wFObsuokdng3upU1KVsaG7ymEzinJj8Ly5fph8KSZS0b9D+0RSVI24P9aiOHiRfSH976u/JEV/8Om/Dqcf074GjuqZQhglzc8sMRX1oguGJGbX6Xn5p4N7yjOQeXEATHxajwVfIcMuPEpHcgQhh+V1w9rNTQxfw5uZQN/r42uHrFXtkdbCWF2nYLzSLfSVQXUScjiDgDlh48ykzTeJBR6A0gSK7LylbnU7Uyv4ldvQz1lrMc3Zg0r5JQcAIP8iRSSm6f2KkNKACXQmC5seKlkU3ORPBgB9iwxKsbjpvvkk9o2s7hah0r1+BozskWvd650llJInD59edvJUC2YsndRwNmwDkLEMgIQhDMdBrXh+E0QGEvNitkRsggyo6zzJuASBArU62sTfAIXh9z3z8WCaO8mxSwWJZrLmfe/6ozW6UKP46cgzdyk51Y92RvOp73BN7WdyG6tfi4awZOQWQesfdJw7NqgpgxJksBb7z0PLcjVVxNHsbH6oVxvFjCycxCiKTSdVjbnAWD1/QzCANTvcXp9gs01JRlLLoeZrB24O4Y6610aaR/msiAHkvaIPmbmD15snSpTk6E9eY2mOLqlQvEoEmXulj8bEE/5rGXYL9HTAVSo7aDckCpo/yJNsKt0+hR6WWQqlielE20EtIhSRLN27tJ3lYsddcQ/0JeHIQg4MeseaavxyzwhLadnWFjbO84rQEIXHTkb9QZO7T2wfi9Ii1orGn0FHnKlEjxxfFyEDjHVNywP/ZJOQXzk+JEnfwXallnUXErTHrDJn6vAl+WHEQ+hVyiAD+rhfzclm4U0+G7QJl2/0KCDohUj3gtI7tCx03kRiyq8d3sxIk2KogNkRyN3PRQSal2pMoE1lzsiBgdVivTjo6HxtwGVjfk2inXKgeREXM8+RXexyCvklcvQ0DIGm2NGLiVkhHzJNl08B6abHntcWkq3fi8qII8dJ2aya5BTTANlAJr+3zEgG+3jPWPOJs3qABsJqshDG0A6s/zcDvOGbNV2nSA3BGmurLfJz1wnNTHyKxK0Tq1kWtrMeOxuHZHiirrLalzIUHYaTjwf7d01viW6wPvjJErOCjcNmSW/WcIxpXGTsOikmuPDS0pmw0/scQ3NZ+tOaA5Pwlw7Fj/o49l050beOLeXQaq2jNPti0n7XZHDu9a8ma3SwqrwAfnisQMn/wCeI6n30a5T/iyApAOrPcPrnfBCd0JTDiBzeIqcaLHeiPIPmLAjka4WNfVukoHYNF3HHkjX8kbMrJEmyubSNKKokfEDYt/lp3ISvEW2AMrFrnVzAYazefFhWwQMgKrQisW/XjUIx8rf92xEiTMHT0PSOQ9qIg0Y4QZlbdOcc/SR45UOyN/wqCbO8coN1XAsLA3C4R2bouTBKtJ6UuYzOT4RCLlWTU7kV3BxMr1qTV0kobRXXotPq/kczrj9VZptpOKsU8wqXfFRtPmRH0TBAY6kbxbn9eEEOBthPfBpd0vGwjtltndNajNmtXJkb55lQvZtXN7C5p3IFRDfRpR88rE9LgHx3pSvuniqJk7maHYcW3NGTqeRv8GBrZpcDpIOv0jIr6+VpclIS38K/RPiHnG6QyDVXMbFlp7yCfB6Cu/wt38vljsdE8EOSsZBEqdlBZHdDjYNvdbE7pkT4nmmXrPb98aNtwFmAhH3sefqCsM8FWxJRpBSGWIAOkC2yNPVXe1uwDwtf/YJjoNwebbK6ZUVGDNArQbwFfcEbXPfA8MlwvQwGvXueUrIGLvz7pIQSgxWxdr5atitPOAtzjkueT4+BYSELrkHQrhd2+9VTAlajFdLCFN2/8Lv/waXs2m+DS7DBRaMDHdzi8Wq/ZydmsiTpRxVLBf4Cm33C+xGMt3A1WiCYU36QmlstepOe2KhBmVrFzCjOMgeEb/kcapMt9jjEsXFsi4BOusSN1Hh4UCgtu5ej5p+4En8DbyVmz0DvkWY7XWpMDGFEdIb0BjrM/prkLhEE7OJDMIizsa2Et53jcYudOqdQVXEuF7xxPXLwrwWkElU7jB73B4ZzQaJPLD52vEYAw3G9OpSROTmSZ8eq1D2ve/zHk56mW4rBgfCXZyqS7Z5/Vu+XYyaRXvB3JbhXei0SCKcgZXLBdNMdq6Kf2shgZW+XFSOXKGldITJ+z2iCxEO4y24u4fpRvq4ij58apIMsXtoJCkOwEa7d3M2EeiyD8AEPfkPb6s9dRKa+hwWwx7ZsQzx/hJH5dCCswU0rsB26vCMwUsJbeb6uyOi9ank0vM7C0XjZx48LgFykZkfEnNVCVQfwJLPg5HEZnxRpck9fSHGh9WCEWg0YLjAQHUjmiOY0gnv3rsaf1rh161tkC0r2m11YRJpqDXo49NPigRHMCY/m+y+N22L0rkfFeH+xo2MLmt5zkKZp/n6vCSU05vsK4gNjLB3CjG/3XQbm68w6wU9oneWzwIXjV0ZFA+EeyN0Ak2BlOnolbnAl0Pxobi+iPoUE7p5Q0W0sXCnhDkBSpiO5jNXRtnGESc1+5Fxu+N05qwVhfbstSU0WA5FV8dnfr5RVTL84HYYLvDYkGoJ2LGWA0e6nzRe2tnPAaF6rBBeEcNmb+3ue3MQc/kvVSsV2CJ3Kz0AjDJ2AR2gP+5WlXJth9k3ag87c4vIQQPkhrhycwpBOHLucd6dUfn8BWMtXf/JFoY2VjJc2krkF8cTtUUilrAi3nEVv55j6BymCnZdv+VfL8Vj/5ujnlYFXmvPxj+vPnmJIGLwyJdxzeqHevF868QjjBpXnyQkzK3ZXUoDYKQkTZPQhZMAuS5SiBwlK5IBUYY6QXIC6p9+eBfJzfA7DTb5irM6hRaGohHCudWpjAmuHHR/34x+Jv5Ay2mot/CaBsgdLpKpnXDx2Fh6BT17g0CBlsF7FTtxXq7Gec0IqDOUIyNgdylgcSeT8wr+IAzWB87eThCNVR5fu+WHNZcuP2YgXsyUQTPLCUDi6n/Ljj9SKIR8rc/3sNZGp4b+BJ/L7R5z7iKRr51OYqYG/+ioNlzEDXvSwnboGe7mfp0CLcx+dPBVGpou97ADkZqzUtaTf5bI3bCStD2vu6L0ZX9U9c3k3n5JQ7xXB1GACDft8ELE8RehxXq5dLAokCXjR7KELDk1re0GuKlGp4aefNjCTlbJ70YpwZHseJyh6fJfP6xUi5i/WyNBt2zCFiH/6NAgWA89ZtPjJxJfymnTIMdG/uyRujoIM8dkpZ2PZ5ZHOSoK4FYphDIvKn5pIxmoXYGJWI94wnCaNtwDIjC3xUvGWoQzC0HgVGFumM6/NGFsk9a1gPxLpquXps4aNIdpfzP3euaTBabHvfRNr4+YFQ1E1w5ctODJ2iyG237tMYJqdm7SeCuVHZeZnkJMqXT1m8C9QfSUcorLZz6o9T5K0M+Lvg4JZ0lxuepCZgcACALxTFYLMuEela97ipWFGm32t2kRToqlJ62PFIPNtlNlEWnjPkxV9IA/JridpZbT1xqjhsqQQ8rtchq2eAhQQdJlwT3nnZsZA+a/xsL52rirDpdNH6RYmMMY44qAN9hAMG6/6FrJIb+D6Vvy0mBHUJiP6zXCfKVAdlviW1mLkuRDsncy0+19OUvQVgxkIlg+EvKMPV0s7UF3ujLwvzwnjxda+/RjZEwyUyNcdX/+AJgGPAeVfilO/e0XCuBDznPSGdN5kSGb</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></EncryptedAssertion></samlp:Response>"); private String messageSignedResponse = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" ID=\"_170ee00b-9058-4818-b964-947a7d1c9675\" InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" IssueInstant=\"2015-05-15T16:26:03.447Z\" Version=\"2.0\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_170ee00b-9058-4818-b964-947a7d1c9675\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>CwbbeV6mb8vJblqaOwQ53liVWEXFQGubZQsQURUulqA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>YEb3//IWOT5yyksFjyKQI1pOD6bAFm/f/5G2B3flIW92spmWIAaNCt+V1CLm/VILLpcLU71iFKQJ cDMLeXr5iJN4QYlLNAjTsKQEWvRZvjK57IxTidfXU0GFWTAnLKSwZ0g/A5Ch3D18Nv3r1wlMBrk2 hiP8NsRgJscb/di3eHeFsuqNZiUfpDNwPhW5QO8RN0A6HmhKVnlaFFSRS6RwUnQAmJ6pxC0dlO20 +0G3N/E6uvhd/1J/YT/6lFM3MFNjwwvnL1CzTUjXZr6OOebeZZYkm6eWRM0kqo7mIqyD7TT0Yq+6 e9Yhf/z7ICKJEKzPoyTdth/UOte0ZqkO4M4vxA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\" IssueInstant=\"2015-05-15T16:26:03.446Z\" Version=\"2.0\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>89ahTmFWAyz+C0Px+UMwzB9zhhR4WbEoJTxWaKbtCVI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pBXikXVt2hXjlDQr+yZl13tGq5d+joR4J5eiNAmorcSjFZ07bAap6RReU6iHR4I+fFfB0POZRstZ CjKqFfZnlIt/RLUiNotMsy0GcaUKCAtqXp6DN/Bov1LwYb3nDQHH4fO9FSCpGj1jXA+iFmkrbNVr 6DUHZcvkdkl9VC4TJx0YoisS39jAmtsVJrVjLkQ5qprhAzZuGWPX3eF3McrzkDfDixth2I6q7NF9 sfcBXhJu+YINIMXuhn9CF2wCOnQkHTHKwY4gv6KKZ7Ht4h9hsVYJllfwMDQEFBAGGkGTvSQtlus6 gfPqYB3yd5Rt12Jy67s4FYsPGOw8h7ow7mxakQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" NotOnOrAfter=\"2015-05-15T16:31:03.447Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-05-15T16:26:03.444Z\" NotOnOrAfter=\"2015-05-15T17:26:03.444Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Domänen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-05-15T16:17:15.028Z\" SessionIndex=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>"); private String messageExampleSalesforce = new String("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response ID=\"_257f9d9e9fa14962c0803903a6ccad931245264310738\" IssueInstant=\"2009-06-17T18:45:10.738Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><saml:Issuer Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">https://www.salesforce.com</saml:Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><saml:Assertion ID=\"_3c39bc0fe7b13769cab2f6f45eba801b1245264310738\" IssueInstant=\"2009-06-17T18:45:10.738Z\" Version=\"2.0\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:Issuer Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">https://www.salesforce.com</saml:Issuer><saml:Signature xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:SignedInfo><saml:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><saml:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/><saml:Reference URI=\"#_3c39bc0fe7b13769cab2f6f45eba801b1245264310738\"><saml:Transforms><saml:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><saml:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"><InclusiveNamespaces PrefixList=\"ds saml xs\"/></saml:Transform></saml:Transforms><saml:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/><saml:DigestValue>vzR9Hfp8d16576tEDeq/zhpmLoo=</saml:DigestValue></saml:Reference></saml:SignedInfo><saml:SignatureValue>AzID5hhJeJlG2llUDvZswNUrlrPtR7S37QYH2W+Un1n8c6kTC Xr/lihEKPcA2PZt86eBntFBVDWTRlh/W3yUgGOqQBJMFOVbhK M/CbLHbBUVT5TcxIqvsNvIFdjIGNkf1W0SBqRKZOJ6tzxCcLo 9dXqAyAUkqDpX5+AyltwrdCPNmncUM4dtRPjI05CL1rRaGeyX 3kkqOL8p0vjm0fazU5tCAJLbYuYgU1LivPSahWNcpvRSlCI4e Pn2oiVDyrcc4et12inPMTc2lGIWWWWJyHOPSiXRSkEAIwQVjf Qm5cpli44Pv8FCrdGWpEE0yXsPBvDkM9jIzwCYGG2fKaLBag==</saml:SignatureValue><saml:KeyInfo><saml:X509Data><saml:X509Certificate>MIIEATCCAumgAwIBAgIBBTANBgkqhkiG9w0BAQ0FADCBgzELM [Certificate truncated for readability...]</saml:X509Certificate></saml:X509Data></saml:KeyInfo></saml:Signature><saml:Subject xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\">[email protected]</saml:NameID><saml:SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><saml:SubjectConfirmationData NotOnOrAfter=\"2009-06-17T18:50:10.738Z\" Recipient=\"https://login.www.salesforce.com\"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore=\"2009-06-17T18:45:10.738Z\" NotOnOrAfter=\"2009-06-17T18:50:10.738Z\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:AudienceRestriction><saml:Audience>https://saml.salesforce.com</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant=\"2009-06-17T18:45:10.738Z\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"><saml:Attribute Name=\"portal_id\"><saml:AttributeValue>060D00000000\nSHZ</saml:AttributeValue></saml:Attribute><saml:Attribute Name=\"organization_id\"><saml:AttributeValue>00DD0000000F7L5</saml:AttributeValue></saml:Attribute><saml:Attribute Name=\"ssostartpage\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified\"><saml:AttributeValue>http://www.salesforce.com/security/saml/saml20-gen.jsp</saml:AttributeValue></saml:Attribute><saml:Attribute Name=\"logouturl\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml:AttributeValue>http://www.salesforce.com/security/del_auth/SsoLogoutPage.html</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>"); @Before public void setUp() throws Exception { } @After public void tearDown() throws Exception { } @Test public void testGetSignature() throws SAXException { Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); NodeList nl = xmlHelpers.getSignatures(document); assertEquals(1, nl.getLength()); } @Test public void testRemoveSignature() throws SAXException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); assertEquals(1, xmlHelpers.removeAllSignatures(document)); assert(messageWithoutSig.equals(xmlHelpers.getStringOfDocument(document, 0, false))); assertEquals(messageWithoutSig, xmlHelpers.getStringOfDocument(document, 0, false)); } @Test public void testEncoding() throws SAXException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); String message = xmlHelpers.getStringOfDocument(document, 0, false); assertEquals(true, message.contains("�")); } @Test public void testGetStringOfDocumentAndGetXMLDocument() throws SAXException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); String mess = xmlHelpers.getStringOfDocument(document, 2, true); Document document2 = xmlHelpers.getXMLDocumentOfSAMLMessage(mess); assertEquals(message, xmlHelpers.getStringOfDocument(document2, 0, false)); } @Test(expected=SAXException.class) public void testGetXMLDocumentInvalid() throws SAXException{ //deactivate ErrorStream because an error should be displayed PrintStream original = System.err; System.setErr(new PrintStream(new OutputStream() { public void write(int b) { } })); xmlHelpers.getXMLDocumentOfSAMLMessage(messageInvalid); System.setOut(original); } @Test public void testGetIssuer() throws SAXException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); assertEquals(true, xmlHelpers.getIssuer(document).equals("http://SAMLWIN.saml.lan/adfs/services/trust")); } @Test public void testGetAssertions() throws SAXException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); NodeList nl = xmlHelpers.getAssertions(document); assertEquals(1, nl.getLength()); Document document2 = xmlHelpers.getXMLDocumentOfSAMLMessage(messageTwoAssertions); NodeList nl2 = xmlHelpers.getAssertions(document2); assertEquals(2, nl2.getLength()); } @Test public void testSignXMLWithoutValidAlgorithm() throws SAXException, CertificateException, FileNotFoundException, NoSuchAlgorithmException, InvalidKeySpecException, MarshalException, XMLSignatureException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageWithoutSig); Element assertion = (Element) xmlHelpers.getAssertions(document).item(0); xmlHelpers.signAssertion(document, xmlHelpers.getSignatureAlgorithm(assertion), xmlHelpers.getDigestAlgorithm(assertion),loadTestCert(), loadTestKey()); } @Test public void testValidateSignature() throws Exception{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageWithoutSig); Element assertion = (Element) xmlHelpers.getAssertions(document).item(0); xmlHelpers.signAssertion(document, xmlHelpers.getSignatureAlgorithm(assertion), xmlHelpers.getDigestAlgorithm(assertion),loadTestCert(), loadTestKey()); assertEquals(true, xmlHelpers.validateSignature(document)); } @Test public void testValidateSignatureFromString() throws Exception{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageWithoutSig); Element assertion = (Element) xmlHelpers.getAssertions(document).item(0); xmlHelpers.signAssertion(document, xmlHelpers.getSignatureAlgorithm(assertion), xmlHelpers.getDigestAlgorithm(assertion),loadTestCert(), loadTestKey()); String str = xmlHelpers.getString(document); Document document2 = xmlHelpers.getXMLDocumentOfSAMLMessage(str); xmlHelpers.setIDAttribute(document2); assertEquals(true, xmlHelpers.validateSignature(document2)); } @Test public void testReplaceWithCanonicalization() throws Exception{ Document documentInit = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSimpleSAMLphpWithSig); String SAMLMessage = xmlHelpers.getStringOfDocument(documentInit, 2, true); Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(SAMLMessage); xmlHelpers.removeAllSignatures(document); xmlHelpers.removeEmptyTags(document); String string = null; string = xmlHelpers.getString(document); Document documentCanon = xmlHelpers.getXMLDocumentOfSAMLMessage(string); Element assertion = (Element) xmlHelpers.getAssertions(documentCanon).item(0); xmlHelpers.signAssertion(documentCanon, xmlHelpers.getSignatureAlgorithm(assertion), xmlHelpers.getDigestAlgorithm(assertion),loadTestCert(), loadTestKey()); String signed = xmlHelpers.getString(documentCanon); Document documentSigned = xmlHelpers.getXMLDocumentOfSAMLMessage(signed); xmlHelpers.setIDAttribute(documentSigned); assertEquals(true, xmlHelpers.validateSignature(documentSigned)); } @Test public void testSignResponse() throws Exception{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageWithoutSig); xmlHelpers.signMessage(document, "", "",loadTestCert(), loadTestKey()); assertEquals(true, xmlHelpers.validateSignature(document)); } @Test public void testSignMessageWithAssertionSignature() throws Exception{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); NodeList responses = xmlHelpers.getResponse(document); String signAlgorithm = xmlHelpers.getSignatureAlgorithm(responses.item(0)); String digestAlgorithm = xmlHelpers.getDigestAlgorithm(responses.item(0)); xmlHelpers.removeOnlyMessageSignature(document); xmlHelpers.signMessage(document, signAlgorithm, digestAlgorithm,loadTestCert(), loadTestKey()); assertEquals(true, xmlHelpers.validateSignature(document)); } @Test public void testSignMessageWithLineReturns() throws Exception{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageWithLineReturns); xmlHelpers.signMessage(document, "", "",loadTestCert(), loadTestKey()); assertEquals(true, xmlHelpers.validateSignature(document)); } @Test public void testEncryptedAssertions() throws SAXException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageEncrypted); NodeList nl = xmlHelpers.getEncryptedAssertions(document); assertEquals(1, nl.getLength()); } @Test public void testGetSigningAlgorithm() throws SAXException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); Element assertion = (Element) xmlHelpers.getAssertions(document).item(0); assertEquals("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", xmlHelpers.getSignatureAlgorithm(assertion)); } @Test public void testGetDigestAlgorithm() throws SAXException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); Element assertion = (Element) xmlHelpers.getAssertions(document).item(0); assertEquals("http://www.w3.org/2001/04/xmlenc#sha256", xmlHelpers.getDigestAlgorithm(assertion)); } @Test public void testGetEncryptionMethod() throws SAXException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageEncrypted); Element assertion = (Element) xmlHelpers.getEncryptedAssertions(document).item(0); assertEquals("http://www.w3.org/2001/04/xmlenc#aes256-cbc", xmlHelpers.getEncryptionMethod(assertion)); } @Test public void testGetEncryptionMethodNotEncrypted() throws SAXException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); NodeList nl = xmlHelpers.getAssertions(document); assertEquals("no encryption", xmlHelpers.getEncryptionMethod(nl.item(0))); } @Test public void testGetCertificateOfAssertion() throws SAXException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); Element assertion = (Element) xmlHelpers.getAssertions(document).item(0); String expected = ("MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw=="); assertEquals(expected, xmlHelpers.getCertificate(assertion)); } @Test public void testGetCertificateOfResponse() throws SAXException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSignedResponse); String expected = ("MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0="); assertEquals(expected, xmlHelpers.getCertificate(document.getDocumentElement())); } @Test public void testRemoveOnlyMessageSignature() throws SAXException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSignedResponse); xmlHelpers.removeOnlyMessageSignature(document); assertEquals(1, xmlHelpers.getSignatures(document).getLength()); } @Test public void testXSW() throws SAXException, ParserConfigurationException, TransformerException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSignedResponse); Element response = (Element) document.getElementsByTagNameNS("*", "Response").item(0); Element assertion = (Element) response.getElementsByTagNameNS("*", "Assertion").item(0); DocumentBuilderFactory documentBuilderFactory = xmlHelpers.getDBF(); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document newDoc = documentBuilder.newDocument(); Element newRootResponse = (Element) newDoc.importNode(response, false); Element newAssertion = (Element) newDoc.importNode(assertion, true); newRootResponse.setAttribute("ID", "_evil_response_ID"); newDoc.appendChild(newRootResponse); newDoc.adoptNode(response); Element clonedAssertion = (Element) newAssertion.cloneNode(true); clonedAssertion.setAttribute("ID", "_evil_Assertion_ID"); newRootResponse.appendChild(response); newRootResponse.appendChild(clonedAssertion); Element newClonedSignature = (Element) clonedAssertion.getElementsByTagNameNS("*", "Signature").item(0); clonedAssertion.removeChild(newClonedSignature); } @Test public void testXSW5() throws SAXException, ParserConfigurationException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); xswHelpers.applyXSW("XSW5", document); assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_evil_assertion_ID\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false)); } @Test public void testXSW6() throws SAXException, ParserConfigurationException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); xswHelpers.applyXSW("XSW6", document); assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_evil_assertion_ID\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false)); } @Test public void testXSW7() throws SAXException, ParserConfigurationException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); xswHelpers.applyXSW("XSW7", document); assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Extensions><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></Extensions><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false)); } @Test public void testXSW8() throws SAXException, ParserConfigurationException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); xswHelpers.applyXSW("XSW8", document); assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo><Object><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></Object></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false)); } @Test public void testXSW3() throws SAXException, ParserConfigurationException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); xswHelpers.applyXSW("XSW3", document); assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_evil_assertion_ID\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false)); } @Test public void testXSW4() throws SAXException, ParserConfigurationException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(message); xswHelpers.applyXSW("XSW4", document); assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://samlcent/Shibboleth.sso/SAML2/POST\" ID=\"_fd601e21-5f81-469e-88c7-da72dccf1357\" InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" IssueInstant=\"2015-04-06T06:42:39.213Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_evil_assertion_ID\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement><Assertion ID=\"_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\" IssueInstant=\"2015-04-06T06:42:39.212Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_f27d6403-32f3-45ec-8b24-8b2fb4ca99b0\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>foKK0crQsYCouYU2pt9dvyDdI9Z4s5Z0WAHrpclAfA8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>5a/BEGAyZFArapDrhKpycB7wADxpN1rwBOy5ADyMslFDZ2Xbrk6ILBVdwQh78Xd5OQtAXgap+Zsx8dIVF5TN4O7s8TDT3UkGERQu4eTisjhJaNjnc+HNXtkubKnQ2jpoGdoDfpgf2UJIVq7b9zXQxIki4V4DcMOJclhbiIwI2GXFlzm70fWYDAkuAkbaAOwX716jb6xkmMhA4kEDyszOxFlUbLdKp92H74D0wlhnIqP2k6ONzuTMLfjMGN5FZenqZyJUg6IX79mffFpCG6tFM9wRzaehThGRLIQ2QtYh4McBYwAq1JrL2QXurSpH06lrAzk0D79HKDBPR62Zws55Jw==</ds:SignatureValue><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIIC3DCCAcSgAwIBAgIQN0u7JfaKFrxPoGuP0EeVjTANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBTQU1MV0lOLnNhbWwubGFuMB4XDTE1MDIyNTE3MTE0N1oXDTE2MDIyNTE3MTE0N1owKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gU0FNTFdJTi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLTYkbBIvPa2+KrOvxoi1alOcOnxzFRlZELYhyiCj2j0hKuQd+fB+OgP4fNuaH/dEbSiZ0fD3MtQ0nrc65NTYrXpPqAasMEGpVVOemi4kaKwxrYOD3NbFoFxQjvjMV9UQt2RaBe160sFe58o5cWvNVxXA2Sf81fIeHlSBEMavFOQFQkQbDU/XmGtW0XjQhyyiJ4MEy7Zwgu2HmxpiwNa6wSflDXZIUYq3gUZ+eFr8kTgBrpgLtD2lAaaF8e9X0n6xiswDoORs70cNiyHgTN4ywL+1jT+vNjHoV+V9btTcfr0l/JytFrCNXx3z6k8pDmQVGIfbY7J4nRdqpzEd5MOTECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqOCJMqE7pRBs5qvtmJ55r7f/HF6B+SRijzX4k0Bg7GGKQsNn2X3BC5MYCcVYlmzXw8k5JxxxMckExGlnSvph+2DyZJOysspMj2NKuseDSGaBGbhJXH/vF0Fm9Ps/Tf4BKIBrPE14ghCp4vtaXlpd13/w1eXSwqQ2rIREbmidGho6P9hkVH6G8ri2iClS78Edakhoskcc35UvXt4o6R77RTA9/jQ9NylxYoj0eYAlkIlG+rSDQpx8RXRiLQxsOl5EpXqmoD9zGAEWWAxcmzTAjJFFzis1F7n6nVuv8SVaKjQBEz/nmstduxLOo20DR/M0VAQQzwMDM9uihXNQwNWEMw==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_545e60fe3602a06d25f241b622c5a773\" NotOnOrAfter=\"2015-04-06T06:47:39.213Z\" Recipient=\"https://samlcent/Shibboleth.sso/SAML2/POST\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-04-06T06:42:39.210Z\" NotOnOrAfter=\"2015-04-06T07:42:39.210Z\"><AudienceRestriction><Audience>https://samlcent/shibboleth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Dom�nen-Benutzer</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-04-06T06:42:39.178Z\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false)); } @Test public void testXSW2() throws SAXException, ParserConfigurationException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSignedResponse); xswHelpers.applyXSW("XSW2", document); assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" ID=\"_evil_response_ID\" InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" IssueInstant=\"2015-05-15T16:26:03.447Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" ID=\"_170ee00b-9058-4818-b964-947a7d1c9675\" InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" IssueInstant=\"2015-05-15T16:26:03.447Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\" IssueInstant=\"2015-05-15T16:26:03.446Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>89ahTmFWAyz+C0Px+UMwzB9zhhR4WbEoJTxWaKbtCVI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pBXikXVt2hXjlDQr+yZl13tGq5d+joR4J5eiNAmorcSjFZ07bAap6RReU6iHR4I+fFfB0POZRstZ CjKqFfZnlIt/RLUiNotMsy0GcaUKCAtqXp6DN/Bov1LwYb3nDQHH4fO9FSCpGj1jXA+iFmkrbNVr 6DUHZcvkdkl9VC4TJx0YoisS39jAmtsVJrVjLkQ5qprhAzZuGWPX3eF3McrzkDfDixth2I6q7NF9 sfcBXhJu+YINIMXuhn9CF2wCOnQkHTHKwY4gv6KKZ7Ht4h9hsVYJllfwMDQEFBAGGkGTvSQtlus6 gfPqYB3yd5Rt12Jy67s4FYsPGOw8h7ow7mxakQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" NotOnOrAfter=\"2015-05-15T16:31:03.447Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-05-15T16:26:03.444Z\" NotOnOrAfter=\"2015-05-15T17:26:03.444Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Domänen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-05-15T16:17:15.028Z\" SessionIndex=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_170ee00b-9058-4818-b964-947a7d1c9675\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>CwbbeV6mb8vJblqaOwQ53liVWEXFQGubZQsQURUulqA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>YEb3//IWOT5yyksFjyKQI1pOD6bAFm/f/5G2B3flIW92spmWIAaNCt+V1CLm/VILLpcLU71iFKQJ cDMLeXr5iJN4QYlLNAjTsKQEWvRZvjK57IxTidfXU0GFWTAnLKSwZ0g/A5Ch3D18Nv3r1wlMBrk2 hiP8NsRgJscb/di3eHeFsuqNZiUfpDNwPhW5QO8RN0A6HmhKVnlaFFSRS6RwUnQAmJ6pxC0dlO20 +0G3N/E6uvhd/1J/YT/6lFM3MFNjwwvnL1CzTUjXZr6OOebeZZYkm6eWRM0kqo7mIqyD7TT0Yq+6 e9Yhf/z7ICKJEKzPoyTdth/UOte0ZqkO4M4vxA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\" IssueInstant=\"2015-05-15T16:26:03.446Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>89ahTmFWAyz+C0Px+UMwzB9zhhR4WbEoJTxWaKbtCVI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pBXikXVt2hXjlDQr+yZl13tGq5d+joR4J5eiNAmorcSjFZ07bAap6RReU6iHR4I+fFfB0POZRstZ CjKqFfZnlIt/RLUiNotMsy0GcaUKCAtqXp6DN/Bov1LwYb3nDQHH4fO9FSCpGj1jXA+iFmkrbNVr 6DUHZcvkdkl9VC4TJx0YoisS39jAmtsVJrVjLkQ5qprhAzZuGWPX3eF3McrzkDfDixth2I6q7NF9 sfcBXhJu+YINIMXuhn9CF2wCOnQkHTHKwY4gv6KKZ7Ht4h9hsVYJllfwMDQEFBAGGkGTvSQtlus6 gfPqYB3yd5Rt12Jy67s4FYsPGOw8h7ow7mxakQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" NotOnOrAfter=\"2015-05-15T16:31:03.447Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-05-15T16:26:03.444Z\" NotOnOrAfter=\"2015-05-15T17:26:03.444Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Domänen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-05-15T16:17:15.028Z\" SessionIndex=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false)); } @Test public void testXSW1() throws SAXException, ParserConfigurationException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageSignedResponse); xswHelpers.applyXSW("XSW1", document); assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" ID=\"_evil_response_ID\" InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" IssueInstant=\"2015-05-15T16:26:03.447Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_170ee00b-9058-4818-b964-947a7d1c9675\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>CwbbeV6mb8vJblqaOwQ53liVWEXFQGubZQsQURUulqA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>YEb3//IWOT5yyksFjyKQI1pOD6bAFm/f/5G2B3flIW92spmWIAaNCt+V1CLm/VILLpcLU71iFKQJ cDMLeXr5iJN4QYlLNAjTsKQEWvRZvjK57IxTidfXU0GFWTAnLKSwZ0g/A5Ch3D18Nv3r1wlMBrk2 hiP8NsRgJscb/di3eHeFsuqNZiUfpDNwPhW5QO8RN0A6HmhKVnlaFFSRS6RwUnQAmJ6pxC0dlO20 +0G3N/E6uvhd/1J/YT/6lFM3MFNjwwvnL1CzTUjXZr6OOebeZZYkm6eWRM0kqo7mIqyD7TT0Yq+6 e9Yhf/z7ICKJEKzPoyTdth/UOte0ZqkO4M4vxA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo><samlp:Response Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" Destination=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\" ID=\"_170ee00b-9058-4818-b964-947a7d1c9675\" InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" IssueInstant=\"2015-05-15T16:26:03.447Z\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\" IssueInstant=\"2015-05-15T16:26:03.446Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>89ahTmFWAyz+C0Px+UMwzB9zhhR4WbEoJTxWaKbtCVI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pBXikXVt2hXjlDQr+yZl13tGq5d+joR4J5eiNAmorcSjFZ07bAap6RReU6iHR4I+fFfB0POZRstZ CjKqFfZnlIt/RLUiNotMsy0GcaUKCAtqXp6DN/Bov1LwYb3nDQHH4fO9FSCpGj1jXA+iFmkrbNVr 6DUHZcvkdkl9VC4TJx0YoisS39jAmtsVJrVjLkQ5qprhAzZuGWPX3eF3McrzkDfDixth2I6q7NF9 sfcBXhJu+YINIMXuhn9CF2wCOnQkHTHKwY4gv6KKZ7Ht4h9hsVYJllfwMDQEFBAGGkGTvSQtlus6 gfPqYB3yd5Rt12Jy67s4FYsPGOw8h7ow7mxakQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" NotOnOrAfter=\"2015-05-15T16:31:03.447Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-05-15T16:26:03.444Z\" NotOnOrAfter=\"2015-05-15T17:26:03.444Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Domänen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-05-15T16:17:15.028Z\" SessionIndex=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response></ds:Signature><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion ID=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\" IssueInstant=\"2015-05-15T16:26:03.446Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://SAMLWIN.saml.lan/adfs/services/trust</Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>89ahTmFWAyz+C0Px+UMwzB9zhhR4WbEoJTxWaKbtCVI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>pBXikXVt2hXjlDQr+yZl13tGq5d+joR4J5eiNAmorcSjFZ07bAap6RReU6iHR4I+fFfB0POZRstZ CjKqFfZnlIt/RLUiNotMsy0GcaUKCAtqXp6DN/Bov1LwYb3nDQHH4fO9FSCpGj1jXA+iFmkrbNVr 6DUHZcvkdkl9VC4TJx0YoisS39jAmtsVJrVjLkQ5qprhAzZuGWPX3eF3McrzkDfDixth2I6q7NF9 sfcBXhJu+YINIMXuhn9CF2wCOnQkHTHKwY4gv6KKZ7Ht4h9hsVYJllfwMDQEFBAGGkGTvSQtlus6 gfPqYB3yd5Rt12Jy67s4FYsPGOw8h7ow7mxakQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAOC/Ghh6ZI1tMA0GCSqGSIb3DQEBBQUAMCMxITAfBgNVBAMMGHNpZ25p bmcgc2FtbHdpbi5zYW1sLmxhbjAeFw0xNTA1MDUxMTQ4MjJaFw0xOTAzMDUxMTQ4MjJaMCMxITAf BgNVBAMMGHNpZ25pbmcgc2FtbHdpbi5zYW1sLmxhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALbuvc8RbZd4BzEGmKenroh4wsmxJSy/4gPmW4vKQ90GYDc/CkBsYEJF4OI8QPDbqJSJ iGGhCDdMNqh0oscwJD4NNh78q9v1jqVs3Ytxt8OuNj76xiRY7Q3o181daxEI8N3cu2TJzZYpvT5F 7gY9aEjKA97M7Ezr0xMCsKraPNyATX5F5RcpbVutfWVjMiaZlyk52q9wLznV36TgzASPojwzGnCa UjmkXqKtVeyTZ1S8sokNMICreLpiIg7wi7SGtvs5Y6ZX/xZlihVwrBjkiSpRqgApgHAF+rsM8cjE gx64e2vjICxSqnkbzgksGbLwIDNxVv0WVZwz5sgqU3qEGuECAwEAAaNQME4wHQYDVR0OBBYEFCpo EFV8SThHJeLm9BUMA8nsakzCMB8GA1UdIwQYMBaAFCpoEFV8SThHJeLm9BUMA8nsakzCMAwGA1Ud EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACuVLVuxEaFYsd95T+bXn6Tts8Rdy5T3Jq5sOo0c a55n0+oEP2v82Atva6yOXdP9+uQC8sZqlW0t5um8gQv29eODCTB5ZckoDiucqVS7cZTE+N43/ekf V2+W4gNPsveTW39wT3LvIj/Ohph1lOI3ti4Nsc1sSKZt78S/NE3stenjXHrswDkBWXXMHP8C4J9o 5G4wnibQRLvwj8Lu47tE4+0RaPesQwPl2giKO7nHzzSwELOiQGHrt3EeDPRvsgqVFxr8pkYkLkuE mN+VWcMW9XgszUe4PDgkz02hM+ariWzkR5CJsOkTYy/PCFpShwSD4f6m0JVsuvj0u89RXtTNRt0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">[email protected]</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"_eb8f63db47ceb0573493c9c892092f87c1ce05d74f\" NotOnOrAfter=\"2015-05-15T16:31:03.447Z\" Recipient=\"https://debian/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2015-05-15T16:26:03.444Z\" NotOnOrAfter=\"2015-05-15T17:26:03.444Z\"><AudienceRestriction><Audience>https://debian/simplesaml/module.php/saml/sp/metadata.php/default-sp</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/claims/Group\"><AttributeValue>Domänen-Benutzer</AttributeValue></Attribute><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2015-05-15T16:17:15.028Z\" SessionIndex=\"_77b441b1-9f3b-4f7d-9380-9fc47af5e264\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>", xmlHelpers.getStringOfDocument(document, 0, false)); } @Test public void testSalesforceNamespaceProblem() throws SAXException, IOException{ Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(messageExampleSalesforce); assertEquals(messageExampleSalesforce, xmlHelpers.getStringOfDocument(document, 0, false)); } public X509Certificate loadTestCert() throws CertificateException, FileNotFoundException { CertificateFactory cf = CertificateFactory.getInstance("X.509"); return (X509Certificate) cf.generateCertificate(new FileInputStream("src/test/resources/samlwin.pem")); } public PrivateKey loadTestKey() throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(Files.readAllBytes(Paths.get("src/test/resources/samlwin_pkcs8.key"))); KeyFactory kf = KeyFactory.getInstance("RSA"); return kf.generatePrivate(ks); } }