diff --git a/src/XML/ds/AbstractKeyInfoType.php b/src/XML/ds/AbstractKeyInfoType.php index 2de04d67..d907c1ef 100644 --- a/src/XML/ds/AbstractKeyInfoType.php +++ b/src/XML/ds/AbstractKeyInfoType.php @@ -35,6 +35,9 @@ abstract class AbstractKeyInfoType extends AbstractDsElement * \SimpleSAML\XMLSecurity\XML\ds\KeyValue| * \SimpleSAML\XMLSecurity\XML\ds\RetrievalMethod| * \SimpleSAML\XMLSecurity\XML\ds\X509Data| + * \SimpleSAML\XMLSecurity\XML\ds\PGPData| + * \SimpleSAML\XMLSecurity\XML\ds\SPKIData| + * \SimpleSAML\XMLSecurity\XML\ds\MgmtData| * \SimpleSAML\XML\SerializableElementInterface * )[] $info * @param string|null $Id @@ -64,7 +67,15 @@ final public function __construct( if ($item instanceof AbstractDsElement) { Assert::isInstanceOfAny( $item, - [KeyName::class, KeyValue::class, RetrievalMethod::class, X509Data::class], + [ + KeyName::class, + KeyValue::class, + RetrievalMethod::class, + X509Data::class, + PGPData::class, + SPKIData::class, + MgmtData::class, + ], SchemaViolationException::class, ); } diff --git a/src/XML/ds/AbstractPGPDataType.php b/src/XML/ds/AbstractPGPDataType.php new file mode 100644 index 00000000..081ed14c --- /dev/null +++ b/src/XML/ds/AbstractPGPDataType.php @@ -0,0 +1,120 @@ + $children + */ + final public function __construct( + protected ?PGPKeyID $pgpKeyId = null, + protected ?PGPKeyPacket $pgpKeyPacket = null, + array $children = [], + ) { + if ($pgpKeyId === null && $pgpKeyPacket === null) { + throw new SchemaViolationException("ds:PGPKeyID and ds:PGPKeyPacket can't both be null."); + } + + $this->setElements($children); + } + + + /** + * Collect the value of the PGPKeyID-property + * + * @return \SimpleSAML\XMLSecurity\XML\ds\PGPKeyID|null + */ + public function getPGPKeyID(): ?PGPKeyID + { + return $this->pgpKeyId; + } + + + /** + * Collect the value of the PGPKeyPacket-property + * + * @return \SimpleSAML\XMLSecurity\XML\ds\PGPKeyPacket|null + */ + public function getPGPKeyPacket(): ?PGPKeyPacket + { + return $this->pgpKeyPacket; + } + + + /** + * Convert XML into a PGPData + * + * @param \DOMElement $xml The XML element we should load + * @return static + * + * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException + * If the qualified name of the supplied element is wrong + */ + public static function fromXML(DOMElement $xml): static + { + Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class); + Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class); + + $pgpKeyId = PGPKeyID::getChildrenOfClass($xml); + Assert::maxCount($pgpKeyId, 1, TooManyElementsException::class); + + $pgpKeyPacket = PGPKeyPacket::getChildrenOfClass($xml); + Assert::maxCount($pgpKeyPacket, 1, TooManyElementsException::class); + + return new static( + array_pop($pgpKeyId), + array_pop($pgpKeyPacket), + self::getChildElementsFromXML($xml), + ); + } + + + /** + * Convert this PGPData to XML. + * + * @param \DOMElement|null $parent The element we should append this PGPData to. + * @return \DOMElement + */ + public function toXML(?DOMElement $parent = null): DOMElement + { + $e = $this->instantiateParentElement($parent); + + $this->getPGPKeyId()?->toXML($e); + $this->getPGPKeyPacket()?->toXML($e); + + foreach ($this->getElements() as $elt) { + $elt->toXML($e); + } + + return $e; + } +} diff --git a/src/XML/ds/AbstractSPKIDataType.php b/src/XML/ds/AbstractSPKIDataType.php new file mode 100644 index 00000000..46d3d0da --- /dev/null +++ b/src/XML/ds/AbstractSPKIDataType.php @@ -0,0 +1,110 @@ +tuples; + } + + + /** + * Convert XML into a SPKIData + * + * @param \DOMElement $xml The XML element we should load + * @return static + * + * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException + * If the qualified name of the supplied element is wrong + */ + public static function fromXML(DOMElement $xml): static + { + Assert::same($xml->localName, static::getLocalName(), InvalidDOMElementException::class); + Assert::same($xml->namespaceURI, static::NS, InvalidDOMElementException::class); + + $registry = ElementRegistry::getInstance(); + $tuples = []; + $tuple = [null, null]; + foreach ($xml->childNodes as $node) { + if ($node instanceof DOMElement) { + if ($node->namespaceURI === static::NS && $node->localName === 'SPKISexp') { + if ($tuple[0] !== null) { + $tuples[] = $tuple; + } + $tuple = [SPKISexp::fromXML($node), null]; + } elseif ($node->namespaceURI !== static::NS && $tuple[0] !== null) { + $handler = $registry->getElementHandler($node->namespaceURI, $node->localName); + $tuple[1] = ($handler === null) ? Chunk::fromXML($node) : $handler::fromXML($node); + $tuples[] = $tuple; + $tuple = [null, null]; + } + } + } + + if ($tuple[0] !== null) { + $tuples[] = $tuple; + } + + return new static($tuples); + } + + + /** + * Convert this SPKIData to XML. + * + * @param \DOMElement|null $parent The element we should append this SPKIData to. + * @return \DOMElement + */ + public function toXML(?DOMElement $parent = null): DOMElement + { + $e = $this->instantiateParentElement($parent); + + foreach ($this->getTuples() as $tuple) { + $tuple[0]->toXML($e); + $tuple[1]?->toXML($e); + } + + return $e; + } +} diff --git a/src/XML/ds/HMACOutputLength.php b/src/XML/ds/HMACOutputLength.php new file mode 100644 index 00000000..e8a6228c --- /dev/null +++ b/src/XML/ds/HMACOutputLength.php @@ -0,0 +1,26 @@ +setContent($length); + } +} diff --git a/src/XML/ds/KeyInfo.php b/src/XML/ds/KeyInfo.php index 5f499345..ae5d5a27 100644 --- a/src/XML/ds/KeyInfo.php +++ b/src/XML/ds/KeyInfo.php @@ -37,9 +37,9 @@ public static function fromXML(DOMElement $xml): static $keyValue = KeyValue::getChildrenOfClass($xml); $retrievalMethod = RetrievalMethod::getChildrenOfClass($xml); $x509Data = X509Data::getChildrenOfClass($xml); - //$pgpData = PGPData::getChildrenOfClass($xml); - //$spkiData = SPKIData::getChildrenOfClass($xml); - //$mgmtData = MgmtData::getChildrenOfClass($xml); + $pgpData = PGPData::getChildrenOfClass($xml); + $spkiData = SPKIData::getChildrenOfClass($xml); + $mgmtData = MgmtData::getChildrenOfClass($xml); $other = self::getChildElementsFromXML($xml); $info = array_merge( @@ -47,9 +47,9 @@ public static function fromXML(DOMElement $xml): static $keyValue, $retrievalMethod, $x509Data, - //$pgpdata, - //$spkidata, - //$mgmtdata, + $pgpData, + $spkiData, + $mgmtData, $other, ); diff --git a/src/XML/ds/MgmtData.php b/src/XML/ds/MgmtData.php new file mode 100644 index 00000000..23a1d7de --- /dev/null +++ b/src/XML/ds/MgmtData.php @@ -0,0 +1,26 @@ +setContent($content); + } +} diff --git a/src/XML/ds/PGPData.php b/src/XML/ds/PGPData.php new file mode 100644 index 00000000..f8a2c3b9 --- /dev/null +++ b/src/XML/ds/PGPData.php @@ -0,0 +1,14 @@ +setContent($content); + } +} diff --git a/src/XML/ds/PGPKeyPacket.php b/src/XML/ds/PGPKeyPacket.php new file mode 100644 index 00000000..614bf86d --- /dev/null +++ b/src/XML/ds/PGPKeyPacket.php @@ -0,0 +1,26 @@ +setContent($content); + } +} diff --git a/src/XML/ds/SPKIData.php b/src/XML/ds/SPKIData.php new file mode 100644 index 00000000..c73e82a7 --- /dev/null +++ b/src/XML/ds/SPKIData.php @@ -0,0 +1,14 @@ +setContent($content); + } +} diff --git a/src/XML/ds/SignatureMethod.php b/src/XML/ds/SignatureMethod.php index df2470e3..72f72be7 100644 --- a/src/XML/ds/SignatureMethod.php +++ b/src/XML/ds/SignatureMethod.php @@ -8,9 +8,16 @@ use SimpleSAML\Assert\Assert; use SimpleSAML\XML\Exception\InvalidDOMElementException; use SimpleSAML\XML\Exception\SchemaViolationException; +use SimpleSAML\XML\Exception\TooManyElementsException; +use SimpleSAML\XML\ExtendableElementTrait; +use SimpleSAML\XML\XsNamespace as NS; use SimpleSAML\XMLSecurity\Constants as C; use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException; +use function array_keys; +use function array_merge; +use function array_pop; + /** * Class representing a ds:SignatureMethod element. * @@ -18,13 +25,23 @@ */ final class SignatureMethod extends AbstractDsElement { + use ExtendableElementTrait; + + /** The namespace-attribute for the xs:any element */ + public const XS_ANY_ELT_NAMESPACE = NS::OTHER; + + /** * Initialize a SignatureMethod element. * * @param string $Algorithm + * @param \SimpleSAML\XMLSecurity\XML\ds\HMACOutputLength|null $hmacOutputLength + * @param array<\SimpleSAML\XML\SerializableElementInterface> $children */ public function __construct( protected string $Algorithm, + protected ?HMACOutputLength $hmacOutputLength = null, + array $children = [], ) { Assert::validURI($Algorithm, SchemaViolationException::class); Assert::oneOf( @@ -36,6 +53,8 @@ public function __construct( 'Invalid signature method: %s', InvalidArgumentException::class, ); + + $this->setElements($children); } @@ -50,6 +69,17 @@ public function getAlgorithm(): string } + /** + * Collect the value of the hmacOutputLength-property + * + * @return \SimpleSAML\XMLSecurity\XML\ds\HMACOutputLength|null + */ + public function getHMACOutputLength(): ?HMACOutputLength + { + return $this->hmacOutputLength; + } + + /** * Convert XML into a SignatureMethod * @@ -66,7 +96,10 @@ public static function fromXML(DOMElement $xml): static $Algorithm = SignatureMethod::getAttribute($xml, 'Algorithm'); - return new static($Algorithm); + $hmacOutputLength = HMACOutputLength::getChildrenOfClass($xml); + Assert::maxCount($hmacOutputLength, 1, TooManyElementsException::class); + + return new static($Algorithm, array_pop($hmacOutputLength), self::getChildElementsFromXML($xml)); } @@ -81,6 +114,12 @@ public function toXML(?DOMElement $parent = null): DOMElement $e = $this->instantiateParentElement($parent); $e->setAttribute('Algorithm', $this->getAlgorithm()); + $this->getHMACOutputLength()?->toXML($e); + + foreach ($this->getElements() as $elt) { + $elt->toXML($e); + } + return $e; } } diff --git a/src/XML/ds/X509Data.php b/src/XML/ds/X509Data.php index d810143d..ee8d61db 100644 --- a/src/XML/ds/X509Data.php +++ b/src/XML/ds/X509Data.php @@ -7,8 +7,8 @@ use DOMElement; use SimpleSAML\Assert\Assert; use SimpleSAML\XML\Chunk; -use SimpleSAML\XML\Constants as C; use SimpleSAML\XML\Exception\InvalidDOMElementException; +use SimpleSAML\XMLSecurity\Constants as C; use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException; use SimpleSAML\XMLSecurity\XML\dsig11\X509Digest; @@ -74,18 +74,22 @@ public static function fromXML(DOMElement $xml): static for ($n = $xml->firstChild; $n !== null; $n = $n->nextSibling) { if (!($n instanceof DOMElement)) { continue; - } elseif ($n->namespaceURI !== self::NS) { + } elseif ($n->namespaceURI === self::NS) { + $data[] = match ($n->localName) { + 'X509Certificate' => X509Certificate::fromXML($n), + 'X509IssuerSerial' => X509IssuerSerial::fromXML($n), + 'X509SubjectName' => X509SubjectName::fromXML($n), + default => new Chunk($n), + }; + } elseif ($n->namespaceURI === C::NS_XDSIG11) { + $data[] = match ($n->localName) { + 'X509Digest' => X509Digest::fromXML($n), + default => new Chunk($n), + }; + } else { $data[] = new Chunk($n); continue; } - - $data[] = match ($n->localName) { - 'X509Certificate' => X509Certificate::fromXML($n), - 'X509IssuerSerial' => X509IssuerSerial::fromXML($n), - 'X509SubjectName' => X509SubjectName::fromXML($n), - 'X509Digest' => X509Digest::fromXML($n), - default => new Chunk($n), - }; } return new static($data); diff --git a/src/XML/ds/X509SerialNumber.php b/src/XML/ds/X509SerialNumber.php index a24f19c9..19ad7d08 100644 --- a/src/XML/ds/X509SerialNumber.php +++ b/src/XML/ds/X509SerialNumber.php @@ -4,11 +4,7 @@ namespace SimpleSAML\XMLSecurity\XML\ds; -use DOMElement; -use SimpleSAML\Assert\Assert; -use SimpleSAML\XML\Exception\InvalidDOMElementException; -use SimpleSAML\XML\Exception\SchemaViolationException; -use SimpleSAML\XML\StringElementTrait; +use SimpleSAML\XML\IntegerElementTrait; /** * Class representing a ds:X509SerialNumber element. @@ -17,7 +13,7 @@ */ final class X509SerialNumber extends AbstractDsElement { - use StringElementTrait; + use IntegerElementTrait; /** @@ -27,50 +23,4 @@ public function __construct(string $content) { $this->setContent($content); } - - - /** - * Validate the content of the element. - * - * @param string $content The value to go in the XML textContent - * @throws \Exception on failure - * @return void - */ - protected function validateContent(/** @scrutinizer ignore-unused */ string $content): void - { - Assert::numeric($content, SchemaViolationException::class); - } - - - /** - * Convert XML into a X509SerialNumber - * - * @param \DOMElement $xml The XML element we should load - * @return static - * - * @throws \SimpleSAML\XML\Exception\InvalidDOMElementException - * If the qualified name of the supplied element is wrong - */ - public static function fromXML(DOMElement $xml): static - { - Assert::same($xml->localName, 'X509SerialNumber', InvalidDOMElementException::class); - Assert::same($xml->namespaceURI, X509SerialNumber::NS, InvalidDOMElementException::class); - - return new static($xml->textContent); - } - - - /** - * Convert this X509SerialNumber element to XML. - * - * @param \DOMElement|null $parent The element we should append this X509SerialNumber element to. - * @return \DOMElement - */ - public function toXML(?DOMElement $parent = null): DOMElement - { - $e = $this->instantiateParentElement($parent); - $e->textContent = $this->getContent(); - - return $e; - } } diff --git a/src/XML/element.registry.php b/src/XML/element.registry.php index 9a55180d..12d3e1c1 100644 --- a/src/XML/element.registry.php +++ b/src/XML/element.registry.php @@ -12,9 +12,9 @@ 'KeyName' => '\SimpleSAML\XMLSecurity\XML\ds\KeyName', 'KeyValue' => '\SimpleSAML\XMLSecurity\XML\ds\KeyValue', 'Manifest' => '\SimpleSAML\XMLSecurity\XML\ds\Manifest', -// 'MgmtData' => '\SimpleSAML\XMLSecurity\XML\ds\MgmtData', + 'MgmtData' => '\SimpleSAML\XMLSecurity\XML\ds\MgmtData', 'Object' => '\SimpleSAML\XMLSecurity\XML\ds\DsObject', -// 'PGPData' => '\SimpleSAML\XMLSecurity\XML\ds\PGPData', + 'PGPData' => '\SimpleSAML\XMLSecurity\XML\ds\PGPData', 'Reference' => '\SimpleSAML\XMLSecurity\XML\ds\Reference', 'RetrievalMethod' => '\SimpleSAML\XMLSecurity\XML\ds\RetrievalMethod', 'RSAKeyValue' => '\SimpleSAML\XMLSecurity\XML\ds\RSAKeyValue', diff --git a/src/XML/xenc/OriginatorKeyInfo.php b/src/XML/xenc/OriginatorKeyInfo.php index 2f7db9a1..0baca4ab 100644 --- a/src/XML/xenc/OriginatorKeyInfo.php +++ b/src/XML/xenc/OriginatorKeyInfo.php @@ -11,7 +11,10 @@ use SimpleSAML\XMLSecurity\XML\ds\AbstractKeyInfoType; use SimpleSAML\XMLSecurity\XML\ds\KeyName; use SimpleSAML\XMLSecurity\XML\ds\KeyValue; +use SimpleSAML\XMLSecurity\XML\ds\MgmtData; +use SimpleSAML\XMLSecurity\XML\ds\PGPData; use SimpleSAML\XMLSecurity\XML\ds\RetrievalMethod; +use SimpleSAML\XMLSecurity\XML\ds\SPKIData; use SimpleSAML\XMLSecurity\XML\ds\X509Data; use function array_merge; @@ -50,9 +53,9 @@ public static function fromXML(DOMElement $xml): static $keyValue = KeyValue::getChildrenOfClass($xml); $retrievalMethod = RetrievalMethod::getChildrenOfClass($xml); $x509Data = X509Data::getChildrenOfClass($xml); - //$pgpData = PGPData::getChildrenOfClass($xml); - //$spkiData = SPKIData::getChildrenOfClass($xml); - //$mgmtData = MgmtData::getChildrenOfClass($xml); + $pgpData = PGPData::getChildrenOfClass($xml); + $spkiData = SPKIData::getChildrenOfClass($xml); + $mgmtData = MgmtData::getChildrenOfClass($xml); $other = self::getChildElementsFromXML($xml); $info = array_merge( @@ -60,9 +63,9 @@ public static function fromXML(DOMElement $xml): static $keyValue, $retrievalMethod, $x509Data, - //$pgpdata, - //$spkidata, - //$mgmtdata, + $pgpData, + $spkiData, + $mgmtData, $other, ); diff --git a/src/XML/xenc/RecipientKeyInfo.php b/src/XML/xenc/RecipientKeyInfo.php index c5eb61b9..d3a9f9b8 100644 --- a/src/XML/xenc/RecipientKeyInfo.php +++ b/src/XML/xenc/RecipientKeyInfo.php @@ -11,7 +11,10 @@ use SimpleSAML\XMLSecurity\XML\ds\AbstractKeyInfoType; use SimpleSAML\XMLSecurity\XML\ds\KeyName; use SimpleSAML\XMLSecurity\XML\ds\KeyValue; +use SimpleSAML\XMLSecurity\XML\ds\MgmtData; +use SimpleSAML\XMLSecurity\XML\ds\PGPData; use SimpleSAML\XMLSecurity\XML\ds\RetrievalMethod; +use SimpleSAML\XMLSecurity\XML\ds\SPKIData; use SimpleSAML\XMLSecurity\XML\ds\X509Data; use function array_merge; @@ -50,9 +53,9 @@ public static function fromXML(DOMElement $xml): static $keyValue = KeyValue::getChildrenOfClass($xml); $retrievalMethod = RetrievalMethod::getChildrenOfClass($xml); $x509Data = X509Data::getChildrenOfClass($xml); - //$pgpData = PGPData::getChildrenOfClass($xml); - //$spkiData = SPKIData::getChildrenOfClass($xml); - //$mgmtData = MgmtData::getChildrenOfClass($xml); + $pgpData = PGPData::getChildrenOfClass($xml); + $spkiData = SPKIData::getChildrenOfClass($xml); + $mgmtData = MgmtData::getChildrenOfClass($xml); $other = self::getChildElementsFromXML($xml); $info = array_merge( @@ -60,9 +63,9 @@ public static function fromXML(DOMElement $xml): static $keyValue, $retrievalMethod, $x509Data, - //$pgpdata, - //$spkidata, - //$mgmtdata, + $pgpData, + $spkiData, + $mgmtData, $other, ); diff --git a/tests/XML/ds/HMACOutputLengthTest.php b/tests/XML/ds/HMACOutputLengthTest.php new file mode 100644 index 00000000..6d3d2eba --- /dev/null +++ b/tests/XML/ds/HMACOutputLengthTest.php @@ -0,0 +1,51 @@ +assertEquals( + self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement), + strval($hmacOutputLength), + ); + } +} diff --git a/tests/XML/ds/KeyInfoTest.php b/tests/XML/ds/KeyInfoTest.php index 44e25513..f79bc478 100644 --- a/tests/XML/ds/KeyInfoTest.php +++ b/tests/XML/ds/KeyInfoTest.php @@ -16,9 +16,18 @@ use SimpleSAML\XMLSecurity\XML\ds\AbstractKeyInfoType; use SimpleSAML\XMLSecurity\XML\ds\KeyInfo; use SimpleSAML\XMLSecurity\XML\ds\KeyName; +use SimpleSAML\XMLSecurity\XML\ds\MgmtData; +use SimpleSAML\XMLSecurity\XML\ds\PGPData; +use SimpleSAML\XMLSecurity\XML\ds\PGPKeyID; +use SimpleSAML\XMLSecurity\XML\ds\PGPKeyPacket; +use SimpleSAML\XMLSecurity\XML\ds\SPKIData; +use SimpleSAML\XMLSecurity\XML\ds\SPKISexp; use SimpleSAML\XMLSecurity\XML\ds\X509Certificate; use SimpleSAML\XMLSecurity\XML\ds\X509Data; use SimpleSAML\XMLSecurity\XML\ds\X509SubjectName; +use SimpleSAML\XMLSecurity\XML\xenc\CarriedKeyName; +use SimpleSAML\XMLSecurity\XML\xenc\P; +use SimpleSAML\XMLSecurity\XML\xenc\Seed; use function dirname; use function openssl_x509_parse; @@ -87,6 +96,12 @@ public function setUp(): void */ public function testMarshalling(): void { + $SPKISexp1 = new SPKISexp('GpM6'); + $seed = new Seed('/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI='); + $SPKISexp2 = new SPKISexp('GpM7'); + $SPKISexp3 = new SPKISexp('GpM8'); + $carriedKeyName = new CarriedKeyName('Some label'); + $keyInfo = new KeyInfo( [ new KeyName('testkey'), @@ -96,6 +111,17 @@ public function testMarshalling(): void new X509SubjectName(self::$certData['name']), ], ), + new PGPData( + new PGPKeyID('GpM7'), + new PGPKeyPacket('GpM8'), + [new P('/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI=')], + ), + new SPKIData([ + [$SPKISexp1, $seed], + [$SPKISexp2, null], + [$SPKISexp3, $carriedKeyName], + ]), + new MgmtData('ManagementData'), new Chunk(DOMDocumentFactory::fromString( 'some', )->documentElement), diff --git a/tests/XML/ds/MgmtDataTest.php b/tests/XML/ds/MgmtDataTest.php new file mode 100644 index 00000000..935b87ce --- /dev/null +++ b/tests/XML/ds/MgmtDataTest.php @@ -0,0 +1,55 @@ +assertEquals( + self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement), + strval($mgmtData), + ); + } +} diff --git a/tests/XML/ds/PGPDataTest.php b/tests/XML/ds/PGPDataTest.php new file mode 100644 index 00000000..cc56a803 --- /dev/null +++ b/tests/XML/ds/PGPDataTest.php @@ -0,0 +1,95 @@ +assertEquals( + self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement), + strval($pgpData), + ); + } + + + /** + */ + public function testMarshallingBothIdAndPacketNullThrowsException(): void + { + $this->expectException(SchemaViolationException::class); + + new PGPData(null, null, []); + } + + + /** + */ + public function testMarshallingReferenceElementOrdering(): void + { + $pgpKeyId = new PGPKeyID('GpM7'); + $pgpKeyPacket = new PGPKeyPacket('GpM8'); + $p = new P('/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI='); + + $pgpData = new PGPData($pgpKeyId, $pgpKeyPacket, [$p]); + + $pgpDataElement = $pgpData->toXML(); + /** @var \DOMElement[] $children */ + $children = $pgpDataElement->childNodes; + + $this->assertEquals('ds:PGPKeyID', $children[0]->tagName); + $this->assertEquals('ds:PGPKeyPacket', $children[1]->tagName); + $this->assertEquals('xenc:P', $children[2]->tagName); + } +} diff --git a/tests/XML/ds/PGPKeyIDTest.php b/tests/XML/ds/PGPKeyIDTest.php new file mode 100644 index 00000000..915dc6ee --- /dev/null +++ b/tests/XML/ds/PGPKeyIDTest.php @@ -0,0 +1,51 @@ +assertEquals( + self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement), + strval($pgpKeyId), + ); + } +} diff --git a/tests/XML/ds/PGPKeyPacketTest.php b/tests/XML/ds/PGPKeyPacketTest.php new file mode 100644 index 00000000..b1d6c942 --- /dev/null +++ b/tests/XML/ds/PGPKeyPacketTest.php @@ -0,0 +1,51 @@ +assertEquals( + self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement), + strval($pgpKeyPacket), + ); + } +} diff --git a/tests/XML/ds/ReferenceTest.php b/tests/XML/ds/ReferenceTest.php index 610890ab..fe4b51ff 100644 --- a/tests/XML/ds/ReferenceTest.php +++ b/tests/XML/ds/ReferenceTest.php @@ -64,6 +64,7 @@ public function testMarshalling(): void '#_1e280ee704fb1d8d9dec4bd6c1889ec96942921153', ); + $this->assertFalse($reference->isXPointer()); $this->assertEquals( self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement), strval($reference), diff --git a/tests/XML/ds/SPKIDataTest.php b/tests/XML/ds/SPKIDataTest.php new file mode 100644 index 00000000..0637897f --- /dev/null +++ b/tests/XML/ds/SPKIDataTest.php @@ -0,0 +1,70 @@ +assertEquals( + self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement), + strval($SPKIData), + ); + } +} diff --git a/tests/XML/ds/SPKISexpTest.php b/tests/XML/ds/SPKISexpTest.php new file mode 100644 index 00000000..a3b32b6c --- /dev/null +++ b/tests/XML/ds/SPKISexpTest.php @@ -0,0 +1,51 @@ +assertEquals( + self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement), + strval($SPKISexp), + ); + } +} diff --git a/tests/XML/ds/SignatureMethodTest.php b/tests/XML/ds/SignatureMethodTest.php index 62097e7b..d1046a81 100644 --- a/tests/XML/ds/SignatureMethodTest.php +++ b/tests/XML/ds/SignatureMethodTest.php @@ -6,11 +6,14 @@ use PHPUnit\Framework\Attributes\CoversClass; use PHPUnit\Framework\TestCase; +use SimpleSAML\XML\Chunk; use SimpleSAML\XML\DOMDocumentFactory; use SimpleSAML\XML\TestUtils\SchemaValidationTestTrait; use SimpleSAML\XML\TestUtils\SerializableElementTestTrait; use SimpleSAML\XMLSecurity\Constants as C; +use SimpleSAML\XMLSecurity\Utils\XPath; use SimpleSAML\XMLSecurity\XML\ds\AbstractDsElement; +use SimpleSAML\XMLSecurity\XML\ds\HMACOutputLength; use SimpleSAML\XMLSecurity\XML\ds\SignatureMethod; use function dirname; @@ -34,7 +37,7 @@ public static function setUpBeforeClass(): void { self::$testedClass = SignatureMethod::class; - self::$schemaFile = dirname(__FILE__, 4) . '/resources/schemas/xmldsig1-schema.xsd'; + self::$schemaFile = dirname(__FILE__, 3) . '/resources/schemas/simplesamlphp.xsd'; self::$xmlRepresentation = DOMDocumentFactory::fromFile( dirname(__FILE__, 3) . '/resources/xml/ds_SignatureMethod.xml', @@ -46,11 +49,49 @@ public static function setUpBeforeClass(): void */ public function testMarshalling(): void { - $signatureMethod = new SignatureMethod(C::SIG_RSA_SHA256); + $hmacOutputLength = new HMACOutputLength('1234'); + + $chunk = new Chunk(DOMDocumentFactory::fromString( + 'Some', + )->documentElement); + + $signatureMethod = new SignatureMethod(C::SIG_RSA_SHA256, $hmacOutputLength, [$chunk]); $this->assertEquals( self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement), strval($signatureMethod), ); } + + + /** + */ + public function testMarshallingElementOrder(): void + { + $hmacOutputLength = new HMACOutputLength('1234'); + + $chunk = new Chunk(DOMDocumentFactory::fromString( + 'Some', + )->documentElement); + + $signatureMethod = new SignatureMethod(C::SIG_RSA_SHA256, $hmacOutputLength, [$chunk]); + + $signatureMethodElement = $signatureMethod->toXML(); + + $xpCache = XPath::getXPath($signatureMethodElement); + + $hmacOutputLength = XPath::xpQuery($signatureMethodElement, './ds:HMACOutputLength', $xpCache); + $this->assertCount(1, $hmacOutputLength); + + /** @var \DOMElement[] $signatureMethodElements */ + $signatureMethodElements = XPath::xpQuery( + $signatureMethodElement, + './ds:HMACOutputLength/following-sibling::*', + $xpCache, + ); + + // Test ordering of SignatureMethod contents + $this->assertCount(1, $signatureMethodElements); + $this->assertEquals('ssp:Chunk', $signatureMethodElements[0]->tagName); + } } diff --git a/tests/XML/xenc/OriginatorKeyInfoTest.php b/tests/XML/xenc/OriginatorKeyInfoTest.php index 69522d79..7a4a70db 100644 --- a/tests/XML/xenc/OriginatorKeyInfoTest.php +++ b/tests/XML/xenc/OriginatorKeyInfoTest.php @@ -14,10 +14,19 @@ use SimpleSAML\XMLSecurity\XML\ds\AbstractDsElement; use SimpleSAML\XMLSecurity\XML\ds\AbstractKeyInfoType; use SimpleSAML\XMLSecurity\XML\ds\KeyName; +use SimpleSAML\XMLSecurity\XML\ds\MgmtData; +use SimpleSAML\XMLSecurity\XML\ds\PGPData; +use SimpleSAML\XMLSecurity\XML\ds\PGPKeyID; +use SimpleSAML\XMLSecurity\XML\ds\PGPKeyPacket; +use SimpleSAML\XMLSecurity\XML\ds\SPKIData; +use SimpleSAML\XMLSecurity\XML\ds\SPKISexp; use SimpleSAML\XMLSecurity\XML\ds\X509Certificate; use SimpleSAML\XMLSecurity\XML\ds\X509Data; use SimpleSAML\XMLSecurity\XML\ds\X509SubjectName; +use SimpleSAML\XMLSecurity\XML\xenc\CarriedKeyName; use SimpleSAML\XMLSecurity\XML\xenc\OriginatorKeyInfo; +use SimpleSAML\XMLSecurity\XML\xenc\P; +use SimpleSAML\XMLSecurity\XML\xenc\Seed; use function dirname; use function openssl_x509_parse; @@ -83,6 +92,12 @@ public function setUp(): void */ public function testMarshalling(): void { + $SPKISexp1 = new SPKISexp('GpM6'); + $seed = new Seed('/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI='); + $SPKISexp2 = new SPKISexp('GpM7'); + $SPKISexp3 = new SPKISexp('GpM8'); + $carriedKeyName = new CarriedKeyName('Some label'); + $originatorKeyInfo = new OriginatorKeyInfo( [ new KeyName('testkey'), @@ -92,6 +107,17 @@ public function testMarshalling(): void new X509SubjectName(self::$certData['name']), ], ), + new PGPData( + new PGPKeyID('GpM7'), + new PGPKeyPacket('GpM8'), + [new P('/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI=')], + ), + new SPKIData([ + [$SPKISexp1, $seed], + [$SPKISexp2, null], + [$SPKISexp3, $carriedKeyName], + ]), + new MgmtData('ManagementData'), new Chunk(DOMDocumentFactory::fromString( 'some', )->documentElement), diff --git a/tests/XML/xenc/RecipientKeyInfoTest.php b/tests/XML/xenc/RecipientKeyInfoTest.php index 3fdce621..55cf2ba3 100644 --- a/tests/XML/xenc/RecipientKeyInfoTest.php +++ b/tests/XML/xenc/RecipientKeyInfoTest.php @@ -14,10 +14,19 @@ use SimpleSAML\XMLSecurity\XML\ds\AbstractDsElement; use SimpleSAML\XMLSecurity\XML\ds\AbstractKeyInfoType; use SimpleSAML\XMLSecurity\XML\ds\KeyName; +use SimpleSAML\XMLSecurity\XML\ds\MgmtData; +use SimpleSAML\XMLSecurity\XML\ds\PGPData; +use SimpleSAML\XMLSecurity\XML\ds\PGPKeyID; +use SimpleSAML\XMLSecurity\XML\ds\PGPKeyPacket; +use SimpleSAML\XMLSecurity\XML\ds\SPKIData; +use SimpleSAML\XMLSecurity\XML\ds\SPKISexp; use SimpleSAML\XMLSecurity\XML\ds\X509Certificate; use SimpleSAML\XMLSecurity\XML\ds\X509Data; use SimpleSAML\XMLSecurity\XML\ds\X509SubjectName; +use SimpleSAML\XMLSecurity\XML\xenc\CarriedKeyName; +use SimpleSAML\XMLSecurity\XML\xenc\P; use SimpleSAML\XMLSecurity\XML\xenc\RecipientKeyInfo; +use SimpleSAML\XMLSecurity\XML\xenc\Seed; use function dirname; use function openssl_x509_parse; @@ -83,6 +92,12 @@ public function setUp(): void */ public function testMarshalling(): void { + $SPKISexp1 = new SPKISexp('GpM6'); + $seed = new Seed('/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI='); + $SPKISexp2 = new SPKISexp('GpM7'); + $SPKISexp3 = new SPKISexp('GpM8'); + $carriedKeyName = new CarriedKeyName('Some label'); + $recipientKeyInfo = new RecipientKeyInfo( [ new KeyName('testkey'), @@ -92,6 +107,17 @@ public function testMarshalling(): void new X509SubjectName(self::$certData['name']), ], ), + new PGPData( + new PGPKeyID('GpM7'), + new PGPKeyPacket('GpM8'), + [new P('/CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI=')], + ), + new SPKIData([ + [$SPKISexp1, $seed], + [$SPKISexp2, null], + [$SPKISexp3, $carriedKeyName], + ]), + new MgmtData('ManagementData'), new Chunk(DOMDocumentFactory::fromString( 'some', )->documentElement), diff --git a/tests/resources/schemas/simplesamlphp.xsd b/tests/resources/schemas/simplesamlphp.xsd new file mode 100644 index 00000000..7ce40447 --- /dev/null +++ b/tests/resources/schemas/simplesamlphp.xsd @@ -0,0 +1,31 @@ + + + + + + ]> + + + + + + + + + + + + + + + + diff --git a/tests/resources/xml/ds_HMACOutputLength.xml b/tests/resources/xml/ds_HMACOutputLength.xml new file mode 100644 index 00000000..cf8b9f3a --- /dev/null +++ b/tests/resources/xml/ds_HMACOutputLength.xml @@ -0,0 +1 @@ +1234 diff --git a/tests/resources/xml/ds_KeyInfo.xml b/tests/resources/xml/ds_KeyInfo.xml index 7b06e7e5..1fa0b62b 100644 --- a/tests/resources/xml/ds_KeyInfo.xml +++ b/tests/resources/xml/ds_KeyInfo.xml @@ -4,5 +4,18 @@ MIICxDCCAi2gAwIBAgIUZ9QDx+SBFHednUWDFGm9tyVKrgQwDQYJKoZIhvcNAQELBQAwczElMCMGA1UEAwwcc2VsZnNpZ25lZC5zaW1wbGVzYW1scGhwLm9yZzEZMBcGA1UECgwQU2ltcGxlU0FNTHBocCBIUTERMA8GA1UEBwwISG9ub2x1bHUxDzANBgNVBAgMBkhhd2FpaTELMAkGA1UEBhMCVVMwIBcNMjIxMjAzMTAzNTQwWhgPMjEyMjExMDkxMDM1NDBaMHMxJTAjBgNVBAMMHHNlbGZzaWduZWQuc2ltcGxlc2FtbHBocC5vcmcxGTAXBgNVBAoMEFNpbXBsZVNBTUxwaHAgSFExETAPBgNVBAcMCEhvbm9sdWx1MQ8wDQYDVQQIDAZIYXdhaWkxCzAJBgNVBAYTAlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDessdFRVDTMQQW3Na81B1CjJV1tmY3nopoIhZrkbDxLa+pv7jGDRcYreyu1DoQxEs06V2nHLoyOPhqJXSFivqtUwVYhR6NYgbNI6RRSsIJCweH0YOdlHna7gULPcLX0Bfbi4odStaFwG9yzDySwSEPtsKxm5pENPjNVGh+jJ+H/QIDAQABo1MwUTAdBgNVHQ4EFgQUvV75t8EoQo2fVa0E9otdtIGK5X0wHwYDVR0jBBgwFoAUvV75t8EoQo2fVa0E9otdtIGK5X0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQANQUeiwPJXkWMXuaDHToEBKcezYGqGEYnGUi9LMjeb+Kln7X8nn5iknlz4k77rWCbSwLPC/WDr0ySYQA+HagaeUaFpoiYFJKS6uFlK1HYWnM3W4PUiGHg1/xeZlMO44wTwybXVo0y9KMhchfB5XNbDdoJcqWYvi6xtmZZNRbxUyw== /CN=selfsigned.simplesamlphp.org/O=SimpleSAMLphp HQ/L=Honolulu/ST=Hawaii/C=US + + GpM7 + GpM8 + /CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI= + + + GpM6 + /CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI= + GpM7 + GpM8 + Some label + + ManagementData some diff --git a/tests/resources/xml/ds_MgmtData.xml b/tests/resources/xml/ds_MgmtData.xml new file mode 100644 index 00000000..a0e1e1d2 --- /dev/null +++ b/tests/resources/xml/ds_MgmtData.xml @@ -0,0 +1 @@ +ManagementData diff --git a/tests/resources/xml/ds_PGPData.xml b/tests/resources/xml/ds_PGPData.xml new file mode 100644 index 00000000..bde1884e --- /dev/null +++ b/tests/resources/xml/ds_PGPData.xml @@ -0,0 +1,5 @@ + + GpM7 + GpM8 + /CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI= + diff --git a/tests/resources/xml/ds_PGPKeyID.xml b/tests/resources/xml/ds_PGPKeyID.xml new file mode 100644 index 00000000..9bd4d1a8 --- /dev/null +++ b/tests/resources/xml/ds_PGPKeyID.xml @@ -0,0 +1 @@ +GpM7 diff --git a/tests/resources/xml/ds_PGPKeyPacket.xml b/tests/resources/xml/ds_PGPKeyPacket.xml new file mode 100644 index 00000000..30ef37e4 --- /dev/null +++ b/tests/resources/xml/ds_PGPKeyPacket.xml @@ -0,0 +1 @@ +GpM7 diff --git a/tests/resources/xml/ds_SPKIData.xml b/tests/resources/xml/ds_SPKIData.xml new file mode 100644 index 00000000..ef4af6ca --- /dev/null +++ b/tests/resources/xml/ds_SPKIData.xml @@ -0,0 +1,7 @@ + + GpM6 + /CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI= + GpM7 + GpM8 + Some label + diff --git a/tests/resources/xml/ds_SPKISexp.xml b/tests/resources/xml/ds_SPKISexp.xml new file mode 100644 index 00000000..280259b5 --- /dev/null +++ b/tests/resources/xml/ds_SPKISexp.xml @@ -0,0 +1 @@ +GpM6 diff --git a/tests/resources/xml/ds_Signature.xml b/tests/resources/xml/ds_Signature.xml index 1081fb30..7b65c1c1 100644 --- a/tests/resources/xml/ds_Signature.xml +++ b/tests/resources/xml/ds_Signature.xml @@ -18,6 +18,19 @@ MIICxDCCAi2gAwIBAgIUZ9QDx+SBFHednUWDFGm9tyVKrgQwDQYJKoZIhvcNAQELBQAwczElMCMGA1UEAwwcc2VsZnNpZ25lZC5zaW1wbGVzYW1scGhwLm9yZzEZMBcGA1UECgwQU2ltcGxlU0FNTHBocCBIUTERMA8GA1UEBwwISG9ub2x1bHUxDzANBgNVBAgMBkhhd2FpaTELMAkGA1UEBhMCVVMwIBcNMjIxMjAzMTAzNTQwWhgPMjEyMjExMDkxMDM1NDBaMHMxJTAjBgNVBAMMHHNlbGZzaWduZWQuc2ltcGxlc2FtbHBocC5vcmcxGTAXBgNVBAoMEFNpbXBsZVNBTUxwaHAgSFExETAPBgNVBAcMCEhvbm9sdWx1MQ8wDQYDVQQIDAZIYXdhaWkxCzAJBgNVBAYTAlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDessdFRVDTMQQW3Na81B1CjJV1tmY3nopoIhZrkbDxLa+pv7jGDRcYreyu1DoQxEs06V2nHLoyOPhqJXSFivqtUwVYhR6NYgbNI6RRSsIJCweH0YOdlHna7gULPcLX0Bfbi4odStaFwG9yzDySwSEPtsKxm5pENPjNVGh+jJ+H/QIDAQABo1MwUTAdBgNVHQ4EFgQUvV75t8EoQo2fVa0E9otdtIGK5X0wHwYDVR0jBBgwFoAUvV75t8EoQo2fVa0E9otdtIGK5X0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQANQUeiwPJXkWMXuaDHToEBKcezYGqGEYnGUi9LMjeb+Kln7X8nn5iknlz4k77rWCbSwLPC/WDr0ySYQA+HagaeUaFpoiYFJKS6uFlK1HYWnM3W4PUiGHg1/xeZlMO44wTwybXVo0y9KMhchfB5XNbDdoJcqWYvi6xtmZZNRbxUyw== /CN=selfsigned.simplesamlphp.org/O=SimpleSAMLphp HQ/L=Honolulu/ST=Hawaii/C=US + + GpM7 + GpM8 + /CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI= + + + GpM6 + /CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI= + GpM7 + GpM8 + Some label + + ManagementData some diff --git a/tests/resources/xml/ds_SignatureMethod.xml b/tests/resources/xml/ds_SignatureMethod.xml index 2dccda50..0ddb104f 100644 --- a/tests/resources/xml/ds_SignatureMethod.xml +++ b/tests/resources/xml/ds_SignatureMethod.xml @@ -1 +1,4 @@ - + + 1234 + Some + diff --git a/tests/resources/xml/xenc_OriginatorKeyInfo.xml b/tests/resources/xml/xenc_OriginatorKeyInfo.xml index 080836d0..720eaa1b 100644 --- a/tests/resources/xml/xenc_OriginatorKeyInfo.xml +++ b/tests/resources/xml/xenc_OriginatorKeyInfo.xml @@ -4,5 +4,18 @@ MIICxDCCAi2gAwIBAgIUZ9QDx+SBFHednUWDFGm9tyVKrgQwDQYJKoZIhvcNAQELBQAwczElMCMGA1UEAwwcc2VsZnNpZ25lZC5zaW1wbGVzYW1scGhwLm9yZzEZMBcGA1UECgwQU2ltcGxlU0FNTHBocCBIUTERMA8GA1UEBwwISG9ub2x1bHUxDzANBgNVBAgMBkhhd2FpaTELMAkGA1UEBhMCVVMwIBcNMjIxMjAzMTAzNTQwWhgPMjEyMjExMDkxMDM1NDBaMHMxJTAjBgNVBAMMHHNlbGZzaWduZWQuc2ltcGxlc2FtbHBocC5vcmcxGTAXBgNVBAoMEFNpbXBsZVNBTUxwaHAgSFExETAPBgNVBAcMCEhvbm9sdWx1MQ8wDQYDVQQIDAZIYXdhaWkxCzAJBgNVBAYTAlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDessdFRVDTMQQW3Na81B1CjJV1tmY3nopoIhZrkbDxLa+pv7jGDRcYreyu1DoQxEs06V2nHLoyOPhqJXSFivqtUwVYhR6NYgbNI6RRSsIJCweH0YOdlHna7gULPcLX0Bfbi4odStaFwG9yzDySwSEPtsKxm5pENPjNVGh+jJ+H/QIDAQABo1MwUTAdBgNVHQ4EFgQUvV75t8EoQo2fVa0E9otdtIGK5X0wHwYDVR0jBBgwFoAUvV75t8EoQo2fVa0E9otdtIGK5X0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQANQUeiwPJXkWMXuaDHToEBKcezYGqGEYnGUi9LMjeb+Kln7X8nn5iknlz4k77rWCbSwLPC/WDr0ySYQA+HagaeUaFpoiYFJKS6uFlK1HYWnM3W4PUiGHg1/xeZlMO44wTwybXVo0y9KMhchfB5XNbDdoJcqWYvi6xtmZZNRbxUyw== /CN=selfsigned.simplesamlphp.org/O=SimpleSAMLphp HQ/L=Honolulu/ST=Hawaii/C=US + + GpM7 + GpM8 + /CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI= + + + GpM6 + /CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI= + GpM7 + GpM8 + Some label + + ManagementData some diff --git a/tests/resources/xml/xenc_RecipientKeyInfo.xml b/tests/resources/xml/xenc_RecipientKeyInfo.xml index bee00ede..948b6fa4 100644 --- a/tests/resources/xml/xenc_RecipientKeyInfo.xml +++ b/tests/resources/xml/xenc_RecipientKeyInfo.xml @@ -4,5 +4,18 @@ MIICxDCCAi2gAwIBAgIUZ9QDx+SBFHednUWDFGm9tyVKrgQwDQYJKoZIhvcNAQELBQAwczElMCMGA1UEAwwcc2VsZnNpZ25lZC5zaW1wbGVzYW1scGhwLm9yZzEZMBcGA1UECgwQU2ltcGxlU0FNTHBocCBIUTERMA8GA1UEBwwISG9ub2x1bHUxDzANBgNVBAgMBkhhd2FpaTELMAkGA1UEBhMCVVMwIBcNMjIxMjAzMTAzNTQwWhgPMjEyMjExMDkxMDM1NDBaMHMxJTAjBgNVBAMMHHNlbGZzaWduZWQuc2ltcGxlc2FtbHBocC5vcmcxGTAXBgNVBAoMEFNpbXBsZVNBTUxwaHAgSFExETAPBgNVBAcMCEhvbm9sdWx1MQ8wDQYDVQQIDAZIYXdhaWkxCzAJBgNVBAYTAlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDessdFRVDTMQQW3Na81B1CjJV1tmY3nopoIhZrkbDxLa+pv7jGDRcYreyu1DoQxEs06V2nHLoyOPhqJXSFivqtUwVYhR6NYgbNI6RRSsIJCweH0YOdlHna7gULPcLX0Bfbi4odStaFwG9yzDySwSEPtsKxm5pENPjNVGh+jJ+H/QIDAQABo1MwUTAdBgNVHQ4EFgQUvV75t8EoQo2fVa0E9otdtIGK5X0wHwYDVR0jBBgwFoAUvV75t8EoQo2fVa0E9otdtIGK5X0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQANQUeiwPJXkWMXuaDHToEBKcezYGqGEYnGUi9LMjeb+Kln7X8nn5iknlz4k77rWCbSwLPC/WDr0ySYQA+HagaeUaFpoiYFJKS6uFlK1HYWnM3W4PUiGHg1/xeZlMO44wTwybXVo0y9KMhchfB5XNbDdoJcqWYvi6xtmZZNRbxUyw== /CN=selfsigned.simplesamlphp.org/O=SimpleSAMLphp HQ/L=Honolulu/ST=Hawaii/C=US + + GpM7 + GpM8 + /CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI= + + + GpM6 + /CTj03d1DB5e2t7CTo9BEzCf5S9NRzwnBgZRlm32REI= + GpM7 + GpM8 + Some label + + ManagementData some