dex/connector/saml/testdata/gen.sh

#!/bin/bash -ex

# Always run from the testdata directory
cd "$(dirname "$0")"

# Uncomment these commands to regenerate the CA files.
#
# openssl req \
#     -nodes \
#     -newkey rsa:2048 \
#     -keyout ca.key \
#     -new -x509 -days 7300 \
#     -extensions v3_ca \
#     -out ca.crt \
#     -subj "/O=DEX/CN=coreos.com"
# 
# openssl req \
#     -nodes \
#     -newkey rsa:2048 \
#     -keyout bad-ca.key \
#     -new -x509 -days 7300 \
#     -extensions v3_ca \
#     -out bad-ca.crt \
#     -subj "/O=BAD/CN=coreos.com"

# Sign these files using xmlsec1.
#
# Templates MUST have a <Signature> element already embedded in them so
# xmlsec1 can know where to embed the signature.
#
# See: https://sgros.blogspot.com/2013/01/signing-xml-document-using-xmlsec1.html

xmlsec1 --sign --privkey-pem ca.key,ca.crt --output good-resp.xml good-resp.tmpl
xmlsec1 --sign --privkey-pem ca.key,ca.crt --output bad-status.xml bad-status.tmpl

# Sign a specific sub element, not just the root.
#
# Values match up to the <Response URI="#(ID)"> element in the documents.
xmlsec1 --sign --privkey-pem ca.key,ca.crt  \
    --id-attr:ID Assertion \
    --output assertion-signed.xml assertion-signed.tmpl

xmlsec1 --sign --privkey-pem ca.key,ca.crt \
    --id-attr:ID Assertion \
    --output two-assertions-first-signed.xml \
    two-assertions-first-signed.tmpl
connector/saml: refactor tests and add self-signed responses Introduces SAML tests which execute full response processing and compare user attributes. tesdata now includes a full, self-signed CA and documents signed using xmlsec1. Adds deprication notices to existing tests, but don't remove them since they still provide coverage. 2017-04-04 13:11:12 +05:30			`#!/bin/bash -ex`

			`# Always run from the testdata directory`
			`cd "$(dirname "$0")"`

			`# Uncomment these commands to regenerate the CA files.`
			`#`
			`# openssl req \`
			`# -nodes \`
			`# -newkey rsa:2048 \`
			`# -keyout ca.key \`
			`# -new -x509 -days 7300 \`
			`# -extensions v3_ca \`
			`# -out ca.crt \`
			`# -subj "/O=DEX/CN=coreos.com"`
			`#`
			`# openssl req \`
			`# -nodes \`
			`# -newkey rsa:2048 \`
			`# -keyout bad-ca.key \`
			`# -new -x509 -days 7300 \`
			`# -extensions v3_ca \`
			`# -out bad-ca.crt \`
			`# -subj "/O=BAD/CN=coreos.com"`

			`# Sign these files using xmlsec1.`
			`#`
			`# Templates MUST have a <Signature> element already embedded in them so`
			`# xmlsec1 can know where to embed the signature.`
			`#`
			`# See: https://sgros.blogspot.com/2013/01/signing-xml-document-using-xmlsec1.html`

			`xmlsec1 --sign --privkey-pem ca.key,ca.crt --output good-resp.xml good-resp.tmpl`
			`xmlsec1 --sign --privkey-pem ca.key,ca.crt --output bad-status.xml bad-status.tmpl`

			`# Sign a specific sub element, not just the root.`
			`#`
			`# Values match up to the <Response URI="#(ID)"> element in the documents.`
			`xmlsec1 --sign --privkey-pem ca.key,ca.crt \`
			`--id-attr:ID Assertion \`
			`--output assertion-signed.xml assertion-signed.tmpl`

			`xmlsec1 --sign --privkey-pem ca.key,ca.crt \`
			`--id-attr:ID Assertion \`
			`--output two-assertions-first-signed.xml \`
			`two-assertions-first-signed.tmpl`