search

italia / spid-compliant-certificates

Solution to create self-signed certificates according to Avviso SPID n.29
MIT License
25 stars 13 forks source link

Valorizzazione <SignatureValue> #44

Open aresares opened 3 years ago

aresares commented 3 years ago

Buongiorno, avevo una domanda riguardo la valorizzazione del tag <ds:SignatureValue> ????????? </ds:SignatureValue>. Cosa bisogna inserire dentro questo tag? Usando i script sono riuscito a generare le due chiavi key.pem e csr.pem ma non sparei come valorizzare SignatureValue

al momento il mio metadata è cosi

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://spid.mysp.it" ID="pfxac20eab3-d06c-0185-ce16-3a43c2f67504">
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha256"/>
            <ds:Reference URI="#pfxac20eab3-d06c-0185-ce16-3a43c2f67504">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha256"/>
                <ds:DigestValue>6c9ba317acb341997f3123653b091b7f6192dfd4bed1b8aad9e8b08e97ff4188</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue> ????????? </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate> .... </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:KeyDescriptor use="signing">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate> ..... </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>
        <md:KeyDescriptor use="encryption">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate> .... </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://spid.mysp.it/slo-location"/>
        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://spid.mysp.it/sso-location" index="1"/>
    </md:SPSSODescriptor>
    <md:Organization>
        <md:OrganizationName xml:lang="en-US">mysp</md:OrganizationName>
        <md:OrganizationDisplayName xml:lang="en-US">mysp</md:OrganizationDisplayName>
        <md:OrganizationURL xml:lang="en-US">https://spid.mysp.it</md:OrganizationURL>
    </md:Organization>
    <md:ContactPerson contactType="technical">
        <md:GivenName>XX YY</md:GivenName>
        <md:EmailAddress>asf@gmail.com</md:EmailAddress>
    </md:ContactPerson>
    <md:ContactPerson contactType="support">
        <md:GivenName>XX YY</md:GivenName>
        <md:EmailAddress>asf@gmail.com</md:EmailAddress>
    </md:ContactPerson>
</md:EntityDescriptor>
peppelinux commented 3 years ago

usa un tool per la firma del metadata, all'interno di questo devi solo predisporre il template, guarda qui https://github.com/italia/spid-sp-test/tree/main/tests/metadata#metadata-signature