From e083e5e0638c10678c9e8e2a63390654d3a64d6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Sun, 20 Jan 2008 11:49:15 +0000
Subject: [PATCH] Fixed the signing procedures that calls xmlseclibs, to
 correctly set the exclusive canonicalization parameter
 XMLSecurityDSig::EXC_C14N. After tips from the xmlseclib author Rob Richards.
 Would be great if Hans Z. tested this afterwards as he is using a php version
 before 5.2, and that was the only place where this problem occured.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@177 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Bindings/SAML20/HTTPPost.php |  2 +-
 lib/SimpleSAML/Bindings/Shib13/HTTPPost.php | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
index 66a20bcf4..31898338c 100644
--- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
@@ -123,7 +123,7 @@ class SimpleSAML_Bindings_SAML20_HTTPPost {
 // 			'http://www.w3.org/2001/10/xml-exc-c14n#'));
 			
 		$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
-			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'),
+			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
 			array('id_name' => 'ID'));
 		
 		#$objXMLSecDSig->addRefInternal($responseroot, $responseroot, XMLSecurityDSig::SHA1);
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index e57968c56..f842e7460 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -113,10 +113,21 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		
 		#$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, #array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), null, 'ResponseID');
 		
+		/*
+		
+			Removed 2008-01-10 after a tips from Rob Richards..
+			
+			
 		$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1,
 			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'),
 			array('id_name' => 'ResponseID'));
 			
+			*/
+			
+		$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
+			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
+			array('id_name' => 'ResponseID'));
+			
 			// TODO: Add option to sign assertion versus response
 
 		#$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature',
-- 
GitLab