badri

<saml:Assertion xmlns:saml="http://www.example.com/saas/assertion">
    <Signature>
      <KeyAlias>17GLrwRZj5LzsI7lNyxTJd0EGPeXYT6qbb7lcLsCTwQ</KeyAlias>
      <SignatureValue>RRx7/7yOIERFv86xTmrT8Ojq7G5cQkg51duzNSp8TEul+OJmMC4MMptOsWihbRadhxh9XGmQiPeB8tYFTjbLaTKBuv5XK1B2JQCc0OOXndZEq9wNH+IHpaXSb60XpqHY</SignatureValue>
    </Signature>
    <saml:Subject>
      <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" Recipient="http://sp.example.com/demo1/index.php?acs" InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
      </saml:SubjectConfirmation>

badri

FROM ubuntu:focal

LABEL maintainer="Kong Docker Maintainers <[email protected]> (@team-gateway-bot)"

ARG ASSET=ce
ENV ASSET $ASSET

ARG EE_PORTS

COPY kong-enterprise-edition-2.8.2.2.all.deb /tmp/kong.deb

badri

FROM kong/kong-gateway:2.8.1.1-rhel7
USER root
RUN yum install -q -y autoconf automake libtool m4 make
RUN mkdir /expat /rocks
# Can be downloaded here: https://github.com/libexpat/libexpat/releases/tag/R_2_5_0
COPY libexpat-R_2_5_0.tar.gz /expat
# Rock files can be downloaded from https://luarocks.org/
COPY luaexpat-1.5.1-1.src.rock /rocks
COPY expadom-0.1.0-1.src.rock /rocks
COPY luautf8-0.1.4-1.src.rock /rocks

badri

local resty_rsa = require "resty.rsa"
local b64 = require("ngx.base64")

-- local rsa_public_key, rsa_priv_key, err = resty_rsa:generate_rsa_keys(2048)
-- if not rsa_public_key then
--     ngx.say('generate rsa keys err: ', err)
-- end
local algorithm = "SHA256"
local key = "MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOz0YTcc5qsRSyNYUBPD/6H/vcbFqtTb+IcW45PAZ5lMIMj4DLdNF+/4ZlVSVKU9QfC5lio/X76sZhwG2u+7vwOBi1awuwQ91xVroeR4ozpRqs31DYDl7uCfbMZhbG2m4wIDAQAB"
local rsa_public_key = "-----BEGIN PUBLIC KEY-----\n" .. key .. "\n-----END PUBLIC KEY-----"

badri

local pkey = require("resty.openssl.pkey")
local base64_decode         = ngx.decode_base64
local openssl_x509 = require("resty.openssl.x509")


-- local b64 = "MIIBiTCCAROgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLZXhh\nbXBsZS5jb20wHhcNMjIxMDA2MTAwNTQ5WhcNMzIxMDAzMTAwNTQ5WjAWMRQwEgYD\nVQQDDAtleGFtcGxlLmNvbTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQDs9GE3HOar\nEUsjWFATw/+h/73GxarU2/iHFuOTwGeZTCDI+Ay3TRfv+GZVUlSlPUHwuZYqP1++\nrGYcBtrvu78DgYtWsLsEPdcVa6HkeKM6UarN9Q2A5e7gn2zGYWxtpuMCAwEAAaMr\nMCkwDwYDVR0TBAgwBgEB/wIBADAWBgNVHREEDzANggtleGFtcGxlLmNvbTANBgkq\nhkiG9w0BAQsFAANhAERnjq9SMzRGIzOb5N3JAuv1w18GSceKjqNGscisyVkIEWTf\n5hUm2NaVrFA65o7STucxdxN5Y7ydBVvDY+7pA8TicqE36BKwXC3cUU5HGyQw+D1K\ndnff2J0hDORtyhLsxw=="
-- local certstring = "-----BEGIN CERTIFICATE-----\n" .. b64 .. "\n-----END CERTIFICATE-----"

-- local orig_rsa_public_key
-- local cert,err = openssl_x509.new(certstring, "PEM")

badri

import jwt
from datetime import datetime, timedelta
import ipaddress
import time

from cryptography.hazmat.primitives import serialization
from cryptography.x509 import load_pem_x509_certificate

# pip3 install signxml
from lxml import etree

badri

>>> public_key
'-----BEGIN PUBLIC KEY-----\nMHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOz0YTcc5qsRSyNYUBPD/6H/vcbFqtTb\n+IcW45PAZ5lMIMj4DLdNF+/4ZlVSVKU9QfC5lio/X76sZhwG2u+7vwOBi1awuwQ9\n1xVroeR4ozpRqs31DYDl7uCfbMZhbG2m4wIDAQAB\n-----END PUBLIC KEY-----\n'
>>> private_key
b'-----BEGIN RSA PRIVATE KEY-----\nMIIBzAIBAAJhAOz0YTcc5qsRSyNYUBPD/6H/vcbFqtTb+IcW45PAZ5lMIMj4DLdN\nF+/4ZlVSVKU9QfC5lio/X76sZhwG2u+7vwOBi1awuwQ91xVroeR4ozpRqs31DYDl\n7uCfbMZhbG2m4wIDAQABAmEA4IyuW+Ydilu3EuWr7S8+X6zVkTrdKx7SJGLCg9A/\n3PxRzWGT21lJp/WENLLy2Cx1L+HOSQ1XVaCUD4KKOY6YpDpPMa6OYBRq+7JhasIc\nQtNJk67LQdLsye/XNAWFUB7xAjEA+vPa92brCLMFGQDbZ1GUQe/pfw6eoFWCg9TC\nlfaKdDvqd2ygYupMmNxWrSlt11elAjEA8bhzE6sarsTunj0JOBk8MmzGmirP6qTK\nlsLMwMehZbCpf4uOGURCwP7K7jkzan3nAjEA98NKrHgwFKaqocT22Urx1SfIoGkO\ns7243e9xLh37FEcTdlUJBJ/OgB0KdmwwxisBAjA4R6TrkGwvAwU37Kgn2qBMcU0w\negVc8a+FuKdpv1FR1vcwDjMwqNcODoT7QHA7PEMCMQDvv3k5nFwQ2+wnDGQs00vg\nX77tghZPvWmYfMNWKFNCNPz2gJ4YL7jCU3aotyzEDYQ=\n-----END RSA PRIVATE KEY-----\n'
>>> cert
b'-----BEGIN CERTIFICATE-----\nMIIBiTCCAROgAw

badri

import jwt
from datetime import datetime, timedelta
import ipaddress
import time

from cryptography.hazmat.primitives import serialization
from cryptography.x509 import load_pem_x509_certificate

def generate_selfsigned_cert(hostname, ip_addresses=None, key=None):
    """Generates self signed certificate for a hostname, and optional IP addresses."""

badri

local resty_rsa = require "resty.rsa"
local codec          = require "kong.openid-connect.codec"
local base64url = codec.base64url

local algorithm = "SHA256"

ngx.say('---')
-- substitute your "key" here
local k = "MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANGkBcOBvBWEzSfRYErqBpQByj0LMiV6+CTr274ZHlT7rlegHx2AxGK7l2hpl6Da8tJf1sQmHFq7T8bdrR12zB8TvXcLpkkbK6tVverJh+bGqbSqjDZPoRuhvZdpDb6ziQIDAQAB"
local orig_rsa_public_key = "-----BEGIN PUBLIC KEY-----\n" .. k .. "\n-----END PUBLIC KEY-----"

badri

local resty_rsa = require "resty.rsa"
local codec          = require "kong.openid-connect.codec"
local base64url = codec.base64url
local openssl_x509 = require("resty.openssl.x509")


local b64 = "MIICmzCCAYMCBgGC3hTanzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZrb25nLWgwHhcNMjIwODI3MDY1MzA0WhcNMzIwODI3MDY1NDQ0WjARMQ8wDQYDVQQDDAZrb25nLWgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj36hSXWB+9j/YqHnXkPUjNQz9IR/EWQRXNFEome6JmV6ulBU9vt4wmi1b2xjmoD+Z8uBg15khZ776ftmnJvZesk0CDq9OJW3niGgXwPGsXWf0E39fZrBdGL1EM9vLwSqqyTETNabqD/lsgA4rwIVWr+z0vMXvwGB4LYW/LNOzUy6V7mmAuPxg2ixlmCNLw/ACAvqKcdBypl8Xh9B/A+eMk5p3OT/7BRaAiF49JJEkctZThE5YBwYC+IZ+8qXEC66t0MmcojgnQnaYwS4ZBmrcOg3s1QLnsUavUxtdvQsLk+ORy5LBXelcereHGdp/50R7JwLAkzkAruTi2D1B0vRlAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIKVnA2hpuZVwvAlT1CYXzDUEoHQt9K3L/kSemURtxkiF8vTkjw19nmieDmpxVR2S1bIR/B+Bmgv0jS0ieL33AbHgGfpgE0oWZ2nUO53VzgNexCnSOPuCQevHEFbaRRkjZtoAQJdMriE0khSSZlgjlUlgsjIteY/S6xKVUw/iEU1xWLVcICNaqt1IUwfOX6omkEmSTEAFhkEj7lFEEekBPfQ0Sa9rOxmEnpkUY+I3k8YAlEWnFCdkV7lM5PlHdgmwFsnNlN7khec3bK5ku2