Skip to content

Instantly share code, notes, and snippets.

@kjunichi

kjunichi/azureadsamlsig.xml

Last active September 12, 2024 05:05
Show Gist options
  • Save kjunichi/a3c6c46a1087411c26fac96740756740 to your computer and use it in GitHub Desktop.
Save kjunichi/a3c6c46a1087411c26fac96740756740 to your computer and use it in GitHub Desktop.
Download ZIP
XML署名の調査
Raw
azureadsamlsig.xml
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="#_376a017b-e5ed-4759-8731-fb4bcf421100">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>18tVLSwxknFeP0Zm1+2nn7ejJ08EOiEjLW6chneDgUI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
gytrnyKgAnV4OTO2QkfVkzxDRPMeLQDFIHgkvQ/bMUXPWTnwCB3L0VyJQeNUZgh5U75H6+AXWLUVKU1zIWuY3++HJ4ufoa7ogntiLnkZUoN7OJ80Nq1Q+x4bhI3wlqQXmrCoUBtn+TeK7PDqCa5rTC7j2BF+jkCaUXrTmul9veIsFEs+RrO/qYJ7tnQeY7CpCl03v1pwvRl6bwcgm3Y0qjlwcSUZW1V1i2BYjIuvK8XW4GWx0chRhUHx6TTVq/lOPzmnSdpBry+PGyCIEB/gREETtA9x+S55s+brLJy4S/Cq0qmYQpNJ3P+1NhyA+RD8YPANRa3QezEBMXA1b2wSuA==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
MIIC8DCCAdigAwIBAgIQT8CGrFHp84xLDLzemzIlGzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMzA0MTgxMjU2MDJaFw0yNjA0MTgxMjM3MTJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJKifPT1NVf6iwnFdPYaK65MOA7nv5moBJURRHR7AHBts4YtDVWs6lP/483XaXSgzV7wKnq2nSxZmtZZYfEYz9cQIwd0Gw6tHufg2ZXLxD5Od0p/IkFz3jGqj51jRiIsLzr+u8Z+tvd9r0tEDcPGQftsoIrHNXtQf0vCDBKKFl9VCMwqcNzr+5IozyeL1lsrwWOWZv2KVxmUm62wCjkr57Z4lVYOPxezqjoKp3h0elcG1cn6+eRUEHZ/DJTNWcpvjWCIFJrGPf86IeZfgIlT9bS/uJ437ZObikmD7iWFvnfMyXLGzkiAKLImF71WpV0+4dyI3ioWxvELHDneQ5lxKQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA1lJsyiKLdm155Zy0I7JN+Cp76AtltZMCisrmSuqmN3MT0IoXRbC2bg/6MUOkR6Yt6dAf3IG3y7WAW9cDygD4X/L+g6u5nKRhx8Cyo1An9N4EDEUx76lxzU8HZfpYgPCUU3B0g5++O75WT/sq61RbcUASK377OLLf3rsAaf2m/2Rq6KIGqTBiOmjmWBlEBveCCqYteVgH30JM2ZMr7MbXIlV01r/vxTOlBTF7pRIkQfQP07fi2PvRaZaOJQnKuuJh7gOISQsADI0R9LmoX2kjHv+rhvg1+l86jGPtzNkIFNsoWC2tepRfVHYfpH5BPvxdUB4wwFY6IHt6Qi3Y3e5fp</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
Raw
selfSig.xml
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>u3Jq7ouyUwPchwio0lWeZGdTQqtUDDsfslg1nQFtUPo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
cTOnWDrZWiMEPesBUFkOCFT1YbfB8G+SkI7E36EC5daRNYJgdc3uPirtKNY/Lvg8mCJZdBrIK2QoB8RMeuGgC1sDlmA0GHEMgFzK0QRy3WNpc8ej9LaCA6Cn52hv2mrI60pj6M2nJsz0CO4+hASwSpg1HHnrSXiJSIGD7y+IHa3VGypBtm6lXfhDafidh4Gv9Okd4tcg0js2PlVfXbT5NwxkOE+rljfwj4LkQRyiwpM11H2XdvAj6HT5VBQQEjePCZo5NyHFbXsgpjyYAUY0UC4Gt73c0bL3lukAPVVax/TW1N4Dkl0yqhcuAtLNtF/o/MseYGQbau+qG4B5VwAHvA==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
MIIDrzCCAhcCFC06Zr72CrFH44vk7hIqW1a5WZBuMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzA0MTgxMzA4NDBaFw0zMzA0MTcxMzA4NDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJxotY+B2eIyXDULvSANa5ccZu4V8zfQOtas+D7eSLC18iePe9sP0//vZE0tcTIkmom49fHRQswMb+cKpPRSzJsLGcl6PlXgoMaJNxZTIE/HHOBXpobM30W3nkdM2D0Ai3gonL809tAT0bwYeZrb9ISw8GefR8UYdAxFxrnT3wiFBZWomdYSq0xkkEXomwOZcrvrQ/f/WUgaXU4bGe5VIOPQOpBP5H+fQEAd1iUnFnbMlS0xSxti56q2TcxbPmsRkUvLUPkipq7UNFRE/mdpd34NMtt8A2tuRCg14hOqDRxToGT2JDkfJGdJMQcjyJlvvz8K2sP0O3ShbmCmfHvYpLcuRbdpDZRk6l1ME/BIRbAynIAK9m97uwh9wsRcq4TNxXaB/ic6McxIsUFRNLlvLqzERFipd5HKoDjer2dG0vdosLVcqjLQOaFhCG298M4pgb7pH8Tg2hJ4NwXoTgBJ+ZV/DhYM46issVAtW9NU3sjFI40XWvhQElevy2Xtx1sPfwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQATjRGn/b9uow6Wrf/B0UIZNH+pRgYfJf7XGKJgjk2j1Ge/lIKkZV4w3beC8JptD6DgLrouseUYdiWiktNVwPagWhqU8hMAYjhz1Hbs5XS3p6hdFhMc6xbTuCEMMglGqCaYVEiPXhO7iUT2KMd9uv8JChoxxvfquVvNoVivjBRTm3qyFBVXqnUcGW6JQjw3FAV3YtL3N+sEFEl6X10fhtrCluXlLqpXN3IbMTmRRm6wrwY7A3otGf98hs5HNCnI+nu/zKBkZFCIpQAguFDNTwT+TubLodiiozazMIYi390aYwXbX9f4Ll2Q6uP0Ff3wIZrzA9WXXfZtmai8VJtwKvSv6yeDW91dO9itMBisy0LQ13HtJOKx7qiamcRGBn3FNy9YzoybbVhXmLOk7J7eIlNvMZCT2qFrtCxPUDsW1yUourAZeH31r/70ydhtpLTVJxPXX/bOQVZTj2X3UXhWe/zeH5knIIDXNPY14W/5D14TFq4Jk6YQNq3GV2bz3Wn/kz0=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
Raw
xmlsig.md

SignatureMethodタグのAlgorithm属性

自前の実装出力

<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />

Azure AD

<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />

自前で署名をつけてチェックしたらエラー

javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature length not correct: got 256 but was expecting 384
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment