From: =?utf-8?q?Ferenc_W=C3=A1gner?= <wferi@debian.org>
Date: Wed, 25 Dec 2024 16:40:35 +0100
Subject: Update SAML2 signatures to RSA-SHA256

The default signature algorithm changed to RSA-SHA256 in XMLTooling 3.3
[1], so the control XML files in the OpenSAML test suite must follow [2].
The "Not yet signed" ResponseChildElements.xml was edited manually,
while SAML2Assertion.xml was re-signed in the build tree via

../samlsign/samlsign -s -k ./data/key.pem -c ./data/cert.pem -f ./data/signature/SAML2Assertion.xml

[1] https://shibboleth.atlassian.net/browse/CPPXT-162
[2] https://shibboleth.atlassian.net/browse/CPPOST-125
---
 .../data/saml2/core/impl/ResponseChildElements.xml    | Bin 1774 -> 1788 bytes
 samltest/data/signature/SAML2Assertion.xml            |   8 ++++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/samltest/data/saml2/core/impl/ResponseChildElements.xml b/samltest/data/saml2/core/impl/ResponseChildElements.xml
index fd83164..56fcb76 100644
--- a/samltest/data/saml2/core/impl/ResponseChildElements.xml
+++ b/samltest/data/saml2/core/impl/ResponseChildElements.xml
@@ -3,7 +3,7 @@
  / > < d s : S i g n a t u r e   x m l n s : d s = " h t t p : / / w w w . w 3 . o r g / 2 0 0 0 / 0 9 / x m l d s i g # " > 
  < d s : S i g n e d I n f o > 
  < d s : C a n o n i c a l i z a t i o n M e t h o d   A l g o r i t h m = " h t t p : / / w w w . w 3 . o r g / 2 0 0 1 / 1 0 / x m l - e x c - c 1 4 n # " / > 
- < d s : S i g n a t u r e M e t h o d   A l g o r i t h m = " h t t p : / / w w w . w 3 . o r g / 2 0 0 0 / 0 9 / x m l d s i g # r s a - s h a 1 " / > 
+ < d s : S i g n a t u r e M e t h o d   A l g o r i t h m = " h t t p : / / w w w . w 3 . o r g / 2 0 0 1 / 0 4 / x m l d s i g - m o r e # r s a - s h a 2 5 6 " / > 
  < / d s : S i g n e d I n f o > 
  < d s : S i g n a t u r e V a l u e > N o t   y e t   s i g n e d < / d s : S i g n a t u r e V a l u e > 
  < / d s : S i g n a t u r e > < s a m l p : E x t e n s i o n s / > < s a m l p : S t a t u s / > < s a m l : A s s e r t i o n   I D = " t e s t 1 "   V e r s i o n = " 2 . 0 "   I s s u e I n s t a n t = " 2 0 0 6 - 0 2 - 2 1 T 1 6 : 4 0 : 0 0 . 0 0 0 Z " / > < s a m l : A s s e r t i o n   I D = " t e s t 2 "   V e r s i o n = " 2 . 0 "   I s s u e I n s t a n t = " 2 0 0 6 - 0 2 - 2 1 T 1 6 : 4 0 : 0 0 . 0 0 0 Z " / > < s a m l : E n c r y p t e d A s s e r t i o n   / > < s a m l : A s s e r t i o n   I D = " t e s t 3 "   V e r s i o n = " 2 . 0 "   I s s u e I n s t a n t = " 2 0 0 6 - 0 2 - 2 1 T 1 6 : 4 0 : 0 0 . 0 0 0 Z " / > < / s a m l p : R e s p o n s e > 
diff --git a/samltest/data/signature/SAML2Assertion.xml b/samltest/data/signature/SAML2Assertion.xml
index 6e2d16a..b0e5ed0 100644
--- a/samltest/data/signature/SAML2Assertion.xml
+++ b/samltest/data/signature/SAML2Assertion.xml
@@ -1,7 +1,7 @@
 <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z" Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
 <ds:Reference URI="#ident">
 <ds:Transforms>
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
@@ -11,9 +11,9 @@
 <ds:DigestValue>AQGLm1KiW4D78s+fxQ2UPZHwwXR7CPKDIvkgzNDFzbU=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>jLLZZQ6cty2FcjsGn/zuzfjXQqyMNMkbdw+wJXXTS1YmnKVYtE9H7skjU9bcj4Lo
-MpRXQlJLtX1sIgpTQS2pSh4kkwE+Z7yO/SDaM5qcVawH5zI3C03s3ty0xGQx9SzW
-1TTK4vgfWLOh5NQzDt2WhZPGSS3H1hpxS+MlbnflPTU=</ds:SignatureValue>
+<ds:SignatureValue>PNXN/TfTriZ4EHOWsIGjqDlg3L4cch2ULfiOfUKNsIC7eJnHx7bZxpTPDqoLID/Z
+Ax8ou8hFwu19mA2/tg1cWDEFpHLHjH9LNqDNZxOZlcsqwi4pvonbrf3dLJniNBB5
+DHEE/KdVIH+pcN5pZ3jYz6XRFp6wuzMxsXdocp6VoYQ=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC