Merge pull request #11 from waterkip/GH-10-assertion-namespacing

Fix disappearing namespace bug on in _decrypt_encrypted_node

Author: waterkip

Makefile.PL

@@ -37,9 +37,10 @@ my %WriteMakefileArgs = (
     "Import::Into" => 0,
     "Test::Lib" => 0,
     "Test::More" => 0,
+    "XML::LibXML::XPathContext" => 0,
     "namespace::autoclean" => 0
   },
-  "VERSION" => "0.12",
+  "VERSION" => "0.13",
   "test" => {
     "TESTS" => "t/*.t"
   }
@@ -62,6 +63,7 @@ my %FallbackPrereqs = (
   "Test::Lib" => 0,
   "Test::More" => 0,
   "XML::LibXML" => 0,
+  "XML::LibXML::XPathContext" => 0,
   "feature" => 0,
   "namespace::autoclean" => 0,
   "strict" => 0,

README

@@ -2,26 +2,26 @@ NAME
     XML::Enc - XML::Enc Encryption Support
 
 VERSION
-    version 0.12
+    version 0.13
 
 SYNOPSIS
         my $decrypter = XML::Enc->new(
-                                    {
-                                        key                         => 't/sign-private.pem',
-                                        no_xml_declaration          => 1,
-                                    },
-                                );
+            {
+                key                => 't/sign-private.pem',
+                no_xml_declaration => 1,
+            },
+        );
         $decrypted = $enc->decrypt($xml);
 
         my $encrypter = XML::Enc->new(
-                                    {
-                                        cert                => 't/sign-certonly.pem',
-                                        no_xml_declaration  => 1,
-                                        data_enc_method     => 'aes256-cbc',
-                                        key_transport       => 'rsa-1_5',
-
-                                    },
-                                );
+            {
+                cert               => 't/sign-certonly.pem',
+                no_xml_declaration => 1,
+                data_enc_method    => 'aes256-cbc',
+                key_transport      => 'rsa-1_5',
+
+            },
+        );
         $encrypted = $enc->encrypt($xml);
 
 NAME

cpanfile

@@ -22,6 +22,7 @@ on 'test' => sub {
   requires "Import::Into" => "0";
   requires "Test::Lib" => "0";
   requires "Test::More" => "0";
+  requires "XML::LibXML::XPathContext" => "0";
   requires "namespace::autoclean" => "0";
 };
 

lib/XML/Enc.pm

@@ -27,22 +27,22 @@ XML::Enc - XML Encryption
 =head1 SYNOPSIS
 
     my $decrypter = XML::Enc->new(
-                                {
-                                    key                         => 't/sign-private.pem',
-                                    no_xml_declaration          => 1,
-                                },
-                            );
+        {
+            key                => 't/sign-private.pem',
+            no_xml_declaration => 1,
+        },
+    );
     $decrypted = $enc->decrypt($xml);
 
     my $encrypter = XML::Enc->new(
-                                {
-                                    cert                => 't/sign-certonly.pem',
-                                    no_xml_declaration  => 1,
-                                    data_enc_method     => 'aes256-cbc',
-                                    key_transport       => 'rsa-1_5',
-
-                                },
-                            );
+        {
+            cert               => 't/sign-certonly.pem',
+            no_xml_declaration => 1,
+            data_enc_method    => 'aes256-cbc',
+            key_transport      => 'rsa-1_5',
+
+        },
+    );
     $encrypted = $enc->encrypt($xml);
 
 =head1 METHODS
@@ -367,17 +367,20 @@ sub _decrypt_encrypted_node {
     # Sooo.. parse_balanced_chunk breaks when there is a <xml version="1'>
     # bit in the decrypted data and thus we have to remove it.
     # We try parsing the XML here and if that works we get all the nodes
-    my $fragment;
-    eval {
-        $fragment = $parser->load_xml(string => $decrypted_data)->findnodes('//*')->[0];
-    };
-    $fragment = $parser->parse_balanced_chunk($fragment // $decrypted_data);
+    my $new = eval { $parser->load_xml(string => $decrypted_data)->findnodes('//*')->[0]; };
+
+    if ($new) {
+        $node->addSibling($new);
+        $node->unbindNode();
+        return;
+    }
 
+    $decrypted_data = $parser->parse_balanced_chunk($decrypted_data);
     if (($node->parentNode->localname //'') eq 'EncryptedID') {
-        $node->parentNode->replaceNode($fragment);
+        $node->parentNode->replaceNode($decrypted_data);
         return;
     }
-    $node->replaceNode($fragment);
+    $node->replaceNode($decrypted_data);
     return;
 }
 

t/10-asserted-encryption.t

@@ -0,0 +1,45 @@
+use strict;
+use warnings;
+use Test::More;
+use XML::Enc;
+use XML::LibXML;
+use XML::LibXML::XPathContext;
+
+# Test for https://github.com/perl-net-saml2/perl-XML-Enc/issues/10
+my $xml;
+{
+    open my $fh, '<', 't/asserted-encryption.xml';
+    local $/ = undef;
+    $xml = <$fh>;
+}
+
+my $enc = XML::Enc->new(
+    {
+        key                 => 't/encrypted-sign-private.pem',
+        no_xml_declaration  => 1
+    }
+);
+
+$xml = XML::LibXML->load_xml(string => $xml);
+my $xpc = XML::LibXML::XPathContext->new($xml);
+$xpc->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
+$xpc->registerNs('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
+$xpc->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
+$xpc->registerNs('xenc', 'http://www.w3.org/2001/04/xmlenc#');
+
+my $decrypted = $enc->decrypt($xml);
+ok($decrypted, "Got a decrypted message");
+
+
+$xml = XML::LibXML->load_xml(string => $decrypted);
+$xpc->setContextNode($xml);
+
+my $assertion = $xpc->findnodes('//saml:Assertion');
+is($assertion->size, 1, "Found one assertion node");
+
+my $a = $assertion->get_node(1);
+my $attr = $a->getAttribute('xmlns:saml');
+
+ok($attr, "Have a saml namespace attribute");
+
+done_testing;

t/asserted-encryption.xml

@@ -0,0 +1,49 @@
+<?xml version="1.0"?>
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://netsaml2-testapp.local/consumer-post" ID="ID_6a68bd2f-5658-483d-866b-ade256de8c06" InResponseTo="NETSAML2_935c782d5f5e499638a7471b257062b5" IssueInstant="2022-03-27T12:06:56.753Z" Version="2.0">
+  <saml:Issuer>https://keycloak.local:8443/auth/realms/Foswiki</saml:Issuer>
+  <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+    <dsig:SignedInfo>
+      <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+      <dsig:Reference URI="#ID_6a68bd2f-5658-483d-866b-ade256de8c06">
+        <dsig:Transforms>
+          <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+        </dsig:Transforms>
+        <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <dsig:DigestValue>fFstLDBIowXl43T0OUs6F+HIlF8=</dsig:DigestValue>
+      </dsig:Reference>
+    </dsig:SignedInfo>
+    <dsig:SignatureValue>B6jtNRLa0XrT54hUF38nO5kQwg4b+zDDx1GlYiVKHsRURzz0VycaUDv6j/8JYPDTHeHuCuMsdcn/ppPwGBxK7KUWBiKp9CcGb2OYcyLBNfdZcO/glQX/kfOZCyfW5olmoapA/4Af0sa4bnBlFknfOpHfD+i0M2bNenS79AtlvIGY9ltdJATjeuTneywWAS+N3qh+CLuKde4Gn9UL9VxCZVk5XKga4Tqagv0feQrB1LwvRCqcYfIKzDgsHt2NSYpMyHzPxNgN57T0wGnyGMu5+uex0AMp4oc7o48wsPomxy0OZUHX7mdsk9bUOkf+fBUqlcW4USovacMKGZYDozTNZQ==</dsig:SignatureValue>
+    <dsig:KeyInfo>
+      <dsig:X509Data>
+        <dsig:X509Certificate>MIICnTCCAYUCBgF5YqtQBTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdGb3N3aWtpMB4XDTIxMDUxMjIyMTkyNFoXDTMxMDUxMjIyMjEwNFowEjEQMA4GA1UEAwwHRm9zd2lraTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJMGG6jrdadw/6rnOAGmNtmdIZy116JyocKlsoxg+iQTlRI2e3gelsiOW7rXNIYHH/f4ozQ8F4ba7GxJMNWlrDJFN23Dij521PVqJHsu3ZA8JOP+txMCN22zhCO6OYiWx5P9wm7zWVcfg3sS9564LQ4M7JBQ8tDYxY9RLCDR+sNNd0hWm6SrkEyghqbcxNY+rgXfxLBK5eGXyX1Zk0NLA5XqRg5a8BDz1oUZ6O4c21tVOvV8vqCUtcnx3hWxcBgXizW8pkSQpQiQ96zXquAvDwkLtYnQLV5GQlt6c414A7U4dsAZZCc490rqncfsjDfbFMzj89s/WCtFDOzSa163pqECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAPpeGsBOJN3xGUvtxJqPM2ja3g7G7LiOJGvzZSIOFr50baebsoJNRwL2GDfYUTM1SWDz4UHnGebsme5TTmzjVO3YEvnOMTtVC6/fYYdouAqIJ+cTmmF3Cxd/tOr5fkaPscB0x0+zqWqgBZLo0FVECDMt+DYk1HaQJPxsAXGahUmIIpfIKO7AUx5tD74PR8XeHWyL0w8jg1h8nVtc49P7h08SzmSFY0phJ9plLpSubCsd/1KMPOJ0Dh7kYEaOJOOWwjLggiho5N4KBytpts6HIjmPlKvV7UJEAmQykuhO6PyFfGjwXxpYRTtGa3fZQqu6BztRHDSZQfc+K08VTmAjriw==</dsig:X509Certificate>
+      </dsig:X509Data>
+      <dsig:KeyValue>
+        <dsig:RSAKeyValue>
+          <dsig:Modulus>kwYbqOt1p3D/quc4AaY22Z0hnLXXonKhwqWyjGD6JBOVEjZ7eB6WyI5butc0hgcf9/ijNDwXhtrsbEkw1aWsMkU3bcOKPnbU9Wokey7dkDwk4/63EwI3bbOEI7o5iJbHk/3CbvNZVx+DexL3nrgtDgzskFDy0NjFj1EsINH6w013SFabpKuQTKCGptzE1j6uBd/EsErl4ZfJfVmTQ0sDlepGDlrwEPPWhRno7hzbW1U69Xy+oJS1yfHeFbFwGBeLNbymRJClCJD3rNeq4C8PCQu1idAtXkZCW3pzjXgDtTh2wBlkJzj3Suqdx+yMN9sUzOPz2z9YK0UM7NJrXremoQ==</dsig:Modulus>
+          <dsig:Exponent>AQAB</dsig:Exponent>
+        </dsig:RSAKeyValue>
+      </dsig:KeyValue>
+    </dsig:KeyInfo>
+  </dsig:Signature>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:EncryptedAssertion>
+    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <xenc:EncryptedKey>
+          <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+          <xenc:CipherData>
+            <xenc:CipherValue>MhdhEw9xuIVEXqkgoGTG74VRXFhvYzqjcj/pNWCpt+pXnxt30HFgRflfcFQvW5YOWa+bsh0GkWn/OCqCy+F3nx4GCimbVVwm67T9eB2WhEy0fw5ZImKnbG19bogJB/S7OyynKhcNFOl7fsckU9eHvRGSeZJPvw2lpSEAHS1mdOVaA0WGVHHGqtOdV6O1N0+FuNIjcPJ+U2cN3paOndjS8ydn8/qQDXeEYtsI8F5B5oBfQEKlNw9ChtjAy57bQlVbGNCs2wTZM/hofAX0it035pK7iwCO0PKaj3Q65M/zk58tlomjr9SI8cAuwQtRUduauhgwltY5B0nWiQS6UcEHKMcNFOlQHgDdmkAWU31KJ6GzlJGErAj+lt1zRUcK92WyE9ucBJwpNEVaglsU8jlozGcSLRGjN648IjT7IP+kUVFwPX77XCmwUAENs6AH2fThGWC5OH4gUi6uvDahY4R/2EyyyHXpctAJjgHT5rIm5vHx05ZGbGhAJln7+KpQpYyASFXIJpNERt96Sb8ekQwyoPWy8mpw6VK+TwEPmbAK+EeRiFvNDHASlHep7GA7CVVbEZNvsIBp0q+aV53xroHaoOU6N3hnRBGk3lUSnN2C9Vj0+yj4rYLbNgJizR4mlPTa7D3JoMP7kSigZYQ1s75xroDkZ8NFWNqHXUhO4XzVTm0=</xenc:CipherValue>
+          </xenc:CipherData>
+        </xenc:EncryptedKey>
+      </ds:KeyInfo>
+      <xenc:CipherData>
+        <xenc:CipherValue>X/2C81lmVE3pfRMYYmlciomHyqJHppGivGlQ61VeHXgXcqwnzTKLCdyL4+601TzuqfRVZnhnX4IKGqBaNHl4ii4nPs1tI22fy/+4B+6XJncwckqut5tDJZJ7axKVBeKXjnD7MnxrlWC4ZgM0O3ZrBLwCD4hV1PMIf118c9U8XjU1ufweEOsBIayco8iqbkrZQPAyW/aNA5pdQePjcEWwrhju6TNugKmiXueMsk0cK3qFM9iHp4caKH8XGndTWo8K9vWDzmmADguChxEgqxBX0IO56PeKvcLtv6IX4ygE4s1re/8ciT9E/mNJjflUQOGOD4Gj71LyROk54DFDTLGyZcRTdMMCsP9w+8DWbr6Obh49k7UZUINSmetbDYB91KVOFJ5KNf7a9clWh9vg+opFao2wXXfbbq47/XaZ6TdwdZc9W8XoNCpMQZt2aMIlwDulabt3g53fBVAv1r8W5lfPh2UoWcmTK9sG7rwwRwAuw6WbUD0/JUETZZyTdq08I4g1bnw/b5CfJz+y8SmBxTSf2nF0KaLwBx2HpaGRyLhSOE4pQp1rWP55W6ac05tVFoPjlCf9rM78kzHw8HLaygurcBODtcPheSY9QLRYatz3g+GY7AkOOf11ZnlTZxM5JlKrKYziHuBxBv7pXiR8HWKQKIO9/f2+m7eYRNxztdY8M6VCPhOcIkJw0LTfTK464JrTEzXldkvksR3HVrOllWjV8tcH577auw6xSDExAzmNq4zbDBvZqIVd+Ov00Ytbz8+ERoVc+zB3eo2LILl8tRvWV+7Dc/Qdiel99LHfW8dOTb+hHWpir1AA9HTHot3/8mpCOuO3GH4GdG/7q9EevhDr5bc9UFjQR+x5GMBYkVVejHDfbu7QmXarVdcYPTggqAiZgjhQqxeTToTYWLZUqfIwUJOrQITVPtCMeUbC6pQcR0VfevcwhO6dKsEiMg1WLb/sMbQftmXmW/cLf5jhOv5+YIRY4gYyTxCD0X6nYOi3u1FFdgQwUTXJMdAYpdOtDIyVCdLgVxKlhJDnwf7NXMk2RIQka7P5pUxoiTTDqao8pjbT5e81TteAq6g3rufIyB6XlzOtcNqvYic+RY2crytvJ77k6XL9NpmcuEuwuCirdLhE4nDQxqEOWnjfXIP00fpZNAkCql7Ri5mHYcMx1Efo0GurQFcrB2SHGp1ciokAb2HV4fxV/SPhH8ADUUBjcxB9kweRjzMosL+srV01f+4pXGiJgrXdQsF9HKZnY85y4Y/Oq3CN8NT5tysEZFP5Y7zN+HyTe5op2Q/rYf35/DMqEE0UZBajrKFiMO+nCT0stIp3xkqdwwtIB08uLdaPuXl/eDfQGXQybTQr12a5WNdXGlHohmsYobPtVKV7BG94I1us0Mzmq3usyVdVoVldu+tH6BQTiEIUJePIo08p/E0yO4jOAFt4dvFe2EkRZM3ZWZQUAgD59M3NRUnupayyEDB09EGSiptYIoUY1VFTg+7/R6xzpfieq3U/a4PJUSJy5Yo5d+zYT+cfu3NDF0uB2FoguI5JCiLz8XTy+M+xI+jPTaVsv4NAbypw8uLhoAkNv26cPgGELvO83Rk50REvMBLALNntFQQxxq/xPqSCmEwl0MZbGvPx+vSe5Qs06zzuiPSOwMdWs0f3KGJLKgxNU/cu33SZdfPEvFmz36WtAMEOV12l4HUL3AiZP1Br54YTYM0w3k8ZwcMlTGt/DriavEbh0UiDhZG1zA978/wYY2qcc7xEu1cbc5OqkoCtyl0jOQC485NSYf/cu+uB45O6BBy5Xqd4vx2X5DnfZfbck9wajMNB8pRwlPtKU3hMg9FeXeCN8Je1zR0NvwMqxwHYil1wGQcmiyR4KdAWNBTghYBrQ7VqJbaQkgU9hFuigltbvAR+Nz/rbXiUxzQQDlsniHARLc6Tcvj8R7vFSESb9rHsfrFTTXZovqAEE0yeluETd4pjiVh47dscec0qvZtxOLlONvEaRUpT8aNTl+9SqhQNt5BeKaxekyqKxvLnDM21y9z/vY7dJX+syPr1WKZ1wDWiRqmvu6jEYgnhhsp8SELoqVc9k31n8g22beDeu4Q/HOgwDiIzJ2INuFeU7hynd0GMW64WG6F3l2W1rssEgrXirpcACZmo7831QwUClkyAcl+nlumtrhJ9V6SyxZAJL+IjAzSnxmh+S5ol+72HFzJB0yV8W13LMRPGPWEENgLsoT7vSsVMLSpL8ctz+aUIdd6CfpVziL61EnVjV+/dZD8QrrTCo/O4gHHQsiddwD4c8VBhrurUawfJacc6rrSVhVFw+VpfRuUf61oZC1BWqJ6RlY08qWvTs/qGfs4/ry82LZkC3ZWhR+gP2g4Xct2u5rOwvbHSD7esq739EJ1A0/dHLYwhYqVeAaAatc2MjLE7FJe5pcSaWYO3sYycfvgJKFoletShj/7bdegQD4Q7zetwnnD+JF33LvKyGkSXlG1mj2fmzFcK7j7bzZ70VmLhPsCVIDzQf+qIi7y/yn7dkvqmwHA1tnHgMIgqQJP53fvdjAMMMW1y2Or9q/g2erEFgHM8xfHXGEOwVllWn/87Vx7OcWDVtB5FlcYB3jF+7jmnyvXyMTg8955TXyFa9RFrKV+C+qNnvCIjVzB7NTkvh+W9mYgGTBErI1WBMMABPkSIy4tIQXHIxEBbYCIWDBE37yMoScbHe0TNxXXWbmp0E6wmEbT9cFgRuuIC6XdqBWpECZFYnbBCoa2JikCFQU1l3144vqrxBrAaTJyDSkCoq2puLuX1PnVJzQOgnb+lTqxO7fxGjvLEHjEOkZtpyRZ1DkxxTVjgjYnab2/eV2mpbtH4w3vULTbA214dZO/+GqQNKKyxrH9/HfN7Zz7jvrozqF8ElC6/ptRllJ17vHOOYp2qJwUloYov7DxJHAliIm2sSmhP5UesIIV0iUfyyH/NIxfBSGZZ60qHM2x/38MHgGbd+ESGi+tcPf6haiPz2WpzQWCLIc/jUSaniV0M01PebnIYr6q2c0lzPC9qf3UqlImPgdVufPBS6WsGzoX6eN0O+1oqvbx+mfa0flbqNX22XlhHv84W6HbsSbReNmLA53ICUsFquViMzgKngpTLvbHQLOaGvTl47J6Ck8nrdWVv1VrWA1FvsRMFroGoWR5Jm1hjXKZXdt9CSpgGBM6xNttqtlHG0l4vyd0AzIGIR8U7WIjbc9g90SCvuaTpcS6Zq6Y/tgnJILy0Ql67wYJUrk4zbd1YfKQHGkJOdwO2UsBxeP526KLOFW+xz53OyZQ7n+dI4zbp4lNy3NNfzeqsS1MMuCjsLLWyiUojXIIy9loIox32LPerj3wFlEvUqkpb/tTI7n1kjMJkUfHpbXpnWsKLmUCkQ8sKNCekV0crMjkHj9uIA01EEolMN4oF7vEKGmJVThEUv8nIoy8QVVnrSHpbogksoTyc1FYrCuJUYhE0DXdoemFNJEuih3qkiECvAaWSuShd0v8gcfN+yzf3XyRdfrPzfeaKj0kkIyxZJKziCqdq4XwIoa+Phy0N36TbuWNa/nNezMc8gqetoSSbZq4Rhy0BYczVO2U4utk1jXqRN3Ketgp+Za8EVDGG9nuqrGG7cuj/pcpUKfPayNaOhjIQxhxwGENklJ03oL01tIVrE3jiCAhmg9m7wJkha8IR1Sfv7NbSA7BmLNprhePH30dPGI5JYodaaBxBfVkkZ8r+cUt1AuzCZtOonTpnsoOp02scQ7szY7TMu0a1P+BUcggNFyIf/aK5o2dcLOLLJHXRYA9aPSDxV/y5R25iQBOY08gC2Qnc1OyXpqUwDH0HfGk8FOU2rwCc9gIPYfONUBRxMCSDdbzRqNxIlqhjIYC+tQAiS5E4ZOUx+0wYOSwrpezubvkOl2qQ1K0O73C4+GrBflzbEDqX15XZed1mFhFtYJ55PitHO33lEfk4fGL0ObwoUnKgIn472P0ZTftRZsVKAWjYLcSZIXijs/rUykkMEpySHofqvClEq8AXjLldghwe44bKjQgW2Vj+hjSdkmFGuOqeUTRxnH+24Wixsko0cNINIaKBbwPRVp6SqBSzOLm/CNewKfP1OvrHOnOQPqpfznpwlwwte/nTyjbOqEAvE95jNR7chH/oUKmwDVvTEhURCqCcKuhh5Z+N16Bj1iWUO5wphYBUOqAez30vtqbwlK7IfUpz6VjA6sg7SLXpIZu86+a7S1KqqqWj36ece4eexoRxjfV05xOr+OpUtjikhT4lfMKTcI0lvwI9cgguuMHxNbw4Qm+4WI4LyFdN353WyanYo2TeDYF9VGrT5NzpuVQJQyrFXoMElOUKlcIZQTdFVPKsOcxb3A/UwByqKcF2/9bQV4SKjIUQ0l5Om3/IwKXgD1zCw5h/ocj/r8a2YrP8ZuRB4/IBLYKWiWV4F0idEP4xz4ArrEB3XNtXY4mXehqmSChlz0IoYk6U3zlmrr9oMhSkyxCcgyzB12qJnOcR96v2BftpGFhTvE/eLgBdUnzKe03DySVWtaC9BRJsyd1Sivca806Y2bGDme7xPWndFSg/XCovWZPV62c3EAMGgVWhhHFXL9LtsXY2KgJt9GvNfUlzYKiBvmHYMlvgxZ53EFgY95tWc8mJiGm9QC8fl3JjKTdkrQRalCQWd3rXjlQq1CaFWiFSd8pbEdym+7PDEwkMPROKHB88CWUh5e/xcrPw6Fl6NH77hX7aQA+IvBrlrEsIGoN6Vkm1GHJ6kMixuiP3y66BEWYfZ5OiHobNOCnNedhmrM3bgUKy7h8I27C+1DBJ+IOwI2jUxiCgSHvsvOXYflCidK2eaVHyz8dbMRZsbNc0R2+QLGteLNeJbDkOLzhMczhOrcKVD5l+4UVhJjSZ2Meq7VGHfAzx1wpN4dFZa7di4qqjkOmOd/fagGtnXL2bIGRWp3GsKqRdhGIK5kCfggBEguzJ2uvFF3O3ZuGy3nLfmjhkkRVxl6LQCA0EQxw9gmjqcDAt1sTi2ubhSJNvo4ihvHNPaWfUyK5pCq43y80dZtNo+kRv7sDtvZaTNDGvx40Zl/Lk6rkQUa9gsLnUPFZHyLnKVP7bmKtAEeiLEdFA6S0rrbDS9zRUj1wUECEdvP0NASU5xDCFiUZJQsgNwCM2s4+4Gwqms3LyS0nepBZwfUcEMHAR9Wa/TcDUzZYbQ3YSFJkwN3nEznX02wr2ANp7QhiAb9VrpwpCnx6Di36DI9mqs8/yt74TyLh9yYTX3p9RLM7UWoqDk997Zmvu6cAnBo6et4REmAS6nvbRtyXPv1LigTvIkfktqIwaaWg/l3rYtu3D/UxkojKxs3uCgJbbwCPEBBUvSb6pMarRC4TrH0rF4RcfqQ9I70lscaJYN016UJ2APo/Ty0G/8jtg+Fc1zqLBPlmG5q+J3WemUiIdiLLXvUFJ6wqL/B0PJfgUOxnYd7GVwji0dlgeMCuv9+UD+541R+qTkqtlGU5WGIH2BCKl8htaET3dksfFUt5VeyICMsz6uZAgVl/Z4vHIEfW5DKeRCGhys5/+CdYHEQDkV+1eA7vXASGVISPGP3DZKIzuAwPjUAfynUXsQSNnlqoQUk7dZWsqrCE9sy9zUxbFK1mrJxctRH3iIysx90dwIn0MHmAv/FWdejKcQK/pioTcvKb13Omg6x0GcJsi2fQRcX2784LOJmovD5C41LpjhvGhBcvc3lFH9XVjzrt6LjnaWhUbYkOPzVsnD8j/FPHVyW11fgXjW4MO75J4cyIK7x5STvGEFF14RrAIAEX7oteNyCx/diRF5pJhGl+3H4PAZ/2THcj43pPUJcGm5VhczxaL/Srty3QiVlVd/9vV/1tTUzk86KeActJRKQeONgBxKeABs/Hqag2pn6XP19MG5wrkQ0m9i5xAla4SFPHOjLbc5XD8Y0onMtaXyacG5MrpSOBLyJMsKUKPD46oOXydWP8R7L6n+DTgEktTKRpfsmUM0BVk24tNLffKEfHxNMT1zgSP/HFTJ2QEhHvnYQcw+DXQ51BfEjsCYkD1xhiLZj1FPTEPssmTrr7b56uRHCwlPxOBJpSWHzrBMWmehT9NBNtn+qYu+6xIIXJk9DSSV9uvevlOEwBCrjBF0+GPmDAiyWWf/rdFuMlnVQB5Mui47zvWSpb0Qj4qe3w3H80Q14OxP05ZmH/e5Uq4k+KuLmYdd4zIE06JcKdY5cttIqlm+NydbkdM7NDEb/g8LDdB38t7FnP1NoMXlleKcA7ufirWt+/tVEJG6NjFgYqVW14fsd8yAOSh3r2Mqbs086zvzx/MnFj2fJXuK3wEYiql/7UFO+OlxuNwI1otDyCzHhTi11AbxkKVsDSefWS7Zo4oohXb5dB9wKXxa9w+dnO3z/phRdscwPJ+Qu8/vOH0l/3JPKh+SM5gLP7tvisOF0EqriKelK5kUdBSoLqlRQgW46KcxLbWSKRxxkgO6jZXDTVQ05Sqlg1zW72SzFDSbLI98C6oiP5qAHAo5v4oVXHtCpu8FA8U1A3Wengvs/cxisaPmj4CFkgiGb6nZOFaHuDip97CL76vVXYvkgEfbH1ig63kEWhAa91kxFzuDPwiigCOYkWbJyhfj5OrWKDX+fSJxHzwDy+sRXkJz0r9dV7PHX9k5Z18kj7HZJ1NO26Wn6pORhnu45jQ1+yLOmaFcYnE4v/oN8V3Mpm4ExeXI9mtivfufrJ4rCjCLJLSmMyv4BqrQuznLPuuKBKmrRDAB8K+IZrnHjD+0CVgFg61i/J/ZKay7UgeTUOwTm75du04spjqrP8tPvqANdKC5/VNqBborENtv3tR0oE+g2eAPGuCU+dlpRqj8N4g/OnXCl7NnHpoJEV6vZ00J51fT2Jkttr0sIv8USlpAPgVEMAMxUEBqNjN0Mnu5JWSRErIR9b1CMkJ4mBSQ9nh9R15hA7F23BpB1bq+YFNJlUlNL5gN/xwpL2sFZNPmMuC3VaCgTy/R4VuYdKN0liLKN0Lx7LpyzrxP405n/nPhpTiQw0OKonMv9l6gzudQMQa0/s8jGJnrNn7G5Bber1Cg6UVhmUF7zT+UAqM+CwfHku4iju54kFmNK6M3xmfuONXnnZm1kLQB5O8q+wVZuQiMx4jLk2UeDalxMNMRl2burp8YKzzzcLzd2Yhk1Esa4L01s/cTvCwTs0Kj/bmIS3X5Qr+wRXNWgHbcO8mYSMJq0HM3T8GhoOZKeLZnIcpMyNrzSRVpw7XDAkboYwK8a5o/qlLq3mGMJ5N3sSsh0yEmLJjyCztdyuc6AOLDeUuUqf2kGVxFENPnpwIuDA6N9SMaHK3GYtzWj8fI4SYUdAtjSb8UOC0oD+fbPndiv3ED6X+7ZcC+cUjhFXV7V+WrrNkQv3nIpU+jolc1JGNrEUCBF2MxXrw1Av/zRdx45wZVRZdj20c/oE2f6TmrshO1rirZKh8D4c/Ho2rp+++JLdHzMVdpsqSyDmSZ+Tob3Cu91OmFBEmm8x+OUOIlHCIGPnqcQMcNXJVVnCxJZVFt4zFr0HtPdc4p2tlZKUbKYXox1YvYo486bDizY++E5bvadlHYMqQq+6ZPyg8JiMf+i0S8Byo33LpD0gWRcOIOD3YrqDKL/cFGrT39QaVn7TOMI3KAR1JXiK40/6W6JkxRFNZFrHUI6166+oJ3/+3fF3QdfZWR0hs7YD135VpZWDA45IbMwTLUmVW4p18L/mkxA1Q9acJj3OR4h5KNQ0axPvs12fz106xcHK21x74k81gEyiZj4Y1ynXXIYnXzRmWtozW85GYbcxY+L8w3oPerTaF3PFsVLzv+3m/Xh82aaMpADzUcOwjKzjf8oYUz4uCN4zXC+jV4dsYWqxwmkieADP9VB4CCAiiVyUM/TUm1StnsetAEpNPF2X59ttFkKTOmLD6/zMit5TJSHBc+WWqUllKXCgvfHdlkZSayfoeSmj42P9Zgmh9a6CtuplbDzGlLf1VJE2EQxvR8ROzt1C1Ncu3dSx4xDzIX1rUaK41dGikmX6ify6qA5sI8OeqGRe148FNd+6TwKa3aALdPFralJmjsoG1Ouo8AWE80jVPsX80HKkNMU1MZrGoKI4UXpOqUibWxsmiztPY/tRoNEWIOIvrtT5LIY55DXJmWF7juHphRY2SBB9OxsPeDVofk7kaMDL12yZpai4ZFFAJEGr2xoD5ldGpqud+Mi8PD1Lm2rzdQFNGnEFYAY+lXEMJH9KeGminYHGlWj51rup1Z5mPf8v8JEaAYtajzS46N11xuietAEPgEmyjUTbDypTUADzerXay9UbIGoUdza+o85ULWgk3O2vDNIYWEhx6GcQVpJJ7eiGp/zmvuhD+5zJTqdkGpe4sUpgbZx04DS1HeUO+QOY4W/3T8MDYshpzhVKIEsLHh9HPC2H5wUYEMHwmTC51CecTwkCWnFUy9O1lol4BhvusRGsTQeq5KKhOn/hb4jp6giacJe2U7cjbVvYH35v4i4U6LX4q5KFaPPZ+J6ogdTaXeZL6gsMEORYQuJaawt6Vv+aij5pFOCF01Vi/5hdaPmYpKQr2y6/YMCUkVwi3fBImGTPGf2FfxP1DEkmJjD01HDsmajKY+sPBXTytB8IPJTJfhcbxKvnYvxtQ0U60JEmVZ3Q8Y2yzGQcYTc1dLlS5uYjb6XBt5bcFWVtKYDVJhmdtcxjOk4yJ6OhEUZIxRgosE/m7WXd+r3bbndwnlBdDmNOtXQoI4+qJg00W396JCD4WtpVnCp2m1zROZskoK6/lABw3I9rH/i0QE0GHXHKmMxiB3WcptXlmxSspb3SMA3pAKhVWG8xz4/S3FI7LEE9XZJK7JB1KfM6EADBc1gR/zUPGV6kugZhzOvQqFgKkB9kPmrpa6D0hwzToD8incMEiglVSgPhp+YNExEGt3nX5/GEepFc6xb63A2DbPrFo5H67XldLANs88xZU+n9ZtSJb0Wm65E5sNNhEyEk=</xenc:CipherValue>
+      </xenc:CipherData>
+    </xenc:EncryptedData>
+  </saml:EncryptedAssertion>
+</samlp:Response>