-/*
- * Copyright 2001-2007 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
-/* siterefresh.cpp - command-line tool to refresh and verify metadata
-
- Scott Cantor
- 5/12/03
-
- $Id:siterefresh.cpp 2252 2007-05-20 20:20:57Z cantor $
-*/
+/**
+ * samlsign.cpp
+ *
+ * Command-line tool to sign and verify objects.
+ */
#if defined (_MSC_VER) || defined(__BORLANDC__)
# include "config_win32.h"
#include <saml/saml2/metadata/Metadata.h>
#include <saml/saml2/metadata/MetadataProvider.h>
#include <saml/saml2/metadata/MetadataCredentialCriteria.h>
+#include <saml/signature/ContentReference.h>
#include <saml/signature/SignatureProfileValidator.h>
#include <saml/util/SAMLConstants.h>
#include <xmltooling/logging.h>
#include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/security/Credential.h>
#include <xmltooling/security/SignatureTrustEngine.h>
#include <xmltooling/signature/Signature.h>
#include <xmltooling/signature/SignatureValidator.h>
+#include <xmltooling/util/ParserPool.h>
#include <xmltooling/util/XMLHelper.h>
#include <fstream>
#include <xercesc/framework/LocalFileInputSource.hpp>
-#include <xercesc/framework/URLInputSource.hpp>
#include <xercesc/framework/StdInInputSource.hpp>
#include <xercesc/framework/Wrapper4InputSource.hpp>
ifstream in(path);
DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
XercesJanitor<DOMDocument> janitor(doc);
-
+
static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
- auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(NULL,_type));
+ auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(nullptr,_type));
if (type.get() && *type.get())
return mgr.newPlugin(type.get(), doc->getDocumentElement());
throw XMLToolingException("Missing type in plugin configuration.");
DOMDocument* doc = XMLToolingConfig::getConfig().getParser().newDocument();
XercesJanitor<DOMDocument> janitor(doc);
- DOMElement* root = doc->createElementNS(NULL, _CredentialResolver);
+ DOMElement* root = doc->createElementNS(nullptr, _CredentialResolver);
if (key) {
auto_ptr_XMLCh widenit(key);
- root->setAttributeNS(NULL, _key, widenit.get());
+ root->setAttributeNS(nullptr, _key, widenit.get());
}
if (cert) {
auto_ptr_XMLCh widenit(cert);
- root->setAttributeNS(NULL, _certificate, widenit.get());
+ root->setAttributeNS(nullptr, _certificate, widenit.get());
}
return XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, root);
public:
DummyCredentialResolver() {}
~DummyCredentialResolver() {}
-
+
Lockable* lock() {return this;}
void unlock() {}
-
- const Credential* resolve(const CredentialCriteria* criteria=NULL) const {return NULL;}
+
+ const Credential* resolve(const CredentialCriteria* criteria=nullptr) const {return nullptr;}
vector<const Credential*>::size_type resolve(
- vector<const Credential*>& results, const CredentialCriteria* criteria=NULL
+ vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr
) const {return 0;}
};
int main(int argc,char* argv[])
{
- bool verify=true;
- char* url_param=NULL;
- char* path_param=NULL;
- char* key_param=NULL;
- char* cert_param=NULL;
- char* cr_param=NULL;
- char* t_param=NULL;
- char* id_param=NULL;
+ bool verify=true,validate=false;
+ char* url_param=nullptr;
+ char* path_param=nullptr;
+ char* key_param=nullptr;
+ char* cert_param=nullptr;
+ char* cr_param=nullptr;
+ char* t_param=nullptr;
+ char* id_param=nullptr;
+ char* alg_param=nullptr;
+ char* dig_param=nullptr;
// metadata lookup options
- char* m_param=NULL;
- char* issuer=NULL;
- char* prot = NULL;
- const XMLCh* protocol = NULL;
- char* rname = NULL;
- char* rns = NULL;
+ char* m_param=nullptr;
+ char* issuer=nullptr;
+ char* prot = nullptr;
+ const XMLCh* protocol = nullptr;
+ const char* rname = nullptr;
+ char* rns = nullptr;
for (int i=1; i<argc; i++) {
if (!strcmp(argv[i],"-u") && i+1<argc)
prot=argv[++i];
else if (!strcmp(argv[i],"-r") && i+1<argc)
rname=argv[++i];
+ else if (!strcmp(argv[i],"-V"))
+ validate = true;
else if (!strcmp(argv[i],"-ns") && i+1<argc)
rns=argv[++i];
+ else if (!strcmp(argv[i],"-alg") && i+1<argc)
+ alg_param=argv[++i];
+ else if (!strcmp(argv[i],"-dig") && i+1<argc)
+ dig_param=argv[++i];
else if (!strcmp(argv[i],"-saml10"))
protocol=samlconstants::SAML10_PROTOCOL_ENUM;
else if (!strcmp(argv[i],"-saml11"))
cerr << "either -k or -R option required when signing, see documentation for usage" << endl;
return -1;
}
-
+
XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig();
- xmlconf.log_config();
+ xmlconf.log_config(getenv("OPENSAML_LOG_CONFIG"));
+ if (getenv("OPENSAML_SCHEMAS"))
+ xmlconf.catalog_path = getenv("OPENSAML_SCHEMAS");
SAMLConfig& conf=SAMLConfig::getConfig();
if (!conf.init())
return -2;
try {
// Parse the specified document.
- static XMLCh base[]={chLatin_f, chLatin_i, chLatin_l, chLatin_e, chColon, chForwardSlash, chForwardSlash, chForwardSlash, chNull};
- DOMDocument* doc=NULL;
+ DOMDocument* doc=nullptr;
if (url_param) {
- URLInputSource src(base,url_param);
+ auto_ptr_XMLCh wideurl(url_param);
+ URLInputSource src(wideurl.get());
Wrapper4InputSource dsrc(&src,false);
- doc=xmlconf.getParser().parse(dsrc);
+ if (validate)
+ doc = xmlconf.getValidatingParser().parse(dsrc);
+ else
+ doc = xmlconf.getParser().parse(dsrc);
}
else if (path_param) {
auto_ptr_XMLCh widenit(path_param);
- LocalFileInputSource src(base,widenit.get());
+ LocalFileInputSource src(widenit.get());
Wrapper4InputSource dsrc(&src,false);
- doc=xmlconf.getParser().parse(dsrc);
+ if (validate)
+ doc = xmlconf.getValidatingParser().parse(dsrc);
+ else
+ doc = xmlconf.getParser().parse(dsrc);
}
else {
StdInInputSource src;
Wrapper4InputSource dsrc(&src,false);
- doc=xmlconf.getParser().parse(dsrc);
+ if (validate)
+ doc = xmlconf.getValidatingParser().parse(dsrc);
+ else
+ doc = xmlconf.getParser().parse(dsrc);
}
-
+
// Unmarshall it.
XercesJanitor<DOMDocument> jan(doc);
auto_ptr<XMLObject> sourcewrapper(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
if (cert_param || cr_param) {
// Build a resolver to supply trusted credentials.
auto_ptr<CredentialResolver> cr(
- cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(NULL, cert_param)
+ cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(nullptr, cert_param)
);
Locker locker(cr.get());
}
auto_ptr<MetadataProvider> metadata(buildPlugin(m_param, conf.MetadataProviderManager));
metadata->init();
-
+
const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS;
auto_ptr_XMLCh n(rname);
xmltooling::QName q(ns, n.get());
// Attach new signature.
Signature* sig = SignatureBuilder::buildSignature();
+ if (alg_param) {
+ auto_ptr_XMLCh alg(alg_param);
+ sig->setSignatureAlgorithm(alg.get());
+ }
+ if (dig_param) {
+ auto_ptr_XMLCh dig(dig_param);
+ dynamic_cast<opensaml::ContentReference*>(sig->getContentReference())->setDigestAlgorithm(dig.get());
+ }
signable->setSignature(sig);
// Sign response while re-marshalling.
vector<Signature*> sigs(1,sig);
- XMLHelper::serialize(signable->marshall((DOMDocument*)NULL,&sigs,cred), cout);
+ XMLHelper::serialize(signable->marshall((DOMDocument*)nullptr,&sigs,cred), cout);
}
}
catch(exception& e) {