cerr << "either -k or -R option required when signing, see documentation for usage" << endl;
return -1;
}
-
+
+ XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig();
+ xmlconf.log_config();
SAMLConfig& conf=SAMLConfig::getConfig();
if (!conf.init())
return -2;
- XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig();
Category& log = Category::getInstance("OpenSAML.Utility.SAMLSign");
int ret = 0;
// Set up criteria.
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY);
if (issuer)
cc.setPeerName(issuer);
good = true;
break;
}
- catch (exception&) {
+ catch (exception& e) {
+ log.info("error trying verification key: %s", e.what());
}
}
if (!good)
auto_ptr<TrustEngine> trust(buildPlugin(t_param, xmlconf.TrustEngineManager));
SignatureTrustEngine* sigtrust = dynamic_cast<SignatureTrustEngine*>(trust.get());
if (m_param && rname && issuer) {
- if (!protocol) {\r
- if (prot)\r
- protocol = XMLString::transcode(prot);\r
- }\r
- if (!protocol) {\r
- conf.term();\r
- cerr << "use of metadata option requires a protocol option" << endl;\r
- return -1;\r
- }\r
+ if (!protocol) {
+ if (prot)
+ protocol = XMLString::transcode(prot);
+ }
+ if (!protocol) {
+ conf.term();
+ cerr << "use of metadata option requires a protocol option" << endl;
+ return -1;
+ }
auto_ptr<MetadataProvider> metadata(buildPlugin(m_param, conf.MetadataProviderManager));
metadata->init();
+ const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS;
+ auto_ptr_XMLCh n(rname);
+ QName q(ns, n.get());
+
Locker locker(metadata.get());
- const EntityDescriptor* entity = metadata->getEntityDescriptor(issuer);\r
- if (!entity)\r
- throw MetadataException("no metadata found for ($1)", params(1, issuer));\r
- const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS;\r
- auto_ptr_XMLCh n(rname);\r
- QName q(ns, n.get());\r
- const RoleDescriptor* role = entity->getRoleDescriptor(q, protocol);\r
- if (!role)\r
- throw MetadataException("compatible role $1 not found for ($2)", params(2, q.toString().c_str(), issuer));\r
-\r
- MetadataCredentialCriteria mcc(*role);\r
- if (sigtrust->validate(*signable->getSignature(), *metadata.get(), &mcc))\r
+ MetadataProvider::Criteria mc(issuer, &q, protocol);
+ pair<const EntityDescriptor*,const RoleDescriptor*> entity = metadata->getEntityDescriptor(mc);
+ if (!entity.first)
+ throw MetadataException("no metadata found for ($1)", params(1, issuer));
+ else if (!entity.second)
+ throw MetadataException("compatible role $1 not found for ($2)", params(2, q.toString().c_str(), issuer));
+
+ MetadataCredentialCriteria mcc(*entity.second);
+ if (sigtrust->validate(*signable->getSignature(), *metadata.get(), &mcc))
log.info("successful signature verification");
- else\r
- throw SignatureException("Unable to verify signature with TrustEngine and supplied metadata.");\r
+ else
+ throw SignatureException("Unable to verify signature with TrustEngine and supplied metadata.");
}
else {
// Set up criteria.
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY);
if (issuer)
cc.setPeerName(issuer);
DummyCredentialResolver dummy;
- if (sigtrust->validate(*signable->getSignature(), dummy, &cc))\r
+ if (sigtrust->validate(*signable->getSignature(), dummy, &cc))
log.info("successful signature verification");
- else\r
- throw SignatureException("Unable to verify signature with TrustEngine (no metadata supplied).");\r
+ else
+ throw SignatureException("Unable to verify signature with TrustEngine (no metadata supplied).");
}
}
}
);
Locker locker(cr.get());
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
const Credential* cred = cr->resolve(&cc);
if (!cred)
throw XMLSecurityException("Unable to resolve a signing credential.");
}
}
catch(exception& e) {
- log.errorStream() << "caught an exception: " << e.what() << CategoryStream::ENDLINE;
+ log.errorStream() << "caught an exception: " << e.what() << logging::eol;
ret=-10;
}
- catch(XMLException& e) {
- auto_ptr_char temp(e.getMessage());
- log.errorStream() << "caught a Xerces exception: " << temp.get() << CategoryStream::ENDLINE;
- ret=-20;
- }
conf.term();
return ret;