/*
- * Copyright 2001-2007 Internet2
- *
+ * Copyright 2001-2010 Internet2
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* limitations under the License.
*/
-/* siterefresh.cpp - command-line tool to refresh and verify metadata
-
- Scott Cantor
- 5/12/03
-
- $Id:siterefresh.cpp 2252 2007-05-20 20:20:57Z cantor $
-*/
+/**
+ * samlsign.cpp
+ *
+ * Command-line tool to sign and verify objects.
+ */
#if defined (_MSC_VER) || defined(__BORLANDC__)
# include "config_win32.h"
#include <saml/util/SAMLConstants.h>
#include <xmltooling/logging.h>
#include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/security/Credential.h>
#include <xmltooling/security/SignatureTrustEngine.h>
#include <xmltooling/signature/Signature.h>
#include <xmltooling/signature/SignatureValidator.h>
+#include <xmltooling/util/ParserPool.h>
#include <xmltooling/util/XMLHelper.h>
#include <fstream>
#include <xercesc/framework/LocalFileInputSource.hpp>
-#include <xercesc/framework/URLInputSource.hpp>
#include <xercesc/framework/StdInInputSource.hpp>
#include <xercesc/framework/Wrapper4InputSource.hpp>
ifstream in(path);
DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
XercesJanitor<DOMDocument> janitor(doc);
-
+
static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
- auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(NULL,_type));
+ auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(nullptr,_type));
if (type.get() && *type.get())
return mgr.newPlugin(type.get(), doc->getDocumentElement());
throw XMLToolingException("Missing type in plugin configuration.");
DOMDocument* doc = XMLToolingConfig::getConfig().getParser().newDocument();
XercesJanitor<DOMDocument> janitor(doc);
- DOMElement* root = doc->createElementNS(NULL, _CredentialResolver);
+ DOMElement* root = doc->createElementNS(nullptr, _CredentialResolver);
if (key) {
auto_ptr_XMLCh widenit(key);
- root->setAttributeNS(NULL, _key, widenit.get());
+ root->setAttributeNS(nullptr, _key, widenit.get());
}
if (cert) {
auto_ptr_XMLCh widenit(cert);
- root->setAttributeNS(NULL, _certificate, widenit.get());
+ root->setAttributeNS(nullptr, _certificate, widenit.get());
}
return XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, root);
public:
DummyCredentialResolver() {}
~DummyCredentialResolver() {}
-
+
Lockable* lock() {return this;}
void unlock() {}
-
- const Credential* resolve(const CredentialCriteria* criteria=NULL) const {return NULL;}
+
+ const Credential* resolve(const CredentialCriteria* criteria=nullptr) const {return nullptr;}
vector<const Credential*>::size_type resolve(
- vector<const Credential*>& results, const CredentialCriteria* criteria=NULL
+ vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr
) const {return 0;}
};
int main(int argc,char* argv[])
{
bool verify=true;
- char* url_param=NULL;
- char* path_param=NULL;
- char* key_param=NULL;
- char* cert_param=NULL;
- char* cr_param=NULL;
- char* t_param=NULL;
- char* id_param=NULL;
+ char* url_param=nullptr;
+ char* path_param=nullptr;
+ char* key_param=nullptr;
+ char* cert_param=nullptr;
+ char* cr_param=nullptr;
+ char* t_param=nullptr;
+ char* id_param=nullptr;
// metadata lookup options
- char* m_param=NULL;
- char* issuer=NULL;
- char* prot = NULL;
- const XMLCh* protocol = NULL;
- char* rname = NULL;
- char* rns = NULL;
+ char* m_param=nullptr;
+ char* issuer=nullptr;
+ char* prot = nullptr;
+ const XMLCh* protocol = nullptr;
+ const char* rname = nullptr;
+ char* rns = nullptr;
for (int i=1; i<argc; i++) {
if (!strcmp(argv[i],"-u") && i+1<argc)
cerr << "either -k or -R option required when signing, see documentation for usage" << endl;
return -1;
}
-
+
XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig();
- xmlconf.log_config();
+ xmlconf.log_config(getenv("OPENSAML_LOG_CONFIG"));
SAMLConfig& conf=SAMLConfig::getConfig();
if (!conf.init())
return -2;
try {
// Parse the specified document.
- static XMLCh base[]={chLatin_f, chLatin_i, chLatin_l, chLatin_e, chColon, chForwardSlash, chForwardSlash, chForwardSlash, chNull};
- DOMDocument* doc=NULL;
+ DOMDocument* doc=nullptr;
if (url_param) {
- URLInputSource src(base,url_param);
+ auto_ptr_XMLCh wideurl(url_param);
+ URLInputSource src(wideurl.get());
Wrapper4InputSource dsrc(&src,false);
doc=xmlconf.getParser().parse(dsrc);
}
else if (path_param) {
auto_ptr_XMLCh widenit(path_param);
- LocalFileInputSource src(base,widenit.get());
+ LocalFileInputSource src(widenit.get());
Wrapper4InputSource dsrc(&src,false);
doc=xmlconf.getParser().parse(dsrc);
}
Wrapper4InputSource dsrc(&src,false);
doc=xmlconf.getParser().parse(dsrc);
}
-
+
// Unmarshall it.
XercesJanitor<DOMDocument> jan(doc);
auto_ptr<XMLObject> sourcewrapper(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
if (cert_param || cr_param) {
// Build a resolver to supply trusted credentials.
auto_ptr<CredentialResolver> cr(
- cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(NULL, cert_param)
+ cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(nullptr, cert_param)
);
Locker locker(cr.get());
// Set up criteria.
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY);
if (issuer)
cc.setPeerName(issuer);
}
auto_ptr<MetadataProvider> metadata(buildPlugin(m_param, conf.MetadataProviderManager));
metadata->init();
-
- Locker locker(metadata.get());
- const EntityDescriptor* entity = metadata->getEntityDescriptor(issuer);
- if (!entity)
- throw MetadataException("no metadata found for ($1)", params(1, issuer));
+
const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS;
auto_ptr_XMLCh n(rname);
- QName q(ns, n.get());
- const RoleDescriptor* role = entity->getRoleDescriptor(q, protocol);
- if (!role)
+ xmltooling::QName q(ns, n.get());
+
+ Locker locker(metadata.get());
+ MetadataProvider::Criteria mc(issuer, &q, protocol);
+ pair<const EntityDescriptor*,const RoleDescriptor*> entity = metadata->getEntityDescriptor(mc);
+ if (!entity.first)
+ throw MetadataException("no metadata found for ($1)", params(1, issuer));
+ else if (!entity.second)
throw MetadataException("compatible role $1 not found for ($2)", params(2, q.toString().c_str(), issuer));
- MetadataCredentialCriteria mcc(*role);
+ MetadataCredentialCriteria mcc(*entity.second);
if (sigtrust->validate(*signable->getSignature(), *metadata.get(), &mcc))
log.info("successful signature verification");
else
else {
// Set up criteria.
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY);
if (issuer)
cc.setPeerName(issuer);
);
Locker locker(cr.get());
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
const Credential* cred = cr->resolve(&cc);
if (!cred)
throw XMLSecurityException("Unable to resolve a signing credential.");
// Sign response while re-marshalling.
vector<Signature*> sigs(1,sig);
- XMLHelper::serialize(signable->marshall((DOMDocument*)NULL,&sigs,cred), cout);
+ XMLHelper::serialize(signable->marshall((DOMDocument*)nullptr,&sigs,cred), cout);
}
}
catch(exception& e) {