X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=samlsign%2Fsamlsign.cpp;h=4b14cdbfc9d096d86f6adaa1d58c18b931b5bda5;hb=9f10292e987cc822929bb83f9462e21874b9863a;hp=04ceb526036d3d4e44a0e3344439e20ec6e31058;hpb=243fee8117a05e1088833e49f6dfe3a17f7f9061;p=shibboleth%2Fcpp-opensaml.git diff --git a/samlsign/samlsign.cpp b/samlsign/samlsign.cpp index 04ceb52..4b14cdb 100644 --- a/samlsign/samlsign.cpp +++ b/samlsign/samlsign.cpp @@ -1,6 +1,6 @@ /* - * Copyright 2001-2007 Internet2 - * + * Copyright 2001-2009 Internet2 + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -14,13 +14,11 @@ * limitations under the License. */ -/* siterefresh.cpp - command-line tool to refresh and verify metadata - - Scott Cantor - 5/12/03 - - $Id:siterefresh.cpp 2252 2007-05-20 20:20:57Z cantor $ -*/ +/** + * samlsign.cpp + * + * Command-line tool to sign and verify objects. + */ #if defined (_MSC_VER) || defined(__BORLANDC__) # include "config_win32.h" @@ -41,14 +39,15 @@ #include #include #include +#include #include #include #include +#include #include #include #include -#include #include #include @@ -67,7 +66,7 @@ template T* buildPlugin(const char* path, PluginManager janitor(doc); - + static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e); auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(NULL,_type)); if (type.get() && *type.get()) @@ -101,10 +100,10 @@ class DummyCredentialResolver : public CredentialResolver public: DummyCredentialResolver() {} ~DummyCredentialResolver() {} - + Lockable* lock() {return this;} void unlock() {} - + const Credential* resolve(const CredentialCriteria* criteria=NULL) const {return NULL;} vector::size_type resolve( vector& results, const CredentialCriteria* criteria=NULL @@ -181,7 +180,7 @@ int main(int argc,char* argv[]) cerr << "either -k or -R option required when signing, see documentation for usage" << endl; return -1; } - + XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig(); xmlconf.log_config(); SAMLConfig& conf=SAMLConfig::getConfig(); @@ -193,16 +192,16 @@ int main(int argc,char* argv[]) try { // Parse the specified document. - static XMLCh base[]={chLatin_f, chLatin_i, chLatin_l, chLatin_e, chColon, chForwardSlash, chForwardSlash, chForwardSlash, chNull}; DOMDocument* doc=NULL; if (url_param) { - URLInputSource src(base,url_param); + auto_ptr_XMLCh wideurl(url_param); + URLInputSource src(wideurl.get()); Wrapper4InputSource dsrc(&src,false); doc=xmlconf.getParser().parse(dsrc); } else if (path_param) { auto_ptr_XMLCh widenit(path_param); - LocalFileInputSource src(base,widenit.get()); + LocalFileInputSource src(widenit.get()); Wrapper4InputSource dsrc(&src,false); doc=xmlconf.getParser().parse(dsrc); } @@ -211,7 +210,7 @@ int main(int argc,char* argv[]) Wrapper4InputSource dsrc(&src,false); doc=xmlconf.getParser().parse(dsrc); } - + // Unmarshall it. XercesJanitor jan(doc); auto_ptr sourcewrapper(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true)); @@ -247,7 +246,7 @@ int main(int argc,char* argv[]) // Set up criteria. CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY); if (issuer) cc.setPeerName(issuer); @@ -265,7 +264,8 @@ int main(int argc,char* argv[]) good = true; break; } - catch (exception&) { + catch (exception& e) { + log.info("error trying verification key: %s", e.what()); } } if (!good) @@ -291,19 +291,20 @@ int main(int argc,char* argv[]) } auto_ptr metadata(buildPlugin(m_param, conf.MetadataProviderManager)); metadata->init(); - - Locker locker(metadata.get()); - const EntityDescriptor* entity = metadata->getEntityDescriptor(issuer); - if (!entity) - throw MetadataException("no metadata found for ($1)", params(1, issuer)); + const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS; auto_ptr_XMLCh n(rname); - QName q(ns, n.get()); - const RoleDescriptor* role = entity->getRoleDescriptor(q, protocol); - if (!role) + xmltooling::QName q(ns, n.get()); + + Locker locker(metadata.get()); + MetadataProvider::Criteria mc(issuer, &q, protocol); + pair entity = metadata->getEntityDescriptor(mc); + if (!entity.first) + throw MetadataException("no metadata found for ($1)", params(1, issuer)); + else if (!entity.second) throw MetadataException("compatible role $1 not found for ($2)", params(2, q.toString().c_str(), issuer)); - MetadataCredentialCriteria mcc(*role); + MetadataCredentialCriteria mcc(*entity.second); if (sigtrust->validate(*signable->getSignature(), *metadata.get(), &mcc)) log.info("successful signature verification"); else @@ -312,7 +313,7 @@ int main(int argc,char* argv[]) else { // Set up criteria. CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY); if (issuer) cc.setPeerName(issuer); @@ -331,7 +332,7 @@ int main(int argc,char* argv[]) ); Locker locker(cr.get()); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); const Credential* cred = cr->resolve(&cc); if (!cred) throw XMLSecurityException("Unable to resolve a signing credential."); @@ -346,14 +347,9 @@ int main(int argc,char* argv[]) } } catch(exception& e) { - log.errorStream() << "caught an exception: " << e.what() << CategoryStream::ENDLINE; + log.errorStream() << "caught an exception: " << e.what() << logging::eol; ret=-10; } - catch(XMLException& e) { - auto_ptr_char temp(e.getMessage()); - log.errorStream() << "caught a Xerces exception: " << temp.get() << CategoryStream::ENDLINE; - ret=-20; - } conf.term(); return ret;