X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=samlsign%2Fsamlsign.cpp;h=a86fdeb5d3366069e15b4ab03ad4c3111ce087de;hb=db44995ea6c326dcb51387a888da823c5d86c866;hp=e0e29900bd964fba6282d837b2071c86a5e06c89;hpb=425c0161d1296040504e2696a3c46e3c5caaf6b7;p=shibboleth%2Fcpp-opensaml.git

diff --git a/samlsign/samlsign.cpp b/samlsign/samlsign.cpp
index e0e2990..a86fdeb 100644
--- a/samlsign/samlsign.cpp
+++ b/samlsign/samlsign.cpp
@@ -1,26 +1,28 @@
-/*
- *  Copyright 2001-2009 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
  */
 
-/* siterefresh.cpp - command-line tool to refresh and verify metadata
-
-   Scott Cantor
-   5/12/03
-
-   $Id:siterefresh.cpp 2252 2007-05-20 20:20:57Z cantor $
-*/
+/**
+ * samlsign.cpp
+ *
+ * Command-line tool to sign and verify objects.
+ */
 
 #if defined (_MSC_VER) || defined(__BORLANDC__)
 # include "config_win32.h"
@@ -37,13 +39,16 @@
 #include <saml/saml2/metadata/Metadata.h>
 #include <saml/saml2/metadata/MetadataProvider.h>
 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
+#include <saml/signature/ContentReference.h>
 #include <saml/signature/SignatureProfileValidator.h>
 #include <saml/util/SAMLConstants.h>
 #include <xmltooling/logging.h>
 #include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/security/Credential.h>
 #include <xmltooling/security/SignatureTrustEngine.h>
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/signature/SignatureValidator.h>
+#include <xmltooling/util/ParserPool.h>
 #include <xmltooling/util/XMLHelper.h>
 
 #include <fstream>
@@ -68,7 +73,7 @@ template<class T> T* buildPlugin(const char* path, PluginManager<T,string,const
     XercesJanitor<DOMDocument> janitor(doc);
 
     static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
-    auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(NULL,_type));
+    auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(nullptr,_type));
     if (type.get() && *type.get())
         return mgr.newPlugin(type.get(), doc->getDocumentElement());
     throw XMLToolingException("Missing type in plugin configuration.");
@@ -82,14 +87,14 @@ CredentialResolver* buildSimpleResolver(const char* key, const char* cert)
 
     DOMDocument* doc = XMLToolingConfig::getConfig().getParser().newDocument();
     XercesJanitor<DOMDocument> janitor(doc);
-    DOMElement* root = doc->createElementNS(NULL, _CredentialResolver);
+    DOMElement* root = doc->createElementNS(nullptr, _CredentialResolver);
     if (key) {
         auto_ptr_XMLCh widenit(key);
-        root->setAttributeNS(NULL, _key, widenit.get());
+        root->setAttributeNS(nullptr, _key, widenit.get());
     }
     if (cert) {
         auto_ptr_XMLCh widenit(cert);
-        root->setAttributeNS(NULL, _certificate, widenit.get());
+        root->setAttributeNS(nullptr, _certificate, widenit.get());
     }
 
     return XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, root);
@@ -104,30 +109,32 @@ public:
     Lockable* lock() {return this;}
     void unlock() {}
 
-    const Credential* resolve(const CredentialCriteria* criteria=NULL) const {return NULL;}
+    const Credential* resolve(const CredentialCriteria* criteria=nullptr) const {return nullptr;}
     vector<const Credential*>::size_type resolve(
-        vector<const Credential*>& results, const CredentialCriteria* criteria=NULL
+        vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr
         ) const {return 0;}
 };
 
 int main(int argc,char* argv[])
 {
-    bool verify=true;
-    char* url_param=NULL;
-    char* path_param=NULL;
-    char* key_param=NULL;
-    char* cert_param=NULL;
-    char* cr_param=NULL;
-    char* t_param=NULL;
-    char* id_param=NULL;
+    bool verify=true,validate=false;
+    char* url_param=nullptr;
+    char* path_param=nullptr;
+    char* key_param=nullptr;
+    char* cert_param=nullptr;
+    char* cr_param=nullptr;
+    char* t_param=nullptr;
+    char* id_param=nullptr;
+    char* alg_param=nullptr;
+    char* dig_param=nullptr;
 
     // metadata lookup options
-    char* m_param=NULL;
-    char* issuer=NULL;
-    char* prot = NULL;
-    const XMLCh* protocol = NULL;
-    char* rname = NULL;
-    char* rns = NULL;
+    char* m_param=nullptr;
+    char* issuer=nullptr;
+    char* prot = nullptr;
+    const XMLCh* protocol = nullptr;
+    const char* rname = nullptr;
+    char* rns = nullptr;
 
     for (int i=1; i<argc; i++) {
         if (!strcmp(argv[i],"-u") && i+1<argc)
@@ -154,8 +161,14 @@ int main(int argc,char* argv[])
             prot=argv[++i];
         else if (!strcmp(argv[i],"-r") && i+1<argc)
             rname=argv[++i];
+        else if (!strcmp(argv[i],"-V"))
+            validate = true;
         else if (!strcmp(argv[i],"-ns") && i+1<argc)
             rns=argv[++i];
+        else if (!strcmp(argv[i],"-alg") && i+1<argc)
+            alg_param=argv[++i];
+        else if (!strcmp(argv[i],"-dig") && i+1<argc)
+            dig_param=argv[++i];
         else if (!strcmp(argv[i],"-saml10"))
             protocol=samlconstants::SAML10_PROTOCOL_ENUM;
         else if (!strcmp(argv[i],"-saml11"))
@@ -182,7 +195,9 @@ int main(int argc,char* argv[])
     }
 
     XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig();
-    xmlconf.log_config();
+    xmlconf.log_config(getenv("OPENSAML_LOG_CONFIG"));
+    if (getenv("OPENSAML_SCHEMAS"))
+        xmlconf.catalog_path = getenv("OPENSAML_SCHEMAS");
     SAMLConfig& conf=SAMLConfig::getConfig();
     if (!conf.init())
         return -2;
@@ -192,23 +207,32 @@ int main(int argc,char* argv[])
 
     try {
         // Parse the specified document.
-        DOMDocument* doc=NULL;
+        DOMDocument* doc=nullptr;
         if (url_param) {
             auto_ptr_XMLCh wideurl(url_param);
             URLInputSource src(wideurl.get());
             Wrapper4InputSource dsrc(&src,false);
-            doc=xmlconf.getParser().parse(dsrc);
+            if (validate)
+                doc = xmlconf.getValidatingParser().parse(dsrc);
+            else
+                doc = xmlconf.getParser().parse(dsrc);
         }
         else if (path_param) {
             auto_ptr_XMLCh widenit(path_param);
             LocalFileInputSource src(widenit.get());
             Wrapper4InputSource dsrc(&src,false);
-            doc=xmlconf.getParser().parse(dsrc);
+            if (validate)
+                doc = xmlconf.getValidatingParser().parse(dsrc);
+            else
+                doc = xmlconf.getParser().parse(dsrc);
         }
         else {
             StdInInputSource src;
             Wrapper4InputSource dsrc(&src,false);
-            doc=xmlconf.getParser().parse(dsrc);
+            if (validate)
+                doc = xmlconf.getValidatingParser().parse(dsrc);
+            else
+                doc = xmlconf.getParser().parse(dsrc);
         }
 
         // Unmarshall it.
@@ -240,7 +264,7 @@ int main(int argc,char* argv[])
             if (cert_param || cr_param) {
                 // Build a resolver to supply trusted credentials.
                 auto_ptr<CredentialResolver> cr(
-                    cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(NULL, cert_param)
+                    cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(nullptr, cert_param)
                     );
                 Locker locker(cr.get());
 
@@ -340,10 +364,18 @@ int main(int argc,char* argv[])
             // Attach new signature.
             Signature* sig = SignatureBuilder::buildSignature();
             signable->setSignature(sig);
+            auto_ptr_XMLCh alg(alg_param);
+            if (alg.get()) {
+                sig->setSignatureAlgorithm(alg.get());
+            }
+            auto_ptr_XMLCh dig(dig_param);
+            if (dig.get()) {
+            	dynamic_cast<opensaml::ContentReference*>(sig->getContentReference())->setDigestAlgorithm(dig.get());
+            }
 
             // Sign response while re-marshalling.
             vector<Signature*> sigs(1,sig);
-            XMLHelper::serialize(signable->marshall((DOMDocument*)NULL,&sigs,cred), cout);
+            XMLHelper::serialize(signable->marshall((DOMDocument*)nullptr,&sigs,cred), cout);
         }
     }
     catch(exception& e) {