X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=samlsign%2Fsamlsign.cpp;h=a86fdeb5d3366069e15b4ab03ad4c3111ce087de;hb=e8376acd99b843e401b0d4c92db2bd6135046097;hp=9cdaa91c5e9f87aae0994be108becc9ab2ce8e38;hpb=5cd3da8d9bd792f4a24372ab8e6d24b8409df41a;p=shibboleth%2Fcpp-opensaml.git

diff --git a/samlsign/samlsign.cpp b/samlsign/samlsign.cpp
index 9cdaa91..a86fdeb 100644
--- a/samlsign/samlsign.cpp
+++ b/samlsign/samlsign.cpp
@@ -1,26 +1,28 @@
-/*
- *  Copyright 2001-2007 Internet2
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
  */
 
-/* siterefresh.cpp - command-line tool to refresh and verify metadata
-
-   Scott Cantor
-   5/12/03
-
-   $Id:siterefresh.cpp 2252 2007-05-20 20:20:57Z cantor $
-*/
+/**
+ * samlsign.cpp
+ *
+ * Command-line tool to sign and verify objects.
+ */
 
 #if defined (_MSC_VER) || defined(__BORLANDC__)
 # include "config_win32.h"
@@ -37,18 +39,20 @@
 #include <saml/saml2/metadata/Metadata.h>
 #include <saml/saml2/metadata/MetadataProvider.h>
 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
+#include <saml/signature/ContentReference.h>
 #include <saml/signature/SignatureProfileValidator.h>
 #include <saml/util/SAMLConstants.h>
 #include <xmltooling/logging.h>
 #include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/security/Credential.h>
 #include <xmltooling/security/SignatureTrustEngine.h>
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/signature/SignatureValidator.h>
+#include <xmltooling/util/ParserPool.h>
 #include <xmltooling/util/XMLHelper.h>
 
 #include <fstream>
 #include <xercesc/framework/LocalFileInputSource.hpp>
-#include <xercesc/framework/URLInputSource.hpp>
 #include <xercesc/framework/StdInInputSource.hpp>
 #include <xercesc/framework/Wrapper4InputSource.hpp>
 
@@ -67,9 +71,9 @@ template<class T> T* buildPlugin(const char* path, PluginManager<T,string,const
     ifstream in(path);
     DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
     XercesJanitor<DOMDocument> janitor(doc);
-    
+
     static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
-    auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(NULL,_type));
+    auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(nullptr,_type));
     if (type.get() && *type.get())
         return mgr.newPlugin(type.get(), doc->getDocumentElement());
     throw XMLToolingException("Missing type in plugin configuration.");
@@ -83,14 +87,14 @@ CredentialResolver* buildSimpleResolver(const char* key, const char* cert)
 
     DOMDocument* doc = XMLToolingConfig::getConfig().getParser().newDocument();
     XercesJanitor<DOMDocument> janitor(doc);
-    DOMElement* root = doc->createElementNS(NULL, _CredentialResolver);
+    DOMElement* root = doc->createElementNS(nullptr, _CredentialResolver);
     if (key) {
         auto_ptr_XMLCh widenit(key);
-        root->setAttributeNS(NULL, _key, widenit.get());
+        root->setAttributeNS(nullptr, _key, widenit.get());
     }
     if (cert) {
         auto_ptr_XMLCh widenit(cert);
-        root->setAttributeNS(NULL, _certificate, widenit.get());
+        root->setAttributeNS(nullptr, _certificate, widenit.get());
     }
 
     return XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, root);
@@ -101,34 +105,36 @@ class DummyCredentialResolver : public CredentialResolver
 public:
     DummyCredentialResolver() {}
     ~DummyCredentialResolver() {}
-    
+
     Lockable* lock() {return this;}
     void unlock() {}
-    
-    const Credential* resolve(const CredentialCriteria* criteria=NULL) const {return NULL;}
+
+    const Credential* resolve(const CredentialCriteria* criteria=nullptr) const {return nullptr;}
     vector<const Credential*>::size_type resolve(
-        vector<const Credential*>& results, const CredentialCriteria* criteria=NULL
+        vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr
         ) const {return 0;}
 };
 
 int main(int argc,char* argv[])
 {
-    bool verify=true;
-    char* url_param=NULL;
-    char* path_param=NULL;
-    char* key_param=NULL;
-    char* cert_param=NULL;
-    char* cr_param=NULL;
-    char* t_param=NULL;
-    char* id_param=NULL;
+    bool verify=true,validate=false;
+    char* url_param=nullptr;
+    char* path_param=nullptr;
+    char* key_param=nullptr;
+    char* cert_param=nullptr;
+    char* cr_param=nullptr;
+    char* t_param=nullptr;
+    char* id_param=nullptr;
+    char* alg_param=nullptr;
+    char* dig_param=nullptr;
 
     // metadata lookup options
-    char* m_param=NULL;
-    char* issuer=NULL;
-    char* prot = NULL;
-    const XMLCh* protocol = NULL;
-    char* rname = NULL;
-    char* rns = NULL;
+    char* m_param=nullptr;
+    char* issuer=nullptr;
+    char* prot = nullptr;
+    const XMLCh* protocol = nullptr;
+    const char* rname = nullptr;
+    char* rns = nullptr;
 
     for (int i=1; i<argc; i++) {
         if (!strcmp(argv[i],"-u") && i+1<argc)
@@ -155,8 +161,14 @@ int main(int argc,char* argv[])
             prot=argv[++i];
         else if (!strcmp(argv[i],"-r") && i+1<argc)
             rname=argv[++i];
+        else if (!strcmp(argv[i],"-V"))
+            validate = true;
         else if (!strcmp(argv[i],"-ns") && i+1<argc)
             rns=argv[++i];
+        else if (!strcmp(argv[i],"-alg") && i+1<argc)
+            alg_param=argv[++i];
+        else if (!strcmp(argv[i],"-dig") && i+1<argc)
+            dig_param=argv[++i];
         else if (!strcmp(argv[i],"-saml10"))
             protocol=samlconstants::SAML10_PROTOCOL_ENUM;
         else if (!strcmp(argv[i],"-saml11"))
@@ -181,9 +193,11 @@ int main(int argc,char* argv[])
         cerr << "either -k or -R option required when signing, see documentation for usage" << endl;
         return -1;
     }
-    
+
     XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig();
-    xmlconf.log_config();
+    xmlconf.log_config(getenv("OPENSAML_LOG_CONFIG"));
+    if (getenv("OPENSAML_SCHEMAS"))
+        xmlconf.catalog_path = getenv("OPENSAML_SCHEMAS");
     SAMLConfig& conf=SAMLConfig::getConfig();
     if (!conf.init())
         return -2;
@@ -193,25 +207,34 @@ int main(int argc,char* argv[])
 
     try {
         // Parse the specified document.
-        static XMLCh base[]={chLatin_f, chLatin_i, chLatin_l, chLatin_e, chColon, chForwardSlash, chForwardSlash, chForwardSlash, chNull};
-        DOMDocument* doc=NULL;
+        DOMDocument* doc=nullptr;
         if (url_param) {
-            URLInputSource src(base,url_param);
+            auto_ptr_XMLCh wideurl(url_param);
+            URLInputSource src(wideurl.get());
             Wrapper4InputSource dsrc(&src,false);
-            doc=xmlconf.getParser().parse(dsrc);
+            if (validate)
+                doc = xmlconf.getValidatingParser().parse(dsrc);
+            else
+                doc = xmlconf.getParser().parse(dsrc);
         }
         else if (path_param) {
             auto_ptr_XMLCh widenit(path_param);
-            LocalFileInputSource src(base,widenit.get());
+            LocalFileInputSource src(widenit.get());
             Wrapper4InputSource dsrc(&src,false);
-            doc=xmlconf.getParser().parse(dsrc);
+            if (validate)
+                doc = xmlconf.getValidatingParser().parse(dsrc);
+            else
+                doc = xmlconf.getParser().parse(dsrc);
         }
         else {
             StdInInputSource src;
             Wrapper4InputSource dsrc(&src,false);
-            doc=xmlconf.getParser().parse(dsrc);
+            if (validate)
+                doc = xmlconf.getValidatingParser().parse(dsrc);
+            else
+                doc = xmlconf.getParser().parse(dsrc);
         }
-    
+
         // Unmarshall it.
         XercesJanitor<DOMDocument> jan(doc);
         auto_ptr<XMLObject> sourcewrapper(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
@@ -241,7 +264,7 @@ int main(int argc,char* argv[])
             if (cert_param || cr_param) {
                 // Build a resolver to supply trusted credentials.
                 auto_ptr<CredentialResolver> cr(
-                    cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(NULL, cert_param)
+                    cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(nullptr, cert_param)
                     );
                 Locker locker(cr.get());
 
@@ -292,10 +315,10 @@ int main(int argc,char* argv[])
                     }
                     auto_ptr<MetadataProvider> metadata(buildPlugin(m_param, conf.MetadataProviderManager));
                     metadata->init();
-                    
+
                     const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS;
                     auto_ptr_XMLCh n(rname);
-                    QName q(ns, n.get());
+                    xmltooling::QName q(ns, n.get());
 
                     Locker locker(metadata.get());
                     MetadataProvider::Criteria mc(issuer, &q, protocol);
@@ -341,10 +364,18 @@ int main(int argc,char* argv[])
             // Attach new signature.
             Signature* sig = SignatureBuilder::buildSignature();
             signable->setSignature(sig);
+            auto_ptr_XMLCh alg(alg_param);
+            if (alg.get()) {
+                sig->setSignatureAlgorithm(alg.get());
+            }
+            auto_ptr_XMLCh dig(dig_param);
+            if (dig.get()) {
+            	dynamic_cast<opensaml::ContentReference*>(sig->getContentReference())->setDigestAlgorithm(dig.get());
+            }
 
             // Sign response while re-marshalling.
             vector<Signature*> sigs(1,sig);
-            XMLHelper::serialize(signable->marshall((DOMDocument*)NULL,&sigs,cred), cout);
+            XMLHelper::serialize(signable->marshall((DOMDocument*)nullptr,&sigs,cred), cout);
         }
     }
     catch(exception& e) {