Add samlsign to project.

[shibboleth/cpp-opensaml.git] / samlsign / samlsign.cpp

/*\r
 *  Copyright 2001-2007 Internet2\r
 * \r
 * Licensed under the Apache License, Version 2.0 (the "License");\r
 * you may not use this file except in compliance with the License.\r
 * You may obtain a copy of the License at\r
 *\r
 *     http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 * Unless required by applicable law or agreed to in writing, software\r
 * distributed under the License is distributed on an "AS IS" BASIS,\r
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * See the License for the specific language governing permissions and\r
 * limitations under the License.\r
 */\r
\r
/* siterefresh.cpp - command-line tool to refresh and verify metadata\r
\r
   Scott Cantor\r
   5/12/03\r
\r
   $Id:siterefresh.cpp 2252 2007-05-20 20:20:57Z cantor $\r
*/\r
\r
#if defined (_MSC_VER) || defined(__BORLANDC__)\r
# include "config_win32.h"\r
#else\r
# include "config.h"\r
#endif\r
\r
#ifdef WIN32\r
# define _CRT_NONSTDC_NO_DEPRECATE 1\r
# define _CRT_SECURE_NO_DEPRECATE 1\r
#endif\r
\r
#include <saml/SAMLConfig.h>\r
#include <saml/saml2/metadata/Metadata.h>\r
#include <saml/util/SAMLConstants.h>\r
#include <xmltooling/logging.h>\r
#include <xmltooling/XMLToolingConfig.h>\r
#include <xmltooling/signature/Signature.h>\r
#include <xmltooling/util/XMLHelper.h>\r
\r
#include <fstream>\r
#include <xercesc/framework/LocalFileInputSource.hpp>\r
#include <xercesc/framework/URLInputSource.hpp>\r
#include <xercesc/framework/StdInInputSource.hpp>\r
#include <xercesc/framework/Wrapper4InputSource.hpp>\r
\r
using namespace xmlsignature;\r
using namespace xmlconstants;\r
using namespace xmltooling::logging;\r
using namespace xmltooling;\r
using namespace samlconstants;\r
using namespace opensaml::saml2md;\r
using namespace opensaml;\r
using namespace xercesc;\r
using namespace std;\r
\r
template<class T> T* buildPlugin(const char* path, PluginManager<T,string,const DOMElement*>& mgr)\r
{\r
    ifstream in(path);
    DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
    XercesJanitor<DOMDocument> janitor(doc);
    
    static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
    auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(NULL,_type));
    if (type.get() && *type.get())
        return mgr.newPlugin(type.get(), doc->getDocumentElement());
    throw XMLToolingException("Missing type in plugin configuration.");
}\r
\r
CredentialResolver* buildSimpleResolver(const char* key, const char* cert)\r
{\r
    static const XMLCh _CredentialResolver[] =  UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);\r
    static const XMLCh _certificate[] =     UNICODE_LITERAL_11(c,e,r,t,i,f,i,c,a,t,e);\r
    static const XMLCh _key[] =             UNICODE_LITERAL_3(k,e,y);\r
\r
    DOMDocument* doc = XMLToolingConfig::getConfig().getParser().newDocument();\r
    XercesJanitor<DOMDocument> janitor(doc);\r
    DOMElement* root = doc->createElementNS(NULL, _CredentialResolver);\r
    if (key) {\r
        auto_ptr_XMLCh widenit(key);\r
        root->setAttributeNS(NULL, _key, widenit.get());\r
    }\r
    if (cert) {\r
        auto_ptr_XMLCh widenit(cert);\r
        root->setAttributeNS(NULL, _certificate, widenit.get());\r
    }\r
\r
    return XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, root);\r
}\r
\r
int main(int argc,char* argv[])\r
{\r
    bool verify=true;\r
    char* url_param=NULL;\r
    char* path_param=NULL;\r
    char* key_param=NULL;\r
    char* cert_param=NULL;\r
    char* cr_param=NULL;\r
    char* t_param=NULL;\r
    char* id_param=NULL;\r
\r
    // metadata lookup options\r
    char* m_param=NULL;\r
    char* issuer=NULL;\r
    char* prot = NULL;\r
    const XMLCh* protocol = NULL;\r
    char* rname = NULL;\r
    char* rns = NULL;\r
\r
    for (int i=1; i<argc; i++) {\r
        if (!strcmp(argv[i],"-u") && i+1<argc)\r
            url_param=argv[++i];\r
        else if (!strcmp(argv[i],"-f") && i+1<argc)\r
            path_param=argv[++i];\r
        else if (!strcmp(argv[i],"-id") && i+1<argc)\r
            id_param=argv[++i];\r
        else if (!strcmp(argv[i],"-s"))\r
            verify=false;\r
        else if (!strcmp(argv[i],"-k") && i+1<argc)\r
            key_param=argv[++i];\r
        else if (!strcmp(argv[i],"-c") && i+1<argc)\r
            cert_param=argv[++i];\r
        else if (!strcmp(argv[i],"-R") && i+1<argc)\r
            cr_param=argv[++i];\r
        else if (!strcmp(argv[i],"-T") && i+1<argc)\r
            t_param=argv[++i];\r
        else if (!strcmp(argv[i],"-M") && i+1<argc)\r
            m_param=argv[++i];\r
        else if (!strcmp(argv[i],"-i") && i+1<argc)\r
            issuer=argv[++i];\r
        else if (!strcmp(argv[i],"-p") && i+1<argc)\r
            prot=argv[++i];\r
        else if (!strcmp(argv[i],"-r") && i+1<argc)\r
            rname=argv[++i];\r
        else if (!strcmp(argv[i],"-ns") && i+1<argc)\r
            rns=argv[++i];\r
        else if (!strcmp(argv[i],"-saml10"))\r
            protocol=samlconstants::SAML10_PROTOCOL_ENUM;\r
        else if (!strcmp(argv[i],"-saml11"))\r
            protocol=samlconstants::SAML11_PROTOCOL_ENUM;\r
        else if (!strcmp(argv[i],"-saml2"))\r
            protocol=samlconstants::SAML20P_NS;\r
        else if (!strcmp(argv[i],"-idp"))\r
            rname="IDPSSODescriptor";\r
        else if (!strcmp(argv[i],"-aa"))\r
            rname="AttributeAuthorityDescriptor";\r
        else if (!strcmp(argv[i],"-pdp"))\r
            rname="PDPDescriptor";\r
        else if (!strcmp(argv[i],"-sp"))\r
            rname="SPSSODescriptor";\r
    }\r
\r
    if (!verify && !key_param && !cr_param) {\r
        cerr << "either -k or -R option required when signing, see documentation for usage" << endl;\r
        return -1;\r
    }\r
\r
    SAMLConfig& conf=SAMLConfig::getConfig();\r
    if (!conf.init())\r
        return -2;\r
    XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig();\r
    Category& log = Category::getInstance("OpenSAML.Utility.SAMLSign");\r
\r
    int ret = 0;\r
\r
    try {\r
        // Parse the specified document.\r
        static XMLCh base[]={chLatin_f, chLatin_i, chLatin_l, chLatin_e, chColon, chForwardSlash, chForwardSlash, chForwardSlash, chNull};\r
        DOMDocument* doc=NULL;\r
        if (url_param) {\r
            URLInputSource src(base,url_param);\r
            Wrapper4InputSource dsrc(&src,false);\r
            doc=xmlconf.getParser().parse(dsrc);\r
        }\r
        else if (path_param) {\r
            auto_ptr_XMLCh widenit(path_param);\r
            LocalFileInputSource src(base,widenit.get());\r
            Wrapper4InputSource dsrc(&src,false);\r
            doc=xmlconf.getParser().parse(dsrc);\r
        }\r
        else {\r
            StdInInputSource src;\r
            Wrapper4InputSource dsrc(&src,false);\r
            doc=xmlconf.getParser().parse(dsrc);\r
        }\r
    \r
        // Unmarshall it.\r
        XercesJanitor<DOMDocument> jan(doc);\r
        auto_ptr<XMLObject> sourcewrapper(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));\r
        jan.release();\r
\r
        // Navigate to the selected node, or use the root if no ID specified.\r
        // Then make sure it's a SignableSAMLObject.\r
        XMLObject* source = sourcewrapper.get();\r
        if (id_param) {\r
            auto_ptr_XMLCh widenit(id_param);\r
            source = XMLHelper::getXMLObjectById(*source, widenit.get());\r
            if (!source)\r
                throw XMLToolingException("Element with ID ($1) not found.", params(1,id_param));\r
        }\r
        SignableObject* signable = dynamic_cast<SignableObject*>(source);\r
        if (!signable)\r
            throw XMLToolingException("Input is not a signable SAML object.");\r
\r
        if (verify) {\r
        }\r
        else {\r
            // Build a resolver to supply a credential.\r
            auto_ptr<CredentialResolver> cr(\r
                cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(key_param, cert_param)\r
                );\r
            cr->lock();\r
            CredentialCriteria cc;\r
            cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);\r
            const Credential* cred = cr->resolve(&cc);\r
            if (!cred)\r
                throw XMLSecurityException("Unable to resolve a signing credential.");\r
\r
            // Attach new signature.\r
            Signature* sig = SignatureBuilder::buildSignature();
            signable->setSignature(sig);

            // Sign response while re-marshalling.
            vector<Signature*> sigs(1,sig);
            XMLHelper::serialize(signable->marshall((DOMDocument*)NULL,&sigs,cred), cout);
        }\r
    }\r
    catch(exception& e) {\r
        log.errorStream() << "caught an exception: " << e.what() << CategoryStream::ENDLINE;\r
        ret=-10;\r
    }\r
    catch(XMLException& e) {\r
        auto_ptr_char temp(e.getMessage());\r
        log.errorStream() << "caught a Xerces exception: " << temp.get() << CategoryStream::ENDLINE;\r
        ret=-20;\r
    }\r
\r
    conf.term();\r
    return ret;\r
}\r