/*
- * Copyright 2001-2007 Internet2
- *
+ * Copyright 2001-2009 Internet2
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
#include <fstream>
#include <xercesc/framework/LocalFileInputSource.hpp>
-#include <xercesc/framework/URLInputSource.hpp>
#include <xercesc/framework/StdInInputSource.hpp>
#include <xercesc/framework/Wrapper4InputSource.hpp>
ifstream in(path);
DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
XercesJanitor<DOMDocument> janitor(doc);
-
+
static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(NULL,_type));
if (type.get() && *type.get())
public:
DummyCredentialResolver() {}
~DummyCredentialResolver() {}
-
+
Lockable* lock() {return this;}
void unlock() {}
-
+
const Credential* resolve(const CredentialCriteria* criteria=NULL) const {return NULL;}
vector<const Credential*>::size_type resolve(
vector<const Credential*>& results, const CredentialCriteria* criteria=NULL
cerr << "either -k or -R option required when signing, see documentation for usage" << endl;
return -1;
}
-
+
XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig();
xmlconf.log_config();
SAMLConfig& conf=SAMLConfig::getConfig();
try {
// Parse the specified document.
- static XMLCh base[]={chLatin_f, chLatin_i, chLatin_l, chLatin_e, chColon, chForwardSlash, chForwardSlash, chForwardSlash, chNull};
DOMDocument* doc=NULL;
if (url_param) {
- URLInputSource src(base,url_param);
+ auto_ptr_XMLCh wideurl(url_param);
+ URLInputSource src(wideurl.get());
Wrapper4InputSource dsrc(&src,false);
doc=xmlconf.getParser().parse(dsrc);
}
else if (path_param) {
auto_ptr_XMLCh widenit(path_param);
- LocalFileInputSource src(base,widenit.get());
+ LocalFileInputSource src(widenit.get());
Wrapper4InputSource dsrc(&src,false);
doc=xmlconf.getParser().parse(dsrc);
}
Wrapper4InputSource dsrc(&src,false);
doc=xmlconf.getParser().parse(dsrc);
}
-
+
// Unmarshall it.
XercesJanitor<DOMDocument> jan(doc);
auto_ptr<XMLObject> sourcewrapper(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
// Set up criteria.
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY);
if (issuer)
cc.setPeerName(issuer);
}
auto_ptr<MetadataProvider> metadata(buildPlugin(m_param, conf.MetadataProviderManager));
metadata->init();
-
- Locker locker(metadata.get());
- const EntityDescriptor* entity = metadata->getEntityDescriptor(issuer);
- if (!entity)
- throw MetadataException("no metadata found for ($1)", params(1, issuer));
+
const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS;
auto_ptr_XMLCh n(rname);
- QName q(ns, n.get());
- const RoleDescriptor* role = entity->getRoleDescriptor(q, protocol);
- if (!role)
+ xmltooling::QName q(ns, n.get());
+
+ Locker locker(metadata.get());
+ MetadataProvider::Criteria mc(issuer, &q, protocol);
+ pair<const EntityDescriptor*,const RoleDescriptor*> entity = metadata->getEntityDescriptor(mc);
+ if (!entity.first)
+ throw MetadataException("no metadata found for ($1)", params(1, issuer));
+ else if (!entity.second)
throw MetadataException("compatible role $1 not found for ($2)", params(2, q.toString().c_str(), issuer));
- MetadataCredentialCriteria mcc(*role);
+ MetadataCredentialCriteria mcc(*entity.second);
if (sigtrust->validate(*signable->getSignature(), *metadata.get(), &mcc))
log.info("successful signature verification");
else
else {
// Set up criteria.
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY);
if (issuer)
cc.setPeerName(issuer);
);
Locker locker(cr.get());
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
const Credential* cred = cr->resolve(&cc);
if (!cred)
throw XMLSecurityException("Unable to resolve a signing credential.");