X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=samlsign%2Fsamlsign.cpp;h=9cdaa91c5e9f87aae0994be108becc9ab2ce8e38;hp=04ceb526036d3d4e44a0e3344439e20ec6e31058;hb=c9e0e2dc2e15d2004333db7f135947db13956b5e;hpb=243fee8117a05e1088833e49f6dfe3a17f7f9061 diff --git a/samlsign/samlsign.cpp b/samlsign/samlsign.cpp index 04ceb52..9cdaa91 100644 --- a/samlsign/samlsign.cpp +++ b/samlsign/samlsign.cpp @@ -247,7 +247,7 @@ int main(int argc,char* argv[]) // Set up criteria. CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY); if (issuer) cc.setPeerName(issuer); @@ -265,7 +265,8 @@ int main(int argc,char* argv[]) good = true; break; } - catch (exception&) { + catch (exception& e) { + log.info("error trying verification key: %s", e.what()); } } if (!good) @@ -292,18 +293,19 @@ int main(int argc,char* argv[]) auto_ptr metadata(buildPlugin(m_param, conf.MetadataProviderManager)); metadata->init(); - Locker locker(metadata.get()); - const EntityDescriptor* entity = metadata->getEntityDescriptor(issuer); - if (!entity) - throw MetadataException("no metadata found for ($1)", params(1, issuer)); const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS; auto_ptr_XMLCh n(rname); QName q(ns, n.get()); - const RoleDescriptor* role = entity->getRoleDescriptor(q, protocol); - if (!role) + + Locker locker(metadata.get()); + MetadataProvider::Criteria mc(issuer, &q, protocol); + pair entity = metadata->getEntityDescriptor(mc); + if (!entity.first) + throw MetadataException("no metadata found for ($1)", params(1, issuer)); + else if (!entity.second) throw MetadataException("compatible role $1 not found for ($2)", params(2, q.toString().c_str(), issuer)); - MetadataCredentialCriteria mcc(*role); + MetadataCredentialCriteria mcc(*entity.second); if (sigtrust->validate(*signable->getSignature(), *metadata.get(), &mcc)) log.info("successful signature verification"); else @@ -312,7 +314,7 @@ int main(int argc,char* argv[]) else { // Set up criteria. CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY); if (issuer) cc.setPeerName(issuer); @@ -331,7 +333,7 @@ int main(int argc,char* argv[]) ); Locker locker(cr.get()); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); const Credential* cred = cr->resolve(&cc); if (!cred) throw XMLSecurityException("Unable to resolve a signing credential."); @@ -346,14 +348,9 @@ int main(int argc,char* argv[]) } } catch(exception& e) { - log.errorStream() << "caught an exception: " << e.what() << CategoryStream::ENDLINE; + log.errorStream() << "caught an exception: " << e.what() << logging::eol; ret=-10; } - catch(XMLException& e) { - auto_ptr_char temp(e.getMessage()); - log.errorStream() << "caught a Xerces exception: " << temp.get() << CategoryStream::ENDLINE; - ret=-20; - } conf.term(); return ret;