X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=samlsign%2Fsamlsign.cpp;h=9cdaa91c5e9f87aae0994be108becc9ab2ce8e38;hp=d20f2562eed6a3c6a42a32de2bd7fb2a54c6e2ee;hb=c9e0e2dc2e15d2004333db7f135947db13956b5e;hpb=3bcd7ae2e728772e0ecaa47b083efcb15d9912a8 diff --git a/samlsign/samlsign.cpp b/samlsign/samlsign.cpp index d20f256..9cdaa91 100644 --- a/samlsign/samlsign.cpp +++ b/samlsign/samlsign.cpp @@ -181,11 +181,12 @@ int main(int argc,char* argv[]) cerr << "either -k or -R option required when signing, see documentation for usage" << endl; return -1; } - + + XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig(); + xmlconf.log_config(); SAMLConfig& conf=SAMLConfig::getConfig(); if (!conf.init()) return -2; - XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig(); Category& log = Category::getInstance("OpenSAML.Utility.SAMLSign"); int ret = 0; @@ -246,7 +247,7 @@ int main(int argc,char* argv[]) // Set up criteria. CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY); if (issuer) cc.setPeerName(issuer); @@ -264,7 +265,8 @@ int main(int argc,char* argv[]) good = true; break; } - catch (exception&) { + catch (exception& e) { + log.info("error trying verification key: %s", e.what()); } } if (!good) @@ -279,47 +281,48 @@ int main(int argc,char* argv[]) auto_ptr trust(buildPlugin(t_param, xmlconf.TrustEngineManager)); SignatureTrustEngine* sigtrust = dynamic_cast(trust.get()); if (m_param && rname && issuer) { - if (!protocol) { - if (prot) - protocol = XMLString::transcode(prot); - } - if (!protocol) { - conf.term(); - cerr << "use of metadata option requires a protocol option" << endl; - return -1; - } + if (!protocol) { + if (prot) + protocol = XMLString::transcode(prot); + } + if (!protocol) { + conf.term(); + cerr << "use of metadata option requires a protocol option" << endl; + return -1; + } auto_ptr metadata(buildPlugin(m_param, conf.MetadataProviderManager)); metadata->init(); + const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS; + auto_ptr_XMLCh n(rname); + QName q(ns, n.get()); + Locker locker(metadata.get()); - const EntityDescriptor* entity = metadata->getEntityDescriptor(issuer); - if (!entity) - throw MetadataException("no metadata found for ($1)", params(1, issuer)); - const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS; - auto_ptr_XMLCh n(rname); - QName q(ns, n.get()); - const RoleDescriptor* role = entity->getRoleDescriptor(q, protocol); - if (!role) - throw MetadataException("compatible role $1 not found for ($2)", params(2, q.toString().c_str(), issuer)); - - MetadataCredentialCriteria mcc(*role); - if (sigtrust->validate(*signable->getSignature(), *metadata.get(), &mcc)) + MetadataProvider::Criteria mc(issuer, &q, protocol); + pair entity = metadata->getEntityDescriptor(mc); + if (!entity.first) + throw MetadataException("no metadata found for ($1)", params(1, issuer)); + else if (!entity.second) + throw MetadataException("compatible role $1 not found for ($2)", params(2, q.toString().c_str(), issuer)); + + MetadataCredentialCriteria mcc(*entity.second); + if (sigtrust->validate(*signable->getSignature(), *metadata.get(), &mcc)) log.info("successful signature verification"); - else - throw SignatureException("Unable to verify signature with TrustEngine and supplied metadata."); + else + throw SignatureException("Unable to verify signature with TrustEngine and supplied metadata."); } else { // Set up criteria. CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY); if (issuer) cc.setPeerName(issuer); DummyCredentialResolver dummy; - if (sigtrust->validate(*signable->getSignature(), dummy, &cc)) + if (sigtrust->validate(*signable->getSignature(), dummy, &cc)) log.info("successful signature verification"); - else - throw SignatureException("Unable to verify signature with TrustEngine (no metadata supplied)."); + else + throw SignatureException("Unable to verify signature with TrustEngine (no metadata supplied)."); } } } @@ -330,7 +333,7 @@ int main(int argc,char* argv[]) ); Locker locker(cr.get()); CredentialCriteria cc; - cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + cc.setUsage(Credential::SIGNING_CREDENTIAL); const Credential* cred = cr->resolve(&cc); if (!cred) throw XMLSecurityException("Unable to resolve a signing credential."); @@ -345,14 +348,9 @@ int main(int argc,char* argv[]) } } catch(exception& e) { - log.errorStream() << "caught an exception: " << e.what() << CategoryStream::ENDLINE; + log.errorStream() << "caught an exception: " << e.what() << logging::eol; ret=-10; } - catch(XMLException& e) { - auto_ptr_char temp(e.getMessage()); - log.errorStream() << "caught a Xerces exception: " << temp.get() << CategoryStream::ENDLINE; - ret=-20; - } conf.term(); return ret;