X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=samlsign%2Fsamlsign.cpp;h=b5ddf5693e635fdbbf7434be2fc177ad155a1d59;hp=8ee8e7d41ec18eee25bcdbc837cebc582eb337cd;hb=48c800ad3d827cc696574c814e464efd4e6d1864;hpb=3f243ee065ef3dcc1e9832275c00ee708d7f9a6b

diff --git a/samlsign/samlsign.cpp b/samlsign/samlsign.cpp
index 8ee8e7d..b5ddf56 100644
--- a/samlsign/samlsign.cpp
+++ b/samlsign/samlsign.cpp
@@ -1,6 +1,6 @@
 /*
- *  Copyright 2001-2007 Internet2
- * 
+ *  Copyright 2001-2010 Internet2
+ *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -14,13 +14,11 @@
  * limitations under the License.
  */
 
-/* siterefresh.cpp - command-line tool to refresh and verify metadata
-
-   Scott Cantor
-   5/12/03
-
-   $Id:siterefresh.cpp 2252 2007-05-20 20:20:57Z cantor $
-*/
+/**
+ * samlsign.cpp
+ *
+ * Command-line tool to sign and verify objects.
+ */
 
 #if defined (_MSC_VER) || defined(__BORLANDC__)
 # include "config_win32.h"
@@ -41,14 +39,15 @@
 #include <saml/util/SAMLConstants.h>
 #include <xmltooling/logging.h>
 #include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/security/Credential.h>
 #include <xmltooling/security/SignatureTrustEngine.h>
 #include <xmltooling/signature/Signature.h>
 #include <xmltooling/signature/SignatureValidator.h>
+#include <xmltooling/util/ParserPool.h>
 #include <xmltooling/util/XMLHelper.h>
 
 #include <fstream>
 #include <xercesc/framework/LocalFileInputSource.hpp>
-#include <xercesc/framework/URLInputSource.hpp>
 #include <xercesc/framework/StdInInputSource.hpp>
 #include <xercesc/framework/Wrapper4InputSource.hpp>
 
@@ -67,9 +66,9 @@ template<class T> T* buildPlugin(const char* path, PluginManager<T,string,const
     ifstream in(path);
     DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
     XercesJanitor<DOMDocument> janitor(doc);
-    
+
     static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
-    auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(NULL,_type));
+    auto_ptr_char type(doc->getDocumentElement()->getAttributeNS(nullptr,_type));
     if (type.get() && *type.get())
         return mgr.newPlugin(type.get(), doc->getDocumentElement());
     throw XMLToolingException("Missing type in plugin configuration.");
@@ -83,14 +82,14 @@ CredentialResolver* buildSimpleResolver(const char* key, const char* cert)
 
     DOMDocument* doc = XMLToolingConfig::getConfig().getParser().newDocument();
     XercesJanitor<DOMDocument> janitor(doc);
-    DOMElement* root = doc->createElementNS(NULL, _CredentialResolver);
+    DOMElement* root = doc->createElementNS(nullptr, _CredentialResolver);
     if (key) {
         auto_ptr_XMLCh widenit(key);
-        root->setAttributeNS(NULL, _key, widenit.get());
+        root->setAttributeNS(nullptr, _key, widenit.get());
     }
     if (cert) {
         auto_ptr_XMLCh widenit(cert);
-        root->setAttributeNS(NULL, _certificate, widenit.get());
+        root->setAttributeNS(nullptr, _certificate, widenit.get());
     }
 
     return XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, root);
@@ -101,34 +100,34 @@ class DummyCredentialResolver : public CredentialResolver
 public:
     DummyCredentialResolver() {}
     ~DummyCredentialResolver() {}
-    
+
     Lockable* lock() {return this;}
     void unlock() {}
-    
-    const Credential* resolve(const CredentialCriteria* criteria=NULL) const {return NULL;}
+
+    const Credential* resolve(const CredentialCriteria* criteria=nullptr) const {return nullptr;}
     vector<const Credential*>::size_type resolve(
-        vector<const Credential*>& results, const CredentialCriteria* criteria=NULL
+        vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr
         ) const {return 0;}
 };
 
 int main(int argc,char* argv[])
 {
     bool verify=true;
-    char* url_param=NULL;
-    char* path_param=NULL;
-    char* key_param=NULL;
-    char* cert_param=NULL;
-    char* cr_param=NULL;
-    char* t_param=NULL;
-    char* id_param=NULL;
+    char* url_param=nullptr;
+    char* path_param=nullptr;
+    char* key_param=nullptr;
+    char* cert_param=nullptr;
+    char* cr_param=nullptr;
+    char* t_param=nullptr;
+    char* id_param=nullptr;
 
     // metadata lookup options
-    char* m_param=NULL;
-    char* issuer=NULL;
-    char* prot = NULL;
-    const XMLCh* protocol = NULL;
-    char* rname = NULL;
-    char* rns = NULL;
+    char* m_param=nullptr;
+    char* issuer=nullptr;
+    char* prot = nullptr;
+    const XMLCh* protocol = nullptr;
+    const char* rname = nullptr;
+    char* rns = nullptr;
 
     for (int i=1; i<argc; i++) {
         if (!strcmp(argv[i],"-u") && i+1<argc)
@@ -181,9 +180,9 @@ int main(int argc,char* argv[])
         cerr << "either -k or -R option required when signing, see documentation for usage" << endl;
         return -1;
     }
-    
+
     XMLToolingConfig& xmlconf = XMLToolingConfig::getConfig();
-    xmlconf.log_config();
+    xmlconf.log_config(getenv("OPENSAML_LOG_CONFIG"));
     SAMLConfig& conf=SAMLConfig::getConfig();
     if (!conf.init())
         return -2;
@@ -193,16 +192,16 @@ int main(int argc,char* argv[])
 
     try {
         // Parse the specified document.
-        static XMLCh base[]={chLatin_f, chLatin_i, chLatin_l, chLatin_e, chColon, chForwardSlash, chForwardSlash, chForwardSlash, chNull};
-        DOMDocument* doc=NULL;
+        DOMDocument* doc=nullptr;
         if (url_param) {
-            URLInputSource src(base,url_param);
+            auto_ptr_XMLCh wideurl(url_param);
+            URLInputSource src(wideurl.get());
             Wrapper4InputSource dsrc(&src,false);
             doc=xmlconf.getParser().parse(dsrc);
         }
         else if (path_param) {
             auto_ptr_XMLCh widenit(path_param);
-            LocalFileInputSource src(base,widenit.get());
+            LocalFileInputSource src(widenit.get());
             Wrapper4InputSource dsrc(&src,false);
             doc=xmlconf.getParser().parse(dsrc);
         }
@@ -211,7 +210,7 @@ int main(int argc,char* argv[])
             Wrapper4InputSource dsrc(&src,false);
             doc=xmlconf.getParser().parse(dsrc);
         }
-    
+
         // Unmarshall it.
         XercesJanitor<DOMDocument> jan(doc);
         auto_ptr<XMLObject> sourcewrapper(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
@@ -241,13 +240,13 @@ int main(int argc,char* argv[])
             if (cert_param || cr_param) {
                 // Build a resolver to supply trusted credentials.
                 auto_ptr<CredentialResolver> cr(
-                    cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(NULL, cert_param)
+                    cr_param ? buildPlugin(cr_param, xmlconf.CredentialResolverManager) : buildSimpleResolver(nullptr, cert_param)
                     );
                 Locker locker(cr.get());
 
                 // Set up criteria.
                 CredentialCriteria cc;
-                cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+                cc.setUsage(Credential::SIGNING_CREDENTIAL);
                 cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY);
                 if (issuer)
                     cc.setPeerName(issuer);
@@ -292,19 +291,20 @@ int main(int argc,char* argv[])
                     }
                     auto_ptr<MetadataProvider> metadata(buildPlugin(m_param, conf.MetadataProviderManager));
                     metadata->init();
-                    
-                    Locker locker(metadata.get());
-                    const EntityDescriptor* entity = metadata->getEntityDescriptor(issuer);
-                    if (!entity)
-                        throw MetadataException("no metadata found for ($1)", params(1, issuer));
+
                     const XMLCh* ns = rns ? XMLString::transcode(rns) : samlconstants::SAML20MD_NS;
                     auto_ptr_XMLCh n(rname);
-                    QName q(ns, n.get());
-                    const RoleDescriptor* role = entity->getRoleDescriptor(q, protocol);
-                    if (!role)
+                    xmltooling::QName q(ns, n.get());
+
+                    Locker locker(metadata.get());
+                    MetadataProvider::Criteria mc(issuer, &q, protocol);
+                    pair<const EntityDescriptor*,const RoleDescriptor*> entity = metadata->getEntityDescriptor(mc);
+                    if (!entity.first)
+                        throw MetadataException("no metadata found for ($1)", params(1, issuer));
+                    else if (!entity.second)
                         throw MetadataException("compatible role $1 not found for ($2)", params(2, q.toString().c_str(), issuer));
 
-                    MetadataCredentialCriteria mcc(*role);
+                    MetadataCredentialCriteria mcc(*entity.second);
                     if (sigtrust->validate(*signable->getSignature(), *metadata.get(), &mcc))
                         log.info("successful signature verification");
                     else
@@ -313,7 +313,7 @@ int main(int argc,char* argv[])
                 else {
                     // Set up criteria.
                     CredentialCriteria cc;
-                    cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+                    cc.setUsage(Credential::SIGNING_CREDENTIAL);
                     cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY);
                     if (issuer)
                         cc.setPeerName(issuer);
@@ -332,7 +332,7 @@ int main(int argc,char* argv[])
                 );
             Locker locker(cr.get());
             CredentialCriteria cc;
-            cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+            cc.setUsage(Credential::SIGNING_CREDENTIAL);
             const Credential* cred = cr->resolve(&cc);
             if (!cred)
                 throw XMLSecurityException("Unable to resolve a signing credential.");
@@ -343,7 +343,7 @@ int main(int argc,char* argv[])
 
             // Sign response while re-marshalling.
             vector<Signature*> sigs(1,sig);
-            XMLHelper::serialize(signable->marshall((DOMDocument*)NULL,&sigs,cred), cout);
+            XMLHelper::serialize(signable->marshall((DOMDocument*)nullptr,&sigs,cred), cout);
         }
     }
     catch(exception& e) {