2 * Copyright 2001-2005 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 # define _CRT_NONSTDC_NO_DEPRECATE 1
19 # define _CRT_SECURE_NO_DEPRECATE 1
22 #include <shib-target/shib-target.h>
23 #include <shibsp/SPConfig.h>
25 using namespace shibsp;
26 using namespace shibtarget;
27 using namespace shibboleth;
31 int main(int argc,char* argv[])
40 for (int i=1; i<argc; i++) {
41 if (!strcmp(argv[i],"-c") && i+1<argc)
43 else if (!strcmp(argv[i],"-d") && i+1<argc)
45 else if (!strcmp(argv[i],"-h") && i+1<argc)
47 else if (!strcmp(argv[i],"-q") && i+1<argc)
49 else if (!strcmp(argv[i],"-f") && i+1<argc)
51 else if (!strcmp(argv[i],"-a") && i+1<argc)
55 if (!h_param || !q_param) {
56 cerr << "usage: shibtest -h <handle> -q <origin_site> [-f <format URI> -a <application_id> -d <schema path> -c <config>]" << endl;
61 path=getenv("SHIBSCHEMAS");
65 config=getenv("SHIBCONFIG");
71 ShibTargetConfig& conf=ShibTargetConfig::getConfig();
72 SPConfig::getConfig().setFeatures(
75 SPConfig::Credentials |
77 SPConfig::OutOfProcess |
80 if (!conf.init(path) || !conf.load(config))
84 const IApplication* app=conf.getINI()->getApplication(a_param);
86 throw SAMLException("specified <Application> section not found in configuration");
88 auto_ptr_XMLCh domain(q_param);
89 auto_ptr_XMLCh handle(h_param);
90 auto_ptr_XMLCh format(f_param);
91 auto_ptr_XMLCh resource(app->getString("providerId").second);
93 auto_ptr<SAMLRequest> req(
95 new SAMLAttributeQuery(
97 new SAMLNameIdentifier(
100 format.get() ? format.get() : Constants::SHIB_NAMEID_FORMAT_URI
104 app->getAttributeDesignators().clone()
109 Metadata m(app->getMetadataProviders());
110 const IEntityDescriptor* site=m.lookup(domain.get());
112 throw SAMLException("Unable to locate specified origin site's metadata.");
114 // Try to locate an AA role.
115 const IAttributeAuthorityDescriptor* AA=site->getAttributeAuthorityDescriptor(saml::XML::SAML11_PROTOCOL_ENUM);
117 throw SAMLException("Unable to locate metadata for origin site's Attribute Authority.");
119 ShibHTTPHook::ShibHTTPHookCallContext ctx(app->getCredentialUse(site),AA);
120 Trust t(app->getTrustProviders());
122 SAMLResponse* response=NULL;
123 Iterator<const IEndpoint*> endpoints=AA->getAttributeServiceManager()->getEndpoints();
124 while (!response && endpoints.hasNext()) {
125 const IEndpoint* ep=endpoints.next();
127 // Get a binding object for this protocol.
128 const SAMLBinding* binding = app->getBinding(ep->getBinding());
132 auto_ptr<SAMLResponse> r(binding->send(ep->getLocation(), *(req.get()), &ctx));
133 if (r->isSigned() && !t.validate(*r,AA))
134 throw TrustException("unable to verify signed response");
135 response = r.release();
137 catch (SAMLException& e) {
138 // Check for shib:InvalidHandle error and propagate it out.
139 Iterator<saml::QName> codes=e.getCodes();
140 if (codes.size()>1) {
141 const saml::QName& code=codes[1];
142 if (!XMLString::compareString(code.getNamespaceURI(),shibboleth::Constants::SHIB_NS) &&
143 !XMLString::compareString(code.getLocalName(), shibboleth::Constants::InvalidHandle)) {
145 throw InvalidHandleException(e.what(),params(),codes);
152 throw SAMLException("unable to successfully query for attributes");
154 // Run it through the AAP. Note that we could end up with an empty response!
155 Iterator<SAMLAssertion*> a=response->getAssertions();
156 for (unsigned long c=0; c < a.size();) {
158 AAP::apply(app->getAAPProviders(),*(a[c]),site);
161 catch (SAMLException&) {
162 response->removeAssertion(c);
166 Iterator<SAMLAssertion*> i=response->getAssertions();
169 SAMLAssertion* a=i.next();
170 cout << "Issuer: "; xmlout(cout,a->getIssuer()); cout << endl;
171 const SAMLDateTime* exp=a->getNotOnOrAfter();
174 xmlout(cout,exp->getRawData());
179 Iterator<SAMLStatement*> j=a->getStatements();
182 SAMLAttributeStatement* s=dynamic_cast<SAMLAttributeStatement*>(j.next());
185 const SAMLNameIdentifier* sub=s->getSubject()->getNameIdentifier();
186 cout << "Format: "; xmlout(cout,sub->getFormat()); cout << endl;
187 cout << "Domain: "; xmlout(cout,sub->getNameQualifier()); cout << endl;
188 cout << "Handle: "; xmlout(cout,sub->getName()); cout << endl;
190 Iterator<SAMLAttribute*> attrs=s->getAttributes();
191 while (attrs.hasNext())
193 SAMLAttribute* attr=attrs.next();
194 cout << "Attribute Name: "; xmlout(cout,attr->getName()); cout << endl;
195 Iterator<const XMLCh*> vals=attr->getValues();
196 while (vals.hasNext())
198 cout << "Attribute Value: ";
199 xmlout(cout,vals.next());
207 catch(SAMLException& e)
209 cerr << "caught a SAML exception: " << e.what() << endl;
211 catch(XMLException& e)
213 cerr << "caught an XML exception: "; xmlout(cerr,e.getMessage()); cerr << endl;