Initial version
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / common / SiteSigner.java
1 package edu.internet2.middleware.shibboleth.common;
2
3 import java.io.*;
4 import java.security.*;
5 import java.security.cert.*;
6 import javax.xml.parsers.*;
7 import org.apache.xml.security.Init;
8 import org.apache.xml.security.c14n.*;
9 import org.apache.xml.security.signature.*;
10 import org.apache.xml.security.transforms.*;
11 import org.w3c.dom.*;
12
13 /**
14  *  Description of the Class
15  *
16  * @author     cantor
17  * @created    June 11, 2002
18  */
19 public class SiteSigner
20 {
21     /**
22      *  Description of the Method
23      *
24      * @param  argv           Description of Parameter
25      * @exception  Exception  Description of Exception
26      */
27     public static void main(String argv[])
28         throws Exception
29     {
30         if (argv.length == 0)
31             printUsage();
32
33         String keystore = null;
34         String ks_pass = null;
35         String key_alias = null;
36         String cert_alias = null;
37         String key_pass = null;
38         String outfile = null;
39         String arg=null;
40
41         // process arguments
42         for (int i = 0; i < argv.length; i++)
43         {
44             arg = argv[i];
45             if (arg.startsWith("-"))
46             {
47                 String option = arg.substring(1);
48                 if (option.equals("k"))
49                 {
50                     if (++i == argv.length)
51                     {
52                         System.err.println("error: Missing argument to -k option");
53                         System.exit(1);
54                     }
55                     keystore = argv[i];
56                     continue;
57                 }
58                 else if (option.equals("P"))
59                 {
60                     if (++i == argv.length)
61                     {
62                         System.err.println("error: Missing argument to -P option");
63                         System.exit(1);
64                     }
65                     ks_pass = argv[i];
66                     continue;
67                 }
68                 else if (option.equals("a"))
69                 {
70                     if (++i == argv.length)
71                     {
72                         System.err.println("error: Missing argument to -a option");
73                         System.exit(1);
74                     }
75                     key_alias = argv[i];
76                     continue;
77                 }
78                 else if (option.equals("c"))
79                 {
80                     if (++i == argv.length)
81                     {
82                         System.err.println("error: Missing argument to -c option");
83                         System.exit(1);
84                     }
85                     cert_alias = argv[i];
86                     continue;
87                 }
88                 else if (option.equals("p"))
89                 {
90                     if (++i == argv.length)
91                     {
92                         System.err.println("error: Missing argument to -p option");
93                         System.exit(1);
94                     }
95                     key_pass = argv[i];
96                     continue;
97                 }
98                 else if (option.equals("o"))
99                 {
100                     if (++i == argv.length)
101                     {
102                         System.err.println("error: Missing argument to -o option");
103                         System.exit(1);
104                     }
105                     outfile = argv[i];
106                     continue;
107                 }
108                 else if (option.equals("h"))
109                     printUsage();
110             }
111         }
112
113         if (keystore == null || keystore.length() == 0 || key_alias == null || key_alias.length() == 0 ||
114             cert_alias == null || cert_alias.length() == 0)
115             printUsage();
116
117         KeyStore ks = KeyStore.getInstance("JKS");
118         FileInputStream fis = new FileInputStream(keystore);
119         ks.load(fis, ks_pass == null ? null : ks_pass.toCharArray());
120         PrivateKey privateKey = (PrivateKey)ks.getKey(key_alias, key_pass == null ? null : key_pass.toCharArray());
121         X509Certificate cert = (X509Certificate)ks.getCertificate(cert_alias);
122         if (privateKey == null || cert == null)
123         {
124             System.err.println("error: couldn't load key or certificate");
125             System.exit(1);
126         }
127
128         DocumentBuilder builder = org.opensaml.XML.parserPool.get();
129         Document doc = builder.parse(arg);
130         Element e = doc.getDocumentElement();
131         if (!XML.SHIB_NS.equals(e.getNamespaceURI()) || !"Sites".equals(e.getLocalName()))
132         {
133             System.err.println("error: root element must be shib:Sites");
134             System.exit(1);
135         }
136
137         NodeList siglist = doc.getElementsByTagNameNS(org.opensaml.XML.XMLSIG_NS, "Signature");
138         if (siglist.getLength() > 0)
139         {
140             System.err.println("error: file already signed");
141             System.exit(1);
142         }
143
144         XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
145         Transforms transforms = new Transforms(doc);
146         transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
147         sig.addDocument("", transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
148         sig.addKeyInfo(cert);
149         e.appendChild(sig.getElement());
150         sig.sign(privateKey);
151
152         OutputStream out = null;
153         if (outfile != null && outfile.length() > 0)
154             out = new FileOutputStream(outfile);
155         else
156             out = System.out;
157
158         Canonicalizer c = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
159         c.setNamespaceAware(true);
160         out.write(c.canonicalize(doc));
161
162         if (outfile != null && outfile.length() > 0)
163             out.close();
164     }
165
166     private static void printUsage()
167     {
168
169         System.err.println("usage: java edu.internet2.middleware.shibboleth.commmon.SiteSigner (options) uri");
170         System.err.println();
171
172         System.err.println("required options:");
173         System.err.println("  -k keystore   pathname of Java keystore file");
174         System.err.println("  -a key alias  alias of signing key");
175         System.err.println("  -c cert alias alias of signing cert");
176         System.err.println();
177         System.err.println("optional options:");
178         System.err.println("  -P password   keystore password");
179         System.err.println("  -p password   private key password");
180         System.err.println("  -o outfile    write signed copy to this file instead of stdout");
181         System.err.println("  -h            print this message");
182         System.err.println();
183         System.exit(1);
184     }
185
186     static
187     {
188         org.apache.xml.security.Init.init();
189     }
190 }
191