Fix for bug 450
authorcantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 18 Oct 2005 19:17:05 +0000 (19:17 +0000)
committercantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 18 Oct 2005 19:17:05 +0000 (19:17 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1884 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/utils/MetadataTool.java

index 7726b57..fdf19b0 100644 (file)
@@ -33,9 +33,12 @@ import org.apache.xml.security.keys.KeyInfo;
 import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.signature.*;
 import org.apache.xml.security.transforms.*;
+import org.opensaml.SAMLException;
 import org.w3c.dom.*;
 
 import edu.internet2.middleware.shibboleth.common.XML;
+import edu.internet2.middleware.shibboleth.metadata.MetadataException;
+import edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataProvider;
 import edu.internet2.middleware.shibboleth.xml.Parser;
 
 /**
@@ -162,11 +165,26 @@ public class MetadataTool {
                if (ns != null && name != null && !org.opensaml.XML.isElementNamed(e, ns, name)) {
                        System.err.println("error: root element did not match ns and name parameters");
                        System.exit(1);
-               } else if (!org.opensaml.XML.isElementNamed(e, XML.SHIB_NS, "SiteGroup")
-                               && !org.opensaml.XML.isElementNamed(e, XML.SHIB_NS, "Trust")
-                               && !org.opensaml.XML.isElementNamed(e, XML.TRUST_NS, "Trust")
-                               && !org.opensaml.XML.isElementNamed(e, XML.SAML2META_NS, "EntityDescriptor")
-                               && !org.opensaml.XML.isElementNamed(e, XML.SAML2META_NS, "EntitiesDescriptor")) {
+               } else if (org.opensaml.XML.isElementNamed(e, XML.SHIB_NS, "SiteGroup")
+                               || org.opensaml.XML.isElementNamed(e, XML.SAML2META_NS, "EntityDescriptor")
+                               || org.opensaml.XML.isElementNamed(e, XML.SAML2META_NS, "EntitiesDescriptor")) {
+                       try {
+                               // apply the same validity checks a running system would
+                               new XMLMetadataProvider(e);
+                       } catch (MetadataException me) {
+                               System.err.println("error in metadata: " + me.getMessage());
+                               System.exit(1);
+                       } catch (SAMLException se) {
+                               System.err.println("error in metadata: " + se);
+                               System.exit(1);
+                       }
+               } else if (org.opensaml.XML.isElementNamed(e, XML.SHIB_NS, "Trust")
+                               || org.opensaml.XML.isElementNamed(e, XML.TRUST_NS, "Trust")) {
+                       /*
+                        * Additional validity checks for legacy trust files
+                        * could be added here.
+                        */
+               } else {
                        System.err.println("error: root element must be SiteGroup, Trust, EntitiesDescriptor, or EntityDescriptor");
                        System.exit(1);
                }