1#!/usr/bin/env php 2<?php 3 4/* 5 * This script can be used to generate metadata for SimpleSAMLphp 6 * based on an XML metadata file. 7 */ 8 9 10// This is the base directory of the SimpleSAMLphp installation 11$baseDir = dirname(dirname(dirname(dirname(__FILE__)))); 12 13// Add library autoloader. 14require_once($baseDir . '/lib/_autoload.php'); 15 16if(!SimpleSAML\Module::isModuleEnabled('metarefresh')) { 17 echo("You need to enable the metarefresh module before this script can be used.\n"); 18 echo("You can enable it by running the following command:\n"); 19 echo(' echo >"' . $baseDir . '/modules/metarefresh/enable' . "\"\n"); 20 exit(1); 21} 22 23/* Initialize the configuration. */ 24$configdir = SimpleSAML\Utils\Config::getConfigDir(); 25SimpleSAML_Configuration::setConfigDir($configdir); 26 27/* $outputDir contains the directory we will store the generated metadata in. */ 28$outputDir = $baseDir . '/metadata-generated'; 29 30 31/* $toStdOut is a boolean telling us wheter we will print the output to stdout instead 32 * of writing it to files in $outputDir. 33 */ 34$toStdOut = FALSE; 35 36/* $certificates contains the certificates which should be used to check the signature of the signed 37 * EntityDescriptor in the metadata, or NULL if signature verification shouldn't be done. 38 */ 39$certificates = NULL; 40 41/* $validateFingerprint contains the fingerprint of the certificate which should have been used 42 * to sign the EntityDescriptor in the metadata, or NULL if fingerprint validation shouldn't be 43 * done. 44 */ 45$validateFingerprint = NULL; 46 47 48/* This variable contains the files we will parse. */ 49$files = array(); 50 51/* Parse arguments. */ 52 53$progName = array_shift($argv); 54 55foreach($argv as $a) { 56 if(strlen($a) === 0) { 57 continue; 58 } 59 60 if($a[0] !== '-') { 61 /* Not an option. Assume that it is a file we should parse. */ 62 $files[] = $a; 63 continue; 64 } 65 66 if(strpos($a, '=') !== FALSE) { 67 $p = strpos($a, '='); 68 $v = substr($a, $p + 1); 69 $a = substr($a, 0, $p); 70 } else { 71 $v = NULL; 72 } 73 74 /* Map short options to long options. */ 75 $shortOptMap = array( 76 '-h' => '--help', 77 '-o' => '--out-dir', 78 '-s' => '--stdout', 79 ); 80 if(array_key_exists($a, $shortOptMap)) { 81 $a = $shortOptMap[$a]; 82 } 83 84 switch($a) { 85 case '--certificate': 86 if($v === NULL || strlen($v) === 0) { 87 echo('The --certficate option requires an parameter.' . "\n"); 88 echo('Please run `' . $progName . ' --help` for usage information.' . "\n"); 89 exit(1); 90 } 91 $certificates[] = $v; 92 break; 93 case '--validate-fingerprint': 94 if($v === NULL || strlen($v) === 0) { 95 echo('The --validate-fingerprint option requires an parameter.' . "\n"); 96 echo('Please run `' . $progName . ' --help` for usage information.' . "\n"); 97 exit(1); 98 } 99 $validateFingerprint = $v; 100 break; 101 case '--help': 102 printHelp(); 103 exit(0); 104 case '--out-dir': 105 if($v === NULL || strlen($v) === 0) { 106 echo('The --out-dir option requires an parameter.' . "\n"); 107 echo('Please run `' . $progName . ' --help` for usage information.' . "\n"); 108 exit(1); 109 } 110 $outputDir = $baseDir . ($v[0] == '/' ? $v : '/' . $v); 111 break; 112 case '--stdout': 113 $toStdOut = TRUE; 114 break; 115 default: 116 echo('Unknown option: ' . $a . "\n"); 117 echo('Please run `' . $progName . ' --help` for usage information.' . "\n"); 118 exit(1); 119 } 120} 121 122if(count($files) === 0) { 123 echo($progName . ': Missing input files. Please run `' . $progName . ' --help` for usage information.' . "\n"); 124 exit(1); 125} 126 127 128 129 130/* The metadata global variable will be filled with the metadata we extract. */ 131$metaloader = new sspmod_metarefresh_MetaLoader(); 132 133foreach($files as $f) { 134 $source = array('src' => $f); 135 if (isset($certificates)) $source['certificates'] = $certificates; 136 if (isset($validateFingerprint)) $source['validateFingerprint'] = $validateFingerprint; 137 $metaloader->loadSource($source); 138} 139 140if($toStdOut) { 141 $metaloader->dumpMetadataStdOut(); 142} else { 143 $metaloader->writeMetadataFiles($outputDir); 144} 145 146/** 147 * This function prints the help output. 148 */ 149function printHelp() { 150 global $progName; 151 152 /* '======================================================================' */ 153 echo('Usage: ' . $progName . ' [options] [files]' . "\n"); 154 echo("\n"); 155 echo('This program parses a SAML metadata files and output pieces that can' . "\n"); 156 echo('be added to the metadata files in metadata/.' . "\n"); 157 echo("\n"); 158 echo('Options:' . "\n"); 159 echo(' --certificate=<FILE> The certificate which should be used' . "\n"); 160 echo(' to check the signature of the metadata.' . "\n"); 161 echo(' The file are stored in the cert dir.' . "\n"); 162 echo(' It is possibility to add multiple' . "\n"); 163 echo(' --certificate options to handle' . "\n"); 164 echo(' key rollover.' . "\n"); 165 echo(' --validate-fingerprint=<FINGERPRINT>' . "\n"); 166 echo(' Check the signature of the metadata,' . "\n"); 167 echo(' and check the fingerprint of the' . "\n"); 168 echo(' certificate against <FINGERPRINT>.' . "\n"); 169 echo(' -h, --help Print this help.' . "\n"); 170 echo(' -o=<DIR>, --out-dir=<DIR> Write the output to this directory. The' . "\n"); 171 echo(' default directory is metadata-generated/.' . "\n"); 172 echo(' Path will be relative to the SimpleSAMLphp' . "\n"); 173 echo(' base directory.' . "\n"); 174 echo(' -s, --stdout Write the output to stdout instead of' . "\n"); 175 echo(' seperate files in the output directory.' . "\n"); 176 echo("\n"); 177} 178