1#!/usr/bin/env php
2<?php
3
4/*
5 * This script can be used to generate metadata for SimpleSAMLphp
6 * based on an XML metadata file.
7 */
8
9
10// This is the base directory of the SimpleSAMLphp installation
11$baseDir = dirname(dirname(dirname(dirname(__FILE__))));
12
13// Add library autoloader.
14require_once($baseDir . '/lib/_autoload.php');
15
16if(!SimpleSAML\Module::isModuleEnabled('metarefresh')) {
17	echo("You need to enable the metarefresh module before this script can be used.\n");
18	echo("You can enable it by running the following command:\n");
19	echo('  echo >"' . $baseDir . '/modules/metarefresh/enable' . "\"\n");
20	exit(1);
21}
22
23/* Initialize the configuration. */
24$configdir = SimpleSAML\Utils\Config::getConfigDir();
25SimpleSAML_Configuration::setConfigDir($configdir);
26
27/* $outputDir contains the directory we will store the generated metadata in. */
28$outputDir = $baseDir . '/metadata-generated';
29
30
31/* $toStdOut is a boolean telling us wheter we will print the output to stdout instead
32 * of writing it to files in $outputDir.
33 */
34$toStdOut = FALSE;
35
36/* $certificates contains the certificates which should be used to check the signature of the signed
37 * EntityDescriptor in the metadata, or NULL if signature verification shouldn't be done.
38 */
39$certificates = NULL;
40
41/* $validateFingerprint contains the fingerprint of the certificate which should have been used
42 * to sign the EntityDescriptor in the metadata, or NULL if fingerprint validation shouldn't be
43 * done.
44 */
45$validateFingerprint = NULL;
46
47
48/* This variable contains the files we will parse. */
49$files = array();
50
51/* Parse arguments. */
52
53$progName = array_shift($argv);
54
55foreach($argv as $a) {
56	if(strlen($a) === 0) {
57		continue;
58	}
59
60	if($a[0] !== '-') {
61		/* Not an option. Assume that it is a file we should parse. */
62		$files[] = $a;
63		continue;
64	}
65
66	if(strpos($a, '=') !== FALSE) {
67		$p = strpos($a, '=');
68		$v = substr($a, $p + 1);
69		$a = substr($a, 0, $p);
70	} else {
71		$v = NULL;
72	}
73
74	/* Map short options to long options. */
75	$shortOptMap = array(
76		'-h' => '--help',
77		'-o' => '--out-dir',
78		'-s' => '--stdout',
79		);
80	if(array_key_exists($a, $shortOptMap)) {
81		$a = $shortOptMap[$a];
82	}
83
84	switch($a) {
85	case '--certificate':
86		if($v === NULL || strlen($v) === 0) {
87			echo('The --certficate option requires an parameter.' . "\n");
88			echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
89			exit(1);
90		}
91		$certificates[] = $v;
92		break;
93	case '--validate-fingerprint':
94		if($v === NULL || strlen($v) === 0) {
95			echo('The --validate-fingerprint option requires an parameter.' . "\n");
96			echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
97			exit(1);
98		}
99		$validateFingerprint = $v;
100		break;
101	case '--help':
102		printHelp();
103		exit(0);
104	case '--out-dir':
105		if($v === NULL || strlen($v) === 0) {
106			echo('The --out-dir option requires an parameter.' . "\n");
107			echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
108			exit(1);
109		}
110		$outputDir =   $baseDir . ($v[0] == '/' ? $v : '/' .  $v);
111		break;
112	case '--stdout':
113		$toStdOut = TRUE;
114		break;
115	default:
116		echo('Unknown option: ' . $a . "\n");
117		echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
118		exit(1);
119	}
120}
121
122if(count($files) === 0) {
123	echo($progName . ': Missing input files. Please run `' . $progName . ' --help` for usage information.' . "\n");
124	exit(1);
125}
126
127
128
129
130/* The metadata global variable will be filled with the metadata we extract. */
131$metaloader = new sspmod_metarefresh_MetaLoader();
132
133foreach($files as $f) {
134	$source = array('src' => $f);
135	if (isset($certificates)) $source['certificates'] = $certificates;
136	if (isset($validateFingerprint)) $source['validateFingerprint'] = $validateFingerprint;
137	$metaloader->loadSource($source);
138}
139
140if($toStdOut) {
141	$metaloader->dumpMetadataStdOut();
142} else {
143	$metaloader->writeMetadataFiles($outputDir);
144}
145
146/**
147 * This function prints the help output.
148 */
149function printHelp() {
150	global $progName;
151
152	/*   '======================================================================' */
153	echo('Usage: ' . $progName . ' [options] [files]' . "\n");
154	echo("\n");
155	echo('This program parses a SAML metadata files and output pieces that can' . "\n");
156	echo('be added to the metadata files in metadata/.' . "\n");
157	echo("\n");
158	echo('Options:' . "\n");
159	echo(' --certificate=<FILE>         The certificate which should be used' . "\n");
160	echo('                              to check the signature of the metadata.' . "\n");
161	echo('                              The file are stored in the cert dir.' . "\n");
162	echo('                              It is possibility to add multiple' . "\n");
163	echo('                              --certificate options to handle' . "\n");
164	echo('                              key rollover.' . "\n");
165	echo(' --validate-fingerprint=<FINGERPRINT>' . "\n");
166	echo('                              Check the signature of the metadata,' . "\n");
167	echo('                              and check the fingerprint of the' . "\n");
168	echo('                              certificate against <FINGERPRINT>.' . "\n");
169	echo(' -h, --help                   Print this help.' . "\n");
170	echo(' -o=<DIR>, --out-dir=<DIR>    Write the output to this directory. The' . "\n");
171	echo('                              default directory is metadata-generated/.' . "\n");
172	echo('                              Path will be relative to the SimpleSAMLphp' . "\n");
173	echo('                              base directory.' . "\n");
174	echo(' -s, --stdout                 Write the output to stdout instead of' . "\n");
175	echo('                              seperate files in the output directory.' . "\n");
176	echo("\n");
177}
178