coc and r&s test in pendantic target
[swamid-metadata.git] / Makefile
1
2 KEY=/opt/swamid-credentials/swamid-signer.key
3 CERT=/opt/swamid-credentials/swamid-signer.crt
4 PASS=$(shell cat /opt/swamid-credentials/swamid-signer-pass.txt)
5 DEST=/opt/published-metadata
6 SRCDIRS=swamid-2.0
7
8 DAYS:=15
9 DATE=$(shell perl scripts/expiration_date.pl $(DAYS))
10 RPI=false
11 CONTACTS=false
12 TOU=true
13 ORG=true
14 TRANSFORM=xslt/normalize.xsl
15 ID=$(shell perl scripts/unique_id.pl)
16 XSLTDEFS := --stringparam org $(ORG) --stringparam ID $(ID) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) 
17 SIGNER := xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS)
18
19 -include local.mk
20
21 all: clean dependencies test sign clean web
22
23 MXML=$(shell echo *.mxml)
24
25 sign: swamid upstream projects
26
27 %.sig: %.mxml
28         # normalization
29         xsltproc $(XSLTDEFS) --xinclude $(TRANSFORM) $< > $*.n
30         # signing
31         xsltproc $(XSLTDEFS) --xinclude xslt/sign.xsl $*.n > $*.tbs
32         $(SIGNER) --output $@ $*.tbs
33         # verification
34         xmllint --xinclude --nowarning --noout --path schema --schema  schema.xsd $@
35         #rm -f $*.tbs $*.n
36
37 %.pub: %.sig
38         samlsign -c $(CERT) -f $< && xmllint --c14n $< > $(DEST)/$*.xml
39         rm -f $<
40
41 dependencies: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml
42
43 upstream: edugain kalmar
44
45 kalmar:
46         $(MAKE) RPI=false CONTACTS=false swamid-kalmar-1.0.pub swamid-kalmar-testing-1.0.pub
47
48 edugain:
49         $(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub
50
51 projects: swamid-fiv-test swamid-ki-sll
52
53 swamid-ki-sll:
54         $(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-ki-sll-1.0.pub
55
56 swamid-fiv-test:
57         $(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-fiv-test.pub
58
59 aggregate: swamid-externals swamid-interfederations
60
61 swamid-externals: swamid-externals1 swamid-externals2
62
63 swamid-externals1:
64         scripts/aggregate.sh swamid-externals-1.0
65
66 swamid-externals2:
67         scripts/aggregate.sh swamid-externals-2.0
68
69 swamid-interfederations: swamid-interfederations1 swamid-interfederations2
70
71 swamid-interfederations1:
72         scripts/aggregate.sh swamid-interfederations-1.0
73
74 swamid-interfederations2:
75         scripts/aggregate.sh swamid-interfederations-2.0
76
77 swamid: swamid-2.0.pub swamid-no-interfederation-combined.pub swamid-discovery.pub swamid-idp.pub swamid-idp-transitive.pub swamid-registered.pub swamid-testing-1.0.pub swamid-testing-idp-1.0.pub
78
79 web: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
80         cp swamid-tou-en.txt swamid-tou-sv.txt sunet-swamid.png HEADER.html README.html $(DEST)
81
82 swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml
83         @xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml
84
85 swamid-externals-sp-2.0.xml: swamid-externals-2.0.mxml
86         @xsltproc --xinclude xslt/extract-non-idp.xslt swamid-externals-2.0.mxml > swamid-externals-sp-2.0.xml
87
88 test: clean dependencies schematest 
89
90 pedantic: clean dependencies schematest refedsRnS geantCoCo
91
92 schematest:
93         @for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1 ; done | sed 's/fails to validate/\e[1;31m&\e[0m/;s/validates/\e[1;32m&\e[0m/'
94         @for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x > /dev/null 2>&1 || exit 1 ; done
95
96 clean:
97         @rm -f *.xml *.tbs *.n
98
99 tidy:
100         @for x in `find $(SRCDIRS) -name \*.xml`; do xsltproc xslt/clean-entitydescriptor.xsl $$x > $$x.c && mv $$x.c $$x; done
101
102 refedsRnS:
103         @echo "Checking for refeds R&S compatibillity"
104         @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l SPSSODescriptor` ; do \
105         got_refeds_RnS=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes" - 2>/dev/null | grep 'http://refeds.org/category/research-and-scholarship'` ; \
106         if [ -n "$$got_refeds_RnS" ] ; then \
107         http_post=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AssertionConsumerService" - 2>/dev/null | grep 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'` ; \
108         if [ -z "$$http_post" ] ; then echo "$$x: Missing HTTP-POST binding." ; fi ; \
109         mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
110         if [ -z "$$mdui_DisplayName" ] ; then echo "$$x: Missing mdui:DisplayName." ; fi ; \
111         mdui_InformationURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/InformationURL" - 2>/dev/null | grep 'InformationURL'` ; \
112         if [ -z "$$mdui_InformationURL" ] ; then echo "$$x: Missing mdui:InformationURL." ; fi ; \
113         tech_contact=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson[@contactType='technical']" - 2>/dev/null | grep 'EmailAddress'` ; \
114         if [ -z "$$tech_contact" ] ; then echo "$$x: Missing ContactPerson contactType='technical'." ; fi ; \
115         requested_attributes=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService" - 2>/dev/null | grep 'RequestedAttribute'` ; \
116         if [ -z "$$requested_attributes" ] ; then echo "$$x: Missing requested attributes." ; fi ; \
117         fi ; \
118         done | grep . && exit 1 || true
119
120 geantCoCo:
121         @echo "Checking for Geant CoCo compliance"
122         @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l SPSSODescriptor` ; do \
123         got_geant_CoCo=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes" - 2>/dev/null | grep 'http://www.geant.net/uri/dataprotection-code-of-conduct/v1'` ; \
124         if [ -n "$$got_geant_CoCo" ] ; then \
125         mdui_check=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - 2>/dev/null` ; \
126         if [ -z "$$mdui_check" ] ; then \
127         echo "$$x: Missing MDUI." ; \
128         else \
129         mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
130         if [ -z "$$mdui_DisplayName" ] ; then echo "$$x: Missing mdui:DisplayName." ; fi ; \
131         mdui_Descr=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
132         if [ -z "$$mdui_Descr" ] ; then echo "$$x: Missing mdui:Description." ; fi ; \
133         for y in `cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - | grep -v "UIInfo" | awk '{print $$1}' | cut -c2- | sort -u` ; do \
134         mdui_Test=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/$$y" - 2>/dev/null | grep $$y | grep 'xml:lang="en"'` ; \
135         if [ -z "$$mdui_Test" ] ; then echo "$$x: Missing xml:lang=\"en\" on mdui:$$y." ; fi ; \
136         done ; \
137         fi ; \
138         requestedAttribute=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService/RequestedAttribute" - 2>/dev/null | grep 'RequestedAttribute'` ; \
139         if [ -z "$$requestedAttribute" ] ; then echo "$$x: Missing RequestedAttribute." ; fi ; \
140         fi ; \
141         done | grep . && exit 1 || true
142
143 committest: test
144         @echo "Check for mismatch between MDUI DisplayName and OrganizationDisplayName"
145         @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do mdui_displayname=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor//UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[   ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` organizationdisplayname=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[    ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` ; if [ -n "$$mdui_displayname" -a -n "$$organizationdisplayname" -a "$$mdui_displayname" != "$$organizationdisplayname" ] ; then echo "$$x: $$lang '$$mdui_displayname' vs $$lang '$$organizationdisplayname'" ; fi ; done ; done | grep . && exit 1 || true
146         @echo "Checking for uniq IdP OrganizationDisplayName"
147         @for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[    ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^;$$x $$lang ;" ; done | sort -k 3 | uniq -D -f 2 ; done | grep . && exit 1 || true
148         @echo "Checking for entity-categories in SPSSODescriptors that should be moved to EntityDescriptor/Extensions"
149         @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/SPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
150         @echo "Checking for entity-categories in IDPSSODescriptor that should be moved to EntityDescriptor/Extensions"
151         @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/IDPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
152         @echo "Checking for MDUI in EntityDescriptor/Extensions"
153         @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/Extensions/UIInfo - 2>/dev/null | grep -q . ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
154         @echo "Checking for entitycategories for IdPs that should be entity-category-support"
155         @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]/AttributeValue/text()' - 2>/dev/null | grep -q http://refeds.org/category/research-and-scholarship ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
156         @echo "Checking for invalid IPHint"
157         @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*IPHint>\(.*\)</[a-z0-9:]*IPHint>;\1;p' | grep -q -vE '^$$|^[0-9./a-fA-F:]*$$' ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
158         @echo "Checking for invalid geodata (syntax is geo:xx.yy,zz.vv)"
159         @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*GeolocationHint>\(.*\)</[a-z0-9:]*GeolocationHint>;\1;p' | grep -q -vE '^$$|^geo:[0-9][0-9][0-9.]*,[0-9][0-9][0-9.]*$$' ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
160         @echo "Check for new SP:s with SimpleSign (breaks ADFS IdP:s with Shib SP 2.5+)"
161         @for x in `find $(SRCDIRS) -name \*.xml`; do if ! grep -qx `basename $$x` sp-with-simplesign && grep -q HTTP-POST-SimpleSign $$x ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
162
163 commit: tidy committest
164         @git diff --color || true
165         @echo ; echo -n "Run 'git commit -a'? [Y/n/skip] " ; read x ; case $$x in "Y"|"y"|"") git commit -a ;; s|skip) ;; *) exit 1 ;; esac
166         @git status -u
167         @echo "Checking for not committed files in swamid-2.0/" ; if git status --porcelain --ignored | awk '{print $$2}' | grep "^swamid-2.0/" | sed 's/^/  /' | grep . ; then echo "Not committed files in swamid-2.0/, aborting" ; exit 1 ; fi
168         @echo ; echo -n "Run 'git push'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac
169         @git push