coc and r&s test in pendantic target

[swamid-metadata.git] / Makefile

KEY=/opt/swamid-credentials/swamid-signer.key
CERT=/opt/swamid-credentials/swamid-signer.crt
PASS=$(shell cat /opt/swamid-credentials/swamid-signer-pass.txt)
DEST=/opt/published-metadata
SRCDIRS=swamid-2.0

DAYS:=15
DATE=$(shell perl scripts/expiration_date.pl $(DAYS))
RPI=false
CONTACTS=false
TOU=true
ORG=true
TRANSFORM=xslt/normalize.xsl
ID=$(shell perl scripts/unique_id.pl)
XSLTDEFS := --stringparam org $(ORG) --stringparam ID $(ID) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) 
SIGNER := xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS)

-include local.mk

all: clean dependencies test sign clean web

MXML=$(shell echo *.mxml)

sign: swamid upstream projects

%.sig: %.mxml
        # normalization
        xsltproc $(XSLTDEFS) --xinclude $(TRANSFORM) $< > $*.n
        # signing
        xsltproc $(XSLTDEFS) --xinclude xslt/sign.xsl $*.n > $*.tbs
        $(SIGNER) --output $@ $*.tbs
        # verification
        xmllint --xinclude --nowarning --noout --path schema --schema  schema.xsd $@
        #rm -f $*.tbs $*.n

%.pub: %.sig
        samlsign -c $(CERT) -f $< && xmllint --c14n $< > $(DEST)/$*.xml
        rm -f $<

dependencies: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml

upstream: edugain kalmar

kalmar:
        $(MAKE) RPI=false CONTACTS=false swamid-kalmar-1.0.pub swamid-kalmar-testing-1.0.pub

edugain:
        $(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub

projects: swamid-fiv-test swamid-ki-sll

swamid-ki-sll:
        $(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-ki-sll-1.0.pub

swamid-fiv-test:
        $(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-fiv-test.pub

aggregate: swamid-externals swamid-interfederations

swamid-externals: swamid-externals1 swamid-externals2

swamid-externals1:
        scripts/aggregate.sh swamid-externals-1.0

swamid-externals2:
        scripts/aggregate.sh swamid-externals-2.0

swamid-interfederations: swamid-interfederations1 swamid-interfederations2

swamid-interfederations1:
        scripts/aggregate.sh swamid-interfederations-1.0

swamid-interfederations2:
        scripts/aggregate.sh swamid-interfederations-2.0

swamid: swamid-2.0.pub swamid-no-interfederation-combined.pub swamid-discovery.pub swamid-idp.pub swamid-idp-transitive.pub swamid-registered.pub swamid-testing-1.0.pub swamid-testing-idp-1.0.pub

web: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
        cp swamid-tou-en.txt swamid-tou-sv.txt sunet-swamid.png HEADER.html README.html $(DEST)

swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml
        @xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml

swamid-externals-sp-2.0.xml: swamid-externals-2.0.mxml
        @xsltproc --xinclude xslt/extract-non-idp.xslt swamid-externals-2.0.mxml > swamid-externals-sp-2.0.xml

test: clean dependencies schematest 

pedantic: clean dependencies schematest refedsRnS geantCoCo

schematest:
        @for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1 ; done | sed 's/fails to validate/\e[1;31m&\e[0m/;s/validates/\e[1;32m&\e[0m/'
        @for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x > /dev/null 2>&1 || exit 1 ; done

clean:
        @rm -f *.xml *.tbs *.n

tidy:
        @for x in `find $(SRCDIRS) -name \*.xml`; do xsltproc xslt/clean-entitydescriptor.xsl $$x > $$x.c && mv $$x.c $$x; done

refedsRnS:
        @echo "Checking for refeds R&S compatibillity"
        @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l SPSSODescriptor` ; do \
        got_refeds_RnS=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes" - 2>/dev/null | grep 'http://refeds.org/category/research-and-scholarship'` ; \
        if [ -n "$$got_refeds_RnS" ] ; then \
        http_post=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AssertionConsumerService" - 2>/dev/null | grep 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'` ; \
        if [ -z "$$http_post" ] ; then echo "$$x: Missing HTTP-POST binding." ; fi ; \
        mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
        if [ -z "$$mdui_DisplayName" ] ; then echo "$$x: Missing mdui:DisplayName." ; fi ; \
        mdui_InformationURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/InformationURL" - 2>/dev/null | grep 'InformationURL'` ; \
        if [ -z "$$mdui_InformationURL" ] ; then echo "$$x: Missing mdui:InformationURL." ; fi ; \
        tech_contact=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson[@contactType='technical']" - 2>/dev/null | grep 'EmailAddress'` ; \
        if [ -z "$$tech_contact" ] ; then echo "$$x: Missing ContactPerson contactType='technical'." ; fi ; \
        requested_attributes=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService" - 2>/dev/null | grep 'RequestedAttribute'` ; \
        if [ -z "$$requested_attributes" ] ; then echo "$$x: Missing requested attributes." ; fi ; \
        fi ; \
        done | grep . && exit 1 || true

geantCoCo:
        @echo "Checking for Geant CoCo compliance"
        @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l SPSSODescriptor` ; do \
        got_geant_CoCo=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes" - 2>/dev/null | grep 'http://www.geant.net/uri/dataprotection-code-of-conduct/v1'` ; \
        if [ -n "$$got_geant_CoCo" ] ; then \
        mdui_check=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - 2>/dev/null` ; \
        if [ -z "$$mdui_check" ] ; then \
        echo "$$x: Missing MDUI." ; \
        else \
        mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
        if [ -z "$$mdui_DisplayName" ] ; then echo "$$x: Missing mdui:DisplayName." ; fi ; \
        mdui_Descr=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
        if [ -z "$$mdui_Descr" ] ; then echo "$$x: Missing mdui:Description." ; fi ; \
        for y in `cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - | grep -v "UIInfo" | awk '{print $$1}' | cut -c2- | sort -u` ; do \
        mdui_Test=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/$$y" - 2>/dev/null | grep $$y | grep 'xml:lang="en"'` ; \
        if [ -z "$$mdui_Test" ] ; then echo "$$x: Missing xml:lang=\"en\" on mdui:$$y." ; fi ; \
        done ; \
        fi ; \
        requestedAttribute=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService/RequestedAttribute" - 2>/dev/null | grep 'RequestedAttribute'` ; \
        if [ -z "$$requestedAttribute" ] ; then echo "$$x: Missing RequestedAttribute." ; fi ; \
        fi ; \
        done | grep . && exit 1 || true

committest: test
        @echo "Check for mismatch between MDUI DisplayName and OrganizationDisplayName"
        @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do mdui_displayname=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor//UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[   ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` organizationdisplayname=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[    ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` ; if [ -n "$$mdui_displayname" -a -n "$$organizationdisplayname" -a "$$mdui_displayname" != "$$organizationdisplayname" ] ; then echo "$$x: $$lang '$$mdui_displayname' vs $$lang '$$organizationdisplayname'" ; fi ; done ; done | grep . && exit 1 || true
        @echo "Checking for uniq IdP OrganizationDisplayName"
        @for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[    ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^;$$x $$lang ;" ; done | sort -k 3 | uniq -D -f 2 ; done | grep . && exit 1 || true
        @echo "Checking for entity-categories in SPSSODescriptors that should be moved to EntityDescriptor/Extensions"
        @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/SPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
        @echo "Checking for entity-categories in IDPSSODescriptor that should be moved to EntityDescriptor/Extensions"
        @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/IDPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
        @echo "Checking for MDUI in EntityDescriptor/Extensions"
        @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/Extensions/UIInfo - 2>/dev/null | grep -q . ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
        @echo "Checking for entitycategories for IdPs that should be entity-category-support"
        @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]/AttributeValue/text()' - 2>/dev/null | grep -q http://refeds.org/category/research-and-scholarship ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
        @echo "Checking for invalid IPHint"
        @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*IPHint>\(.*\)</[a-z0-9:]*IPHint>;\1;p' | grep -q -vE '^$$|^[0-9./a-fA-F:]*$$' ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
        @echo "Checking for invalid geodata (syntax is geo:xx.yy,zz.vv)"
        @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*GeolocationHint>\(.*\)</[a-z0-9:]*GeolocationHint>;\1;p' | grep -q -vE '^$$|^geo:[0-9][0-9][0-9.]*,[0-9][0-9][0-9.]*$$' ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
        @echo "Check for new SP:s with SimpleSign (breaks ADFS IdP:s with Shib SP 2.5+)"
        @for x in `find $(SRCDIRS) -name \*.xml`; do if ! grep -qx `basename $$x` sp-with-simplesign && grep -q HTTP-POST-SimpleSign $$x ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true

commit: tidy committest
        @git diff --color || true
        @echo ; echo -n "Run 'git commit -a'? [Y/n/skip] " ; read x ; case $$x in "Y"|"y"|"") git commit -a ;; s|skip) ;; *) exit 1 ;; esac
        @git status -u
        @echo "Checking for not committed files in swamid-2.0/" ; if git status --porcelain --ignored | awk '{print $$2}' | grep "^swamid-2.0/" | sed 's/^/  /' | grep . ; then echo "Not committed files in swamid-2.0/, aborting" ; exit 1 ; fi
        @echo ; echo -n "Run 'git push'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac
        @git push