SWAMID-1378 Removed empty <md:TelephoneNumber/>
[swamid-metadata.git] / Makefile
1
2 KEY  := /opt/swamid-credentials/swamid-signer.key
3 CERT := /opt/swamid-credentials/swamid-signer.crt
4 PASS := $(shell test -f /opt/swamid-credentials/swamid-signer-pass.txt && cat /opt/swamid-credentials/swamid-signer-pass.txt)
5 DEST := /opt/published-metadata
6 SRCDIRS=swamid-2.0
7
8 DAYS:=15
9 DATE=$(shell perl scripts/expiration_date.pl $(DAYS))
10 NOW=$(shell perl scripts/now_date.pl)
11 RPI=false
12 CONTACTS=false
13 TOU=true
14 ORG=true
15 TRANSFORM=xslt/normalize.xsl
16 ID=$(shell perl scripts/unique_id.pl)
17 XSLTDEFS := --stringparam org $(ORG) --stringparam ID $(ID) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) --stringparam now $(NOW)
18 SIGNER := xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --id-attr:ID urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor
19 BASEURL := http://md.swamid.se/md
20 SIGN := xslt/sign.xsl
21 SITE := site/md.swamid.se
22 TOU  := swamid-tou-en.txt swamid-tou-sv.txt
23
24 -include $(SWAMID_MK_CONFIG)
25
26 all: clean dependencies test sign clean web
27
28 MXML=$(shell echo *.mxml)
29 SWAMIDXML=$(patsubst swamid-2.0/%.xml,.time/%.time,$(wildcard swamid-2.0/*.xml))
30
31 sign: swamid upstream
32
33 %.sig: %.mxml
34         xsltproc $(XSLTDEFS) --stringparam target "$(BASEURL)/$*.xml" --xinclude $(TRANSFORM) $< > $*.n
35         xsltproc $(XSLTDEFS) --xinclude $(SIGN) $*.n > $*.tbs
36         $(SIGNER) --output $@ $*.tbs
37         xmllint --xinclude --nowarning --noout --path schema --schema  schema.xsd $@
38         rm -f $*.tbs $*.n
39
40 %.pub: %.sig
41         mkdir -p $(DEST) && xmllint --nowarning --noout --path schema --schema schema.xsd $< && mv $< $(DEST)/$*.xml
42
43 #dependencies: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml swamid-interfederations-sp-2.0.xml
44 dependencies:  swamid-interfederations-idp-2.0.xml swamid-interfederations-sp-2.0.xml
45
46 # kalmar obsolete
47 #upstream: edugain kalmar
48 upstream: edugain
49
50 kalmar:
51         env SWAMID_MK_CONFIG=$(SWAMID_MK_CONFIG) $(MAKE) RPI=false CONTACTS=false swamid-kalmar-1.0.pub swamid-kalmar-testing-1.0.pub
52
53 edugain:
54         env SWAMID_MK_CONFIG=$(SWAMID_MK_CONFIG) $(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub
55
56 #aggregate: swamid-externals swamid-interfederations
57 aggregate: swamid-interfederations
58
59 swamid-externals: swamid-externals1 swamid-externals2
60
61 swamid-externals1:
62         scripts/aggregate.sh swamid-externals-1.0
63
64 swamid-externals2:
65         scripts/aggregate.sh swamid-externals-2.0
66
67 # kalmar obsolete
68 #swamid-interfederations: swamid-interfederations1 swamid-interfederations2
69 swamid-interfederations: swamid-interfederations2
70
71 swamid-interfederations1:
72         scripts/aggregate.sh swamid-interfederations-1.0
73
74 swamid-interfederations2:
75         scripts/aggregate.sh swamid-interfederations-2.0
76         @# Blocked by SWAMID-OPS 2021-04-21
77         @sed -i '/services.sheerid.com-Shibboleth-UK/d' swamid-interfederations-2.0.mxml
78         @# Blocked by SWAMID-OPS 2021-12-10 SWAMID-550
79         @sed -i '/verify-a.myunidays.com-shibboleth/d' swamid-interfederations-2.0.mxml
80         @sed -i '/verify-l.myunidays.com-shibboleth/d' swamid-interfederations-2.0.mxml
81         @sed -i '/mecenat.com-sp/d' swamid-interfederations-2.0.mxml
82         @sed -i '/connect.mecenat.com-shibboleth/d' swamid-interfederations-2.0.mxml
83         @sed -i '/verify.studentbeans.com-shibboleth/d' swamid-interfederations-2.0.mxml
84         @sed -i '/federation.proxi.id-samlbridge-module.php-saml-sp-metadata.php-cyclone-saml-bridge/d' swamid-interfederations-2.0.mxml
85         @# Blocked by SWAMID-OPS 2022-04-14 SWAMID-837
86         @sed -i '/access-check.edugain.org-simplesaml-saml2-idp-metadata.php/d' swamid-interfederations-2.0.mxml
87         @# Blocked by SWAMID-OPS 2022-04-25 SWAMID-854
88         @sed -i '/potential.ly/d' swamid-interfederations-2.0.mxml
89
90 swamid: swamid-2.0.pub swamid-no-interfederation-combined.pub swamid-discovery.pub swamid-idp.pub swamid-idp-transitive.pub swamid-sp-transitive.pub swamid-registered.pub swamid-testing-1.0.pub swamid-testing-idp-1.0.pub
91
92 web: $(SITE) $(TOU)
93         rsync -avz $(TOU) $(SITE)/ $(DEST)
94
95 swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml
96         @xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml
97         @# Empty PrivacyStatementURL 2020-12-09
98         @#sed -i '/sso.irc.ugent.be-auth-realms-irc/d' swamid-interfederations-idp-2.0.xml
99         @# Empty ds:KeyName 2021-03-26
100         @#sed -i '/idp.kre.hu-simplesaml-saml2-idp-metadata/d' swamid-interfederations-idp-2.0.xml
101         @#sed -i '/idp.kre.hu-simplesaml-saml2-idp-metadata/d' swamid-interfederations-2.0.mxml
102
103 swamid-interfederations-sp-2.0.xml: swamid-interfederations-2.0.mxml
104         @xsltproc --xinclude xslt/extract-sp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-sp-2.0.xml
105
106 swamid-externals-sp-2.0.xml: swamid-externals-2.0.mxml
107         @xsltproc --xinclude xslt/extract-non-idp.xslt swamid-externals-2.0.mxml > swamid-externals-sp-2.0.xml
108
109 syntaxtest: clean dependencies schematest
110
111 pedantic: clean dependencies schematest testRefedsRnS testGeantCoCo testEduGAINchecks
112
113 schematest:
114         @fail=false ; for x in $(MXML); do test=`xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1`; rc=$$?; echo $$test | sed 's/fails to validate/\e[1;31m&\e[0m/;s/validates/\e[1;32m&\e[0m/'; if [ $$rc -gt 0 ]; then fail=true ; fi; done ; if $$fail ; then exit 1 ; fi
115
116 clean:
117         @rm -f *.xml *.tbs *.n *.sig
118
119 tidy:
120         @for x in `find $(SRCDIRS) -name \*.xml`; do xsltproc --stringparam regDate $(NOW) xslt/add-rpi.xsl $$x > $$x.c && mv $$x.c $$x; done
121         @for x in `find $(SRCDIRS) -name \*.xml`; do xsltproc xslt/clean-entitydescriptor.xsl $$x > $$x.c && mv $$x.c $$x; done
122
123 testMetadataUsage:
124         @echo "Checking for files in swamid-2.0 that isn't used"
125         @for file in swamid-2.0/* ; do if ! grep -q $$file *.mxml; then echo "  $$file is not referenced in any mxml file"; fi; done | sed 's/.*/\e[1;31m&\e[0m/'
126
127 testRefedsRnS:
128         @echo "Checking for refeds R&S compatibillity for entities exported to eduGAIN"
129         @for x in `cat swamid-edugain-*.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}' | xargs grep -l SPSSODescriptor` ; do \
130         got_refeds_RnS=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes/Attribute[@Name='http://macedir.org/entity-category']/AttributeValue" - 2>/dev/null | grep 'http://refeds.org/category/research-and-scholarship'` ; \
131         if [ -n "$$got_refeds_RnS" ] ; then \
132         http_post=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AssertionConsumerService" - 2>/dev/null | grep 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'` ; \
133         if [ -z "$$http_post" ] ; then echo "  $$x: Missing HTTP-POST binding." | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; \
134         mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
135         if [ -z "$$mdui_DisplayName" ] ; then echo "  $$x: Missing mdui:DisplayName." | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; \
136         mdui_InformationURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/InformationURL" - 2>/dev/null | grep 'InformationURL'` ; \
137         if [ -z "$$mdui_InformationURL" ] ; then echo "  $$x: Missing mdui:InformationURL." | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; \
138         tech_contact=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson[@contactType='technical']" - 2>/dev/null | grep 'EmailAddress'` ; \
139         if [ -z "$$tech_contact" ] ; then echo "  $$x: Missing ContactPerson contactType='technical'." | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; \
140         fi ; \
141         done
142
143 testGeantCoCo:
144         @#echo "Checking for Geant CoCo compliance"
145         @#touch sp-with-coco-errors
146         @#for x in `cat swamid-edugain-sp-1.0.mxml swamid-edugain-testing-1.0.mxml swamid-sp-2.0.mxml swamid-testing-sp-1.0.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}' | xargs grep -l SPSSODescriptor | sort -u` ; do \
147                 #got_geant_CoCo=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes/Attribute[@Name='http://macedir.org/entity-category']/AttributeValue" - 2>/dev/null | grep 'http://www.geant.net/uri/dataprotection-code-of-conduct/v1'` ; \
148                 #if [ -n "$$got_geant_CoCo" ] ; then \
149                 #    ( \
150                         #mdui_check=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - 2>/dev/null` ; \
151                         #if [ -z "$$mdui_check" ] ; then \
152                         #       echo "    Missing MDUI"'' ; \
153                         #else \
154                         #       mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
155                         #       if [ -z "$$mdui_DisplayName" ] ; then echo "    Missing mdui:DisplayName"'' ; fi ; \
156                         #       mdui_Descr=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
157                         #       if [ -z "$$mdui_Descr" ] ; then echo "    Missing mdui:Description"'' ; fi ; \
158                         #       for y in `cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - | grep -v "UIInfo" | awk '{print $$1}' | grep "<" | cut -c2- | sort -u` ; do \
159                         #               mdui_Test=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/$$y" - 2>/dev/null | grep $$y | grep 'xml:lang="en"'` ; \
160                         #               if [ -z "$$mdui_Test" ] ; then echo "    Missing xml:lang=\"en\" on mdui:$$y"'' ; fi ; \
161                         #               done ; \
162                         #       mdui_PrivacyStatementURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/PrivacyStatementURL" - 2>/dev/null | grep 'PrivacyStatementURL' | sed 's/&amp;/\&/g'` ; \
163                         #       if [ -z "$$mdui_PrivacyStatementURL" ] ; then \
164                         #               echo "    Missing PrivacyStatementURL"'' ; \
165                         #       else \
166                         #               if ! echo "$$mdui_PrivacyStatementURL" | grep -q 'xml:lang="en"' ; then \
167                         #                       echo "    Missing PrivacyStatementURL in english"'' ; \
168                         #               fi ; \
169                         #       fi ; \
170                         #fi ; \
171                         #requestedAttribute=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService/RequestedAttribute" - 2>/dev/null | grep 'RequestedAttribute'` ; \
172                         #if [ -z "$$requestedAttribute" ] ; then echo "    Missing RequestedAttribute"'' ; fi ; \
173                 #    ) | sed "1s;..*;  \e[1\;31m$$x\e[0m\n&;" | grep . && echo " " ; \
174                 #fi ; \
175         #done | grep . && tty -s && exit 1 || exit 0
176
177 testEduGAINchecks:
178         @echo "Checking for attributes not allowed in entities exported to eduGAIN"
179         @for x in `cat swamid-edugain-*.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}' | xargs grep -l SPSSODescriptor` ; do \
180                 if ( grep -q "AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" $$x ); then \
181                         echo "  $$x: AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" not allowed";  \
182                 fi ;  \
183         done
184         @for x in `cat swamid-edugain-idp-1.0.mxml swamid-edugain-sp-1.0.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}'` ; do \
185                 sed 's;\(</*\)[a-z0-9]*:;\1;g' $$x | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Organization/OrganizationName' - 2>/dev/null | grep -vq "^$$" || echo "  $$x missing OrganizationName" | sed 's/.*/\e[1;31m&\e[0m/' ; \
186                 sed 's;\(</*\)[a-z0-9]*:;\1;g' $$x | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Organization/OrganizationDisplayName' - 2>/dev/null | grep -vq "^$$" || echo "  $$x missing OrganizationDisplayName" | sed 's/.*/\e[1;31m&\e[0m/' ; \
187                 sed 's;\(</*\)[a-z0-9]*:;\1;g' $$x | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Organization/OrganizationURL' - 2>/dev/null | grep -vq "^$$" || echo "  $$x missing OrganizationURL" | sed 's/.*/\e[1;31m&\e[0m/' ; \
188         done
189
190
191 testMDUI:
192         @#echo "Checking for bad lang codes"
193         @## Lang = ISO_639-1
194         @#for x in swamid-2.0/*.xml ; do bad_langs=`cat $$x | sed -n 's/.*xml:lang="\([^"]*\)".*/\1/p' | sort -u | grep -vxE 'cs|da|de|en|fi|fr|it|sv|no|nn|nb|is'` ; if [ -n "$$bad_langs" ] ; then echo "  $$x: `echo $$bad_langs`" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || exit 0
195         @echo "Checking for uniq IdP MDUI DisplayName"
196         @for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\([^"]*\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor/Extensions/UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[       ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^;  $$x $$lang ;" | sed 's/.*/\e[1;31m&\e[0m/' ; done | sort -k 3 | uniq -d -f 2 ; done | grep . && exit 1 || true
197         @#echo "Checking for invalid IPHint"
198         @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*IPHint>\(.*\)</[a-z0-9:]*IPHint>;\1;p' | grep -q -vE '^$$|^[0-9./a-fA-F:]*$$' ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done
199         @#echo "Checking for invalid geodata (syntax is geo:xx.yy,zz.vv)"
200         @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*GeolocationHint>\(.*\)</[a-z0-9:]*GeolocationHint>;\1;p' | grep -q -vE '^$$|^geo:[0-9][0-9][0-9.]*,[0-9][0-9][0-9.]*$$' ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done
201         @#echo "Check for IdP:s with Logos over http"
202         @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n '/IDPSSODescriptor/,/\/IDPSSODescriptor/p' | grep -q 'Logo .*http://' ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || exit 0
203
204 testIdPinSP:
205         @#echo "Check that SP:s does not define IDPSSODescriptor"
206         @#for spfile in `cat swamid-sp-2.0.mxml swamid-externals-sp-2.0.xml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}'` ; do grep -q IDPSSODescriptor $$spfile && echo "  $$spfile" | sed 's/.*/\e[1;31m&\e[0m/' ; done | grep . && exit 1 || exit 0
207
208 testMDUIreach:
209         @echo "Check that MDUI URLs are reachable"
210         @cat swamid-idp-2.0.mxml swamid-sp-2.0.mxml swamid-externals-sp-2.0.xml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}' | \
211         xargs -n1 -P 10 scripts/verify-uiinfo-urls.sh
212
213 testOrgData:
214         @echo "Checking for uniq IdP OrganizationDisplayName"
215         @for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[    ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^;$$x $$lang ;" | sed 's/.*/\ \ \e[1;31m&\e[0m/' ; done | sort -k 3 | uniq -d -f 2 ; done | grep . && exit 1 || true
216
217 testEntCat:
218         @#echo "Checking for multiple EntityAttributes in EntityDescriptor/Extensions"
219         @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l EntityAttributes` ; do if [ `grep EntityAttributes $$x | wc -l ` -gt 2 ]; then echo "Multiple EntityAttributes in $$x" | sed 's/.*/\e[1;31m&\e[0m/'; fi ; done | grep . && exit 1 || true
220         @#echo "Checking for entity-categories in SPSSODescriptors that should be moved to EntityDescriptor/Extensions"
221         @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/SPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || true
222         @#echo "Checking for entity-categories in IDPSSODescriptor that should be moved to EntityDescriptor/Extensions"
223         @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/IDPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || true
224         @#echo "Checking for MDUI in EntityDescriptor/Extensions"
225         @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/Extensions/UIInfo - 2>/dev/null | grep -q . ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || true
226         @#echo "Checking for entitycategories for IdPs that should be entity-category-support"
227         @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]/AttributeValue/text()' - 2>/dev/null | grep -q http://refeds.org/category/research-and-scholarship ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || true
228         @#echo "Checking for wrong Name in EntityAttributes/Attribute"
229         @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "Attribute "` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute' - 2>/dev/null | grep "Attribute " | sed 's/.* Name="//' | sed -e 's/ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"//' -e 's/">//' | egrep -v "http://macedir.org/entity-category|http://macedir.org/entity-category-support|urn:oasis:names:tc:SAML:attribute:assurance-certification|urn:oasis:names:tc:SAML:profiles:subject-id:req|http://www.swamid.se/assurance-requirement" ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || true
230         @#echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://macedir.org/entity-category"
231         @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://macedir.org/entity-category"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://refeds.org/category/research-and-scholarship<|>http://www.geant.net/uri/dataprotection-code-of-conduct/v1<|>http://www.swamid.se/category/research-and-education<|>http://www.swamid.se/category/hei-service<|>http://www.swamid.se/category/nren-service<|>http://www.swamid.se/category/sfs-1993-1153<|>http://www.swamid.se/category/eu-adequate-protection<|>http://refeds.org/category/hide-from-discovery<|>http://id.elegnamnden.se/st/1.0/sigservice<|>http://id.elegnamnden.se/ec/1.0/loa3-pnr<|>http://id.elegnamnden.se/ec/1.0/eidas-naturalperson<|>https://refeds.org/category/anonymous<|>https://myacademicid.org/entity-categories/esi<|>https://refeds.org/category/personalized<|>https://refeds.org/category/pseudonymous<" ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || true
232         @#echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://macedir.org/entity-category-support"
233         @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://macedir.org/entity-category-support"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category-support"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://refeds.org/category/research-and-scholarship<|>http://www.geant.net/uri/dataprotection-code-of-conduct/v1<" ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || true
234         @#echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://www.swamid.se/assurance-requirement"
235         @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://www.swamid.se/assurance-requirement"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://www.swamid.se/assurance-requirement"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<" ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || true
236         @#echo "Checking for wrong AttributeValue in EntityAttributes/Attribute urn:oasis:names:tc:SAML:attribute:assurance-certification"
237         @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<|>http://www.swamid.se/policy/assurance/al3<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi<" ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || true
238
239 testValidContact:
240         @#echo "Checking for valid Contact Information"
241         @#for x in swamid-2.0/*.xml ; do if ( cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson" - 2>/dev/null | grep 'EmailAddress' | grep -qv ">mailto:") ; then echo "\e[1;31m Missing mailto in ContactPerson in file $$x \e[0m" ; fi ; done | grep . && exit 1 || true
242         @#echo "Checking for empty ContactPerson tags"
243         @#if grep -H -E '<(Company|SurName|EmailAddress|TelephoneNumber)/>' swamid-2.0/*.xml | sed 's/^/  /' | grep . ; then exit 1 ; else exit 0 ; fi
244
245 testSimpleSign:
246         @echo "Check for new SP:s with SimpleSign (breaks ADFS IdP:s with Shib SP 2.5+)"
247         @for x in `grep -v "#" sp-with-simplesign`; do if [ ! -r swamid-2.0/$$x ] ; then echo $$x saknas; fi ; done | grep . && exit 1 || exit 0
248         @for x in `find $(SRCDIRS) -name \*.xml`; do if ! grep -qx `basename $$x` sp-with-simplesign && grep -q HTTP-POST-SimpleSign $$x ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done | grep . && exit 1 || exit 0
249
250 testALlevel:
251         @echo Fixa så att vi kollar!!!!!
252         @echo "Check for IdP:s with AL3 without AL2"
253         @for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al3 $$x && ! grep -q http://www.swamid.se/policy/assurance/al2 $$x ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done
254         @echo "Check for IdP:s with AL2 without AL1"
255         @for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al2 $$x && ! grep -q http://www.swamid.se/policy/assurance/al1 $$x ; then echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ; fi ; done
256
257 testBadStrings:
258         @echo "Check for bad strings in metadata"
259         @for x in `find $(SRCDIRS) -name \*.xml`; do grep -E 'ServiceName xml:lang="[^"]*"/>' $$x | sed 's/^/  /' ; done | grep . && exit 1 || exit 0
260
261 testRoleDescriptor:
262         @#echo "Check for RoleDescriptor that should be removed"
263         @#for x in `find $(SRCDIRS) -name \*.xml`; do \
264                 #grep -EH 'RoleDescriptor.*xsi:type="fed:(ApplicationServiceType|SecurityTokenServiceType)"' $$x | \
265                  #sed -e 's/^/  /' -e 's/xmlns.*xsi:type="fed:/xsi:type="fed:/' -e 's/ protocol.*>/>/' -e 's/.*/\e[1;31m&\e[0m/' ; \
266         d#one | grep . && exit 1 || exit 0
267
268 testAttributeInIdP:
269         @#echo "Check for Attribute inside IDPSSODescriptor"
270         @#for x in `find $(SRCDIRS) -name \*.xml`; do \
271                 #if  cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor" - 2>/dev/null | grep -q "    <Attribute Name" ; then \
272                         #echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ;\
273                 #fi;\
274         #done | grep . && exit 1 || exit 0
275
276 testRegistrationAuthority:
277         @echo "Check for registrationAuthority="http://www.swamid.se/" in EntityDescriptor/Extensions"
278         @for x in `find $(SRCDIRS) -name \*.xml`; do \
279                 if ! cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions" - 2>/dev/null | grep -qE 'registrationAuthority="http://www.swamid.se/"|registrationAuthority="http://www.swamid.se/loop"' ; then \
280                         echo "  $$x" | sed 's/.*/\e[1;31m&\e[0m/' ;\
281                 fi;\
282         done | grep . && exit 1 || exit 0
283
284 #test: syntaxtest testMDUI testOrgData testEntCat testSimpleSign testALlevel testEduGAINchecks testRefedsRnS testGeantCoCo testMetadataUsage testBadStrings testIdPinSP testRoleDescriptor testAttributeInIdP testValidContact testRegistrationAuthority
285 test: syntaxtest testMDUI testEntCat testALlevel testEduGAINchecks testRefedsRnS testGeantCoCo testMetadataUsage testBadStrings testIdPinSP testRoleDescriptor testAttributeInIdP testValidContact testRegistrationAuthority
286
287 test2: $(SWAMIDXML) schematest testEntCat testALlevel testEduGAINchecks testRefedsRnS testGeantCoCo testMetadataUsage testBadStrings testIdPinSP testRoleDescriptor testAttributeInIdP testValidContact testRegistrationAuthority
288 #test2: $(SWAMIDXML) 
289
290 .time/%.time: swamid-2.0/%.xml
291         @# make schematest
292         @xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $< 2>&1
293
294         @# make tidy
295         @xsltproc --stringparam regDate $(NOW) xslt/add-rpi.xsl $< > $<.c && mv $<.c $<
296         @xsltproc xslt/clean-entitydescriptor.xsl $< > $<.c && mv $<.c $<
297
298         @# make testMDUI
299         @echo "Checking for bad lang codes"
300         @# Lang = ISO_639-1
301         @cat $< | sed -n 's/.*xml:lang="\([^"]*\)".*/\1/p' | sort -u | grep -vxE 'cs|da|de|en|fi|fr|it|sv|no|nn|nb|is' | sed 's/.*/\e[1;31mBad lang code : &\e[0m/' | grep . && exit 1 || true
302         @if [ `grep EntityAttributes $< | wc -l ` -gt 2 ]; then echo "Multiple EntityAttributes" | sed 's/.*/\e[1;31m&\e[0m/' ; exit 1; fi
303         @if ( grep -q IDPSSODescriptor $< ) ; then \
304                 echo "Do IdP checks" ;  \
305                 echo ">Checking for uniq IdP MDUI DisplayName"; \
306                 for lang in `cat $< | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do \
307                         mdui_displayname=`cat $< | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor/Extensions/UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[         ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'`;\
308                          organizationdisplayname=`cat $< | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[     ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` ;\
309                         for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor | egrep -v $<` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor/Extensions/UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | egrep "^$$mdui_displayname$$" | sed "s;^;Duplicate DisplayName in $$x for lang =  $$lang\n;" | sed 's/.*/\e[1;31m&\e[0m/' ; done | grep . && exit 1 || true;\
310                 done; \
311                 echo ">Checking for invalid IPHint"; \
312                 cat $< | sed -n 's;.*<[a-z0-9:]*IPHint>\(.*\)</[a-z0-9:]*IPHint>;\1;p' | grep -vE '^$$|^[0-9./a-fA-F:]*$$' | sed 's/.*/\e[1;31m&\e[0m/'; \
313                 echo ">Checking for invalid geodata (syntax is geo:xx.yy,zz.vv)";\
314                 cat $< | sed -n 's;.*<[a-z0-9:]*GeolocationHint>\(.*\)</[a-z0-9:]*GeolocationHint>;\1;p' | grep -vE '^$$|^geo:[0-9][0-9][0-9.]*,[0-9][0-9][0-9.]*$$' | sed 's/.*/\e[1;31m&\e[0m/' ; \
315                 echo ">Check for IdP:s with Logos over http";\
316                 cat $< | grep 'Logo .*http://' | sed 's/.*>\(.*\)<.*/\e[1;31m\1\e[0m/' | grep . && exit 1 || exit 0 ; \
317         fi
318
319         @echo $< done
320         @touch -r $< $@
321
322 deeptest: test testMDUIreach
323
324 commit2: test2
325         @git diff --color || true
326         @echo ; echo -n "Run 'git commit -a'? [Y/n/skip] " ; read x ; case $$x in "Y"|"y"|"") git commit -a ;; s|skip) ;; *) exit 1 ;; esac
327         @git status -u
328         @echo "Checking for not committed files in swamid-2.0/" ; if git status --porcelain --ignored | awk '{print $$2}' | grep "^swamid-2.0/" | sed 's/^/  /' | grep . ; then echo "Not committed files in swamid-2.0/, aborting" ; exit 1 ; fi
329         @echo ; echo -n "Run 'git push'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac
330         @git push
331
332 commit: tidy test
333         @git diff --color || true
334         @echo ; echo -n "Run 'git commit -a'? [Y/n/skip] " ; read x ; case $$x in "Y"|"y"|"") git commit -a ;; s|skip) ;; *) exit 1 ;; esac
335         @git status -u
336         @echo "Checking for not committed files in swamid-2.0/" ; if git status --porcelain --ignored | awk '{print $$2}' | grep "^swamid-2.0/" | sed 's/^/  /' | grep . ; then echo "Not committed files in swamid-2.0/, aborting" ; exit 1 ; fi
337         @echo ; echo -n "Run 'git push'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac
338         @git push