extensions need to go to the head
[swamid-metadata.git] / Makefile
1
2 KEY=/opt/swamid-credentials/swamid-signer.key
3 CERT=/opt/swamid-credentials/swamid-signer.crt
4 PASS=$(shell cat /opt/swamid-credentials/swamid-signer-pass.txt)
5 DEST=/opt/published-metadata
6 SRCDIRS=swamid-2.0
7
8 DAYS:=15
9 DATE=$(shell perl scripts/expiration_date.pl $(DAYS))
10 NOW=$(shell perl scripts/now_date.pl)
11 RPI=false
12 CONTACTS=false
13 TOU=true
14 ORG=true
15 TRANSFORM=xslt/normalize.xsl
16 ID=$(shell perl scripts/unique_id.pl)
17 XSLTDEFS := --stringparam org $(ORG) --stringparam ID $(ID) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) --stringparam now $(NOW)
18 SIGNER := xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --id-attr:ID urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor
19
20 -include local.mk
21
22 all: clean dependencies test sign clean web
23
24 MXML=$(shell echo *.mxml)
25
26 sign: swamid upstream projects
27
28 %.sig: %.mxml
29         xsltproc $(XSLTDEFS) --stringparam target "http://md.swamid.se/md/$*.xml" --xinclude $(TRANSFORM) $< > $*.n
30         xsltproc $(XSLTDEFS) --xinclude xslt/sign.xsl $*.n > $*.tbs
31         $(SIGNER) --output $@ $*.tbs
32         xmllint --xinclude --nowarning --noout --path schema --schema  schema.xsd $@
33         #rm -f $*.tbs $*.n
34
35 %.pub: %.sig
36         samlsign -c $(CERT) -f $< && xmllint --c14n $< > $(DEST)/$*.xml
37         rm -f $<
38
39 dependencies: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml
40
41 upstream: edugain kalmar
42
43 kalmar:
44         $(MAKE) RPI=false CONTACTS=false swamid-kalmar-1.0.pub swamid-kalmar-testing-1.0.pub
45
46 edugain:
47         $(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub
48
49 projects: swamid-fiv-test swamid-ki-sll
50
51 swamid-ki-sll:
52         $(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-ki-sll-1.0.pub
53
54 swamid-fiv-test:
55         $(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-fiv-test.pub
56
57 aggregate: swamid-externals swamid-interfederations
58
59 swamid-externals: swamid-externals1 swamid-externals2
60
61 swamid-externals1:
62         scripts/aggregate.sh swamid-externals-1.0
63
64 swamid-externals2:
65         scripts/aggregate.sh swamid-externals-2.0
66
67 swamid-interfederations: swamid-interfederations1 swamid-interfederations2
68
69 swamid-interfederations1:
70         scripts/aggregate.sh swamid-interfederations-1.0
71
72 swamid-interfederations2:
73         scripts/aggregate.sh swamid-interfederations-2.0
74
75 swamid: swamid-2.0.pub swamid-no-interfederation-combined.pub swamid-discovery.pub swamid-idp.pub swamid-idp-transitive.pub swamid-registered.pub swamid-testing-1.0.pub swamid-testing-idp-1.0.pub
76
77 web: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
78         cp swamid-tou-en.txt swamid-tou-sv.txt sunet-swamid.png HEADER.html README.html $(DEST)
79
80 swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml
81         @xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml
82
83 swamid-externals-sp-2.0.xml: swamid-externals-2.0.mxml
84         @xsltproc --xinclude xslt/extract-non-idp.xslt swamid-externals-2.0.mxml > swamid-externals-sp-2.0.xml
85
86 test: clean dependencies schematest 
87
88 pedantic: clean dependencies schematest refedsRnS geantCoCo
89
90 schematest:
91         @for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1 ; done | sed 's/fails to validate/\e[1;31m&\e[0m/;s/validates/\e[1;32m&\e[0m/'
92         @for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x > /dev/null 2>&1 || exit 1 ; done
93
94 clean:
95         @rm -f *.xml *.tbs *.n
96
97 tidy:
98         @for x in `find $(SRCDIRS) -name \*.xml`; do xsltproc xslt/clean-entitydescriptor.xsl $$x > $$x.c && mv $$x.c $$x; done
99
100 refedsRnS:
101         @echo "Checking for refeds R&S compatibillity"
102         @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l SPSSODescriptor` ; do \
103         got_refeds_RnS=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes" - 2>/dev/null | grep 'http://refeds.org/category/research-and-scholarship'` ; \
104         if [ -n "$$got_refeds_RnS" ] ; then \
105         http_post=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AssertionConsumerService" - 2>/dev/null | grep 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'` ; \
106         if [ -z "$$http_post" ] ; then echo "$$x: Missing HTTP-POST binding." ; fi ; \
107         mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
108         if [ -z "$$mdui_DisplayName" ] ; then echo "$$x: Missing mdui:DisplayName." ; fi ; \
109         mdui_InformationURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/InformationURL" - 2>/dev/null | grep 'InformationURL'` ; \
110         if [ -z "$$mdui_InformationURL" ] ; then echo "$$x: Missing mdui:InformationURL." ; fi ; \
111         tech_contact=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson[@contactType='technical']" - 2>/dev/null | grep 'EmailAddress'` ; \
112         if [ -z "$$tech_contact" ] ; then echo "$$x: Missing ContactPerson contactType='technical'." ; fi ; \
113         requested_attributes=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService" - 2>/dev/null | grep 'RequestedAttribute'` ; \
114         if [ -z "$$requested_attributes" ] ; then echo "$$x: Missing requested attributes." ; fi ; \
115         fi ; \
116         done | grep . && exit 1 || true
117
118 geantCoCo:
119         @echo "Checking for Geant CoCo compliance"
120         @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l SPSSODescriptor` ; do \
121         got_geant_CoCo=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes" - 2>/dev/null | grep 'http://www.geant.net/uri/dataprotection-code-of-conduct/v1'` ; \
122         if [ -n "$$got_geant_CoCo" ] ; then \
123         mdui_check=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - 2>/dev/null` ; \
124         if [ -z "$$mdui_check" ] ; then \
125         echo "$$x: Missing MDUI." ; \
126         else \
127         mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
128         if [ -z "$$mdui_DisplayName" ] ; then echo "$$x: Missing mdui:DisplayName." ; fi ; \
129         mdui_Descr=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
130         if [ -z "$$mdui_Descr" ] ; then echo "$$x: Missing mdui:Description." ; fi ; \
131         for y in `cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - | grep -v "UIInfo" | awk '{print $$1}' | cut -c2- | sort -u` ; do \
132         mdui_Test=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/$$y" - 2>/dev/null | grep $$y | grep 'xml:lang="en"'` ; \
133         if [ -z "$$mdui_Test" ] ; then echo "$$x: Missing xml:lang=\"en\" on mdui:$$y." ; fi ; \
134         done ; \
135         fi ; \
136         requestedAttribute=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService/RequestedAttribute" - 2>/dev/null | grep 'RequestedAttribute'` ; \
137         if [ -z "$$requestedAttribute" ] ; then echo "$$x: Missing RequestedAttribute." ; fi ; \
138         fi ; \
139         done | grep . && exit 1 || true
140
141 committest: test
142         @echo "Check for mismatch between MDUI DisplayName and OrganizationDisplayName"
143         @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do mdui_displayname=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor//UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[   ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` organizationdisplayname=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[    ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` ; if [ -n "$$mdui_displayname" -a -n "$$organizationdisplayname" -a "$$mdui_displayname" != "$$organizationdisplayname" ] ; then echo "$$x: $$lang '$$mdui_displayname' vs $$lang '$$organizationdisplayname'" ; fi ; done ; done | grep . && exit 1 || true
144         @echo "Checking for uniq IdP OrganizationDisplayName"
145         @for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[    ]*//;s/[        ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^;$$x $$lang ;" ; done | sort -k 3 | uniq -D -f 2 ; done | grep . && exit 1 || true
146         @echo "Checking for entity-categories in SPSSODescriptors that should be moved to EntityDescriptor/Extensions"
147         @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/SPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
148         @echo "Checking for entity-categories in IDPSSODescriptor that should be moved to EntityDescriptor/Extensions"
149         @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/IDPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
150         @echo "Checking for MDUI in EntityDescriptor/Extensions"
151         @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/Extensions/UIInfo - 2>/dev/null | grep -q . ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
152         @echo "Checking for entitycategories for IdPs that should be entity-category-support"
153         @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]/AttributeValue/text()' - 2>/dev/null | grep -q http://refeds.org/category/research-and-scholarship ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
154         @echo "Checking for invalid IPHint"
155         @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*IPHint>\(.*\)</[a-z0-9:]*IPHint>;\1;p' | grep -q -vE '^$$|^[0-9./a-fA-F:]*$$' ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
156         @echo "Checking for invalid geodata (syntax is geo:xx.yy,zz.vv)"
157         @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*GeolocationHint>\(.*\)</[a-z0-9:]*GeolocationHint>;\1;p' | grep -q -vE '^$$|^geo:[0-9][0-9][0-9.]*,[0-9][0-9][0-9.]*$$' ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
158         @echo "Check for new SP:s with SimpleSign (breaks ADFS IdP:s with Shib SP 2.5+)"
159         @for x in `find $(SRCDIRS) -name \*.xml`; do if ! grep -qx `basename $$x` sp-with-simplesign && grep -q HTTP-POST-SimpleSign $$x ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
160
161 commit: tidy committest
162         @git diff --color || true
163         @echo ; echo -n "Run 'git commit -a'? [Y/n/skip] " ; read x ; case $$x in "Y"|"y"|"") git commit -a ;; s|skip) ;; *) exit 1 ;; esac
164         @git status -u
165         @echo "Checking for not committed files in swamid-2.0/" ; if git status --porcelain --ignored | awk '{print $$2}' | grep "^swamid-2.0/" | sed 's/^/  /' | grep . ; then echo "Not committed files in swamid-2.0/, aborting" ; exit 1 ; fi
166         @echo ; echo -n "Run 'git push'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac
167         @git push