diff options
| author | Björn Mattsson <bjorn@sunet.se> | 2023-07-26 14:12:32 +0200 |
|---|---|---|
| committer | Björn Mattsson <bjorn@sunet.se> | 2023-07-26 14:12:32 +0200 |
| commit | 0ce9160d0fceb19dd8f467e6a5c69c9de4cd2555 (patch) | |
| tree | f34e5bbaac64cf58c1453ab103e45d79ba83eb3b | |
| parent | e0ec307cef00be40f666d4747e8b0c16b9932602 (diff) | |
Prepared for migration to MDQ publishingfidus-metadata-2023-07-26-v01
| -rw-r--r-- | metadata/Makefile | 8 | ||||
| -rw-r--r-- | metadata/certs/swamid.crt | 33 | ||||
| -rwxr-xr-x | metadata/scripts/aggregate.sh | 31 | ||||
| -rwxr-xr-x | metadata/scripts/pull-and-verify.sh | 27 | ||||
| -rw-r--r-- | metadata/skolfederation-trial/metadata.lst | 1 | ||||
| -rw-r--r-- | metadata/skolfederation/metadata.lst | 1 | ||||
| -rw-r--r-- | metadata/swamid/metadata.lst | 1 |
7 files changed, 102 insertions, 0 deletions
diff --git a/metadata/Makefile b/metadata/Makefile new file mode 100644 index 0000000..245f874 --- /dev/null +++ b/metadata/Makefile @@ -0,0 +1,8 @@ + +aggregate-prod: + scripts/aggregate.sh swamid + scripts/aggregate.sh skolfederation + +aggregate-test: + scripts/aggregate.sh swamid + scripts/aggregate.sh skolfederation-trial
\ No newline at end of file diff --git a/metadata/certs/swamid.crt b/metadata/certs/swamid.crt new file mode 100644 index 0000000..f182c7a --- /dev/null +++ b/metadata/certs/swamid.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFyzCCA7OgAwIBAgIJAI9LJsUJXDMVMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV +BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEO +MAwGA1UECgwFU1VORVQxDzANBgNVBAsMBlNXQU1JRDEkMCIGA1UEAwwbU1dBTUlE +IG1ldGFkYXRhIHNpZ25lciB2Mi4wMB4XDTE2MTIwNjA5MjgyMFoXDTM2MTIwNjA5 +MjgyMFowfDELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0b2NraG9sbTESMBAGA1UE +BwwJU3RvY2tob2xtMQ4wDAYDVQQKDAVTVU5FVDEPMA0GA1UECwwGU1dBTUlEMSQw +IgYDVQQDDBtTV0FNSUQgbWV0YWRhdGEgc2lnbmVyIHYyLjAwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQDQVw72PnIo9QIeV439kQnPcxZh/LddKw86eIU+ +nMfl4TpjSIyqTu4KJSnXbJyqXg+jQj3RzE9BUblpGrR7okmQwOh2nh+5A6SmyTOR +p7VEVT/Zw0GNnQi9gAW7J8Cy+Gnok4LeILI5u43hPylNKAnvs1+bo0ZlbHM6U5jm +6MlO+lrYA9dZzoPQqoCQbr3OweAaq5g8H54HuZacpYa3Q2GnUa4v+xywjntPdSQU +RTAbWWyJl3cHctX5+8UnX8nGCaxoBZqNp9PcEopyYJX8O1nrLumBMqu9Uh6GW1nx +OHfKDLvUoykG3Dm704ENVs88KaJXB1qQNsjdlm14UI9XCZbHfnFVnQ53ehsGFMha +Bf/Abd6v2wnhBLH/RxEUlw347qSeokw+SdDTSdW8jOEBiSqP/8BUzpCcbGlgAsVO +NKUS0K7IB2Bb79YYhyMvmJl24BGtkX+VM/mv47dxOtfzNFCMtUcJ2Dluv0xJG8xI +ot7umx/kbMBLuq7WdWELZJrgpt2bb9sXtYBpuxtGCW5g7+U7MNN1aKCiCSfq09YH +qu2DsU7HHAxEcGFXBiepBliCwZ24WLQh53bA3rihaln7SjdapT9VuSTpCvytb9RX +rq39mVuHMXvWYOG20XTV0+8U2vnsjAwsy28xPAcrLWRWoZbRJ+RoGp6L3GACq+t+ +HPIukwIDAQABo1AwTjAdBgNVHQ4EFgQUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwHwYD +VR0jBBgwFoAUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwDAYDVR0TBAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAgEAHviIAfS8viUN8Qk//U1p6Z1VK5718NeS7uqabug/SwhL +Vxtg/0x9FPJYf05HXj4moAf2W1ZLnhr0pnEPGDbdHAgDC672fpaAV7DO95d7xubc +rofR7Of2fehYSUZbXBWFiQ+xB5QfRsUFgB/qgHUolgn+4RXniiBYlWe6QJVncHx+ +FtxD+vh1l5rLNkJgJLw2Lt3pbemSxUvv0CJtnK4jt2y95GsWGu1uSsVLrs0PR1Lj +kuxL6zZH4Pp9yjRDOUhbVYAnQ017mdcjvHYtp7c4GIWgyaBkDoMtU6fAt70QpeGj +XhecXk7Llx+oYNdZn14ZdFPRGMyAESLrT4Zf9M7QS3ypnWn/Ux0SwKWbnPUeRVbO +VZZ+M0jmdYK6o+UU5xH3peRWSJIjjRaKjbVlW5GgHwGFmQc/LN+va2jjThRsQWWt +zEwObijedInQ6wfL/VzFAwlWWoDAzKK9qnK4Rf3ORKkvhKrUa//2OYnZD0kHtHiC +OL+iFRLtJ/DQP5iZAF+M1Hta7acLmQ8v7Mn1ZR9lyDWzFx57VOKKtJ6RAmBvxOdP +8cIgBNvLAEdXh2knOLqYU/CeaGkxTD7Y0SEKx6OxEEdafba//MBkVLt4bRoLXts6 +6JY25FqFh3eJZjR6h4W1NW8KnBWuy+ITGfXxoJSsX78/pwAY+v32jRxMZGUi1J4= +-----END CERTIFICATE----- diff --git a/metadata/scripts/aggregate.sh b/metadata/scripts/aggregate.sh new file mode 100755 index 0000000..35ac1a7 --- /dev/null +++ b/metadata/scripts/aggregate.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +aggregate_interval_min=60 + +DIR=`pwd` +ODIR=$1 + +last_aggregate_ts=$ODIR/last_aggregate.ts + +if find $last_aggregate_ts -mmin -$aggregate_interval_min 2>/dev/null | grep -q . ; then + exit 0 +fi + +rm -f $ODIR/*.xml + +grep -v -e '^#' $ODIR/metadata.lst | grep . | (while read url cert; do + cfile="" + if [ "x$cert" != "x" ]; then + cfile=$DIR/certs/$cert + fi + cmd="$DIR/scripts/pull-and-verify.sh $url $ODIR $cfile" + $cmd + ret=$? + if [ "$ret" != "0" ] ; then + echo "$cmd returned $ret" + exit $ret + fi +done) || exit $ret + +touch $last_aggregate_ts + diff --git a/metadata/scripts/pull-and-verify.sh b/metadata/scripts/pull-and-verify.sh new file mode 100755 index 0000000..1e89d0f --- /dev/null +++ b/metadata/scripts/pull-and-verify.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +URL=$1 +DIR=$2 +CERT=$3 + +TMPF=`mktemp` +curl -s -m 120 -k -L $URL > $TMPF +if [ $? -ne 0 ]; then + echo "Unable to download $URL: $?" + exit 1 +fi +if [ "x$CERT" != "x" ]; then + xmlsec1 --verify --pubkey-cert-pem $CERT --id-attr:ID urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor $TMPF + if [ $? -ne 0 ]; then + echo "Unable to verify $URL with $CERT: $?" + exit 1 + fi +fi +TMPD=`mktemp -d` +xsltproc --stringparam output $TMPD xslt/import-metadata.xsl $TMPF +if [ $? -ne 0 ]; then + echo "Unable to import metadata from $URL: $?" + exit 1 +fi +rsync -avz $TMPD/ $DIR +rm -rf $TMPF $TMPD diff --git a/metadata/skolfederation-trial/metadata.lst b/metadata/skolfederation-trial/metadata.lst new file mode 100644 index 0000000..8c25675 --- /dev/null +++ b/metadata/skolfederation-trial/metadata.lst @@ -0,0 +1 @@ +https://md.swefed.se/skolfederation/idp.xml diff --git a/metadata/skolfederation/metadata.lst b/metadata/skolfederation/metadata.lst new file mode 100644 index 0000000..8c25675 --- /dev/null +++ b/metadata/skolfederation/metadata.lst @@ -0,0 +1 @@ +https://md.swefed.se/skolfederation/idp.xml diff --git a/metadata/swamid/metadata.lst b/metadata/swamid/metadata.lst new file mode 100644 index 0000000..664d95a --- /dev/null +++ b/metadata/swamid/metadata.lst @@ -0,0 +1 @@ +https://mds.swamid.se/md/swamid-registered.xml swamid.crt |