#!/bin/bash URL=$1 DIR=$2 CERT=$3 TMPF=`mktemp` curl -s -m 120 -k -L $URL > $TMPF if [ $? -ne 0 ]; then echo "Unable to download $URL: $?" exit 1 fi if [ "x$CERT" != "x" ]; then xmlsec1 --verify --pubkey-cert-pem $CERT --id-attr:ID urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor $TMPF if [ $? -ne 0 ]; then echo "Unable to verify $URL with $CERT: $?" exit 1 fi fi TMPD=`mktemp -d` xsltproc --stringparam output $TMPD xslt/import-metadata.xsl $TMPF if [ $? -ne 0 ]; then echo "Unable to import metadata from $URL: $?" exit 1 fi for md in $TMPD/*.xml; do if (grep -q 'xs:string' $md); then echo "cleaning $md" sed 's/ xsi:type="xs:string"//' $md > $md.c && mv $md.c $md fi if (! (grep -q 'IDPSSODescriptor ' $md)); then # Check if SP is OK else remove SP=$(grep "entityID=" $md | sed 's/.*entityID="\(.*[a-zA-Z0-9/]\)".*/\1/') if (! grep -q "^$SP\$" acceptedSPs); then rm $md fi fi done rsync -avz $TMPD/ $DIR rm -rf $TMPF $TMPD