summaryrefslogtreecommitdiff
path: root/metadata/scripts/pull-and-verify.sh
blob: 806ea3a34c57a1b50e6d11362e46295f26ff5050 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash

URL=$1
DIR=$2
CERT=$3

TMPF=`mktemp`
curl -s -m 120 -k -L $URL > $TMPF 
if [ $? -ne 0 ]; then 
   echo "Unable to download $URL: $?"
   exit 1
fi
if [ "x$CERT" != "x" ]; then
   xmlsec1 --verify --pubkey-cert-pem $CERT --id-attr:ID  urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor $TMPF
   if [ $? -ne 0 ]; then 
      echo "Unable to verify $URL with $CERT: $?"
      exit 1
   fi
fi
TMPD=`mktemp -d`
xsltproc --stringparam output $TMPD xslt/import-metadata.xsl $TMPF
if [ $? -ne 0 ]; then 
   echo "Unable to import metadata from $URL: $?"
   exit 1
fi
for md in $TMPD/*.xml; do
	if (grep -q 'xs:string' $md); then
		echo "cleaning $md"
		sed 's/ xsi:type="xs:string"//' $md > $md.c && mv $md.c $md
	fi
	if (grep -q 'xsd:string' $md); then
		echo "cleaning $md"
		sed 's/ xsi:type="xsd:string"//' $md > $md.c && mv $md.c $md
	fi
	if (! (grep -q 'IDPSSODescriptor ' $md)); then
		# Check if SP is OK else remove
		SP=$(grep "entityID=" $md | sed 's/.*entityID="\(.*[a-zA-Z0-9/]\)".*/\1/')
		if (! grep -q "^$SP\$" acceptedSPs); then
			rm $md
		fi

	fi
done
rsync -avz $TMPD/ $DIR
rm -rf $TMPF $TMPD