diff options
| author | Leif Johansson <leifj@sunet.se> | 2011-12-01 12:10:44 +0100 |
|---|---|---|
| committer | Leif Johansson <leifj@sunet.se> | 2011-12-01 12:10:44 +0100 |
| commit | eb58972e5c764b1b3f6c21319909f8220bbeccc5 (patch) | |
| tree | 8bf5e056bca337be562e54d318a2c95675fc5408 | |
| parent | 9a5a13049a73ff3e593d4ff1ac0d5f471673d25c (diff) | |
use samlsign instead of xmlsec1
| -rw-r--r-- | Makefile | 31 | ||||
| -rw-r--r-- | xslt/normalize.xsl | 104 |
2 files changed, 118 insertions, 17 deletions
@@ -8,6 +8,7 @@ DAYS:=1 DATE=$(shell perl scripts/expiration_date.pl $(DAYS)) RPI=false CONTACTS=false +TRANSFORM=xslt/normalize.xsl XSLTDEFS := --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) all: update clean sign clean @@ -19,24 +20,32 @@ keys: $(KEY) $(CERT) MXML=$(shell echo *.mxml) -sign: keys swamid nya nya-testing swamid-testing swamid-testing-idp upstream swamid-ki-sll swamid-fiv-test +sign: keys swamid nya nya-testing swamid-testing swamid-testing-idp upstream projects swamid-ki-sll %.sig: %.mxml - xsltproc $(XSLTDEFS) --xinclude xslt/swamid-sign.xsl $< > $*.tbs - xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --output $@ $*.tbs + xsltproc $(XSLTDEFS) --xinclude $(TRANSFORM) $< > $*.tbs + #xsltproc $(XSLTDEFS) --xinclude xslt/swamid-sign.xsl $< > $*.tbs + samlsign -s -c $(CERT) -k $(KEY) -f $*.tbs > $@ + #xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --output $@ $*.tbs xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $@ + samlsign -c $(CERT) -f $@ rm -f $*.tbs %.pub: %.sig - @test -s $< && xmllint --c14n $< > $(DEST)/$*.xml + samlsign -c $(CERT) -f $< && xmllint --c14 $< > $(DEST)/$*.xml + rm -f $< upstream: edugain kalmar -kalmar: swamid-kalmar swamid-kalmar-testing +kalmar: + $(MAKE) RPI=false CONTACTS=false swamid-kalmar-1.0.pub swamid-kalmar-testing-1.0.pub edugain: $(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub +projects: + $(MAKE) RPI=false CONTACTS=false swamid-fiv-test.pub + swamid-externals: swamid-externals1 swamid-externals2 swamid-externals1: @@ -112,22 +121,10 @@ swamid-testing-idp: @saml-md-tool swamid-testing-idp-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) @test -s swamid-testing-idp-1.0.xml && cp swamid-testing-idp-1.0.xml $(DEST) -swamid-kalmar: - @saml-md-tool swamid-kalmar-1.0 update --days=2 --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) - @test -s swamid-kalmar-1.0.xml && cp swamid-kalmar-1.0.xml $(DEST) - -swamid-kalmar-testing: - @saml-md-tool swamid-kalmar-testing-1.0 update --days=2 --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) - @test -s swamid-kalmar-testing-1.0.xml && cp swamid-kalmar-testing-1.0.xml $(DEST) - swamid-ki-sll: @saml-md-tool swamid-ki-sll-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) @test -s swamid-ki-sll-1.0.xml && cp swamid-ki-sll-1.0.xml $(DEST) -swamid-fiv-test: - @saml-md-tool swamid-fiv-test update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) - @test -s swamid-fiv-test.xml && cp swamid-fiv-test.xml $(DEST) - test: swamid2-deps @for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x; done diff --git a/xslt/normalize.xsl b/xslt/normalize.xsl new file mode 100644 index 00000000..c996192b --- /dev/null +++ b/xslt/normalize.xsl @@ -0,0 +1,104 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:exsl="http://exslt.org/common" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <xsl:comment> + + IMPORTANT NOTICE: READ CAREFULLY + +You are reading this because You wish to use the technical information (the “Metadata”) +published on behalf of the Registrars. These Terms of Access and Use (these “Terms”) govern +the use of the Metadata. By accessing or using the Metadata You accept that the access and +use will be on and subject to these Terms. These Terms will be binding and enforceable on +You as contractual obligations. + +The Terms is available at + +- http://md.swamid.se/md/swamid-tou-sv.txt Swedish version - Legally Binding! +- http://md.swamid.se/md/swamid-tou-en.txt English version - Non-normative translation + +If You do not accept these Terms, then You must not continue to use this Metadata. + + </xsl:comment> + <md:EntitiesDescriptor> + <xsl:attribute name="Name"><xsl:value-of select="@Name"/></xsl:attribute> + <xsl:if test="@cacheDuration"> + <xsl:attribute name="cacheDuration"><xsl:value-of select="@cacheDuration"/></xsl:attribute> + </xsl:if> + <xsl:if test="@validUntil"> + <xsl:attribute name="validUntil"><xsl:value-of select="$date"/></xsl:attribute> + </xsl:if> + <xsl:apply-templates/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <xsl:variable name="path"><xsl:value-of select="substring-after(@entityID,'://')"/></xsl:variable> + <xsl:variable name="host"> + <xsl:if test="contains($path,'/')"> + <xsl:value-of select="substring-before($path,'/')"/> + </xsl:if> + <xsl:if test="not(contains($path,'/'))"> + <xsl:value-of select="$path"/> + </xsl:if> + </xsl:variable> + <xsl:variable name="domain"> + <xsl:value-of select="substring-after($host,'.')"/> + </xsl:variable> + <xsl:variable name="orginfo"> + <xsl:value-of select="concat('../organization','/',$domain,'.xml')"/> + </xsl:variable> + <md:EntityDescriptor> + <xsl:apply-templates select="@*"/> + <xsl:if test="$rpi='true' and not(md:Extensions)"> + <md:Extensions><xsl:call-template name="add-swamid-rpi"/></md:Extensions> + </xsl:if> + <xsl:apply-templates select="text()|comment()|md:Extensions|md:RoleDescriptor|md:IDPSSODescriptor|md:SPSSODescriptor|md:AuthnAuthorityDescriptor|md:AttributeAuthorityDescriptor|md:PDPDescriptor|md:AffiliationDescriptor"/> + <xsl:if test="not(md:Organization)"> + <xsl:apply-templates select="document($orginfo)"/> + </xsl:if> + <xsl:if test="$defaultContact='true' and not(md:ContactPerson)"> + <md:ContactPerson contactType="technical"><md:EmailAddress>operations@swamid.se</md:EmailAddress></md:ContactPerson> + </xsl:if> + <xsl:apply-templates select="md:Organization|md:ContactPerson|md:AdditionalMetadataLocation"/> + </md:EntityDescriptor> + </xsl:template> + + <xsl:template match="md:EntityDescriptor/md:Extensions"> + <md:Extensions> + <xsl:call-template name="add-swamid-rpi"/> + <xsl:apply-templates select="text()|comment()|node()"/> + </md:Extensions> + </xsl:template> + + <xsl:template name="add-swamid-rpi"> + <xsl:if test="$rpi='true' and not(mdrpi:RegistrationInfo[@registrationAuthority='http://swamid.se/'])"> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/"> + <mdrpi:RegistrationPolicy xml:lang="en">http://www.swamid.se/download/18.248ad5af12aa8136533800012293/SWAMID+Metadata+Registration+Practice+Statement-20110714.pdf</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + </xsl:if> + </xsl:template> + + <xsl:template match="@xml:base|@ID"/> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> |