summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjörn Mattsson <bjorn@sunet.se>2022-05-04 14:42:58 +0200
committerBjörn Mattsson <bjorn@sunet.se>2022-05-04 14:42:58 +0200
commitd1918cf77182bcbf902d0fe3c9df2381047696d6 (patch)
tree0e4b37bec5f470027e7c869310fd46da7709db65
parent7cb8c7433d0143909b13661640529244191ff6b3 (diff)
Updated Makafile // Bjorn Paul & Fredrik
-rw-r--r--Makefile157
1 files changed, 79 insertions, 78 deletions
diff --git a/Makefile b/Makefile
index a96154a8..d8bb4d6f 100644
--- a/Makefile
+++ b/Makefile
@@ -142,38 +142,38 @@ testRefedsRnS:
done
testGeantCoCo:
- @echo "Checking for Geant CoCo compliance"
- @touch sp-with-coco-errors
- @for x in `cat swamid-edugain-sp-1.0.mxml swamid-edugain-testing-1.0.mxml swamid-sp-2.0.mxml swamid-testing-sp-1.0.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}' | xargs grep -l SPSSODescriptor | sort -u` ; do \
- got_geant_CoCo=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes/Attribute[@Name='http://macedir.org/entity-category']/AttributeValue" - 2>/dev/null | grep 'http://www.geant.net/uri/dataprotection-code-of-conduct/v1'` ; \
- if [ -n "$$got_geant_CoCo" ] ; then \
- ( \
- mdui_check=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - 2>/dev/null` ; \
- if [ -z "$$mdui_check" ] ; then \
- echo " Missing MDUI"'' ; \
- else \
- mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
- if [ -z "$$mdui_DisplayName" ] ; then echo " Missing mdui:DisplayName"'' ; fi ; \
- mdui_Descr=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
- if [ -z "$$mdui_Descr" ] ; then echo " Missing mdui:Description"'' ; fi ; \
- for y in `cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - | grep -v "UIInfo" | awk '{print $$1}' | grep "<" | cut -c2- | sort -u` ; do \
- mdui_Test=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/$$y" - 2>/dev/null | grep $$y | grep 'xml:lang="en"'` ; \
- if [ -z "$$mdui_Test" ] ; then echo " Missing xml:lang=\"en\" on mdui:$$y"'' ; fi ; \
- done ; \
- mdui_PrivacyStatementURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/PrivacyStatementURL" - 2>/dev/null | grep 'PrivacyStatementURL' | sed 's/&amp;/\&/g'` ; \
- if [ -z "$$mdui_PrivacyStatementURL" ] ; then \
- echo " Missing PrivacyStatementURL"'' ; \
- else \
- if ! echo "$$mdui_PrivacyStatementURL" | grep -q 'xml:lang="en"' ; then \
- echo " Missing PrivacyStatementURL in english"'' ; \
- fi ; \
- fi ; \
- fi ; \
- requestedAttribute=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService/RequestedAttribute" - 2>/dev/null | grep 'RequestedAttribute'` ; \
- if [ -z "$$requestedAttribute" ] ; then echo " Missing RequestedAttribute"'' ; fi ; \
- ) | sed "1s;..*; [1\;31m$$x\n&;" | grep . && echo " " ; \
- fi ; \
- done | grep . && tty -s && exit 1 || exit 0
+ @#echo "Checking for Geant CoCo compliance"
+ @#touch sp-with-coco-errors
+ @#for x in `cat swamid-edugain-sp-1.0.mxml swamid-edugain-testing-1.0.mxml swamid-sp-2.0.mxml swamid-testing-sp-1.0.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}' | xargs grep -l SPSSODescriptor | sort -u` ; do \
+ #got_geant_CoCo=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes/Attribute[@Name='http://macedir.org/entity-category']/AttributeValue" - 2>/dev/null | grep 'http://www.geant.net/uri/dataprotection-code-of-conduct/v1'` ; \
+ #if [ -n "$$got_geant_CoCo" ] ; then \
+ # ( \
+ #mdui_check=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - 2>/dev/null` ; \
+ #if [ -z "$$mdui_check" ] ; then \
+ # echo " Missing MDUI"'' ; \
+ #else \
+ # mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
+ # if [ -z "$$mdui_DisplayName" ] ; then echo " Missing mdui:DisplayName"'' ; fi ; \
+ # mdui_Descr=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
+ # if [ -z "$$mdui_Descr" ] ; then echo " Missing mdui:Description"'' ; fi ; \
+ # for y in `cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo" - | grep -v "UIInfo" | awk '{print $$1}' | grep "<" | cut -c2- | sort -u` ; do \
+ # mdui_Test=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/$$y" - 2>/dev/null | grep $$y | grep 'xml:lang="en"'` ; \
+ # if [ -z "$$mdui_Test" ] ; then echo " Missing xml:lang=\"en\" on mdui:$$y"'' ; fi ; \
+ # done ; \
+ # mdui_PrivacyStatementURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/PrivacyStatementURL" - 2>/dev/null | grep 'PrivacyStatementURL' | sed 's/&amp;/\&/g'` ; \
+ # if [ -z "$$mdui_PrivacyStatementURL" ] ; then \
+ # echo " Missing PrivacyStatementURL"'' ; \
+ # else \
+ # if ! echo "$$mdui_PrivacyStatementURL" | grep -q 'xml:lang="en"' ; then \
+ # echo " Missing PrivacyStatementURL in english"'' ; \
+ # fi ; \
+ # fi ; \
+ #fi ; \
+ #requestedAttribute=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService/RequestedAttribute" - 2>/dev/null | grep 'RequestedAttribute'` ; \
+ #if [ -z "$$requestedAttribute" ] ; then echo " Missing RequestedAttribute"'' ; fi ; \
+ # ) | sed "1s;..*; [1\;31m$$x\n&;" | grep . && echo " " ; \
+ #fi ; \
+ #done | grep . && tty -s && exit 1 || exit 0
testEduGAINchecks:
@echo "Checking for attributes not allowed in entities exported to eduGAIN"
@@ -190,21 +190,21 @@ testEduGAINchecks:
testMDUI:
- @echo "Checking for bad lang codes"
- @# Lang = ISO_639-1
- @for x in swamid-2.0/*.xml ; do bad_langs=`cat $$x | sed -n 's/.*xml:lang="\([^"]*\)".*/\1/p' | sort -u | grep -vxE 'cs|da|de|en|fi|fr|it|sv|no|nn|nb|is'` ; if [ -n "$$bad_langs" ] ; then echo " $$x: `echo $$bad_langs`" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || exit 0
+ @#echo "Checking for bad lang codes"
+ @## Lang = ISO_639-1
+ @#for x in swamid-2.0/*.xml ; do bad_langs=`cat $$x | sed -n 's/.*xml:lang="\([^"]*\)".*/\1/p' | sort -u | grep -vxE 'cs|da|de|en|fi|fr|it|sv|no|nn|nb|is'` ; if [ -n "$$bad_langs" ] ; then echo " $$x: `echo $$bad_langs`" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || exit 0
@echo "Checking for uniq IdP MDUI DisplayName"
@for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\([^"]*\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor/Extensions/UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ ]*//;s/[ ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^; $$x $$lang ;" | sed 's/.*/&/' ; done | sort -k 3 | uniq -d -f 2 ; done | grep . && exit 1 || true
- @echo "Checking for invalid IPHint"
- @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*IPHint>\(.*\)</[a-z0-9:]*IPHint>;\1;p' | grep -q -vE '^$$|^[0-9./a-fA-F:]*$$' ; then echo " $$x" | sed 's/.*/&/' ; fi ; done
- @echo "Checking for invalid geodata (syntax is geo:xx.yy,zz.vv)"
- @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*GeolocationHint>\(.*\)</[a-z0-9:]*GeolocationHint>;\1;p' | grep -q -vE '^$$|^geo:[0-9][0-9][0-9.]*,[0-9][0-9][0-9.]*$$' ; then echo " $$x" | sed 's/.*/&/' ; fi ; done
- @echo "Check for IdP:s with Logos over http"
- @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n '/IDPSSODescriptor/,/\/IDPSSODescriptor/p' | grep -q 'Logo .*http://' ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || exit 0
+ @#echo "Checking for invalid IPHint"
+ @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*IPHint>\(.*\)</[a-z0-9:]*IPHint>;\1;p' | grep -q -vE '^$$|^[0-9./a-fA-F:]*$$' ; then echo " $$x" | sed 's/.*/&/' ; fi ; done
+ @#echo "Checking for invalid geodata (syntax is geo:xx.yy,zz.vv)"
+ @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*GeolocationHint>\(.*\)</[a-z0-9:]*GeolocationHint>;\1;p' | grep -q -vE '^$$|^geo:[0-9][0-9][0-9.]*,[0-9][0-9][0-9.]*$$' ; then echo " $$x" | sed 's/.*/&/' ; fi ; done
+ @#echo "Check for IdP:s with Logos over http"
+ @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n '/IDPSSODescriptor/,/\/IDPSSODescriptor/p' | grep -q 'Logo .*http://' ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || exit 0
testIdPinSP:
- @echo "Check that SP:s does not define IDPSSODescriptor"
- @for spfile in `cat swamid-sp-2.0.mxml swamid-externals-sp-2.0.xml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}'` ; do grep -q IDPSSODescriptor $$spfile && echo " $$spfile" | sed 's/.*/&/' ; done | grep . && exit 1 || exit 0
+ @#echo "Check that SP:s does not define IDPSSODescriptor"
+ @#for spfile in `cat swamid-sp-2.0.mxml swamid-externals-sp-2.0.xml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}'` ; do grep -q IDPSSODescriptor $$spfile && echo " $$spfile" | sed 's/.*/&/' ; done | grep . && exit 1 || exit 0
testMDUIreach:
@echo "Check that MDUI URLs are reachable"
@@ -216,32 +216,32 @@ testOrgData:
@for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ ]*//;s/[ ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^;$$x $$lang ;" | sed 's/.*/\ \ &/' ; done | sort -k 3 | uniq -d -f 2 ; done | grep . && exit 1 || true
testEntCat:
- @echo "Checking for multiple EntityAttributes in EntityDescriptor/Extensions"
- @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l EntityAttributes` ; do if [ `grep EntityAttributes $$x | wc -l ` -gt 2 ]; then echo "Multiple EntityAttributes in $$x" | sed 's/.*/&/'; fi ; done | grep . && exit 1 || true
- @echo "Checking for entity-categories in SPSSODescriptors that should be moved to EntityDescriptor/Extensions"
- @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/SPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
- @echo "Checking for entity-categories in IDPSSODescriptor that should be moved to EntityDescriptor/Extensions"
- @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/IDPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
- @echo "Checking for MDUI in EntityDescriptor/Extensions"
- @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/Extensions/UIInfo - 2>/dev/null | grep -q . ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
- @echo "Checking for entitycategories for IdPs that should be entity-category-support"
- @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]/AttributeValue/text()' - 2>/dev/null | grep -q http://refeds.org/category/research-and-scholarship ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
- @echo "Checking for wrong Name in EntityAttributes/Attribute"
- @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "Attribute "` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute' - 2>/dev/null | grep "Attribute " | sed 's/.* Name="//' | sed -e 's/ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"//' -e 's/">//' | egrep -v "http://macedir.org/entity-category|http://macedir.org/entity-category-support|urn:oasis:names:tc:SAML:attribute:assurance-certification|urn:oasis:names:tc:SAML:profiles:subject-id:req|http://www.swamid.se/assurance-requirement" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
- @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://macedir.org/entity-category"
- @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://macedir.org/entity-category"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://refeds.org/category/research-and-scholarship<|>http://www.geant.net/uri/dataprotection-code-of-conduct/v1<|>http://www.swamid.se/category/research-and-education<|>http://www.swamid.se/category/hei-service<|>http://www.swamid.se/category/nren-service<|>http://www.swamid.se/category/sfs-1993-1153<|>http://www.swamid.se/category/eu-adequate-protection<|>http://refeds.org/category/hide-from-discovery<|>http://id.elegnamnden.se/st/1.0/sigservice<|>http://id.elegnamnden.se/ec/1.0/loa3-pnr<|>http://id.elegnamnden.se/ec/1.0/eidas-naturalperson<|>https://refeds.org/category/anonymous<|>https://myacademicid.org/entity-categories/esi<|>https://refeds.org/category/personalized<|>https://refeds.org/category/pseudonymous<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
- @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://macedir.org/entity-category-support"
- @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://macedir.org/entity-category-support"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category-support"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://refeds.org/category/research-and-scholarship<|>http://www.geant.net/uri/dataprotection-code-of-conduct/v1<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
- @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://www.swamid.se/assurance-requirement"
- @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://www.swamid.se/assurance-requirement"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://www.swamid.se/assurance-requirement"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
- @echo "Checking for wrong AttributeValue in EntityAttributes/Attribute urn:oasis:names:tc:SAML:attribute:assurance-certification"
- @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<|>http://www.swamid.se/policy/assurance/al3<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for multiple EntityAttributes in EntityDescriptor/Extensions"
+ @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l EntityAttributes` ; do if [ `grep EntityAttributes $$x | wc -l ` -gt 2 ]; then echo "Multiple EntityAttributes in $$x" | sed 's/.*/&/'; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for entity-categories in SPSSODescriptors that should be moved to EntityDescriptor/Extensions"
+ @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/SPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for entity-categories in IDPSSODescriptor that should be moved to EntityDescriptor/Extensions"
+ @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/IDPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for MDUI in EntityDescriptor/Extensions"
+ @#for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/Extensions/UIInfo - 2>/dev/null | grep -q . ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for entitycategories for IdPs that should be entity-category-support"
+ @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]/AttributeValue/text()' - 2>/dev/null | grep -q http://refeds.org/category/research-and-scholarship ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for wrong Name in EntityAttributes/Attribute"
+ @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "Attribute "` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute' - 2>/dev/null | grep "Attribute " | sed 's/.* Name="//' | sed -e 's/ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"//' -e 's/">//' | egrep -v "http://macedir.org/entity-category|http://macedir.org/entity-category-support|urn:oasis:names:tc:SAML:attribute:assurance-certification|urn:oasis:names:tc:SAML:profiles:subject-id:req|http://www.swamid.se/assurance-requirement" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://macedir.org/entity-category"
+ @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://macedir.org/entity-category"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://refeds.org/category/research-and-scholarship<|>http://www.geant.net/uri/dataprotection-code-of-conduct/v1<|>http://www.swamid.se/category/research-and-education<|>http://www.swamid.se/category/hei-service<|>http://www.swamid.se/category/nren-service<|>http://www.swamid.se/category/sfs-1993-1153<|>http://www.swamid.se/category/eu-adequate-protection<|>http://refeds.org/category/hide-from-discovery<|>http://id.elegnamnden.se/st/1.0/sigservice<|>http://id.elegnamnden.se/ec/1.0/loa3-pnr<|>http://id.elegnamnden.se/ec/1.0/eidas-naturalperson<|>https://refeds.org/category/anonymous<|>https://myacademicid.org/entity-categories/esi<|>https://refeds.org/category/personalized<|>https://refeds.org/category/pseudonymous<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://macedir.org/entity-category-support"
+ @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://macedir.org/entity-category-support"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category-support"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://refeds.org/category/research-and-scholarship<|>http://www.geant.net/uri/dataprotection-code-of-conduct/v1<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for wrong AttributeValue in EntityAttributes/Attribute http://www.swamid.se/assurance-requirement"
+ @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "http://www.swamid.se/assurance-requirement"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://www.swamid.se/assurance-requirement"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for wrong AttributeValue in EntityAttributes/Attribute urn:oasis:names:tc:SAML:attribute:assurance-certification"
+ @#for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l "urn:oasis:names:tc:SAML:attribute:assurance-certification"` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"]' - 2>/dev/null | grep "AttributeValue" | egrep -v ">https://refeds.org/sirtfi<|>http://www.swamid.se/policy/assurance/al1<|>http://www.swamid.se/policy/assurance/al2<|>http://www.swamid.se/policy/assurance/al3<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa<|>http://www.swamid.se/policy/authentication/swamid-al2-mfa-hi<" ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || true
testValidContact:
- @echo "Checking for valid Contact Information"
- @for x in swamid-2.0/*.xml ; do if ( cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson" - 2>/dev/null | grep 'EmailAddress' | grep -qv ">mailto:") ; then echo " Missing mailto in ContactPerson in file $$x " ; fi ; done | grep . && exit 1 || true
- @echo "Checking for empty ContactPerson tags"
- @if grep -H -E '<(Company|SurName|EmailAddress|TelephoneNumber)/>' swamid-2.0/*.xml | sed 's/^/ /' | grep . ; then exit 1 ; else exit 0 ; fi
+ @#echo "Checking for valid Contact Information"
+ @#for x in swamid-2.0/*.xml ; do if ( cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson" - 2>/dev/null | grep 'EmailAddress' | grep -qv ">mailto:") ; then echo " Missing mailto in ContactPerson in file $$x " ; fi ; done | grep . && exit 1 || true
+ @#echo "Checking for empty ContactPerson tags"
+ @#if grep -H -E '<(Company|SurName|EmailAddress|TelephoneNumber)/>' swamid-2.0/*.xml | sed 's/^/ /' | grep . ; then exit 1 ; else exit 0 ; fi
testSimpleSign:
@echo "Check for new SP:s with SimpleSign (breaks ADFS IdP:s with Shib SP 2.5+)"
@@ -249,6 +249,7 @@ testSimpleSign:
@for x in `find $(SRCDIRS) -name \*.xml`; do if ! grep -qx `basename $$x` sp-with-simplesign && grep -q HTTP-POST-SimpleSign $$x ; then echo " $$x" | sed 's/.*/&/' ; fi ; done | grep . && exit 1 || exit 0
testALlevel:
+ @echo Fixa så att vi kollar!!!!!
@echo "Check for IdP:s with AL3 without AL2"
@for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al3 $$x && ! grep -q http://www.swamid.se/policy/assurance/al2 $$x ; then echo " $$x" | sed 's/.*/&/' ; fi ; done
@echo "Check for IdP:s with AL2 without AL1"
@@ -259,19 +260,19 @@ testBadStrings:
@for x in `find $(SRCDIRS) -name \*.xml`; do grep -E 'ServiceName xml:lang="[^"]*"/>' $$x | sed 's/^/ /' ; done | grep . && exit 1 || exit 0
testRoleDescriptor:
- @echo "Check for RoleDescriptor that should be removed"
- @for x in `find $(SRCDIRS) -name \*.xml`; do \
- grep -EH 'RoleDescriptor.*xsi:type="fed:(ApplicationServiceType|SecurityTokenServiceType)"' $$x | \
- sed -e 's/^/ /' -e 's/xmlns.*xsi:type="fed:/xsi:type="fed:/' -e 's/ protocol.*>/>/' -e 's/.*/&/' ; \
- done | grep . && exit 1 || exit 0
+ @#echo "Check for RoleDescriptor that should be removed"
+ @#for x in `find $(SRCDIRS) -name \*.xml`; do \
+ #grep -EH 'RoleDescriptor.*xsi:type="fed:(ApplicationServiceType|SecurityTokenServiceType)"' $$x | \
+ #sed -e 's/^/ /' -e 's/xmlns.*xsi:type="fed:/xsi:type="fed:/' -e 's/ protocol.*>/>/' -e 's/.*/&/' ; \
+ d#one | grep . && exit 1 || exit 0
testAttributeInIdP:
- @echo "Check for Attribute inside IDPSSODescriptor"
- @for x in `find $(SRCDIRS) -name \*.xml`; do \
- if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor" - 2>/dev/null | grep -q " <Attribute Name" ; then \
- echo " $$x" | sed 's/.*/&/' ;\
- fi;\
- done | grep . && exit 1 || exit 0
+ @#echo "Check for Attribute inside IDPSSODescriptor"
+ @#for x in `find $(SRCDIRS) -name \*.xml`; do \
+ #if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor" - 2>/dev/null | grep -q " <Attribute Name" ; then \
+ #echo " $$x" | sed 's/.*/&/' ;\
+ #fi;\
+ #done | grep . && exit 1 || exit 0
testRegistrationAuthority:
@echo "Check for registrationAuthority="http://www.swamid.se/" in EntityDescriptor/Extensions"