summaryrefslogtreecommitdiff
path: root/metadata/scripts/pull-and-verify.sh
diff options
context:
space:
mode:
authorBjörn Mattsson <bjorn@sunet.se>2023-03-06 11:22:05 +0100
committerBjörn Mattsson <bjorn@sunet.se>2023-03-06 11:22:05 +0100
commit467dbdbf3d7212e25ee69daeaadd8adba7c7c5b8 (patch)
treed3576d5f2d4b5cc676c0a12ef8f8c3c83b474bf5 /metadata/scripts/pull-and-verify.sh
parentbc1d55080e5d42e6ef2bba892d640aa8f68bbc90 (diff)
Moved files to make ths repo signed
Diffstat (limited to 'metadata/scripts/pull-and-verify.sh')
-rwxr-xr-xmetadata/scripts/pull-and-verify.sh50
1 files changed, 50 insertions, 0 deletions
diff --git a/metadata/scripts/pull-and-verify.sh b/metadata/scripts/pull-and-verify.sh
new file mode 100755
index 00000000..8994fab1
--- /dev/null
+++ b/metadata/scripts/pull-and-verify.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+URL=$1
+DIR=$2
+CERT=$3
+
+if echo "$DIR" | grep -q "mds.swamid.se" ; then
+ publish_name=mds.swamid.se
+else
+ publish_name=md.swamid.se
+fi
+
+TMPF=`mktemp`
+curl -s -m 120 -k -L $URL > $TMPF
+if [ $? -ne 0 ]; then
+ echo "Unable to download $URL: $?"
+ exit 1
+fi
+if [ "x$CERT" != "x" ]; then
+ xmlsec1 --verify --pubkey-cert-pem $CERT --id-attr:ID urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor $TMPF
+ #samlsign -c $CERT -f $TMPF
+ if [ $? -ne 0 ]; then
+ echo "Unable to verify $URL with $CERT: $?"
+ exit 1
+ fi
+fi
+TMPD=`mktemp -d`
+xsltproc --stringparam output $TMPD xslt/import-metadata.xsl $TMPF
+if [ $? -ne 0 ]; then
+ echo "Unable to import metadata from $URL: $?"
+ exit 1
+fi
+rsync -avz $TMPD/ $DIR
+(
+echo '<?xml version="1.0"?>'
+echo "<EntitiesDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:xi=\"http://www.w3.org/2001/XInclude\" Name=\"http://$publish_name/md/$DIR.xml\">"
+T=`mktemp`
+for md in $DIR/*.xml; do
+ xsltproc xslt/clean-entitydescriptor.xsl $md > $T && mv $T $md
+ test=`echo $md | cut -d/ -f2-`
+ if [ ! -f "swamid-2.0/$test" -a ! -f "swamid-edugain/$test" ]; then
+ echo "<xi:include href=\"$md\"/>"
+ fi
+done
+rm -f $T
+echo "</EntitiesDescriptor>"
+) > $DIR.mxml
+#git add $DIR.mxml $DIR
+#git commit -m "$URL into $DIR" $DIR.mxml $DIR
+rm -rf $TMPF $TMPD