summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile74
-rw-r--r--scripts/now_date.pl7
-rw-r--r--scripts/unique_id.pl7
-rw-r--r--xslt/normalize.xsl20
-rw-r--r--xslt/sign.xsl6
-rw-r--r--xslt/swamid-sign.xsl123
6 files changed, 57 insertions, 180 deletions
diff --git a/Makefile b/Makefile
index 836dc4a5..dc2de595 100644
--- a/Makefile
+++ b/Makefile
@@ -7,36 +7,37 @@ SRCDIRS=swamid-2.0
DAYS:=15
DATE=$(shell perl scripts/expiration_date.pl $(DAYS))
+NOW=$(shell perl scripts/now_date.pl)
RPI=false
CONTACTS=false
TOU=true
ORG=true
TRANSFORM=xslt/normalize.xsl
-XSLTDEFS := --stringparam org $(ORG) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE)
+ID=$(shell perl scripts/unique_id.pl)
+XSLTDEFS := --stringparam org $(ORG) --stringparam ID $(ID) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) --stringparam now $(NOW)
+SIGNER := xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --id-attr:ID urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor
-all: update clean sign clean
+-include local.mk
-update:
-# @svn up -q
-
-keys: $(KEY) $(CERT)
+all: clean dependencies test sign clean web
MXML=$(shell echo *.mxml)
-sign: keys swamid swamid-testing swamid-testing-idp upstream projects swamid-ki-sll
+sign: swamid upstream projects
%.sig: %.mxml
- xsltproc $(XSLTDEFS) --xinclude $(TRANSFORM) $< > $*.n
+ xsltproc $(XSLTDEFS) --stringparam target "http://md.swamid.se/md/$*.xml" --xinclude $(TRANSFORM) $< > $*.n
xsltproc $(XSLTDEFS) --xinclude xslt/sign.xsl $*.n > $*.tbs
- xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --output $@ $*.tbs
+ $(SIGNER) --output $@ $*.tbs
xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $@
- rm -f $*.tbs $*.n
+ #rm -f $*.tbs $*.n
%.pub: %.sig
samlsign -c $(CERT) -f $< && xmllint --c14n $< > $(DEST)/$*.xml
- #xmllint --c14n --nowarning --path schema --schema schema.xsd $< > $(DEST)/$*.xml
rm -f $<
+dependencies: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml
+
upstream: edugain kalmar
kalmar:
@@ -45,7 +46,12 @@ kalmar:
edugain:
$(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub
-projects:
+projects: swamid-fiv-test swamid-ki-sll
+
+swamid-ki-sll:
+ $(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-ki-sll-1.0.pub
+
+swamid-fiv-test:
$(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-fiv-test.pub
aggregate: swamid-externals swamid-interfederations
@@ -66,56 +72,22 @@ swamid-interfederations1:
swamid-interfederations2:
scripts/aggregate.sh swamid-interfederations-2.0
-swamid: swamid2 swamid-no-interfederation-combined swamid-discovery swamid-idp swamid-idp-transitive swamid-registered publish
+swamid: swamid-2.0.pub swamid-no-interfederation-combined.pub swamid-discovery.pub swamid-idp.pub swamid-idp-transitive.pub swamid-registered.pub swamid-testing-1.0.pub swamid-testing-idp-1.0.pub
-publish: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
+web: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
cp swamid-tou-en.txt swamid-tou-sv.txt sunet-swamid.png HEADER.html README.html $(DEST)
-swamid2-deps: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml
-
-swamid2: swamid2-deps
- @saml-md-tool swamid-2.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- @test -s swamid-2.0.xml && cp swamid-2.0.xml $(DEST)
-
swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml
@xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml
swamid-externals-sp-2.0.xml: swamid-externals-2.0.mxml
@xsltproc --xinclude xslt/extract-non-idp.xslt swamid-externals-2.0.mxml > swamid-externals-sp-2.0.xml
-swamid-no-interfederation-combined: swamid2-deps
- @saml-md-tool swamid-no-interfederation-combined update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- @test -s swamid-no-interfederation-combined.xml && cp swamid-no-interfederation-combined.xml $(DEST)
+test: clean dependencies schematest
-swamid-discovery: swamid2-deps
- @saml-md-tool swamid-discovery update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- @test -s swamid-discovery.xml && cp swamid-discovery.xml $(DEST)
-
-swamid-idp: swamid2-deps
- @saml-md-tool swamid-idp update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- test -s swamid-idp.xml && cp swamid-idp.xml $(DEST)
-
-swamid-registered: swamid2-deps
- @saml-md-tool swamid-registered update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- test -s swamid-registered.xml && cp swamid-registered.xml $(DEST)
-
-swamid-idp-transitive: swamid2-deps
- @saml-md-tool swamid-idp-transitive update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- test -s swamid-idp-transitive.xml && cp swamid-idp-transitive.xml $(DEST)
-
-swamid-testing:
- @saml-md-tool swamid-testing-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- @test -s swamid-testing-1.0.xml && cp swamid-testing-1.0.xml $(DEST)
-
-swamid-testing-idp:
- @saml-md-tool swamid-testing-idp-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- @test -s swamid-testing-idp-1.0.xml && cp swamid-testing-idp-1.0.xml $(DEST)
-
-swamid-ki-sll:
- @saml-md-tool swamid-ki-sll-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
- @test -s swamid-ki-sll-1.0.xml && cp swamid-ki-sll-1.0.xml $(DEST)
+pedantic: clean dependencies schematest refedsRnS geantCoCo
-test: clean swamid2-deps
+schematest:
@for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1 ; done | sed 's/fails to validate/&/;s/validates/&/'
@for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x > /dev/null 2>&1 || exit 1 ; done
diff --git a/scripts/now_date.pl b/scripts/now_date.pl
new file mode 100644
index 00000000..1a5e6890
--- /dev/null
+++ b/scripts/now_date.pl
@@ -0,0 +1,7 @@
+#!/usr/bin/env perl
+
+use Date::Calc qw/Today_and_Now/;
+
+($year,$month,$day,$hour,$min,$sec) = Today_and_Now();
+my $date = sprintf "%s-%02d-%02dT%02d:%02d:%02dZ",$year,$month,$day,$hour,$min,$sec;
+print $date;
diff --git a/scripts/unique_id.pl b/scripts/unique_id.pl
new file mode 100644
index 00000000..d4837f24
--- /dev/null
+++ b/scripts/unique_id.pl
@@ -0,0 +1,7 @@
+#!/usr/bin/env perl
+
+use Date::Calc qw/Today_and_Now/;
+
+($year,$month,$day,$hour,$min,$sec) = Today_and_Now();
+print sprintf "_%s%02d%02dT%02d%02d%02dZ",$year,$month,$day,$hour,$min,$sec;
+
diff --git a/xslt/normalize.xsl b/xslt/normalize.xsl
index 031acbcb..9cbebd1d 100644
--- a/xslt/normalize.xsl
+++ b/xslt/normalize.xsl
@@ -22,7 +22,7 @@ the use of the Metadata. By accessing or using the Metadata You accept that the
use will be on and subject to these Terms. These Terms will be binding and enforceable on
You as contractual obligations.
-The Terms are available at
+The SWAMID Metadata Terms of Access and Use can be found here:
- http://md.swamid.se/md/swamid-tou-sv.txt Swedish version - Legally Binding!
- http://md.swamid.se/md/swamid-tou-en.txt English version - Non-normative translation
@@ -31,6 +31,7 @@ If You do not accept these Terms, then You must not continue to use this Metadat
</xsl:comment></xsl:if>
<md:EntitiesDescriptor>
+ <xsl:attribute name="ID"><xsl:value-of select="$ID"/></xsl:attribute>
<xsl:attribute name="Name"><xsl:value-of select="@Name"/></xsl:attribute>
<xsl:if test="@cacheDuration">
<xsl:attribute name="cacheDuration"><xsl:value-of select="@cacheDuration"/></xsl:attribute>
@@ -40,6 +41,9 @@ If You do not accept these Terms, then You must not continue to use this Metadat
</xsl:if>
<xsl:apply-templates/>
</md:EntitiesDescriptor>
+ <xsl:if test="$target='true'">
+ <md:Extensions><xsl:call-template name="add-swamid-pi"/></md:Extensions>
+ </xsl:if>
</xsl:template>
<xsl:template match="md:EntityDescriptor">
@@ -61,7 +65,7 @@ If You do not accept these Terms, then You must not continue to use this Metadat
<md:EntityDescriptor>
<xsl:apply-templates select="@*"/>
<xsl:if test="$rpi='true' and not(md:Extensions)">
- <md:Extensions><xsl:call-template name="add-swamid-rpi"/></md:Extensions>
+ <md:Extensions><xsl:call-template name="add-swamid-ri"/></md:Extensions>
</xsl:if>
<xsl:apply-templates select="text()|comment()|md:Extensions|md:RoleDescriptor|md:IDPSSODescriptor|md:SPSSODescriptor|md:AuthnAuthorityDescriptor|md:AttributeAuthorityDescriptor|md:PDPDescriptor|md:AffiliationDescriptor"/>
<xsl:if test="$org='true' and not(md:Organization)">
@@ -78,12 +82,12 @@ If You do not accept these Terms, then You must not continue to use this Metadat
<xsl:template match="md:EntityDescriptor/md:Extensions">
<md:Extensions>
- <xsl:call-template name="add-swamid-rpi"/>
+ <xsl:call-template name="add-swamid-ri"/>
<xsl:apply-templates select="text()|comment()|node()"/>
</md:Extensions>
</xsl:template>
- <xsl:template name="add-swamid-rpi">
+ <xsl:template name="add-swamid-ri">
<xsl:if test="$rpi='true' and not(mdrpi:RegistrationInfo[@registrationAuthority='http://swamid.se/'])">
<mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/">
<mdrpi:RegistrationPolicy xml:lang="en">http://www.swamid.se/download/18.248ad5af12aa8136533800012293/SWAMID+Metadata+Registration+Practice+Statement-20110714.pdf</mdrpi:RegistrationPolicy>
@@ -91,6 +95,14 @@ If You do not accept these Terms, then You must not continue to use this Metadat
</xsl:if>
</xsl:template>
+ <xsl:template name="add-swamid-pi">
+ <mdrpi:PublicationInfo>
+ <xsl:attribute Name="creationInstant"><xsl:value-of select="$now"/></xsl:attribute>
+ <xsl:attribute Name="publisher"><xsl:value-of select="$target"/></xsl:attribute>
+ <mdrpi:UsagePolicy xml:lang="en">https://www.sunet.se/wp-content/uploads/2015/12/SWAMID-Terms-of-Use-20110714.pdf</mdrpi:UsagePolicy>
+ </mdrpi:PublicationInfo>
+ </xsl:template>
+
<xsl:template match="@xml:base|@ID|@validUntil|@cacheDuration"/>
<xsl:template match="text()|comment()|@*">
diff --git a/xslt/sign.xsl b/xslt/sign.xsl
index 19aa9c55..51d2492a 100644
--- a/xslt/sign.xsl
+++ b/xslt/sign.xsl
@@ -3,6 +3,7 @@
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:exsl="http://exslt.org/common"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
@@ -18,10 +19,11 @@
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <ds:Reference URI="">
+ <ds:Reference>
+ <xsl:attribute name="URI"><xsl:text>#</xsl:text><xsl:value-of select="@ID"/></xsl:attribute>
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue></ds:DigestValue>
diff --git a/xslt/swamid-sign.xsl b/xslt/swamid-sign.xsl
deleted file mode 100644
index 350dc87a..00000000
--- a/xslt/swamid-sign.xsl
+++ /dev/null
@@ -1,123 +0,0 @@
-<?xml version="1.0"?>
-<xsl:stylesheet version="1.0"
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:exsl="http://exslt.org/common"
- xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
- extension-element-prefixes="exsl"
- xmlns:shibmd="urn:mace:shibboleth:metadata:1.0">
-
- <xsl:output method="xml" indent="yes" encoding="UTF-8"/>
-
- <xsl:template match="/md:EntitiesDescriptor">
- <xsl:comment>
-
- IMPORTANT NOTICE: READ CAREFULLY
-
-You are reading this because You wish to use the technical information (the “Metadata”)
-published on behalf of the Registrars. These Terms of Access and Use (these “Terms”) govern
-the use of the Metadata. By accessing or using the Metadata You accept that the access and
-use will be on and subject to these Terms. These Terms will be binding and enforceable on
-You as contractual obligations.
-
-The Terms are available at:
-
-- http://md.swamid.se/md/swamid-tou-sv.txt Swedish version - Legally Binding!
-- http://md.swamid.se/md/swamid-tou-en.txt English version - Non-normative translation
-
-If You do not accept these Terms, then You must not continue to use this Metadata.
-
- </xsl:comment>
- <md:EntitiesDescriptor>
- <xsl:attribute name="Name"><xsl:value-of select="@Name"/></xsl:attribute>
- <xsl:if test="@cacheDuration">
- <xsl:attribute name="cacheDuration"><xsl:value-of select="@cacheDuration"/></xsl:attribute>
- </xsl:if>
- <xsl:if test="@validUntil">
- <xsl:attribute name="validUntil"><xsl:value-of select="$date"/></xsl:attribute>
- </xsl:if>
- <ds:Signature>
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
- <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <ds:Reference URI="">
- <ds:Transforms>
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
- </ds:Transforms>
- <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
- <ds:DigestValue></ds:DigestValue>
- </ds:Reference>
- </ds:SignedInfo>
- <ds:SignatureValue/>
- <ds:KeyInfo>
- <ds:X509Data>
- </ds:X509Data>
- </ds:KeyInfo>
- </ds:Signature>
- <xsl:apply-templates/>
- </md:EntitiesDescriptor>
- </xsl:template>
-
- <xsl:template match="md:EntityDescriptor">
- <xsl:variable name="path"><xsl:value-of select="substring-after(@entityID,'://')"/></xsl:variable>
- <xsl:variable name="host">
- <xsl:if test="contains($path,'/')">
- <xsl:value-of select="substring-before($path,'/')"/>
- </xsl:if>
- <xsl:if test="not(contains($path,'/'))">
- <xsl:value-of select="$path"/>
- </xsl:if>
- </xsl:variable>
- <xsl:variable name="domain">
- <xsl:value-of select="substring-after($host,'.')"/>
- </xsl:variable>
- <xsl:variable name="orginfo">
- <xsl:value-of select="concat('../organization','/',$domain,'.xml')"/>
- </xsl:variable>
- <md:EntityDescriptor>
- <xsl:apply-templates select="@*"/>
- <xsl:if test="$rpi='true' and not(md:Extensions)">
- <md:Extensions><xsl:call-template name="add-swamid-rpi"/></md:Extensions>
- </xsl:if>
- <xsl:apply-templates select="text()|comment()|md:Extensions|md:RoleDescriptor|md:IDPSSODescriptor|md:SPSSODescriptor|md:AuthnAuthorityDescriptor|md:AttributeAuthorityDescriptor|md:PDPDescriptor|md:AffiliationDescriptor"/>
- <xsl:if test="not(md:Organization)">
- <xsl:apply-templates select="document($orginfo)"/>
- </xsl:if>
- <xsl:if test="$defaultContact='true' and not(md:ContactPerson)">
- <md:ContactPerson contactType="technical"><md:EmailAddress>operations@swamid.se</md:EmailAddress></md:ContactPerson>
- </xsl:if>
- <xsl:apply-templates select="md:Organization|md:ContactPerson|md:AdditionalMetadataLocation"/>
- </md:EntityDescriptor>
- </xsl:template>
-
- <xsl:template match="md:EntityDescriptor/md:Extensions">
- <md:Extensions>
- <xsl:call-template name="add-swamid-rpi"/>
- <xsl:apply-templates select="text()|comment()|node()"/>
- </md:Extensions>
- </xsl:template>
-
- <xsl:template name="add-swamid-rpi">
- <xsl:if test="$rpi='true' and not(mdrpi:RegistrationInfo[@registrationAuthority='http://swamid.se/'])">
- <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/">
- <mdrpi:RegistrationPolicy xml:lang="en">http://www.swamid.se/download/18.248ad5af12aa8136533800012293/SWAMID+Metadata+Registration+Practice+Statement-20110714.pdf</mdrpi:RegistrationPolicy>
- </mdrpi:RegistrationInfo>
- </xsl:if>
- </xsl:template>
-
- <xsl:template match="@xml:base|@ID"/>
-
- <xsl:template match="text()|comment()|@*">
- <xsl:copy/>
- </xsl:template>
-
- <xsl:template match="*">
- <xsl:copy>
- <xsl:apply-templates select="node()|@*"/>
- </xsl:copy>
- </xsl:template>
-
-</xsl:stylesheet>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-18 15:25:04 +0000