summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile73
-rwxr-xr-xscripts/unique_id.pl7
-rw-r--r--xslt/normalize.xsl1
-rw-r--r--xslt/sign.xsl3
4 files changed, 33 insertions, 51 deletions
diff --git a/Makefile b/Makefile
index e6184fd5..d5b8983b 100644
--- a/Makefile
+++ b/Makefile
@@ -12,31 +12,35 @@ CONTACTS=false
TOU=true
ORG=true
TRANSFORM=xslt/normalize.xsl
-XSLTDEFS := --stringparam org $(ORG) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE)
+ID=$(shell perl scripts/unique_id.pl)
+XSLTDEFS := --stringparam org $(ORG) --stringparam ID $(ID) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE)
+SIGNER := xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS)
-all: update clean sign clean
+-include local.mk
-update:
-# @svn up -q
-
-keys: $(KEY) $(CERT)
+all: clean dependencies test sign clean web
MXML=$(shell echo *.mxml)
-sign: keys swamid swamid-testing swamid-testing-idp upstream projects swamid-ki-sll
+sign: swamid upstream projects
%.sig: %.mxml
+ # normalization
xsltproc $(XSLTDEFS) --xinclude $(TRANSFORM) $< > $*.n
+ # signing
xsltproc $(XSLTDEFS) --xinclude xslt/sign.xsl $*.n > $*.tbs
- xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --output $@ $*.tbs
+ $(SIGNER) --output $@ $*.tbs
+ # verification
xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $@
- rm -f $*.tbs $*.n
+ #rm -f $*.tbs $*.n
%.pub: %.sig
samlsign -c $(CERT) -f $< && xmllint --c14n $< > $(DEST)/$*.xml
#xmllint --c14n --nowarning --path schema --schema schema.xsd $< > $(DEST)/$*.xml
rm -f $<
+dependencies: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml
+
upstream: edugain kalmar
kalmar:
@@ -45,7 +49,12 @@ kalmar:
edugain:
$(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub
-projects:
+projects: swamid-fiv-test swamid-ki-sll
+
+swamid-ki-sll:
+ $(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-ki-sll-1.0.pub
+
+swamid-fiv-test:
$(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-fiv-test.pub
aggregate: swamid-externals swamid-interfederations
@@ -66,56 +75,20 @@ swamid-interfederations1:
swamid-interfederations2:
scripts/aggregate.sh swamid-interfederations-2.0
-swamid: swamid2 swamid-no-interfederation-combined swamid-discovery swamid-idp swamid-idp-transitive swamid-registered publish
+swamid: swamid-2.0.pub swamid-no-interfederation-combined.pub swamid-discovery.pub swamid-idp.pub swamid-idp-transitive.pub swamid-registered.pub swamid-testing-1.0.pub swamid-testing-idp-1.0.pub
-publish: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
+web: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
cp swamid-tou-en.txt swamid-tou-sv.txt sunet-swamid.png HEADER.html README.html $(DEST)
-swamid2-deps: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml
-
-swamid2: swamid2-deps
- @saml-md-tool swamid-2.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- @test -s swamid-2.0.xml && cp swamid-2.0.xml $(DEST)
-
swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml
@xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml
swamid-externals-sp-2.0.xml: swamid-externals-2.0.mxml
@xsltproc --xinclude xslt/extract-non-idp.xslt swamid-externals-2.0.mxml > swamid-externals-sp-2.0.xml
-swamid-no-interfederation-combined: swamid2-deps
- @saml-md-tool swamid-no-interfederation-combined update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- @test -s swamid-no-interfederation-combined.xml && cp swamid-no-interfederation-combined.xml $(DEST)
-
-swamid-discovery: swamid2-deps
- @saml-md-tool swamid-discovery update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- @test -s swamid-discovery.xml && cp swamid-discovery.xml $(DEST)
-
-swamid-idp: swamid2-deps
- @saml-md-tool swamid-idp update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- test -s swamid-idp.xml && cp swamid-idp.xml $(DEST)
-
-swamid-registered: swamid2-deps
- @saml-md-tool swamid-registered update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- test -s swamid-registered.xml && cp swamid-registered.xml $(DEST)
-
-swamid-idp-transitive: swamid2-deps
- @saml-md-tool swamid-idp-transitive update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
- test -s swamid-idp-transitive.xml && cp swamid-idp-transitive.xml $(DEST)
-
-swamid-testing:
- @saml-md-tool swamid-testing-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
- @test -s swamid-testing-1.0.xml && cp swamid-testing-1.0.xml $(DEST)
-
-swamid-testing-idp:
- @saml-md-tool swamid-testing-idp-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
- @test -s swamid-testing-idp-1.0.xml && cp swamid-testing-idp-1.0.xml $(DEST)
-
-swamid-ki-sll:
- @saml-md-tool swamid-ki-sll-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
- @test -s swamid-ki-sll-1.0.xml && cp swamid-ki-sll-1.0.xml $(DEST)
+test: clean dependencies schematest refedsRnS geantCoCo
-test: clean swamid2-deps
+schematest:
@for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1 ; done | sed 's/fails to validate/&/;s/validates/&/'
@for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x > /dev/null 2>&1 || exit 1 ; done
diff --git a/scripts/unique_id.pl b/scripts/unique_id.pl
new file mode 100755
index 00000000..d4837f24
--- /dev/null
+++ b/scripts/unique_id.pl
@@ -0,0 +1,7 @@
+#!/usr/bin/env perl
+
+use Date::Calc qw/Today_and_Now/;
+
+($year,$month,$day,$hour,$min,$sec) = Today_and_Now();
+print sprintf "_%s%02d%02dT%02d%02d%02dZ",$year,$month,$day,$hour,$min,$sec;
+
diff --git a/xslt/normalize.xsl b/xslt/normalize.xsl
index 2ae8a1e1..9ac9cc61 100644
--- a/xslt/normalize.xsl
+++ b/xslt/normalize.xsl
@@ -31,6 +31,7 @@ If You do not accept these Terms, then You must not continue to use this Metadat
</xsl:comment></xsl:if>
<md:EntitiesDescriptor>
+ <xsl:attribute name="ID"><xsl:value-of select="$ID"/></xsl:attribute>
<xsl:attribute name="Name"><xsl:value-of select="@Name"/></xsl:attribute>
<xsl:if test="@cacheDuration">
<xsl:attribute name="cacheDuration"><xsl:value-of select="@cacheDuration"/></xsl:attribute>
diff --git a/xslt/sign.xsl b/xslt/sign.xsl
index 19aa9c55..c0e04ab5 100644
--- a/xslt/sign.xsl
+++ b/xslt/sign.xsl
@@ -18,7 +18,8 @@
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <ds:Reference URI="">
+ <ds:Reference>
+ <xsl:attribute name="URI"><xsl:text>#</xsl:text><xsl:value-of select="@ID"/></xsl:attribute>
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-05 06:56:19 +0000