5 files changed, 34 insertions, 52 deletions
diff --git a/Makefile b/Makefile
index 8fe2dda3..dc2de595 100644
--- a/Makefile
+++ b/Makefile
@@ -13,31 +13,31 @@ CONTACTS=false
 TOU=true
 ORG=true
 TRANSFORM=xslt/normalize.xsl
-XSLTDEFS := --stringparam org $(ORG) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) --stringparam now $(NOW)
+ID=$(shell perl scripts/unique_id.pl)
+XSLTDEFS := --stringparam org $(ORG) --stringparam ID $(ID) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) --stringparam now $(NOW)
+SIGNER := xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --id-attr:ID urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor
 
-all: update clean sign clean
+-include local.mk
 
-update:
-#	@svn up -q
-
-keys: $(KEY) $(CERT)
+all: clean dependencies test sign clean web
 
 MXML=$(shell echo *.mxml)
 
-sign: keys swamid swamid-testing swamid-testing-idp upstream projects swamid-ki-sll
+sign: swamid upstream projects
 
 %.sig: %.mxml
 	xsltproc $(XSLTDEFS) --stringparam target "http://md.swamid.se/md/$*.xml" --xinclude $(TRANSFORM) $< > $*.n
 	xsltproc $(XSLTDEFS) --xinclude xslt/sign.xsl $*.n > $*.tbs
-	xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --output $@ $*.tbs
+	$(SIGNER) --output $@ $*.tbs
 	xmllint --xinclude --nowarning --noout --path schema --schema  schema.xsd $@
-	rm -f $*.tbs $*.n
+	#rm -f $*.tbs $*.n
 
 %.pub: %.sig
 	samlsign -c $(CERT) -f $< && xmllint --c14n $< > $(DEST)/$*.xml
-	#xmllint --c14n --nowarning --path schema --schema  schema.xsd $< > $(DEST)/$*.xml
 	rm -f $<
 
+dependencies: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml
+
 upstream: edugain kalmar
 
 kalmar:
@@ -46,7 +46,12 @@ kalmar:
 edugain:
 	$(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub
 
-projects:
+projects: swamid-fiv-test swamid-ki-sll
+
+swamid-ki-sll:
+	$(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-ki-sll-1.0.pub
+
+swamid-fiv-test:
 	$(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-fiv-test.pub
 
 aggregate: swamid-externals swamid-interfederations
@@ -67,56 +72,22 @@ swamid-interfederations1:
 swamid-interfederations2:
 	scripts/aggregate.sh swamid-interfederations-2.0
 
-swamid: swamid2 swamid-no-interfederation-combined swamid-discovery swamid-idp swamid-idp-transitive swamid-registered publish
+swamid: swamid-2.0.pub swamid-no-interfederation-combined.pub swamid-discovery.pub swamid-idp.pub swamid-idp-transitive.pub swamid-registered.pub swamid-testing-1.0.pub swamid-testing-idp-1.0.pub
 
-publish: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
+web: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
 	cp swamid-tou-en.txt swamid-tou-sv.txt sunet-swamid.png HEADER.html README.html $(DEST)
 
-swamid2-deps: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml
-
-swamid2: swamid2-deps
-	@saml-md-tool swamid-2.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
-	@test -s swamid-2.0.xml && cp swamid-2.0.xml $(DEST)
-
 swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml
 	@xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml
 
 swamid-externals-sp-2.0.xml: swamid-externals-2.0.mxml
 	@xsltproc --xinclude xslt/extract-non-idp.xslt swamid-externals-2.0.mxml > swamid-externals-sp-2.0.xml
 
-swamid-no-interfederation-combined: swamid2-deps
-	@saml-md-tool swamid-no-interfederation-combined update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
-	@test -s swamid-no-interfederation-combined.xml && cp swamid-no-interfederation-combined.xml $(DEST)
+test: clean dependencies schematest 
 
-swamid-discovery: swamid2-deps
-	@saml-md-tool swamid-discovery update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
-	@test -s swamid-discovery.xml && cp swamid-discovery.xml $(DEST)
-
-swamid-idp: swamid2-deps
-	@saml-md-tool swamid-idp update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
-	test -s swamid-idp.xml && cp swamid-idp.xml $(DEST)
-
-swamid-registered: swamid2-deps
-	@saml-md-tool swamid-registered update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
-	test -s swamid-registered.xml && cp swamid-registered.xml $(DEST)
-
-swamid-idp-transitive: swamid2-deps
-	@saml-md-tool swamid-idp-transitive update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
-	test -s swamid-idp-transitive.xml && cp swamid-idp-transitive.xml $(DEST)
-
-swamid-testing:
-	@saml-md-tool swamid-testing-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
-	@test -s swamid-testing-1.0.xml && cp swamid-testing-1.0.xml $(DEST)
-
-swamid-testing-idp:
-	@saml-md-tool swamid-testing-idp-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
-	@test -s swamid-testing-idp-1.0.xml && cp swamid-testing-idp-1.0.xml $(DEST)
-
-swamid-ki-sll:
-	@saml-md-tool swamid-ki-sll-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
-	@test -s swamid-ki-sll-1.0.xml && cp swamid-ki-sll-1.0.xml $(DEST)
+pedantic: clean dependencies schematest refedsRnS geantCoCo
 
-test: clean swamid2-deps
+schematest:
 	@for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1 ; done | sed 's/fails to validate/[1;31m&[0m/;s/validates/[1;32m&[0m/'
 	@for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x > /dev/null 2>&1 || exit 1 ; done
 
diff --git a/schema.xsd b/schema.xsd
index 2cf3b8fb..20882b95 100644
--- a/schema.xsd
+++ b/schema.xsd
@@ -16,4 +16,5 @@
 <import namespace="urn:oasis:names:tc:SAML:metadata:attribute" schemaLocation="sstc-metadata-attr.xsd"/>
 <import namespace="urn:oasis:names:tc:SAML:metadata:algsupport" schemaLocation="sstc-saml-metadata-algsupport.xsd"/>
 <import namespace="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" schemaLocation="sstc-saml-idp-discovery.xsd"/>
+<import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
 </schema>
diff --git a/scripts/unique_id.pl b/scripts/unique_id.pl
new file mode 100755
index 00000000..d4837f24
--- /dev/null
+++ b/scripts/unique_id.pl
@@ -0,0 +1,7 @@
+#!/usr/bin/env perl
+
+use Date::Calc qw/Today_and_Now/;
+
+($year,$month,$day,$hour,$min,$sec) = Today_and_Now();
+print sprintf "_%s%02d%02dT%02d%02d%02dZ",$year,$month,$day,$hour,$min,$sec;
+
diff --git a/xslt/normalize.xsl b/xslt/normalize.xsl
index e24907d1..f48f4877 100644
--- a/xslt/normalize.xsl
+++ b/xslt/normalize.xsl
@@ -31,6 +31,7 @@ If You do not accept these Terms, then You must not continue to use this Metadat
 
     </xsl:comment></xsl:if>
     <md:EntitiesDescriptor>
+      <xsl:attribute name="ID"><xsl:value-of select="$ID"/></xsl:attribute>
       <xsl:attribute name="Name"><xsl:value-of select="@Name"/></xsl:attribute>
       <xsl:if test="@cacheDuration">
          <xsl:attribute name="cacheDuration"><xsl:value-of select="@cacheDuration"/></xsl:attribute>
diff --git a/xslt/sign.xsl b/xslt/sign.xsl
index 19aa9c55..51d2492a 100644
--- a/xslt/sign.xsl
+++ b/xslt/sign.xsl
@@ -3,6 +3,7 @@
                 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
                 xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xmlns:xs="http://www.w3.org/2001/XMLSchema"
                 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                 xmlns:exsl="http://exslt.org/common"
                 xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
@@ -18,10 +19,11 @@
 	<ds:SignedInfo>
 	  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
 	  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
-	  <ds:Reference URI="">
+	  <ds:Reference>
+            <xsl:attribute name="URI"><xsl:text>#</xsl:text><xsl:value-of select="@ID"/></xsl:attribute>
             <ds:Transforms>
               <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-	      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
+	      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
             </ds:Transforms>
             <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
             <ds:DigestValue></ds:DigestValue>