KEY=/opt/swamid-credentials/swamid-signer.key CERT=/opt/swamid-credentials/swamid-signer.crt PASS=$(shell cat /opt/swamid-credentials/swamid-signer-pass.txt) DEST=/opt/published-metadata SRCDIRS=swamid-2.0 DAYS:=15 DATE=$(shell perl scripts/expiration_date.pl $(DAYS)) RPI=false CONTACTS=false TOU=true ORG=true TRANSFORM=xslt/normalize.xsl XSLTDEFS := --stringparam org $(ORG) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) all: update clean sign clean update: # @svn up -q keys: $(KEY) $(CERT) MXML=$(shell echo *.mxml) sign: keys swamid swamid-testing swamid-testing-idp upstream projects swamid-ki-sll %.sig: %.mxml xsltproc $(XSLTDEFS) --xinclude $(TRANSFORM) $< > $*.n xsltproc $(XSLTDEFS) --xinclude xslt/sign.xsl $*.n > $*.tbs xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --output $@ $*.tbs xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $@ rm -f $*.tbs $*.n %.pub: %.sig samlsign -c $(CERT) -f $< && xmllint --c14n $< > $(DEST)/$*.xml #xmllint --c14n --nowarning --path schema --schema schema.xsd $< > $(DEST)/$*.xml rm -f $< upstream: edugain kalmar kalmar: $(MAKE) RPI=false CONTACTS=false swamid-kalmar-1.0.pub swamid-kalmar-testing-1.0.pub edugain: $(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub projects: $(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-fiv-test.pub aggregate: swamid-externals swamid-interfederations swamid-externals: swamid-externals1 swamid-externals2 swamid-externals1: scripts/aggregate.sh swamid-externals-1.0 swamid-externals2: scripts/aggregate.sh swamid-externals-2.0 swamid-interfederations: swamid-interfederations1 swamid-interfederations2 swamid-interfederations1: scripts/aggregate.sh swamid-interfederations-1.0 swamid-interfederations2: scripts/aggregate.sh swamid-interfederations-2.0 swamid: swamid2 swamid-no-interfederation-combined swamid-discovery swamid-idp swamid-idp-transitive swamid-registered publish publish: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html cp swamid-tou-en.txt swamid-tou-sv.txt sunet-swamid.png HEADER.html README.html $(DEST) swamid2-deps: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml swamid2: swamid2-deps @saml-md-tool swamid-2.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS) @test -s swamid-2.0.xml && cp swamid-2.0.xml $(DEST) swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml @xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml swamid-externals-sp-2.0.xml: swamid-externals-2.0.mxml @xsltproc --xinclude xslt/extract-non-idp.xslt swamid-externals-2.0.mxml > swamid-externals-sp-2.0.xml swamid-no-interfederation-combined: swamid2-deps @saml-md-tool swamid-no-interfederation-combined update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS) @test -s swamid-no-interfederation-combined.xml && cp swamid-no-interfederation-combined.xml $(DEST) swamid-discovery: swamid2-deps @saml-md-tool swamid-discovery update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS) @test -s swamid-discovery.xml && cp swamid-discovery.xml $(DEST) swamid-idp: swamid2-deps @saml-md-tool swamid-idp update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS) test -s swamid-idp.xml && cp swamid-idp.xml $(DEST) swamid-registered: swamid2-deps @saml-md-tool swamid-registered update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS) test -s swamid-registered.xml && cp swamid-registered.xml $(DEST) swamid-idp-transitive: swamid2-deps @saml-md-tool swamid-idp-transitive update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS) test -s swamid-idp-transitive.xml && cp swamid-idp-transitive.xml $(DEST) swamid-testing: @saml-md-tool swamid-testing-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) @test -s swamid-testing-1.0.xml && cp swamid-testing-1.0.xml $(DEST) swamid-testing-idp: @saml-md-tool swamid-testing-idp-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) @test -s swamid-testing-idp-1.0.xml && cp swamid-testing-idp-1.0.xml $(DEST) swamid-ki-sll: @saml-md-tool swamid-ki-sll-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) @test -s swamid-ki-sll-1.0.xml && cp swamid-ki-sll-1.0.xml $(DEST) test: clean swamid2-deps @for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1 ; done | sed 's/fails to validate/[1;31m&[0m/;s/validates/[1;32m&[0m/' @for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x > /dev/null 2>&1 || exit 1 ; done clean: @rm -f *.xml *.tbs *.n tidy: @for x in `find $(SRCDIRS) -name \*.xml`; do xsltproc xslt/clean-entitydescriptor.xsl $$x > $$x.c && mv $$x.c $$x; done refedsRnS: @echo "Checking for refeds R&S compatibillity" @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l SPSSODescriptor` ; do \ got_refeds_RnS=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes" - 2>/dev/null | grep 'http://refeds.org/category/research-and-scholarship'` ; \ if [ -n "$$got_refeds_RnS" ] ; then \ http_post=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AssertionConsumerService" - 2>/dev/null | grep 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'` ; \ if [ -z "$$http_post" ] ; then echo "$$x: Missing HTTP-POST binding." ; fi ; \ mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \ if [ -z "$$mdui_DisplayName" ] ; then echo "$$x: Missing mdui:DisplayName." ; fi ; \ mdui_InformationURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/InformationURL" - 2>/dev/null | grep 'InformationURL'` ; \ if [ -z "$$mdui_InformationURL" ] ; then echo "$$x: Missing mdui:InformationURL." ; fi ; \ tech_contact=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson[@contactType='technical']" - 2>/dev/null | grep 'EmailAddress'` ; \ if [ -z "$$tech_contact" ] ; then echo "$$x: Missing ContactPerson contactType='technical'." ; fi ; \ requested_attributes=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService" - 2>/dev/null | grep 'RequestedAttribute'` ; \ if [ -z "$$requested_attributes" ] ; then echo "$$x: Missing requested attributes." ; fi ; \ fi ; \ done | grep . && exit 1 || true committest: test @echo "Check for mismatch between MDUI DisplayName and OrganizationDisplayName" @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do mdui_displayname=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor//UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ ]*//;s/[ ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` organizationdisplayname=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ ]*//;s/[ ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` ; if [ -n "$$mdui_displayname" -a -n "$$organizationdisplayname" -a "$$mdui_displayname" != "$$organizationdisplayname" ] ; then echo "$$x: $$lang '$$mdui_displayname' vs $$lang '$$organizationdisplayname'" ; fi ; done ; done | grep . && exit 1 || true @echo "Checking for uniq IdP OrganizationDisplayName" @for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ ]*//;s/[ ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^;$$x $$lang ;" ; done | sort -k 3 | uniq -D -f 2 ; done | grep . && exit 1 || true @echo "Checking for entity-categories in SPSSODescriptors that should be moved to EntityDescriptor/Extensions" @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/SPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo " $$x" ; fi ; done | grep . && exit 1 || true @echo "Checking for entity-categories in IDPSSODescriptor that should be moved to EntityDescriptor/Extensions" @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/IDPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo " $$x" ; fi ; done | grep . && exit 1 || true @echo "Checking for MDUI in EntityDescriptor/Extensions" @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/Extensions/UIInfo - 2>/dev/null | grep -q . ; then echo " $$x" ; fi ; done | grep . && exit 1 || true @echo "Checking for entitycategories for IdPs that should be entity-category-support" @for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]/AttributeValue/text()' - 2>/dev/null | grep -q http://refeds.org/category/research-and-scholarship ; then echo " $$x" ; fi ; done | grep . && exit 1 || true @echo "Checking for invalid IPHint" @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*IPHint>\(.*\)</[a-z0-9:]*IPHint>;\1;p' | grep -q -vE '^$$|^[0-9./a-fA-F:]*$$' ; then echo " $$x" ; fi ; done | grep . && exit 1 || true @echo "Checking for invalid geodata (syntax is geo:xx.yy,zz.vv)" @for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*GeolocationHint>\(.*\)</[a-z0-9:]*GeolocationHint>;\1;p' | grep -q -vE '^$$|^geo:[0-9][0-9][0-9.]*,[0-9][0-9][0-9.]*$$' ; then echo " $$x" ; fi ; done | grep . && exit 1 || true @echo "Check for new SP:s with SimpleSign (breaks ADFS IdP:s with Shib SP 2.5+)" @for x in `find $(SRCDIRS) -name \*.xml`; do if ! grep -qx `basename $$x` sp-with-simplesign && grep -q HTTP-POST-SimpleSign $$x ; then echo " $$x" ; fi ; done | grep . && exit 1 || true commit: tidy committest @git diff --color || true @echo ; echo -n "Run 'git commit -a'? [Y/n/skip] " ; read x ; case $$x in "Y"|"y"|"") git commit -a ;; s|skip) ;; *) exit 1 ;; esac @git status -u @echo "Checking for not committed files in swamid-2.0/" ; if git status --porcelain --ignored | awk '{print $$2}' | grep "^swamid-2.0/" | sed 's/^/ /' | grep . ; then echo "Not committed files in swamid-2.0/, aborting" ; exit 1 ; fi @echo ; echo -n "Run 'git push'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac @git push