KEY=/opt/swamid-credentials/swamid-signer.key
CERT=/opt/swamid-credentials/swamid-signer.crt
PASS=$(shell cat /opt/swamid-credentials/swamid-signer-pass.txt)
DEST=/opt/published-metadata
SRCDIRS=swamid-2.0

DAYS:=15
DATE=$(shell perl scripts/expiration_date.pl $(DAYS))
RPI=false
CONTACTS=false
TOU=true
ORG=true
TRANSFORM=xslt/normalize.xsl
XSLTDEFS := --stringparam org $(ORG) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) 

all: update clean sign clean

update:
#	@svn up -q

keys: $(KEY) $(CERT)

MXML=$(shell echo *.mxml)

sign: keys swamid swamid-testing swamid-testing-idp upstream projects swamid-ki-sll

%.sig: %.mxml
	xsltproc $(XSLTDEFS) --xinclude $(TRANSFORM) $< > $*.n
	xsltproc $(XSLTDEFS) --xinclude xslt/sign.xsl $*.n > $*.tbs
	xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --output $@ $*.tbs
	xmllint --xinclude --nowarning --noout --path schema --schema  schema.xsd $@
	rm -f $*.tbs $*.n

%.pub: %.sig
	samlsign -c $(CERT) -f $< && xmllint --c14n $< > $(DEST)/$*.xml
	#xmllint --c14n --nowarning --path schema --schema  schema.xsd $< > $(DEST)/$*.xml
	rm -f $<

upstream: edugain kalmar

kalmar:
	$(MAKE) RPI=false CONTACTS=false swamid-kalmar-1.0.pub swamid-kalmar-testing-1.0.pub

edugain:
	$(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub

projects:
	$(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-fiv-test.pub

aggregate: swamid-externals swamid-interfederations

swamid-externals: swamid-externals1 swamid-externals2

swamid-externals1:
	scripts/aggregate.sh swamid-externals-1.0

swamid-externals2:
	scripts/aggregate.sh swamid-externals-2.0

swamid-interfederations: swamid-interfederations1 swamid-interfederations2

swamid-interfederations1:
	scripts/aggregate.sh swamid-interfederations-1.0

swamid-interfederations2:
	scripts/aggregate.sh swamid-interfederations-2.0

swamid: swamid2 swamid-no-interfederation-combined swamid-discovery swamid-idp swamid-idp-transitive swamid-registered publish

publish: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
	cp swamid-tou-en.txt swamid-tou-sv.txt sunet-swamid.png HEADER.html README.html $(DEST)

swamid2-deps: swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml

swamid2: swamid2-deps
	@saml-md-tool swamid-2.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
	@test -s swamid-2.0.xml && cp swamid-2.0.xml $(DEST)

swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml
	@xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml

swamid-externals-sp-2.0.xml: swamid-externals-2.0.mxml
	@xsltproc --xinclude xslt/extract-non-idp.xslt swamid-externals-2.0.mxml > swamid-externals-sp-2.0.xml

swamid-no-interfederation-combined: swamid2-deps
	@saml-md-tool swamid-no-interfederation-combined update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
	@test -s swamid-no-interfederation-combined.xml && cp swamid-no-interfederation-combined.xml $(DEST)

swamid-discovery: swamid2-deps
	@saml-md-tool swamid-discovery update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
	@test -s swamid-discovery.xml && cp swamid-discovery.xml $(DEST)

swamid-idp: swamid2-deps
	@saml-md-tool swamid-idp update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
	test -s swamid-idp.xml && cp swamid-idp.xml $(DEST)

swamid-registered: swamid2-deps
	@saml-md-tool swamid-registered update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
	test -s swamid-registered.xml && cp swamid-registered.xml $(DEST)

swamid-idp-transitive: swamid2-deps
	@saml-md-tool swamid-idp-transitive update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
	test -s swamid-idp-transitive.xml && cp swamid-idp-transitive.xml $(DEST)

swamid-testing:
	@saml-md-tool swamid-testing-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
	@test -s swamid-testing-1.0.xml && cp swamid-testing-1.0.xml $(DEST)

swamid-testing-idp:
	@saml-md-tool swamid-testing-idp-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
	@test -s swamid-testing-idp-1.0.xml && cp swamid-testing-idp-1.0.xml $(DEST)

swamid-ki-sll:
	@saml-md-tool swamid-ki-sll-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
	@test -s swamid-ki-sll-1.0.xml && cp swamid-ki-sll-1.0.xml $(DEST)

test: clean swamid2-deps
	@for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1 ; done | sed 's/fails to validate/&/;s/validates/&/'
	@for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x > /dev/null 2>&1 || exit 1 ; done

clean:
	@rm -f *.xml *.tbs *.n

tidy:
	@for x in `find $(SRCDIRS) -name \*.xml`; do xsltproc xslt/clean-entitydescriptor.xsl $$x > $$x.c && mv $$x.c $$x; done

refedsRnS:
	@echo "Checking for refeds R&S compatibillity"
	@for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l SPSSODescriptor` ; do \
	got_refeds_RnS=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes" - 2>/dev/null | grep 'http://refeds.org/category/research-and-scholarship'` ; \
	if [ -n "$$got_refeds_RnS" ] ; then \
	http_post=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AssertionConsumerService" - 2>/dev/null | grep 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'` ; \
	if [ -z "$$http_post" ] ; then echo "$$x: Missing HTTP-POST binding." ; fi ; \
	mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
	if [ -z "$$mdui_DisplayName" ] ; then echo "$$x: Missing mdui:DisplayName." ; fi ; \
	mdui_InformationURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/InformationURL" - 2>/dev/null | grep 'InformationURL'` ; \
	if [ -z "$$mdui_InformationURL" ] ; then echo "$$x: Missing mdui:InformationURL." ; fi ; \
	tech_contact=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson[@contactType='technical']" - 2>/dev/null | grep 'EmailAddress'` ; \
	if [ -z "$$tech_contact" ] ; then echo "$$x: Missing ContactPerson contactType='technical'." ; fi ; \
	requested_attributes=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AttributeConsumingService" - 2>/dev/null | grep 'RequestedAttribute'` ; \
	if [ -z "$$requested_attributes" ] ; then echo "$$x: Missing requested attributes." ; fi ; \
	fi ; \
	done | grep . && exit 1 || true

committest: test
	@echo "Check for mismatch between MDUI DisplayName and OrganizationDisplayName"
	@for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do mdui_displayname=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor//UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ 	]*//;s/[ 	]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` organizationdisplayname=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ 	]*//;s/[ 	]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` ; if [ -n "$$mdui_displayname" -a -n "$$organizationdisplayname" -a "$$mdui_displayname" != "$$organizationdisplayname" ] ; then echo "$$x: $$lang '$$mdui_displayname' vs $$lang '$$organizationdisplayname'" ; fi ; done ; done | grep . && exit 1 || true
	@echo "Checking for uniq IdP OrganizationDisplayName"
	@for lang in `cat swamid-2.0/*.xml | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ 	]*//;s/[ 	]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^;$$x $$lang ;" ; done | sort -k 3 | uniq -D -f 2 ; done | grep . && exit 1 || true
	@echo "Checking for entity-categories in SPSSODescriptors that should be moved to EntityDescriptor/Extensions"
	@for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/SPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
	@echo "Checking for entity-categories in IDPSSODescriptor that should be moved to EntityDescriptor/Extensions"
	@for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/IDPSSODescriptor/Extensions/EntityAttributes - 2>/dev/null | grep -q entity-category ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
	@echo "Checking for MDUI in EntityDescriptor/Extensions"
	@for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath /EntityDescriptor/Extensions/UIInfo - 2>/dev/null | grep -q . ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
	@echo "Checking for entitycategories for IdPs that should be entity-category-support"
	@for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do if cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Extensions/EntityAttributes/Attribute[attribute::Name="http://macedir.org/entity-category"]/AttributeValue/text()' - 2>/dev/null | grep -q http://refeds.org/category/research-and-scholarship ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
	@echo "Checking for invalid IPHint"
	@for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*IPHint>\(.*\)</[a-z0-9:]*IPHint>;\1;p' | grep -q -vE '^$$|^[0-9./a-fA-F:]*$$' ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
	@echo "Checking for invalid geodata (syntax is geo:xx.yy,zz.vv)"
	@for x in `find $(SRCDIRS) -name \*.xml`; do if cat $$x | sed -n 's;.*<[a-z0-9:]*GeolocationHint>\(.*\)</[a-z0-9:]*GeolocationHint>;\1;p' | grep -q -vE '^$$|^geo:[0-9][0-9][0-9.]*,[0-9][0-9][0-9.]*$$' ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true
	@echo "Check for new SP:s with SimpleSign (breaks ADFS IdP:s with Shib SP 2.5+)"
	@for x in `find $(SRCDIRS) -name \*.xml`; do if ! grep -qx `basename $$x` sp-with-simplesign && grep -q HTTP-POST-SimpleSign $$x ; then echo "  $$x" ; fi ; done | grep . && exit 1 || true

commit: tidy committest
	@git diff --color || true
	@echo ; echo -n "Run 'git commit -a'? [Y/n/skip] " ; read x ; case $$x in "Y"|"y"|"") git commit -a ;; s|skip) ;; *) exit 1 ;; esac
	@git status -u
	@echo "Checking for not committed files in swamid-2.0/" ; if git status --porcelain --ignored | awk '{print $$2}' | grep "^swamid-2.0/" | sed 's/^/  /' | grep . ; then echo "Not committed files in swamid-2.0/, aborting" ; exit 1 ; fi
	@echo ; echo -n "Run 'git push'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac
	@git push