SHELL=/bin/bash SRCDIRS=swamid-2.0 swamid-edugain NOW=$(shell perl scripts/now_date.pl) tag: cd ..; make tag EDUGAINXML=$(patsubst swamid-edugain/%.xml,.time/%.time,$(wildcard swamid-edugain/*.xml)) SWAMID20XML=$(patsubst swamid-2.0/%.xml,.time/%.time,$(wildcard swamid-2.0/*.xml)) testRefedsRnS: @echo "Checking for refeds R&S compatibillity for entities exported to eduGAIN" @for x in `grep -l SPSSODescriptor swamid-edugain/*` ; do \ got_refeds_RnS=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes/Attribute[@Name='http://macedir.org/entity-category']/AttributeValue" - 2>/dev/null | grep 'http://refeds.org/category/research-and-scholarship'` ; \ if [ -n "$$got_refeds_RnS" ] ; then \ http_post=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AssertionConsumerService" - 2>/dev/null | grep 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'` ; \ if [ -z "$$http_post" ] ; then echo " $$x: Missing HTTP-POST binding." | sed 's/.*/[1;31m&[0m/' ; fi ; \ mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \ if [ -z "$$mdui_DisplayName" ] ; then echo " $$x: Missing mdui:DisplayName." | sed 's/.*/[1;31m&[0m/' ; fi ; \ mdui_InformationURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/InformationURL" - 2>/dev/null | grep 'InformationURL'` ; \ if [ -z "$$mdui_InformationURL" ] ; then echo " $$x: Missing mdui:InformationURL." | sed 's/.*/[1;31m&[0m/' ; fi ; \ tech_contact=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson[@contactType='technical']" - 2>/dev/null | grep 'EmailAddress'` ; \ if [ -z "$$tech_contact" ] ; then echo " $$x: Missing ContactPerson contactType='technical'." | sed 's/.*/[1;31m&[0m/' ; fi ; \ fi ; \ done testEduGAINchecks: @echo "Checking for attributes not allowed in entities exported to eduGAIN" @for x in `grep -l SPSSODescriptor swamid-edugain/*` ; do \ if ( grep -q "AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" $$x ); then \ echo " $$x: AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" not allowed"; \ fi ; \ done @for x in `ls swamid-edugain/*` ; do \ sed 's;\(</*\)[a-z0-9]*:;\1;g' $$x | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Organization/OrganizationName' - 2>/dev/null | grep -vq "^$$" || echo " $$x missing OrganizationName" | sed 's/.*/[1;31m&[0m/' ; \ sed 's;\(</*\)[a-z0-9]*:;\1;g' $$x | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Organization/OrganizationDisplayName' - 2>/dev/null | grep -vq "^$$" || echo " $$x missing OrganizationDisplayName" | sed 's/.*/[1;31m&[0m/' ; \ sed 's;\(</*\)[a-z0-9]*:;\1;g' $$x | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Organization/OrganizationURL' - 2>/dev/null | grep -vq "^$$" || echo " $$x missing OrganizationURL" | sed 's/.*/[1;31m&[0m/' ; \ done testMDUI: @echo "Checking for uniq IdP MDUI DisplayName" @for lang in `find $(SRCDIRS) -name \*.xml -exec cat {} \; | sed -n 's/.*xml:lang="\([^"]*\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor/Extensions/UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ ]*//;s/[ ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^; $$x $$lang ;" | sed 's/.*/[1;31m&[0m/' ; done | sort -k 3 | uniq -d -f 2 ; done | grep . && exit 1 || true testALlevel: @echo "Check for IdP:s with AL3" @for x in `grep -rl http://www.swamid.se/policy/assurance/al3 $(SRCDIRS)`; do \ if ! grep -q http://www.swamid.se/policy/assurance/al2 $$x ; then echo " [1;31m$$x missing AL2 in assurance-certification[0m" ; fi ; \ if [ ! "$$(awk '$$1 > 2 && $$2 == "'$$x'" {print $$2}' MaxALofIDP.txt)" == "$$x" ]; then echo " [1;31m$$x missing in MaxALofIDP.txt verify with SWAMID-Policy and update efter that![0m" ; fi ; \ done @echo "Check for IdP:s with AL2" @for x in `grep -rl http://www.swamid.se/policy/assurance/al2 $(SRCDIRS)`; do \ if ! grep -q http://www.swamid.se/policy/assurance/al1 $$x ; then echo " [1;31m$$x missing AL1 in assurance-certification[0m" ; fi ; \ if [ ! "$$(awk '$$1 > 1 && $$2 == "'$$x'" {print $$2}' MaxALofIDP.txt)" == "$$x" ]; then echo " [1;31m$$x missing in MaxALofIDP.txt verify with SWAMID-Policy and update efter that![0m" ; fi ; \ done @echo "Check for IdP:s with AL1" @for x in `grep -rl http://www.swamid.se/policy/assurance/al1 $(SRCDIRS)`; do \ if [ ! "$$(awk '$$1 > 0 && $$2 == "'$$x'" {print $$2}' MaxALofIDP.txt)" == "$$x" ]; then echo " [1;31m$$x missing in MaxALofIDP.txt verify with SWAMID-Policy and update efter that![0m" ; fi ; \ done @echo Fixa så att vi kollar!!!!! testBadStrings: @echo "Check for bad strings in metadata" @for x in `find $(SRCDIRS) -name \*.xml`; do grep -E 'ServiceName xml:lang="[^"]*"/>' $$x | sed 's/^/ /' ; done | grep . && exit 1 || exit 0 @for x in $(SRCDIRS); do grep -n '/>' $$x/*.xml | grep -v '<.* .*/>' ; done | grep . && exit 1 || exit 0 testRegistrationAuthority: @echo "Check for registrationAuthority="http://www.swamid.se/" in EntityDescriptor/Extensions" @for x in `find $(SRCDIRS) -name \*.xml`; do \ if ! cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions" - 2>/dev/null | grep -qE 'registrationAuthority="http://www.swamid.se/"|registrationAuthority="http://www.swamid.se/loop"' ; then \ echo " $$x" | sed 's/.*/[1;31m&[0m/' ;\ fi;\ done | grep . && exit 1 || exit 0 checkInvalidChars: @echo "Check for invalid characters" @for x in `find $(SRCDIRS) -name \*.xml`; do \ if grep -q " " $$x ; then \ echo " $$x" | sed 's/.*/[1;31m&[0m/' ;\ fi;\ done | grep . && exit 1 || exit 0 checkUKalgorithms: @echo "Check for invalid algorithms in swamid-edugain" @xsltproc --xinclude xslt/check_uk_algorithms.xsl swamid-edugain/* | sed 's/.*/[1;31m&[0m/' | grep . && exit 1 || exit 0 @xsltproc --xinclude xslt/check_algsupport.xsl swamid-edugain/* | sed 's/.*/[1;31m&[0m/' | grep . && exit 1 || exit 0 test: $(EDUGAINXML) $(SWAMID20XML) testMDUI testALlevel testEduGAINchecks testRefedsRnS testBadStrings testRegistrationAuthority checkInvalidChars checkUKalgorithms .time/%.time: swamid-edugain/%.xml @xsltproc --stringparam regDate $(NOW) xslt/add-rpi.xsl $< > $<.c && mv $<.c $< @xsltproc xslt/clean-entitydescriptor.xsl $< > $<.c && mv $<.c $< @xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $< 2>&1 @echo $< done @touch -r $< $@ .time/%.time: swamid-2.0/%.xml @xsltproc --stringparam regDate $(NOW) xslt/add-rpi.xsl $< > $<.c && mv $<.c $< @xsltproc xslt/clean-entitydescriptor.xsl $< > $<.c && mv $<.c $< @xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $< 2>&1 @echo $< done @touch -r $< $@ commit: test @git diff --color || true @echo ; echo -n "Run 'git commit -av'? [Y/n/skip] " ; read x ; case $$x in "Y"|"y"|"") git commit -av ;; s|skip) ;; *) exit 1 ;; esac @git status -u @echo "Checking for not committed files in swamid-*/" ; if git status --porcelain --ignored | awk '{print $$2}' | egrep "^swamid-edugain|^swamid-2.0/" | sed 's/^/ /' | grep . ; then echo "Not committed files in swamid-*/, aborting" ; exit 1 ; fi