#!/bin/bash

URL=$1
DIR=$2
CERT=$3

if echo "$DIR" | grep -q "mds.swamid.se" ; then
	publish_name=mds.swamid.se
else
	publish_name=md.swamid.se
fi

TMPF=`mktemp`
curl -s -m 120 -k -L $URL > $TMPF 
if [ $? -ne 0 ]; then 
   echo "Unable to download $URL: $?"
   exit 1
fi
if [ "x$CERT" != "x" ]; then
   xmlsec1 --verify --pubkey-cert-pem $CERT --id-attr:ID  urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor $TMPF
   #samlsign -c $CERT -f $TMPF
   if [ $? -ne 0 ]; then 
      echo "Unable to verify $URL with $CERT: $?"
      exit 1
   fi
fi
TMPD=`mktemp -d`
xsltproc --stringparam output $TMPD xslt/import-metadata.xsl $TMPF
if [ $? -ne 0 ]; then 
   echo "Unable to import metadata from $URL: $?"
   exit 1
fi
rsync -avz $TMPD/ $DIR
(
echo '<?xml version="1.0"?>'
echo "<EntitiesDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:xi=\"http://www.w3.org/2001/XInclude\" Name=\"http://$publish_name/md/$DIR.xml\">"
T=`mktemp`
for md in $DIR/*.xml; do
   xsltproc xslt/clean-entitydescriptor.xsl $md > $T && mv $T $md
   test=`echo $md | cut -d/ -f2-`
   if [ ! -f "swamid-2.0/$test" -a ! -f "swamid-2.0-obsolete/$test" ]; then
      echo "<xi:include href=\"$md\"/>"
   fi
done
rm -f $T
echo "</EntitiesDescriptor>"
) > $DIR.mxml
#git add $DIR.mxml $DIR
#git commit -m "$URL into $DIR" $DIR.mxml $DIR
rm -rf $TMPF $TMPD