blob: 44131729827d2ca1a45e088c9e6efcc578aed642 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
KEY=/opt/swamid-credentials/swamid-signer.key
CERT=/opt/swamid-credentials/swamid-signer.crt
PASS=$(shell cat /opt/swamid-credentials/swamid-signer-pass.txt)
DEST=/opt/published-metadata
SRCDIRS=swamid-1.0 swamid-2.0 nya-1.0
DAYS:=1
DATE=$(shell perl scripts/expiration_date.pl $(DAYS))
RPI=false
CONTACTS=false
TOU=true
ORG=true
TRANSFORM=xslt/normalize.xsl
XSLTDEFS := --stringparam org $(ORG) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE)
all: update clean sign clean
update:
# @svn up -q
keys: $(KEY) $(CERT)
MXML=$(shell echo *.mxml)
sign: keys swamid nocache nya nya-testing swamid-testing swamid-testing-idp upstream projects swamid-ki-sll
%.sig: %.mxml
xsltproc $(XSLTDEFS) --xinclude $(TRANSFORM) $< > $*.n
xsltproc $(XSLTDEFS) --xinclude xslt/sign.xsl $*.n > $*.tbs
xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --output $@ $*.tbs
xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $@
rm -f $*.tbs $*.n
%.pub: %.sig
samlsign -c $(CERT) -f $< && xmllint --c14n $< > $(DEST)/$*.xml
#xmllint --c14n --nowarning --path schema --schema schema.xsd $< > $(DEST)/$*.xml
rm -f $<
upstream: edugain kalmar
kalmar:
$(MAKE) RPI=false CONTACTS=false swamid-kalmar-1.0.pub swamid-kalmar-testing-1.0.pub
edugain:
$(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub
nocache:
$(MAKE) swamid-1.0-nocache.pub
projects:
$(MAKE) RPI=false CONTACTS=false TOU=false ORG=false swamid-fiv-test.pub
aggregate: swamid-externals swamid-interfederations
swamid-externals: swamid-externals1 swamid-externals2
swamid-externals1:
scripts/aggregate.sh swamid-externals-1.0
swamid-externals2:
scripts/aggregate.sh swamid-externals-2.0
swamid-interfederations: swamid-interfederations1 swamid-interfederations2
swamid-interfederations1:
scripts/aggregate.sh swamid-interfederations-1.0
swamid-interfederations2:
scripts/aggregate.sh swamid-interfederations-2.0
swamid: swamid1 swamid2 swamid-no-interfederation-combined swamid-discovery swamid-idp swamid-idp-transitive publish
publish: swamid-tou-en.txt swamid-tou-sv.txt HEADER.html README.html
cp swamid-tou-en.txt swamid-tou-sv.txt sunet-swamid.png HEADER.html README.html $(DEST)
swamid1:
@saml-md-tool swamid-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
@test -s swamid-1.0.xml && cp swamid-1.0.xml $(DEST)
swamid2-deps: swamid-sp-1.0.xml swamid-idp-1.0.xml swamid-externals-sp-2.0.xml swamid-interfederations-idp-2.0.xml
swamid2: swamid2-deps
@saml-md-tool swamid-2.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
@test -s swamid-2.0.xml && cp swamid-2.0.xml $(DEST)
swamid-sp-1.0.xml:
@xsltproc --xinclude xslt/extract-non-idp.xslt swamid-1.0.mxml > swamid-sp-1.0.xml
swamid-idp-1.0.xml:
@xsltproc --xinclude xslt/extract-idp.xslt swamid-1.0.mxml > swamid-idp-1.0.xml
swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml
@xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml
swamid-externals-sp-2.0.xml: swamid-externals-2.0.mxml
@xsltproc --xinclude xslt/extract-non-idp.xslt swamid-externals-2.0.mxml > swamid-externals-sp-2.0.xml
swamid-no-interfederation-combined: swamid2-deps
@saml-md-tool swamid-no-interfederation-combined update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
@test -s swamid-no-interfederation-combined.xml && cp swamid-no-interfederation-combined.xml $(DEST)
swamid-discovery: swamid2-deps
@saml-md-tool swamid-discovery update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
@test -s swamid-discovery.xml && cp swamid-discovery.xml $(DEST)
swamid-idp: swamid2-deps
@saml-md-tool swamid-idp update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
test -s swamid-idp.xml && cp swamid-idp.xml $(DEST)
swamid-idp-transitive: swamid2-deps
@saml-md-tool swamid-idp-transitive update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS) --days=$(DAYS)
test -s swamid-idp-transitive.xml && cp swamid-idp-transitive.xml $(DEST)
nya:
@saml-md-tool nya-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
@test -s nya-1.0.xml && cp nya-1.0.xml $(DEST)
nya-testing:
@saml-md-tool nya-1.0-testing update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
@test -s nya-1.0-testing.xml && cp nya-1.0-testing.xml $(DEST)
swamid-testing:
@saml-md-tool swamid-testing-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
@test -s swamid-testing-1.0.xml && cp swamid-testing-1.0.xml $(DEST)
swamid-testing-idp:
@saml-md-tool swamid-testing-idp-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
@test -s swamid-testing-idp-1.0.xml && cp swamid-testing-idp-1.0.xml $(DEST)
swamid-ki-sll:
@saml-md-tool swamid-ki-sll-1.0 update --key=$(KEY) --cert=$(CERT) --pwd=$(PASS)
@test -s swamid-ki-sll-1.0.xml && cp swamid-ki-sll-1.0.xml $(DEST)
test: clean swamid2-deps
@for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1 ; done | sed 's/fails to validate/[1;31m&[0m/;s/validates/[1;32m&[0m/'
@for x in $(MXML); do xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x > /dev/null 2>&1 || exit 1 ; done
clean:
@rm -f *.xml *.tbs *.n
tidy:
@for x in `find $(SRCDIRS) -name \*.xml`; do xsltproc xslt/clean-entitydescriptor.xsl $$x > $$x.c && mv $$x.c $$x; done
commit: tidy test
@echo ; echo -n "Run 'git commit -a'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac
@git commit -a
@git status -u
@if git status --porcelain --ignored | awk '{print $2}' | grep ^swamid-2.0/ ; then echo "Untracked files in swamid-2.0/, aborting" ; exit 1 ; fi
@echo ; echo -n "Run 'git push'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac
@git push
|