projects / shibboleth / cpp-sp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update libcurl filenames and GUIDs
[shibboleth/cpp-sp.git] / configs / metagen.sh
1 #!/usr/bin/env bash
2
3 DECLS=1
4
5 SAML1=0
6 SAML2=0
7 ARTIFACT=0
8 DS=0
9 LOGOUT=0
10 NAMEIDMGMT=0
11
12 SAML10PROT="urn:oasis:names:tc:SAML:1.0:protocol"
13 SAML11PROT="urn:oasis:names:tc:SAML:1.1:protocol"
14 SAML20PROT="urn:oasis:names:tc:SAML:2.0:protocol"
15
16 SAML20SOAP="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
17 SAML20REDIRECT="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
18 SAML20POST="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
19 SAML20POSTSS="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
20 SAML20ART="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
21 SAML20PAOS="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
22
23 SAML1POST="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
24 SAML1ART="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
25
26 while getopts a:c:e:f:h:l:n:o:s:t:u:12ADLNO c
27      do
28          case $c in
29            c)   CERTS[${#CERTS[*]}]=$OPTARG;;
30            e)   ENTITYID=$OPTARG;;
31            f)   FORMATS[${#FORMATS[*]}]=$OPTARG;;
32            h)   HOSTS[${#HOSTS[*]}]=$OPTARG;;
33            l)   HOSTLIST=$OPTARG;;
34            n)   NAKEDHOSTS[${#NAKEDHOSTS[*]}]=$OPTARG;;
35            o)   ORGNAME=$OPTARG;;
36            a)   ADMIN[${#ADMIN[*]}]=$OPTARG;;
37            s)   SUP[${#SUP[*]}]=$OPTARG;;
38            t)   TECH[${#TECH[*]}]=$OPTARG;;
39            u)   URL=$OPTARG;;
40            1)   SAML1=1;;
41            2)   SAML2=1;;
42            A)   ARTIFACT=1;;
43            D)   DS=1;;
44            L)   LOGOUT=1;;
45            N)   NAMEIDMGMT=1;;
46            O)   DECLS=0;;
47            \?)  echo metagen [-12ADLNO] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
48                 exit 1;;
49          esac
50      done
51
52 if [ ${#HOSTS[*]} -eq 0 -a ${#NAKEDHOSTS[*]} -eq 0 ] ; then
53     echo metagen [-12ADLN] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
54     exit 1
55 fi
56
57 if [ ${#CERTS[*]} -eq 0 ] ; then
58     CERTS[${#CERTS[*]}]=sp-cert.pem
59 fi
60
61 for c in ${CERTS[@]}
62 do
63     if  [ ! -s $c ] ; then
64         echo Certificate file $c does not exist! 
65         exit 2
66     fi
67 done
68
69 if [ -z $ENTITYID ] ; then
70     if [ ${#HOSTS[*]} -eq 0 ] ; then
71         ENTITYID=https://${NAKEDHOSTS[0]}/shibboleth
72     else
73         ENTITYID=https://${HOSTS[0]}/shibboleth
74     fi
75 fi
76
77 if [ -s $HOSTLIST ] ; then
78     while read h
79     do
80         HOSTS[${#HOSTS[@]}]=$h
81     done <$HOSTLIST
82 else
83     echo File with list of hostnames $l does not exist! 
84     exit 2
85 fi
86
87 # Establish protocols and bindings.
88
89 if [ $SAML1 -eq 0 -a $SAML2 -eq 0 ] ; then
90     SAML1=1
91     SAML2=1
92 fi
93
94 if [ $LOGOUT -eq 1 -o $NAMEIDMGMT -eq 1 ] ; then
95     SAML2=1
96     SLO[${#SLO[*]}]=$SAML20SOAP
97     SLO[${#SLO[*]}]=$SAML20REDIRECT
98     SLO[${#SLO[*]}]=$SAML20POST
99     SLOLOC[${#SLOLOC[*]}]="SOAP"
100     SLOLOC[${#SLOLOC[*]}]="Redirect"
101     SLOLOC[${#SLOLOC[*]}]="POST"
102     if [ $ARTIFACT -eq 1 ] ; then
103         SLO[${#SLO[*]}]=$SAML20ART
104         SLOLOC[${#SLOLOC[*]}]="Artifact"
105     fi
106 fi
107
108 if [ $SAML1 -eq 1 -a $SAML2 -eq 1 ] ; then
109     PROTENUM="$SAML20PROT $SAML11PROT"
110 elif [ $SAML1 -eq 1 ] ; then
111     PROTENUM="$SAML11PROT"
112 else
113     PROTENUM="$SAML20PROT"
114 fi
115
116 if [ $SAML2 -eq 1 ] ; then
117     ACS[${#ACS[*]}]=$SAML20POST
118     ACSLOC[${#ACSLOC[*]}]="SAML2/POST"
119     ACS[${#ACS[*]}]=$SAML20POSTSS
120     ACSLOC[${#ACSLOC[*]}]="SAML2/POST-SimpleSign"
121     if [ $ARTIFACT -eq 1 ] ; then
122         ACS[${#ACS[*]}]=$SAML20ART
123         ACSLOC[${#ACSLOC[*]}]="SAML2/Artifact"
124     fi
125     ACS[${#ACS[*]}]=$SAML20PAOS
126     ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
127 fi
128
129 if [ $SAML1 -eq 1 ] ; then
130     ACS[${#ACS[*]}]=$SAML1POST
131     ACSLOC[${#ACSLOC[*]}]="SAML/POST"
132     if [ $ARTIFACT -eq 1 ] ; then
133         ACS[${#ACS[*]}]=$SAML1ART
134         ACSLOC[${#ACSLOC[*]}]="SAML/Artifact"
135     fi
136 fi
137
138 if [ $DECLS -eq 1 ] ; then
139     DECLS="xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" "
140     if [ $DS -eq 1 ] ; then
141         DECLS="${DECLS}xmlns:disco=\"urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol\" "
142     fi
143 else
144     DECLS=""
145 fi
146
147 cat <<EOF
148 <md:EntityDescriptor ${DECLS}entityID="${ENTITYID}">
149   <md:SPSSODescriptor protocolSupportEnumeration="${PROTENUM}">
150 EOF
151
152 # Discovery BEGIN
153 if [ $DS -eq 1 ] ; then
154
155 cat << EOF
156     <md:Extensions>
157 EOF
158
159 count=1
160 for h in ${HOSTS[@]}
161 do
162   cat << EOF
163       <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://$h/Shibboleth.sso/DS" index="$count"/>
164 EOF
165   let "count++"
166 done
167
168 for h in ${NAKEDHOSTS[@]}
169 do
170   cat << EOF
171       <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://$h/Shibboleth.sso/DS" index="$count"/>
172 EOF
173   let "count++"
174 done
175
176 cat << EOF
177     </md:Extensions>
178 EOF
179
180 fi
181 # Discovery END
182
183 for c in ${CERTS[@]}
184 do
185 cat << EOF
186     <md:KeyDescriptor>
187       <ds:KeyInfo>
188         <ds:X509Data>
189           <ds:X509Certificate>
190 EOF
191 grep -v ^- $c
192 cat << EOF
193           </ds:X509Certificate>
194         </ds:X509Data>
195       </ds:KeyInfo>
196     </md:KeyDescriptor>
197 EOF
198 done
199
200 for f in ${FORMATS[@]}
201 do
202 cat << EOF
203     <md:NameIDFormat>$f</md:NameIDFormat>
204 EOF
205 done
206
207 # Logout BEGIN
208 if [ $LOGOUT -eq 1 ] ; then
209
210 for h in ${HOSTS[@]}
211 do
212   count=0
213   while [ $count -lt ${#SLO[*]} ]
214   do
215     cat <<EOF
216     <md:SingleLogoutService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
217 EOF
218     let "count++"
219   done
220 done
221
222 for h in ${NAKEDHOSTS[@]}
223 do
224   count=0
225   while [ $count -lt ${#SLO[*]} ]
226   do
227     cat <<EOF
228     <md:SingleLogoutService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/SLO/${SLOLOC[$count]}"/>
229 EOF
230     let "count++"
231   done
232 done
233
234 fi
235 # Logout END
236
237 # NameID Mgmt BEGIN
238 if [ $NAMEIDMGMT -eq 1 ] ; then
239
240 for h in ${HOSTS[@]}
241 do
242   count=0
243   while [ $count -lt ${#SLO[*]} ]
244   do
245     cat <<EOF
246     <md:ManageNameIDService Binding="${SLO[$count]}" Location="https://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
247 EOF
248     let "count++"
249   done
250 done
251
252 for h in ${NAKEDHOSTS[@]}
253 do
254   count=0
255   while [ $count -lt ${#SLO[*]} ]
256   do
257     cat <<EOF
258     <md:ManageNameIDService Binding="${SLO[$count]}" Location="http://$h/Shibboleth.sso/NIM/${SLOLOC[$count]}"/>
259 EOF
260     let "count++"
261   done
262 done
263
264 fi
265 # NameID Mgmt END
266
267 index=0
268 for h in ${HOSTS[@]}
269 do
270   count=0
271   while [ $count -lt ${#ACS[*]} ]
272   do
273     cat <<EOF
274     <md:AssertionConsumerService Binding="${ACS[$count]}" Location="https://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
275 EOF
276     let "count++"
277     let "index++"
278   done
279 done
280
281 for h in ${NAKEDHOSTS[@]}
282 do
283   count=0
284   while [ $count -lt ${#ACS[*]} ]
285   do
286     cat <<EOF
287     <md:AssertionConsumerService Binding="${ACS[$count]}" Location="http://$h/Shibboleth.sso/${ACSLOC[$count]}" index="$((index+1))"/>
288 EOF
289     let "count++"
290     let "index++"
291   done
292 done
293
294 cat <<EOF 
295   </md:SPSSODescriptor>
296 EOF
297
298 if [ -n "$ORGNAME" ] ; then
299   if [ -z "$URL" ] ; then
300     URL=$ENTITYID
301   fi
302   cat <<EOF
303   <md:Organization>
304     <md:OrganizationName xml:lang="en">$ORGNAME</md:OrganizationName>
305     <md:OrganizationDisplayName xml:lang="en">$ORGNAME</md:OrganizationDisplayName>
306     <md:OrganizationURL xml:lang="en">$URL</md:OrganizationURL>
307   </md:Organization>
308 EOF
309 fi
310
311 count=${#ADMIN[*]}
312 for (( i=0; i<count; i++ ))
313 do
314   IFS="/"; declare -a c=(${ADMIN[$i]})
315   cat <<EOF
316   <md:ContactPerson contactType="administrative">
317     <md:GivenName>${c[0]}</md:GivenName>
318     <md:SurName>${c[1]}</md:SurName>
319     <md:EmailAddress>${c[2]}</md:EmailAddress>
320   </md:ContactPerson>
321 EOF
322 done
323
324 count=${#SUP[*]}
325 for (( i=0; i<count; i++ ))
326 do
327   IFS="/"; declare -a c=(${SUP[$i]})
328   cat <<EOF
329   <md:ContactPerson contactType="support">
330     <md:GivenName>${c[0]}</md:GivenName>
331     <md:SurName>${c[1]}</md:SurName>
332     <md:EmailAddress>${c[2]}</md:EmailAddress>
333   </md:ContactPerson>
334 EOF
335 done
336
337 count=${#TECH[*]}
338 for (( i=0; i<count; i++ ))
339 do
340   IFS="/"; declare -a c=(${TECH[$i]})
341   cat <<EOF
342   <md:ContactPerson contactType="technical">
343     <md:GivenName>${c[0]}</md:GivenName>
344     <md:SurName>${c[1]}</md:SurName>
345     <md:EmailAddress>${c[2]}</md:EmailAddress>
346   </md:ContactPerson>
347 EOF
348 done
349
350 cat <<EOF 
351 </md:EntityDescriptor>
352
353 EOF
Unnamed repository; edit this file 'description' to name the repository.