Refactor main processing loop for readability

InCommon · Mar 5, 2017 · 3a9ddea · 3a9ddea
1 parent ba9f3aa
commit 3a9ddea
Showing 1 changed file with 101 additions and 49 deletions.
diff --git a/bin/check_idp_error_urls.sh b/bin/check_idp_error_urls.sh
@@ -16,7 +16,7 @@
 # limitations under the License.
 #######################################################################
 
-script_version="0.4"
+script_version="0.5"
 user_agent_string="Check IdP Error URLs ${script_version}"
 
 #######################################################################
@@ -261,7 +261,6 @@ done
 connect_timeout_default=2
 
 # output filenames
-NO_IDP_ROLE_FILENAME="entities-no-idp-role.txt"
 NO_ERROR_URL_FILENAME="idps-no-error-url.txt"
 IDP_ERROR_URL_LOG_FILENAME="idp-error-url-log.txt"
 IDP_NAMES_FILENAME="idp-names.txt"
@@ -461,22 +460,20 @@ fi
 $verbose_mode && printf "$script_name processing temp input file: %s\n" "$IN_FILE"
 
 #####################################################################
-# Helper functions
+# Output functions
 #####################################################################
 
 init_out_files () {
 	$DO_NOT_PRINT_FILES && return
 
 	# output files
-	NO_IDP_ROLE_FILE="$OUT_DIR/$NO_IDP_ROLE_FILENAME"
 	NO_ERROR_URL_FILE="$OUT_DIR/$NO_ERROR_URL_FILENAME"
 	IDP_ERROR_URL_LOG_FILE="$OUT_DIR/$IDP_ERROR_URL_LOG_FILENAME"
 	IDP_NAMES_FILE="$OUT_DIR/$IDP_NAMES_FILENAME"
 	ERROR_LOG_FILE="$OUT_DIR/$ERROR_LOG_FILENAME"
 	COMPATIBILITY_SCRIPT_FILE="$OUT_DIR/$COMPATIBILITY_SCRIPT_FILENAME"
 
 	# clean up from last time if necessary
-	/bin/rm -f "$NO_IDP_ROLE_FILE"
 	/bin/rm -f "$NO_ERROR_URL_FILE"
 	/bin/rm -f "$IDP_ERROR_URL_LOG_FILE"
 	/bin/rm -f "$IDP_NAMES_FILE"
@@ -495,7 +492,6 @@ init_out_files () {
 	MD_PATH=$md_path
 	MDQ_BASE_URL=$mdq_base_url
 	# output files
-	NO_IDP_ROLE_FILE=$NO_IDP_ROLE_FILE
 	NO_ERROR_URL_FILE=$NO_ERROR_URL_FILE
 	IDP_ERROR_URL_LOG_FILE=$IDP_ERROR_URL_LOG_FILE
 	IDP_NAMES_FILE=$IDP_NAMES_FILE
@@ -513,15 +509,6 @@ print_idp_names_logfile () {
 	printf "%s\n" "$names" >> "$IDP_NAMES_FILE"
 }
 
-print_no_idp_role_logfile () {
-	$DO_NOT_PRINT_FILES && return
-
-	local entityID=$1
-	local registrarID=$2
-
-	printf "%s %s\n" "$entityID" "$registrarID" >> "$NO_IDP_ROLE_FILE"
-}
-
 print_no_error_url_logfile () {
 	$DO_NOT_PRINT_FILES && return
 
@@ -540,6 +527,95 @@ print_idp_error_url_logfile () {
 	printf "%s %s\n" "$entityID" "$registrarID" >> "$IDP_ERROR_URL_LOG_FILE"
 }
 
+#####################################################################
+# Helper functions
+#####################################################################
+
+# depends on:
+#   md_tools.sh
+#   http_tools.sh
+#   extract_entity.xsl
+#
+get_entity_descriptor () {
+
+	local status_code
+
+	# get entity metadata for this entityID
+	if $md_file_mode; then
+		entityDescriptor=$( getEntityFromFile -f "$md_path" $entityID )
+	else
+		entityDescriptor=$( getEntityFromServer -T "$tmp_dir" -u "$mdq_base_url" $entityID )
+	fi
+	status_code=$?
+	if [ "$status_code" -ne 0 ]; then
+		echo "ERROR: $FUNCNAME: unable to obtain metadata for entity: $entityID" >&2
+		[ "$status_code" -gt 1 ] && return 3
+		return 1
+	fi
+
+	return 0
+}
+
+# depends on:
+#   md_tools.sh
+#   entity_endpoints_txt.xsl
+#   entity_idp_names_txt.xsl
+#
+parse_entity_descriptor () {
+
+	local status_code
+	local names
+
+	# short-circuit if this entity is not an IdP
+	if ! echo "$entityDescriptor" | $_GREP -Eq '<(md:)?IDPSSODescriptor '; then
+		echo "WARNING: $FUNCNAME: entity is not an IdP: $entityID" >&2
+		return 1
+	fi
+
+	# list all the IdP SSO endpoints in the entity descriptor
+	endpoints=$( echo "$entityDescriptor" \
+		| listEndpoints \
+		| filterEndpoints -r IDPSSODescriptor -t SingleSignOnService
+	)
+	status_code=$?
+	if [ "$status_code" -ne 0 ]; then
+		echo "ERROR: $FUNCNAME: unable to obtain IdP SSO endpoints for entity: $entityID" >&2
+		return 3
+	fi
+
+	# every IdP MUST have at least one SSO endpoint
+	if [ -z "$endpoints" ]; then
+		echo "ERROR: $FUNCNAME: entity has no IdP SSO endpoints: $entityID" >&2
+		return 4
+	fi
+
+	# extract the IdP names (for logging purposes)
+	names=$( echo "$entityDescriptor" | extractIdPNames )
+	status_code=$?
+	if [ "$status_code" -ne 0 ]; then
+		echo "ERROR: $FUNCNAME: unable to obtain IdP names for entity: $entityID" >&2
+		return 5
+	fi
+
+	# to be removed (but this will require major refactoring)
+	print_idp_names_logfile "$names"
+
+	# IdP mdui:DisplayName
+	displayName=$( echo "$names" | $_CUT -f2 )
+	[ -z "$displayName" ] && displayName=NULL
+
+	# md:OrganizationName is best for metadata registered by InCommon
+	# (admittedly, should be using md:OrganizationDisplayName instead)
+	orgName=$( echo "$names" | $_CUT -f3 )
+	[ -z "$orgName" ] && orgName=NULL
+
+	# mdrpi:RegistrationInfo/@registrationAuthority
+	registrarID=$( echo "$names" | $_CUT -f5 )
+	[ -z "$registrarID" ] && registrarID=NULL
+
+	return 0
+}
+
 #####################################################################
 # Main processing
 #####################################################################
@@ -560,47 +636,23 @@ $verbose_mode && printf "$script_name using curl opts: %s\n" "$curl_opts"
 # iterate over all entityIDs in the file
 /bin/cat $IN_FILE | while read entityID; do
 
-	# get the entity descriptor for this entityID
-	if $md_file_mode; then
-		entityDescriptor=$( getEntityFromFile -f "$md_path" $entityID )
-	else
-		entityDescriptor=$( getEntityFromServer -T "$TMP_DIR" -u "$mdq_base_url" $entityID )
-	fi
-	return_code=$?
-	if [ "$return_code" -ne 0 ]; then
-		echo "ERROR: $script_name: unable to obtain metadata for entityID: $entityID" >&2
-		[ "$return_code" -gt 1 ] && exit 1
-		continue
-	fi
+	# if status_code > 1, a fatal error occurred
 
-	# extract the registrar ID from the entity descriptor
-	registrarID=$( echo "$entityDescriptor" \
-		| $_GREP -F -m 1 ' registrationAuthority=' \
-		| $_SED -e 's/^.* registrationAuthority="\([^"]*\)".*$/\1/'
-	)
-
-	# if there is no registrar ID, work around it and continue processing
-	if [ -z "$registrarID" ]; then
-		registrarID=NULL
-	fi
-
-	# short-circuit the while-loop if this is not an IdP
-	if ! echo "$entityDescriptor" | $_GREP -Fq 'IDPSSODescriptor '; then
-		print_no_idp_role_logfile "$entityID" "$registrarID"
-		echo "WARNING: $script_name: entity is not an IdP: $entityID" >&2
+	# get entity metadata
+	get_entity_descriptor
+	status_code=$?
+	if [ "$status_code" -ne 0 ]; then
+		[ "$status_code" -gt 1 ] && exit "$status_code"
 		continue
 	fi
 
-	# extract the IdP names and print them to a file
-	names=$( echo "$entityDescriptor" \
-		| /usr/bin/xsltproc $LIB_DIR/extract_IdP_names.xsl -
-	)
+	# parse entity metadata
+	parse_entity_descriptor
 	status_code=$?
 	if [ "$status_code" -ne 0 ]; then
-		echo "ERROR: $script_name: unable to extract IdP names for entityID: $entityID" >&2
+		[ "$status_code" -gt 1 ] && exit "$status_code"
 		continue
 	fi
-	print_idp_names_logfile "$names"
 
 	# extract the errorURL from the entity descriptor
 	errorURL=$( echo "$entityDescriptor" \
@@ -628,4 +680,4 @@ $verbose_mode && printf "$script_name using curl opts: %s\n" "$curl_opts"
 	print_idp_error_url_logfile "$g"
 done
 
-exit 0
+exit