From 3a9ddeaafe2aa3c683e01a56d37bd06bcf94e762 Mon Sep 17 00:00:00 2001 From: Tom Scavo Date: Sun, 5 Mar 2017 11:41:27 -0500 Subject: [PATCH] Refactor main processing loop for readability --- bin/check_idp_error_urls.sh | 150 ++++++++++++++++++++++++------------ 1 file changed, 101 insertions(+), 49 deletions(-) diff --git a/bin/check_idp_error_urls.sh b/bin/check_idp_error_urls.sh index 51eb40d..b172ad6 100755 --- a/bin/check_idp_error_urls.sh +++ b/bin/check_idp_error_urls.sh @@ -16,7 +16,7 @@ # limitations under the License. ####################################################################### -script_version="0.4" +script_version="0.5" user_agent_string="Check IdP Error URLs ${script_version}" ####################################################################### @@ -261,7 +261,6 @@ done connect_timeout_default=2 # output filenames -NO_IDP_ROLE_FILENAME="entities-no-idp-role.txt" NO_ERROR_URL_FILENAME="idps-no-error-url.txt" IDP_ERROR_URL_LOG_FILENAME="idp-error-url-log.txt" IDP_NAMES_FILENAME="idp-names.txt" @@ -461,14 +460,13 @@ fi $verbose_mode && printf "$script_name processing temp input file: %s\n" "$IN_FILE" ##################################################################### -# Helper functions +# Output functions ##################################################################### init_out_files () { $DO_NOT_PRINT_FILES && return # output files - NO_IDP_ROLE_FILE="$OUT_DIR/$NO_IDP_ROLE_FILENAME" NO_ERROR_URL_FILE="$OUT_DIR/$NO_ERROR_URL_FILENAME" IDP_ERROR_URL_LOG_FILE="$OUT_DIR/$IDP_ERROR_URL_LOG_FILENAME" IDP_NAMES_FILE="$OUT_DIR/$IDP_NAMES_FILENAME" @@ -476,7 +474,6 @@ init_out_files () { COMPATIBILITY_SCRIPT_FILE="$OUT_DIR/$COMPATIBILITY_SCRIPT_FILENAME" # clean up from last time if necessary - /bin/rm -f "$NO_IDP_ROLE_FILE" /bin/rm -f "$NO_ERROR_URL_FILE" /bin/rm -f "$IDP_ERROR_URL_LOG_FILE" /bin/rm -f "$IDP_NAMES_FILE" @@ -495,7 +492,6 @@ init_out_files () { MD_PATH=$md_path MDQ_BASE_URL=$mdq_base_url # output files - NO_IDP_ROLE_FILE=$NO_IDP_ROLE_FILE NO_ERROR_URL_FILE=$NO_ERROR_URL_FILE IDP_ERROR_URL_LOG_FILE=$IDP_ERROR_URL_LOG_FILE IDP_NAMES_FILE=$IDP_NAMES_FILE @@ -513,15 +509,6 @@ print_idp_names_logfile () { printf "%s\n" "$names" >> "$IDP_NAMES_FILE" } -print_no_idp_role_logfile () { - $DO_NOT_PRINT_FILES && return - - local entityID=$1 - local registrarID=$2 - - printf "%s %s\n" "$entityID" "$registrarID" >> "$NO_IDP_ROLE_FILE" -} - print_no_error_url_logfile () { $DO_NOT_PRINT_FILES && return @@ -540,6 +527,95 @@ print_idp_error_url_logfile () { printf "%s %s\n" "$entityID" "$registrarID" >> "$IDP_ERROR_URL_LOG_FILE" } +##################################################################### +# Helper functions +##################################################################### + +# depends on: +# md_tools.sh +# http_tools.sh +# extract_entity.xsl +# +get_entity_descriptor () { + + local status_code + + # get entity metadata for this entityID + if $md_file_mode; then + entityDescriptor=$( getEntityFromFile -f "$md_path" $entityID ) + else + entityDescriptor=$( getEntityFromServer -T "$tmp_dir" -u "$mdq_base_url" $entityID ) + fi + status_code=$? + if [ "$status_code" -ne 0 ]; then + echo "ERROR: $FUNCNAME: unable to obtain metadata for entity: $entityID" >&2 + [ "$status_code" -gt 1 ] && return 3 + return 1 + fi + + return 0 +} + +# depends on: +# md_tools.sh +# entity_endpoints_txt.xsl +# entity_idp_names_txt.xsl +# +parse_entity_descriptor () { + + local status_code + local names + + # short-circuit if this entity is not an IdP + if ! echo "$entityDescriptor" | $_GREP -Eq '<(md:)?IDPSSODescriptor '; then + echo "WARNING: $FUNCNAME: entity is not an IdP: $entityID" >&2 + return 1 + fi + + # list all the IdP SSO endpoints in the entity descriptor + endpoints=$( echo "$entityDescriptor" \ + | listEndpoints \ + | filterEndpoints -r IDPSSODescriptor -t SingleSignOnService + ) + status_code=$? + if [ "$status_code" -ne 0 ]; then + echo "ERROR: $FUNCNAME: unable to obtain IdP SSO endpoints for entity: $entityID" >&2 + return 3 + fi + + # every IdP MUST have at least one SSO endpoint + if [ -z "$endpoints" ]; then + echo "ERROR: $FUNCNAME: entity has no IdP SSO endpoints: $entityID" >&2 + return 4 + fi + + # extract the IdP names (for logging purposes) + names=$( echo "$entityDescriptor" | extractIdPNames ) + status_code=$? + if [ "$status_code" -ne 0 ]; then + echo "ERROR: $FUNCNAME: unable to obtain IdP names for entity: $entityID" >&2 + return 5 + fi + + # to be removed (but this will require major refactoring) + print_idp_names_logfile "$names" + + # IdP mdui:DisplayName + displayName=$( echo "$names" | $_CUT -f2 ) + [ -z "$displayName" ] && displayName=NULL + + # md:OrganizationName is best for metadata registered by InCommon + # (admittedly, should be using md:OrganizationDisplayName instead) + orgName=$( echo "$names" | $_CUT -f3 ) + [ -z "$orgName" ] && orgName=NULL + + # mdrpi:RegistrationInfo/@registrationAuthority + registrarID=$( echo "$names" | $_CUT -f5 ) + [ -z "$registrarID" ] && registrarID=NULL + + return 0 +} + ##################################################################### # Main processing ##################################################################### @@ -560,47 +636,23 @@ $verbose_mode && printf "$script_name using curl opts: %s\n" "$curl_opts" # iterate over all entityIDs in the file /bin/cat $IN_FILE | while read entityID; do - # get the entity descriptor for this entityID - if $md_file_mode; then - entityDescriptor=$( getEntityFromFile -f "$md_path" $entityID ) - else - entityDescriptor=$( getEntityFromServer -T "$TMP_DIR" -u "$mdq_base_url" $entityID ) - fi - return_code=$? - if [ "$return_code" -ne 0 ]; then - echo "ERROR: $script_name: unable to obtain metadata for entityID: $entityID" >&2 - [ "$return_code" -gt 1 ] && exit 1 - continue - fi + # if status_code > 1, a fatal error occurred - # extract the registrar ID from the entity descriptor - registrarID=$( echo "$entityDescriptor" \ - | $_GREP -F -m 1 ' registrationAuthority=' \ - | $_SED -e 's/^.* registrationAuthority="\([^"]*\)".*$/\1/' - ) - - # if there is no registrar ID, work around it and continue processing - if [ -z "$registrarID" ]; then - registrarID=NULL - fi - - # short-circuit the while-loop if this is not an IdP - if ! echo "$entityDescriptor" | $_GREP -Fq 'IDPSSODescriptor '; then - print_no_idp_role_logfile "$entityID" "$registrarID" - echo "WARNING: $script_name: entity is not an IdP: $entityID" >&2 + # get entity metadata + get_entity_descriptor + status_code=$? + if [ "$status_code" -ne 0 ]; then + [ "$status_code" -gt 1 ] && exit "$status_code" continue fi - # extract the IdP names and print them to a file - names=$( echo "$entityDescriptor" \ - | /usr/bin/xsltproc $LIB_DIR/extract_IdP_names.xsl - - ) + # parse entity metadata + parse_entity_descriptor status_code=$? if [ "$status_code" -ne 0 ]; then - echo "ERROR: $script_name: unable to extract IdP names for entityID: $entityID" >&2 + [ "$status_code" -gt 1 ] && exit "$status_code" continue fi - print_idp_names_logfile "$names" # extract the errorURL from the entity descriptor errorURL=$( echo "$entityDescriptor" \ @@ -628,4 +680,4 @@ $verbose_mode && printf "$script_name using curl opts: %s\n" "$curl_opts" print_idp_error_url_logfile "$g" done -exit 0 +exit