add asynchronous metadata processing tool

bin/Makefile.am

-bin_SCRIPTS = access-check-manager.pl
+bin_SCRIPTS = access-check-manager.pl update-metadata
 
 www_SCRIPTS = access-check-manager.cgi
 
@@ -13,6 +13,13 @@ access-check-manager.pl: Makefile access-check-manager.pl.in
 		< $(srcdir)/$@.in > $@
 	chmod +x $@
 
+update-metadata: Makefile update-metadata.in
+	sed \
+		-e 's|[@]modulesdir[@]|$(modulesdir)|' \
+		-e 's|[@]confdir[@]|$(confdir)|' \
+		< $(srcdir)/$@.in > $@
+	chmod +x $@
+
 access-check-manager.cgi: Makefile access-check-manager.cgi.in
 	sed \
 		-e 's|[@]modulesdir[@]|$(modulesdir)|' \

bin/update-metadata.in

+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use lib qw(@modulesdir@);
+
+use Config::Tiny;
+use English qw(-no_match_vars);
+use File::Temp;
+use Getopt::Long qw(:config auto_help);
+use List::MoreUtils qw(uniq);
+use LWP::UserAgent;
+use Pod::Usage;
+
+use AccountManager::DB;
+use AccountManager::Metadata;
+use AccountManager::ServiceProvider;
+
+my %options;
+GetOptions(
+    \%options,
+    'configuration=s',
+    'verbose',
+) or pod2usage(
+    -message => "unknown option, aborting\n",
+    -verbose => 0
+);
+
+my $configuration_file =
+    $options{configuration} || '@confdir@/manager.conf';
+my $configuration = Config::Tiny->read($configuration_file);
+if (!$configuration) {
+    die Config::Tiny->errstr() . "\n";
+}
+
+AccountManager::DB->register_db(
+    driver   => $configuration->{database}->{type},
+    database => $configuration->{database}->{name},
+    host     => $configuration->{database}->{host},
+    password => $configuration->{database}->{password},
+    username => $configuration->{database}->{username},
+    options  => [ split(/, */, $configuration->{database}->{options}) ]
+);
+
+my $db = AccountManager::DB->new();
+
+my $ua = LWP::UserAgent->new();
+
+$db->begin_work();
+
+AccountManager::ServiceProvider->delete_service_providers(all => 1);
+
+my %seen;
+foreach my $id (split(/, */, $configuration->{groups}->{list})) {
+    my $spec = $configuration->{$id};
+    next unless $spec->{type} eq 'metadata';
+    print "processing federation $id\n" if $options{verbose};
+    my $file = File::Temp->new();
+
+    print "downloading metadata from url $spec->{url}\n" if $options{verbose};
+    my $response = $ua->get($spec->{url}, ':content_file' => $file->filename());
+    if (!$response->is_success()) {
+        $db->rollback();
+        die "failed to download federation metadata: " . $response->status_line();
+    }
+
+    my $metadata;
+    eval {
+        $metadata = AccountManager::Metadata->new(
+            file => $file
+        );
+    };
+    if ($EVAL_ERROR) {
+        $db->rollback();
+        die "failed to load federation metadata: $EVAL_ERROR";
+    }
+
+    print "parsing metadata from file $file\n" if $options{verbose};
+    my $entities;
+    eval {
+       $entities = $metadata->parse(type => 'sp');
+    };
+    if ($EVAL_ERROR) {
+        $db->rollback();
+        die "failed to parse federation metadata: $EVAL_ERROR";
+    }
+
+    foreach my $entry (@$entities) {
+        # avoid duplicates
+        next if $seen{$entry->{entityid}}++;
+
+        my $entity = AccountManager::ServiceProvider->new(
+            db           => $db,
+            entityid     => $entry->{entityid},
+            displayname  => $entry->{display_name},
+            url          => $entry->{url},
+        );
+
+        $entity->contacts(uniq map { $_->{EmailAddress} } @{$entry->{contacts}})
+            if $entry->{contacts};
+
+        $entity->save();
+    }
+}
+
+$db->commit();
+
+__END__
+
+=head1 NAME
+
+update-metadata - Out-of-band metadata processing
+
+=head1 SYNOPSIS
+
+update-metadata [options]
+
+  Options:
+    --configuration <file>
+    --verbose