get-sps-metadata.sh

#!/bin/bash

eccs_dir="$HOME/eccs"

sp_md_1="$eccs_dir/input/sp_md_1.xml"
sp_md_2="$eccs_dir/input/sp_md_2.xml"
output_file="$eccs_dir/input/sps-metadata.xml"
cert="$eccs_dir/idem-mdx-service-crt.pem"

# Download SPs metadata only if they are changes since last download
curl -o $sp_md_1 "https://mdx.idem.garr.it/edugain/entities/https:%2F%2Fattribute-viewer.aai.switch.ch%2Finterfederation-test%2Fshibboleth"
curl -o $sp_md_2 "https://mdx.idem.garr.it/edugain/entities/https:%2F%2Fsp-demo.idem.garr.it%2Fshibboleth"

# Check the existance of the metadata files
if [ ! -f "$sp_md_1" ] || [ ! -f "$sp_md_2" ]; then
  echo "Error: both files have to exist."
  exit 1
fi

# Remove previous sps-metadata.xml
if [ -f "$output_file" ]; then
   rm $output_file
fi

sp_md_1_is_valid=$(bash $eccs_dir/xmlsectool/xmlsectool.sh --verifySignature --certificate $cert --inFile $sp_md_1 | grep "XML document signature verified." | wc -l)
sp_md_2_is_valid=$(bash $eccs_dir/xmlsectool/xmlsectool.sh --verifySignature --certificate $cert --inFile $sp_md_2 | grep "XML document signature verified." | wc -l)

# Check the validity of both SP metadata files
if [ $sp_md_1_is_valid -eq 0 ] || [ $sp_md_1_is_valid -eq 0 ]; then
  echo "Error: at least one of SP metadata file has an invalid signature."
  exit 1
fi

# Remove XML declaration from both SP Metadata files
sed -i '/<?xml/d' "$sp_md_1"
sed -i '/<?xml/d' "$sp_md_2"

header='<?xml version="1.0" encoding="UTF-8"?>
<md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">'

footer='</md:EntitiesDescriptor>'

# Generation the sps-metadata.xml
echo "$header" > "$output_file"
cat "$sp_md_1" >> "$output_file"
cat "$sp_md_2" >> "$output_file"
echo "$footer" >> "$output_file"

xmllint --format "$output_file" > "$output_file.tmp" && mv "$output_file.tmp" "$output_file"