Skip to content
Permalink
ccd6863590
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

inc-meta/build.xml

Go to file
 
 
Cannot retrieve contributors at this time
1250 lines (1077 sloc) 43.2 KB
Raw Blame
<?xml version="1.0" encoding="UTF-8"?>
<!--
Federation metadata signing process for the UK federation.
* "ant process" generates the other files from the master file, and
signs as appropriate. Requires the keystore password.
* "ant push" sends all files to the remote site, and requires
the remote site password.
-->
<project default="echoproperties" xmlns:if="ant:if" xmlns:unless="ant:unless">
<!--
*******************************************
*** ***
*** P R O P E R T Y S O U R C E S ***
*** ***
*******************************************
-->
<!--
os.family
Distinguish between the general kind of operating systems
we could be executing on.
Values: windows, macosx, linux, other.
-->
<condition property="os.family" value="windows">
<os family="windows"/>
</condition>
<condition property="os.family" value="macosx">
<os family="mac"/>
</condition>
<condition property="os.family" value="linux">
<os family="unix" name="Linux"/>
</condition>
<property name="os.family" value="other"/>
<!--
env
Distinguish between different classes of deployment,
e.g., development vs. production.
Values: dev, preprod, prod, prod-old
Defaults to "dev" here, but that can be overridden from the command
line, a Jenkins job, or in build.properties.
-->
<property name="env" value="dev"/>
<!--
External property files.
Pull in properties from external files. Because Ant properties are
immutable, amy properties declared in this file should be regarded as
defaults, and will be overridden by any definitions in the following
locations:
* on the command line
* in a Jenkins job definition
* in any of the external files listed below
The first location specifying a particular property sets the final value.
The build.properties file is not source controlled, and should be used
to override properties for a particular deployment, or to include
credentials.
-->
<property file="build.properties"/>
<property file="${os.family}.properties"/>
<property file="${env}.properties"/>
<property file="default.properties"/>
<!--
*********************************************
*** ***
*** S E R V E R P R O P E R T I E S ***
*** ***
*********************************************
-->
<!--
Metadata Distribution Service server properties.
-->
<property name="md.dist.host1.name" value="md1.infr.ukfederation.org.uk"/>
<property name="md.dist.host2.name" value="md2.infr.ukfederation.org.uk"/>
<property name="md.dist.host3.name" value="md3.infr.ukfederation.org.uk"/>
<!--
*******************************************************
*** ***
*** F I L E S Y S T E M P R O P E R T I E S ***
*** ***
*******************************************************
-->
<!--
Shared workspace location.
The property shared.ws.dir must be defined in order to locate the shared
workspace used for inputs to and outputs from the tooling. In production,
this location is passed through from the Jenkins job. In the dev environment,
it is assumed (by dev.properties) to be in this repository's parent directory.
-->
<fail unless="shared.ws.dir" message="shared.ws.dir was not defined"/>
<!--
There must be a build directory in the shared workspace.
-->
<fail message="shared workspace ${shared.ws.dir} doesn't contain a build directory">
<condition>
<not>
<available file="${shared.ws.dir}/build" type="dir"/>
</not>
</condition>
</fail>
<!--
External specialised directories.
-->
<property name="entities.dir" value="${shared.ws.dir}/ukf-data/entities"/>
<property name="members.dir" value="${shared.ws.dir}/ukf-data/members"/>
<property name="output.dir" value="${shared.ws.dir}/build"/>
<property name="temp.dir" value="${shared.ws.dir}/build"/>
<!--
Local specialised directories.
-->
<property name="build.dir" value="${basedir}/build"/>
<property name="mdx.dir" value="${basedir}/mdx"/>
<property name="rules.dir" value="${mdx.dir}/_rules"/>
<!--
Location of externally supplied tool bundles.
-->
<property name="tools.dir" value="tools"/>
<property name="tools.ant" value="${tools.dir}/ant"/>
<property name="tools.mda" value="${tools.dir}/aggregator-cli-0.9.1"/>
<property name="tools.mdnorm" value="${tools.dir}/mdnorm"/>
<property name="tools.metadatatool" value="${tools.dir}/metadatatool"/>
<property name="tools.slacktee" value="${tools.dir}/slacktee"/>
<property name="tools.xmlsectool" value="${tools.dir}/xmlsectool-2.0.0"/>
<property name="tools.xalan" value="${tools.dir}/xalan"/>
<!--
Additional ANT task definitions.
-->
<taskdef resource="net/sf/antcontrib/antlib.xml">
<classpath>
<pathelement location="${tools.ant}/lib/ant-contrib-1.0b3.jar"/>
</classpath>
</taskdef>
<!--
There are many separate processing "streams": production, test, export,
fallback, "wayf", and "cdsall".
Each stream has its own unsigned file, as follows:
-->
<property name="mdaggr.prod.unsigned" value="ukfederation-metadata-unsigned.xml"/>
<property name="mdaggr.test.unsigned" value="ukfederation-test-unsigned.xml"/>
<property name="mdaggr.export.unsigned" value="ukfederation-export-unsigned.xml"/>
<property name="mdaggr.export.preview.unsigned"
value="ukfederation-export-preview-unsigned.xml"/>
<property name="mdaggr.back.unsigned" value="ukfederation-back-unsigned.xml"/>
<property name="mdaggr.wayf.unsigned" value="ukfederation-wayf-unsigned.xml"/>
<property name="mdaggr.cdsall.unsigned" value="ukfederation-cdsall-unsigned.xml"/>
<!--
Each stream also has its own signed file, as follows:
-->
<property name="mdaggr.prod.signed" value="ukfederation-metadata.xml"/>
<property name="mdaggr.test.signed" value="ukfederation-test.xml"/>
<property name="mdaggr.export.signed" value="ukfederation-export.xml"/>
<property name="mdaggr.export.preview.signed"
value="ukfederation-export-preview.xml"/>
<property name="mdaggr.back.signed" value="ukfederation-back.xml"/>
<property name="mdaggr.wayf.signed" value="ukfederation-wayf.xml"/>
<property name="mdaggr.cdsall.signed" value="ukfederation-cdsall.xml"/>
<!--
Other files
-->
<property name="mdaggr.stats" value="ukfederation-stats.html"/>
<!--
Verification keystore.
-->
<property name="keystore.uk.vfy.alias" value="ukfederation"/>
<property name="known.hosts" value="${build.dir}/known_hosts"/>
<!--
Java memory requirements.
This is used as the max heap setting for all Java invocations. This amount will
be more than some invocations require, but there's no harm in having a higher
limit for all of them.
-->
<property name="java.max.memory" value="1024m"/>
<!--
Full paths to a couple of temporary file locations.
-->
<property name="temp.xml" value="${temp.dir}/temp.xml"/>
<!--
*************************************************
*** ***
*** E N T R Y P O I N T T A R G E T S ***
*** ***
*************************************************
-->
<!--
****************************************************
*** ***
*** S A M L M D V E R I F I C A T I O N ***
*** ***
****************************************************
-->
<!--
Verify a metadata file held on the master distribution site.
Verification is performed using only xmlsectool. This should be
used when compatibility with the Shibboleth 1.3 IdP is not a
concern.
-->
<macrodef name="VFY.remote">
<attribute name="i"/>
<sequential>
<echo>Verifying @{i}...</echo>
<delete file="${temp.dir}/temp.xml" quiet="true" verbose="false"/>
<get src="@{i}" dest="${temp.dir}/temp.xml"/>
<!--
Verify using xmlsectool.
-->
<XMLSECTOOL.VFY.uk i="${temp.dir}/temp.xml"/>
<!--
Delete the temporary file.
-->
<delete file="${temp.dir}/temp.xml" quiet="true" verbose="false"/>
</sequential>
</macrodef>
<!--
Verify a metadata file held on the master distribution site.
Verification is performed using both metadatatool and xmlsectool.
This should be used when the file being verified must be compatible
with the Shibboleth 1.3 IdP.
-->
<macrodef name="VFY.remote.both">
<attribute name="i"/>
<sequential>
<echo>Verifying @{i}...</echo>
<delete file="${temp.dir}/temp.xml" quiet="true" verbose="false"/>
<get src="@{i}" dest="${temp.dir}/temp.xml"/>
<!--
Verify using metadatatool.
-->
<MDT.VFY.uk i="${temp.dir}/temp.xml"/>
<!--
Verify using xmlsectool.
-->
<XMLSECTOOL.VFY.uk i="${temp.dir}/temp.xml"/>
<!--
Delete the temporary file.
-->
<delete file="${temp.dir}/temp.xml" quiet="true" verbose="false"/>
</sequential>
</macrodef>
<!--
Verify metadata files held on the master distribution site.
-->
<target name="samlmd.aggregates.verify.remote">
<echo>Verifying metadata held at ${md.dist.host1.name}</echo>
<VFY.remote.both i="http://${md.dist.host1.name}/${mdaggr.prod.signed}"/>
<VFY.remote.both i="http://${md.dist.host1.name}/${mdaggr.wayf.signed}"/>
<VFY.remote.both i="http://${md.dist.host1.name}/${mdaggr.cdsall.signed}"/>
<VFY.remote.both i="http://${md.dist.host1.name}/${mdaggr.test.signed}"/>
<VFY.remote.both i="http://${md.dist.host1.name}/${mdaggr.back.signed}"/>
<VFY.remote.both i="http://${md.dist.host1.name}/${mdaggr.export.signed}"/>
<VFY.remote.both i="http://${md.dist.host1.name}/${mdaggr.export.preview.signed}"/>
<echo>Verifying metadata held at ${md.dist.host2.name}</echo>
<VFY.remote.both i="http://${md.dist.host2.name}/${mdaggr.prod.signed}"/>
<VFY.remote.both i="http://${md.dist.host2.name}/${mdaggr.wayf.signed}"/>
<VFY.remote.both i="http://${md.dist.host2.name}/${mdaggr.cdsall.signed}"/>
<VFY.remote.both i="http://${md.dist.host2.name}/${mdaggr.test.signed}"/>
<VFY.remote.both i="http://${md.dist.host2.name}/${mdaggr.back.signed}"/>
<VFY.remote.both i="http://${md.dist.host2.name}/${mdaggr.export.signed}"/>
<VFY.remote.both i="http://${md.dist.host2.name}/${mdaggr.export.preview.signed}"/>
<echo>Verifying metadata held at ${md.dist.host3.name}</echo>
<VFY.remote.both i="http://${md.dist.host3.name}/${mdaggr.prod.signed}"/>
<VFY.remote.both i="http://${md.dist.host3.name}/${mdaggr.wayf.signed}"/>
<VFY.remote.both i="http://${md.dist.host3.name}/${mdaggr.cdsall.signed}"/>
<VFY.remote.both i="http://${md.dist.host3.name}/${mdaggr.test.signed}"/>
<VFY.remote.both i="http://${md.dist.host3.name}/${mdaggr.back.signed}"/>
<VFY.remote.both i="http://${md.dist.host3.name}/${mdaggr.export.signed}"/>
<VFY.remote.both i="http://${md.dist.host3.name}/${mdaggr.export.preview.signed}"/>
<echo>Verification completed.</echo>
</target>
<!--
*************************************************
*** ***
*** M E T A D A T A G E N E R A T I O N ***
*** ***
*************************************************
-->
<!--
Generate unsigned metadata.
-->
<target name="generate" depends="gen.uk.unsigned">
<echo>Generated unsigned metadata.</echo>
</target>
<!--
uk.collected
This is where the flow.uk.collect places its output.
-->
<property name="uk.collected" value="${mdx.dir}/uk/collected.xml"/>
<!--
flow.uk.collect
Runs the mda code to collect all entities registered with the
UK federation registrar.
-->
<target name="flow.uk.collect">
<CHANNEL.do channel="uk" verb="collect"/>
</target>
<!--
flow.uk.verify
Runs the MDA on the uk channel's verify verb to verify that the UK-registered
metadata passes all the checks that would be imposed during a signing run.
No output files are produced by this operation.
-->
<target name="flow.uk.verify">
<CHANNEL.do channel="uk" verb="verify"/>
</target>
<!--
Unsigned metadata generation for the UK Federation.
-->
<target name="gen.uk.unsigned">
<echo>Generating unsigned UK metadata files.</echo>
<!--
Call the generate verb in the uk mdx channel
to generate the following:
production aggregate
WAYF/CDS aggregates
test aggregate
export aggregate
export preview aggregate
fallback aggregate
statistics
-->
<CHANNEL.do channel="uk" verb="generate"/>
<!--
Post-process mda-generated output files.
-->
<MDNORM i="${output.dir}/${mdaggr.prod.unsigned}"/>
<MDNORM i="${output.dir}/${mdaggr.wayf.unsigned}"/>
<MDNORM.noblank i="${output.dir}/${mdaggr.cdsall.unsigned}"/>
<MDNORM i="${output.dir}/${mdaggr.test.unsigned}"/>
<MDNORM i="${output.dir}/${mdaggr.export.unsigned}"/>
<MDNORM i="${output.dir}/${mdaggr.export.preview.unsigned}"/>
<MDNORM i="${output.dir}/${mdaggr.back.unsigned}"/>
<fixcrlf file="${output.dir}/${mdaggr.stats}" eol="lf" encoding="UTF-8"/>
<echo>Generated UK unsigned metadata.</echo>
</target>
<!--
***************************
*** ***
*** M D A T O O L ***
*** ***
***************************
-->
<!--
Property definitions for the mda tool.
Any Ant property with a name of the form "mda.*" is passed through
as a system property to the mda invocation with the "mda." stripped
off. Thus, a property "mda.foo" will be passed through as a system
property called "foo".
The individual properties listed here can be augmented or overridden
by properties defined in the external properties files, e.g., build.properties.
-->
<property name="mda.java.endorsed.dirs" value="${tools.dir}/endorsed"/>
<property name="mda.entities.dir" value="${entities.dir}"/>
<property name="mda.mdx.dir" value="${mdx.dir}"/>
<property name="mda.members.dir" value="${members.dir}"/>
<property name="mda.output.dir" value="${output.dir}"/>
<!--
Build a property set of all the properties to be passed through, with
the "mda." prefix stripped off.
-->
<propertyset id="mda.properties">
<propertyref prefix="mda."/>
<mapper type="glob" from="mda.*" to="*"/>
</propertyset>
<!--
Macro to run the mda (metadata aggregator CLI) tool.
-->
<macrodef name="MDA">
<!-- Spring pipeline configuration file -->
<attribute name="config"/>
<!-- pipeline bean ID -->
<attribute name="pipeline"/>
<sequential>
<java classname="net.shibboleth.metadata.cli.SimpleCommandLine"
fork="true" failonerror="true" maxmemory="${java.max.memory}">
<classpath>
<!-- Spring "classpath:" imports can be under the MDX directory -->
<pathelement path="${mdx.dir}"/>
<!-- Include all APIs we may want to use. -->
<fileset dir="${tools.mda}/lib">
<include name="*.jar"/>
</fileset>
<fileset dir="${tools.dir}/ukf-mda">
<include name="*.jar"/>
</fileset>
<fileset dir="${tools.dir}/xalan/lib">
<include name="sdss-xalan-md-*.jar"/>
</fileset>
</classpath>
<syspropertyset>
<propertyset refid="mda.properties"/>
</syspropertyset>
<jvmarg value="-enableassertions"/>
<arg value="--quiet"/>
<arg value="@{config}"/>
<arg value="@{pipeline}"/>
</java>
</sequential>
</macrodef>
<!--
*********************************
*** ***
*** M D N O R M T O O L ***
*** ***
*********************************
-->
<!--
MDNORM
Macro to call tool to perform textual normalisation on an XML file
containing a metadata aggregate.
Parameter 'i' is the file to be normalised.
-->
<macrodef name="MDNORM">
<attribute name="i"/><!-- input file -->
<element name="args" optional="yes"/>
<sequential>
<java fork="true" maxmemory="${java.max.memory}" failonerror="true" classname="uk.org.ukfederation.mdnorm.Normalise">
<classpath>
<fileset dir="${tools.mdnorm}/lib">
<include name="*.jar"/>
</fileset>
</classpath>
<args/>
<arg value="@{i}"/>
</java>
</sequential>
</macrodef>
<!--
MDNORM.noblank
Call MDNORM but discard blank lines from the output.
-->
<macrodef name="MDNORM.noblank">
<attribute name="i"/><!-- input file -->
<sequential>
<MDNORM i="@{i}">
<args>
<arg value="--discardBlankLines"/>
</args>
</MDNORM>
</sequential>
</macrodef>
<!--
*********************************************
*** ***
*** M E T A D A T A T O O L T O O L ***
*** ***
*********************************************
-->
<!--
Macro to run the metadatatool application with appropriate defaults.
-->
<macrodef name="MDT">
<attribute name="i"/><!-- input file -->
<attribute name="o"/><!-- output file -->
<attribute name="keystore"/><!-- keystore file -->
<attribute name="storetype" default="JKS"/><!-- type of keystore to use -->
<attribute name="alias"/><!-- alias of key to use -->
<element name="args" optional="yes"/>
<sequential>
<java classname="edu.internet2.middleware.shibboleth.utils.MetadataTool"
fork="true" failonerror="true" maxmemory="${java.max.memory}">
<classpath>
<fileset dir="${tools.metadatatool}/lib">
<include name="*.jar"/>
</fileset>
</classpath>
<jvmarg value="-Djava.endorsed.dirs=${tools.metadatatool}/endorsed"/>
<args/>
<arg value="--keystore"/>
<arg value="@{keystore}"/>
<arg value="--storetype"/>
<arg value="@{storetype}"/>
<arg value="--alias"/>
<arg value="@{alias}"/>
<arg value="--in"/>
<arg value="file:@{i}"/>
<arg value="--out"/>
<arg value="@{o}"/>
</java>
</sequential>
</macrodef>
<macrodef name="MDT.VFY.uk">
<attribute name="i"/>
<sequential>
<MDT i="@{i}" o="${null.device}"
keystore="${mdx.dir}/uk/ukfederation-2014.jks"
alias="${keystore.uk.vfy.alias}"/>
</sequential>
</macrodef>
<!--
***********************************
*** ***
*** S L A C K T E E T O O L ***
*** ***
***********************************
-->
<macrodef name="SLACK.send">
<attribute name="conf" />
<attribute name="colour" />
<attribute name="message" />
<sequential>
<exec executable="bash" failonerror="true">
<arg value="-c" />
<arg value="echo -e '@{message}' | ${tools.slacktee}/bin/slacktee.sh -p --config @{conf} -a @{colour}" />
</exec>
</sequential>
</macrodef>
<!--
Send success notification to slack channel
-->
<target name="slack.notify.publication.success">
<tstamp>
<format property="DATE_UTC" pattern="yyyy-MM-dd" locale="UTC" />
</tstamp>
<tstamp>
<format property="TIME_UTC" pattern="HH:mm" locale="UTC" />
</tstamp>
<SLACK.send conf="${tools.slacktee}/conf/aggr-ant.conf" colour="good"
message="${DATE_UTC} ${TIME_UTC}: Successfully published new UKf MD Aggregates and MDQ cache." />
</target>
<!--
*****************************************
*** ***
*** X M L S E C T O O L T O O L ***
*** ***
*****************************************
-->
<macrodef name="XMLSECTOOL">
<attribute name="i"/><!-- input file -->
<element name="args" optional="yes"/>
<sequential>
<java classname="net.shibboleth.tool.xmlsectool.XMLSecTool"
fork="true" failonerror="true" maxmemory="${java.max.memory}">
<classpath>
<fileset dir="${tools.xmlsectool}/lib">
<include name="*.jar"/>
</fileset>
</classpath>
<args/>
<arg value="--validateSchema"/>
<arg value="--schemaDirectory"/>
<arg value="${mdx.dir}/schema"/>
<arg value="--inFile"/>
<arg value="@{i}"/>
</java>
</sequential>
</macrodef>
<macrodef name="XMLSECTOOL.SIGN.uk">
<attribute name="i"/><!-- input file -->
<attribute name="o"/><!-- output file -->
<attribute name="digest"/><!-- digest function to use -->
<sequential>
<!-- delete the temporary file to be sure we don't use old data -->
<delete file="${temp.dir}/temp.xml" quiet="true" verbose="false"/>
<echo>Signing @{i} using digest @{digest}.</echo>
<!-- perform signing operation into temporary file -->
<XMLSECTOOL i="@{i}">
<args>
<arg value="--sign"/>
<!-- set digest to use -->
<arg value="--digest"/>
<arg value="@{digest}"/>
<!--
If we have a PKCS#11 configuration specified, include it.
-->
<arg if:set="sign.uk.pkcs11Config" value="--pkcs11Config"/>
<arg if:set="sign.uk.pkcs11Config" value="${sign.uk.pkcs11Config}"/>
<!--
If we have a non-default keystore provider specified, include it.
-->
<arg if:set="sign.uk.keystoreProvider" value="--keystoreProvider"/>
<arg if:set="sign.uk.keystoreProvider" value="${sign.uk.keystoreProvider}"/>
<arg value="--key"/>
<arg value="${sign.uk.keyAlias}"/>
<arg value="--keyPassword"/>
<arg value="${sign.uk.keyPassword}"/>
<arg value="--outFile"/>
<arg value="@{o}"/>
<arg value="--referenceIdAttributeName"/>
<arg value="ID"/>
<!--
<arg value="- -quiet"/>
-->
</args>
</XMLSECTOOL>
<!-- Force the output file to use Unix line endings -->
<fixcrlf file="@{o}" eol="lf" encoding="UTF-8"/>
</sequential>
</macrodef>
<macrodef name="XMLSECTOOL.VFY.uk">
<attribute name="i"/><!-- input file -->
<sequential>
<XMLSECTOOL i="@{i}">
<args>
<arg value="--verifySignature"/>
<arg value="--certificate"/>
<arg value="${mdx.dir}/uk/ukfederation-2014.pem"/>
<!--
<arg value="- -quiet"/>
-->
</args>
</XMLSECTOOL>
</sequential>
</macrodef>
<!--
*******************************
*** ***
*** X A L A N T O O L ***
*** ***
*******************************
-->
<!--
Macro to run the Xalan XSLT engine, taking files from arbitrary
locations.
-->
<macrodef name="XALAN">
<attribute name="i"/>
<attribute name="o"/>
<attribute name="x"/>
<sequential>
<java fork="true" maxmemory="${java.max.memory}" failonerror="true" classname="org.apache.xalan.xslt.Process">
<classpath>
<fileset dir="${tools.xalan}/lib">
<include name="*.jar"/>
</fileset>
</classpath>
<jvmarg value="-Djava.endorsed.dirs=${tools.xalan}/endorsed"/>
<arg value="-IN"/>
<arg value="@{i}"/>
<arg value="-OUT"/>
<arg value="@{o}"/>
<arg value="-XSL"/>
<arg value="@{x}"/>
</java>
</sequential>
</macrodef>
<!--
Macro to run the Xalan XSLT engine, taking files from arbitrary
locations. No output specified, so the result of the transform
will be sent to standard output.
-->
<macrodef name="XALAN.noout">
<attribute name="i"/>
<attribute name="x"/>
<sequential>
<java fork="true" maxmemory="${java.max.memory}" failonerror="true" classname="org.apache.xalan.xslt.Process">
<classpath>
<fileset dir="${tools.xalan}/lib">
<include name="*.jar"/>
</fileset>
</classpath>
<jvmarg value="-Djava.endorsed.dirs=${tools.xalan}/endorsed"/>
<arg value="-IN"/>
<arg value="@{i}"/>
<arg value="-XSL"/>
<arg value="@{x}"/>
</java>
</sequential>
</macrodef>
<!--
*******************************************
*** ***
*** M E T A D A T A S I G N I N G ***
*** ***
*******************************************
-->
<!--
Acquire the signing keystore password.
-->
<target name="get.sign.uk.keyPassword" unless="sign.uk.keyPassword">
<input addproperty="sign.uk.keyPassword">
Please enter the password for the keystores:
</input>
</target>
<!--
Select tool to sign UK federation metadata with.
-->
<macrodef name="SIGN.uk">
<attribute name="i"/>
<attribute name="o"/>
<attribute name="digest"/><!-- digest function to use -->
<sequential>
<XMLSECTOOL.SIGN.uk i="@{i}" o="@{o}" digest="@{digest}"/>
</sequential>
</macrodef>
<!--
Sign the various metadata files.
-->
<target name="sign">
<echo>Signing UK metadata.</echo>
<SIGN.uk i="${mdaggr.prod.unsigned}" o="${mdaggr.prod.signed}" digest="SHA-256"/>
<echo>Signing UK WAYF metadata.</echo>
<SIGN.uk i="${mdaggr.wayf.unsigned}" o="${mdaggr.wayf.signed}" digest="SHA-256"/>
<echo>Signing UK CDS full metadata.</echo>
<SIGN.uk i="${mdaggr.cdsall.unsigned}" o="${mdaggr.cdsall.signed}" digest="SHA-256"/>
<echo>Signing UK test metadata.</echo>
<SIGN.uk i="${mdaggr.test.unsigned}" o="${mdaggr.test.signed}" digest="SHA-256"/>
<echo>Signing UK export metadata.</echo>
<SIGN.uk i="${mdaggr.export.unsigned}" o="${mdaggr.export.signed}" digest="SHA-256"/>
<echo>Signing UK export preview metadata.</echo>
<SIGN.uk i="${mdaggr.export.preview.unsigned}" o="${mdaggr.export.preview.signed}" digest="SHA-256"/>
<echo>Signing UK fallback metadata.</echo>
<SIGN.uk i="${mdaggr.back.unsigned}" o="${mdaggr.back.signed}" digest="SHA-256"/>
<echo>Generated signed UK metadata.</echo>
</target>
<!--
Verify UK federation metadata with both verification tools.
This should be used when the metadata needs to be compatible
with the Shibboleth 1.3 IdP.
-->
<macrodef name="VFY.uk.both">
<attribute name="i"/>
<sequential>
<!--
Verify using metadatatool.
-->
<MDT.VFY.uk i="@{i}"/>
<!--
Verify using xmlsectool.
-->
<XMLSECTOOL.VFY.uk i="@{i}"/>
</sequential>
</macrodef>
<!--
Verify the signed metadata files.
-->
<target name="verify">
<echo>Verifying signed UK metadata.</echo>
<VFY.uk.both i="${output.dir}/${mdaggr.prod.signed}"/>
<echo>Verifying signed UK WAYF metadata.</echo>
<VFY.uk.both i="${output.dir}/${mdaggr.wayf.signed}"/>
<echo>Verifying signed UK CDS full metadata.</echo>
<VFY.uk.both i="${output.dir}/${mdaggr.cdsall.signed}"/>
<echo>Verifying signed UK test metadata.</echo>
<VFY.uk.both i="${output.dir}/${mdaggr.test.signed}"/>
<echo>Verifying signed UK export metadata.</echo>
<VFY.uk.both i="${output.dir}/${mdaggr.export.signed}"/>
<echo>Verifying signed UK export preview metadata.</echo>
<VFY.uk.both i="${output.dir}/${mdaggr.export.preview.signed}"/>
<echo>Verifying signed UK fallback metadata.</echo>
<VFY.uk.both i="${output.dir}/${mdaggr.back.signed}"/>
<echo>Verification completed.</echo>
</target>
<!--
*****************************************
*** ***
*** M E T A D A T A I M P O R T ***
*** ***
*****************************************
-->
<target name="import.metadata">
<echo>Importing metadata from ${entities.dir}/import.xml</echo>
<delete file="${entities.dir}/imported.xml" quiet="true" verbose="false"/>
<CHANNEL.do channel="uk" verb="import.metadata"/>
<echo>Imported metadata to ${entities.dir}/imported.xml</echo>
<fixcrlf file="${entities.dir}/imported.xml" encoding="UTF-8"/>
</target>
<!--
*********************************************
*** ***
*** M E T A D A T A E X C H A N G E ***
*** ***
*********************************************
-->
<!--
Aggregator based work is divided into channels, each of
which lives in a directory under /mdx/. Each channel
can have a number of verbs which can be executed.
Conventions for this system are documented in
/mdx/conventions.md.
-->
<!--
CHANNEL.do
Run a particular flow in the named channel.
-->
<macrodef name="CHANNEL.do">
<attribute name="channel"/><!-- channel name -->
<attribute name="verb"/><!-- verb to perform -->
<sequential>
<echo>Running @{channel} @{verb} flow.</echo>
<if>
<available file="${mdx.dir}/@{channel}/@{verb}.xml"/>
<then>
<MDA config="${mdx.dir}/@{channel}/@{verb}.xml"
pipeline="@{verb}"/>
</then>
<else>
<MDA config="${mdx.dir}/@{channel}/verbs.xml"
pipeline="@{verb}"/>
</else>
</if>
<echo>Completed @{channel} @{verb} flow.</echo>
</sequential>
</macrodef>
<!--
flow
Prompt for a channel name and a verb, and run that verb in that channel.
-->
<target name="flow">
<input addproperty="channel">
Please select the channel to use (e.g., us_incommon):
</input>
<input addproperty="verb">
Please select the verb to execute (e.g., import):
</input>
<CHANNEL.do channel="${channel}" verb="${verb}"/>
</target>
<!--
CHANNEL.import
Run the import flow from the named channel.
-->
<macrodef name="CHANNEL.import">
<attribute name="channel"/><!-- channel name -->
<sequential>
<CHANNEL.do channel="@{channel}" verb="import"/>
</sequential>
</macrodef>
<!--
*******************************************************************
*** ***
*** M D X : N O N - P R O D U C T I O N C H A N N E L S ***
*** ***
*******************************************************************
-->
<target name="flow.import">
<input addproperty="channel">
Please select the channel to use (e.g., us_incommon):
</input>
<CHANNEL.import channel="${channel}"/>
</target>
<target name="flow.int_edugain.testImport">
<CHANNEL.do channel="int_edugain" verb="importTest"/>
</target>
<!--
flow.verify.cobweb
Verify the COBWEB metadata. Callable from Jenkins.
-->
<target name="flow.verify.cobweb">
<CHANNEL.do verb="verifyProduction" channel="int_cobweb"/>
</target>
<!--
flow.verifyEdugain.input
Verify the eduGAIN entities from a particular channel.
The intention is that this be called within Jenkins
with the channel name passed as a property, e.g.:
ant flow.verifyEdugain.input -Dchannel=se_swamid
-->
<target name="flow.verifyEdugain.input">
<CHANNEL.do verb="verifyEdugain" channel="${channel}"/>
</target>
<!--
flow.verifyEdugain.output
Verify the eduGAIN production aggregate.
The intention is that these targets be called from Jenkins.
-->
<target name="flow.verifyEdugain.output">
<CHANNEL.do verb="verify" channel="int_edugain"/>
</target>
<target name="flow.verifyEdugain.output.all">
<CHANNEL.do verb="verify.all" channel="int_edugain"/>
</target>
<target name="flow.verifyEdugain.output.recovered">
<CHANNEL.do verb="verify.recovered" channel="int_edugain"/>
</target>
<!--
*********************************
*** ***
*** U I I N F O L I S T ***
*** ***
*********************************
-->
<target name="uiinfo.list">
<CHANNEL.do channel="uk" verb="collect"/>
<XALAN.noout i="${mdx.dir}/uk/collected.xml"
x="${build.dir}/list_uiinfo.xsl"/>
</target>
<!--
*******************************
*** ***
*** M D U I S T A T S ***
*** ***
*******************************
-->
<target name="mdui.stats">
<input addproperty="channel">
Please select the channel to use (e.g., us_incommon):
</input>
<if>
<equals arg1="${channel}" arg2="uk"/>
<then>
<CHANNEL.do verb="collect" channel="uk"/>
<XALAN.noout i="${mdx.dir}/uk/collected.xml"
x="${build.dir}/statistics_mdui.xsl"/>
</then>
<else>
<CHANNEL.do verb="importRaw" channel="${channel}"/>
<XALAN.noout i="${mdx.dir}/${channel}/imported.xml"
x="${build.dir}/statistics_mdui.xsl"/>
</else>
</if>
</target>
<!--
*******************************
*** ***
*** M I S C E L L A N Y ***
*** ***
*******************************
-->
<!--
Statistics generation
Note that statistics are generated from the full registered fragment
data, so that the statistics process has access to information that will not
be included in published metadata.
This target does stand-alone statistics generation; in normal use, the
statistics are generated as a side-effect of the generate target.
-->
<target name="stats">
<CHANNEL.do channel="uk" verb="statistics"/>
<fixcrlf file="${output.dir}/${mdaggr.stats}" eol="lf" encoding="UTF-8"/>
</target>
<!--
Check mailing list against current metadata
-->
<target name="check.mailing.list" depends="flow.uk.collect">
<echo>Checking mailing list entries.</echo>
<exec executable="perl" dir="${build.dir}">
<arg value="${build.dir}/addresses.pl"/>
</exec>
</target>
<!--
Extract TLS locations from the UK federation metadata.
-->
<target name="extract.locs" depends="flow.uk.collect">
<echo>Extracting TLS locations</echo>
<exec executable="perl" dir="${build.dir}"
output="${build.dir}/locations.txt">
<arg value="${build.dir}/extract_locs.pl"/>
</exec>
</target>
<target name="extract.locs.noports" depends="flow.uk.collect">
<echo>Extracting TLS locations</echo>
<exec executable="perl" dir="${build.dir}"
output="${build.dir}/locations_noports.txt">
<arg value="${build.dir}/extract_locs_noports.pl"/>
</exec>
</target>
<!--
Utility to fold overlong embedded certificates.
-->
<target name="fold.embedded.certs">
<echo>Folding embedded certificates</echo>
<for param="file">
<path>
<fileset dir="${entities.dir}" includes="uk*.xml"/>
</path>
<sequential>
<exec executable="perl" dir="${entities.dir}">
<arg value="-i"/>
<arg value="${build.dir}/fold_cert.pl"/>
<arg value="@{file}"/>
</exec>
</sequential>
</for>
</target>
<!--
Utility to remove the old Eduserv gateway certificate.
-->
<!--
<target name="remove.old.eduserv.cert">
<echo>Removing old Eduserv gateway certificate</echo>
<for param="file">
<path>
<fileset dir="${entities.dir}" includes="uk*.xml"/>
</path>
<sequential>
<exec executable="perl" dir="${entities.dir}">
<arg value="-i"/>
<arg value="${build.dir}/remove_old_eduserv_cert.pl"/>
<arg value="@{file}"/>
</exec>
</sequential>
</for>
</target>
-->
<!--
Utility to add the second Eduserv gateway certificate.
-->
<!--
<target name="add.second.eduserv.cert">
<echo>Adding second Eduserv gateway certificate</echo>
<for param="file">
<path>
<fileset dir="${entities.dir}" includes="uk*.xml"/>
</path>
<sequential>
<exec executable="perl" dir="${entities.dir}">
<arg value="-i"/>
<arg value="${build.dir}/add_second_eduserv_cert.pl"/>
<arg value="@{file}"/>
</exec>
</sequential>
</for>
</target>
-->
<!--
Utility to apply a one-off change to every fragment file.
The perl script is applied in "-i" mode to perform in-place
editing; this only works well on Unix-like systems.
Comment this out when not in use to avoid accidents.
-->
<!--
<target name="fix.fragments">
<for param="file">
<path>
<fileset dir="${entities.dir}" includes="uk*.xml"/>
</path>
<sequential>
<echo>processing @{file}</echo>
<exec executable="perl" dir="${entities.dir}">
<arg value="-i"/>
<arg value="${build.dir}/fix_fragment.pl"/>
<arg value="@{file}"/>
</exec>
</sequential>
</for>
</target>
-->
<!--
Extract embedded certificates
-->
<target name="extract.embedded" depends="flow.uk.collect">
<echo>Extracting embedded certificates</echo>
<XALAN
i="${uk.collected}"
o="${temp.dir}/embedded.pem"
x="${build.dir}/extract_embedded.xsl"/>
</target>
<!--
Check embedded certificates.
-->
<target name="check.embedded" depends="extract.embedded">
<echo>Checking embedded certificates</echo>
<exec executable="perl" dir="${temp.dir}"
input="${temp.dir}/embedded.pem">
<arg value="${build.dir}/check_embedded.pl"/>
<arg value="-q"/>
</exec>
<delete file="${temp.dir}/embedded.pem" quiet="true" verbose="false"/>
</target>
<!--
Check for IdPs using the single-port configuration.
-->
<target name="check.ports">
<echo>Checking vhost use</echo>
<CHANNEL.do verb="checkPorts" channel="uk"/>
<echo>Checked.</echo>
</target>
<!--
check.uk.future
Run a set of possible future rulesets against the existing collection
of UK-federation registered metadata.
-->
<target name="check.uk.future">
<echo>Checking against future rulesets.</echo>
<CHANNEL.do verb="checkFuture" channel="uk"/>
<echo>Check complete.</echo>
</target>
<!--
echoproperties
List all the properties ant is using.
-->
<target name="echoproperties">
<echo>All properties:</echo>
<echoproperties/>
<echo>MDA properties:</echo>
<echoproperties>
<propertyset>
<propertyset refid="mda.properties"/>
</propertyset>
</echoproperties>
</target>
</project>