Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

inc-meta/mdx/incommon/sign.xml

Go to file
@iay
iay Move date arithmetic out of final_tweak
Latest commit f709d62 Oct 31, 2024 History
2 contributors

Users who have contributed to this file

@iay @dshafer
270 lines (225 sloc) 9.54 KB
Raw Blame
<?xml version="1.0" encoding="UTF-8"?>
<!--
Construct InCommon eduGAIN import aggregate.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
default-lazy-init="true"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<!--
Import commonly used beans.
-->
<import resource="classpath:common-beans.xml"/>
<!--
Import inc-mda beans.
-->
<import resource="classpath:uk/org/iay/incommon/mda/beans.xml"/>
<!--
Import channel-specific beans.
-->
<import resource="classpath:incommon/beans.xml"/>
<import resource="classpath:incommon/edugain-policy.xml"/>
<!--
Import eduGAIN channel beans.
-->
<import resource="classpath:int_edugain/beans.xml"/>
<!--
***********************************************************
*** ***
*** C O M M O N O U T P U T P R O C E S S I N G ***
*** ***
***********************************************************
-->
<bean id="common.output" parent="mda.CompositeStage">
<property name="stages">
<list>
<!-- Construct a new aggregate from the collection of entities. -->
<bean id="inc.assemble" parent="mda.EntitiesDescriptorAssemblerStage">
<property name="itemOrderingStrategy">
<bean parent="inc.InCommonEntityOrderingStrategy"
c:_-ref="us_incommon_registrar"/>
</property>
</bean>
<!-- Apply final tweaks to the aggregate. -->
<bean id="finalise" parent="incommon_finalise_parent">
<property name="transformParameters">
<map>
<entry key="extraText" value="Contains InCommon and eduGAIN metadata"/>
<entry key="publisher" value-ref="us_incommon_registrar"/>
<entry key="validityDays" value="${validUntil.aggregate.days}"/>
<entry key="now_ISO" value-ref="now_ISO"/>
<entry key="now_local_ISO" value-ref="now_local_ISO"/>
<entry key="valid_until_ISO" value-ref="validUntil_aggregate_ISO"/>
</map>
</property>
</bean>
<!-- Normalise the use of namespace prefixes in the resulting XML document. -->
<bean id="normalise" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:incommon/ns_norm_import.xsl"/>
</list>
</property>
</bean>
<!--
*****************************************
*** ***
*** I D P - O N L Y O U T P U T ***
*** ***
*****************************************
-->
<!--
idp.serialize
Writes the IdP-only aggregate out to a file.
-->
<bean id="idp.serialize" parent="mda.SerializationStage">
<property name="serializer" ref="serializer"/>
<property name="outputFile">
<bean parent="File">
<constructor-arg value="${inc.imported-idp.xml}"/>
</bean>
</property>
</bean>
<!--
idp.selector
Entities in the IdP-only aggregate are restricted to identity providers.
-->
<bean id="idp.selector" parent="mda.XPathItemSelectionStrategy">
<constructor-arg value="/md:EntityDescriptor[md:IDPSSODescriptor]"/>
<constructor-arg ref="commonNamespaces"/>
</bean>
<!--
idp.pipeline
Generates the IdP-only aggregate. The selector has already taken care
of removing non-IdP entities.
-->
<bean id="idp.pipeline" parent="mda.SimplePipeline">
<property name="stages">
<list>
<!-- Perform common steps in constructing an output aggregate. -->
<ref bean="common.output"/>
<!-- Sign the aggregate -->
<ref bean="signItems" />
<!-- Write the resulting aggregate out to a file. -->
<ref bean="idp.serialize"/>
</list>
</property>
</bean>
<!--
*************************************************
*** ***
*** A L L E N T I T I E S O U T P U T ***
*** ***
*************************************************
-->
<!--
serializeImported
Writes the import aggregate out to a file.
-->
<bean id="serializeImported" parent="mda.SerializationStage">
<property name="serializer" ref="serializer"/>
<property name="outputFile">
<bean parent="File">
<constructor-arg value="${inc.imported.xml}"/>
</bean>
</property>
</bean>
<!--
*************************************
*** ***
*** E D U G A I N I N P U T ***
*** ***
*************************************
-->
<bean id="incommon_edugain_importPipeline" parent="mda.SimplePipeline">
<property name="stages">
<list>
<!--
Load the saved eduGAIN aggregate from a file.
-->
<bean id="edugain_aggregate" parent="mda.DOMResourceSourceStage">
<property name="parserPool" ref="parserPool"/>
<property name="DOMResource">
<bean parent="FileSystemResource" c:_0="${inc.edugain.xml}"/>
</property>
</bean>
<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="int_edugain_checkSignature"/>
<ref bean="errorTerminatingFilter"/>
<ref bean="disassemble"/>
<ref bean="int_edugain_removeBlacklistedEntities"/>
<!--
All eduGAIN entities should have mdrpi:RegistrationInfo elements, but
we can't check the actual values.
-->
<ref bean="check_hasreginfo"/>
<!-- Populate identifiers for future actions. -->
<ref bean="populateItemIds"/>
<ref bean="populateRegistrationAuthorities"/>
<!-- Apply policy. -->
<ref bean="edugainPolicy"/>
<!--
Silently remove entities which are marked as
having errors.
-->
<ref bean="errorRemover"/>
</list>
</property>
</bean>
<!-- MD SIGNING MOVE TO AWS (TIO-118) -->
<!-- Define a private key factory (based on AWS CloudHSM) -->
<bean id="hsmPrivateKeyFactory" class="uk.org.iay.incommon.mda.cloudhsm.CloudHSMPrivateKeyFactoryBean"
p:username="${sign.keyUser}" p:password="${sign.keyPassword}" p:keyLabel="${sign.keyLabel}" />
<!-- Signs items using a provided privateKeyFactory -->
<bean id="signItems" parent="mda.XMLSignatureSigningStage">
<property name="privateKey">
<ref bean="hsmPrivateKeyFactory" />
</property>
<property name="certificates">
<list>
<bean id="us_incommon_signingCertificate" parent="mda.X509CertificateFactoryBean"
p:resource="classpath:us_incommon/inc-md-cert.pem"/>
</list>
</property>
</bean>
<!--
*************************************
*** ***
*** M A I N P I P E L I N E ***
*** ***
*************************************
-->
<!--
The main "sign" pipeline is responsible for generating the
signed output aggregate.
-->
<bean id="sign" parent="mda.SimplePipeline">
<property name="stages">
<list>
<!--
Start with the InCommon production aggregate.
In a production environment, this will be the *unsigned* aggregate,
so we perform minimal checking on its contents.
-->
<bean id="production_aggregate" parent="mda.DOMResourceSourceStage">
<property name="parserPool" ref="parserPool"/>
<property name="DOMResource">
<bean parent="FileSystemResource" c:_0="${inc.production.xml}"/>
</property>
</bean>
<!-- Sign the aggregate -->
<ref bean="signItems" />
<!-- Write the resulting aggregate out to a file. -->
<ref bean="serializeImported"/>
</list>
</property>
</bean>
</beans>