Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

inc-meta/mdx/uk/verbs.xml

Go to file
@iay
iay Simplify outboard statistics generation
Latest commit bdfed43 Aug 20, 2024 History 
With MDA 0.10, it's no longer necessary to
duplicate this code.
1 contributor

Users who have contributed to this file

387 lines (337 sloc) 14.4 KB
Raw Blame
<?xml version="1.0" encoding="UTF-8"?>
<!--
Miscellaneous UK channel verbs.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
default-lazy-init="true"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<!--
Import commonly used beans.
-->
<import resource="classpath:common-beans.xml"/>
<!--
Import channel-specific beans.
-->
<import resource="classpath:uk/beans.xml"/>
<!--
***************************************
*** ***
*** V E R B P I P E L I N E S ***
*** ***
***************************************
-->
<!--
statistics
Stand-alone statistics generation.
-->
<bean id="statistics" parent="mda.SimplePipeline">
<property name="stages">
<list>
<ref bean="uk_registeredEntities"/>
<ref bean="uk_statisticsPipeline"/>
</list>
</property>
</bean>
<!--
***********************
*** ***
*** V E R I F Y ***
*** ***
***********************
-->
<bean id="verify" parent="mda.SimplePipeline">
<property name="stages">
<list>
<!--
uk_registeredEntities performs all
per-entity checks and terminates if
any of them fail.
-->
<ref bean="uk_registeredEntities"/>
<!--
Now build an aggregate so that we can perform
checks across the whole aggregate, such as
entityID uniqueness.
-->
<ref bean="uk_assemble"/>
<ref bean="checkSchemas"/>
<ref bean="check_aggregate"/>
<ref bean="errorTerminatingFilter"/>
</list>
</property>
</bean>
<!--
*********************************
*** ***
*** C H E C K P O R T S ***
*** ***
*********************************
-->
<bean id="checkPorts" parent="mda.SimplePipeline">
<property name="stages">
<list>
<ref bean="uk_registeredEntities"/>
<!--
The next five stages ensure that any errors are reported
in entity ID order, even on systems where the native order
(which tends to reflect the file enumeration ordering)
is arbitrary. Ideally this should be handled by an explicit
ordering stage.
The actual reordering is performed by the uk_assemble/disassemble
stages; the subsequent "populate" stages restore the item
metadata discarded by the uk_assemble stage.
-->
<ref bean="uk_assemble"/>
<ref bean="disassemble"/>
<ref bean="populateItemIds"/>
<ref bean="uk_populateIds"/>
<ref bean="populateRegistrationAuthorities"/>
<ref bean="check_vhosts"/>
<ref bean="errorAnnouncingFilter"/>
</list>
</property>
</bean>
<!--
***********************************
*** ***
*** C H E C K F U T U R E ***
*** ***
***********************************
-->
<bean id="checkFuture" parent="mda.SimplePipeline">
<property name="stages">
<list>
<ref bean="uk_registeredEntities"/>
<!--
The next five stages ensure that any errors are reported
in entity ID order, even on systems where the native order
(which tends to reflect the file enumeration ordering)
is arbitrary. Ideally this should be handled by an explicit
ordering stage.
The actual reordering is performed by the uk_assemble/disassemble
stages; the subsequent "populate" stages restore the item
metadata discarded by the uk_assemble stage.
-->
<ref bean="uk_assemble"/>
<ref bean="disassemble"/>
<ref bean="populateItemIds"/>
<ref bean="uk_populateIds"/>
<ref bean="populateRegistrationAuthorities"/>
<!--
Additional X.509 certificate checks, over and above those
performed in uk_registeredEntities.
-->
<bean id="checkCertificates" parent="mda.X509ValidationStage">
<property name="validators">
<list>
<!-- none at present -->
</list>
</property>
</bean>
<ref bean="check_future"/>
<ref bean="errorAnnouncingFilter"/>
</list>
</property>
</bean>
<!--
*****************************************
*** ***
*** M E T A D A T A I M P O R T ***
*** ***
*****************************************
-->
<!--
fetchImportMetadata
Fetches the contents of the file used to hold metadata to be imported
into a UK federation fragment file.
-->
<bean id="fetchImportMetadata" parent="mda.DOMFilesystemSourceStage">
<property name="parserPool" ref="parserPool"/>
<property name="source">
<bean parent="File">
<constructor-arg value="${entities.dir}/import.xml"/>
</bean>
</property>
</bean>
<!--
serializeImportedMetadata
Serialise the fragment file just imported.
-->
<bean id="serializeImportedMetadata" parent="mda.SerializationStage">
<property name="serializer" ref="serializer"/>
<property name="outputFile">
<bean parent="File">
<constructor-arg value="${entities.dir}/imported.xml"/>
</bean>
</property>
</bean>
<!--
import
Pipeline to import a metadata fragment file.
For now, just the head of that pipeline.
-->
<bean id="import.metadata" parent="mda.SimplePipeline">
<property name="stages">
<list>
<!-- fetch the input file -->
<ref bean="fetchImportMetadata"/>
<ref bean="populateItemIds"/>
<!--
Strip all elements and attributes that are in namespaces
we don't accept from registrants.
-->
<bean id="whitelistImportedNamespaces" parent="mda.NamespacesStrippingStage"
p:keeping="true">
<property name="namespaces">
<set>
<ref bean="alg_namespace"/>
<ref bean="ds_namespace"/>
<ref bean="hoksso_namespace"/>
<ref bean="idpdisc_namespace"/>
<ref bean="init_namespace"/>
<ref bean="md_namespace"/>
<ref bean="mdattr_namespace"/>
<ref bean="mdrpi_namespace"/>
<ref bean="mdui_namespace"/>
<ref bean="remd_namespace"/>
<ref bean="saml_namespace"/>
<ref bean="shibmd_namespace"/>
<ref bean="xenc_namespace"/>
<ref bean="xml_namespace"/>
</set>
</property>
</bean>
<!-- perform schema validation and stop immediately if this fails -->
<ref bean="checkSchemas"/>
<ref bean="errorTerminatingFilter"/>
<!-- fix mailto: in contacts -->
<ref bean="uk_fix_mailto"/>
<!-- transform into a fragment using our local conventions -->
<bean id="importTransform" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:uk/import.xsl">
<property name="transformParameters">
<map>
<entry key="now_ISO" value-ref="now_ISO"/>
<entry key="now_date_ISO" value-ref="now_date_ISO"/>
</map>
</property>
</bean>
<!-- Normalise the text in ds:X509Certificate elements. -->
<ref bean="wrapX509Certificates"/>
<!-- normalise namespaces in a specific way -->
<bean id="normalizeFragment" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:uk/ns_norm_fragment.xsl"/>
<!-- check the transformed input -->
<ref bean="checkSchemas"/>
<!--
Standard checks (i.e., CHECK_std), with some exclusions.
check_saml2meta is excluded so that the "FILL IN" boilerplate on
OrganizationURL is not flagged.
-->
<ref bean="check_adfs"/>
<ref bean="check_algsupport"/>
<ref bean="check_bindings"/>
<ref bean="check_cr"/>
<ref bean="check_entityid_prefix"/>
<ref bean="check_hoksso"/>
<ref bean="check_idpdisc"/>
<ref bean="check_idp_tls"/>
<ref bean="check_incmd"/>
<ref bean="check_init"/>
<ref bean="check_mdiop"/>
<ref bean="check_mdrpi"/>
<ref bean="check_mdui"/>
<ref bean="check_misc"/>
<ref bean="check_reqattr"/>
<ref bean="check_saml1"/>
<ref bean="check_saml2"/>
<ref bean="check_saml2_lang"/>
<ref bean="check_saml2int"/>
<!-- <ref bean="check_saml2meta"/> -->
<ref bean="check_shib_noregscope"/>
<ref bean="check_shibboleth"/>
<ref bean="check_sp_tls"/>
<ref bean="check_uk_trust"/>
<bean id="checkCertificates" parent="mda.X509ValidationStage">
<property name="validators">
<list>
<!-- Error on DSA keys. -->
<bean p:id="DSA" parent="mda.X509DSADetector"/>
<!-- Error on RSA key length less than 2048 bits. -->
<bean p:id="RSAKeyLength" parent="mda.X509RSAKeyLengthValidator"
p:warningBoundary="0" p:errorBoundary="2048"/>
<!-- Error on small RSA public exponents. -->
<bean p:id="RSAExponent" parent="mda.X509RSAExponentValidator"/>
<!-- Error on keys vulnerable to ROCA. -->
<bean p:id="ROCA" parent="mda.X509ROCAValidator"/>
<!--
Debian weak key lists.
Don't need to check for keys below our minimum key size.
-->
<ref bean="debian.2048"/>
<ref bean="debian.4096"/>
<!--
Compromised key lists.
Again, don't need to check for keys below our minimum key size.
-->
<ref bean="compromised.2048"/>
</list>
</property>
</bean>
<ref bean="check_uk_extensions"/>
<ref bean="check_uk_mdrps"/>
<ref bean="check_uk_urlenc"/>
<ref bean="check_future"/>
<ref bean="check_imported"/>
<ref bean="check_vhosts"/>
<ref bean="errorTerminatingFilter"/>
<!-- If there are no errors, log any warnings. -->
<ref bean="warningAnnouncer"/>
<!-- write output file -->
<ref bean="serializeImportedMetadata"/>
</list>
</property>
</bean>
<!--
#################################################
### ###
### U K E X P O R T A S I M P O R T ###
### ###
#################################################
-->
<bean id="serializeImported" parent="mda.SerializationStage">
<property name="serializer" ref="serializer"/>
<property name="outputFile">
<bean parent="File">
<constructor-arg value="${mdx.dir}/uk/imported.xml"/>
</bean>
</property>
</bean>
<bean id="importExported" parent="mda.SimplePipeline">
<property name="stages">
<list>
<ref bean="uk_exportedEntities"/>
<ref bean="standardImportActions"/>
<ref bean="check_shib_regscope"/>
<ref bean="standardImportTail"/>
<ref bean="serializeImported"/>
</list>
</property>
</bean>
<bean id="importExportedRaw" parent="mda.SimplePipeline">
<property name="stages">
<list>
<ref bean="uk_exportAggregate"/>
<ref bean="serializeImported"/>
</list>
</property>
</bean>
<alias alias="import" name="importExported"/>
<alias alias="importRaw" name="importExportedRaw"/>
</beans>