Fix up surfnet/surfconext channels.

InCommon · May 3, 2012 · 1d18f66 · 1d18f66
1 parent c2a58e5
commit 1d18f66
Show file tree

Hide file tree

Showing 5 changed files with 196 additions and 20 deletions.
diff --git a/mdx/nl_surfconext/beans.xml b/mdx/nl_surfconext/beans.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Common beans for this channel.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    default-lazy-init="true"
+    xmlns:p="http://www.springframework.org/schema/p"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
+
+    <!--
+        Metadata signing certificate.
+    -->
+    <bean id="nl_surfconext_signingCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
+        <property name="certificateFile">
+            <bean class="java.io.File">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/nl_surfconext/metadata-signer.crt"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!--
+        Check the signature on a document.
+    -->
+    <bean id="nl_surfconext_checkSignature" parent="stage_parent"
+        class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
+        p:id="nl_surfnet_checkSignature">
+        <property name="verificationCertificate" ref="nl_surfconext_signingCertificate"/>
+    </bean>
+
+    <!--
+        Fetch the IdP aggregate.
+    -->
+    <bean id="nl_surfconext_idpAggregate" parent="domResourceStage_parent"
+        p:id="nl_surfconext_idpAggregate">
+        <property name="domResource">
+            <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
+                <constructor-arg name="client" ref="httpClient"/>
+                <constructor-arg name="url" value="https://engine.surfconext.nl/authentication/proxy/idps-metadata"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!--
+        Fetch the SP aggregate.
+    -->
+    <bean id="nl_surfconext_spAggregate" parent="domResourceStage_parent"
+        p:id="nl_surfconext_spAggregate">
+        <property name="domResource">
+            <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
+                <constructor-arg name="client" ref="httpClient"/>
+                <constructor-arg name="url" value="http://federatie.surfnet.nl/metadata-sfs-sp-saml20-signed.xml"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!--
+        Fetch and process the exported entities as a collection.
+    -->
+    <bean id="nl_surfconext_exportedEntities" parent="composite_parent"
+        p:id="nl_surfconext_exportedEntities">
+        <property name="composedStages">
+            <list>
+                <!-- no export aggregate; use the production ones instead -->
+                <ref bean="nl_surfconext_idpAggregate"/>
+
+                <!--
+                    Check for fatal errors at the aggregate level:
+                        missing or expired validUntil attribute
+                        invalid signature
+                -->
+                <!--
+                <ref bean="check_validUntil"/>
+                <ref bean="nl_surfconext_checkSignature"/>
+                -->
+                <ref bean="errorTerminatingFilter"/>
+
+                <!-- SP singleton -->
+                <ref bean="nl_surfconext_spAggregate"/>
+                <ref bean="disassemble"/>
+                <ref bean="standardImportActions"/>
+            </list>
+        </property>
+    </bean>
+
+</beans>
diff --git a/mdx/nl_surfconext/metadata-signer.crt b/mdx/nl_surfconext/metadata-signer.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVDCCAzygAwIBAgIJANm7yUGYaeG1MA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNV
+BAYTAk5MMRAwDgYDVQQKEwdTVVJGbmV0MREwDwYDVQQLEwhTZXJ2aWNlczEZMBcG
+A1UEAxMQRmVkZXJhdGllIEJlaGVlcjEqMCgGCSqGSIb3DQEJARYbZmVkZXJhdGll
+LWJlaGVlckBzdXJmbmV0Lm5sMB4XDTA4MDYwNTE1MDgyMVoXDTIzMDYwMjE1MDgy
+MVoweTELMAkGA1UEBhMCTkwxEDAOBgNVBAoTB1NVUkZuZXQxETAPBgNVBAsTCFNl
+cnZpY2VzMRkwFwYDVQQDExBGZWRlcmF0aWUgQmVoZWVyMSowKAYJKoZIhvcNAQkB
+FhtmZWRlcmF0aWUtYmVoZWVyQHN1cmZuZXQubmwwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/x+YuMaHyS3xeogfBB6hWrL4Frp+KzOuu4IixfhMHz3xI
+G5l7p2aNV8UrEXevOwMWCgMNxjfSLdZBgNhR14GBh2cVGCx9f/wUtB86scmkP3Pr
+RLoZWu/EIY6MEbgET3D3tkdGuVejQwwhJTlK2xxWHtEdEL5abjYLveDg6Lb6z9od
+ljFevylBMZO+5LwTjpa3+B+07oMZr2sV1yjsG2BEBwTFz4XZzJAabeK9UO836qhN
+ptktjffoCNen33tNCjzqci4wzgQef3CNA/Ef0tMKGotdldKC6FtHvXixmVY5RKUK
+Iutm8sRwne8XYqrD54BAgXZQ0ZovxFbvGhA77YXxAgMBAAGjgd4wgdswHQYDVR0O
+BBYEFJNoYjIYUrDN/h1+9BZYOTk7jQBNMIGrBgNVHSMEgaMwgaCAFJNoYjIYUrDN
+/h1+9BZYOTk7jQBNoX2kezB5MQswCQYDVQQGEwJOTDEQMA4GA1UEChMHU1VSRm5l
+dDERMA8GA1UECxMIU2VydmljZXMxGTAXBgNVBAMTEEZlZGVyYXRpZSBCZWhlZXIx
+KjAoBgkqhkiG9w0BCQEWG2ZlZGVyYXRpZS1iZWhlZXJAc3VyZm5ldC5ubIIJANm7
+yUGYaeG1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAI4IxrYPwwjJ
+D9gO1Vzt8ByeQaRe+V0Mv5Ox9RlcXV33WX8Ny8hqUS4/kjs9v7JOuOw7TRop/4QJ
+IAv/LEXH9B+hQ96zdLGMCcHI2crWF8l0yZ/DtgkpdlcyS7dNbjLtedtmgrOMSQub
+LE02tqoSUR491mQbRuXD49+kJsHXZH8I1YZqOShzPZ7+ksvnBd64txhef8OBlCzE
+elT60nOC3Jm8k3i0HwPcCYfDrh6+MJfC2dvfgktAcyu8rm1Q/ZelxaaXok17wUKg
+D8nDrVCOfTND1RCGcqJ3YVjYDhBrMdK+5NSuC5KOJUpVZbKgTOilnOM7B/Os8HJC
+fxLkDyGV/oQ=
+-----END CERTIFICATE-----
diff --git a/mdx/nl_surfconext/verbs.xml b/mdx/nl_surfconext/verbs.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Verb definitions for this channel.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    default-lazy-init="true"
+    xmlns:p="http://www.springframework.org/schema/p"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
+
+    <!--
+        Import commonly used beans.
+    -->
+    <import resource="../common-beans.xml"/>
+
+    <!--
+        Import channel-specific beans.
+    -->
+    <import resource="beans.xml"/>
+
+    <bean id="serializeImported" parent="serialize_parent"
+        p:id="serializeImported">
+        <property name="outputFile">
+            <bean class="java.io.File">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/nl_surfconext/imported.xml"/>
+            </bean>
+        </property>
+    </bean>
+
+    <bean id="import" parent="pipeline_parent"
+        p:id="import">
+        <property name="stages">
+            <list>
+                <ref bean="nl_surfconext_exportedEntities"/>
+                <ref bean="standardImportTail"/>
+                <ref bean="serializeImported"/>
+            </list>
+        </property>
+    </bean>
+
+    <!--
+        importRaw
+        
+        Fetch the separate IdP and SP aggregates, disassemble them into individual entities
+        and then build up a single aggregate from all combined.
+    -->
+    <bean id="importRaw" parent="pipeline_parent"
+        p:id="importRaw">
+        <property name="stages">
+            <list>
+                <ref bean="nl_surfconext_idpAggregate"/>
+                <ref bean="nl_surfconext_spAggregate"/>
+                <ref bean="disassemble"/>
+                <ref bean="assemble"/>
+                <ref bean="serializeImported"/>
+            </list>
+        </property>
+    </bean>
+
+</beans>
diff --git a/mdx/nl_surfnet/beans.xml b/mdx/nl_surfnet/beans.xml
@@ -14,41 +14,41 @@
     <!--
         Metadata signing certificate.
     -->
-    <bean id="nl_surfconext_signingCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
+    <bean id="nl_surfnet_signingCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
         <property name="certificateFile">
             <bean class="java.io.File">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/nl_surfconext/metadata-signer.crt"/>
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/nl_surfnet/metadata-signer.crt"/>
             </bean>
         </property>
     </bean>
 
     <!--
         Check the signature on a document.
     -->
-    <bean id="nl_surfconext_checkSignature" parent="stage_parent"
+    <bean id="nl_surfnet_checkSignature" parent="stage_parent"
         class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
         p:id="nl_surfnet_checkSignature">
-        <property name="verificationCertificate" ref="nl_surfconext_signingCertificate"/>
+        <property name="verificationCertificate" ref="nl_surfnet_signingCertificate"/>
     </bean>
 
     <!--
         Fetch the IdP aggregate.
     -->
-    <bean id="nl_surfconext_idpAggregate" parent="domResourceStage_parent"
-        p:id="nl_surfconext_idpAggregate">
+    <bean id="nl_surfnet_idpAggregate" parent="domResourceStage_parent"
+        p:id="nl_surfnet_idpAggregate">
         <property name="domResource">
             <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
                 <constructor-arg name="client" ref="httpClient"/>
-                <constructor-arg name="url" value="https://engine.surfconext.nl/authentication/proxy/idps-metadata"/>
+                <constructor-arg name="url" value="https://wayf.surfnet.nl/federate/metadata"/>
             </bean>
         </property>
     </bean>
 
     <!--
         Fetch the SP aggregate.
     -->
-    <bean id="nl_surfconext_spAggregate" parent="domResourceStage_parent"
-        p:id="nl_surfconext_spAggregate">
+    <bean id="nl_surfnet_spAggregate" parent="domResourceStage_parent"
+        p:id="nl_surfnet_spAggregate">
         <property name="domResource">
             <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
                 <constructor-arg name="client" ref="httpClient"/>
@@ -60,26 +60,24 @@
     <!--
         Fetch and process the exported entities as a collection.
     -->
-    <bean id="nl_surfconext_exportedEntities" parent="composite_parent"
-        p:id="nl_surfconext_exportedEntities">
+    <bean id="nl_surfnet_exportedEntities" parent="composite_parent"
+        p:id="nl_surfnet_exportedEntities">
         <property name="composedStages">
             <list>
                 <!-- no export aggregate; use the production ones instead -->
-                <ref bean="nl_surfconext_idpAggregate"/>
+                <ref bean="nl_surfnet_idpAggregate"/>
 
                 <!--
                     Check for fatal errors at the aggregate level:
                         missing or expired validUntil attribute
                         invalid signature
                 -->
-                <!--
                 <ref bean="check_validUntil"/>
-                <ref bean="nl_surfconext_checkSignature"/>
-                -->
+                <ref bean="nl_surfnet_checkSignature"/>
                 <ref bean="errorTerminatingFilter"/>
 
                 <!-- SP singleton -->
-                <ref bean="nl_surfconext_spAggregate"/>
+                <ref bean="nl_surfnet_spAggregate"/>
                 <ref bean="disassemble"/>
                 <ref bean="standardImportActions"/>
             </list>

diff --git a/mdx/nl_surfnet/verbs.xml b/mdx/nl_surfnet/verbs.xml
@@ -25,7 +25,7 @@
         p:id="serializeImported">
         <property name="outputFile">
             <bean class="java.io.File">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/nl_surfconext/imported.xml"/>
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/nl_surfnet/imported.xml"/>
             </bean>
         </property>
     </bean>
@@ -34,7 +34,7 @@
         p:id="import">
         <property name="stages">
             <list>
-                <ref bean="nl_surfconext_exportedEntities"/>
+                <ref bean="nl_surfnet_exportedEntities"/>
                 <ref bean="standardImportTail"/>
                 <ref bean="serializeImported"/>
             </list>
@@ -51,8 +51,8 @@
         p:id="importRaw">
         <property name="stages">
             <list>
-                <ref bean="nl_surfconext_idpAggregate"/>
-                <ref bean="nl_surfconext_spAggregate"/>
+                <ref bean="nl_surfnet_idpAggregate"/>
+                <ref bean="nl_surfnet_spAggregate"/>
                 <ref bean="disassemble"/>
                 <ref bean="assemble"/>
                 <ref bean="serializeImported"/>