From 3c22b2ea7b654c5c57c971bcd8abb46f8ae05f01 Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Wed, 29 May 2013 14:13:43 +0000
Subject: [PATCH] Significant rework of the fr_renater channel to handle the
 RENATER federation's participation in eduGAIN.

---
 build.xml                                     |   3 +-
 mdx/fr_renater/beans.xml                      | 138 +++++++++++++++++-
 mdx/fr_renater/edugain-signer.crt             |  15 ++
 mdx/fr_renater/readme.md                      |  27 ++++
 .../renater-federation-metadata-ca.crt        |  24 +++
 .../renater-federation-metadata.crt           |  83 +++++++++++
 mdx/fr_renater/verbs.xml                      |  35 ++++-
 7 files changed, 312 insertions(+), 13 deletions(-)
 create mode 100644 mdx/fr_renater/edugain-signer.crt
 create mode 100644 mdx/fr_renater/readme.md
 create mode 100644 mdx/fr_renater/renater-federation-metadata-ca.crt
 create mode 100644 mdx/fr_renater/renater-federation-metadata.crt

diff --git a/build.xml b/build.xml
index a1ba0b27..6903ab3d 100644
--- a/build.xml
+++ b/build.xml
@@ -894,7 +894,6 @@
 		<CHANNEL.import channel="at_aconet"/>
         <CHANNEL.import channel="au_aaf"/>
         <CHANNEL.import channel="eu_clarin"/>
-        <CHANNEL.import channel="fr_renater"/>
         <CHANNEL.import channel="ie_edugate"/>
 		<CHANNEL.do channel="ie_edugate" verb="importAll"/>
         <CHANNEL.import channel="int_edugain"/>
@@ -924,6 +923,7 @@
         <CHANNEL.do verb="importProduction" channel="dk_wayf"/>
     	<CHANNEL.do verb="importProduction" channel="es_sir"/>
     	<CHANNEL.do verb="importProduction" channel="fi_haka"/>
+        <CHANNEL.do verb="importProduction" channel="fr_renater"/>
     	<CHANNEL.do verb="importProduction" channel="gr_grnet"/>
     	<CHANNEL.do verb="importProduction" channel="hu_eduid"/>
     	<CHANNEL.do verb="importProduction" channel="in_infed"/>
@@ -950,6 +950,7 @@
         <CHANNEL.do verb="importEdugain" channel="dk_wayf"/>
     	<CHANNEL.do verb="importEdugain" channel="es_sir"/>
     	<CHANNEL.do verb="importEdugain" channel="fi_haka"/>
+        <CHANNEL.do verb="importEdugain" channel="fr_renater"/>
     	<CHANNEL.do verb="importEdugain" channel="gr_grnet"/>
     	<CHANNEL.do verb="importEdugain" channel="hr_eduhr"/>
     	<CHANNEL.do verb="importEdugain" channel="hu_eduid"/>
diff --git a/mdx/fr_renater/beans.xml b/mdx/fr_renater/beans.xml
index b6e008fb..554b782e 100644
--- a/mdx/fr_renater/beans.xml
+++ b/mdx/fr_renater/beans.xml
@@ -12,6 +12,19 @@
         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
     
+    <!--
+        Location of various resources.
+    -->
+    <bean id="fr_renater_productionAggregate_url" class="java.lang.String">
+        <constructor-arg value="https://services-federation.renater.fr/metadata/renater-metadata.xml"/>
+    </bean>
+    <bean id="fr_renater_edugainAggregate_url" class="java.lang.String">
+        <constructor-arg value="https://fedregistry.renater.fr/edugain/edugain-metadata.xml"/>
+    </bean>
+    <bean id="fr_renater_testAggregate_url" class="java.lang.String">
+        <constructor-arg value="https://services-federation.renater.fr/metadata/renater-test-metadata.xml"/>
+    </bean>
+    
     <!--
         Fetch the production aggregate.
     -->
@@ -20,7 +33,20 @@
         <property name="domResource">
             <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
                 <constructor-arg name="client" ref="httpClient"/>
-                <constructor-arg name="url" value="https://services-federation.renater.fr/metadata/renater-metadata.xml"/>
+                <constructor-arg name="url" ref="fr_renater_productionAggregate_url"/>
+            </bean>
+        </property>
+    </bean>
+    
+    <!--
+        Fetch the eduGAIN export aggregate.
+    -->
+    <bean id="fr_renater_edugainAggregate" parent="domResourceStage_parent"
+        p:id="fr_renater_edugainAggregate">
+        <property name="domResource">
+            <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
+                <constructor-arg name="client" ref="httpClient"/>
+                <constructor-arg name="url" ref="fr_renater_edugainAggregate_url"/>
             </bean>
         </property>
     </bean>
@@ -33,7 +59,7 @@
         <property name="domResource">
             <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
                 <constructor-arg name="client" ref="httpClient"/>
-                <constructor-arg name="url" value="https://services-federation.renater.fr/metadata/renater-test-metadata.xml"/>
+                <constructor-arg name="url" ref="fr_renater_testAggregate_url"/>
             </bean>
         </property>
     </bean>
@@ -59,10 +85,69 @@
     </bean>
     
     <!--
-        Fetch and process the exported entities as a collection.
+        eduGAIN signing certificate.
+    -->
+    <bean id="fr_renater_edugainSigningCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
+        <property name="certificateFile">
+            <bean class="java.io.File">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/fr_renater/renater-federation-metadata.crt"/>
+            </bean>
+        </property>
+    </bean>
+    
+    <!--
+        Check eduGAIN signing signature.
+    -->
+    <bean id="fr_renater_edugainCheckSignature" parent="stage_parent"
+        class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
+        p:id="fr_renater_edugainCheckSignature">
+        <property name="verificationCertificate" ref="fr_renater_edugainSigningCertificate"/>
+    </bean>
+    
+    <!--
+        fr_renater_registrar
+        
+        Unique ID for the registrar associated with this channel.
+    -->
+    <bean id="fr_renater_registrar" class="java.lang.String">
+        <constructor-arg value="https://federation.renater.fr/gestion"/>
+    </bean>
+    
+    <!--
+        fr_renater_check_regauth
+        
+        Any registrationAuthority already present on an entity in this
+        channel must match the known registration authority value.
+    -->
+    <bean id="fr_renater_check_regauth" parent="check_regauth_parent"
+        p:id="fr_renater_check_regauth">
+        <property name="transformParameters">
+            <map>
+                <entry key="expectedAuthority" value-ref="fr_renater_registrar"/>
+            </map>
+        </property>
+    </bean>
+    
+    <!--
+        fr_renater_default_regauth
+        
+        Provide a default registrationAuthority appropriate to
+        this channel.
     -->
-    <bean id="fr_renater_exportedEntities" parent="composite_parent"
-        p:id="fr_renater_exportedEntities">
+    <bean id="fr_renater_default_regauth" parent="default_regauth_parent"
+        p:id="fr_renater_default_regauth">
+        <property name="transformParameters">
+            <map>
+                <entry key="defaultAuthority" value-ref="fr_renater_registrar"/>
+            </map>
+        </property>
+    </bean>
+    
+    <!--
+        Fetch and process the production entities as a collection.
+    -->
+    <bean id="fr_renater_productionEntities" parent="composite_parent"
+        p:id="fr_renater_productionEntities">
         <property name="composedStages">
             <list>
                 <!-- no export aggregate; use the production one instead -->
@@ -79,6 +164,9 @@
                 
                 <ref bean="disassemble"/>
                 
+                <ref bean="fr_renater_default_regauth"/>
+                <ref bean="fr_renater_check_regauth"/>
+                
                 <ref bean="standardImportActions"/>
                 
                 <!-- Strip all entity attributes from this source. -->
@@ -87,5 +175,43 @@
             </list>
         </property>
     </bean>
-    
+
+    <!--
+        Fetch and process the eduGAIN export entities as a collection.
+    -->
+    <bean id="fr_renater_edugainEntities" parent="composite_parent"
+        p:id="fr_renater_edugainEntities">
+        <property name="composedStages">
+            <list>
+                <!-- no export aggregate; use the production one instead -->
+                <ref bean="fr_renater_edugainAggregate"/>
+                
+                <!--
+                    Check for fatal errors at the aggregate level:
+                        missing or expired validUntil attribute
+                        invalid signature
+                -->
+                <ref bean="check_validUntil"/>
+                <ref bean="fr_renater_edugainCheckSignature"/>
+                <ref bean="errorTerminatingFilter"/>
+                
+                <ref bean="disassemble"/>
+                
+                <ref bean="fr_renater_default_regauth"/>
+                <ref bean="fr_renater_check_regauth"/>
+
+                <ref bean="standardImportActions"/>
+                
+                <!-- Strip all entity attributes from this source. -->
+                <ref bean="stripMdattrNamespace"/>
+                
+            </list>
+        </property>
+    </bean>
+
+    <!--
+        Select primary export aggregate.
+    -->
+    <alias alias="fr_renater_exportedAggregate" name="fr_renater_edugainAggregate"/>
+    <alias alias="fr_renater_exportedEntities"  name="fr_renater_edugainEntities"/>    
 </beans>
diff --git a/mdx/fr_renater/edugain-signer.crt b/mdx/fr_renater/edugain-signer.crt
new file mode 100644
index 00000000..b6117441
--- /dev/null
+++ b/mdx/fr_renater/edugain-signer.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICZTCCAc6gAwIBAgIEScn+qTANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJG
+UjEQMA4GA1UEChMHUkVOQVRFUjFWMFQGA1UEAxNNQ2VydGlmaWNhdCBkZSBzaWdu
+YXR1cmUgZGVzIG1ldGEgZG9ubmVlcyBkZSBsYSBmZWRlcmF0aW9uIEVkdWNhdGlv
+bi1SZWNoZXJjaGUwHhcNMDkwMzI1MDk1MTM3WhcNMTkwMzIzMDk1MTM3WjB3MQsw
+CQYDVQQGEwJGUjEQMA4GA1UEChMHUkVOQVRFUjFWMFQGA1UEAxNNQ2VydGlmaWNh
+dCBkZSBzaWduYXR1cmUgZGVzIG1ldGEgZG9ubmVlcyBkZSBsYSBmZWRlcmF0aW9u
+IEVkdWNhdGlvbi1SZWNoZXJjaGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJBXcLIguokGiytYSOrgmU6fN+1DXK4eaquvFGMaswuhcRPD4tXtSs8CGxPP8/VF
+Mpcry04lfPA3mpwDis47hsvmLqGJVmfSuvkDsPx+I325h4WqGzEV8kfttkJSi8D0
+QLKk9wseA+BHzoBpU6e5uWmGqfWJgbZlcUuYKCIE2nL/AgMBAAEwDQYJKoZIhvcN
+AQEFBQADgYEAT0rUS5GTtqW9a0pAv0PjieSS6bW3KG3Mtn0jC1dmav6X9fbhhmFL
+1XSC9WnCU2UD3986EWWYKhN2INHghHE/fQGveVwdcVSSt601OpAsUF18tx0vHqkf
+Shcj7mteq59Gv4hOE8U1Urd/pSRaIO3G42X6/L/AlXeDkicfGZHhq7Q=
+-----END CERTIFICATE-----
diff --git a/mdx/fr_renater/readme.md b/mdx/fr_renater/readme.md
new file mode 100644
index 00000000..657db99c
--- /dev/null
+++ b/mdx/fr_renater/readme.md
@@ -0,0 +1,27 @@
+# `fr_renater` Channel
+
+France -- RENATER federation
+
+[Federation web site.](https://services.renater.fr/federation/en/index)
+
+eduGAIN participant
+
+## Metadata Signing Practices
+
+The production metadata we are fetching may be an old format; it is signed using the certificate in `metadata-federation-renater.crt`, which is a self-signed certificate with a 1024-bit key, as follows:
+
+    Issuer: C=FR, O=RENATER, CN=Certificat de signature des meta donnees de la federation Education-Recherche
+    Validity
+        Not Before: Mar 25 09:51:37 2009 GMT
+        Not After : Mar 23 09:51:37 2019 GMT
+    Subject: C=FR, O=RENATER, CN=Certificat de signature des meta donnees de la federation Education-Recherche
+
+The eduGAIN aggregate, which is pulled from a different server, is signed with a different certificate:
+
+    Issuer: C=FR, O=GIP RENATER, CN=AC metadata federation education-recherche/emailAddress=support-federation@support.renater.fr
+    Validity
+        Not Before: Mar 15 14:46:04 2013 GMT
+        Not After : Mar 13 14:46:04 2023 GMT
+    Subject: C=FR, O=GIP RENATER, CN=metadata federation education-recherche/emailAddress=support-federation@support.renater.fr
+
+This is held in `renater-federation-metadata.crt`, and has a 2048-bit RSA key.  Note that this certificate is not self-signed, but is issued by the root CA held in `renater-federation-metadata-ca.crt`.
\ No newline at end of file
diff --git a/mdx/fr_renater/renater-federation-metadata-ca.crt b/mdx/fr_renater/renater-federation-metadata-ca.crt
new file mode 100644
index 00000000..27251c3f
--- /dev/null
+++ b/mdx/fr_renater/renater-federation-metadata-ca.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIJAPsRvfohSqSDMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
+VQQGEwJGUjEUMBIGA1UECgwLR0lQIFJFTkFURVIxMzAxBgNVBAMMKkFDIG1ldGFk
+YXRhIGZlZGVyYXRpb24gZWR1Y2F0aW9uLXJlY2hlcmNoZTE0MDIGCSqGSIb3DQEJ
+ARYlc3VwcG9ydC1mZWRlcmF0aW9uQHN1cHBvcnQucmVuYXRlci5mcjAeFw0xMzAz
+MTUxNDE2NDdaFw0yMzAzMTMxNDE2NDdaMIGOMQswCQYDVQQGEwJGUjEUMBIGA1UE
+CgwLR0lQIFJFTkFURVIxMzAxBgNVBAMMKkFDIG1ldGFkYXRhIGZlZGVyYXRpb24g
+ZWR1Y2F0aW9uLXJlY2hlcmNoZTE0MDIGCSqGSIb3DQEJARYlc3VwcG9ydC1mZWRl
+cmF0aW9uQHN1cHBvcnQucmVuYXRlci5mcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAO+s9f/93HeZgPsGAu1Mii1uTGMYsZyUQs7OfiAWZhJh5ouBuSyp
+/K771Z7SEMctHHj21LrQT4P1wOE+FpHgQWNmMYZ/+glzqx724UdWxBt8HTOOTrVn
+4qY2A6orKi8P7dEVDf4QA89LDZC3ZcMaDy3tHXMefwX3wfkHKhzJjKd+TEgLHqN0
+8Izmrrj69Ae5H2i+hM78sCWWD42XgJPj/SeRvBLikuRUcea8luvKUXghxbs68hPN
+QkUE7nCKgcgXWs3I5HFX59w5o9chX1vuE24rKTj7svu30N350XCR3Vf9pBz9awUH
+AZWGGUrDC9S+QyhJWh6L7a5gs2Azj4SJq0cCAwEAAaNQME4wHQYDVR0OBBYEFHy4
+StIppN3WWnFiQ69jzd2JBcQzMB8GA1UdIwQYMBaAFHy4StIppN3WWnFiQ69jzd2J
+BcQzMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADDjGzUOjgdRN3TL
+9PcGUYSwKnIZTh4Qv84yfLAuAJgEWJAbCjZ5rsuScWXa+4B9q/JP0sZK7VI7DdLc
+oWuthMIWqyXB1OZCDJFdlqTRhInd96TQvw54duPgVqSbFHv9uuoUaT4AjwRpO2Ol
+sMuUaOK6tNBDSdKGUbnb1Nn57Y7iXWJFAvOa1ERAHQ+/N1nGvs9tiOsFuqPYptxa
+NMMg/KUqTcQ2l8pMR68ayO9ZFliApU0PIzswuSwM3g2uKP7N7r0JkC93p+/bNz5D
+y8TetxOOv2MRX3dSuEc/T1mOGZ3PHK1ODlhgb8hgny+q9Ip7DqUYAynTO1kEBgXH
+CeAY8as=
+-----END CERTIFICATE-----
diff --git a/mdx/fr_renater/renater-federation-metadata.crt b/mdx/fr_renater/renater-federation-metadata.crt
new file mode 100644
index 00000000..22a11f88
--- /dev/null
+++ b/mdx/fr_renater/renater-federation-metadata.crt
@@ -0,0 +1,83 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4096 (0x1000)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FR, O=GIP RENATER, CN=AC metadata federation education-recherche/emailAddress=support-federation@support.renater.fr
+        Validity
+            Not Before: Mar 15 14:46:04 2013 GMT
+            Not After : Mar 13 14:46:04 2023 GMT
+        Subject: C=FR, O=GIP RENATER, CN=metadata federation education-recherche/emailAddress=support-federation@support.renater.fr
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c4:3d:c2:50:21:85:c7:6a:f6:fc:9f:cc:a6:70:
+                    ac:af:3f:2e:52:14:65:55:17:09:98:fd:2c:4a:bc:
+                    54:a0:e9:b6:83:4d:a5:12:08:d3:04:c1:63:84:37:
+                    e7:43:d6:16:07:a4:83:a9:54:d9:6c:7c:f4:3b:4b:
+                    46:4b:ae:d1:0f:1c:ee:3a:0a:42:d0:7c:bd:de:d6:
+                    f1:83:33:d2:18:27:65:ee:9e:ff:8f:f9:45:ff:5b:
+                    69:4d:c2:1b:27:37:6a:bf:99:43:2d:e7:48:18:a6:
+                    59:57:61:7f:a9:53:f3:94:1b:c6:e1:7b:c8:98:65:
+                    e6:03:ae:26:b9:09:6f:72:8c:c9:ec:e4:8a:41:e8:
+                    2e:1c:77:5a:15:11:bc:16:ed:81:7c:b4:69:86:3f:
+                    7e:eb:78:bf:1a:35:2e:ae:81:98:42:ee:fc:3b:70:
+                    6a:b9:c9:89:83:d0:46:11:5b:b8:d0:e1:7f:77:f9:
+                    b6:2f:83:e7:5d:6f:44:60:48:ca:8a:95:b9:60:7e:
+                    7d:ce:58:d2:e2:e9:70:69:50:0a:91:36:7d:8f:a6:
+                    68:8a:de:ee:23:ef:89:62:8d:0d:20:b1:4b:51:ba:
+                    8b:18:dd:79:45:83:b2:7d:9c:61:f1:3c:9a:c8:67:
+                    a6:e5:6b:69:d6:ec:68:67:a8:0d:11:7c:98:03:1a:
+                    b3:bd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                4F:7C:2A:13:02:9A:45:2B:3C:BD:D4:70:68:6F:D1:F1:70:B4:24:F0
+            X509v3 Authority Key Identifier: 
+                keyid:7C:B8:4A:D2:29:A4:DD:D6:5A:71:62:43:AF:63:CD:DD:89:05:C4:33
+
+    Signature Algorithm: sha1WithRSAEncryption
+        60:b4:45:74:42:16:56:11:b2:74:14:39:26:22:eb:bb:bd:84:
+        bc:81:84:4e:8f:bd:00:dd:29:ca:87:88:ff:29:d7:7e:5a:bd:
+        d0:cb:20:33:ac:75:7b:01:0b:86:86:0d:91:4a:b9:85:69:09:
+        a0:55:3a:47:ea:fd:84:d9:3f:3d:0f:ed:c9:9d:a2:13:ea:8f:
+        7c:80:59:93:c1:4f:88:e7:d5:f3:f0:14:61:fe:ce:29:af:bf:
+        53:d8:53:5b:a8:49:7d:df:41:52:45:fb:9d:b4:cd:a4:f5:0c:
+        9e:ac:65:72:85:0e:5f:85:87:ff:c4:d3:65:1b:15:0c:25:9a:
+        df:72:10:3e:94:59:e8:43:79:2c:60:20:3e:1e:40:7f:24:36:
+        6f:cd:94:ab:b0:92:37:cd:d3:f3:f9:fb:fa:1c:24:e3:75:62:
+        b3:f4:34:a1:29:8c:4c:60:ed:59:96:4c:8c:ef:64:a8:3f:4c:
+        d1:55:ed:cd:c5:e0:45:1d:70:2d:71:77:71:fd:86:ec:e0:9b:
+        73:1f:f7:f9:96:ab:9a:fd:92:c1:40:c8:e6:d5:df:fe:66:2d:
+        84:66:aa:78:e5:4f:cd:16:b4:7b:f5:c6:b2:b8:cc:db:4d:7c:
+        50:a2:35:80:15:5d:46:75:ef:c1:da:c1:c4:00:da:01:9a:ec:
+        86:37:57:98
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAkZS
+MRQwEgYDVQQKDAtHSVAgUkVOQVRFUjEzMDEGA1UEAwwqQUMgbWV0YWRhdGEgZmVk
+ZXJhdGlvbiBlZHVjYXRpb24tcmVjaGVyY2hlMTQwMgYJKoZIhvcNAQkBFiVzdXBw
+b3J0LWZlZGVyYXRpb25Ac3VwcG9ydC5yZW5hdGVyLmZyMB4XDTEzMDMxNTE0NDYw
+NFoXDTIzMDMxMzE0NDYwNFowgYsxCzAJBgNVBAYTAkZSMRQwEgYDVQQKDAtHSVAg
+UkVOQVRFUjEwMC4GA1UEAwwnbWV0YWRhdGEgZmVkZXJhdGlvbiBlZHVjYXRpb24t
+cmVjaGVyY2hlMTQwMgYJKoZIhvcNAQkBFiVzdXBwb3J0LWZlZGVyYXRpb25Ac3Vw
+cG9ydC5yZW5hdGVyLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+xD3CUCGFx2r2/J/MpnCsrz8uUhRlVRcJmP0sSrxUoOm2g02lEgjTBMFjhDfnQ9YW
+B6SDqVTZbHz0O0tGS67RDxzuOgpC0Hy93tbxgzPSGCdl7p7/j/lF/1tpTcIbJzdq
+v5lDLedIGKZZV2F/qVPzlBvG4XvImGXmA64muQlvcozJ7OSKQeguHHdaFRG8Fu2B
+fLRphj9+63i/GjUuroGYQu78O3BqucmJg9BGEVu40OF/d/m2L4PnXW9EYEjKipW5
+YH59zljS4ulwaVAKkTZ9j6Zoit7uI++JYo0NILFLUbqLGN15RYOyfZxh8TyayGem
+5Wtp1uxoZ6gNEXyYAxqzvQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
+DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUT3wq
+EwKaRSs8vdRwaG/R8XC0JPAwHwYDVR0jBBgwFoAUfLhK0imk3dZacWJDr2PN3YkF
+xDMwDQYJKoZIhvcNAQEFBQADggEBAGC0RXRCFlYRsnQUOSYi67u9hLyBhE6PvQDd
+KcqHiP8p135avdDLIDOsdXsBC4aGDZFKuYVpCaBVOkfq/YTZPz0P7cmdohPqj3yA
+WZPBT4jn1fPwFGH+zimvv1PYU1uoSX3fQVJF+520zaT1DJ6sZXKFDl+Fh//E02Ub
+FQwlmt9yED6UWehDeSxgID4eQH8kNm/NlKuwkjfN0/P5+/ocJON1YrP0NKEpjExg
+7VmWTIzvZKg/TNFV7c3F4EUdcC1xd3H9huzgm3Mf9/mWq5r9ksFAyObV3/5mLYRm
+qnjlT80WtHv1xrK4zNtNfFCiNYAVXUZ178HawcQA2gGa7IY3V5g=
+-----END CERTIFICATE-----
diff --git a/mdx/fr_renater/verbs.xml b/mdx/fr_renater/verbs.xml
index 368d69d4..afb4cf4d 100644
--- a/mdx/fr_renater/verbs.xml
+++ b/mdx/fr_renater/verbs.xml
@@ -31,19 +31,19 @@
         </property>
     </bean>
     
-    <bean id="import" parent="pipeline_parent"
-        p:id="import">
+    <bean id="importProduction" parent="pipeline_parent"
+        p:id="importProduction">
         <property name="stages">
             <list>
-                <ref bean="fr_renater_exportedEntities"/>
+                <ref bean="fr_renater_productionEntities"/>
                 <ref bean="standardImportTail"/>
                 <ref bean="serializeImported"/>
             </list>
         </property>
     </bean>
-
-    <bean id="importRaw" parent="pipeline_parent"
-        p:id="importRaw">
+    
+    <bean id="importProductionRaw" parent="pipeline_parent"
+        p:id="importProductionRaw">
         <property name="stages">
             <list>
                 <ref bean="fr_renater_productionAggregate"/>
@@ -52,4 +52,27 @@
         </property>
     </bean>
     
+    <bean id="importEdugain" parent="pipeline_parent"
+        p:id="importEdugain">
+        <property name="stages">
+            <list>
+                <ref bean="fr_renater_edugainEntities"/>
+                <ref bean="standardImportTail"/>
+                <ref bean="serializeImported"/>
+            </list>
+        </property>
+    </bean>
+    
+    <bean id="importEdugainRaw" parent="pipeline_parent"
+        p:id="importEdugainRaw">
+        <property name="stages">
+            <list>
+                <ref bean="fr_renater_edugainAggregate"/>
+                <ref bean="serializeImported"/>
+            </list>
+        </property>
+    </bean>
+    
+    <alias alias="import"    name="importEdugain"/>
+    <alias alias="importRaw" name="importEdugainRaw"/>
 </beans>