Adds new targets for generating signed files for MDQ.

The new targets call either MDQ or xmlsectool, but not both, so that we can add Jenkins jobs with independently-configurable Java versions. See ukf/ukf-meta#309 for details
InCommon · Jul 27, 2021 · 3d973d3 · 3d973d3
1 parent 14f1819
commit 3d973d3
Showing 1 changed file with 48 additions and 1 deletion.
diff --git a/build.xml b/build.xml
@@ -561,6 +561,7 @@
 
     <!--
         Stage 4.1 of md process: Create the cache of MDQ responses, tar the whole lot.
+        DEPRECATED because mdq.createcache uses both MDA and xmlsectool
 
         Runs on: keymaster
 
@@ -574,6 +575,37 @@
         <echo>Stage 4 Success: MDQ cache created; all files comitted to data repository.</echo>
     </target>
 
+    <!--
+        Stage 4.1.1 of md process: sign fragment files with MDA
+
+        Runs on: keymaster
+
+    -->
+    <target name="process.create-mdq-cache.sign.fragments" depends="mdq.sign.fragments">
+        <echo>Stage 4.1.1 Success: MDQ fragments signed</echo>
+    </target>
+
+
+    <!--
+        Stage 4.1.2 of md process: sign MDQ all entities with xmlsectool
+
+        Runs on: keymaster
+
+    -->
+    <target name="process.create-mdq-cache.sign.all.entities" depends="mdq.sign.all.entities">
+        <echo>Stage 4.1.2 Success: MDQ all entities file signed</echo>
+    </target>
+
+    <!--
+        Stage 4.1.3 of md process: create tarfile of files for MDQ
+
+        Runs on: keymaster
+
+    -->
+    <target name="process.create-mdq-cache.tarfile" depends="fs.tar.mdqcache">
+        <echo>Stage 4.1.3 Success: Created tarfile of MDQ fragments and all entities</echo>
+    </target>
+
     <!--
         Stage 4.2 of md process: Copy files from keymaster, push.
 
@@ -2040,12 +2072,21 @@
         <echo>Test verification completed.</echo>
     </target>
 
+    <!--
+		Sign MDQ components: EntityDescriptor files and EntitiesDescriptor
+    -->
+    <target name="samlmd.mdq.sign" depends="
+        samlmd.mdq.sign.fragments
+        samlmd.mdq.sign.all.entities">
+		<echo>MDQ fragments and all entities files signed.</echo>
+    </target>
+
     <!--
         Break the production aggregate into per-entity metadata, sign the
         individual documents and write them as individual files into a
         destination directory.
     -->
-    <target name="samlmd.mdq.sign" depends="get.sign.uk.keyPassword">
+    <target name="samlmd.mdq.sign.fragments" depends="get.sign.uk.keyPassword">
         <property name="mda.mdq.input" value="${output.dir}/${mdaggr.prod.unsigned}"/>
         <property name="mda.sign.keyPassword" value="${sign.uk.keyPassword}"/>
         <echo>Generating per-entity metadata in ${mda.mdq.output}</echo>
@@ -2054,6 +2095,12 @@
         <mkdir dir="${mdq.output.dir}"/>
         <CHANNEL.do channel="uk" verb="mdq-multisign"/>
         <echo>Generation complete.</echo>
+    </target>
+
+    <!--
+        Sign the unsigned production aggregate, call it all.xml when signed for MDQ.
+    -->
+    <target name="samlmd.mdq.sign.all.entities" depends="get.sign.uk.keyPassword">
         <echo>Generating all.xml in ${mda.mdq.output}</echo>
         <SIGN.uk i="${output.dir}/${mdaggr.prod.unsigned}" o="${mdq.output.dir}/all.xml" digest="SHA-256"/>
         <echo>Generation complete.</echo>