Migrate to new (2022-08-03) eduGAIN signing key

See ukf/ukf-meta#343.

mdx/int_edugain/README.md

@@ -4,20 +4,12 @@ Resources associated with the eduGAIN interfederation.
 
 Certificates:
 
-* `mds-v1-1.cer` is the certificate used for signing the eduGAIN
-  metadata aggregate from early 2021 and intended to be used until the
-  end of 2022.
+* `mds-v2.cer` is the certificate used to sign the eduGAIN
+  metadata aggregate at `https://mds.edugain.org/edugain-v2.xml`
+  from mid-2022.
 
-* `mds-v1.cer` is the certificate used for signing the eduGAIN metadata
-  aggregate at `https://mds.edugain.org/edugain-v1.xml` from early 2019 to
-  early 2021.
+* `mds-v1-1.cer` is the certificate used to sign the eduGAIN
+  metadata aggregate at `https://mds.edugain.org/edugain-v1.xml`
+  from early 2021 until mid-2022.
 
-* `mds-2014.cer` is the certificate used for signing eduGAIN metadata at
-  `https://mds.edugain.org` and `https://mds.edugain.org/feed-256.xml` until
-  mid-2019, at which point those locations switched to the `mds-v1.cer`
-  certificate for compatibility.
-
-  See the [eduGAIN certificate change
-  roadmap](https://technical.edugain.org/certificate_change) for further details.
-
-Note that all three certificates wrap the same 2048-bit public key.
+See <https://technical.edugain.org/metadata> for details.

mdx/int_edugain/beans.xml

@@ -23,7 +23,7 @@
     -->
     <!-- production aggregate -->
     <bean id="int_edugain_productionAggregate_url" parent="String">
-        <constructor-arg value="http://mds.edugain.org/edugain-v1.xml"/>
+        <constructor-arg value="https://mds.edugain.org/edugain-v2.xml"/>
     </bean>
     <!-- beta (test) aggregate -->
     <bean id="int_edugain_betaAggregate_url" parent="String">
@@ -58,7 +58,7 @@
         eduGAIN signing certificate.
     -->
     <bean id="int_edugain_signingCertificate" parent="X509CertificateFactoryBean"
-        p:resource="classpath:int_edugain/mds-v1-1.cer"/>
+        p:resource="classpath:int_edugain/mds-v2.cer"/>
 
     <!--
         Check a signature against the eduGAIN signing certificate.

mdx/int_edugain/mds-v2.cer

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFSzCCAzOgAwIBAgIUY99qGOKOxV+iz/+tWfwixuh0CpowDQYJKoZIhvcNAQEL
+BQAwNTEOMAwGA1UECgwFR0VBTlQxIzAhBgNVBAMMGmVkdUdBSU4gUlNBIFNpZ25l
+ciBDQSAyMDIyMB4XDTIyMDMwODA5MjIzMloXDTQyMDMwODA5MjIzMlowNTEOMAwG
+A1UECgwFR0VBTlQxIzAhBgNVBAMMGmVkdUdBSU4gUlNBIFNpZ25lciBDQSAyMDIy
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1H2PdoPu4QLKqfcg7uC9
+rzPA04tdUAdbdnByPddLFEeOfYUxkzbbmrEkUbvL65YAibbxJwEioIQTgSwrtoHL
+nT/puQnux7T7en5qYRDLpX7qR2ssNN4TiXS8Z8qDmI+LQw9YnNpI35qHguHKBr2J
+kbM7qdq6+8KQD0aK+7FyPcGsYDnOoLlJ8cfmIxY7mumfEbiAni/z/pP4Mo2g4rf4
+GY8nhHudJea6qSvxIGLRy7GlL0VOY/PCnxl+EPYSRZYEJEc9jNXsepIzpSU5AM6r
+kwO6Ue+5crYtJMey07b0IEaFNHc/Omt5KY+UO0ewYnjcdnKa5MWgTntxs+AzDiMp
+dIXGemo2SKfcqmAPUW8bLNFABdwxq/Bhcsqb1K+e4C61dPyI2rDWpaM+NIRLvpLD
+jDZsaMnhZK6/ezxKV4h94YKSF1fTunZsyEtaot53ztXjUgvALMFb/XqAes3V+o7D
+WSQ1JYvifkk2agzjel+A9m+e7UgaBuuqfwpkClgMExrB8CJI1xBuAHI/yldoaITL
+auPKWYb+bXpkPg8BznYhGIA9TSqTPNwd0WmH1SZ1lmINuN8ElKRmi+DKkKe9NRXf
+/jS3PKg9NnrFS9fnhTeaI8ikVSh8qPDfsUYtuDF1SL7B+27yT3+7WKCD6gqu/J4P
+8iYELM++C29VgApxlHnLdO8CAwEAAaNTMFEwHQYDVR0OBBYEFEgBijs8UaPzEW81
+hco9oyNH27b3MB8GA1UdIwQYMBaAFEgBijs8UaPzEW81hco9oyNH27b3MA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAMTQKHe5mybVO4hlTHeha1xo
+/OYREQsa0We4nR5Rbga6xDMHCjnDYdfZg6VqbgGUA97kOAymhlIFO0pNKGowlOdR
+o9AjEhW2mq2itD7e4T4bDWqJ+6YAVc94DIVAjaY8BSJiet5BccXB8oles+W9nQ8k
+k24X2uCa3lWTbUaNGootbN+DVKVvX85zt5p707++yRQJZH4AWSAgpglnnIxo/y2Z
+rVUl8LvbwU4SuSQnyorfaiA0Q4NCnJPoZh1sEyfqvcVkH915RwP+0Vl7oXYgYKx0
+52U+G6I3w5qm/PafUQ4K2hn2KIHYDCz4P8DV6pbUqzoZ15BvLPu/3eenzqvdtoGj
+hD8/3VxowicLrV69gEWJZ89VMjjPTHp7XyrEvKq4n7uquLArS3dW3+mNrmeFRA99
+Y59RFgtroEbIyk5Z/AQA0vuTfEATIMdn/jbeLC2juz57AAnuu6mE72KBdZY3OK2u
+F1sQCop/lWfN/khleo5EBWucQ+a7nZnByd6J0sp70AxjSOBTP5I0TBcdZgaDXJpH
+b4pOwX4EQeXUwlYTh2eYoZRP2thTdH0QrXKEEicynmBfvECz/4nAPwLPYk+yK9/a
+bYYSBn/KbBhBie7chsknzJ+XXb4C9ROubuuAl26yPQxX5uI03lYkVExpj5SdHzts
+/ULLKN5t9Us3gc9SQ3+6
+-----END CERTIFICATE-----