New naming scheme. Ensure we only ask for the signing password once.

build.xml

@@ -1,13 +1,48 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
+<!--
+	Federation metadata signing process for the SDSS federation.
+	
+	* "ant pull" fetches the master file from the remote site, and
+	  requires the remote site password.
+	  
+	* "ant process" generates the other files from the master file, and
+	  signs as appropriate.  Requires the keystore password.
+	  
+	* "ant push" sends all files to the remote site, and requires
+	  the remote site password.
+	  
+	The files involved are:
+	
+	[1]		sdss-metadata-unsigned
+	[2]			== sdss-sites-13-unsigned
+	[3]			sdss-metadata
+	[4]				== sdss-sites-13
+	[5]			sdss-sites-12-unsigned
+	[6]				== sdss-sites-unsigned
+	[7]				sdss-sites-12
+	[8]					== sdss-sites
+	[9]				sdss-sites-11-unsigned
+	[10]				sdss-sites-11
+	[11]		sdss-trust-12-unsigned
+	[12]			== sdss-trust-unsigned
+	[13]			sdss-trust-12
+	[14]				== sdss-trust
+	[15]			sdss-trust-11-unsigned
+	[16]				sdss-trust-11
+ 
+	In the above list, indentation implies the creation hierarchy and "=="
+	implies creation by copying.  The numbers in brackets are duplicated
+	in the script where the file in question is created.
+-->
 <project default="process">
 
 	<property name="remote.host" value="bodach.ucs.ed.ac.uk"/>
 	<property name="remote.user" value="shibb"/>
 	<property name="remote.dir" value="shibb12/apache/sites/sdss/fed"/>
 	<property name="remote.loc" value="${remote.user}@${remote.host}:${remote.dir}"/>
 
-	<property name="master.file" value="sdss-sites-13-unsigned.xml"/>
+	<property name="master.file" value="sdss-metadata-unsigned.xml"/>
 
 	<property name="xml.dir" value="xml"/>
 	<property name="lib.dir" value="lib"/>
@@ -20,7 +55,7 @@
 	<!--
 		Standard processing: generate, sign, then verify.
 	-->
-	<target name="process" depends="generate, sign, verify">
+	<target name="process" depends="get.keystore.pass, generate, sign, verify">
 		<echo>Processing complete.</echo>
 	</target>
 
@@ -38,6 +73,7 @@
 		the usual procedure is to overwrite the master file from an e-mail message.
 	-->
 	<target name="pull" depends="get.remote.pass">
+		<!-- [1] -->
 		<scp failonerror="true" password="${remote.pass}"
 			remoteFile="${remote.loc}/${master.file}"
 			todir="${xml.dir}"
@@ -60,7 +96,7 @@
 	<!--
 		Generate unsigned metadata.
 	-->
-	<target name="generate" depends="gen.shibb.1.2, gen.shibb.1.1">
+	<target name="generate" depends="gen.shibb.1.3, gen.shibb.1.2, gen.shibb.1.1">
 		<echo>Generated unsigned metadata.</echo>
 	</target>
 
@@ -85,16 +121,35 @@
 		</sequential>
 	</macrodef>
 
+	<target name="gen.shibb.1.3">
+		<echo>Generating unsigned V1.3 metadata.</echo>
+		<!-- [2] -->
+		<copy overwrite="yes" file="${xml.dir}/${master.file}"
+			tofile="${xml.dir}/sdss-sites-13-unsigned.xml"/>
+	</target>
+
 	<target name="gen.shibb.1.2">
 		<echo>Generating unsigned V1.2 metadata.</echo>
-		<XALAN x="v13_to_v12_sites.xsl" i="${master.file}" o="sdss-sites-unsigned.xml"/>
-		<XALAN x="v13_to_v12_trust.xsl" i="${master.file}" o="sdss-trust-unsigned.xml"/>
+		<!-- [5] -->
+		<XALAN x="v13_to_v12_sites.xsl" i="${master.file}"
+			o="sdss-sites-12-unsigned.xml"/>
+		<!-- [6] -->
+		<copy overwrite="yes" file="${xml.dir}/sdss-sites-12-unsigned.xml"
+			tofile="${xml.dir}/sdss-sites-unsigned.xml"/>
+		<!-- [11] -->
+		<XALAN x="v13_to_v12_trust.xsl" i="${master.file}"
+			o="sdss-trust-12-unsigned.xml"/>
+		<!-- [12] -->
+		<copy overwrite="yes" file="${xml.dir}/sdss-trust-12-unsigned.xml"
+			tofile="${xml.dir}/sdss-trust-unsigned.xml"/>
 	</target>
 
 	<target name="gen.shibb.1.1" depends="gen.shibb.1.2">
 		<echo>Generating unsigned V1.1 metadata.</echo>
-		<XALAN x="v12_to_v11.xsl" i="sdss-sites-unsigned.xml" o="sdss-sites-11-unsigned.xml"/>
-		<XALAN x="v12_to_v11_trust.xsl" i="sdss-trust-unsigned.xml" o="sdss-trust-11-unsigned.xml"/>
+		<!-- [9] -->
+		<XALAN x="v12_to_v11.xsl" i="sdss-sites-12-unsigned.xml" o="sdss-sites-11-unsigned.xml"/>
+		<!-- [15] -->
+		<XALAN x="v12_to_v11_trust.xsl" i="sdss-trust-12-unsigned.xml" o="sdss-trust-11-unsigned.xml"/>
 	</target>
 
 	<!--
@@ -168,20 +223,34 @@
 		<echo>Generated signed metadata.</echo>
 	</target>
 
-	<target name="sign.shibb.1.3" depends="get.keystore.pass">
+	<target name="sign.shibb.1.3">
 		<echo>Signing Shibboleth 1.3 metadata.</echo>
-		<SIGN i="sdss-sites-13-unsigned.xml" o="sdss-sites-13.xml"/>
+		<!-- [3] -->
+		<SIGN i="${master.file}" o="sdss-metadata.xml"/>
+		<!-- [4] -->
+		<copy overwrite="yes" file="${xml.dir}/sdss-metadata.xml"
+			tofile="${xml.dir}/sdss-sites-13.xml"/>
 	</target>
 
-	<target name="sign.shibb.1.2" depends="get.keystore.pass">
+	<target name="sign.shibb.1.2">
 		<echo>Signing Shibboleth 1.2 metadata.</echo>
-		<SIGN i="sdss-sites-unsigned.xml" o="sdss-sites.xml"/>
-		<SIGN i="sdss-trust-unsigned.xml" o="sdss-trust.xml"/>
+		<!-- [7] -->
+		<SIGN i="sdss-sites-12-unsigned.xml" o="sdss-sites-12.xml"/>
+		<!-- [8] -->
+		<copy overwrite="yes" file="${xml.dir}/sdss-sites-12.xml"
+			tofile="${xml.dir}/sdss-sites.xml"/>
+		<!-- [13] -->
+		<SIGN i="sdss-trust-12-unsigned.xml" o="sdss-trust-12.xml"/>
+		<!-- [14] -->
+		<copy overwrite="yes" file="${xml.dir}/sdss-trust-12.xml"
+			tofile="${xml.dir}/sdss-trust.xml"/>
 	</target>
 
-	<target name="sign.shibb.1.1" depends="get.keystore.pass">
+	<target name="sign.shibb.1.1">
 		<echo>Signing Shibboleth 1.1 metadata.</echo>
+		<!-- [10] -->
 		<SIGN i="sdss-sites-11-unsigned.xml" o="sdss-sites-11.xml"/>
+		<!-- [16] -->
 		<SIGN i="sdss-trust-11-unsigned.xml" o="sdss-trust-11.xml"/>
 	</target>
 
@@ -194,11 +263,14 @@
 
 	<target name="verify.shibb.1.3">
 		<echo>Verifying signed Shibboleth 1.3 metadata.</echo>
+		<VFY i="sdss-metadata.xml"/>
 		<VFY i="sdss-sites-13.xml"/>
 	</target>
 
 	<target name="verify.shibb.1.2">
 		<echo>Verifying signed Shibboleth 1.2 metadata.</echo>
+		<VFY i="sdss-sites-12.xml"/>
+		<VFY i="sdss-trust-12.xml"/>
 		<VFY i="sdss-sites.xml"/>
 		<VFY i="sdss-trust.xml"/>
 	</target>