Skip to content

Commit

Permalink
Upgrade to ukf-mda 0.8.1.
Browse files Browse the repository at this point in the history 
Add RSA key length checking to check.uk.future.
Add RSA key length checking to import.metadata, replacing the use of the check_embedded script for that.
In both cases, it is now an *error* for an RSA key of less than 2048 bits to appear. This does not currently apply to the production checks or to imported metadata from eduGAIN or elsewhere.
  • Loading branch information
@iay
iay committed Nov 13, 2013
1 parent 5961626 commit 4b231cf
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 25 deletions.
10 changes: 0 additions & 10 deletions build.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -838,16 +838,6 @@
<CHANNEL.do channel="uk" verb="import.metadata"/>
<echo>Imported metadata to ${entities.dir}/imported.xml</echo>
<fixcrlf file="${entities.dir}/imported.xml"/>
<XALAN
i="${entities.dir}/imported.xml"
o="${xml.dir}/embedded.pem"
x="${build.dir}/extract_embedded.xsl"/>
<echo>Certificates extracted to "${xml.dir}/embedded.pem"</echo>
<exec executable="perl" dir="${xml.dir}"
input="${xml.dir}/embedded.pem">
<arg value="${build.dir}/check_embedded.pl"/>
<arg value="-q"/>
</exec>
</target>

<!--
Expand Down
5 changes: 5 additions & 0 deletions mdx/common-beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,11 @@
<bean id="ElementWhitespaceTrimmingStage" abstract="true" parent="stage_parent"
class="uk.org.ukfederation.mda.dom.ElementWhitespaceTrimmingStage"/>

<bean id="X509CertificateValidationStage" abstract="true" parent="stage_parent"
class="uk.org.ukfederation.mda.validate.X509CertificateValidationStage"/>

<bean id="X509CertificateRSAKeyLengthValidator" abstract="true"
class="uk.org.ukfederation.mda.validate.X509CertificateRSAKeyLengthValidator"/>


<!--
Expand Down
37 changes: 22 additions & 15 deletions mdx/uk/verbs.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,17 @@
<ref bean="uk_populateIds"/>
<ref bean="populateRegistrationAuthorities"/>

<bean parent="X509CertificateValidationStage"
p:id="checkCertificates">
<property name="validators">
<list>
<!-- Error on RSA key length less than 2048 bits. -->
<bean parent="X509CertificateRSAKeyLengthValidator"
p:warningBoundary="0" p:errorBoundary="2048"/>
</list>
</property>
</bean>

<ref bean="check_future"/>
<ref bean="errorAnnouncingFilter"/>
</list>
Expand Down Expand Up @@ -200,21 +211,6 @@
</property>
</bean>

<!--
fetchImportedMetadata
Fetches the contents of the file used to hold metadata just imported
by the federation's import transform.
-->
<bean id="fetchImportedMetadata" parent="DOMFilesystemSourceStage"
p:id="fetchImportedMetadata">
<property name="source">
<bean class="java.io.File">
<constructor-arg value="#{ systemProperties['basedir'] }/entities/imported.xml"/>
</bean>
</property>
</bean>

<!--
serializeImportedMetadata
Expand Down Expand Up @@ -299,6 +295,17 @@
<ref bean="check_shibboleth"/>
<ref bean="check_uk_trust"/>

<bean parent="X509CertificateValidationStage"
p:id="checkCertificates">
<property name="validators">
<list>
<!-- Error on RSA key length less than 2048 bits. -->
<bean parent="X509CertificateRSAKeyLengthValidator"
p:warningBoundary="0" p:errorBoundary="2048"/>
</list>
</property>
</bean>

<ref bean="check_uk_mdrps"/>
<ref bean="check_uk_urlenc"/>
<ref bean="check_future"/>
Expand Down
Binary file removed tools/ukf-mda/ukf-mda-0.8.0.jar
View file
Binary file not shown.
Binary file added tools/ukf-mda/ukf-mda-0.8.1.jar
View file
Binary file not shown.

0 comments on commit 4b231cf

Please sign in to comment.