Add a tool to remove the old Eduserv gateway certificate from all aff…

…ected entities once it has expired.

build.xml

@@ -470,6 +470,25 @@
 		</for>
 	</target>
 
+	<!--
+		Utility to remove the old Eduserv gateway certificate.
+	-->
+	<target name="remove.old.eduserv.cert">
+		<echo>Removing old Eduserv gateway certificate</echo>
+		<for param="file">
+			<path>
+				<fileset dir="${entities.dir}" includes="uk*.xml"/>
+			</path>
+			<sequential>
+				<exec executable="perl" dir="${entities.dir}">
+					<arg value="-i"/>
+					<arg value="${build.dir}/remove_old_eduserv_cert.pl"/>
+					<arg value="@{file}"/>
+				</exec>
+			</sequential>
+		</for>
+	</target>
+
 	<!--
 		Utility to add the second Eduserv gateway certificate.
 	-->

build/remove_old_eduserv_cert.pl

@@ -0,0 +1,41 @@
+#!/usr/bin/perl -w
+
+#
+# The input file is a fragment file that may or may not need to have
+# the old Eduserv gateway certificate removed from it.  Remove the certificate if
+# required, or just re-export the file unchanged.
+#
+
+# This line indicates that the old certificate is present
+$old_cert_line = 'MIIDaTCCAtKgAwIBAgIQLqPCly3VfA8B2xVsTv59ajANBgkqhkiG9w0BAQUFADCB';
+
+while (<>) {
+
+	if (/$old_cert_line/) {
+		$delete = 1;
+	}
+
+	if ($ended) {
+		print $_;
+	} else {
+		push @lines, $_;
+		if ($delete && /<\/KeyDescriptor/) {
+			while ((pop @lines) !~ /<KeyDescriptor/) {
+				# remove the KeyDescriptor body back to its initial line
+			}
+			undef $delete;
+		}
+	}
+
+	# at the end...
+	if (/<\/EntityDescriptor>/) {
+		# re-export the old file
+		while ($line = shift @lines) {
+			print $line;
+		}
+		$ended = 1;
+	}
+
+}
+
+# end