Add eduGAIN handling for ch_switchaai channel.

build.xml

@@ -860,7 +860,6 @@
 		<CHANNEL.import channel="at_aconet"/>
         <CHANNEL.import channel="au_aaf"/>
         <CHANNEL.import channel="ca_caf"/>
-        <CHANNEL.import channel="ch_switchaai"/>
         <CHANNEL.import channel="de_dfnaai"/>
         <CHANNEL.import channel="dk_wayf"/>
         <CHANNEL.import channel="es_sir"/>
@@ -894,6 +893,7 @@
     <target name="flow.importProduction.all">
         <CHANNEL.do verb="importProduction" channel="be_belnet"/>
         <CHANNEL.do verb="importProduction" channel="br_cafe"/>
+    	<CHANNEL.do verb="importProduction" channel="ch_switchaai"/>
         <CHANNEL.do verb="importProduction" channel="cz_eduid"/>
     </target>
 
@@ -905,6 +905,7 @@
     <target name="flow.importEdugain.all">
         <CHANNEL.do verb="importEdugain" channel="be_belnet"/>
         <CHANNEL.do verb="importEdugain" channel="br_cafe"/>
+        <CHANNEL.do verb="importEdugain" channel="ch_switchaai"/>
         <CHANNEL.do verb="importEdugain" channel="cz_eduid"/>
     	<CHANNEL.do verb="importEdugain" channel="hr_eduhr"/>
     </target>

mdx/ch_switchaai/beans.xml

@@ -12,20 +12,43 @@
         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
 
     <!--
-        Fetch the SWITCH production aggregate.
+        Location of various resources.
+    -->
+    <bean id="ch_switchaai_productionAggregate_url" class="java.lang.String">
+        <constructor-arg value="http://switch.ch/aai/federation/SWITCHaai/metadata.switchaai_signed.xml"/>
+    </bean>
+    <bean id="ch_switchaai_edugainAggregate_url" class="java.lang.String">
+        <constructor-arg value="http://metadata.aai.switch.ch/metadata.edugain.xml"/>
+    </bean>
+
+    <!--
+        Fetch the production aggregate.
     -->
     <bean id="ch_switchaai_productionAggregate" parent="domResourceStage_parent"
         p:id="ch_switchaai_productionAggregate">
         <property name="domResource">
             <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
                 <constructor-arg name="client" ref="httpClient"/>
-                <constructor-arg name="url" value="http://switch.ch/aai/federation/SWITCHaai/metadata.switchaai_signed.xml"/>
+                <constructor-arg name="url"    ref="ch_switchaai_productionAggregate_url"/>
             </bean>
         </property>
     </bean>
 
     <!--
-        SWITCH federation signing certificate.
+        Fetch the eduGAIN export aggregate.
+    -->
+    <bean id="ch_switchaai_edugainAggregate" parent="domResourceStage_parent"
+        p:id="ch_switchaai_edugainAggregate">
+        <property name="domResource">
+            <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
+                <constructor-arg name="client" ref="httpClient"/>
+                <constructor-arg name="url"    ref="ch_switchaai_edugainAggregate_url"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!--
+        Federation signing certificate.
     -->
     <bean id="ch_switchaai_signingCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
         <property name="certificateFile">
@@ -36,7 +59,18 @@
     </bean>
 
     <!--
-        Check against SWITCH signing signature.
+        Interfederation signing certificate.
+    -->
+    <bean id="ch_switchaai_interfedSigningCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
+        <property name="certificateFile">
+            <bean class="java.io.File">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/ch_switchaai/interfed.crt"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!--
+        Check against federation signature.
     -->
     <bean id="ch_switchaai_checkSignature" parent="stage_parent"
         class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
@@ -45,13 +79,21 @@
     </bean>
 
     <!--
-        Fetch and process the exported entities as a collection.
+        Check against federation signature.
     -->
-    <bean id="ch_switchaai_exportedEntities" parent="composite_parent"
-        p:id="ch_switchaai_exportedEntities">
+    <bean id="ch_switchaai_checkInterfedSignature" parent="stage_parent"
+        class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
+        p:id="ch_switchaai_checkInterfedSignature">
+        <property name="verificationCertificate" ref="ch_switchaai_interfedSigningCertificate"/>
+    </bean>
+
+    <!--
+        Fetch and process the production entities as a collection.
+    -->
+    <bean id="ch_switchaai_productionEntities" parent="composite_parent"
+        p:id="ch_switchaai_productionEntities">
         <property name="composedStages">
             <list>
-                <!-- no export aggregate; use the production one instead -->
                 <ref bean="ch_switchaai_productionAggregate"/>
 
                 <!--
@@ -70,4 +112,34 @@
         </property>
     </bean>
 
+    <!--
+        Fetch and process the eduGAIN export entities as a collection.
+    -->
+    <bean id="ch_switchaai_edugainEntities" parent="composite_parent"
+        p:id="ch_switchaai_edugainEntities">
+        <property name="composedStages">
+            <list>
+                <ref bean="ch_switchaai_edugainAggregate"/>
+
+                <!--
+                    Check for fatal errors at the aggregate level:
+                        missing or expired validUntil attribute
+                        invalid signature
+                -->
+                <ref bean="check_validUntil"/>
+                <ref bean="ch_switchaai_checkInterfedSignature"/>
+                <ref bean="errorTerminatingFilter"/>
+
+                <ref bean="disassemble"/>
+
+                <ref bean="standardImportActions"/>
+            </list>
+        </property>
+    </bean>
+
+    <!--
+        Select primary export aggregate.
+    -->
+    <alias alias="ch_switchaai_exportedAggregate" name="ch_switchaai_edugainAggregate"/>
+    <alias alias="ch_switchaai_exportedEntities"  name="ch_switchaai_edugainEntities"/>
 </beans>

mdx/ch_switchaai/interfed.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIEZDCCA0ygAwIBAgISSWITCHaaiIntFedMDSigner0MA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV
+BAYTAkNIMQ8wDQYDVQQKEwZTV0lUQ0gxNjA0BgNVBAMTLVNXSVRDSGFhaSBJbnRlcmZlZGVyYXRp
+b24gTWV0YWRhdGEgU2lnbmluZyBDQTAeFw0xMTA3MjYwNzAwMDBaFw0xNDA3MjYwNjU5NTlaMFIx
+CzAJBgNVBAYTAkNIMQ8wDQYDVQQKEwZTV0lUQ0gxMjAwBgNVBAMTKVNXSVRDSGFhaSBJbnRlcmZl
+ZGVyYXRpb24gTWV0YWRhdGEgU2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+jvrac+xDD+zxvIupJHe5GrOV1f52Yh+Da4wewMloLpMSA1pz++uLQ98fkFsTPY4w/GP8GQzK/tth
+1zGE0HeLwvlGTFJ8TB0XhBaVLR4zxf5cKnFkfpAfNbFo1b9a28nE47oE1HRCS6wEQTwlCpHtUJp4
+C4oRQ70ncnyctk5iXAW8dX3OyQNtzhP+S7jXhxMIr5yPVMb7TROEP1nwYZsW4ErsNg8T9XAIEzTV
+L7mgU1+o9eKH3fS6GDIkLcTA/8Rs3PLUPMI+yVz/SIwp4KHP9N77qlxfKZjPLqc3R2Pz4rd4qWa3
+CyO1G4rF5kvgSDHD2Vi7QAJDRr7bGQp/T1bxcwIDAQABo4IBLjCCASowDgYDVR0PAQH/BAQDAgeA
+MB0GA1UdDgQWBBSC8VsjQj5m2Itz4VXf7T/NpkfdKjAfBgNVHSMEGDAWgBTj9n409ArMJx6HeWxU
+1cM1NhqeJTBbBgNVHR8EVDBSMFCgTqBMhkpodHRwOi8vY3JsLmFhaS5zd2l0Y2guY2gvU1dJVENI
+YWFpSW50ZXJmZWRlcmF0aW9uTWV0YWRhdGFTaWduaW5nQ0EyMDExLmNybDBlBggrBgEFBQcBAQRZ
+MFcwVQYIKwYBBQUHMAKGSWh0dHA6Ly9jYS5hYWkuc3dpdGNoLmNoL1NXSVRDSGFhaUludGVyZmVk
+ZXJhdGlvbk1ldGFkYXRhU2lnbmluZ0NBMjAxMS5jcnQwFAYDVR0gBA0wCzAJBgdghXQBAgYIMA0G
+CSqGSIb3DQEBBQUAA4IBAQBi9Xem+U6eQj7ebuwch7Akg0yv8zjOY0AVvQRmBIVGMK3qtuOqDWXK
+B0vWLTFqNt841XkWkolWuuzv7dZ814UUJmg0k9Sw5CHtV0cCUSBkriO+bP8DhP3i0NJZxgYb7ubs
+c7SazwV3cRaGZ9oxO8etIDbV0EkSsaM8r/4pmdQPE7httQmHygwTrUqK54j+Dv+eb/7nLuNsZKor
+9u1i8OPyWtGBbRgDdvfFMgBHq7/I5ZYaPP5jbUfCnEINhcboH+LexmNuqOlRgvQbb/DFQ8uorfXC
+04s74jy9zLnLlm0+2emLcV8UI34jydRiZlrl6XSn5gFD1Z7h6OrJ28dVkKab
+-----END CERTIFICATE-----

mdx/ch_switchaai/verbs.xml

@@ -30,19 +30,19 @@
         </property>
     </bean>
 
-    <bean id="import" parent="pipeline_parent"
-        p:id="import">
+    <bean id="importProduction" parent="pipeline_parent"
+        p:id="importProduction">
         <property name="stages">
             <list>
-                <ref bean="ch_switchaai_exportedEntities"/>
+                <ref bean="ch_switchaai_productionEntities"/>
                 <ref bean="standardImportTail"/>
                 <ref bean="serializeImported"/>
             </list>
         </property>
     </bean>
-
-    <bean id="importRaw" parent="pipeline_parent"
-        p:id="importRaw">
+    
+    <bean id="importProductionRaw" parent="pipeline_parent"
+        p:id="importProductionRaw">
         <property name="stages">
             <list>
                 <ref bean="ch_switchaai_productionAggregate"/>
@@ -51,4 +51,27 @@
         </property>
     </bean>
 
+    <bean id="importEdugain" parent="pipeline_parent"
+        p:id="importEdugain">
+        <property name="stages">
+            <list>
+                <ref bean="ch_switchaai_edugainEntities"/>
+                <ref bean="standardImportTail"/>
+                <ref bean="serializeImported"/>
+            </list>
+        </property>
+    </bean>
+
+    <bean id="importEdugainRaw" parent="pipeline_parent"
+        p:id="importEdugainRaw">
+        <property name="stages">
+            <list>
+                <ref bean="ch_switchaai_edugainAggregate"/>
+                <ref bean="serializeImported"/>
+            </list>
+        </property>
+    </bean>
+
+    <alias alias="import"    name="importEdugain"/>
+    <alias alias="importRaw" name="importEdugainRaw"/>
 </beans>