Skip to content

Commit

Permalink
Perform an appropriate validUntil check on all input channels.
Browse files Browse the repository at this point in the history 
Relies on an updated aggregator snapshot.
  • Loading branch information
@iay
iay committed Jul 12, 2011
1 parent d9c4c07 commit 63cd8f8
Show file tree
Hide file tree
Showing 23 changed files with 225 additions and 42 deletions.
9 changes: 7 additions & 2 deletions mdx/at_aconet/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="at_aconet_productionAggregate"/>
<ref bean="at_aconet_checkSignature"/>

<!-- failure to validate signature is fatal -->
<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="at_aconet_checkSignature"/>
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/au_aaf/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="au_aaf_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="au_aaf_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/ca_caf/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="ca_caf_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="ca_caf_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/ch_switchaai/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="ch_switchaai_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="ch_switchaai_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/cz_eduid/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="cz_eduid_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="cz_eduid_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/de_dfnaai/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="de_dfnaai_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="de_dfnaai_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/es_sir/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="es_sir_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="es_sir_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
15 changes: 15 additions & 0 deletions mdx/eu_clarin/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,21 @@
<property name="composedStages">
<list>
<ref bean="eu_clarin_exportAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<!--
Check for validUntil fails because this is a static file.
No signature check, because the file is also unsigned.
-->
<!--
<ref bean="check_validUntil"/>
<ref bean="errorTerminatingFilter"/>
-->

<ref bean="disassemble"/>
<ref bean="standardImportActions"/>
</list>
Expand Down
9 changes: 7 additions & 2 deletions mdx/fi_haka/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="fi_haka_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="fi_haka_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/fr_renater/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="fr_renater_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="fr_renater_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/gr_grnet/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="gr_grnet_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="gr_grnet_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/hu_eduid/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="hu_eduid_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="hu_eduid_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
28 changes: 26 additions & 2 deletions mdx/ie_edugate/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,25 @@
<property name="verificationCertificate" ref="ie_edugate_signingCertificate"/>
</bean>

<!--
ie_edugate_validUntil
Check that an aggregate has a validUntil instant specified, and that it has not
yet expired. Sets a bound of 30 days on the validity interval.
-->
<bean id="ie_edugate_validUntil" class="net.shibboleth.metadata.dom.saml.ValidateValidUntilStage"
init-method="initialize" lazy-init="true">
<property name="id" value="ie_edugate_validUntil"/>
<!--
The validUntil attribute must be present.
-->
<property name="requireValidUntil" value="true"/>
<!--
Validity interval must not exceed 30 days.
-->
<property name="maxValidityInterval" value="#{ 1000L * 60 * 60 * 24 * 30 }"/>
</bean>

<!--
Fetch and process the exported entities as a collection.
-->
Expand All @@ -54,9 +73,14 @@
<property name="composedStages">
<list>
<ref bean="ie_edugate_exportAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="ie_edugate_validUntil"/>
<ref bean="ie_edugate_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
28 changes: 24 additions & 4 deletions mdx/int_edugain/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,19 @@
<property name="composedStages">
<list>
<ref bean="int_edugain_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<!--
no validUntil element is present at the moment
-->
<!--
<ref bean="check_validUntil"/>
-->
<ref bean="int_edugain_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand All @@ -80,9 +90,19 @@
<property name="composedStages">
<list>
<ref bean="int_edugain_testAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<!--
no validUntil element is present at the moment
-->
<!--
<ref bean="check_validUntil"/>
-->
<ref bean="int_edugain_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/it_idem/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="it_idem_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="it_idem_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
9 changes: 7 additions & 2 deletions mdx/jp_gakunin/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,14 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="jp_gakunin_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<ref bean="jp_gakunin_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
8 changes: 6 additions & 2 deletions mdx/lv_laife/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,13 @@
<!-- no export aggregate; use the production one instead -->
<ref bean="lv_laife_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<ref bean="check_validUntil"/>
<!-- this metadata is not signed -->

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
14 changes: 12 additions & 2 deletions mdx/se_swamid/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,19 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="se_swamid_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<!--
No validUntil attribute at present.
-->
<!--
<ref bean="check_validUntil"/>
-->
<ref bean="se_swamid_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
14 changes: 12 additions & 2 deletions mdx/si_arnes/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,19 @@
<list>
<!-- no export aggregate; use the production one instead -->
<ref bean="si_arnes_productionAggregate"/>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
-->
<!--
No validUntil attribute in this metadata
-->
<!--
<ref bean="check_validUntil"/>
-->
<ref bean="si_arnes_checkSignature"/>

<!-- failure to validate signature is fatal -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>
Expand Down
Loading

0 comments on commit 63cd8f8

Please sign in to comment.