Bugzilla 1050, 1051: first cut at a CMS aggregate.

Result is in svn:ignore so is not checked in after a signing run.
Result is not pushed anywhere yet, while we decide if tweaks to content are required.

build.xml

@@ -99,8 +99,8 @@
 	</taskdef>
 
 	<!--
-		There are six separate processing "streams":  production, test, export,
-		fallback, "wayf" and "cdsall".
+		There are many separate processing "streams":  production, test, export,
+		fallback, "wayf", "cdsall" and "cms".
 		
 		Each stream has its own unsigned file, as follows:
 	-->
@@ -110,9 +110,10 @@
 	<property name="md.back.unsigned"   value="ukfederation-back-unsigned.xml"/>
 	<property name="md.wayf.unsigned"   value="ukfederation-wayf-unsigned.xml"/>
 	<property name="md.cdsall.unsigned" value="ukfederation-cdsall-unsigned.xml"/>
+	<property name="md.cms.unsigned"    value="cms-metadata.xml"/>
 
 	<!--
-		Each stream has its own signed file.
+		Each stream except the CMS stream has its own signed file.
 	-->
 	<property name="md.prod.signed"     value="ukfederation-metadata.xml"/>
 	<property name="md.test.signed"     value="ukfederation-test.xml"/>
@@ -398,6 +399,7 @@
         <MDNORM i="${xml.dir}/${md.prod.unsigned}"/>
         <MDNORM i="${xml.dir}/${md.wayf.unsigned}"/>
 		<MDNORM.noblank i="${xml.dir}/${md.cdsall.unsigned}"/>
+		<MDNORM.noblank i="${xml.dir}/${md.cms.unsigned}"/>
         <MDNORM i="${xml.dir}/${md.test.unsigned}"/>
         <MDNORM i="${xml.dir}/${md.export.unsigned}"/>
         <MDNORM i="${xml.dir}/${md.back.unsigned}"/>

mdx/common-beans.xml

@@ -249,6 +249,30 @@
         </constructor-arg>
     </bean>
 
+    <!--
+        stripAlgNamespace
+        
+        Remove the algorithm support namespace.
+    -->
+    <bean id="stripAlgNamespace" parent="NamespaceStrippingStage"
+        p:id="stripAlgNamespace" p:namespace-ref="alg_namespace"/>
+
+    <!--
+        stripIdpdiscNamespace
+        
+        Remove the IdP discovery namespace.
+    -->
+    <bean id="stripIdpdiscNamespace" parent="NamespaceStrippingStage"
+        p:id="stripIdpdiscNamespace" p:namespace-ref="idpdisc_namespace"/>
+
+    <!--
+        stripInitNamespace
+        
+        Remove the session initiation namespace.
+    -->
+    <bean id="stripInitNamespace" parent="NamespaceStrippingStage"
+        p:id="stripInitNamespace" p:namespace-ref="init_namespace"/>
+
     <!--
         stripMdattrNamespace
         
@@ -484,6 +508,60 @@
         p:elementName="Extensions"
         p:elementNamespace="urn:oasis:names:tc:SAML:2.0:metadata"/>
 
+    <!--
+        Beans to strip out selected SAML metadata elements.
+    -->
+
+    <bean id="stripArtifactResolutionService" parent="ElementStrippingStage"
+        p:id="stripArtifactResolutionService"
+        p:elementName="ArtifactResolutionService"
+        p:elementNamespace-ref="md_namespace"/>
+
+    <bean id="stripAssertionConsumerService" parent="ElementStrippingStage"
+        p:id="stripAssertionConsumerService"
+        p:elementName="AssertionConsumerService"
+        p:elementNamespace-ref="md_namespace"/>
+
+    <bean id="stripAttributeAuthorityDescriptor" parent="ElementStrippingStage"
+        p:id="stripAttributeAuthorityDescriptor"
+        p:elementName="AttributeAuthorityDescriptor"
+        p:elementNamespace-ref="md_namespace"/>
+
+    <bean id="stripAttributeConsumingService" parent="ElementStrippingStage"
+        p:id="stripAttributeConsumingService"
+        p:elementName="AttributeConsumingService"
+        p:elementNamespace-ref="md_namespace"/>
+
+    <bean id="stripContactPerson" parent="ElementStrippingStage"
+        p:id="stripContactPerson"
+        p:elementName="ContactPerson"
+        p:elementNamespace-ref="md_namespace"/>
+
+    <bean id="stripKeyDescriptor" parent="ElementStrippingStage"
+        p:id="stripKeyDescriptor"
+        p:elementName="KeyDescriptor"
+        p:elementNamespace-ref="md_namespace"/>
+
+    <bean id="stripManageNameIDService" parent="ElementStrippingStage"
+        p:id="stripManageNameIDService"
+        p:elementName="ManageNameIDService"
+        p:elementNamespace-ref="md_namespace"/>
+
+    <bean id="stripNameIDFormat" parent="ElementStrippingStage"
+        p:id="stripNameIDFormat"
+        p:elementName="NameIDFormat"
+        p:elementNamespace-ref="md_namespace"/>
+
+    <bean id="stripSingleLogoutService" parent="ElementStrippingStage"
+        p:id="stripSingleLogoutService"
+        p:elementName="SingleLogoutService"
+        p:elementNamespace-ref="md_namespace"/>
+
+    <bean id="stripSingleSignOnService" parent="ElementStrippingStage"
+        p:id="stripSingleSignOnService"
+        p:elementName="SingleSignOnService"
+        p:elementNamespace-ref="md_namespace"/>
+
 
 
     <!--
@@ -494,6 +572,13 @@
         *************************************************
     -->
 
+    <bean id="stripMDUIDiscoHints" parent="ElementStrippingStage"
+        p:id="stripMDUIDiscoHints"
+        p:elementName="DiscoHints"
+        p:elementNamespace-ref="mdui_namespace"/>
+
+
+
     <!--
         Populate RegistrationAuthority values from entities.
     -->
@@ -519,6 +604,29 @@
 
 
 
+    <!--
+        ***********************************************
+        ***                                         ***
+        ***   M D U I   S P E C I F I C A T I O N   ***
+        ***                                         ***
+        ***********************************************
+    -->
+
+    <!--
+        *****************************************************
+        ***                                               ***
+        ***   S H I B B O L E T H   E X T E N S I O N S   ***
+        ***                                               ***
+        *****************************************************
+    -->
+
+    <bean id="stripShibScope" parent="ElementStrippingStage"
+        p:id="stripShibScope"
+        p:elementName="Scope"
+        p:elementNamespace-ref="shibmd_namespace"/>
+
+
+
     <!--
         ***************************
         ***                     ***

mdx/uk/generate.xml

@@ -464,61 +464,23 @@
             <list>
                 <ref bean="stripComments"/>
 
+                <ref bean="stripAlgNamespace"/>
+                <ref bean="stripInitNamespace"/>
                 <ref bean="stripMdattrNamespace"/>
                 <ref bean="stripMdrpiNamespace"/>
                 <ref bean="stripUkfedlabelNamespace"/>
                 <ref bean="stripWayfNamespace"/>
 
-                <bean id="stripAlgNamespace" parent="NamespaceStrippingStage"
-                    p:id="stripAlgNamespace" p:namespace-ref="alg_namespace"/>
-
-                <bean id="stripInitNamespace" parent="NamespaceStrippingStage"
-                    p:id="stripInitNamespace" p:namespace-ref="init_namespace"/>
-
-                <bean id="stripArtifactResolutionService" parent="ElementStrippingStage"
-                    p:id="stripArtifactResolutionService"
-                    p:elementName="ArtifactResolutionService"
-                    p:elementNamespace-ref="md_namespace"/>
-
-                <bean id="stripAttributeAuthorityDescriptor" parent="ElementStrippingStage"
-                    p:id="stripAttributeAuthorityDescriptor"
-                    p:elementName="AttributeAuthorityDescriptor"
-                    p:elementNamespace-ref="md_namespace"/>
-
-                <bean id="stripAttributeConsumingService" parent="ElementStrippingStage"
-                    p:id="stripAttributeConsumingService"
-                    p:elementName="AttributeConsumingService"
-                    p:elementNamespace-ref="md_namespace"/>
-
-                <bean id="stripContactPerson" parent="ElementStrippingStage"
-                    p:id="stripContactPerson"
-                    p:elementName="ContactPerson"
-                    p:elementNamespace-ref="md_namespace"/>
-
-                <bean id="stripKeyDescriptor" parent="ElementStrippingStage"
-                    p:id="stripKeyDescriptor"
-                    p:elementName="KeyDescriptor"
-                    p:elementNamespace-ref="md_namespace"/>
-
-                <bean id="stripManageNameIDService" parent="ElementStrippingStage"
-                    p:id="stripManageNameIDService"
-                    p:elementName="ManageNameIDService"
-                    p:elementNamespace-ref="md_namespace"/>
-
-                <bean id="stripNameIDFormat" parent="ElementStrippingStage"
-                    p:id="stripNameIDFormat"
-                    p:elementName="NameIDFormat"
-                    p:elementNamespace-ref="md_namespace"/>
-
-                <bean id="stripSingleLogoutService" parent="ElementStrippingStage"
-                    p:id="stripSingleLogoutService"
-                    p:elementName="SingleLogoutService"
-                    p:elementNamespace-ref="md_namespace"/>
-
-                <bean id="stripShibScope" parent="ElementStrippingStage"
-                    p:id="stripShibScope"
-                    p:elementName="Scope"
-                    p:elementNamespace-ref="shibmd_namespace"/>
+                <ref bean="stripArtifactResolutionService"/>
+                <ref bean="stripAttributeAuthorityDescriptor"/>
+                <ref bean="stripAttributeConsumingService"/>
+                <ref bean="stripContactPerson"/>
+                <ref bean="stripKeyDescriptor"/>
+                <ref bean="stripManageNameIDService"/>
+                <ref bean="stripNameIDFormat"/>
+                <ref bean="stripSingleLogoutService"/>
+
+                <ref bean="stripShibScope"/>
 
                 <!-- remove any now-empty Extensions elements -->
                 <ref bean="removeEmptyExtensions"/>
@@ -804,6 +766,96 @@
         </property>
     </bean>
 
+    <!--
+        *************************************
+        ***                               ***
+        ***   C M S   A G G R E G A T E   ***
+        ***                               ***
+        *************************************
+    -->
+
+    <!--
+        Produces an aggregate which is consumed by the helpdesk's
+        call management system. This will be well-formed XML
+        but will NOT be schema valid, as many required elements
+        are removed to give a smaller output file.
+    -->
+
+    <!--
+        CMSStripUnwanted
+        
+        The CMS needs only a very restricted subset of
+        normal metadata in order to do its job.  This stage
+        removes everything it does not need.
+    -->
+    <bean id="CMSStripUnwanted" parent="CompositeStage"
+        p:id="CMSStripUnwanted">
+        <property name="composedStages">
+            <list>
+                <ref bean="stripComments"/>
+
+                <ref bean="stripAlgNamespace"/>
+                <ref bean="stripIdpdiscNamespace"/>
+                <ref bean="stripInitNamespace"/>
+                <ref bean="stripMdattrNamespace"/>
+
+                <ref bean="stripArtifactResolutionService"/>
+                <ref bean="stripAssertionConsumerService"/>
+                <ref bean="stripAttributeAuthorityDescriptor"/>
+                <ref bean="stripKeyDescriptor"/>
+                <ref bean="stripManageNameIDService"/>
+                <ref bean="stripNameIDFormat"/>
+                <ref bean="stripSingleLogoutService"/>
+                <ref bean="stripSingleSignOnService"/>
+
+                <ref bean="stripMDUIDiscoHints"/>
+
+                <ref bean="stripEntityScopes"/>
+
+                <!-- remove any now-empty Extensions elements -->
+                <ref bean="removeEmptyExtensions"/>
+            </list>
+        </property>
+    </bean>
+
+    <bean id="CMSFinalise" parent="finalise_parent"
+        p:id="CMSFinalise">
+        <property name="transformParameters">
+            <map>
+                <entry key="extraText"
+                    value="Call Management System metadata; not for end entity use"/>
+                <entry key="publisher" value-ref="uk_federation_uri"/>
+            </map>
+        </property>
+    </bean>
+
+    <bean id="serializeCMSAggregate" parent="SerializationStage"
+        p:id="serializeCMSaggregate">
+        <property name="outputFile">
+            <bean class="java.io.File">
+                <constructor-arg value="#{ systemProperties['basedir'] }/xml/cms-metadata.xml"/>
+            </bean>
+        </property>
+    </bean>
+
+    <bean id="CMSPipeline" parent="SimplePipeline"
+        p:id="CMSPipeline">
+        <property name="stages">
+            <list>
+                <!-- make an aggregate first so that we're only traversing one item -->
+                <ref bean="uk_assemble"/>
+
+                <!-- remove many things that the CMS doesn't look at -->
+                <ref bean="CMSStripUnwanted"/>
+
+                <ref bean="CMSFinalise"/>
+                <ref bean="normaliseNamespaces"/>
+
+                <ref bean="serializeCMSAggregate"/>
+            </list>
+        </property>
+    </bean>
+
     <!--
         *************************************
         ***                               ***
@@ -835,7 +887,8 @@
                 -->
 
                 <!--
-                    Fork a new output pipeline for the registrar statistics.
+                    Fork new output pipelines for the registrar statistics and for
+                    the CMS aggregate.
                 -->
                 <bean id="rawRegistrarDemux" parent="PipelineDemultiplexerStage"
                     p:id="rawRegistrarDemux">
@@ -845,6 +898,10 @@
                                 <constructor-arg ref="uk_statisticsPipeline"/>
                                 <constructor-arg ref="everythingSelector"/>
                             </bean>
+                            <bean class="net.shibboleth.utilities.java.support.collection.Pair">
+                                <constructor-arg ref="CMSPipeline"/>
+                                <constructor-arg ref="everythingSelector"/>
+                            </bean>
                         </list>
                     </property>
                     <property name="waitingForPipelines" value="true"/>