Add eduGAIN handling for fi_haka channel.

InCommon · Jun 27, 2012 · 74c101e · 74c101e
1 parent c7c0b74
commit 74c101e
Show file tree

Hide file tree

Showing 4 changed files with 134 additions and 14 deletions.
diff --git a/build.xml b/build.xml
@@ -862,7 +862,6 @@
         <CHANNEL.import channel="ca_caf"/>
         <CHANNEL.import channel="dk_wayf"/>
         <CHANNEL.import channel="eu_clarin"/>
-        <CHANNEL.import channel="fi_haka"/>
         <CHANNEL.import channel="fr_renater"/>
         <CHANNEL.import channel="gr_grnet"/>
         <CHANNEL.import channel="hu_eduid"/>
@@ -895,6 +894,7 @@
         <CHANNEL.do verb="importProduction" channel="cz_eduid"/>
     	<CHANNEL.do verb="importProduction" channel="de_dfnaai"/>
     	<CHANNEL.do verb="importProduction" channel="es_sir"/>
+    	<CHANNEL.do verb="importProduction" channel="fi_haka"/>
     </target>
 
     <!--
@@ -909,6 +909,7 @@
         <CHANNEL.do verb="importEdugain" channel="cz_eduid"/>
         <CHANNEL.do verb="importEdugain" channel="de_dfnaai"/>
     	<CHANNEL.do verb="importEdugain" channel="es_sir"/>
+    	<CHANNEL.do verb="importEdugain" channel="fi_haka"/>
     	<CHANNEL.do verb="importEdugain" channel="hr_eduhr"/>
     </target>
 

diff --git a/mdx/fi_haka/beans.xml b/mdx/fi_haka/beans.xml
@@ -11,6 +11,16 @@
         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
 
+    <!--
+        Location of various resources.
+    -->
+    <bean id="fi_haka_productionAggregate_url" class="java.lang.String">
+        <constructor-arg value="https://haka.funet.fi/metadata/haka-metadata.xml"/>
+    </bean>
+    <bean id="fi_haka_edugainAggregate_url" class="java.lang.String">
+        <constructor-arg value="https://haka.funet.fi/metadata/edugain-metadata.xml"/>
+    </bean>
+
     <!--
         Fetch the production aggregate.
     -->
@@ -19,13 +29,26 @@
         <property name="domResource">
             <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
                 <constructor-arg name="client" ref="httpClient"/>
-                <constructor-arg name="url" value="https://haka.funet.fi/metadata/haka-metadata.xml"/>
+                <constructor-arg name="url"    ref="fi_haka_productionAggregate_url"/>
             </bean>
         </property>
     </bean>
 
     <!--
-        Signing certificate.
+        Fetch the eduGAIN export aggregate.
+    -->
+    <bean id="fi_haka_edugainAggregate" parent="domResourceStage_parent"
+        p:id="fi_haka_edugainAggregate">
+        <property name="domResource">
+            <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
+                <constructor-arg name="client" ref="httpClient"/>
+                <constructor-arg name="url"    ref="fi_haka_edugainAggregate_url"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!--
+        Federation signing certificate.
     -->
     <bean id="fi_haka_signingCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
         <property name="certificateFile">
@@ -36,7 +59,7 @@
     </bean>
 
     <!--
-        Check signing signature.
+        Check federation signature.
     -->
     <bean id="fi_haka_checkSignature" parent="stage_parent"
         class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
@@ -45,13 +68,32 @@
     </bean>
 
     <!--
-        Fetch and process the exported entities as a collection.
+        eduGAIN signing certificate.
+    -->
+    <bean id="fi_haka_edugainSigningCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
+        <property name="certificateFile">
+            <bean class="java.io.File">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/fi_haka/edugain.crt"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!--
+        Check eduGAIN signature.
     -->
-    <bean id="fi_haka_exportedEntities" parent="composite_parent"
-        p:id="fi_haka_exportedEntities">
+    <bean id="fi_haka_checkEdugainSignature" parent="stage_parent"
+        class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
+        p:id="fi_haka_checkEdugainSignature">
+        <property name="verificationCertificate" ref="fi_haka_edugainSigningCertificate"/>
+    </bean>
+
+    <!--
+        Fetch and process the production entities as a collection.
+    -->
+    <bean id="fi_haka_productionEntities" parent="composite_parent"
+        p:id="fi_haka_productionEntities">
         <property name="composedStages">
             <list>
-                <!-- no export aggregate; use the production one instead -->
                 <ref bean="fi_haka_productionAggregate"/>
 
                 <!--
@@ -70,4 +112,34 @@
         </property>
     </bean>
 
+    <!--
+        Fetch and process the eduGAIN export entities as a collection.
+    -->
+    <bean id="fi_haka_edugainEntities" parent="composite_parent"
+        p:id="fi_haka_edugainEntities">
+        <property name="composedStages">
+            <list>
+                <ref bean="fi_haka_edugainAggregate"/>
+
+                <!--
+                    Check for fatal errors at the aggregate level:
+                        missing or expired validUntil attribute
+                        invalid signature
+                -->
+                <ref bean="check_validUntil"/>
+                <ref bean="fi_haka_checkEdugainSignature"/>
+                <ref bean="errorTerminatingFilter"/>
+
+                <ref bean="disassemble"/>
+
+                <ref bean="standardImportActions"/>
+            </list>
+        </property>
+    </bean>
+
+    <!--
+        Select primary export aggregate.
+    -->
+    <alias alias="fi_haka_exportedAggregate" name="fi_haka_edugainAggregate"/>
+    <alias alias="fi_haka_exportedEntities"  name="fi_haka_edugainEntities"/>
 </beans>
diff --git a/mdx/fi_haka/edugain.crt b/mdx/fi_haka/edugain.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEzzCCA7egAwIBAgIQRhUu6g/c3iw668fWV9fdMTANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQG
+EwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENBMB4XDTExMTIwMTAw
+MDAwMFoXDTEzMTEzMDIzNTk1OVowgaExCzAJBgNVBAYTAkZJMRAwDgYDVQQIEwdGaW5sYW5kMQ4w
+DAYDVQQHEwVFc3BvbzEvMC0GA1UEChMmQ1NDIC0gVGlldGVlbiB0aWV0b3Rla25paWthbiBrZXNr
+dXMgT3kxHDAaBgNVBAsTE0NvbW1vbiBJQ1QgU2VydmljZXMxITAfBgNVBAMTGGhha2EtZWR1Z2Fp
+bi1zaWduLmNzYy5maTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALM9FWCANSisI2az
+TQ1q/PUaKfcZzSnRU1kegg898FDaerQjl25SLwMTKSATkXPzp5cGsq04vrYIE3wtfEY8CiFewP03
+rkyIYns3BawMcposTcmKQ6VgGuCDOXstVYhyQ8D2DTLjYzweq1pW+Vuh0hAVEJm37eBHLqHR/pOW
+rHkoXeN4gOSpLy/V8juWtkjTXMFAYlBO9wny9Pi96vAcGzLOpOz2w2B3ivklcuHJwjMmHVb6sMxf
+xGgsMKUrRAEKgFX8vZtJrpSQ/a0c07wlmnYovdmIMBK/s3sxo/45B9p3FSlEGwkbReDtDTF5Ozlt
+M+rvHHEytYz9kehY+S+sreMCAwEAAaOCAWswggFnMB8GA1UdIwQYMBaAFAy9k2gM896ro0lrKzdX
+R+qQ47ntMB0GA1UdDgQWBBTGVbro+Y4vXE7fnO4kt9tZrK9UzjAOBgNVHQ8BAf8EBAMCBaAwDAYD
+VR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGAYDVR0gBBEwDzANBgsr
+BgEEAbIxAQICHTA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLnRjcy50ZXJlbmEub3JnL1RF
+UkVOQVNTTENBLmNybDBtBggrBgEFBQcBAQRhMF8wNQYIKwYBBQUHMAKGKWh0dHA6Ly9jcnQudGNz
+LnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3J0MCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC50Y3Mu
+dGVyZW5hLm9yZzAjBgNVHREEHDAaghhoYWthLWVkdWdhaW4tc2lnbi5jc2MuZmkwDQYJKoZIhvcN
+AQEFBQADggEBACaiFKZElrRg9uHrqMiI3dqLqFLtOJcgl4KoRu+A1B9GyhgM/tKM083raUkszjx5
+RKgXOWclBlcIaKUpuJl9dWLMs6lwV5OQ/VcAxfqdCDBg7+I4NLvwk1NRi2ekt+mcmpFI6VRAuare
+8R5vt6JC7neoWImpZ/H3yb8OcAAqo5BTo9ZoA5FGcHItByZQkPMRmT01BICS4ygJoAfI01ejLpHZ
+a8IYzuVf14hMLZ6tZmHRFqMnEELuNnGwEDdsaQX7MXdBbEqa0of4VNRQdugUK2AQgGDSuf5xRIZI
+54xbHKzRby3QLASQSHy7rw0/Dr2s7TqJTCfgqsgisBDFJkj2hJA=
+-----END CERTIFICATE-----
diff --git a/mdx/fi_haka/verbs.xml b/mdx/fi_haka/verbs.xml
@@ -30,19 +30,19 @@
         </property>
     </bean>
 
-    <bean id="import" parent="pipeline_parent"
-        p:id="import">
+    <bean id="importProduction" parent="pipeline_parent"
+        p:id="importProduction">
         <property name="stages">
             <list>
-                <ref bean="fi_haka_exportedEntities"/>
+                <ref bean="fi_haka_productionEntities"/>
                 <ref bean="standardImportTail"/>
                 <ref bean="serializeImported"/>
             </list>
         </property>
     </bean>
-
-    <bean id="importRaw" parent="pipeline_parent"
-        p:id="importRaw">
+    
+    <bean id="importProductionRaw" parent="pipeline_parent"
+        p:id="importProductionRaw">
         <property name="stages">
             <list>
                 <ref bean="fi_haka_productionAggregate"/>
@@ -51,4 +51,27 @@
         </property>
     </bean>
 
+    <bean id="importEdugain" parent="pipeline_parent"
+        p:id="importEdugain">
+        <property name="stages">
+            <list>
+                <ref bean="fi_haka_edugainEntities"/>
+                <ref bean="standardImportTail"/>
+                <ref bean="serializeImported"/>
+            </list>
+        </property>
+    </bean>
+
+    <bean id="importEdugainRaw" parent="pipeline_parent"
+        p:id="importEdugainRaw">
+        <property name="stages">
+            <list>
+                <ref bean="fi_haka_edugainAggregate"/>
+                <ref bean="serializeImported"/>
+            </list>
+        </property>
+    </bean>
+
+    <alias alias="import"    name="importEdugain"/>
+    <alias alias="importRaw" name="importEdugainRaw"/>
 </beans>