es_sir channel switch from a signing key to a signing certificate

InCommon · Aug 12, 2013 · 9778cde · 9778cde
1 parent d81d1f0
commit 9778cde
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 19 deletions.
diff --git a/mdx/es_sir/beans.xml b/mdx/es_sir/beans.xml
@@ -49,12 +49,12 @@
     </bean>
 
     <!--
-        Signing key.
+        Signing certificate.
     -->
-    <bean id="es_sir_signingKey" class="net.shibboleth.ext.spring.factory.PublicKeyFactoryBean">
-        <property name="publicKeyFile">
+    <bean id="es_sir_signingCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
+        <property name="certificateFile">
             <bean class="java.io.File">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/es_sir/sirpubkey.pem"/>
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/es_sir/metadata-signer.crt"/>
             </bean>
         </property>
     </bean>
@@ -65,7 +65,7 @@
     <bean id="es_sir_checkSignature" parent="stage_parent"
         class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
         p:id="es_sir_checkSignature">
-        <property name="verificationKey" ref="es_sir_signingKey"/>
+        <property name="verificationCertificate" ref="es_sir_signingCertificate"/>
     </bean>
 
     <!--
@@ -105,11 +105,7 @@
                         missing or expired validUntil attribute
                         invalid signature
                 -->
-                <!--
-                    Aggregate does not include validUntil
-                    
-                    <ref bean="check_validUntil"/>
-                -->
+                <ref bean="check_validUntil"/>
                 <ref bean="es_sir_checkSignature"/>
                 <ref bean="errorTerminatingFilter"/>
 

diff --git a/mdx/es_sir/metadata-signer.crt b/mdx/es_sir/metadata-signer.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIRAPezm4v5wzSlY1WF0MFGYKIwDQYJKoZIhvcNAQEFBQAwNjELMAkGA1UE
+BhMCTkwxDzANBgNVBAoTBlRFUkVOQTEWMBQGA1UEAxMNVEVSRU5BIFNTTCBDQTAeFw0xMzA2Mjgw
+MDAwMDBaFw0xNjA2MjcyMzU5NTlaMEUxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRl
+ZDEgMB4GA1UEAxMXbWV0YWRhdGEuc2lyLnJlZGlyaXMuZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCmVaJ9uZRV0NR5DU9g3BRyIUswSfIpcbmJdp403lT0EPFLuEi+r52ysuLd7ACP
+SnlPlNBYRp8JZQPVJ0fblNc6knzcLA2NfEMJj9zYsbH4mkX3X5OpmN89sxHOXX1VBOUXptKH0Nou
+r44dFGdcnISKPTqGMaMtq1Ew9gk95Pl75hxTuDIK5Sg8qhaX4mV9n47IvxTCAgQlARcv8jyFPLFl
+xKMqeAv2cqTY+q3jNPLe4fsyC0gNWEcptfkvErJ6TdPLpHKEfigz0gXNvpxkfYfznE30kxCjFRSZ
+RMFXvpGVQBNYeNblEujLr6jG6AA01p1XsoWuo27eHAlODmVv3lYDAgMBAAGjggF0MIIBcDAfBgNV
+HSMEGDAWgBQMvZNoDPPeq6NJays3V0fqkOO57TAdBgNVHQ4EFgQUiAfFmsksg6qopDRSKxnCIT1+
+IlswDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMCMCIGA1UdIAQbMBkwDQYLKwYBBAGyMQECAh0wCAYGZ4EMAQIBMDoGA1UdHwQzMDEwL6At
+oCuGKWh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3JsMG0GCCsGAQUFBwEB
+BGEwXzA1BggrBgEFBQcwAoYpaHR0cDovL2NydC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xDQS5j
+cnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnRjcy50ZXJlbmEub3JnMCIGA1UdEQQbMBmCF21l
+dGFkYXRhLnNpci5yZWRpcmlzLmVzMA0GCSqGSIb3DQEBBQUAA4IBAQAcTZ7ODqkWBivKUqX9twCQ
+RjPuOnA2n6LUvW4Mf08siqfaafQL57mx0a0YedJa7O/XaMV0whK2WlH+/BQqJak5cv7fMgY29b3p
+ziniVf850lAL+b5AynRCcupKoofMXcjMeKWK+ABpvaMG69PSd0zKqejysBXX1oW1M5he9W7xsk51
+Jt3+I5PcUudK410KGZ4m+cs3Vd9mvZSgUsMwI4vYIcnmSCD4jdyd4JjQO1lffvH1WsAN0q2ZoSeg
+ZtuuS+cHBQr69cNv20xL3cotQZQSnF7NLxD0CVwCnGxPKMoz4mbPSKp88H3134l9IJtNlyajXeh3
+/Ma30gzoL9v/v3cK
+-----END CERTIFICATE-----
diff --git a/mdx/es_sir/sirpubkey.pem b/mdx/es_sir/sirpubkey.pem