Bring ca_caf channel up to date with conventions. Add eduGAIN support…

… for ca_caf.
InCommon · Feb 26, 2013 · d1441e3 · d1441e3
1 parent 046d6ed
commit d1441e3
Show file tree

Hide file tree

Showing 5 changed files with 135 additions and 17 deletions.
diff --git a/build.xml b/build.xml
@@ -862,7 +862,6 @@
 		depends="flow.importEdugain.all, flow.importProduction.all">
 		<CHANNEL.import channel="at_aconet"/>
         <CHANNEL.import channel="au_aaf"/>
-        <CHANNEL.import channel="ca_caf"/>
         <CHANNEL.import channel="dk_wayf"/>
         <CHANNEL.import channel="eu_clarin"/>
         <CHANNEL.import channel="fr_renater"/>
@@ -889,6 +888,7 @@
     <target name="flow.importProduction.all">
         <CHANNEL.do verb="importProduction" channel="be_belnet"/>
         <CHANNEL.do verb="importProduction" channel="br_cafe"/>
+    	<CHANNEL.do verb="importProduction" channel="ca_caf"/>
     	<CHANNEL.do verb="importProduction" channel="ch_switchaai"/>
         <CHANNEL.do verb="importProduction" channel="cz_eduid"/>
     	<CHANNEL.do verb="importProduction" channel="de_dfnaai"/>
@@ -912,6 +912,7 @@
     <target name="flow.importEdugain.all">
         <CHANNEL.do verb="importEdugain" channel="be_belnet"/>
         <CHANNEL.do verb="importEdugain" channel="br_cafe"/>
+        <CHANNEL.do verb="importEdugain" channel="ca_caf"/>
         <CHANNEL.do verb="importEdugain" channel="ch_switchaai"/>
         <CHANNEL.do verb="importEdugain" channel="cz_eduid"/>
         <CHANNEL.do verb="importEdugain" channel="de_dfnaai"/>
@@ -934,6 +935,7 @@
     <target name="flow.importEdugainRaw.all">
         <CHANNEL.do verb="importEdugainRaw" channel="be_belnet"/>
         <CHANNEL.do verb="importEdugainRaw" channel="br_cafe"/>
+        <CHANNEL.do verb="importEdugainRaw" channel="ca_caf"/>
         <CHANNEL.do verb="importEdugainRaw" channel="ch_switchaai"/>
         <CHANNEL.do verb="importEdugainRaw" channel="cz_eduid"/>
         <CHANNEL.do verb="importEdugainRaw" channel="de_dfnaai"/>

diff --git a/mdx/ca_caf/beans.xml b/mdx/ca_caf/beans.xml
@@ -18,11 +18,11 @@
         <constructor-arg value="https://caf-shibops.ca/CoreServices/cafshib_metadata_signed.xml"/>
     </bean>
     <bean id="ca_caf_edugainAggregate_url" class="java.lang.String">
-        <constructor-arg value="https://idp.canarie.ca/canarie-inside-edugain.xml"/>
+        <constructor-arg value="https://caf-shib2ops.ca/CoreServices/edugain_caf_metadata_signed.xml"/>
     </bean>
 
     <!--
-        Fetch the CAF production aggregate.
+        Fetch the production aggregate.
     -->
     <bean id="ca_caf_productionAggregate" parent="domResourceStage_parent"
         p:id="ca_caf_productionAggregate">
@@ -35,18 +35,33 @@
     </bean>
 
     <!--
-        CAF signing certificate.
+        Fetch the eduGAIN export aggregate.
+    -->
+    <bean id="ca_caf_edugainAggregate" parent="domResourceStage_parent"
+        p:id="ca_caf_edugainAggregate">
+        <property name="domResource">
+            <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
+                <constructor-arg name="client" ref="httpClient"/>
+                <constructor-arg name="url"    ref="ca_caf_edugainAggregate_url"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!--
+        Signing certificate.
+        
+        This one is used to sign the eduGAIN aggregate.
     -->
     <bean id="ca_caf_signingCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
         <property name="certificateFile">
             <bean class="java.io.File">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/ca_caf/cafshib_metadata_verify.pem"/>
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/ca_caf/metadata-signer.crt"/>
             </bean>
         </property>
     </bean>
 
     <!--
-        Check CAF signing signature.
+        Check signing signature.
     -->
     <bean id="ca_caf_checkSignature" parent="stage_parent"
         class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
@@ -55,13 +70,34 @@
     </bean>
 
     <!--
-        Fetch and process the exported entities as a collection.
+        "cafshib" Signing certificate.
+        
+        This one is used to sign the production aggregate.
+    -->
+    <bean id="ca_caf_cafShibSigningCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
+        <property name="certificateFile">
+            <bean class="java.io.File">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/ca_caf/cafshib_metadata_verify.crt"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!--
+        Check "cafshib" signing signature.
     -->
-    <bean id="ca_caf_exportedEntities" parent="composite_parent"
-        p:id="ca_caf_exportedEntities">
+    <bean id="ca_caf_cafShibCheckSignature" parent="stage_parent"
+        class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
+        p:id="ca_caf_checkSignature">
+        <property name="verificationCertificate" ref="ca_caf_cafShibSigningCertificate"/>
+    </bean>
+
+    <!--
+        Fetch and process the production entities as a collection.
+    -->
+    <bean id="ca_caf_productionEntities" parent="composite_parent"
+        p:id="ca_caf_productionEntities">
         <property name="composedStages">
             <list>
-                <!-- no export aggregate; use the production one instead -->
                 <ref bean="ca_caf_productionAggregate"/>
 
                 <!--
@@ -70,10 +106,37 @@
                         invalid signature
                 -->
                 <ref bean="check_validUntil"/>
-                <ref bean="ca_caf_checkSignature"/>
-                <!--
+                <ref bean="ca_caf_cafShibCheckSignature"/>
                 <ref bean="errorTerminatingFilter"/>
+
+                <ref bean="disassemble"/>
+
+                <ref bean="standardImportActions"/>
+
+                <!-- Strip all entity attributes from this source. -->
+                <ref bean="stripMdattrNamespace"/>
+
+            </list>
+        </property>
+    </bean>
+
+    <!--
+        Fetch and process the eduGAIN export entities as a collection.
+    -->
+    <bean id="ca_caf_edugainEntities" parent="composite_parent"
+        p:id="ca_caf_edugainEntities">
+        <property name="composedStages">
+            <list>
+                <ref bean="ca_caf_edugainAggregate"/>
+
+                <!--
+                    Check for fatal errors at the aggregate level:
+                        missing or expired validUntil attribute
+                        invalid signature
                 -->
+                <ref bean="check_validUntil"/>
+                <ref bean="ca_caf_checkSignature"/>
+                <ref bean="errorTerminatingFilter"/>
 
                 <ref bean="disassemble"/>
 
@@ -86,4 +149,9 @@
         </property>
     </bean>
 
+    <!--
+        Select primary export aggregate.
+    -->
+    <alias alias="ca_caf_exportedAggregate" name="ca_caf_edugainAggregate"/>
+    <alias alias="ca_caf_exportedEntities"  name="ca_caf_edugainEntities"/>
 </beans>
diff --git a/mdx/ca_caf/cafshib_metadata_verify.pem → mdx/ca_caf/cafshib_metadata_verify.crt b/mdx/ca_caf/cafshib_metadata_verify.pem → mdx/ca_caf/cafshib_metadata_verify.crt
diff --git a/mdx/ca_caf/metadata-signer.crt b/mdx/ca_caf/metadata-signer.crt
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIE5TCCA82gAwIBAgIJAN6oiYeyySBlMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJDQTEQ
+MA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzEjMCEGA1UEChMaQ2FuYWRpYW4gQWNj
+ZXNzIEZlZGVyYXRpb24xJDAiBgNVBAsTG1NBTUwgQ29yZSBTZXJ2aWNlcyBPcGVyYXRvcjEpMCcG
+A1UEAxMgRmVkZXJhdGlvbiBNZXRhZGF0YSBWZXJpZmljYXRpb24wHhcNMTIwMjA4MTY0OTAzWhcN
+MzIwMjAzMTY0OTAzWjCBpzELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcT
+B1Rvcm9udG8xIzAhBgNVBAoTGkNhbmFkaWFuIEFjY2VzcyBGZWRlcmF0aW9uMSQwIgYDVQQLExtT
+QU1MIENvcmUgU2VydmljZXMgT3BlcmF0b3IxKTAnBgNVBAMTIEZlZGVyYXRpb24gTWV0YWRhdGEg
+VmVyaWZpY2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyv5ihnO+gbk1EFae
+NUGr8erqiNpQmkNwhTyArjIdB9BCxkOz77jAyiBQuRBqpyUAyr9kIIucBkxLTe45w+XEw7LLKHNN
+HCQ6uRPmFtU0x4r9A5Qw2BGEco2UR/Np4CHK0018gOGAUPAWlBLDcd6+rYLfQUhzIuvdkjDVKbPf
+UpfVV/KyQZ57ROPHxoSM/Ta/ZqGcYDSEJPcSt3HEA+ykoK6aj7yBdNqHofxiErltqSGeZc9yUlRd
+vT/ucQP+KbX6M8ReVCJHQIZxE4Vo/jrvoTixSjDtcyFqJ06wCB1bRIsvTW1VsNflLLOgZJ3G0g3l
+PXeFEha92Z0y1Zs7Gg4jgwIDAQABo4IBEDCCAQwwHQYDVR0OBBYEFHFy1qGzMyfco/zBbJpaHvfa
+7OGCMIHcBgNVHSMEgdQwgdGAFHFy1qGzMyfco/zBbJpaHvfa7OGCoYGtpIGqMIGnMQswCQYDVQQG
+EwJDQTEQMA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzEjMCEGA1UEChMaQ2FuYWRp
+YW4gQWNjZXNzIEZlZGVyYXRpb24xJDAiBgNVBAsTG1NBTUwgQ29yZSBTZXJ2aWNlcyBPcGVyYXRv
+cjEpMCcGA1UEAxMgRmVkZXJhdGlvbiBNZXRhZGF0YSBWZXJpZmljYXRpb26CCQDeqImHsskgZTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA+3NuAAPETE16oiRx0YJ3sx72IQiHEEL2a
+LgeITkUxwn2JanJbCPpLS5ZhdppZ9oxb16ZVWyKwmT9jDHM48OH37QPjlZVWyDRjw/wCj2s/0XK4
+OqaOaZpzx2Sp8mc4IjtDH6tcNGva0h4wHDENukF8w8fVR+tXymXWpEb4AlIEqwAkXjA1h5zrnckW
+6MAtT2HvTCtaeayYwbFFHYKPYet9Q8xluuyZPM6VIBL7cp20IWbB8ZQfiNGBC3m0p2nQ6VL7yza7
+xW7MGRgXY2Y6T5ZohtFexTOOvWvGQnMycTvpbOFPxpwGopYiZ/K1jgzeSYZi/qz5faUnd5yjuPKD
+vxJY
+-----END CERTIFICATE-----
diff --git a/mdx/ca_caf/verbs.xml b/mdx/ca_caf/verbs.xml
@@ -30,19 +30,19 @@
         </property>
     </bean>
 
-    <bean id="import" parent="pipeline_parent"
-        p:id="import">
+    <bean id="importProduction" parent="pipeline_parent"
+        p:id="importProduction">
         <property name="stages">
             <list>
-                <ref bean="ca_caf_exportedEntities"/>
+                <ref bean="ca_caf_productionEntities"/>
                 <ref bean="standardImportTail"/>
                 <ref bean="serializeImported"/>
             </list>
         </property>
     </bean>
 
-    <bean id="importRaw" parent="pipeline_parent"
-        p:id="importRaw">
+    <bean id="importProductionRaw" parent="pipeline_parent"
+        p:id="importProductionRaw">
         <property name="stages">
             <list>
                 <ref bean="ca_caf_productionAggregate"/>
@@ -51,4 +51,27 @@
         </property>
     </bean>
 
+    <bean id="importEdugain" parent="pipeline_parent"
+        p:id="importEdugain">
+        <property name="stages">
+            <list>
+                <ref bean="ca_caf_edugainEntities"/>
+                <ref bean="standardImportTail"/>
+                <ref bean="serializeImported"/>
+            </list>
+        </property>
+    </bean>
+
+    <bean id="importEdugainRaw" parent="pipeline_parent"
+        p:id="importEdugainRaw">
+        <property name="stages">
+            <list>
+                <ref bean="ca_caf_edugainAggregate"/>
+                <ref bean="serializeImported"/>
+            </list>
+        </property>
+    </bean>
+
+    <alias alias="import"    name="importEdugain"/>
+    <alias alias="importRaw" name="importEdugainRaw"/>
 </beans>