Add a channel for the Eduserv metadata aggregate.

InCommon · Jun 20, 2011 · d721b0c · d721b0c
1 parent 316afbd
commit d721b0c
Show file tree

Hide file tree

Showing 4 changed files with 112 additions and 0 deletions.
diff --git a/build.xml b/build.xml
@@ -1124,6 +1124,10 @@
         <CHANNEL.import channel="switch"/>
     </target>
 
+    <target name="flow.uk-eduserv.import">
+        <CHANNEL.import channel="uk-eduserv"/>
+    </target>
+
 	<!--
 	    *************************************************
 	    ***                                           ***

diff --git a/mdx/uk-eduserv/beans.xml b/mdx/uk-eduserv/beans.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Common beans for this channel.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> 
+
+    <!--
+        Fetch the export metadata aggregate.
+    -->
+    <bean id="uk-eduserv.fetchExportAggregate" class="net.shibboleth.metadata.dom.DomHttpSourceStage"
+        init-method="initialize" lazy-init="true">
+        <property name="id" value="uk-eduserv.fetchExportAggregate"/>
+        <property name="parserPool" ref="parserPool"/>
+        <property name="sourceUrl" value="https://auth.athensams.net/saml/metadata?name=ukfederation"/>
+    </bean>
+
+    <!--
+        Metadata signing certificate.
+    -->
+    <bean id="uk-eduserv.signingCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
+        <property name="certificateFile">
+            <bean class="java.io.File">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/uk-eduserv/metadata-signer.crt"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!--
+        Check the signature on a document.
+    -->
+    <bean id="uk-eduserv.checkSignature" class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
+        init-method="initialize" lazy-init="true">
+        <property name="id" value="uk-eduserv.checkSignature"/>
+        <property name="verificationCertificate" ref="uk-eduserv.signingCertificate"/>
+    </bean>
+
+    <!--
+        Fetch and process the exported entities as a collection.
+    -->
+    <bean id="uk-eduserv.exportedEntities" class="net.shibboleth.metadata.pipeline.CompositeStage"
+        init-method="initialize" lazy-init="true">
+        <property name="id" value="uk-eduserv.exportedEntities"/>
+        <property name="composedStages">
+            <list>
+                <ref bean="uk-eduserv.fetchExportAggregate"/>
+                <ref bean="uk-eduserv.checkSignature"/>
+
+                <!-- failure to validate signature is fatal -->
+                <ref bean="errorTerminatingFilter"/>
+
+                <ref bean="disassemble"/>
+
+                <ref bean="standardImportActions"/>
+            </list>
+        </property>
+    </bean>
+
+</beans>
diff --git a/mdx/uk-eduserv/import.xml b/mdx/uk-eduserv/import.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Import pipeline for this channel.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> 
+
+    <!--
+        Import commonly used beans.
+    -->
+    <import resource="../common-beans.xml"/>
+
+    <!--
+        Import channel-specific beans.
+    -->
+    <import resource="beans.xml"/>
+
+    <bean id="pipeline" class="net.shibboleth.metadata.pipeline.SimplePipeline"
+        init-method="initialize" lazy-init="true">
+        <property name="id" value="pipeline"/>
+        <property name="stages">
+            <list>
+                <ref bean="uk-eduserv.exportedEntities"/>
+                <ref bean="standardImportTail"/>
+            </list>
+        </property>
+    </bean>
+
+</beans>
diff --git a/mdx/uk-eduserv/metadata-signer.crt b/mdx/uk-eduserv/metadata-signer.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCA0agAwIBAgIQCnFfdSGulBNKkPb/stl3IDANBgkqhkiG9w0BAQUFADCBzjELMAkGA1UE
+BhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQK
+ExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBE
+aXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkB
+FhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29tMB4XDTEwMDYxNjAwMDAwMFoXDTExMDgxNTIzNTk1
+OVowXjELMAkGA1UEBhMCR0IxDjAMBgNVBAgTBUJBTkVTMQ0wCwYDVQQHFARCYXRoMRAwDgYDVQQK
+FAdFZHVzZXJ2MR4wHAYDVQQDFBVnYXRld2F5LmF0aGVuc2Ftcy5uZXQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDBjvSyxeNiVQBJuXquzjcw4VXHsTNgexaiJIrIgEpdoUUkDV0ElNQo
+nMeZsR3jQZsaUQBHBkkSe7OCo3dbp9z+1dPTbE99+vn0rIIQUWE57IiQxVDkmAZLNh5tufcLaYgI
+hIbHevyN4HrqBWdiYM5RNHiwDLDFVnjVHmoml2+E+Ld76RcfBZzsyDGTGyRk+1RU9GIUX654v1E2
+L8h+7DFu0s/gIyV1GHgwPo4cQCBTgz9WCe8ka4WC2ruURJDAtnenJ1G+fVwV8+8sckDTJ31kYIsc
+9VsdPhy0iUX1NUisJ8ioiiv5BRYRpN7mS9XQo7wrtvTsab8ebmxqTYvCns+9AgMBAAGjgaYwgaMw
+DAYDVR0TAQH/BAIwADBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhh
+d3RlU2VydmVyUHJlbWl1bUNBLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYI
+KwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMA0GCSqGSIb3
+DQEBBQUAA4GBAJEUjauWEO0PxgTpQOHt1MhWTNjZ1xYDU5LgbV+5Dgk4SaRE8MiFe+TvKayDtjOE
+U82y/51lIeA73wB30urypdrXZ/DcexJSzl5uLeaDdh+aTc9CUcLxGvWxE+Zwry9P2hzpuFAg/YwB
+MQWK2k6bYcNtSwViWkn9iizXMJ232qZN
+-----END CERTIFICATE-----