Skip to content

Commit

Permalink
Add a first look at the SWAMID federation.
Browse files Browse the repository at this point in the history 
Refactor all the mdx import flows, dividing multi-use beans from the import flow itself.
Rename a lot of files and Ant targets for consistency.  /feds/ has become /mdx/, in particular.
  • Loading branch information
@iay
iay committed Apr 18, 2011
1 parent dd1356c commit e96be8d
Show file tree
Hide file tree
Showing 15 changed files with 288 additions and 260 deletions.
229 changes: 49 additions & 180 deletions build.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
-->
<property name="build.dir" value="${basedir}/build"/>
<property name="entities.dir" value="entities"/>
<property name="feds.dir" value="${basedir}/feds"/>
<property name="mdx.dir" value="${basedir}/mdx"/>
<property name="xml.dir" value="${basedir}/xml"/>

<!--
Expand Down Expand Up @@ -515,9 +515,6 @@
<fileset dir="${tools.dir}/ukf-mda">
<include name="*.jar"/>
</fileset>
<fileset dir="${tools.dir}/ukf-members">
<include name="*.jar"/>
</fileset>
</classpath>
<jvmarg value="-Djava.endorsed.dirs=${tools.mda}/lib/endorsed"/>
<jvmarg value="-Dlogback.configurationFile=${tools.dir}/ukf-mda/logback.xml"/>
Expand Down Expand Up @@ -959,36 +956,14 @@
</macrodef>

<!--
***********************************************
*** ***
*** E D U G A T E F E D E R A T I O N ***
*** ***
***********************************************
*********************************************
*** ***
*** M E T A D A T A E X C H A N G E ***
*** ***
*********************************************
-->

<property name="edugate.dir" value="${feds.dir}/edugate"/>
<property name="edugate.metadata.location"
value="https://edugate.heanet.ie/edugate-metadata-signed.xml"/>
<property name="edugate.metadata.cert"
value="${edugate.dir}/metadata-signer.crt"/>

<macrodef name="XMLSECTOOL.VFY.edugate">
<attribute name="i"/><!-- input file, assumed to be in the XML directory -->
<sequential>
<XMLSECTOOL i="@{i}">
<args>
<arg value="--verifySignature"/>
<arg value="--certificate"/>
<arg value="${edugate.metadata.cert}"/>
<!--
<arg value="- -quiet"/>
-->
</args>
</XMLSECTOOL>
</sequential>
</macrodef>

<macrodef name="CHECK.edugate">

<macrodef name="CHECK.imported">
<attribute name="i"/>
<sequential>
<CHECK.std i="@{i}">
Expand All @@ -999,43 +974,21 @@
</sequential>
</macrodef>

<target name="verify.edugate">
<echo>Verifying metadata held at ${edugate.metadata.location}</echo>
<delete file="${xml.dir}/temp.xml" quiet="true" verbose="false"/>
<get src="${edugate.metadata.location}" dest="${xml.dir}/temp.xml"/>

<!--
Verify signature and schema using xmlsectool.
-->
<XMLSECTOOL.VFY.edugate i="temp.xml"/>

<!--
Run checking rulesets.
-->
<CHECK.edugate i="${xml.dir}/temp.xml"/>

<!--
Delete the temporary file.
-->
<delete file="${xml.dir}/temp.xml" quiet="true" verbose="false"/>

<echo>Verification completed.</echo>
</target>
<!--
***********************************************
*** ***
*** E D U G A T E F E D E R A T I O N ***
*** ***
***********************************************
-->

<property name="edugate.dir" value="${mdx.dir}/edugate"/>

<target name="fed.edugate.import">
<echo>Importing Edugate metadata from ${edugate.metadata.location}</echo>

<!--
Run the aggregator CLI to import the metadata.
-->
<MDA config="${edugate.dir}/import.xml" out="${edugate.dir}/imported.xml"/>

<!--
Run checking rulesets.
-->
<CHECK.edugate i="${edugate.dir}/imported.xml"/>

<echo>Import completed.</echo>
<target name="flow.edugate.import">
<echo>Running Edugate import flow.</echo>
<MDA config="${edugate.dir}/edugate-import.xml" out="${edugate.dir}/imported.xml"/>
<CHECK.imported i="${edugate.dir}/imported.xml"/>
<echo>Completed Edugate import flow.</echo>
</target>

<!--
Expand All @@ -1046,52 +999,8 @@
*************************************************
-->

<property name="incommon.dir" value="${feds.dir}/incommon"/>
<property name="incommon.metadata.location"
value="http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml"/>
<property name="incommon.metadata.cert"
value="${incommon.dir}/incommon.pem"/>

<macrodef name="XMLSECTOOL.VFY.incommon">
<attribute name="i"/><!-- input file, assumed to be in the XML directory -->
<sequential>
<XMLSECTOOL i="@{i}">
<args>
<arg value="--verifySignature"/>
<arg value="--certificate"/>
<arg value="${incommon.metadata.cert}"/>
<!--
<arg value="- -quiet"/>
-->
</args>
</XMLSECTOOL>
</sequential>
</macrodef>
<property name="incommon.dir" value="${mdx.dir}/incommon"/>

<target name="verify.incommon">
<echo>Verifying metadata held at ${incommon.metadata.location}</echo>
<delete file="${xml.dir}/temp.xml" quiet="true" verbose="false"/>
<get src="${incommon.metadata.location}" dest="${xml.dir}/temp.xml"/>

<!--
Verify using xmlsectool.
-->
<XMLSECTOOL.VFY.incommon i="temp.xml"/>

<!--
Run UK checking rulesets.
-->
<CHECK i="${xml.dir}/temp.xml" s="check_imported.xsl"/>

<!--
Delete the temporary file.
-->
<delete file="${xml.dir}/temp.xml" quiet="true" verbose="false"/>

<echo>Verification completed.</echo>
</target>


<!--
*************************
*** ***
Expand All @@ -1100,72 +1009,32 @@
*************************
-->

<property name="edugain.dir" value="${feds.dir}/edugain"/>
<property name="edugain.metadata.location"
value="http://mds.edugain.org/"/>
<property name="edugain.metadata.cert"
value="${edugain.dir}/edugain-signer.crt"/>

<macrodef name="XMLSECTOOL.VFY.edugain">
<attribute name="i"/><!-- input file, assumed to be in the XML directory -->
<sequential>
<XMLSECTOOL i="@{i}">
<args>
<arg value="--verifySignature"/>
<arg value="--certificate"/>
<arg value="${edugain.metadata.cert}"/>
<!--
<arg value="- -quiet"/>
-->
</args>
</XMLSECTOOL>
</sequential>
</macrodef>
<property name="edugain.dir" value="${mdx.dir}/edugain"/>

<target name="verify.edugain">
<echo>Verifying metadata held at ${edugain.metadata.location}</echo>
<delete file="${xml.dir}/temp.xml" quiet="true" verbose="false"/>
<get src="${edugain.metadata.location}" dest="${xml.dir}/temp.xml"/>

<!--
Verify using xmlsectool.
Don't do this for now. Although the signature verifies, the
file as a whole is often not schema-valid.
-->
<!--
<XMLSECTOOL.VFY.edugain i="temp.xml"/>
-->

<!--
Run UK checking rulesets.
-->
<CHECK i="${xml.dir}/temp.xml" s="check_imported.xsl"/>

<!--
Delete the temporary file.
-->
<delete file="${xml.dir}/temp.xml" quiet="true" verbose="false"/>

<echo>Verification completed.</echo>
</target>

<target name="fed.edugain.import">
<echo>Importing eduGAIN metadata from ${edugain.metadata.location}</echo>

<!--
Run the aggregator CLI to import the metadata.
-->
<MDA config="${edugain.dir}/import.xml" out="${edugain.dir}/imported.xml"/>

<!--
Run checking rulesets.
-->
<CHECK.edugate i="${edugain.dir}/imported.xml"/>

<echo>Import completed.</echo>
<target name="flow.edugain.import">
<echo>Running eduGAIN import flow.</echo>
<MDA config="${edugain.dir}/edugain-import.xml" out="${edugain.dir}/imported.xml"/>
<CHECK.imported i="${edugain.dir}/imported.xml"/>
<echo>Completed eduGAIN import flow.</echo>
</target>

<!--
*********************************************
*** ***
*** S W A M I D F E D E R A T I O N ***
*** ***
*********************************************
-->

<property name="swamid.dir" value="${mdx.dir}/swamid"/>

<target name="flow.swamid.import">
<echo>Running SWAMID import flow.</echo>
<MDA config="${swamid.dir}/swamid-import.xml" out="${swamid.dir}/imported.xml"/>
<CHECK.imported i="${swamid.dir}/imported.xml"/>
<echo>Completed SWAMID import flow.</echo>
</target>

<!--
*************************************************
*** ***
Expand All @@ -1174,18 +1043,18 @@
*************************************************
-->

<target name="fed.uk.collect">
<target name="flow.uk.collect">
<echo>Collecting UK fragment files.</echo>

<!--
Run the aggregator CLI to collect the metadata.
-->
<MDA config="${feds.dir}/uk/collect.xml" out="${feds.dir}/uk/collected.xml"/>
<MDA config="${mdx.dir}/uk/uk-collect.xml" out="${mdx.dir}/uk/collected.xml"/>

<!--
Run checking rulesets.
-->
<CHECK.edugate i="${feds.dir}/uk/collected.xml"/>
<CHECK.imported i="${mdx.dir}/uk/collected.xml"/>

<echo>Collection completed.</echo>
</target>
Expand Down
31 changes: 27 additions & 4 deletions feds/clean_import.xsl → mdx/clean-import.xsl
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
clean_import.xsl
clean-import.xsl
Clean up imported metadata from a metadata exchange channel.
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:elab="http://eduserv.org.uk/labels"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:wayf="http://sdss.ac.uk/2006/06/WAYF"
xmlns:mdxTextUtils="xalan://uk.ac.sdss.xalan.md.TextUtils"
xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"

xmlns:wayf="http://sdss.ac.uk/2006/06/WAYF"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
extension-element-prefixes="mdxTextUtils"
exclude-result-prefixes="elab ukfedlabel wayf">

<!--Force UTF-8 encoding for the output.-->
Expand All @@ -33,6 +34,28 @@
<!-- strip xml:base entirely -->
<xsl:template match="@xml:base"/>

<!-- remove KeyDescriptor elements which lack embedded key material -->
<xsl:template match="md:KeyDescriptor[not(descendant::ds:X509Certificate)]"/>

<!-- Remove KeyName elements; they refer to an inaccessable trust fabric -->
<xsl:template match="ds:KeyName"/>

<!-- Remove <ds:X509SubjectName> elements; long ones cause problems. -->
<xsl:template match="ds:X509SubjectName"/>

<!--
Normalise whitespace in X509Certificate elements.
-->
<!--
<xsl:template match="ds:X509Certificate">
<xsl:element name="ds:X509Certificate">
<xsl:text>&#10;</xsl:text>
<xsl:value-of select="mdxTextUtils:wrapBase64(.)"/>
<xsl:text>&#10;</xsl:text>
</xsl:element>
</xsl:template>
-->

<!--By default, copy text blocks, comments and attributes unchanged.-->
<xsl:template match="text()|comment()|@*">
<xsl:copy/>
Expand Down
22 changes: 13 additions & 9 deletions feds/common_beans.xml → mdx/common-beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,19 +120,23 @@
<property name="id" value="cleanImport"/>
<property name="xslResource">
<bean class="org.opensaml.util.resource.FilesystemResource">
<constructor-arg value="#{ systemProperties['basedir'] }/feds/clean_import.xsl"/>
<constructor-arg value="#{ systemProperties['basedir'] }/mdx/clean-import.xsl"/>
</bean>
</property>
</bean>

<!--
<bean id="members" class="uk.org.ukfederation.members.Members">
<constructor-arg>
<bean class="java.io.File">
<constructor-arg value="#{ systemProperties['basedir'] }/xml/members.xml"/>
</bean>
</constructor-arg>
</bean>
Basic EntitiesDescriptor disassembler pipeline stage.
-->

<bean id="disassemble" class="net.shibboleth.metadata.dom.saml.EntitiesDescriptorDisassemblerStage">
<property name="id" value="disassemble"/>
</bean>

<!--
Basic EntitiesDescriptor assembler pipeline stage.
-->
<bean id="assemble" class="net.shibboleth.metadata.dom.saml.EntitiesDescriptorAssemblerStage">
<property name="id" value="assemble"/>
</bean>

</beans>
Loading

0 comments on commit e96be8d

Please sign in to comment.