Switch to new eduGAIN signing certificate

See ukf/ukf-meta#300.

mdx/int_edugain/README.md

@@ -4,15 +4,20 @@ Resources associated with the eduGAIN interfederation.
 
 Certificates:
 
-* `mds-v1.cer` is the certificate to be used for signing the eduGAIN metadata
-  aggregate at `https://mds.edugain.org/edugain-v1.xml` from early 2019.
+* `mds-v1-1.cer` is the certificate used for signing the eduGAIN
+  metadata aggregate from early 2021 and intended to be used until the
+  end of 2022.
+
+* `mds-v1.cer` is the certificate used for signing the eduGAIN metadata
+  aggregate at `https://mds.edugain.org/edugain-v1.xml` from early 2019 to
+  early 2021.
 
 * `mds-2014.cer` is the certificate used for signing eduGAIN metadata at
   `https://mds.edugain.org` and `https://mds.edugain.org/feed-256.xml` until
-  mid-2019, at which point those locations switch to the `mds-v1.cer`
+  mid-2019, at which point those locations switched to the `mds-v1.cer`
   certificate for compatibility.
 
-Note that these two certificates wrap the same 2048-bit public key.
+  See the [eduGAIN certificate change
+  roadmap](https://technical.edugain.org/certificate_change) for further details.
 
-See the [eduGAIN certificate change
-roadmap](https://technical.edugain.org/certificate_change) for further details.
+Note that all three certificates wrap the same 2048-bit public key.

mdx/int_edugain/beans.xml

@@ -41,7 +41,7 @@
         If a flow is being run from build.xml using ant, the property name
         needs to be prefixed with "mda.", as "mda.int.edugain.aggregate.name":
 
-            ant -Dmda.int.edugain.aggregate.name=beta ...		
+            ant -Dmda.int.edugain.aggregate.name=beta ...
     -->
     <bean id="int_edugain_productionAggregate" parent="mda.DOMResourceSourceStage">
         <property name="parserPool" ref="parserPool"/>
@@ -58,7 +58,7 @@
         eduGAIN signing certificate.
     -->
     <bean id="int_edugain_signingCertificate" parent="X509CertificateFactoryBean"
-        p:resource="classpath:int_edugain/mds-v1.cer"/>
+        p:resource="classpath:int_edugain/mds-v1-1.cer"/>
 
     <!--
         Check a signature against the eduGAIN signing certificate.

mdx/int_edugain/mds-v1-1.cer

@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5595990 (0x556356)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=GEANT, CN=eduGAIN Signer CA
+        Validity
+            Not Before: Jul  2 14:34:49 2014 GMT
+            Not After : Dec 31 23:59:59 2022 GMT
+        Subject: O=GEANT, CN=eduGAIN Signer CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:91:7e:5d:73:86:46:85:bd:e2:6f:26:d4:b4:dd:
+                    b4:48:3b:79:3b:ee:ad:ac:e6:6f:9c:ea:c4:3c:de:
+                    3e:f5:ac:86:9d:fa:f1:82:3b:6f:52:e0:91:c1:5c:
+                    72:3f:53:9e:f2:35:b3:4b:82:82:b3:97:43:08:e1:
+                    64:2b:b3:82:93:ff:2f:8b:3c:c1:41:f4:cd:25:36:
+                    b0:0b:41:df:e8:a7:a3:cd:73:b0:96:28:c3:75:c9:
+                    5f:15:fc:be:f8:fe:f6:a9:46:56:fd:d2:03:d5:24:
+                    00:47:9a:80:1f:42:68:f2:31:72:d6:df:c2:8b:c3:
+                    32:b5:a8:4a:4a:50:8c:4f:05:f4:0c:05:ac:26:87:
+                    48:02:d9:3e:67:75:99:dd:70:c3:e9:82:c3:17:c8:
+                    6d:80:67:84:06:48:eb:78:b6:0a:6c:a6:34:d2:45:
+                    8f:be:5f:e8:22:f5:65:2e:5b:3b:04:1c:77:45:84:
+                    24:7d:51:84:3a:fb:58:25:31:58:5e:26:35:66:a0:
+                    3d:1b:f5:5f:ca:43:40:45:ff:5c:eb:cb:68:df:5a:
+                    57:21:15:e2:0b:95:66:d6:82:25:ac:20:10:38:04:
+                    f3:47:a8:55:b8:da:a1:a0:52:bf:43:23:71:73:44:
+                    b1:d7:a8:5d:8d:d9:fe:7d:da:dc:dc:4d:e0:d9:d7:
+                    57:a3
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha256WithRSAEncryption
+         7b:bb:0f:c5:b3:00:39:4a:13:3e:63:1b:59:6b:52:77:26:79:
+         da:b1:da:4d:3b:f8:7a:92:c2:03:a9:e3:fb:fa:c7:26:2d:21:
+         a4:ea:2d:4a:93:68:2c:0c:1f:85:f0:e0:31:de:ce:e3:88:2a:
+         3d:d0:f7:74:80:aa:a9:88:3c:f3:54:fe:f6:01:6d:71:e5:57:
+         1e:87:45:1b:24:87:e0:d5:48:b2:f7:42:d4:df:e7:bd:2b:d0:
+         de:34:0c:5b:38:10:35:3d:a8:a4:94:31:fc:70:90:c9:63:75:
+         01:cf:85:8c:31:b1:f3:c7:4f:cf:ce:56:3c:47:77:d0:3c:1c:
+         a0:f3:c0:7d:1a:34:53:61:ed:79:b7:19:f7:ca:d1:ad:1f:5c:
+         31:2c:3d:27:34:f3:f3:27:a8:8b:d0:da:fd:4f:cb:84:34:47:
+         3e:51:f5:bf:1c:23:6f:b2:df:cd:d4:9f:99:0a:cb:7c:47:de:
+         62:25:7b:56:89:55:f5:01:ad:7a:62:1e:5b:5f:cf:29:35:b0:
+         7b:44:dd:b9:9f:d2:37:b8:b0:63:16:cb:f9:e7:75:c0:7f:c8:
+         2c:58:8f:99:52:f6:80:04:83:63:8e:03:f1:81:b2:64:02:2c:
+         6a:55:05:0e:5e:5c:3a:a8:c1:1e:6a:9b:ad:15:50:07:cc:6f:
+         84:90:b1:82
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAb+gAwIBAgIDVWNWMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNVBAoTBUdF
+QU5UMRowGAYDVQQDExFlZHVHQUlOIFNpZ25lciBDQTAiGA8yMDE0MDcwMjE0MzQ0
+OVoYDzIwMjIxMjMxMjM1OTU5WjAsMQ4wDAYDVQQKEwVHRUFOVDEaMBgGA1UEAxMR
+ZWR1R0FJTiBTaWduZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCRfl1zhkaFveJvJtS03bRIO3k77q2s5m+c6sQ83j71rIad+vGCO29S4JHBXHI/
+U57yNbNLgoKzl0MI4WQrs4KT/y+LPMFB9M0lNrALQd/op6PNc7CWKMN1yV8V/L74
+/vapRlb90gPVJABHmoAfQmjyMXLW38KLwzK1qEpKUIxPBfQMBawmh0gC2T5ndZnd
+cMPpgsMXyG2AZ4QGSOt4tgpspjTSRY++X+gi9WUuWzsEHHdFhCR9UYQ6+1glMVhe
+JjVmoD0b9V/KQ0BF/1zry2jfWlchFeILlWbWgiWsIBA4BPNHqFW42qGgUr9DI3Fz
+RLHXqF2N2f592tzcTeDZ11ejAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHu7D8Wz
+ADlKEz5jG1lrUncmedqx2k07+HqSwgOp4/v6xyYtIaTqLUqTaCwMH4Xw4DHezuOI
+Kj3Q93SAqqmIPPNU/vYBbXHlVx6HRRskh+DVSLL3QtTf570r0N40DFs4EDU9qKSU
+MfxwkMljdQHPhYwxsfPHT8/OVjxHd9A8HKDzwH0aNFNh7Xm3GffK0a0fXDEsPSc0
+8/MnqIvQ2v1Py4Q0Rz5R9b8cI2+y383Un5kKy3xH3mIle1aJVfUBrXpiHltfzyk1
+sHtE3bmf0je4sGMWy/nndcB/yCxYj5lS9oAEg2OOA/GBsmQCLGpVBQ5eXDqowR5q
+m60VUAfMb4SQsYI=
+-----END CERTIFICATE-----