Skip to content
Jump to bottom

TIDO-575 Add support for eduGAIN export aggregation testing #24

Merged
merged 4 commits into from
Aug 29, 2025
+978 −5
Merged

TIDO-575 Add support for eduGAIN export aggregation testing #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2d50582
Add local import with unsigned output test
dmartinez Aug 20, 2025
446de90
Add data/test for edugain report
dmartinez Aug 21, 2025
ebc19da
Add testing for signing export aggregate
dmartinez Aug 26, 2025
40f7f30
Fix comment
dmartinez Aug 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions build.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3056,6 +3056,20 @@
<echo>Generation complete.</echo>
</target>

<!--
inc.generate.import_local
Generate the InCommon import aggregate for local testing
-->
<target name="inc.generate.import_local">
<echo>Generating InCommon import aggregate in ${mda.inc.imported.xml}</echo>
<echo> (IdP-only aggregate in ${mda.inc.imported-idp.xml})</echo>
<echo> from production aggregate in ${mda.inc.production.xml}</echo>
<echo> and selected eduGAIN entities from ${mda.inc.edugain.xml}...</echo>
<CHANNEL.do channel="incommon" verb="import_local"/>
<echo>Generation complete.</echo>
</target>

<!--
inc.generate.import_sign
Expand Down Expand Up @@ -3111,6 +3125,21 @@
<echo>Generation complete.</echo>
</target>

<!--
inc.generate.sign_localkey
Sign an aggregate using a local key
-->
<target name="inc.generate.sign_localkey">
<property name="mda.sign.keyPassword" value="${sign.uk.keyPassword}"/>

<echo>Generating signed aggregate in ${mda.inc.imported.xml}</echo>
<echo> from aggregate in ${mda.inc.production.xml}</echo>
<echo> signed using a local key</echo>
<CHANNEL.do channel="incommon" verb="sign_localkey"/>
<echo>Generation complete.</echo>
</target>

<!--
inc.mdq.generate.localkey
Expand Down Expand Up @@ -3231,4 +3260,16 @@
<echo>Report complete.</echo>
</target>

<!--
inc.edugain.report_local
Report on the eduGAIN entities filtered out because of errors detected.
Used for local testing only
-->
<target name="inc.edugain.report_local">
<echo>Looking for errors in eduGAIN entities from ${mda.inc.edugain.xml}...</echo>
<CHANNEL.do channel="incommon" verb="report_local"/>
<echo>Report complete.</echo>
</target>

</project>
305 changes: 305 additions & 0 deletions mdx/incommon/import_local.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,305 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Construct InCommon eduGAIN import aggregate.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
default-lazy-init="true"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

<!--
Import commonly used beans.
-->
<import resource="classpath:common-beans.xml"/>

<!--
Import inc-mda beans.
-->
<import resource="classpath:uk/org/iay/incommon/mda/beans.xml"/>

<!--
Import channel-specific beans.
-->
<import resource="classpath:incommon/beans.xml"/>
<import resource="classpath:incommon/edugain-policy.xml"/>

<!--
Import eduGAIN channel beans.
-->
<import resource="classpath:int_edugain/beans.xml"/>

<!--
***********************************************************
*** ***
*** C O M M O N O U T P U T P R O C E S S I N G ***
*** ***
***********************************************************
-->

<bean id="common.output" parent="mda.CompositeStage">
<property name="stages">
<list>
<!-- Construct a new aggregate from the collection of entities. -->
<bean id="inc.assemble" parent="mda.EntitiesDescriptorAssemblerStage">
<property name="itemOrderingStrategy">
<bean parent="inc.InCommonEntityOrderingStrategy"
c:_-ref="us_incommon_registrar"/>
</property>
</bean>

<!-- Apply final tweaks to the aggregate. -->
<bean id="finalise" parent="incommon_finalise_parent">
<property name="transformParameters">
<map>
<entry key="extraText" value="Contains InCommon and eduGAIN metadata"/>
<entry key="publisher" value-ref="us_incommon_registrar"/>
<entry key="validityDays" value="${validUntil.aggregate.days}"/>
<entry key="now_ISO" value-ref="now_ISO"/>
<entry key="now_local_ISO" value-ref="now_local_ISO"/>
<entry key="valid_until_ISO" value-ref="validUntil_aggregate_ISO"/>
</map>
</property>
</bean>

<!-- Normalise the use of namespace prefixes in the resulting XML document. -->
<bean id="normalise" parent="mda.XSLTransformationStage"
p:XSLResource="classpath:incommon/ns_norm_import.xsl"/>
</list>
</property>
</bean>


<!--
*****************************************
*** ***
*** I D P - O N L Y O U T P U T ***
*** ***
*****************************************
-->

<!--
idp.serialize
Writes the IdP-only aggregate out to a file.
-->
<bean id="idp.serialize" parent="mda.SerializationStage">
<property name="serializer" ref="serializer"/>
<property name="outputFile">
<bean parent="File">
<constructor-arg value="${inc.imported-idp.xml}"/>
</bean>
</property>
</bean>

<!--
idp.selector
Entities in the IdP-only aggregate are restricted to identity providers.
-->
<bean id="idp.selector" parent="mda.XPathItemSelectionStrategy">
<constructor-arg value="/md:EntityDescriptor[md:IDPSSODescriptor]"/>
<constructor-arg ref="commonNamespaces"/>
</bean>

<!--
idp.pipeline
Generates the IdP-only aggregate. The selector has already taken care
of removing non-IdP entities.
-->
<bean id="idp.pipeline" parent="mda.SimplePipeline">
<property name="stages">
<list>
<!-- Perform common steps in constructing an output aggregate. -->
<ref bean="common.output"/>

<!-- Write the resulting aggregate out to a file. -->
<ref bean="idp.serialize"/>
</list>
</property>
</bean>


<!--
*************************************************
*** ***
*** A L L E N T I T I E S O U T P U T ***
*** ***
*************************************************
-->

<!--
serializeImported
Writes the import aggregate out to a file.
-->
<bean id="serializeImported" parent="mda.SerializationStage">
<property name="serializer" ref="serializer"/>
<property name="outputFile">
<bean parent="File">
<constructor-arg value="${inc.imported.xml}"/>
</bean>
</property>
</bean>


<!--
*************************************
*** ***
*** E D U G A I N I N P U T ***
*** ***
*************************************
-->

<bean id="incommon_edugain_importPipeline" parent="mda.SimplePipeline">
<property name="stages">
<list>
<!--
Load the saved eduGAIN aggregate from a file.
-->
<bean id="edugain_aggregate" parent="mda.DOMResourceSourceStage">
<property name="parserPool" ref="parserPool"/>
<property name="DOMResource">
<bean parent="FileSystemResource" c:_0="${inc.edugain.xml}"/>
</property>
</bean>

<!--
Check for fatal errors at the aggregate level:
missing or expired validUntil attribute
invalid signature
This is used for testing and as such we disable
signature and validUntil checks
-->
<!-- <ref bean="check_validUntil"/>
<ref bean="int_edugain_checkSignature"/> -->
<ref bean="errorTerminatingFilter"/>

<ref bean="disassemble"/>

<ref bean="int_edugain_removeBlacklistedEntities"/>

<!--
All eduGAIN entities should have mdrpi:RegistrationInfo elements, but
we can't check the actual values.
-->
<ref bean="check_hasreginfo"/>

<!-- Populate identifiers for future actions. -->
<ref bean="populateItemIds"/>
<ref bean="populateRegistrationAuthorities"/>

<!-- Apply policy. -->
<ref bean="edugainPolicy"/>

<!--
Silently remove entities which are marked as
having errors.
-->
<ref bean="errorRemover"/>
</list>
</property>
</bean>


<!--
*************************************
*** ***
*** M A I N P I P E L I N E ***
*** ***
*************************************
-->

<!--
The main "import" pipeline is responsible for generating the
all-entities output aggregate.
-->
<bean id="import_local" parent="mda.SimplePipeline">
<property name="stages">
<list>
<!--
Start with the InCommon production aggregate.
In a production environment, this will be the *unsigned* aggregate,
so we perform minimal checking on its contents.
-->
<bean id="production_aggregate" parent="mda.DOMResourceSourceStage">
<property name="parserPool" ref="parserPool"/>
<property name="DOMResource">
<bean parent="FileSystemResource" c:_0="${inc.production.xml}"/>
</property>
</bean>

<!-- Break down into individual entities. -->
<ref bean="disassemble"/>

<!--
In case we are testing with InCommon production metadata
that already includes imported entities, remove those
before proceeding to avoid them overwriting the
new imported version.
-->
<bean id="keepInCommonEntities" parent="mda.EntityRegistrationAuthorityFilterStage">
<property name="designatedRegistrationAuthorities">
<list>
<ref bean="us_incommon_registrar"/>
</list>
</property>
<property name="requiringRegistrationInformation" value="true"/>
<property name="keepingRegistrationAuthorities" value="true"/>
</bean>

<!-- Include a default registrationAuthority for each entity. -->
<ref bean="us_incommon_default_regauth"/>

<!-- Populate identifiers for future actions. -->
<ref bean="populateItemIds"/>
<ref bean="populateRegistrationAuthorities"/>

<!-- Merge in selected entities from eduGAIN. -->
<bean id="mergeProductionMDXEntities" parent="mda.PipelineMergeStage"
p:collectionMergeStrategy-ref="deduplicateMergeStrategy">
<property name="mergedPipelines">
<list>
<ref bean="incommon_edugain_importPipeline"/>
</list>
</property>
</bean>

<!--
Discard entities in the InCommon entity blacklist.
Because this is done _after_ the eduGAIN merge, the
named entities will be removed whatever their source.
-->
<ref bean="remove_blacklisted_incommon_entities"/>

<!-- Fork new pipelines to generate special aggregates. -->
<bean id="demux" parent="mda.PipelineDemultiplexerStage">
<property name="pipelinesAndStrategies">
<list>
<!-- IdP-only aggregate. -->
<bean parent="mda.PipelineAndStrategy">
<constructor-arg ref="idp.pipeline"/>
<constructor-arg ref="idp.selector"/>
</bean>
</list>
</property>
<property name="waitingForPipelines" value="true"/>
</bean>

<!-- Perform common steps in constructing an output aggregate. -->
<ref bean="common.output"/>

<!-- Write the resulting aggregate out to a file. -->
<ref bean="serializeImported"/>
</list>
</property>
</bean>

</beans>
Loading