Upgrade to ukf-mda 0.8.3.

mdx/at_aconet/verbs.xml

@@ -82,12 +82,12 @@
                 <ref bean="at_aconet_edugainEntities"/>
                 <ref bean="standardImportActions"/>
 
-                <bean parent="X509CertificateValidationStage"
+                <bean parent="X509ValidationStage"
                     p:id="checkCertificates">
                     <property name="validators">
                         <list>
                             <!-- Error on RSA key length less than 2048 bits. -->
-                            <bean parent="X509CertificateRSAKeyLengthValidator"
+                            <bean parent="X509RSAKeyLengthValidator"
                                 p:warningBoundary="0" p:errorBoundary="2048"/>
                         </list>
                     </property>

mdx/cl_cofre/verbs.xml

@@ -60,12 +60,12 @@
                 <ref bean="cl_cofre_edugainEntities"/>
                 <ref bean="standardImportActions"/>
 
-                <bean parent="X509CertificateValidationStage"
+                <bean parent="X509ValidationStage"
                     p:id="checkCertificates">
                     <property name="validators">
                         <list>
                             <!-- Error on RSA key length less than 2048 bits. -->
-                            <bean parent="X509CertificateRSAKeyLengthValidator"
+                            <bean parent="X509RSAKeyLengthValidator"
                                 p:warningBoundary="0" p:errorBoundary="2048"/>
                         </list>
                     </property>

mdx/common-beans.xml

@@ -229,22 +229,22 @@
     <bean id="ElementWhitespaceTrimmingStage" abstract="true" parent="stage_parent"
         class="uk.org.ukfederation.mda.dom.ElementWhitespaceTrimmingStage"/>
 
-    <bean id="X509CertificateValidationStage" abstract="true" parent="stage_parent"
-        class="uk.org.ukfederation.mda.validate.X509CertificateValidationStage"/>
+    <bean id="X509ValidationStage" abstract="true" parent="stage_parent"
+        class="uk.org.ukfederation.mda.validate.X509ValidationStage"/>
 
     <bean id="validator_parent" abstract="true" parent="component_parent"/>
 
-    <bean id="X509CertificateConsistentNameValidator" abstract="true" parent="validator_parent"
-        class="uk.org.ukfederation.mda.validate.X509CertificateConsistentNameValidator"/>
+    <bean id="X509ConsistentNameValidator" abstract="true" parent="validator_parent"
+        class="uk.org.ukfederation.mda.validate.X509ConsistentNameValidator"/>
 
-    <bean id="X509CertificateRSAExponentValidator" abstract="true" parent="validator_parent"
-        class="uk.org.ukfederation.mda.validate.X509CertificateRSAExponentValidator"/>
+    <bean id="X509RSAExponentValidator" abstract="true" parent="validator_parent"
+        class="uk.org.ukfederation.mda.validate.X509RSAExponentValidator"/>
 
-    <bean id="X509CertificateRSAKeyLengthValidator" abstract="true" parent="validator_parent"
-        class="uk.org.ukfederation.mda.validate.X509CertificateRSAKeyLengthValidator"/>
+    <bean id="X509RSAKeyLengthValidator" abstract="true" parent="validator_parent"
+        class="uk.org.ukfederation.mda.validate.X509RSAKeyLengthValidator"/>
 
-    <bean id="X509CertificateRSAOpenSSLBlacklistValidator" abstract="true" parent="validator_parent"
-        class="uk.org.ukfederation.mda.validate.X509CertificateRSAOpenSSLBlacklistValidator"/>
+    <bean id="X509RSAOpenSSLBlacklistValidator" abstract="true" parent="validator_parent"
+        class="uk.org.ukfederation.mda.validate.X509RSAOpenSSLBlacklistValidator"/>
 
     <!--
         ***********************************************
@@ -400,11 +400,11 @@
     <import resource="classpath:validation-beans.xml"/>
 
     <!--
-        identifierStrategy
+        identificationStrategy
         
         Standard item identifier strategy.
     -->
-    <bean id="identifierStrategy" class="uk.org.ukfederation.mda.UKItemIdentificationStrategy">
+    <bean id="identificationStrategy" class="uk.org.ukfederation.mda.UKItemIdentificationStrategy">
         <property name="ignoredAuthorities">
             <set>
                 <value>http://ukfederation.org.uk</value>
@@ -461,7 +461,7 @@
     <bean id="errorAnnouncer" parent="stage_parent"
         class="net.shibboleth.metadata.pipeline.StatusMetadataLoggingStage"
         p:id="errorAnnouncer">
-        <property name="identifierStrategy" ref="identifierStrategy"/>
+        <property name="identifierStrategy" ref="identificationStrategy"/>
         <property name="selectionRequirements">
             <list>
                 <value>#{T(net.shibboleth.metadata.ErrorStatus)}</value>
@@ -478,7 +478,7 @@
     <bean id="errorRemover" parent="stage_parent"
         class="net.shibboleth.metadata.pipeline.ItemMetadataFilterStage"
         p:id="errorRemover">
-        <property name="identifierStrategy" ref="identifierStrategy"/>
+        <property name="identifierStrategy" ref="identificationStrategy"/>
         <property name="selectionRequirements">
             <list>
                 <value>#{T(net.shibboleth.metadata.ErrorStatus)}</value>
@@ -494,7 +494,7 @@
     <bean id="errorTerminator" parent="stage_parent"
         class="net.shibboleth.metadata.pipeline.ItemMetadataTerminationStage"
         p:id="errorTerminator">
-        <property name="identifierStrategy" ref="identifierStrategy"/>
+        <property name="identifierStrategy" ref="identificationStrategy"/>
         <property name="selectionRequirements">
             <list>
                 <value>#{T(net.shibboleth.metadata.ErrorStatus)}</value>
@@ -967,15 +967,15 @@
                 <ref bean="checkSchemas"/>
                 <ref bean="CHECK_imported"/>
 
-                <bean parent="X509CertificateValidationStage"
+                <bean parent="X509ValidationStage"
                     p:id="checkCertificates">
                     <property name="validators">
                         <list>
                             <!-- Error on RSA key length less than 2048 bits. -->
-                            <bean parent="X509CertificateRSAKeyLengthValidator"
+                            <bean parent="X509RSAKeyLengthValidator"
                                 p:warningBoundary="0" p:errorBoundary="2048"/>
                             <!-- Error on small RSA public exponents. -->
-                            <bean parent="X509CertificateRSAExponentValidator"/>
+                            <bean parent="X509RSAExponentValidator"/>
 
                             <!--
                                 Debian weak key blacklists.

mdx/se_swamid/verbs.xml

@@ -82,7 +82,7 @@
                 <ref bean="se_swamid_edugainEntities"/>
                 <ref bean="standardImportActions"/>
 
-                <bean parent="X509CertificateValidationStage"
+                <bean parent="X509ValidationStage"
                     p:id="checkCertificates">
                     <property name="validators">
                         <list>

mdx/uk/beans.xml

@@ -449,17 +449,17 @@
                 <ref bean="mdui_dn_en_match"/>
                 <ref bean="check_dup_display"/>
 
-                <bean parent="X509CertificateValidationStage"
+                <bean parent="X509ValidationStage"
                     p:id="checkCertificates">
                     <property name="validators">
                         <list>
                             <!-- Error on RSA key length less than 2048 bits. -->
-                            <bean parent="X509CertificateRSAKeyLengthValidator"
+                            <bean parent="X509RSAKeyLengthValidator"
                                 p:warningBoundary="0" p:errorBoundary="2048"/>
                             <!-- Error on small RSA public exponents. -->
-                            <bean parent="X509CertificateRSAExponentValidator"/>
+                            <bean parent="X509RSAExponentValidator"/>
                             <!-- Error on inconsistent subjectAltNames. -->
-                            <bean parent="X509CertificateConsistentNameValidator"/>
+                            <bean parent="X509ConsistentNameValidator"/>
 
                             <!--
                                 Debian weak key blacklists.

mdx/uk/verbs.xml

@@ -175,7 +175,7 @@
                     Additional X.509 certificate checks, over and above those
                     performed in uk_registeredEntities.
                 -->
-                <bean parent="X509CertificateValidationStage"
+                <bean parent="X509ValidationStage"
                     p:id="checkCertificates">
                     <property name="validators">
                         <list>
@@ -297,17 +297,17 @@
                 <ref bean="check_shibboleth"/>
                 <ref bean="check_uk_trust"/>
 
-                <bean parent="X509CertificateValidationStage"
+                <bean parent="X509ValidationStage"
                     p:id="checkCertificates">
                     <property name="validators">
                         <list>
                             <!-- Error on RSA key length less than 2048 bits. -->
-                            <bean parent="X509CertificateRSAKeyLengthValidator"
+                            <bean parent="X509RSAKeyLengthValidator"
                                 p:warningBoundary="0" p:errorBoundary="2048"/>
                             <!-- Error on small RSA public exponents. -->
-                            <bean parent="X509CertificateRSAExponentValidator"/>
+                            <bean parent="X509RSAExponentValidator"/>
                             <!-- Error on inconsistent subjectAltNames. -->
-                            <bean parent="X509CertificateConsistentNameValidator"/>
+                            <bean parent="X509ConsistentNameValidator"/>
 
                             <!--
                                 Debian weak key blacklists.

mdx/validation-beans.xml

@@ -679,6 +679,7 @@
     -->
     <bean id="check_dup_display" parent="stage_parent"
         p:id="check_dup_display"
+        p:identificationStrategy-ref="identificationStrategy"
         class="uk.org.ukfederation.mda.IdPDisplayNameDuplicateDetectingStage"/>
 
     <!--
@@ -693,7 +694,7 @@
         Debian weak key blacklists.
     -->
 
-    <bean id="debian.1024" parent="X509CertificateRSAOpenSSLBlacklistValidator"
+    <bean id="debian.1024" parent="X509RSAOpenSSLBlacklistValidator"
         p:id="debian.1024" p:keySize="1024">
         <property name="blacklistResource">
             <bean parent="ClasspathResource">
@@ -702,7 +703,7 @@
         </property>
     </bean>
 
-    <bean id="debian.2048" parent="X509CertificateRSAOpenSSLBlacklistValidator"
+    <bean id="debian.2048" parent="X509RSAOpenSSLBlacklistValidator"
         p:id="debian.2048" p:keySize="2048">
         <property name="blacklistResource">
             <bean parent="ClasspathResource">
@@ -711,7 +712,7 @@
         </property>
     </bean>
 
-    <bean id="debian.4096" parent="X509CertificateRSAOpenSSLBlacklistValidator"
+    <bean id="debian.4096" parent="X509RSAOpenSSLBlacklistValidator"
         p:id="debian.4096" p:keySize="4096">
         <property name="blacklistResource">
             <bean parent="ClasspathResource">
@@ -724,7 +725,7 @@
         Blacklist of known compromised 1024-bit keys, e.g., "dummy" keys shipped with
         SAML products that are sometimes deployed by accident.
     -->
-    <bean id="compromised.1024" parent="X509CertificateRSAOpenSSLBlacklistValidator"
+    <bean id="compromised.1024" parent="X509RSAOpenSSLBlacklistValidator"
         p:id="compromised.1024" p:keySize="1024">
         <property name="blacklistResource">
             <bean parent="ClasspathResource">