Add some beans to permit using the UK channel for input as well as ou…

…tput.
internet2 · Feb 21, 2013 · 8938aaa · 8938aaa
1 parent 3e0c5eb
commit 8938aaa
Show file tree

Hide file tree

Showing 2 changed files with 105 additions and 0 deletions.
diff --git a/mdx/uk/beans.xml b/mdx/uk/beans.xml
@@ -11,6 +11,17 @@
         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
 
+    <!--
+        Location of various resources.
+    -->
+    <bean id="uk_productionAggregate_url" class="java.lang.String">
+        <constructor-arg value="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"/>
+    </bean>
+    <bean id="uk_exportAggregate_url" class="java.lang.String">
+        <constructor-arg value="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"/>
+    </bean>
+
+
     <!--
         uk_federation_uri
         
@@ -28,6 +39,77 @@
     </bean>
 
 
+    <!--
+        Fetch the export aggregate.
+    -->
+    <bean id="uk_exportAggregate" parent="domResourceStage_parent"
+        p:id="uk_exportAggregate">
+        <property name="domResource">
+            <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
+                <constructor-arg name="client" ref="httpClient"/>
+                <constructor-arg name="url" ref="uk_exportAggregate_url"/>        
+            </bean>
+        </property>
+    </bean>
+
+
+    <!--
+        Fetch the production aggregate.
+    -->
+    <bean id="uk_productionAggregate" parent="domResourceStage_parent"
+        p:id="uk_productionAggregate">
+        <property name="domResource">
+            <bean class="net.shibboleth.utilities.java.support.httpclient.HttpResource">
+                <constructor-arg name="client" ref="httpClient"/>
+                <constructor-arg name="url" ref="uk_productionAggregate_url"/>        
+            </bean>
+        </property>
+    </bean>
+
+
+    <!--
+        Metadata signing certificate.
+    -->
+    <bean id="uk_signingCertificate" class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean">
+        <property name="certificateFile">
+            <bean class="java.io.File">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/uk/metadata-signer.crt"/>
+            </bean>
+        </property>
+    </bean>
+
+
+    <!--
+        Check the signature on a document.
+    -->
+    <bean id="uk_checkSignature" parent="stage_parent"
+        class="net.shibboleth.metadata.dom.XMLSignatureValidationStage"
+        p:id="uk_checkSignature">
+        <property name="verificationCertificate" ref="uk_signingCertificate"/>
+    </bean>
+
+
+    <!--
+        uk_check_validUntil
+        
+        Check that an aggregate has a validUntil instant specified, and that it has not
+        yet expired.  Sets a bound of 30 days on the validity interval; 14 days is the
+        expected value.
+    -->
+    <bean id="uk_check_validUntil" parent="stage_parent"
+        class="net.shibboleth.metadata.dom.saml.ValidateValidUntilStage"
+        p:id="uk_check_validUntil">
+        <!--
+            The validUntil attribute must be present.
+        -->
+        <property name="requireValidUntil" value="true"/>
+        <!--
+            Validity interval must not exceed 30 days.
+        -->
+        <property name="maxValidityInterval" value="#{ 1000L * 60 * 60 * 24 * 30 }"/>
+    </bean>
+
+
     <!--
         uk_fetchFragmentFiles
         

diff --git a/mdx/uk/metadata-signer.crt b/mdx/uk/metadata-signer.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDxzCCAq+gAwIBAgIJANixLkdCTNtvMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
+BAYTAkdCMUMwQQYDVQQKDDpVSyBBY2Nlc3MgTWFuYWdlbWVudCBGZWRlcmF0aW9u
+IGZvciBFZHVjYXRpb24gYW5kIFJlc2VhcmNoMSYwJAYDVQQDDB1VSyBGZWRlcmF0
+aW9uIE1ldGFkYXRhIFNpZ25lcjAeFw0xMjEwMTEwNzA4MThaFw0xNDExMTYwNzA4
+MThaMHoxCzAJBgNVBAYTAkdCMUMwQQYDVQQKDDpVSyBBY2Nlc3MgTWFuYWdlbWVu
+dCBGZWRlcmF0aW9uIGZvciBFZHVjYXRpb24gYW5kIFJlc2VhcmNoMSYwJAYDVQQD
+DB1VSyBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25lcjCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAOqtfMvCmBuQudC4/jZFPYkHDNHFyp1FA3KJihIUXppF
+vrecrO2wG5CpyqB1mZ+MlKf4jKcTMGBIXC2klD+FyrEdJMBhO6vRmJnNphg3uNZM
+ks0NqIaZmtgc7e8435nMhqLHV95UK2oCLcT4gZrTaXa2vt9kukTOijB0KqDIfEG5
+369EHXPItApAEeMlHebbWndl5n2I16nya/LeaoiU9qJ6sVz4xd1UtUesewrmYVKg
+PA2JYEpovmnr13sTnGssai5Db/FkrE2NJ4Q4drbPYcwincUo/UXzrtuPclr+l3JE
+gjtvDzPrBxxvK0S/gARrbKz5tk4LDLkYsj4PKlwVS+UCAwEAAaNQME4wHQYDVR0O
+BBYEFE9HhBuMxrzBYOj1Kj/3gtzAgtUEMB8GA1UdIwQYMBaAFE9HhBuMxrzBYOj1
+Kj/3gtzAgtUEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAByZ5haR
+hr8QqCo8DWO1qgVkUpPR1e/EFl+zV633esn5GJxIkD95va1Lxv84BmLBTD+EtX3T
+OkrXccIL1PCUkGmP3xVsh99mzsVEGmfTC0wu8PYDz1UvUwQLcjg6YQDN3GmA1EUW
+gt2cL8F4Q4/saowkkYjt0wWGQ/SNhwnGWwpo4ViTnoh3sNgr5gPHlozDGkL1NPG1
+bxdmyxmkr778yExS9xoEC4+Bnm7ApJyv3R2L9fpxCfEjE4tf3rWiSQL0Ss5etZNH
+9qmw7sGZ7xX0g6rcki/r5Y9u0v/rRKvIOw8/YGW5B2P3Ij/paJWzasZsdsgj0pDJ
+buk20xhyzBW6D/I=
+-----END CERTIFICATE-----