Create a dummy trust root which can be used to replace the last real …

…one.
internet2 · Sep 11, 2014 · b5ac709 · b5ac709
1 parent 64ccb33
commit b5ac709
Show file tree

Hide file tree

Showing 2 changed files with 119 additions and 0 deletions.
diff --git a/mdx/uk/beans.xml b/mdx/uk/beans.xml
@@ -339,6 +339,41 @@
     </bean>
 
 
+    <!--
+        uk_dummyTrustRootsDocument
+        
+        This bean contains the contents of the dummy trust roots file as a DOM Document.
+    -->
+    <bean id="uk_dummyTrustRootsDocument" parent="DOMDocumentFactoryBean">
+        <property name="parserPool" ref="parserPool"/>
+        <property name="documentResource">
+            <bean parent="FileSystemResource">
+                <constructor-arg value="${basedir}/mdx/uk/trust-dummy.xml"/>
+            </bean>
+        </property>
+    </bean>    
+
+
+    <!--
+        uk_addDummyTrustRoots
+        
+        This stage adds the dummy UK federation trust roots to an EntitiesDescriptor.
+    -->
+    <bean id="uk_addDummyTrustRoots" parent="XSLTransformationStage"
+        p:id="uk_addDummyTrustRoots">
+        <property name="XSLResource">
+            <bean parent="ClassPathResource">
+                <constructor-arg value="uk/trust-roots.xsl"/>
+            </bean>
+        </property>
+        <property name="transformParameters">
+            <map>
+                <entry key="trustRootsDocument" value-ref="uk_dummyTrustRootsDocument"/>
+            </map>
+        </property>
+    </bean>
+
+
     <!--
         uk_processFragment
         

diff --git a/mdx/uk/trust-dummy.xml b/mdx/uk/trust-dummy.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
+	xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+	Name="http://ukfederation.org.uk"
+	xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../../xml/saml-schema-metadata-2.0.xsd
+		urn:mace:shibboleth:metadata:1.0 ../../xml/shibboleth-metadata-1.0.xsd
+		http://www.w3.org/2001/04/xmlenc# ../../xml/xenc-schema.xsd
+		http://www.w3.org/2000/09/xmldsig# ../../xml/xmldsig-core-schema.xsd">
+
+	<Extensions>
+
+		<shibmd:KeyAuthority VerifyDepth="3">
+            <!--
+		          Authorities accepted for the federation.
+		          
+		          The KeyAuthority element's VerifyDepth attribute must be at least as
+		          large as the verification depth required by each root certificate below.
+            -->
+
+		    <ds:KeyInfo>
+		        <!--
+		            Dummy Trust Root
+		            
+		            This trust root is included because the schema for KeyAuthority
+		            requires at least one KeyInfo element to be present. The private
+		            key for this certificate has been destroyed and will never be
+		            used for signing.
+
+		            Subject and issuer:
+		                C=GB
+		                O=UK Access Management Federation for Education and Research
+		                CN=UK Federation Dummy Trust Root
+
+		            Validity
+		                Not Before: Sep 11 11:12:46 2014 GMT
+		                Not After : Dec 31 11:12:46 2037 GMT
+		        -->
+		        <ds:X509Data>
+		            <ds:X509Certificate>
+		            	MIIDyTCCArGgAwIBAgIJANzhVoorjiDkMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
+		            	BAYTAkdCMUMwQQYDVQQKDDpVSyBBY2Nlc3MgTWFuYWdlbWVudCBGZWRlcmF0aW9u
+		            	IGZvciBFZHVjYXRpb24gYW5kIFJlc2VhcmNoMScwJQYDVQQDDB5VSyBGZWRlcmF0
+		            	aW9uIER1bW15IFRydXN0IFJvb3QwHhcNMTQwOTExMTExMjQ2WhcNMzcxMjMxMTEx
+		            	MjQ2WjB7MQswCQYDVQQGEwJHQjFDMEEGA1UECgw6VUsgQWNjZXNzIE1hbmFnZW1l
+		            	bnQgRmVkZXJhdGlvbiBmb3IgRWR1Y2F0aW9uIGFuZCBSZXNlYXJjaDEnMCUGA1UE
+		            	AwweVUsgRmVkZXJhdGlvbiBEdW1teSBUcnVzdCBSb290MIIBIjANBgkqhkiG9w0B
+		            	AQEFAAOCAQ8AMIIBCgKCAQEAveglhNmpxkFYOK3eDy5klZFRONJOojXnrbNftFQc
+		            	9FLZdKfC2dEj4DoOl34dc0x958NO5xNr2TpVrjbrW0rC2WV0b3J9e1essclcazFy
+		            	BECiKyvKBQRlwDQDaO24b5UCSmmdpuEk5bj0PDDArox06xDDEc3xiKH46EX2yrvS
+		            	mvQSBPR7l2vJGMbUkL6SkD9K2VbBP6rqoK7FdN/zpV/U5cM3fFcpIZGUfVPkP55P
+		            	F+/pUQ9RhL5SZfo5hWgYKecVRimLmK7hIIQ6ykzJwOk95NwuNXFhinZMkjV+ECr4
+		            	uoUNDnBPZdoVy8TxuYVqqs+orQ94yrp/BdKj5paQTZwNZwIDAQABo1AwTjAdBgNV
+		            	HQ4EFgQUD2aE2xpdeqknmgnSY+JCXJ4187kwHwYDVR0jBBgwFoAUD2aE2xpdeqkn
+		            	mgnSY+JCXJ4187kwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAKjoq
+		            	8ORqQF8W4ZuEMaQsTOJxfgeRHgk1DvY1YzCt0VqMPnvbsMLI2vC1YIGVKEuds6ZA
+		            	VxIt+yng7WZOcAmHDdUjUczXRxoYrwJt1QpF+kFCnjHOD+Ra4GjryIIkCHYU5wDp
+		            	o8EVbWM5KiwUhkekjBeL/WyIyk3tHLWwr9qz0Idye0w3FczOLqkb4NgXC54miXeS
+		            	pLfExLaTc4OvsJy/DYeda8GAars4m3Q7agQxdd+0F3xiKWB60L+xoOQ3xgW4QYwS
+		            	uBMMvnRdg8I5SHquBAFXHcXhKeC/onN9J8sZIRD/vUWWasiyMNGQeh4dWcbz7PM6
+		            	h0ok321gwSmdcL+svA==
+		            </ds:X509Certificate>
+		        </ds:X509Data>
+		    </ds:KeyInfo>
+
+		</shibmd:KeyAuthority>
+	</Extensions>
+
+	<EntityDescriptor entityID="dummy">
+		<!--
+			Dummy entity, present simply because the schema for EntitiesDescriptor
+			requires at least one.  Removed by applications that read this file.
+			
+			*** DO NOT REMOVE THIS ENTITY FROM THE MASTER FILE ***
+		-->
+		<SPSSODescriptor protocolSupportEnumeration="dummy">
+			<AssertionConsumerService index="0" Binding="dummy" Location="dummy"/>
+		</SPSSODescriptor>
+	</EntityDescriptor>
+
+</EntitiesDescriptor>
+