Create new pipeline to produce all MDQ metadata

internet2 · Feb 6, 2019 · d5156ab · d5156ab
1 parent 6ad0a86
commit d5156ab
Show file tree

Hide file tree

Showing 6 changed files with 367 additions and 485 deletions.
diff --git a/build.xml b/build.xml
@@ -2656,63 +2656,55 @@
     </target>
 
     <!--
-        inc.mdq-combined.localkey
+        inc.mdq.generate.all.cloudhsm
 
-        Generate all required metadata for the InCommon MDQ service
-        using the localkey configuration:
-
-          * Per-entity metadata
-          * InCommon IdP-only aggregate
+        Generate all metadata required for the InCommon federation MDQ service
+        using the AWS CloudHSM configuration.
 
         Properties:
 
         Set sign.uk.keyPassword (note the slightly anomalous "uk" in that
         identifier) to set the password to access the key resource. If not set,
         this will be prompted for.
     -->
-    <target name="inc.mdq.combined.localkey" depends="get.sign.uk.keyPassword">
-      <property name="mda.mdq.input" value="${mda.inc.imported.xml}"/>
-      <property name="mda.sign.keyPassword" value="${sign.uk.keyPassword}"/>
-      <echo>Generating per-entity metadata in ${mda.mdq.output}</echo>
-      <echo>    (IdP-only aggregate in ${mda.mdq.output}/idps.xml)</echo>
-      <echo>    from unsigned aggregate in ${mda.mdq.input}</echo>
-      <delete dir="${mdq.output.dir}" quiet="true"/>
-      <mkdir dir="${mdq.output.dir}"/>
-      <mkdir dir="${mdq.output.dir}/idps"/>
-      <CHANNEL.do channel="incommon" verb="mdq-combined-localkey"/>
-      <echo>Generation complete.</echo>
+    <target name="inc.mdq.generate.all.cloudhsm" depends="get.sign.uk.keyPassword">
+        <property name="mda.classpath.extra" value="inc-mda-cloudhsm"/>
+        <property name="mda.jni.path" value="/opt/cloudhsm/lib"/>
+		<property name="mda.mdq.input" value="${mda.inc.imported.xml}"/>
+        <property name="mda.sign.keyHandle" value="${sign.keyHandle}"/>
+		<property name="mda.sign.keyPassword" value="${sign.uk.keyPassword}"/>
+        <property name="mda.sign.keyUser" value="${sign.keyUser}"/>
+		<echo>Generating MDQ metadata in ${mda.mdq.output}</echo>
+		<echo>    from unsigned aggregate in ${mda.mdq.input}</echo>
+		<delete dir="${mdq.output.dir}" quiet="true"/>
+		<mkdir dir="${mdq.output.dir}"/>
+		<mkdir dir="${mdq.output.dir}/idps"/>
+		<CHANNEL.do channel="incommon" verb="mdq-all-cloudhsm"/>
+		<echo>Generation complete.</echo>
     </target>
 
     <!--
-        inc.mdq.combined.cloudhsm
-
-        Generate all required metadata for the InCommon MDQ service
-        using the cloudhsm configuration:
+        inc.mdq.generate.all.localkey
 
-          * Per-entity metadata
-          * InCommon IdP-only aggregate
+        Generate all metadata required for the InCommon federation MDQ service
+        using the local key configuration.
 
         Properties:
 
         Set sign.uk.keyPassword (note the slightly anomalous "uk" in that
         identifier) to set the password to access the key resource. If not set,
         this will be prompted for.
     -->
-    <target name="inc.mdq.combined.cloudhsm" depends="get.sign.uk.keyPassword">
-      <property name="mda.mdq.input" value="${mda.inc.imported.xml}"/>
-      <property name="mda.sign.keyHandle" value="${sign.keyHandle}"/>
-      <property name="mda.sign.keyUser" value="${sign.keyUser}"/>
-      <property name="mda.sign.keyPassword" value="${sign.keyPassword}"/>
-      <property name="mda.classpath.extra" value="inc-mda-cloudhsm"/>
-      <property name="mda.jni.path" value="/opt/cloudhsm/lib"/>
-      <echo>Generating per-entity metadata in ${mda.mdq.output}</echo>
-      <echo>    (IdP-only aggregate in ${mda.mdq.output}/idps.xml)</echo>
-      <echo>    from unsigned aggregate in ${mda.mdq.input}</echo>
-      <delete dir="${mdq.output.dir}" quiet="true"/>
-      <mkdir dir="${mdq.output.dir}"/>
-      <mkdir dir="${mdq.output.dir}/idps"/>
-      <CHANNEL.do channel="incommon" verb="mdq-combined-cloudhsm"/>
-      <echo>Generation complete.</echo>
+	<target name="inc.mdq.generate.all.localkey" depends="get.sign.uk.keyPassword">
+		<property name="mda.mdq.input" value="${mda.inc.imported.xml}"/>
+		<property name="mda.sign.keyPassword" value="${sign.uk.keyPassword}"/>
+		<echo>Generating MDQ metadata in ${mda.mdq.output}</echo>
+		<echo>    from unsigned aggregate in ${mda.mdq.input}</echo>
+		<delete dir="${mdq.output.dir}" quiet="true"/>
+		<mkdir dir="${mdq.output.dir}"/>
+		<mkdir dir="${mdq.output.dir}/idps"/>
+		<CHANNEL.do channel="incommon" verb="mdq-all-localkey"/>
+		<echo>Generation complete.</echo>
     </target>
 
     <!--

diff --git a/mdx/incommon/mdq-all-cloudhsm.xml b/mdx/incommon/mdq-all-cloudhsm.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans" default-lazy-init="true"
+    xmlns:c="http://www.springframework.org/schema/c" xmlns:p="http://www.springframework.org/schema/p"
+    xmlns:util="http://www.springframework.org/schema/util" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
+
+    <!-- Import commonly used beans -->
+    <import resource="classpath:common-beans.xml" />
+
+    <!-- Import inc-mda beans (from import.xml) -->
+    <import resource="classpath:uk/org/iay/incommon/mda/beans.xml" />
+
+    <!-- Import channel-specific beans -->
+    <import resource="classpath:incommon/beans.xml" />
+
+    <!-- Import mdq-all beans -->
+    <import resource="classpath:incommon/mdq-all.xml" />
+
+    <!-- This bean MUST be called "conversionService" to work properly -->
+    <bean id="conversionService" class="org.springframework.context.support.ConversionServiceFactoryBean">
+        <property name="converters">
+            <set>
+                <bean class="net.shibboleth.ext.spring.config.DurationToLongConverter" />
+                <bean class="net.shibboleth.ext.spring.config.StringToIPRangeConverter" />
+                <bean class="net.shibboleth.ext.spring.config.BooleanToPredicateConverter" />
+                <bean class="net.shibboleth.ext.spring.config.StringBooleanToPredicateConverter" />
+                <bean class="net.shibboleth.ext.spring.config.StringToResourceConverter" />
+            </set>
+        </property>
+    </bean>
+
+    <bean id="privateKeyFactory" class="uk.org.iay.incommon.mda.cloudhsm.CaviumPrivateKeyFactoryBean"
+        p:username="${sign.keyUser}" p:password="${sign.keyPassword}" p:keyHandle="${sign.keyHandle}" />
+
+    <bean id="mdq-all-cloudhsm" parent="mda.SimplePipeline">
+        <property name="stages">
+            <list>
+                <ref bean="generateAll" />
+            </list>
+        </property>
+    </bean>
+
+</beans>
diff --git a/mdx/incommon/mdq-all-localkey.xml b/mdx/incommon/mdq-all-localkey.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans" default-lazy-init="true"
+    xmlns:c="http://www.springframework.org/schema/c" xmlns:p="http://www.springframework.org/schema/p"
+    xmlns:util="http://www.springframework.org/schema/util" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
+
+    <!-- Import commonly used beans -->
+    <import resource="classpath:common-beans.xml" />
+
+    <!-- Import inc-mda beans (from import.xml) -->
+    <import resource="classpath:uk/org/iay/incommon/mda/beans.xml" />
+
+    <!-- Import channel-specific beans -->
+    <import resource="classpath:incommon/beans.xml" />
+
+    <!-- Import mdq-all beans -->
+    <import resource="classpath:incommon/mdq-all.xml" />
+
+    <!-- This bean MUST be called "conversionService" to work properly -->
+    <bean id="conversionService" class="org.springframework.context.support.ConversionServiceFactoryBean">
+        <property name="converters">
+            <set>
+                <bean class="net.shibboleth.ext.spring.config.DurationToLongConverter" />
+                <bean class="net.shibboleth.ext.spring.config.StringToIPRangeConverter" />
+                <bean class="net.shibboleth.ext.spring.config.BooleanToPredicateConverter" />
+                <bean class="net.shibboleth.ext.spring.config.StringBooleanToPredicateConverter" />
+                <bean class="net.shibboleth.ext.spring.config.StringToResourceConverter" />
+            </set>
+        </property>
+    </bean>
+
+    <bean id="privateKeyFactory" parent="PrivateKeyFactoryBean" p:resource="${sign.keyResource}"
+        p:privateKeyPassword="${sign.keyPassword}" />
+
+    <bean id="mdq-all-localkey" parent="mda.SimplePipeline">
+        <property name="stages">
+            <list>
+                <ref bean="generateAll" />
+            </list>
+        </property>
+    </bean>
+
+</beans>