Bring back in synch with the latest aggregator snapshot.

Initial shot at a full UK federation "generate" flow.

build.xml

@@ -1150,21 +1150,25 @@
     	<CHANNEL.do channel="uk" verb="collect"/>
     </target>
 
-	<target name="flow.uk.pub.production">
-        <echo>UK production aggregate flow started.</echo>
-        <XALAN
-            x="${build.dir}/uk_master_unsigned.xsl"
-            i="${mdx.dir}/uk/collected.xml"
-            o="${temp.xml}"/>
-        <echo>      normalising namespaces...</echo>
-        <XALAN
-            x="${build.dir}/ns_norm_uk.xsl"
-            i="${temp.xml}"
-            o="${mdx.dir}/uk/${md.prod.unsigned}" />
+    <target name="flow.uk.generate">
+        <CHANNEL.do channel="uk" verb="generate"/>
+	</target>
+
+    <target name="generate.redux">
+        <CHANNEL.do channel="uk" verb="generate"/>
+
         <MDNORM i="${mdx.dir}/uk/${md.prod.unsigned}"/>
+        <MDNORM i="${mdx.dir}/uk/${md.wayf.unsigned}"/>
+        <MDNORM i="${mdx.dir}/uk/${md.back.unsigned}"/>
+        <MDNORM i="${mdx.dir}/uk/${md.test.unsigned}"/>
+        <MDNORM i="${mdx.dir}/uk/${md.export.unsigned}"/>
+
+        <echo>final checks...</echo>
         <CHECK.publishable i="${mdx.dir}/uk/${md.prod.unsigned}"/>
-        <echo>UK production aggregate flow completed.</echo>
-	</target>
+        <CHECK.publishable i="${mdx.dir}/uk/${md.wayf.unsigned}"/>
+        <CHECK.publishable i="${mdx.dir}/uk/${md.back.unsigned}"/>
+        <CHECK.publishable i="${mdx.dir}/uk/${md.test.unsigned}"/>
+    </target>
 
     <!--
         *******************************

mdx/common-beans.xml

@@ -28,29 +28,33 @@
     <!--
         commonNamespaces
         
-        A map that assigns the usual prefix for each of the commonly used XML namespaces.
+        A NamespaceContext that assigns the usual prefix for each of the commonly used XML namespaces.
         This is used in the evaluation of XPath expressions.
     -->
-    <util:map id="commonNamespaces" map-class="java.util.HashMap">
-        <entry key="alg"        value="urn:oasis:names:tc:SAML:metadata:algsupport"/>
-        <entry key="ds"         value="http://www.w3.org/2000/09/xmldsig#"/>
-        <entry key="elab"       value="http://eduserv.org.uk/labels"/>
-        <entry key="idpdisc"    value="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"/>
-        <entry key="init"       value="urn:oasis:names:tc:SAML:profiles:SSO:request-init"/>
-        <entry key="md"         value="urn:oasis:names:tc:SAML:2.0:metadata"/>
-        <entry key="mdattr"     value="urn:oasis:names:tc:SAML:metadata:attribute"/>
-        <entry key="mdrpi"      value="urn:oasis:names:tc:SAML:metadata:rpi"/>
-        <entry key="mdui"       value="urn:oasis:names:tc:SAML:metadata:ui"/>
-        <entry key="saml"       value="urn:oasis:names:tc:SAML:2.0:assertion"/>
-        <entry key="samlp"      value="urn:oasis:names:tc:SAML:2.0:protocol"/>
-        <entry key="shibmd"     value="urn:mace:shibboleth:metadata:1.0"/>
-        <entry key="ukfedlabel" value="http://ukfederation.org.uk/2006/11/label"/>
-        <entry key="wayf"       value="http://sdss.ac.uk/2006/06/WAYF"/>
-        <entry key="xenc"       value="http://www.w3.org/2001/04/xmlenc#"/>
-        <entry key="xs"         value="http://www.w3.org/2001/XMLSchema"/>
-        <entry key="xsi"        value="http://www.w3.org/2001/XMLSchema-instance"/>
-        <entry key="xsl"        value="http://www.w3.org/1999/XSL/Transform"/>
-    </util:map>
+    <bean id="commonNamespaces" class="net.shibboleth.metadata.dom.SimpleNamespaceContext">
+        <constructor-arg>
+            <util:map map-class="java.util.HashMap">
+                <entry key="alg"        value="urn:oasis:names:tc:SAML:metadata:algsupport"/>
+                <entry key="ds"         value="http://www.w3.org/2000/09/xmldsig#"/>
+                <entry key="elab"       value="http://eduserv.org.uk/labels"/>
+                <entry key="idpdisc"    value="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"/>
+                <entry key="init"       value="urn:oasis:names:tc:SAML:profiles:SSO:request-init"/>
+                <entry key="md"         value="urn:oasis:names:tc:SAML:2.0:metadata"/>
+                <entry key="mdattr"     value="urn:oasis:names:tc:SAML:metadata:attribute"/>
+                <entry key="mdrpi"      value="urn:oasis:names:tc:SAML:metadata:rpi"/>
+                <entry key="mdui"       value="urn:oasis:names:tc:SAML:metadata:ui"/>
+                <entry key="saml"       value="urn:oasis:names:tc:SAML:2.0:assertion"/>
+                <entry key="samlp"      value="urn:oasis:names:tc:SAML:2.0:protocol"/>
+                <entry key="shibmd"     value="urn:mace:shibboleth:metadata:1.0"/>
+                <entry key="ukfedlabel" value="http://ukfederation.org.uk/2006/11/label"/>
+                <entry key="wayf"       value="http://sdss.ac.uk/2006/06/WAYF"/>
+                <entry key="xenc"       value="http://www.w3.org/2001/04/xmlenc#"/>
+                <entry key="xs"         value="http://www.w3.org/2001/XMLSchema"/>
+                <entry key="xsi"        value="http://www.w3.org/2001/XMLSchema-instance"/>
+                <entry key="xsl"        value="http://www.w3.org/1999/XSL/Transform"/>
+            </util:map>
+        </constructor-arg>
+    </bean>
 
     <!--
         schemaResources

mdx/uk/beans.xml

@@ -45,7 +45,7 @@
         init-method="initialize" lazy-init="true">
         <property name="id" value="uk_filterDeletedEntities"/>
         <constructor-arg name="expression" value="//ukfedlabel:DeletedEntity"/>
-        <constructor-arg name="prefixMappings" ref="commonNamespaces"/>
+        <constructor-arg name="context" ref="commonNamespaces"/>
     </bean>
 
 
@@ -188,6 +188,22 @@
     </bean>
 
 
+    <!--
+        uk_performFixups
+        
+        This stage performs any fixup actions required before publication to UK federation members.
+    -->
+    <bean id="uk_performFixups" class="net.shibboleth.metadata.dom.XSLTransformationStage"
+        init-method="initialize" lazy-init="true">
+        <property name="id" value="uk_performFixups"/>
+        <property name="xslResource">
+            <bean class="org.opensaml.util.resource.FilesystemResource">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/uk/fixups.xsl"/>
+            </bean>
+        </property>
+    </bean>
+
+
     <!--
         Populate UKId values from entities.
     -->
@@ -234,4 +250,23 @@
         </property>
     </bean>
 
+
+    <!--
+        uk_normaliseNamespaces
+        
+        A pipeline stage that can be used before serialisation to normalise the namespaces
+        used in an XML document.  This one is UK-specific, as it makes specific choices
+        in order to limit the number of prefixes used.
+    -->
+    <bean id="uk_normaliseNamespaces" class="net.shibboleth.metadata.dom.XSLTransformationStage"
+        init-method="initialize" lazy-init="true">
+        <property name="id" value="uk_normaliseNamespaces"/>
+        <property name="xslResource">
+            <bean class="org.opensaml.util.resource.FilesystemResource">
+                <constructor-arg value="#{ systemProperties['basedir'] }/build/ns_norm_uk.xsl"/>
+            </bean>
+        </property>
+    </bean>
+
+
 </beans>

mdx/uk/final_tweak.xsl

@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	final_tweak.xsl
+
+	Final tweaks required for UK federation aggregates.
+	
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
+	xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"
+	xmlns:wayf="http://sdss.ac.uk/2006/06/WAYF"
+
+	xmlns:date="http://exslt.org/dates-and-times"
+	xmlns:mdxDates="xalan://uk.ac.sdss.xalan.md.Dates"
+	extension-element-prefixes="date mdxDates"
+
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	exclude-result-prefixes="md">
+
+	<!--Force UTF-8 encoding for the output.-->
+	<xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8" indent="yes"/>
+
+	<!--
+		extraText
+		
+		This parameter, if present, provides additional text to be put in the
+		document comment.
+	-->
+	<xsl:param name="extraText"/>
+
+	<!--
+		validityDays
+		
+		This parameter determines the number of days between the aggregation instant and the
+		end of validity of the signed metadata.
+	-->
+	<xsl:param name="validityDays" select="14"/>
+
+	<xsl:variable name="now" select="date:date-time()"/>
+	<xsl:variable name="validUntil" select="mdxDates:dateAdd($now, $validityDays)"/>
+
+	<!--
+		documentID
+		
+		This value is generated from a normalised version of the aggregation instant,
+		transformed so that it can be used as an XML ID value.
+		
+		Strict conformance to the SAML 2.0 metadata specification (section 3.1.2) requires
+		that the signature explicitly references an identifier attribute in the element
+		being signed, in this case the document element.
+	-->
+	<xsl:variable name="normalisedNow" select="mdxDates:dateAdd($now, 0)"/>
+	<xsl:variable name="documentID"
+		select="concat('uk', translate($normalisedNow, ':-', ''))"/>
+
+	<!--
+		Document root.
+	-->
+	<xsl:template match="/">
+		<xsl:call-template name="document.comment"/>
+		<xsl:apply-templates/>
+	</xsl:template>
+
+	<!--
+		Document element.
+	-->
+	<xsl:template match="/md:EntitiesDescriptor">
+		<EntitiesDescriptor>
+			<xsl:attribute name="validUntil">
+				<xsl:value-of select="$validUntil"/>
+			</xsl:attribute>
+			<xsl:attribute name="ID">
+				<xsl:value-of select="$documentID"/>
+			</xsl:attribute>
+			<xsl:apply-templates select="@*"/>
+			<xsl:call-template name="document.comment"/>
+			<xsl:apply-templates select="node()"/>
+		</EntitiesDescriptor>
+	</xsl:template>
+
+	<!--
+		Comment to be added to the top of the document, and just inside the document element.
+	-->
+	<xsl:template name="document.comment">
+		<xsl:comment>
+			<xsl:text>&#10;&#9;U K   F E D E R A T I O N   M E T A D A T A&#10;</xsl:text>
+			<xsl:text>&#10;</xsl:text>
+			<xsl:if test="$extraText">
+				<xsl:text>&#9;*** </xsl:text>
+				<xsl:value-of select="$extraText"/>
+				<xsl:text> ***&#10;</xsl:text>
+				<xsl:text>&#10;</xsl:text>
+			</xsl:if>
+			<xsl:text>&#9;Aggregate built </xsl:text>
+			<xsl:value-of select="$now"/>
+			<xsl:text>&#10;</xsl:text>
+			<xsl:text>&#10;</xsl:text>
+			<xsl:text>&#9;Aggregate valid for </xsl:text>
+			<xsl:value-of select="$validityDays"/>
+			<xsl:text> days, until </xsl:text>
+			<xsl:value-of select="$validUntil"/>
+			<xsl:text>&#10;</xsl:text>
+		</xsl:comment>
+	</xsl:template>
+
+	<!--By default, copy text blocks, comments and attributes unchanged.-->
+	<xsl:template match="text()|comment()|@*">
+		<xsl:copy/>
+	</xsl:template>
+
+	<!--By default, copy all elements from the input to the output, along with their attributes and contents.-->
+	<xsl:template match="*">
+		<xsl:copy>
+			<xsl:apply-templates select="node()|@*"/>
+		</xsl:copy>
+	</xsl:template>
+
+</xsl:stylesheet>

mdx/uk/fixups.xsl

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	fixups.xsl
+	
+	XSL stylesheet to perform any fixups required to an EntityDescriptor prior to
+	publication to the UK federation membership.
+	
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"
+
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	exclude-result-prefixes="xsi xsl">
+
+	<!--Force UTF-8 encoding for the output.-->
+	<xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8" indent="yes"/>
+
+
+	<!--
+		Patch any @use-less KeyName descriptors in IdP roles
+		for the benefit of Shib SPs pre-1.3.1.
+	-->
+	<xsl:template match="md:IDPSSODescriptor/md:KeyDescriptor[not(@use)] |
+		md:AttributeAuthorityDescriptor/md:KeyDescriptor[not(@use)]">
+		<xsl:copy>
+			<xsl:attribute name="use">signing</xsl:attribute>
+			<xsl:apply-templates/>
+		</xsl:copy>
+	</xsl:template>
+
+
+	<!--
+		Remove any EncryptionMethod elements within KeyDescriptor elements
+		to avoid triggering a problem in OpenSAML-C 2.0.
+		
+		See https://wiki.shibboleth.net/confluence/display/SHIB2/MetadataCorrectness#MetadataCorrectness-Version2.0
+	-->
+	<xsl:template match="md:KeyDescriptor/md:EncryptionMethod"/>
+
+
+	<!--
+        *********************************************
+        ***                                       ***
+        ***   D E F A U L T   T E M P L A T E S   ***
+        ***                                       ***
+        *********************************************
+    -->
+
+
+	<!--By default, copy text blocks, comments and attributes unchanged.-->
+	<xsl:template match="text()|comment()|@*">
+		<xsl:copy/>
+	</xsl:template>
+
+	<!--By default, copy all elements from the input to the output, along with their attributes and contents.-->
+	<xsl:template match="*">
+		<xsl:copy>
+			<xsl:apply-templates select="node()|@*"/>
+		</xsl:copy>
+	</xsl:template>
+
+</xsl:stylesheet>

mdx/uk/fragment.xsl

@@ -10,7 +10,8 @@
 <xsl:stylesheet version="1.0"
 	xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
 	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-
+	xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"
+
 	xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
@@ -26,6 +27,12 @@
 	<xsl:template match="@xsi:schemaLocation"/>
 
 
+	<!--
+		Remove administrative contacts.
+	-->
+	<xsl:template match="md:ContactPerson[@contactType='administrative']"/>
+
+
 	<!--
 		Discard various ds:X509 elements.  Several of these are known to
 		cause problems with software systems, and they don't affect trust
@@ -35,6 +42,19 @@
 	<xsl:template match="ds:X509IssuerSerial"/><!-- must remove this if we remove SerialNumber -->
 
 
+	<!--
+		Retain only certain comments.
+	-->
+
+	<xsl:template match="md:EntityDescriptor/comment()">
+		<xsl:copy/>
+	</xsl:template>
+
+	<!--
+		All other comments are stripped by the default templates.
+	-->
+
+
 	<!--
         *********************************************
         ***                                       ***
@@ -43,9 +63,9 @@
         *********************************************
     -->
 
-    
-	<!--By default, copy text blocks, comments and attributes unchanged.-->
-	<xsl:template match="text()|comment()|@*">
+
+	<!--By default, copy text blocks and attributes unchanged.-->
+	<xsl:template match="text()|@*">
 		<xsl:copy/>
 	</xsl:template>