Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Initial cut at detailed scope checking
@iay
iay committed Dec 1, 2017
1 parent fac8bf9 commit 24715b4
Showing 4 changed files with 63 additions and 2 deletions.
60 changes: 58 additions & 2 deletions mdx/incommon/edugain-policy.xml
View file
@@ -290,9 +290,65 @@
<!--
Sub-rule c.ii.
Disallow regexp="true".
Perform detailed scope checking.
-->
<ref bean="check_shib_regscope"/>
<bean id="checkScopes" parent="inc.stage_parent"
class="uk.org.iay.incommon.mda.dom.saml.shib.ScopeValidationStage">
<property name="validators">
<list>
<bean p:id="empty" parent="inc.RejectStringRegexValidator"
p:regex="" p:message="scope element must not be empty"/>
<bean p:id="whiteSpace" parent="inc.RejectStringRegexValidator"
p:regex=".*\s.*" p:message="scope '%s' includes white space"/>
<bean p:id="upperCase" parent="inc.RejectStringRegexValidator"
p:regex=".*\p{Upper}.*" p:message="scope '%s' includes upper-case characters"/>
<bean p:id="domainName" parent="inc.AsDomainNameStringValidator"
p:message="scope is not a valid domain name: %s">
<property name="validators">
<list>
<!-- DNS name validators -->
<bean p:id="publicSuffix" parent="inc.RejectDomainNamePublicSuffixValidator"
p:message="scope is a public suffix: '%s'"/>
<bean p:id="noPublicSuffix" parent="inc.RejectDomainNameNotUnderPublicSuffixValidator"
p:message="scope is not under a public suffix: '%s'"/>
</list>
</property>
</bean>
</list>
</property>
<property name="regexpValidators">
<list>
<bean p:id="empty" parent="inc.RejectStringRegexValidator"
p:regex="" p:message="regex scope element must not be empty"/>
<bean p:id="whiteSpace" parent="inc.RejectStringRegexValidator"
p:regex=".*\s.*" p:message="regex scope '%s' includes white space"/>
<bean p:id="endAnchor" parent="inc.RejectStringRegexValidator"
p:regex=".*[^$]" p:message="regex scope '%s' does not end with an anchor ('$')"/>
<bean p:id="literalTail" parent="inc.AsLiteralTailStringValidator"
p:message="regular expression '%s' does not end with a literal tail">
<property name="validators">
<!-- validators to apply to the literal tail -->
<list>
<bean p:id="upperCase" parent="inc.RejectStringRegexValidator"
p:regex=".*\p{Upper}.*" p:message="literal tail '%s' includes upper-case characters"/>
<bean p:id="domainName" parent="inc.AsDomainNameStringValidator"
p:message="literal tail is not a valid domain name: %s">
<property name="validators">
<list>
<!-- DNS name validators for the literal tail -->
<bean p:id="publicSuffix" parent="inc.RejectDomainNamePublicSuffixValidator"
p:message="literal tail is a public suffix: '%s'"/>
<bean p:id="noPublicSuffix" parent="inc.RejectDomainNameNotUnderPublicSuffixValidator"
p:message="literal tail is not under a public suffix: '%s'"/>
</list>
</property>
</bean>
</list>
</property>
</bean>
</list>
</property>
</bean>

<!--
Sub-rule d.
5 changes: 5 additions & 0 deletions mdx/incommon/report.xml
View file
@@ -17,6 +17,11 @@
-->
<import resource="classpath:common-beans.xml"/>

<!--
Import inc-mda beans.
-->
<import resource="classpath:uk/org/iay/incommon/mda/beans.xml"/>

<!--
Import channel-specific beans.
-->
Binary file removed tools/inc-mda/inc-mda-0.9.0.jar
View file
Binary file not shown.
Binary file added tools/inc-mda/inc-mda-0.9.1-SNAPSHOT.jar
View file
Binary file not shown.

0 comments on commit 24715b4

Please sign in to comment.