Start splitting out detailed (but non-schema) validity checks specifi…

…ed by [SAML2Meta] into a separate ruleset.

Add checking that md:OrganizationURL must be a valid URL to this new ruleset.

build.xml

@@ -1014,6 +1014,7 @@
                 <arg value="${build.dir}/check_mdui.xsl"/>
                 <arg value="${build.dir}/check_misc.xsl"/>
                 <arg value="${build.dir}/check_namespaces.xsl"/>
+				<arg value="${build.dir}/check_saml2meta.xsl"/>
                 <arg value="${build.dir}/check_shibboleth.xsl"/>
 
 				<!-- additional arguments -->

build/check_misc.xsl

@@ -95,41 +95,6 @@
 	</xsl:template>
 
 
-	<!--
-		Check for distinct index attributes on appropriate elements.
-	-->
-
-	<xsl:template match="md:SPSSODescriptor">
-		<xsl:variable name="indices" select="md:AssertionConsumerService/@index"/>
-		<xsl:variable name="distinct.indices" select="set:distinct($indices)"/>
-		<xsl:if test="count($indices) != count($distinct.indices)">
-			<xsl:call-template name="error">
-				<xsl:with-param name="m">AssertionConsumerService index values not all different</xsl:with-param>
-			</xsl:call-template>
-		</xsl:if>
-
-		<!--
-			Perform checks on child elements.
-		-->
-		<xsl:apply-templates/>
-	</xsl:template>
-
-	<xsl:template match="md:IDPSSODescriptor">
-		<xsl:variable name="indices" select="md:ArtifactResolutionService/@index"/>
-		<xsl:variable name="distinct.indices" select="set:distinct($indices)"/>
-		<xsl:if test="count($indices) != count($distinct.indices)">
-			<xsl:call-template name="error">
-				<xsl:with-param name="m">ArtifactResolutionService index values not all different</xsl:with-param>
-			</xsl:call-template>
-		</xsl:if>
-
-		<!--
-			Perform checks on child elements.
-		-->
-		<xsl:apply-templates/>
-	</xsl:template>
-
-
 	<!--
 		Entity IDs should not contain space characters.
 	-->
@@ -191,20 +156,6 @@
 	</xsl:template>
 
 
-	<!--
-		Check for Locations that aren't valid URLs.
-	-->
-	<xsl:template match="*[@Location and mdxURL:invalidURL(@Location)]">
-		<xsl:call-template name="error">
-			<xsl:with-param name="m">
-				<xsl:value-of select='local-name()'/>
-				<xsl:text> Location is not a valid URL: </xsl:text>
-				<xsl:value-of select="mdxURL:whyInvalid(@Location)"/>
-			</xsl:with-param>
-		</xsl:call-template>
-	</xsl:template>
-
-
 	<!--
 		@Binding attributes should not contain space characters.
 		

build/check_saml2meta.xsl

@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_saml2meta.xsl
+	
+	Checking ruleset encapsulating rules from the SAML 2.0 metadata specification that
+	are not completely encoded in the XML schema.
+	
+	Author: Ian A. Young <ian@iay.org.uk>
+
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:mdxURL="xalan://uk.ac.sdss.xalan.md.URLchecker"
+	xmlns:set="http://exslt.org/sets"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="check_framework.xsl"/>
+
+
+	<!--
+		Check for distinct index attributes on appropriate elements.
+	-->
+
+	<xsl:template match="md:SPSSODescriptor">
+		<xsl:variable name="indices" select="md:AssertionConsumerService/@index"/>
+		<xsl:variable name="distinct.indices" select="set:distinct($indices)"/>
+		<xsl:if test="count($indices) != count($distinct.indices)">
+			<xsl:call-template name="error">
+				<xsl:with-param name="m">AssertionConsumerService index values not all different</xsl:with-param>
+			</xsl:call-template>
+		</xsl:if>
+
+		<!--
+			Perform checks on child elements.
+		-->
+		<xsl:apply-templates/>
+	</xsl:template>
+
+	<xsl:template match="md:IDPSSODescriptor">
+		<xsl:variable name="indices" select="md:ArtifactResolutionService/@index"/>
+		<xsl:variable name="distinct.indices" select="set:distinct($indices)"/>
+		<xsl:if test="count($indices) != count($distinct.indices)">
+			<xsl:call-template name="error">
+				<xsl:with-param name="m">ArtifactResolutionService index values not all different</xsl:with-param>
+			</xsl:call-template>
+		</xsl:if>
+
+		<!--
+			Perform checks on child elements.
+		-->
+		<xsl:apply-templates/>
+	</xsl:template>
+
+
+	<!--
+		Check for Location attributes that aren't valid URLs.
+	-->
+	<xsl:template match="md:*[@Location and mdxURL:invalidURL(@Location)]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:value-of select='local-name()'/>
+				<xsl:text> Location is not a valid URL: </xsl:text>
+				<xsl:value-of select="mdxURL:whyInvalid(@Location)"/>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+
+	<!--
+		Check for OrganizationURLs that aren't valid URLs.
+	-->
+	<xsl:template match="md:OrganizationURL[mdxURL:invalidURL(.)]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>OrganizationURL </xsl:text>
+				<xsl:value-of select="."/>
+				<xsl:text> is not a valid URL: </xsl:text>
+				<xsl:value-of select="mdxURL:whyInvalid(.)"/>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+
+</xsl:stylesheet>

mdx/validation-beans.xml

@@ -165,6 +165,19 @@
         </property>
     </bean>
 
+    <!--
+        check_saml2meta
+    -->
+    <bean id="check_saml2meta" class="net.shibboleth.metadata.dom.XSLValidationStage"
+        init-method="initialize" lazy-init="true">
+        <property name="id" value="check_saml2meta"/>
+        <property name="xslResource">
+            <bean class="org.opensaml.util.resource.FilesystemResource">
+                <constructor-arg value="#{ systemProperties['basedir'] }/build/check_saml2meta.xsl"/>
+            </bean>
+        </property>
+    </bean>
+
     <!--
         check_shibboleth
     -->
@@ -206,6 +219,7 @@
                 <ref bean="check_mdui"/>
                 <ref bean="check_misc"/>
                 <ref bean="check_namespaces"/>
+                <ref bean="check_saml2meta"/>
                 <ref bean="check_shibboleth"/>
             </list>
         </property>