Shunt the growing number of checking rulesets into a subdirectory.

build.xml

@@ -43,6 +43,7 @@
 	<property name="build.dir" value="${basedir}/build"/>
 	<property name="entities.dir" value="entities"/>
     <property name="mdx.dir" value="${basedir}/mdx"/>
+	<property name="rules.dir" value="${mdx.dir}/_rules"/>
 	<property name="xml.dir" value="${basedir}/xml"/>
 
 	<!--
@@ -414,6 +415,7 @@
                 </classpath>
                 <jvmarg value="-Djava.endorsed.dirs=${tools.mda}/lib/endorsed"/>
             	<jvmarg value="-Dbasedir=${basedir}"/>
+            	<jvmarg value="-Drulesdir=${rules.dir}"/>
             	<jvmarg value="-enableassertions"/>
             	<arg value="--quiet"/>
             	<arg value="@{config}"/>

mdx/_rules/check_algorithms.xsl

@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_algorithms.xsl
+	
+	Checking ruleset that checks encryption algorithm values, and the
+	SAML V2.0 Metadata Profile for Algorithm Support.
+	
+	Author: Ian A. Young <ian@iay.org.uk>
+
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="check_framework.xsl"/>
+
+	<!--
+		2.3 md:EncryptionMethod should appear only in md:KeyDescriptor elements
+		whose @use is omitted or set to "encryption", i.e., not "signing".
+	-->
+	<xsl:template match="md:EncryptionMethod[../@use='signing']">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">EncryptionMethod should not be present on 'signing' KeyDescriptor</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+	<!--
+		Check for duplicate SigningMethod or DigestMethod algorithms in any given list.
+	-->
+	<xsl:template match="md:Extensions[alg:*]">
+
+		<!-- check individual alg:SigningMethod and alg:DigestMethod elements -->
+		<xsl:apply-templates/>  
+	</xsl:template>
+
+	<!--
+		2.4 Check for misplaced SigningMethod or DigestMethod elements.
+	-->
+	<xsl:template match="alg:*[not(parent::md:Extensions)]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>alg:</xsl:text>
+				<xsl:value-of select="local-name()"/>
+				<xsl:text> must only appear within an Extensions element</xsl:text>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+	<!--
+		Check for duplicate EncryptionMethod elements in any given list.
+	-->
+	<xsl:template match="md:KeyDescriptor[md:EncryptionMethod]">
+
+		<!-- check individual md:EncryptionMethod elements -->
+		<xsl:apply-templates/>	
+	</xsl:template>
+
+</xsl:stylesheet>

mdx/validation-beans.xml

@@ -38,7 +38,7 @@
         p:id="check_future_0">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_future_0.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_future_0.xsl"/>
             </bean>
         </property>
     </bean>
@@ -50,7 +50,7 @@
         p:id="check_future_1">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_future_1.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_future_1.xsl"/>
             </bean>
         </property>
     </bean>
@@ -62,7 +62,7 @@
         p:id="check_future_2">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_future_2.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_future_2.xsl"/>
             </bean>
         </property>
     </bean>
@@ -74,7 +74,7 @@
         p:id="check_future_3">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_future_3.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_future_3.xsl"/>
             </bean>
         </property>
     </bean>
@@ -86,7 +86,7 @@
         p:id="check_future_4">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_future_4.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_future_4.xsl"/>
             </bean>
         </property>
     </bean>
@@ -98,7 +98,7 @@
         p:id="check_future_5">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_future_5.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_future_5.xsl"/>
             </bean>
         </property>
     </bean>
@@ -110,7 +110,7 @@
         p:id="check_future_6">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_future_6.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_future_6.xsl"/>
             </bean>
         </property>
     </bean>
@@ -122,7 +122,7 @@
         p:id="check_future_7">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_future_7.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_future_7.xsl"/>
             </bean>
         </property>
     </bean>
@@ -134,7 +134,7 @@
         p:id="check_future_8">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_future_8.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_future_8.xsl"/>
             </bean>
         </property>
     </bean>
@@ -146,7 +146,7 @@
         p:id="check_future_9">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_future_9.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_future_9.xsl"/>
             </bean>
         </property>
     </bean>
@@ -215,7 +215,7 @@
         p:id="check_bindings">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_bindings.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_bindings.xsl"/>
             </bean>
         </property>
     </bean>
@@ -251,7 +251,7 @@
         p:id="check_hoksso">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_hoksso.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_hoksso.xsl"/>
             </bean>
         </property>
     </bean>
@@ -351,7 +351,7 @@
     <bean id="check_regauth_parent" abstract="true" parent="check_xslt_parent">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_regauth.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_regauth.xsl"/>
             </bean>
         </property>
     </bean>
@@ -456,7 +456,7 @@
         p:id="check_regscope">
         <property name="xslResource">
             <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_regscope.xsl"/>
+                <constructor-arg value="#{ systemProperties['rulesdir'] }/check_regscope.xsl"/>
             </bean>
         </property>
     </bean>