Second upstream merge for incommon-v13

InCommon · Oct 31, 2024 · 87e595c · 87e595c
2 parents 275b647 + ffd7ec7
commit 87e595c
Show file tree

Hide file tree

Showing 31 changed files with 394 additions and 578 deletions.
diff --git a/attic/README b/attic/README
diff --git a/attic/extract_entityids.xsl b/attic/extract_entityids.xsl
diff --git a/attic/extract_member_dates.xsl b/attic/extract_member_dates.xsl
diff --git a/attic/fix_fragment.pl b/attic/fix_fragment.pl
diff --git a/attic/members_domains.xsl b/attic/members_domains.xsl
diff --git a/attic/patch_all_entities b/attic/patch_all_entities
diff --git a/attic/patch_entity.pl b/attic/patch_entity.pl
diff --git a/attic/sift_entityids.pl b/attic/sift_entityids.pl
diff --git a/build.xml b/build.xml
@@ -1464,10 +1464,6 @@
         <echo>Verifying metadata held at ${md.dist.host-ne-01.name}</echo>
         <VFY.remote.checksum.only i="http://${md.dist.host-ne-01.name}${md.dist.path.name}${mdaggr.prod.signed}"
             checksum="${mdaggr.prod.signed.checksum}"/>
-        <VFY.remote.checksum.only i="http://${md.dist.host-ne-01.name}${md.dist.path.name}${mdaggr.wayf.signed}"
-            checksum="${mdaggr.wayf.signed.checksum}"/>
-        <VFY.remote.checksum.only i="http://${md.dist.host-ne-01.name}${md.dist.path.name}${mdaggr.cdsall.signed}"
-            checksum="${mdaggr.cdsall.signed.checksum}"/>
         <VFY.remote.checksum.only i="http://${md.dist.host-ne-01.name}${md.dist.path.name}${mdaggr.test.signed}"
             checksum="${mdaggr.test.signed.checksum}"/>
         <VFY.remote.checksum.only i="http://${md.dist.host-ne-01.name}${md.dist.path.name}${mdaggr.back.signed}"
@@ -1482,10 +1478,6 @@
         <echo>Verifying metadata held at ${md.dist.host-ne-02.name}</echo>
         <VFY.remote.checksum.only i="http://${md.dist.host-ne-02.name}${md.dist.path.name}${mdaggr.prod.signed}"
             checksum="${mdaggr.prod.signed.checksum}"/>
-        <VFY.remote.checksum.only i="http://${md.dist.host-ne-02.name}${md.dist.path.name}${mdaggr.wayf.signed}"
-            checksum="${mdaggr.wayf.signed.checksum}"/>
-        <VFY.remote.checksum.only i="http://${md.dist.host-ne-02.name}${md.dist.path.name}${mdaggr.cdsall.signed}"
-            checksum="${mdaggr.cdsall.signed.checksum}"/>
         <VFY.remote.checksum.only i="http://${md.dist.host-ne-02.name}${md.dist.path.name}${mdaggr.test.signed}"
             checksum="${mdaggr.test.signed.checksum}"/>
         <VFY.remote.checksum.only i="http://${md.dist.host-ne-02.name}${md.dist.path.name}${mdaggr.back.signed}"
@@ -1500,10 +1492,6 @@
         <echo>Verifying metadata held at ${md.dist.host-we-01.name}</echo>
         <VFY.remote.checksum.only i="http://${md.dist.host-we-01.name}${md.dist.path.name}${mdaggr.prod.signed}"
             checksum="${mdaggr.prod.signed.checksum}"/>
-        <VFY.remote.checksum.only i="http://${md.dist.host-we-01.name}${md.dist.path.name}${mdaggr.wayf.signed}"
-            checksum="${mdaggr.wayf.signed.checksum}"/>
-        <VFY.remote.checksum.only i="http://${md.dist.host-we-01.name}${md.dist.path.name}${mdaggr.cdsall.signed}"
-            checksum="${mdaggr.cdsall.signed.checksum}"/>
         <VFY.remote.checksum.only i="http://${md.dist.host-we-01.name}${md.dist.path.name}${mdaggr.test.signed}"
             checksum="${mdaggr.test.signed.checksum}"/>
         <VFY.remote.checksum.only i="http://${md.dist.host-we-01.name}${md.dist.path.name}${mdaggr.back.signed}"
@@ -1518,10 +1506,6 @@
         <echo>Verifying metadata held at ${md.dist.host-we-02.name}</echo>
         <VFY.remote.checksum.only i="http://${md.dist.host-we-02.name}${md.dist.path.name}${mdaggr.prod.signed}"
             checksum="${mdaggr.prod.signed.checksum}"/>
-        <VFY.remote.checksum.only i="http://${md.dist.host-we-02.name}${md.dist.path.name}${mdaggr.wayf.signed}"
-            checksum="${mdaggr.wayf.signed.checksum}"/>
-        <VFY.remote.checksum.only i="http://${md.dist.host-we-02.name}${md.dist.path.name}${mdaggr.cdsall.signed}"
-            checksum="${mdaggr.cdsall.signed.checksum}"/>
         <VFY.remote.checksum.only i="http://${md.dist.host-we-02.name}${md.dist.path.name}${mdaggr.test.signed}"
             checksum="${mdaggr.test.signed.checksum}"/>
         <VFY.remote.checksum.only i="http://${md.dist.host-we-02.name}${md.dist.path.name}${mdaggr.back.signed}"
@@ -1743,16 +1727,6 @@
                         <include name="*.jar"/>
                     </fileset>
 
-                    <!--
-                        Use Xalan as our XML processor.
-                        Note: this is not the old endorsement mechanism,
-                        despite the directory name. Instead, we just load
-                        it via the classpath.
-                    -->
-                    <fileset dir="${tools.dir}/xalan/impl">
-                        <include name="*.jar"/>
-                    </fileset>
-
                     <!-- Include a per-target directory if set. -->
                     <fileset dir="${mda.classpath.extra}" if:set="mda.classpath.extra">
                         <include name="*.jar"/>
@@ -2873,10 +2847,15 @@
         <echo>Running generate.html.orgnamescope XSLT</echo>
         <exec executable="xsltproc" failonerror="true">
             <arg value="--output" />
-            <arg value="${build.dir}/orgnamescope.html" />
+            <arg value="${build.dir}/orgnamescope-temp.html" />
             <arg value="${utilities.dir}/orgnamescope.xsl" />
             <arg value="${aggregates.dir}/ukfederation-metadata.xml" />
         </exec>
+        <exec executable="cat" failonerror="true" output="${build.dir}/orgnamescope.html">
+           <arg value="${utilities.dir}/templates/orgnamescope-top.html" />
+           <arg value="${build.dir}/orgnamescope-temp.html" />
+           <arg value="${utilities.dir}/templates/orgnamescope-tail.html" />
+       </exec>
         <exec executable="perl" failonerror="true">
             <arg value="${utilities.dir}/bodge-eacute.pl" />
             <arg value="${build.dir}/orgnamescope.html" />
@@ -2894,10 +2873,15 @@
         <echo>Running generate.html.members XSLT</echo>
         <exec executable="xsltproc" failonerror="true">
             <arg value="--output" />
-            <arg value="${build.dir}/dml.html" />
+            <arg value="${build.dir}/dml-temp.html" />
             <arg value="${utilities.dir}/memberlist.xsl" />
             <arg value="${members.dir}/members.xml" />
         </exec>
+        <exec executable="cat" failonerror="true" output="${build.dir}/dml.html">
+           <arg value="${utilities.dir}/templates/dml-top.html" />
+           <arg value="${build.dir}/dml-temp.html" />
+           <arg value="${utilities.dir}/templates/dml-tail.html" />
+       </exec>
         <exec executable="perl" failonerror="true">
             <arg value="${utilities.dir}/bodge-eacute.pl" />
             <arg value="${build.dir}/dml.html" />
@@ -2928,10 +2912,15 @@
         <echo>Running generate.html.uai XSLT</echo>
         <exec executable="xsltproc" failonerror="true">
             <arg value="--output" />
-            <arg value="${build.dir}/uai.html" />
+            <arg value="${build.dir}/uai-temp.html" />
             <arg value="${utilities.dir}/ua-idp.xsl" />
             <arg value="${aggregates.dir}/ukfederation-metadata.xml" />
         </exec>
+        <exec executable="cat" failonerror="true" output="${build.dir}/uai.html">
+           <arg value="${utilities.dir}/templates/uai-top.html" />
+           <arg value="${build.dir}/uai-temp.html" />
+           <arg value="${utilities.dir}/templates/uai-tail.html" />
+       </exec>
     </target>
 
     <!--

diff --git a/mdx/ns_norm.xsl b/mdx/ns_norm.xsl
@@ -104,7 +104,7 @@
 
 
     <xsl:template match="md:*">
-        <xsl:element name="{local-name()}" namespace="urn:oasis:names:tc:SAML:2.0:metadata">
+        <xsl:element name="{local-name()}">
             <xsl:apply-templates select="node()|@*"/>
         </xsl:element>
     </xsl:template>

diff --git a/mdx/uk/add_cbc_encryption.xsl b/mdx/uk/add_cbc_encryption.xsl
@@ -9,17 +9,17 @@
     <xsl:output method="xml" encoding="UTF-8" indent="yes"/>
 
     <xsl:template match="//md:KeyDescriptor
-		[parent::md:SPSSODescriptor]
-		[not(@use='signing')]
-                [not(
-			md:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes128-gcm'] or
-			md:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes192-gcm'] or
-			md:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes256-gcm'] or
-			md:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'] or
-			md:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes192-cbc'] or
-			md:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc'] or
-			md:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc']
-	)]">
+        [parent::md:SPSSODescriptor and
+          not(@use='signing') and
+          not(
+            md:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes128-gcm'] or
+            md:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes192-gcm'] or
+            md:EncryptionMethod[@Algorithm='http://www.w3.org/2009/xmlenc11#aes256-gcm'] or
+            md:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'] or
+            md:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes192-cbc'] or
+            md:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc'] or
+            md:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc']
+        )]">