Bugzilla 896: check that existing mdrpi metadata on import matches th…

…e source Made a checking framework for this, and applied it to the ie_edugate channel (which doesn't yet have such metadata, but which we import) and the hu_eduid channel (which we don't import, but does have the metadata).
InCommon · Jan 31, 2012 · d8b5763 · d8b5763
1 parent d286601
commit d8b5763
Show file tree

Hide file tree

Showing 4 changed files with 110 additions and 0 deletions.
diff --git a/mdx/check_regauth.xsl b/mdx/check_regauth.xsl
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_regauth.xsl
+
+	Check that the registration authority on an entity is the expected one.
+	
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="../build/check_framework.xsl"/>
+
+	<!--
+        expectedAuthority
+        
+        Set this parameter from the calling context.
+    -->
+	<xsl:param name="expectedAuthority">(value not set)</xsl:param>
+
+	<xsl:template match="mdrpi:RegistrationInfo">
+		<xsl:if test="@registrationAuthority != $expectedAuthority">
+			<xsl:call-template name="error">
+				<xsl:with-param name="m">
+					<xsl:text>unexpected registration authority '</xsl:text>
+					<xsl:value-of select="@registrationAuthority"/>
+					<xsl:text>'; expected '</xsl:text>
+					<xsl:value-of select="$expectedAuthority"/>
+					<xsl:text>' for this channel</xsl:text>
+				</xsl:with-param>
+			</xsl:call-template>
+		</xsl:if>
+	</xsl:template>
+
+</xsl:stylesheet>
diff --git a/mdx/hu_eduid/beans.xml b/mdx/hu_eduid/beans.xml
@@ -50,6 +50,30 @@
         <property name="namespace" value="urn:geant:niif.hu:eduid.hu:entity-attributes:processing-info"/>
     </bean>
 
+    <!--
+        hu_eduid_registrar
+        
+        Unique ID for the registrar associated with this channel.
+    -->
+    <bean id="hu_eduid_registrar" class="java.lang.String">
+        <constructor-arg value="http://eduid.hu"/>
+    </bean>
+
+    <!--
+        hu_eduid_check_regauth
+        
+        Any registrationAuthority already present on an entity in this
+        channel must match the known registration authority value.
+    -->
+    <bean id="hu_eduid_check_regauth" parent="check_regauth_parent">
+        <property name="id" value="hu_eduid_check_regauth"/>
+        <property name="transformParameters">
+            <map>
+                <entry key="expectedAuthority" value-ref="hu_eduid_registrar"/>
+            </map>
+        </property>
+    </bean>
+
     <!--
         Fetch and process the exported entities as a collection.
     -->
@@ -74,6 +98,7 @@
 
                 <ref bean="hu_eduid_stripEntityAttributesNamespace"/>
 
+                <ref bean="hu_eduid_check_regauth"/>
                 <ref bean="standardImportActions"/>
             </list>
         </property>

diff --git a/mdx/ie_edugate/beans.xml b/mdx/ie_edugate/beans.xml
@@ -75,6 +75,30 @@
         <property name="maxValidityInterval" value="#{ 1000L * 60 * 60 * 24 * 14 }"/>
     </bean>
 
+    <!--
+        ie_edugate_registrar
+        
+        Unique ID for the registrar associated with this channel.
+    -->
+    <bean id="ie_edugate_registrar" class="java.lang.String">
+        <constructor-arg value="http://edugate.heanet.ie"/>
+    </bean>
+
+    <!--
+        ie_edugate_check_regauth
+        
+        Any registrationAuthority already present on an entity in this
+        channel must match the known registration authority value.
+    -->
+    <bean id="ie_edugate_check_regauth"  parent="check_regauth_parent">
+        <property name="id" value="ie_edugate_check_regauth"/>
+        <property name="transformParameters">
+            <map>
+                <entry key="expectedAuthority" value-ref="ie_edugate_registrar"/>
+            </map>
+        </property>
+    </bean>
+
     <!--
         Fetch and process all entities as a collection.
     -->
@@ -96,6 +120,7 @@
 
                 <ref bean="disassemble"/>
 
+                <ref bean="ie_edugate_check_regauth"/>
                 <ref bean="standardImportActions"/>
             </list>
         </property>
@@ -122,6 +147,7 @@
 
                 <ref bean="disassemble"/>
 
+                <ref bean="ie_edugate_check_regauth"/>
                 <ref bean="standardImportActions"/>
             </list>
         </property>

diff --git a/mdx/validation-beans.xml b/mdx/validation-beans.xml
@@ -164,6 +164,23 @@
         </property>
     </bean>
 
+    <!--
+        check_regauth_parent
+        
+        Parent (template) for per-channel beans.
+        
+        Any registrationAuthority already present on an entity in this
+        channel must match the known registration authority value.
+    -->
+    <bean id="check_regauth_parent" class="net.shibboleth.metadata.dom.XSLValidationStage"
+        init-method="initialize" lazy-init="true" abstract="true">
+        <property name="xslResource">
+            <bean class="org.opensaml.util.resource.FilesystemResource">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_regauth.xsl"/>
+            </bean>
+        </property>
+    </bean>
+
     <!--
         ***********************************************
         ***                                         ***