Fold what remains of check.xsl into check_ukreg.

Duplicate check_ukreg as check_ukreg_mda, a version which requires a members bean to be provided as a parameter, for use within the aggregator.

build.xml

@@ -1027,7 +1027,6 @@
 		<sequential>
 			<CHECK.std i="@{i}">
                 <arg value="${build.dir}/check_ukreg.xsl"/>
-			    <arg value="${build.dir}/check.xsl"/>
 			</CHECK.std>
 		</sequential>
 	</macrodef>

build/check_ukreg.xsl

@@ -10,8 +10,13 @@
 
 -->
 <xsl:stylesheet version="1.0"
-	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
 	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+
+	xmlns:mdxMail="xalan://uk.ac.sdss.xalan.md.Mail"
+	xmlns:ukfxMembers="xalan://uk.org.ukfederation.members.Members"
+	extension-element-prefixes="mdxMail ukfxMembers"
+
 	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
 
 	<!--
@@ -21,15 +26,58 @@
 
 
 	<!--
-		Check for entities which do not have an OrganizationName at all.
+		Pick up the members.xml document, and create a Members class instance.
 	-->
-	<xsl:template match="md:EntityDescriptor[not(md:Organization/md:OrganizationName)]">
-		<xsl:call-template name="error">
-			<xsl:with-param name="m">entity lacks OrganizationName</xsl:with-param>
-		</xsl:call-template>
+	<xsl:variable name="memberDocument" select="document('../xml/members.xml')"/>
+	<xsl:variable name="members" select="ukfxMembers:new($memberDocument)"/>
+
+
+	<!--
+		Check EntityDescriptor elements.
+	-->
+	<xsl:template match="md:EntityDescriptor">
+
+		<!-- tests on OrganizationName -->
+		<xsl:choose>
+
+			<!--
+				Check for entities which do not have an OrganizationName at all.
+			-->
+			<xsl:when test="not(md:Organization/md:OrganizationName)">
+				<xsl:call-template name="error">
+					<xsl:with-param name="m">entity lacks OrganizationName</xsl:with-param>
+				</xsl:call-template>
+			</xsl:when>
+
+			<xsl:otherwise>
+				<!--
+					Check for entities with OrganizationName elements which don't correspond to
+					a canonical owner name.
+				-->
+				<xsl:if test="not(ukfxMembers:isOwnerName($members, md:Organization/md:OrganizationName))">
+					<xsl:call-template name="error">
+						<xsl:with-param name="m">unknown owner name: <xsl:value-of select="md:Organization/md:OrganizationName"/></xsl:with-param>
+					</xsl:call-template>
+				</xsl:if>
+			</xsl:otherwise>
+
+		</xsl:choose>
+
+		<!-- apply tests to child elements -->
+		<xsl:apply-templates/>
 	</xsl:template>
 
 
+	<!--
+		Check for badly formatted e-mail addresses.
+	-->
+	<xsl:template match="md:EmailAddress[mdxMail:dodgyAddress(.)]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">badly formatted e-mail address: '<xsl:value-of select='.'/>'</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+
 	<!--
 		Check for https:// locations that use an explicit but redundant port specifier.
 	-->

build/check_ukreg_mda.xsl

@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_ukreg_mda.xsl
+	
+	Checking ruleset containing rules that only apply to metadata registered
+	by the UK federation's registrar function.
+	
+	Identical to check_ukreg except that it assumes a members bean passed
+	as parameter rather than loading one itself.
+	
+	Author: Ian A. Young <ian@iay.org.uk>
+
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+
+	xmlns:mdxMail="xalan://uk.ac.sdss.xalan.md.Mail"
+	xmlns:ukfxMembers="xalan://uk.org.ukfederation.members.Members"
+	extension-element-prefixes="mdxMail ukfxMembers"
+
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="check_framework.xsl"/>
+
+
+	<!--
+		Parameters.
+	-->
+	<xsl:param name="members"/>
+
+
+	<!--
+		Check EntityDescriptor elements.
+	-->
+	<xsl:template match="md:EntityDescriptor">
+
+		<!-- tests on OrganizationName -->
+		<xsl:choose>
+
+			<!--
+				Check for entities which do not have an OrganizationName at all.
+			-->
+			<xsl:when test="not(md:Organization/md:OrganizationName)">
+				<xsl:call-template name="error">
+					<xsl:with-param name="m">entity lacks OrganizationName</xsl:with-param>
+				</xsl:call-template>
+			</xsl:when>
+
+			<xsl:otherwise>
+				<!--
+					Check for entities with OrganizationName elements which don't correspond to
+					a canonical owner name.
+				-->
+				<xsl:if test="not(ukfxMembers:isOwnerName($members, md:Organization/md:OrganizationName))">
+					<xsl:call-template name="error">
+						<xsl:with-param name="m">unknown owner name: <xsl:value-of select="md:Organization/md:OrganizationName"/></xsl:with-param>
+					</xsl:call-template>
+				</xsl:if>
+			</xsl:otherwise>
+
+		</xsl:choose>
+
+		<!-- apply tests to child elements -->
+		<xsl:apply-templates/>
+	</xsl:template>
+
+
+	<!--
+		Check for badly formatted e-mail addresses.
+	-->
+	<xsl:template match="md:EmailAddress[mdxMail:dodgyAddress(.)]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">badly formatted e-mail address: '<xsl:value-of select='.'/>'</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+
+	<!--
+		Check for https:// locations that use an explicit but redundant port specifier.
+	-->
+	<xsl:template match="*[@Location and starts-with(@Location, 'https://')
+		and contains(@Location,':443/')]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:value-of select='local-name()'/>
+				<xsl:text> Location </xsl:text>
+				<xsl:value-of select="@Location"/>
+				<xsl:text> not in standard form</xsl:text>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+
+</xsl:stylesheet>

mdx/uk/beans.xml

@@ -51,9 +51,14 @@
         <property name="id" value="check_ukreg"/>
         <property name="xslResource">
             <bean class="org.opensaml.util.resource.FilesystemResource">
-                <constructor-arg value="#{ systemProperties['basedir'] }/build/check_ukreg.xsl"/>
+                <constructor-arg value="#{ systemProperties['basedir'] }/build/check_ukreg_mda.xsl"/>
             </bean>
         </property>
+        <property name="transformParameters">
+            <map>
+                <entry key="members" value-ref="members"/>
+            </map>
+        </property>
     </bean>
 
     <!--

mdx/uk/collect.xml

@@ -123,13 +123,6 @@
                 -->
                 <ref bean="addUKTrustRoots"/>
 
-                <!--
-                    It's much faster to run this check on the EntitiesDescriptor because it
-                    loads up a copy of members.xml every time it is used.  This should be
-                    fixed to use a parameter.
-                -->
-                <ref bean="check_check"/>
-
                 <!-- failure of any check on registered metadata is fatal -->
                 <ref bean="errorTerminatingFilter"/>
 

mdx/validation-beans.xml

@@ -191,19 +191,6 @@
         </property>
     </bean>
 
-    <!--
-        check_check
-    -->
-    <bean id="check_check" class="net.shibboleth.metadata.dom.XSLValidationStage"
-        init-method="initialize" lazy-init="true">
-        <property name="id" value="check_check"/>
-        <property name="xslResource">
-            <bean class="org.opensaml.util.resource.FilesystemResource">
-                <constructor-arg value="#{ systemProperties['basedir'] }/build/check.xsl"/>
-            </bean>
-        </property>
-    </bean>
-
     <!--
         CHECK.std
     -->