Rejig the entire checking framework so that it uses the same xsl:mess…

…age conventions as the system we're building into the aggregator code. This means that the same checking transforms will be usable in both systems interchangeably. This also includes renaming the "fatal" template to "error" and adding a new "info" template. Update to sdss-mdcheck V1.3 to support these new conventions.
InCommon · May 24, 2011 · e2f4a26 · e2f4a26
1 parent 3e03b7e
commit e2f4a26
Show file tree

Hide file tree

Showing 18 changed files with 106 additions and 75 deletions.
diff --git a/build/check.xsl b/build/check.xsl
@@ -41,7 +41,7 @@
 	-->
 	<xsl:template match="md:EntityDescriptor[md:Organization/md:OrganizationName]
 		[not(ukfxMembers:isOwnerName($members, md:Organization/md:OrganizationName))]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">unknown owner name: <xsl:value-of select="md:Organization/md:OrganizationName"/></xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
@@ -51,7 +51,7 @@
 		Check for badly formatted e-mail addresses.
 	-->
 	<xsl:template match="md:EmailAddress[mdxMail:dodgyAddress(.)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">badly formatted e-mail address: '<xsl:value-of select='.'/>'</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>

diff --git a/build/check_adfs.xsl b/build/check_adfs.xsl
@@ -29,7 +29,7 @@
 	<xsl:template match="md:IDPSSODescriptor
 		[contains(@protocolSupportEnumeration, 'http://schemas.xmlsoap.org/ws/2003/07/secext')]
 		[not(md:SingleSignOnService/@Binding = 'http://schemas.xmlsoap.org/ws/2003/07/secext')]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">ADFS IdP role lacks SSO service with appropriate Binding</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
@@ -45,7 +45,7 @@
 			The current UK federation metadata has one entity which breaks this rule at present.
 			Change this from "warning" to "fatal" once that has been resolved.
 		-->
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">ADFS SP role lacks SSO service with appropriate Binding</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
@@ -57,23 +57,23 @@
 	<xsl:template match="md:SingleSignOnService
 		[@Binding='http://schemas.xmlsoap.org/ws/2003/07/secext']
 		[not(contains(../@protocolSupportEnumeration, 'http://schemas.xmlsoap.org/ws/2003/07/secext'))]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">ADFS SingleSignOnService requires appropriate protocolSupportEnumeration</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
 
 	<xsl:template match="md:AssertionConsumerService
 		[@Binding='http://schemas.xmlsoap.org/ws/2003/07/secext']
 		[not(contains(../@protocolSupportEnumeration, 'http://schemas.xmlsoap.org/ws/2003/07/secext'))]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">ADFS AssertionConsumerService requires appropriate protocolSupportEnumeration</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
 
 	<xsl:template match="md:SingleLogoutService
 		[@Binding='http://schemas.xmlsoap.org/ws/2003/07/secext']
 		[not(contains(../@protocolSupportEnumeration, 'http://schemas.xmlsoap.org/ws/2003/07/secext'))]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">ADFS SingleLogoutService requires appropriate protocolSupportEnumeration</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>

diff --git a/build/check_fixups.xsl b/build/check_fixups.xsl
@@ -35,13 +35,13 @@
 	-->
 
 	<xsl:template match="md:IDPSSODescriptor/md:KeyDescriptor[not(@use)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">IdP SSO KeyDescriptor lacking @use</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
 
 	<xsl:template match="md:AttributeAuthorityDescriptor/md:KeyDescriptor[not(@use)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">IdP AA KeyDescriptor lacking @use</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
@@ -54,7 +54,7 @@
 		See https://wiki.shibboleth.net/confluence/display/SHIB2/MetadataCorrectness#MetadataCorrectness-Version2.0
 	-->
 	<xsl:template match="md:KeyDescriptor/md:EncryptionMethod">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">KeyDescriptor contains EncryptionMethod: OpenSAML-C 2.0 problem</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>

diff --git a/build/check_framework.xsl b/build/check_framework.xsl
@@ -22,13 +22,13 @@
 
 
 	<!--
-		Common template to call to report a fatal error on some element within an entity.
+		Common template to call to report an error on some element within an entity.
 	-->
-	<xsl:template name="fatal">
+	<xsl:template name="error">
 		<xsl:param name="m"/>
 		<xsl:variable name="entity" select="ancestor-or-self::md:EntityDescriptor"/>
 		<xsl:message terminate='no'>
-			<xsl:text>*** </xsl:text>
+			<xsl:text>[ERROR] </xsl:text>
 			<!--
 				If we're processing an aggregate, we need to indicate which
 				individual entity we're dealing with.
@@ -59,7 +59,38 @@
 		<xsl:param name="m"/>
 		<xsl:variable name="entity" select="ancestor-or-self::md:EntityDescriptor"/>
 		<xsl:message terminate='no'>
-			<xsl:text>??? </xsl:text>
+			<xsl:text>[WARN] </xsl:text>
+			<!--
+				If we're processing an aggregate, we need to indicate which
+				individual entity we're dealing with.
+			-->
+			<xsl:if test="ancestor-or-self::md:EntitiesDescriptor">
+				<!--
+					Use an ID if available, otherwise the entityID.
+				-->
+				<xsl:choose>
+					<xsl:when test="$entity/@ID">
+						<xsl:value-of select="$entity/@ID"/>
+					</xsl:when>
+					<xsl:otherwise>
+						<xsl:value-of select="$entity/@entityID"/>
+					</xsl:otherwise>
+				</xsl:choose>
+				<xsl:text>: </xsl:text>
+			</xsl:if>
+			<xsl:value-of select="$m"/>
+		</xsl:message>
+	</xsl:template>
+
+
+	<!--
+		Common template to call to report an informational message on some element within an entity.
+	-->
+	<xsl:template name="info">
+		<xsl:param name="m"/>
+		<xsl:variable name="entity" select="ancestor-or-self::md:EntityDescriptor"/>
+		<xsl:message terminate='no'>
+			<xsl:text>[INFO] </xsl:text>
 			<!--
 				If we're processing an aggregate, we need to indicate which
 				individual entity we're dealing with.

diff --git a/build/check_future.xsl b/build/check_future.xsl
@@ -38,7 +38,7 @@
 		[contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol')]
 		[not(md:KeyDescriptor[descendant::ds:X509Data][@use='encryption'])]
 		[not(md:KeyDescriptor[descendant::ds:X509Data][not(@use)])]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">SAML 2 SP has no encryption key</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
@@ -49,7 +49,7 @@
 	-->
 
 	<xsl:template match="@Location[contains(., '%')]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">URL-encoded Location attribute; should be entity-encoded</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>

diff --git a/build/check_idpdisc.xsl b/build/check_idpdisc.xsl
@@ -30,7 +30,7 @@
 		<xsl:variable name="indices" select="descendant::idpdisc:DiscoveryResponse/@index"/>
 		<xsl:variable name="distinct.indices" select="set:distinct($indices)"/>
 		<xsl:if test="count($indices) != count($distinct.indices)">
-			<xsl:call-template name="fatal">
+			<xsl:call-template name="error">
 				<xsl:with-param name="m">DiscoveryResponse index values not all different</xsl:with-param>
 			</xsl:call-template>
 		</xsl:if>
@@ -43,20 +43,20 @@
 	-->
 
 	<xsl:template match="idpdisc:DiscoveryResponse[not(@index)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">missing index attribute on DiscoveryResponse</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
 
 	<xsl:template match="idpdisc:DiscoveryResponse[not(@Binding)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">missing Binding attribute on DiscoveryResponse</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
 
 	<xsl:template match="idpdisc:DiscoveryResponse[@Binding]
 		[@Binding!='urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">incorrect Binding value on DiscoveryResponse</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>

diff --git a/build/check_imported.xsl b/build/check_imported.xsl
@@ -33,7 +33,7 @@
 			IdPs registered with the UK federation are expected to have at least one scope.
 		-->
 		<xsl:if test="not(descendant::shibmd:Scope)">
-			<xsl:call-template name="fatal">
+			<xsl:call-template name="error">
 				<xsl:with-param name="m">this IdP does not have any Scope elements</xsl:with-param>
 			</xsl:call-template>
 		</xsl:if>		

diff --git a/build/check_init.xsl b/build/check_init.xsl
@@ -26,14 +26,14 @@
 	-->
 
 	<xsl:template match="init:RequestInitiator[not(@Binding)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">missing Binding attribute on RequestInitiator</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
 
 	<xsl:template match="init:RequestInitiator[@Binding]
 		[@Binding!='urn:oasis:names:tc:SAML:profiles:SSO:request-init']">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">incorrect Binding value on RequestInitiator</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>

diff --git a/build/check_mdiop.xsl b/build/check_mdiop.xsl
@@ -36,7 +36,7 @@
 		[not(ds:KeyInfo/ds:KeyName)]
 		[not(ds:KeyInfo/ds:KeyValue)]
 		[not(ds:KeyInfo/ds:X509Data/ds:X509Certificate)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">KeyDescriptor does not contain a key representation</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
@@ -45,7 +45,7 @@
 		Section 2.5.1: only one X.509 certificate may appear in any KeyDescriptor.
 	-->
 	<xsl:template match="md:KeyDescriptor[count(ds:KeyInfo/ds:X509Data/ds:X509Certificate)>1]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">KeyDescriptor contains more than one X509Certificate</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>

diff --git a/build/check_mdui.xsl b/build/check_mdui.xsl
@@ -37,7 +37,7 @@
 		<mdui:UIInfo> MUST NOT appear more than once within a given <md:Extensions> element.
 	-->
 	<xsl:template match="md:Extensions/mdui:UIInfo[position()>1]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">more than one UIInfo element in one Extensions element</xsl:with-param>
 		</xsl:call-template>		
 	</xsl:template>
@@ -50,7 +50,7 @@
 	-->
 	<xsl:template match="md:Extensions/mdui:*
 		[not(local-name()='UIInfo')][not(local-name()='DiscoHints')]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">
 				<xsl:text>misspelled or misplaced mdui element within md:Extensions: </xsl:text>
 				<xsl:value-of select="local-name()"/>
@@ -69,13 +69,13 @@
 		SPSSODescriptor elements, which are the ones we'll actually make use of.]
 	-->
 	<xsl:template match="mdui:UIInfo[not(parent::md:Extensions)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">UIInfo appearing outside Extensions element</xsl:with-param>
 		</xsl:call-template>        
 	</xsl:template>
 	<xsl:template match="md:Extensions[mdui:UIInfo]
 		[not(parent::md:IDPSSODescriptor)][not(parent::md:SPSSODescriptor)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">UIInfo appearing outside role descriptor element</xsl:with-param>
 		</xsl:call-template>        
 	</xsl:template>
@@ -120,7 +120,7 @@
 		<xsl:variable name="l" select="$e/@xml:lang"></xsl:variable>
 		<xsl:variable name="u" select="set:distinct($l)"/>
 		<xsl:if test="count($l) != count($u)">
-			<xsl:call-template name="fatal">
+			<xsl:call-template name="error">
 				<xsl:with-param name="m">
 					<xsl:text>non-unique lang values on </xsl:text>
 					<xsl:value-of select="name($e)"/>
@@ -159,19 +159,19 @@
 			This is a SHOULD in the specification; we treat it as a MUST here.
 		-->
 		<xsl:if test="not(starts-with(., 'https://'))">
-			<xsl:call-template name="fatal">
+			<xsl:call-template name="error">
 				<xsl:with-param name="m">mdui:Logo URL does not start with https://</xsl:with-param>
 			</xsl:call-template>
 		</xsl:if>
 		<!-- Schema validity: must have a height attribute -->
 		<xsl:if test="not(@height)">
-			<xsl:call-template name="fatal">
+			<xsl:call-template name="error">
 				<xsl:with-param name="m">missing @height on <xsl:value-of select="name()"/></xsl:with-param>
 			</xsl:call-template>
 		</xsl:if>
 		<!-- Schema validity: must have a width attribute -->
 		<xsl:if test="not(@width)">
-			<xsl:call-template name="fatal">
+			<xsl:call-template name="error">
 				<xsl:with-param name="m">missing @width on <xsl:value-of select="name()"/></xsl:with-param>
 			</xsl:call-template>
 		</xsl:if>   
@@ -197,7 +197,7 @@
 	<xsl:template name="localisedNameType">
 		<!-- Schema validity: must have an xml:lang attribute -->
 		<xsl:if test="not(@xml:lang)">
-			<xsl:call-template name="fatal">
+			<xsl:call-template name="error">
 				<xsl:with-param name="m">missing @xml:lang on <xsl:value-of select="name()"/></xsl:with-param>
 			</xsl:call-template>
 		</xsl:if>	
@@ -210,12 +210,12 @@
 		<md:Extensions> element of an <md:IDPSSODescriptor> element.
 	-->
 	<xsl:template match="mdui:DiscoHints[not(parent::md:Extensions)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">DiscoHints appearing outside Extensions element</xsl:with-param>
 		</xsl:call-template>        
 	</xsl:template>
 	<xsl:template match="md:Extensions[mdui:DiscoHints][not(parent::md:IDPSSODescriptor)]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">DiscoHints appearing outside IDPSSODescriptor element</xsl:with-param>
 		</xsl:call-template>        
 	</xsl:template>
@@ -226,7 +226,7 @@
 		<mdui:DiscoHints> MUST NOT appear more than once within a given <md:Extensions> element.
 	-->
 	<xsl:template match="md:Extensions/mdui:DiscoHints[position()>1]">
-		<xsl:call-template name="fatal">
+		<xsl:call-template name="error">
 			<xsl:with-param name="m">more than one DiscoHints element in one Extensions element</xsl:with-param>
 		</xsl:call-template>        
 	</xsl:template>