Major refactoring of the fixup system.

Move everything related to fixups into the mdx/uk directory; move the major related beans definitions into the generate spring definition file, as they are not (and should not) be used elsewhere. Split the existing fixups definitions (applying and checking for fixups) into two: one set for the EncryptionMethod fixup and one set for the IdP KeyDescriptor/@use fixup. Move the application of fixups away from the input channels and into the output pipelines. Move the generation of the test aggregate into a pipeline (actually, a composite stage) of its own, so that it's more similar-looking to the other output pipelines. This is a pure refactoring, with no output changes as a result. However, we're now ready to start publishing EncryptionMethod elements in selected aggregates if and when desired.
InCommon · Apr 4, 2013 · ee410a3 · ee410a3
1 parent 4db2ef6
commit ee410a3
Show file tree

Hide file tree

Showing 6 changed files with 195 additions and 115 deletions.
diff --git a/mdx/uk/beans.xml b/mdx/uk/beans.xml
@@ -252,27 +252,6 @@
     </bean>
 
 
-    <!--
-        uk_checkPublishable
-        
-        Check an aggregate metadata document for publishability.  This is applied during
-        all UK publication flows prior to any signature step.  It is not applied to
-        export flows, for which we desire the closest possible correspondence to
-        the registered metadata.
-    -->
-    <bean id="uk_checkPublishable" parent="composite_parent"
-        p:id="uk_checkPublishable">
-        <property name="composedStages">
-            <list>
-                <ref bean="checkSchemas"/>
-                <ref bean="check_aggregate"/>
-                <ref bean="check_filtered"/>
-                <ref bean="check_fixups"/>
-            </list>
-        </property>
-    </bean>
-
-
     <!--
         uk_trustRootsDocument
         
@@ -340,21 +319,6 @@
     </bean>
 
 
-    <!--
-        uk_performFixups
-        
-        This stage performs any fixup actions required before publication to UK federation members.
-    -->
-    <bean id="uk_performFixups" parent="xslt_parent"
-        p:id="uk_performFixups">
-        <property name="xslResource">
-            <bean parent="file_parent">
-                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/uk/fixups.xsl"/>
-            </bean>
-        </property>
-    </bean>
-
-
     <!--
         Populate UKId values from entities.
     -->

diff --git a/mdx/uk/check_fixup_encmethod.xsl b/mdx/uk/check_fixup_encmethod.xsl
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_fixup_encmethod.xsl
+
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+	xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="../_rules/check_framework.xsl"/>
+
+
+	<!--
+		Use of EncryptionMethod within KeyDescriptor causes metadata loading problems
+		for OpenSAML-C 2.0.
+		
+		See https://wiki.shibboleth.net/confluence/display/SHIB2/MetadataCorrectness#MetadataCorrectness-Version2.0
+	-->
+	<xsl:template match="md:KeyDescriptor/md:EncryptionMethod">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">KeyDescriptor contains EncryptionMethod: OpenSAML-C 2.0 problem</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+
+</xsl:stylesheet>
diff --git a/mdx/_rules/check_fixups.xsl → mdx/uk/check_fixup_keyuse.xsl b/mdx/_rules/check_fixups.xsl → mdx/uk/check_fixup_keyuse.xsl
@@ -1,12 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 
-	check_fixups.xsl
-
-	This checking ruleset verifies that certain fixups have been performed on the
-	metadata before it is published.
-	
-	Author: Ian A. Young <ian@iay.org.uk>
+	check_fixup_keyuse.xsl
 
 -->
 <xsl:stylesheet version="1.0"
@@ -22,17 +17,17 @@
 	<!--
 		Common support functions.
 	-->
-	<xsl:import href="check_framework.xsl"/>
+	<xsl:import href="../_rules/check_framework.xsl"/>
 
 
 	<!--
-		Checks for an IdP whose KeyDescriptor elements do not include a @use attribute.
-		This causes problems with the Shibboleth 1.3 SP prior to V1.3.1, which
-		interprets this as "no use permitted" rather than "either signing or encryption use
-		permitted".
-		
-		Two checks are required, one for each of the IdP role descriptors.
-	-->
+        Checks for an IdP whose KeyDescriptor elements do not include a @use attribute.
+        This causes problems with the Shibboleth 1.3 SP prior to V1.3.1, which
+        interprets this as "no use permitted" rather than "either signing or encryption use
+        permitted".
+        
+        Two checks are required, one for each of the IdP role descriptors.
+    -->
 
 	<xsl:template match="md:IDPSSODescriptor/md:KeyDescriptor[not(@use)]">
 		<xsl:call-template name="error">
@@ -45,19 +40,5 @@
 			<xsl:with-param name="m">IdP AA KeyDescriptor lacking @use</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
-
-
-	<!--
-		Use of EncryptionMethod within KeyDescriptor causes metadata loading problems
-		for OpenSAML-C 2.0.
 
-		See https://wiki.shibboleth.net/confluence/display/SHIB2/MetadataCorrectness#MetadataCorrectness-Version2.0
-	-->
-	<xsl:template match="md:KeyDescriptor/md:EncryptionMethod">
-		<xsl:call-template name="error">
-			<xsl:with-param name="m">KeyDescriptor contains EncryptionMethod: OpenSAML-C 2.0 problem</xsl:with-param>
-		</xsl:call-template>
-	</xsl:template>
-
-
 </xsl:stylesheet>
diff --git a/mdx/uk/fixups.xsl → mdx/uk/fixup_keyuse.xsl b/mdx/uk/fixups.xsl → mdx/uk/fixup_keyuse.xsl
@@ -1,21 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 
-	fixups.xsl
-	
-	XSL stylesheet to perform any fixups required to an EntityDescriptor prior to
-	publication to the UK federation membership.
+	fixup_keyuse.xsl
 	
 -->
 <xsl:stylesheet version="1.0"
-	xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
 	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-	xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"
 
 	xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-	exclude-result-prefixes="xsi xsl">
+	exclude-result-prefixes="xsl">
 
 	<!--Force UTF-8 encoding for the output.-->
 	<xsl:output omit-xml-declaration="no" method="xml" encoding="UTF-8" indent="yes"/>
@@ -34,15 +28,6 @@
 	</xsl:template>
 
 
-	<!--
-		Remove any EncryptionMethod elements within KeyDescriptor elements
-		to avoid triggering a problem in OpenSAML-C 2.0.
-		
-		See https://wiki.shibboleth.net/confluence/display/SHIB2/MetadataCorrectness#MetadataCorrectness-Version2.0
-	-->
-	<xsl:template match="md:KeyDescriptor/md:EncryptionMethod"/>
-
-
 	<!--
         *********************************************
         ***                                       ***