Check SAML elements with string type have some non-whitespace charact…

…ers. Remove similarly motivated XSLT checks. Remove an explicitly blacklisted entity which had this problem.
internet2 · Mar 11, 2015 · 052b2fe · 052b2fe
1 parent 8d18645
commit 052b2fe
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 40 deletions.
diff --git a/build/extract_locs.pl b/build/extract_locs.pl
@@ -2,7 +2,7 @@
 
 use Xalan;
 
-open(XML, xalanCall . " -IN ../mdx/uk/collected.xml -XSL extract_locs.xsl|") || die "could not open input file";
+open(XML, xalanCall . " -IN edugain.xml -XSL extract_locs.xsl|") || die "could not open input file";
 while (<XML>) {
 	chop;
 	if (/^https:\/\/([^\/:]+(:\d+)?)(\/|$)/) {

diff --git a/mdx/_rules/check_mdui.xsl b/mdx/_rules/check_mdui.xsl
@@ -28,42 +28,6 @@
 	-->
 	<xsl:import href="check_framework.xsl"/>
 
-	<!--
-		General SAML constraint that xs:string elements must contain at least one
-		non-whitespace character.  That's actually too hard to do in XSLT so we'll
-		restrict ourselves to a check for empty elements for now.
-	-->
-	<xsl:template match="mdui:DisplayName[. = '']">
-		<xsl:call-template name="error">
-			<xsl:with-param name="m">mdui:DisplayName must not be empty</xsl:with-param>
-		</xsl:call-template>        
-	</xsl:template>
-	<xsl:template match="mdui:Description[. = '']">
-		<xsl:call-template name="error">
-			<xsl:with-param name="m">mdui:Description must not be empty</xsl:with-param>
-		</xsl:call-template>        
-	</xsl:template>
-	<xsl:template match="mdui:Keywords[. = '']">
-		<xsl:call-template name="error">
-			<xsl:with-param name="m">mdui:Keywords must not be empty</xsl:with-param>
-		</xsl:call-template>        
-	</xsl:template>
-	<xsl:template match="mdui:IPHint[. = '']">
-		<xsl:call-template name="error">
-			<xsl:with-param name="m">mdui:IPHint must not be empty</xsl:with-param>
-		</xsl:call-template>        
-	</xsl:template>
-	<xsl:template match="mdui:DomainHint[. = '']">
-		<xsl:call-template name="error">
-			<xsl:with-param name="m">mdui:DomainHint must not be empty</xsl:with-param>
-		</xsl:call-template>        
-	</xsl:template>
-	<xsl:template match="mdui:GeolocationHint[. = '']">
-		<xsl:call-template name="error">
-			<xsl:with-param name="m">mdui:GeolocationHint must not be empty</xsl:with-param>
-		</xsl:call-template>        
-	</xsl:template>
-
 	<!--
 		Section 2.1
 		

diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml
@@ -294,6 +294,9 @@
     <bean id="RegistrationAuthorityMatcher" abstract="true"
         class="uk.org.ukfederation.mda.dom.saml.mdattr.RegistrationAuthorityMatcher"/>
 
+    <bean id="SAMLStringElementCheckingStage" abstract="true" parent="stage_parent"
+        class="uk.org.ukfederation.mda.dom.saml.SAMLStringElementCheckingStage"/>
+
     <bean id="validator_parent" abstract="true" parent="component_parent"/>
 
     <bean id="X509ConsistentNameValidator" abstract="true" parent="validator_parent"
@@ -638,10 +641,17 @@
     <!--
         QNames for SAML metadata elements.
     -->
+    <bean id="md-Company"                 parent="QName" c:_0-ref="md_namespace" c:_1="Company"/>
     <bean id="md-EmailAddress"            parent="QName" c:_0-ref="md_namespace" c:_1="EmailAddress"/>
+    <bean id="md-GivenName"               parent="QName" c:_0-ref="md_namespace" c:_1="GivenName"/>
     <bean id="md-NameIDFormat"            parent="QName" c:_0-ref="md_namespace" c:_1="NameIDFormat"/>
     <bean id="md-OrganizationDisplayName" parent="QName" c:_0-ref="md_namespace" c:_1="OrganizationDisplayName"/>
+    <bean id="md-OrganizationName"        parent="QName" c:_0-ref="md_namespace" c:_1="OrganizationName"/>
     <bean id="md-OrganizationURL"         parent="QName" c:_0-ref="md_namespace" c:_1="OrganizationURL"/>
+    <bean id="md-ServiceDescription"      parent="QName" c:_0-ref="md_namespace" c:_1="ServiceDescription"/>
+    <bean id="md-ServiceName"             parent="QName" c:_0-ref="md_namespace" c:_1="ServiceName"/>
+    <bean id="md-SurName"                 parent="QName" c:_0-ref="md_namespace" c:_1="SurName"/>
+    <bean id="md-TelephoneNumber"         parent="QName" c:_0-ref="md_namespace" c:_1="TelephoneNumber"/>
 
     <!--
         Basic EntitiesDescriptor disassembler pipeline stage.
@@ -768,9 +778,15 @@
         ***                                         ***
         ***********************************************
     -->
-
-    <bean id="mdui-InformationURL" parent="QName" c:_0-ref="mdui_namespace" c:_1="InformationURL"/>
-    <bean id="mdui-Logo"           parent="QName" c:_0-ref="mdui_namespace" c:_1="Logo"/>
+
+    <bean id="mdui-Description"     parent="QName" c:_0-ref="mdui_namespace" c:_1="Description"/>
+    <bean id="mdui-DisplayName"     parent="QName" c:_0-ref="mdui_namespace" c:_1="DisplayName"/>
+    <bean id="mdui-DomainHint"      parent="QName" c:_0-ref="mdui_namespace" c:_1="DomainHint"/>
+    <bean id="mdui-GeolocationHint" parent="QName" c:_0-ref="mdui_namespace" c:_1="GeolocationHint"/>
+    <bean id="mdui-InformationURL"  parent="QName" c:_0-ref="mdui_namespace" c:_1="InformationURL"/>
+    <bean id="mdui-IPHint"          parent="QName" c:_0-ref="mdui_namespace" c:_1="IPHint"/>
+    <bean id="mdui-Keywords"        parent="QName" c:_0-ref="mdui_namespace" c:_1="Keywords"/>
+    <bean id="mdui-Logo"            parent="QName" c:_0-ref="mdui_namespace" c:_1="Logo"/>
 
     <bean id="stripMDUIDiscoHints" parent="ElementStrippingStage"
         p:id="stripMDUIDiscoHints"

diff --git a/mdx/validation-beans.xml b/mdx/validation-beans.xml
@@ -580,6 +580,32 @@
         </property>
     </bean>
 
+    <!--
+        check_saml_strings
+    -->
+    <bean id="check_saml_strings" parent="SAMLStringElementCheckingStage"
+        p:id="check_saml_strings">
+        <property name="elementNames">
+            <set>
+                <ref bean="md-Company"/>
+                <ref bean="md-GivenName"/>
+                <ref bean="md-OrganizationDisplayName"/>
+                <ref bean="md-OrganizationName"/>
+                <ref bean="md-ServiceDescription"/>
+                <ref bean="md-ServiceName"/>
+                <ref bean="md-SurName"/>
+                <ref bean="md-TelephoneNumber"/>
+
+                <ref bean="mdui-Description"/>
+                <ref bean="mdui-DisplayName"/>
+                <ref bean="mdui-DomainHint"/>
+                <ref bean="mdui-GeolocationHint"/>
+                <ref bean="mdui-IPHint"/>
+                <ref bean="mdui-Keywords"/>
+            </set>
+        </property>
+    </bean>
+
     <!--
         check_shibboleth
     -->
@@ -815,6 +841,7 @@
                 <ref bean="check_saml2"/>
                 <ref bean="check_saml2int"/>
                 <ref bean="check_saml2meta"/>
+                <ref bean="check_saml_strings"/>
                 <ref bean="check_shibboleth"/>
                 <ref bean="check_uk_algorithms"/>
                 <ref bean="check_uk_trust"/>