Merge remote-tracking branch 'upstream/master'

internet2 · Aug 14, 2014 · 0921635 · 0921635
2 parents 42403f3 + 267157e
commit 0921635
Show file tree

Hide file tree

Showing 10 changed files with 133 additions and 26 deletions.
diff --git a/mdx/_rules/check_mdui.xsl b/mdx/_rules/check_mdui.xsl
@@ -191,16 +191,57 @@
 		</xsl:if>
 	</xsl:template>
 
+	<!--
+        Check for <mdui:Logo> elements that aren't valid URLs.
+        
+        Again, explicitly permit anything starting with 'data:'.
+    -->
+	<xsl:template match="mdui:Logo[mdxURL:invalidURL(.)]">
+		<xsl:if test="not(starts-with(., 'data:'))">
+			<xsl:call-template name="error">
+				<xsl:with-param name="m">
+					<xsl:text>mdui:</xsl:text>
+					<xsl:value-of select='local-name()'/>
+					<xsl:text> '</xsl:text>
+					<xsl:value-of select="."/>
+					<xsl:text>' is not a valid URL: </xsl:text>
+					<xsl:value-of select="mdxURL:whyInvalid(.)"/>
+				</xsl:with-param>
+			</xsl:call-template>
+		</xsl:if>
+	</xsl:template>
+
 	<!--
 		Section 2.1.6 Element <mdui:InformationURL>
 		
 		Require that the URL is valid.
 	-->
-	<xsl:template match="md:InformationURL[mdxURL:invalidURL(.)]">
+	<xsl:template match="mdui:InformationURL[mdxURL:invalidURL(.)]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>mdui:</xsl:text>
+				<xsl:value-of select='local-name()'/>
+				<xsl:text> '</xsl:text>
+				<xsl:value-of select="."/>
+				<xsl:text>' is not a valid URL: </xsl:text>
+				<xsl:value-of select="mdxURL:whyInvalid(.)"/>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+	<!--
+        Section 2.1.7 Element <mdui:PrivacyStatementURL>
+        
+        Require that the URL is valid.
+    -->
+	<xsl:template match="mdui:PrivacyStatementURL[mdxURL:invalidURL(.)]">
 		<xsl:call-template name="error">
 			<xsl:with-param name="m">
+				<xsl:text>mdui:</xsl:text>
 				<xsl:value-of select='local-name()'/>
-				<xsl:text> is not a valid URL: </xsl:text>
+				<xsl:text> '</xsl:text>
+				<xsl:value-of select="."/>
+				<xsl:text>' is not a valid URL: </xsl:text>
 				<xsl:value-of select="mdxURL:whyInvalid(.)"/>
 			</xsl:with-param>
 		</xsl:call-template>

diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml
@@ -86,6 +86,9 @@
     <bean id="CompositeStage" abstract="true" parent="stage_parent"
         class="net.shibboleth.metadata.pipeline.CompositeStage"/>
 
+    <bean id="XMLSignatureSigningStage" abstract="true" parent="stage_parent"
+        class="net.shibboleth.metadata.dom.XMLSignatureSigningStage"/>
+
     <!--
         XMLSignatureValidationStage
         
@@ -137,6 +140,10 @@
         </property>
     </bean>
 
+    <bean id="XPathFilteringStage" abstract="true" parent="stage_parent"
+        class="net.shibboleth.metadata.dom.XPathFilteringStage"
+        p:namespaceContext-ref="commonNamespaces"/>
+
     <!--
         XSLTransformationStage
         
@@ -262,6 +269,21 @@
 
     <bean id="X509ValidationStage" abstract="true" parent="stage_parent"
         class="uk.org.ukfederation.mda.validate.X509ValidationStage"/>
+
+    <bean id="EntityAttributeFilteringStage" abstract="true" parent="stage_parent"
+        class="uk.org.ukfederation.mda.dom.saml.mdattr.EntityAttributeFilteringStage"/>
+
+    <bean id="EntityCategoryMatcher" abstract="true"
+        class="uk.org.ukfederation.mda.dom.saml.mdattr.EntityCategoryMatcher"/>
+
+    <bean id="EntityCategorySupportMatcher" abstract="true"
+        class="uk.org.ukfederation.mda.dom.saml.mdattr.EntityCategorySupportMatcher"/>
+
+    <bean id="MultiPredicateMatcher" abstract="true"
+        class="uk.org.ukfederation.mda.dom.saml.mdattr.MultiPredicateMatcher"/>
+
+    <bean id="RegistrationAuthorityMatcher" abstract="true"
+        class="uk.org.ukfederation.mda.dom.saml.mdattr.RegistrationAuthorityMatcher"/>
 
     <bean id="validator_parent" abstract="true" parent="component_parent"/>
 
@@ -714,6 +736,8 @@
         ***********************************************
     -->
 
+    <bean id="mdui-InformationURL" parent="QName" c:_0-ref="mdui_namespace" c:_1="InformationURL"/>
+
     <bean id="stripMDUIDiscoHints" parent="ElementStrippingStage"
         p:id="stripMDUIDiscoHints"
         p:elementName="DiscoHints"
@@ -988,15 +1012,17 @@
         trimImportElementWhitespace
         
         Trim whitespace from the specified elements in imported
-        entities.  These would often be errors in UK-registered
-        metadata.
+        entities.  These would be errors in UK-registered metadata,
+        but repairing the metadata on the fly is often easier than
+        asking for it to be corrected at source.
     -->
     <bean id="trimImportElementWhitespace" parent="ElementWhitespaceTrimmingStage"
         p:id="trimImportElementWhitespace">
         <property name="elementNames">
             <set>
                 <ref bean="md-NameIDFormat"/>
                 <ref bean="md-OrganizationDisplayName"/>
+                <ref bean="mdui-InformationURL"/>
             </set>
         </property>
     </bean>
@@ -1009,7 +1035,7 @@
         individual entities.
         
         The result is a collection of entities, some of which may be labelled with
-        errors.  No announcement of removal of those entities is performed here;
+        errors.  No announcement or removal of those entities is performed here;
         that is left to the caller.
     -->
     <bean id="standardImportActions" parent="CompositeStage"
@@ -1027,9 +1053,6 @@
                 <ref bean="stripUkfedlabelNamespace"/>
                 <ref bean="stripWayfNamespace"/>
 
-                <!-- Strip all entity attributes from this source. -->
-                <ref bean="stripMdattrNamespace"/>
-
                 <ref bean="cleanImport"/>
                 <ref bean="stripAAMDUI"/>
                 <ref bean="trimImportElementWhitespace"/>

diff --git a/mdx/schema/uk-fed-label.xsd b/mdx/schema/uk-fed-label.xsd
@@ -2,7 +2,7 @@
 <schema xmlns="http://www.w3.org/2001/XMLSchema"
     xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"
     targetNamespace="http://ukfederation.org.uk/2006/11/label"
-    version="2008-06-24"
+    version="2014-07-22"
     elementFormDefault="qualified">
 
     <annotation>
@@ -124,4 +124,13 @@
         </annotation>
     </element>
 
+    <element name="ExportOptOut" type="ukfedlabel:datedLabel">
+        <annotation>
+            <documentation>
+                Indicates that the entity has been opted-out from inclusion in
+                the UK federation export aggregate.
+            </documentation>
+        </annotation>
+    </element>
+
 </schema>
diff --git a/mdx/uk/check_uk_mdrps.xsl b/mdx/uk/check_uk_mdrps.xsl
@@ -37,22 +37,6 @@
 	</xsl:template>
 
 
-	<!--
-        If a UK-registered entity is opted in to the export aggregate, it MUST
-        have a RegistrationPolicy.
-    -->
-	<xsl:template match="md:EntityDescriptor
-		[descendant::mdrpi:RegistrationInfo[@registrationAuthority='http://ukfederation.org.uk']]
-		[md:Extensions/ukfedlabel:ExportOptIn]
-		[not(descendant::mdrpi:RegistrationInfo/mdrpi:RegistrationPolicy)]">
-		<xsl:call-template name="error">
-			<xsl:with-param name="m">
-				<xsl:text>exported entity lacks a RegistrationPolicy</xsl:text>
-			</xsl:with-param>
-		</xsl:call-template>
-	</xsl:template>
-
-
 	<!--
 		Restrict registrationAuthority values for UK federation entities, if present,
 		to previously used MDRPS document URLs.

diff --git a/mdx/uk/check_ukreg.xsl b/mdx/uk/check_ukreg.xsl
@@ -11,6 +11,7 @@
 -->
 <xsl:stylesheet version="1.0"
 	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"
 	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
 
 	xmlns:mdxMail="xalan://uk.ac.sdss.xalan.md.Mail"
@@ -93,4 +94,15 @@
 	</xsl:template>
 
 
+	<!--
+		Check for entities which are both opted in to and opted out from export.
+	-->
+	<xsl:template match="md:EntityDescriptor/md:Extensions[ukfedlabel:ExportOptIn][ukfedlabel:ExportOptOut]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>entity cannot be both opted in to and opted out from export</xsl:text>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
 </xsl:stylesheet>
diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml
@@ -255,6 +255,29 @@
         <property name="stages">
             <list>
                 <ref bean="int_edugain_productionEntities"/>
+
+                <!--
+                    Entity Attribute policy for entities from eduGAIN participants.
+                -->
+                <bean parent="EntityAttributeFilteringStage" p:id="entityAttributes">
+                    <property name="rules">
+                        <list>
+                            <!-- Permit REFEDS R&S category from any eduGAIN participant. -->
+                            <bean parent="EntityCategoryMatcher">
+                                <constructor-arg value="http://refeds.org/category/research-and-scholarship"/>
+                            </bean>
+                            <!-- Permit REFEDS R&S category *support* from any eduGAIN participant. -->
+                            <bean parent="EntityCategorySupportMatcher">
+                                <constructor-arg value="http://refeds.org/category/research-and-scholarship"/>
+                            </bean>
+                            <!-- Permit GÉANT CoC category from any eduGAIN participant. -->
+                            <bean parent="EntityCategoryMatcher">
+                                <constructor-arg value="http://www.geant.net/uri/dataprotection-code-of-conduct/v1"/>
+                            </bean>
+                        </list>
+                    </property>
+                </bean>
+
                 <ref bean="importCommonTail"/>
             </list>
         </property>
@@ -265,6 +288,12 @@
         <property name="stages">
             <list>
                 <ref bean="us_incommon_exportedEntities"/>
+
+                <!--
+                    Entity Attribute policy for entities from the InCommon pilot.
+                -->
+                <ref bean="stripMdattrNamespace"/>
+
                 <ref bean="importCommonTail"/>
                 <ref bean="uk_hide_idps"/>
             </list>

diff --git a/tools/ukf-mda/ukf-mda-0.8.3.jar → tools/ukf-mda/ukf-mda-0.8.4.jar b/tools/ukf-mda/ukf-mda-0.8.3.jar → tools/ukf-mda/ukf-mda-0.8.4.jar
diff --git a/tools/xalan/lib/sdss-xalan-md-1.1.4.jar b/tools/xalan/lib/sdss-xalan-md-1.1.4.jar
diff --git a/tools/xalan/lib/sdss-xalan-md-1.1.5.jar b/tools/xalan/lib/sdss-xalan-md-1.1.5.jar
diff --git a/xml/uk-fed-label.xsd b/xml/uk-fed-label.xsd
@@ -2,7 +2,7 @@
 <schema xmlns="http://www.w3.org/2001/XMLSchema"
     xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"
     targetNamespace="http://ukfederation.org.uk/2006/11/label"
-    version="2008-06-24"
+    version="2014-07-22"
     elementFormDefault="qualified">
 
     <annotation>
@@ -124,4 +124,13 @@
         </annotation>
     </element>
 
+    <element name="ExportOptOut" type="ukfedlabel:datedLabel">
+        <annotation>
+            <documentation>
+                Indicates that the entity has been opted-out from inclusion in
+                the UK federation export aggregate.
+            </documentation>
+        </annotation>
+    </element>
+
 </schema>