Extend Location checks to ResponseLocation

Resolves ukf/ukf-meta#117.
internet2 · Feb 17, 2017 · cfca00b · cfca00b
1 parent 547057d
commit cfca00b
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 2 deletions.
diff --git a/mdx/_rules/check_idp_tls.xsl b/mdx/_rules/check_idp_tls.xsl
@@ -27,10 +27,20 @@
             <xsl:with-param name="m"><xsl:value-of select='local-name()'/> Location does not start with https://</xsl:with-param>
         </xsl:call-template>
     </xsl:template>
+	<xsl:template match="md:IDPSSODescriptor//*[@ResponseLocation and not(starts-with(@ResponseLocation,'https://'))]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m"><xsl:value-of select='local-name()'/> ResponseLocation does not start with https://</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
 	<xsl:template match="md:AttributeAuthorityDescriptor//*[@Location and not(starts-with(@Location,'https://'))]">
 		<xsl:call-template name="error">
 			<xsl:with-param name="m"><xsl:value-of select='local-name()'/> Location does not start with https://</xsl:with-param>
 		</xsl:call-template>
 	</xsl:template>
-
+	<xsl:template match="md:AttributeAuthorityDescriptor//*[@ResponseLocation and not(starts-with(@ResponseLocation,'https://'))]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m"><xsl:value-of select='local-name()'/> ResponseLocation does not start with https://</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
 </xsl:stylesheet>
diff --git a/mdx/_rules/check_misc.xsl b/mdx/_rules/check_misc.xsl
@@ -55,6 +55,19 @@
 	</xsl:template>
 
 
+	<!--
+        @ResponseLocation attributes should not contain space characters.
+        
+        This may be a little strict, and might be better confined to md:* elements.
+        At present, however, this produces no false positives.
+    -->
+	<xsl:template match="*[contains(@ResponseLocation, ' ')]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m"><xsl:value-of select='local-name()'/> ResponseLocation contains space character</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+
 	<!--
 		@Binding attributes should not contain space characters.
 		

diff --git a/mdx/_rules/check_saml2meta.xsl b/mdx/_rules/check_saml2meta.xsl
@@ -81,6 +81,20 @@
 	</xsl:template>
 
 
+	<!--
+        Check for ResponseLocation attributes that aren't valid URLs.
+    -->
+	<xsl:template match="md:*[@ResponseLocation and mdxURL:invalidURL(@ResponseLocation)]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:value-of select='local-name()'/>
+				<xsl:text> ResponseLocation is not a valid URL: </xsl:text>
+				<xsl:value-of select="mdxURL:whyInvalid(@ResponseLocation)"/>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+
 	<!--
 		Check for OrganizationURLs that aren't valid URLs.
 	-->

diff --git a/mdx/_rules/check_sp_tls.xsl b/mdx/_rules/check_sp_tls.xsl
@@ -27,5 +27,10 @@
             <xsl:with-param name="m"><xsl:value-of select='local-name()'/> Location does not start with https://</xsl:with-param>
         </xsl:call-template>
     </xsl:template>
-
+	<xsl:template match="md:SPSSODescriptor//*[@ResponseLocation and not(starts-with(@ResponseLocation,'https://'))]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m"><xsl:value-of select='local-name()'/> ResponseLocation does not start with https://</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
 </xsl:stylesheet>