diff options
| author | Björn Mattsson <bjorn@sunet.se> | 2023-03-06 11:22:05 +0100 |
|---|---|---|
| committer | Björn Mattsson <bjorn@sunet.se> | 2023-03-06 11:22:05 +0100 |
| commit | 467dbdbf3d7212e25ee69daeaadd8adba7c7c5b8 (patch) | |
| tree | d3576d5f2d4b5cc676c0a12ef8f8c3c83b474bf5 /metadata/xslt | |
| parent | bc1d55080e5d42e6ef2bba892d640aa8f68bbc90 (diff) | |
Moved files to make ths repo signed
Diffstat (limited to 'metadata/xslt')
| -rw-r--r-- | metadata/xslt/add-rpi.xsl | 63 | ||||
| -rw-r--r-- | metadata/xslt/check_framework.xsl | 128 | ||||
| -rw-r--r-- | metadata/xslt/check_uk_algorithms.xsl | 195 | ||||
| -rw-r--r-- | metadata/xslt/clean-entitydescriptor.xsl | 30 | ||||
| -rw-r--r-- | metadata/xslt/dbg-summary.xslt | 18 | ||||
| -rw-r--r-- | metadata/xslt/entity_id_list.xslt | 26 | ||||
| -rw-r--r-- | metadata/xslt/extract-idp.xslt | 25 | ||||
| -rw-r--r-- | metadata/xslt/extract-non-idp.xslt | 25 | ||||
| -rw-r--r-- | metadata/xslt/extract-sp.xslt | 25 | ||||
| -rw-r--r-- | metadata/xslt/filter-idp.xslt | 32 | ||||
| -rw-r--r-- | metadata/xslt/full-summary.xslt | 18 | ||||
| -rw-r--r-- | metadata/xslt/idp-list.xslt | 25 | ||||
| -rw-r--r-- | metadata/xslt/idp-summary.xslt | 118 | ||||
| -rw-r--r-- | metadata/xslt/import-metadata.xsl | 83 | ||||
| -rw-r--r-- | metadata/xslt/list-locations.xslt | 21 | ||||
| -rw-r--r-- | metadata/xslt/normalize.xsl | 118 | ||||
| -rw-r--r-- | metadata/xslt/sign-luna-sha256-excl.xsl | 48 | ||||
| -rw-r--r-- | metadata/xslt/sign-luna-sha256.xsl | 48 | ||||
| -rw-r--r-- | metadata/xslt/sign-luna.xsl | 48 | ||||
| -rw-r--r-- | metadata/xslt/sign.xsl | 52 | ||||
| -rw-r--r-- | metadata/xslt/sp-summary.xslt | 134 | ||||
| -rw-r--r-- | metadata/xslt/summary.xslt | 102 |
22 files changed, 1382 insertions, 0 deletions
diff --git a/metadata/xslt/add-rpi.xsl b/metadata/xslt/add-rpi.xsl new file mode 100644 index 00000000..0740b06d --- /dev/null +++ b/metadata/xslt/add-rpi.xsl @@ -0,0 +1,63 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsl:stylesheet version="1.0" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" + xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="md:EntityDescriptor"> + <md:EntityDescriptor> + <xsl:apply-templates select="@*"/> + <xsl:if test="not(md:Extensions)"> + <md:Extensions><xsl:call-template name="add-swamid-ri"/></md:Extensions> + </xsl:if> + <xsl:apply-templates select="text()|comment()|md:Extensions|md:RoleDescriptor|md:IDPSSODescriptor|md:SPSSODescriptor|md:AuthnAuthorityDescriptor|md:AttributeAuthorityDescriptor|md:PDPDescriptor|md:AffiliationDescriptor"/> + <xsl:apply-templates select="md:Organization"/> + <xsl:apply-templates select="md:ContactPerson"/> + <xsl:apply-templates select="md:AdditionalMetadataLocation"/> + </md:EntityDescriptor> + </xsl:template> + + <xsl:template match="md:EntityDescriptor/md:Extensions"> + <md:Extensions> + <xsl:call-template name="add-swamid-ri"/> + <xsl:apply-templates select="text()|comment()|node()"/> + </md:Extensions> + </xsl:template> + + <xsl:template name="add-swamid-ri"> + <xsl:if test="not(mdrpi:RegistrationInfo[@registrationAuthority])"> + <mdrpi:RegistrationInfo> + <xsl:attribute name="registrationAuthority">http://www.swamid.se/</xsl:attribute> + <xsl:attribute name="registrationInstant"><xsl:value-of select="$regDate"/></xsl:attribute> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + </xsl:if> + </xsl:template> + + <xsl:template match="@xml:base|@ID|@validUntil|@cacheDuration"/> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/check_framework.xsl b/metadata/xslt/check_framework.xsl new file mode 100644 index 00000000..f4e8d017 --- /dev/null +++ b/metadata/xslt/check_framework.xsl @@ -0,0 +1,128 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + + check_framework.xsl + + XSL stylesheet providing a framework for use by rule checking files. + + Author: Ian A. Young <ian@iay.org.uk> + +--> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + + <!-- + The stylesheet output will be a text file, which will probably be thrown + away in any case. The real output from the check is sent using the + xsl:message element. + --> + <xsl:output method="text"/> + + + <!-- + Common template to call to report an error on some element within an entity. + --> + <xsl:template name="error"> + <xsl:param name="m"/> + <xsl:variable name="entity" select="ancestor-or-self::md:EntityDescriptor"/> + <xsl:message terminate='no'> + <xsl:text>[ERROR] </xsl:text> + <!-- + If we're processing an aggregate, we need to indicate which + individual entity we're dealing with. + --> + <xsl:if test="ancestor-or-self::md:EntitiesDescriptor"> + <!-- + Use an ID if available, otherwise the entityID. + --> + <xsl:choose> + <xsl:when test="$entity/@ID"> + <xsl:value-of select="$entity/@ID"/> + </xsl:when> + <xsl:otherwise> + <xsl:value-of select="$entity/@entityID"/> + </xsl:otherwise> + </xsl:choose> + <xsl:text>: </xsl:text> + </xsl:if> + <xsl:value-of select="$m"/> + </xsl:message> + </xsl:template> + + + <!-- + Common template to call to report a warning on some element within an entity. + --> + <xsl:template name="warning"> + <xsl:param name="m"/> + <xsl:variable name="entity" select="ancestor-or-self::md:EntityDescriptor"/> + <xsl:message terminate='no'> + <xsl:text>[WARN] </xsl:text> + <!-- + If we're processing an aggregate, we need to indicate which + individual entity we're dealing with. + --> + <xsl:if test="ancestor-or-self::md:EntitiesDescriptor"> + <!-- + Use an ID if available, otherwise the entityID. + --> + <xsl:choose> + <xsl:when test="$entity/@ID"> + <xsl:value-of select="$entity/@ID"/> + </xsl:when> + <xsl:otherwise> + <xsl:value-of select="$entity/@entityID"/> + </xsl:otherwise> + </xsl:choose> + <xsl:text>: </xsl:text> + </xsl:if> + <xsl:value-of select="$m"/> + </xsl:message> + </xsl:template> + + + <!-- + Common template to call to report an informational message on some element within an entity. + --> + <xsl:template name="info"> + <xsl:param name="m"/> + <xsl:variable name="entity" select="ancestor-or-self::md:EntityDescriptor"/> + <xsl:message terminate='no'> + <xsl:text>[INFO] </xsl:text> + <!-- + If we're processing an aggregate, we need to indicate which + individual entity we're dealing with. + --> + <xsl:if test="ancestor-or-self::md:EntitiesDescriptor"> + <!-- + Use an ID if available, otherwise the entityID. + --> + <xsl:choose> + <xsl:when test="$entity/@ID"> + <xsl:value-of select="$entity/@ID"/> + </xsl:when> + <xsl:otherwise> + <xsl:value-of select="$entity/@entityID"/> + </xsl:otherwise> + </xsl:choose> + <xsl:text>: </xsl:text> + </xsl:if> + <xsl:value-of select="$m"/> + </xsl:message> + </xsl:template> + + + <!-- Recurse down through all elements by default. --> + <xsl:template match="*"> + <xsl:apply-templates select="node()|@*"/> + </xsl:template> + + + <!-- Discard text blocks, comments and attributes by default. --> + <xsl:template match="text()|comment()|@*"> + <!-- do nothing --> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/check_uk_algorithms.xsl b/metadata/xslt/check_uk_algorithms.xsl new file mode 100644 index 00000000..0a4c024f --- /dev/null +++ b/metadata/xslt/check_uk_algorithms.xsl @@ -0,0 +1,195 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + + check_uk_algorithms.xsl + + Checking ruleset for cryptographic algorithms. This is named as a UK + ruleset because the division between acceptable and unacceptable algorithms + is sometimes a judgement call; however, it should be generally + applicable. + + The best reference for *all* URIs used as algorithm identifiers is the + XML Security Algorithm Cross-Reference at http://www.w3.org/TR/xmlsec-algorithms/ + Algorithm lists here are in the same order as in that document. + + Author: Ian A. Young <ian@iay.org.uk> +--> +<xsl:stylesheet version="1.0" + xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + <!-- + Common support functions. + --> + <xsl:import href="check_framework.xsl"/> + + <!-- + ************************************* + *** *** + *** S I G N I N G M E T H O D *** + *** *** + ************************************* + --> + + <!-- + Check for known BAD SigningMethod algorithms. + --> + <xsl:template match="alg:SigningMethod[ + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5' + ]"> + <xsl:call-template name="error"> + <xsl:with-param name="m"> + <xsl:text>insecure algorithm in SigningMethod: '</xsl:text> + <xsl:value-of select="@Algorithm"/> + <xsl:text>'</xsl:text> + </xsl:with-param> + </xsl:call-template> + </xsl:template> + + <!-- + Check for known GOOD SigningMethod algorithms. + --> + <xsl:template match="alg:SigningMethod[ + @Algorithm = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' or + @Algorithm = 'http://www.w3.org/2009/xmldsig11#dsa-sha256' or + @Algorithm = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512' + ]"> + <!-- do nothing --> + </xsl:template> + + <!-- + Misspelled or otherwise not known SigningMethod algorithms. + --> + <xsl:template match="alg:SigningMethod"> + <xsl:call-template name="error"> + <xsl:with-param name="m"> + <xsl:text>unknown algorithm in SigningMethod: '</xsl:text> + <xsl:value-of select="@Algorithm"/> + <xsl:text>'</xsl:text> + </xsl:with-param> + </xsl:call-template> + </xsl:template> + + <!-- + *********************************** + *** *** + *** D I G E S T M E T H O D *** + *** *** + *********************************** + --> + + <!-- + Check for known BAD DigestMethod algorithms. + --> + <xsl:template match="alg:DigestMethod[ + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#md5' + ]"> + <xsl:call-template name="error"> + <xsl:with-param name="m"> + <xsl:text>insecure algorithm in DigestMethod: '</xsl:text> + <xsl:value-of select="@Algorithm"/> + <xsl:text>'</xsl:text> + </xsl:with-param> + </xsl:call-template> + </xsl:template> + + <!-- + Check for known GOOD DigestMethod algorithms. + --> + <xsl:template match="alg:DigestMethod[ + @Algorithm = 'http://www.w3.org/2000/09/xmldsig#sha1' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#sha224' or + @Algorithm = 'http://www.w3.org/2001/04/xmlenc#sha256' or + @Algorithm = 'http://www.w3.org/2001/04/xmldsig-more#sha384' or + @Algorithm = 'http://www.w3.org/2001/04/xmlenc#sha512' or + @Algorithm = 'http://www.w3.org/2001/04/xmlenc#ripemd160' + ]"> + <!-- do nothing --> + </xsl:template> + + <!-- + Misspelled or otherwise not known DigestMethod algorithms. + --> + <xsl:template match="alg:DigestMethod"> + <xsl:call-template name="error"> + <xsl:with-param name="m"> + <xsl:text>unknown algorithm in DigestMethod: '</xsl:text> + <xsl:value-of select="@Algorithm"/> + <xsl:text>'</xsl:text> + </xsl:with-param> + </xsl:call-template> + </xsl:template> + + <!-- + ******************************************* + *** *** + *** E N C R Y P T I O N M E T H O D *** + *** *** + ******************************************* + --> + + <!-- + Check for known BAD EncryptionMethod algorithms. + + This list is of symmetric key encryption algorithms *and* + key transport algorithms. + --> + <xsl:template match="md:EncryptionMethod[ + @Algorithm = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' + ]"> + <xsl:call-template name="error"> + <xsl:with-param name="m"> + <xsl:text>insecure algorithm in EncryptionMethod: '</xsl:text> + <xsl:value-of select="@Algorithm"/> + <xsl:text>'</xsl:text> + </xsl:with-param> + </xsl:call-template> + </xsl:template> + + <!-- + Check for known GOOD EncryptionMethod algorithms. + + This list is of symmetric key encryption algorithms *and* + key transport algorithms. + --> + <xsl:template match="md:EncryptionMethod[ + @Algorithm = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' or + @Algorithm = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' or + @Algorithm = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' or + @Algorithm = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' or + @Algorithm = 'http://www.w3.org/2009/xmlenc11#aes128-gcm' or + @Algorithm = 'http://www.w3.org/2009/xmlenc11#aes192-gcm' or + @Algorithm = 'http://www.w3.org/2009/xmlenc11#aes256-gcm' or + @Algorithm = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' or + @Algorithm = 'http://www.w3.org/2009/xmlenc11#rsa-oaep' + ]"> + <!-- do nothing --> + </xsl:template> + + <!-- + Misspelled or otherwise not known EncryptionMethod algorithms. + --> + <xsl:template match="md:EncryptionMethod"> + <xsl:call-template name="error"> + <xsl:with-param name="m"> + <xsl:text>unknown algorithm in EncryptionMethod: '</xsl:text> + <xsl:value-of select="@Algorithm"/> + <xsl:text>'</xsl:text> + </xsl:with-param> + </xsl:call-template> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/clean-entitydescriptor.xsl b/metadata/xslt/clean-entitydescriptor.xsl new file mode 100644 index 00000000..c1c31df9 --- /dev/null +++ b/metadata/xslt/clean-entitydescriptor.xsl @@ -0,0 +1,30 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xi="http://www.w3.org/2001/XInclude" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + <xsl:param name="indent-increment" select="' '"/> + <xsl:strip-space elements="*" /> + + <xsl:template match="@ID"/> + <xsl:template match="@validUntil"/> + <xsl:template match="@cacheDuration"/> + <xsl:template match="ds:Signature"/> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/dbg-summary.xslt b/metadata/xslt/dbg-summary.xslt new file mode 100644 index 00000000..2550ae03 --- /dev/null +++ b/metadata/xslt/dbg-summary.xslt @@ -0,0 +1,18 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:import href="summary.xslt"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <xsl:apply-templates select="md:EntityDescriptor"/> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/entity_id_list.xslt b/metadata/xslt/entity_id_list.xslt new file mode 100644 index 00000000..bda1bb76 --- /dev/null +++ b/metadata/xslt/entity_id_list.xslt @@ -0,0 +1,26 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:xi="http://www.w3.org/2001/XInclude" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="text" indent="yes" encoding="UTF-8"/> + + <xsl:template match="md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="md:EntityDescriptor"/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <xsl:text>- </xsl:text><xsl:value-of select="@entityID"/><xsl:text> +</xsl:text> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/extract-idp.xslt b/metadata/xslt/extract-idp.xslt new file mode 100644 index 00000000..4858876f --- /dev/null +++ b/metadata/xslt/extract-idp.xslt @@ -0,0 +1,25 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:xi="http://www.w3.org/2001/XInclude" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="md:EntityDescriptor[md:IDPSSODescriptor]|md:EntityDescriptor[md:AttributeAuthorityDescriptor]"/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <xi:include><xsl:attribute name="href"><xsl:value-of select="@xml:base"/></xsl:attribute></xi:include> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/extract-non-idp.xslt b/metadata/xslt/extract-non-idp.xslt new file mode 100644 index 00000000..b12c587c --- /dev/null +++ b/metadata/xslt/extract-non-idp.xslt @@ -0,0 +1,25 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:xi="http://www.w3.org/2001/XInclude" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="md:EntityDescriptor[not(md:IDPSSODescriptor)]"/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <xi:include><xsl:attribute name="href"><xsl:value-of select="@xml:base"/></xsl:attribute></xi:include> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/extract-sp.xslt b/metadata/xslt/extract-sp.xslt new file mode 100644 index 00000000..058504e3 --- /dev/null +++ b/metadata/xslt/extract-sp.xslt @@ -0,0 +1,25 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:xi="http://www.w3.org/2001/XInclude" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="md:EntityDescriptor[md:SPSSODescriptor]"/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <xi:include><xsl:attribute name="href"><xsl:value-of select="@xml:base"/></xsl:attribute></xi:include> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/filter-idp.xslt b/metadata/xslt/filter-idp.xslt new file mode 100644 index 00000000..868bc1a2 --- /dev/null +++ b/metadata/xslt/filter-idp.xslt @@ -0,0 +1,32 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:xi="http://www.w3.org/2001/XInclude" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="md:EntityDescriptor[md:IDPSSODescriptor]"/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + + +</xsl:stylesheet> diff --git a/metadata/xslt/full-summary.xslt b/metadata/xslt/full-summary.xslt new file mode 100644 index 00000000..bf127dfa --- /dev/null +++ b/metadata/xslt/full-summary.xslt @@ -0,0 +1,18 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:import href="http://mds.swamid.se/xslt/summary.xslt"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <xsl:apply-templates select="md:EntityDescriptor"/> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/idp-list.xslt b/metadata/xslt/idp-list.xslt new file mode 100644 index 00000000..0d18be8a --- /dev/null +++ b/metadata/xslt/idp-list.xslt @@ -0,0 +1,25 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:xi="http://www.w3.org/2001/XInclude" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="md:EntityDescriptor[md:IDPSSODescriptor]"/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <xi:include><xsl:attribute name="href"><xsl:value-of select="@xml:base"/></xsl:attribute></xi:include> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/idp-summary.xslt b/metadata/xslt/idp-summary.xslt new file mode 100644 index 00000000..cc5a5f16 --- /dev/null +++ b/metadata/xslt/idp-summary.xslt @@ -0,0 +1,118 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" + xmlns:remd="http://refeds.org/metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="text"/> + <xsl:variable name="eol"> +<xsl:text>|</xsl:text><xsl:text> +</xsl:text> + </xsl:variable> + + <xsl:template name="entity-name"> + <xsl:variable name="h"><xsl:value-of select="substring-after(@entityID,'://')"/></xsl:variable> + <xsl:if test="contains($h,'/')"> + <xsl:value-of select="substring-before($h,'/')"/> + </xsl:if> + <xsl:if test="not(contains($h,'/'))"> + <xsl:value-of select="$h"/> + </xsl:if> + </xsl:template> + + <xsl:template match="/md:EntitiesDescriptor"> + <xsl:text>||EntityID||Organization||Technical Contact||Support Contact||Security Contact||Administrative Contact||Scopes||Entity category support||Assurance Certification||Registration Authority|| +</xsl:text> + <xsl:apply-templates select="md:EntityDescriptor[md:IDPSSODescriptor]"/> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <xsl:text> | </xsl:text><xsl:value-of select="@entityID"/><xsl:text> </xsl:text> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:Organization"/><xsl:text> </xsl:text> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:ContactPerson[@contactType='technical']"/><xsl:text> </xsl:text> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:ContactPerson[@contactType='support']"/><xsl:text> </xsl:text> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:ContactPerson[@remd:contactType='http://refeds.org/metadata/contactType/security']"/><xsl:text> </xsl:text> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:ContactPerson[@contactType='administrative']"/><xsl:text> </xsl:text> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:IDPSSODescriptor"/><xsl:text> </xsl:text> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:Extensions/mdattr:EntityAttributes/samla:Attribute[@Name='http://macedir.org/entity-category-support']/samla:AttributeValue"/><xsl:text> </xsl:text> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:Extensions/mdattr:EntityAttributes/samla:Attribute[@Name='urn:oasis:names:tc:SAML:attribute:assurance-certification']/samla:AttributeValue"/><xsl:text> </xsl:text> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:Extensions/mdrpi:RegistrationInfo"/> + <xsl:text> | +</xsl:text> + </xsl:template> + + <xsl:template match="mdrpi:RegistrationInfo"> + <xsl:value-of select="@registrationAuthority"/><xsl:text> </xsl:text> + </xsl:template> + + <xsl:template match="md:ContactPerson"> + <xsl:apply-templates select="md:EmailAddress"/> + </xsl:template> + + <xsl:template match="md:Organization"> + <xsl:text>[</xsl:text> + <xsl:apply-templates select="md:OrganizationDisplayName[1]"/><xsl:text>|</xsl:text><xsl:apply-templates select="md:OrganizationURL[1]"/><xsl:text>]</xsl:text> + </xsl:template> + + <xsl:template match="md:IDPSSODescriptor"> + <xsl:apply-templates select="md:Extensions/shibmd:Scope"/> + </xsl:template> + + <xsl:template match="md:EmailAddress"> + <xsl:value-of select="normalize-space(text())"/><xsl:text> </xsl:text><xsl:text> \\</xsl:text> + </xsl:template> + + <xsl:template match="md:OrganizationDisplayName"> + <xsl:value-of select="normalize-space(text())"/><xsl:text> </xsl:text> + </xsl:template> + + <xsl:template match="md:OrganizationURL"> + <xsl:value-of select="normalize-space(text())"/><xsl:text> </xsl:text> + </xsl:template> + + <xsl:template match="shibmd:Scope"> + <xsl:value-of select="text()"/><xsl:text> </xsl:text> + </xsl:template> + + <xsl:template match="samla:AttributeValue"> + <xsl:call-template name="string-replace-all"> + <xsl:with-param name="text" select="text()" /> + <xsl:with-param name="replace" select="'-'" /> + <xsl:with-param name="by" select="'-'" /> + </xsl:call-template> + <xsl:text> \\</xsl:text> + </xsl:template> + + <xsl:template match="*"/> + <xsl:template match="text()"/> + + <xsl:template name="string-replace-all"> + <xsl:param name="text" /> + <xsl:param name="replace" /> + <xsl:param name="by" /> + <xsl:choose> + <xsl:when test="contains($text, $replace)"> + <xsl:value-of select="substring-before($text,$replace)" /> + <xsl:value-of select="$by" /> + <xsl:call-template name="string-replace-all"> + <xsl:with-param name="text" select="substring-after($text,$replace)" /> + <xsl:with-param name="replace" select="$replace" /> + <xsl:with-param name="by" select="$by" /> + </xsl:call-template> + </xsl:when> + <xsl:otherwise> + <xsl:value-of select="$text" /> + </xsl:otherwise> + </xsl:choose> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/import-metadata.xsl b/metadata/xslt/import-metadata.xsl new file mode 100644 index 00000000..2edf7ed2 --- /dev/null +++ b/metadata/xslt/import-metadata.xsl @@ -0,0 +1,83 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template name="string-replace-all"> + <xsl:param name="text" /> + <xsl:param name="replace" /> + <xsl:param name="by" /> + <xsl:choose> + <xsl:when test="contains($text, $replace)"> + <xsl:value-of select="substring-before($text,$replace)" /> + <xsl:value-of select="$by" /> + <xsl:call-template name="string-replace-all"> + <xsl:with-param name="text" select="substring-after($text,$replace)" /> + <xsl:with-param name="replace" select="$replace" /> + <xsl:with-param name="by" select="$by" /> + </xsl:call-template> + </xsl:when> + <xsl:otherwise> + <xsl:value-of select="$text" /> + </xsl:otherwise> + </xsl:choose> + </xsl:template> + + <xsl:template match="/md:EntitiesDescriptor"> + <xsl:apply-templates select="md:EntityDescriptor"> + <!-- xsl:with-param name="output"><xsl:value-of select="$output"/></xsl:with-param --> + </xsl:apply-templates> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <!-- xsl:param name="output"/ --> + <xsl:variable name="uri"> + <xsl:choose> + <xsl:when test="contains(@entityID,'://')"> + <xsl:value-of select="substring-after(@entityID,'://')"/> + </xsl:when> + <xsl:otherwise><xsl:value-of select="@entityID"/></xsl:otherwise> + </xsl:choose> + </xsl:variable> + + <xsl:variable name="hostStr"> + <xsl:call-template name="string-replace-all"> + <xsl:with-param name="text" select="$uri" /> + <xsl:with-param name="replace" select="'%2F'" /> + <xsl:with-param name="by" select="'/'" /> + </xsl:call-template> + </xsl:variable> + + <xsl:variable name="host"> + <xsl:value-of select="normalize-space(translate($hostStr,'/?=:','----'))"/> + </xsl:variable> + <xsl:variable name="file" select="concat($output,'/',$host,'.xml')"/> + <exsl:document method="xml" indent="yes" href="{$file}"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </exsl:document> + </xsl:template> + + <xsl:template match="@ID"/> + <xsl:template match="ds:Signature"/> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/list-locations.xslt b/metadata/xslt/list-locations.xslt new file mode 100644 index 00000000..fd22fac3 --- /dev/null +++ b/metadata/xslt/list-locations.xslt @@ -0,0 +1,21 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:xi="http://www.w3.org/2001/XInclude" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="text"/> + + <xsl:template match="//*[@Location]"> + <xsl:value-of select="@Location"/><xsl:text> +</xsl:text> + </xsl:template> + <xsl:template match="text()"/> + +</xsl:stylesheet> diff --git a/metadata/xslt/normalize.xsl b/metadata/xslt/normalize.xsl new file mode 100644 index 00000000..f3c086ac --- /dev/null +++ b/metadata/xslt/normalize.xsl @@ -0,0 +1,118 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsl:stylesheet version="1.0" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:exsl="http://exslt.org/common" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <xsl:if test="$tou='true'"><xsl:comment> + + IMPORTANT NOTICE: READ CAREFULLY + +You are reading this because You wish to use the technical information (the “Metadata”) +published on behalf of the Registrars. These Terms of Access and Use (these “Terms”) govern +the use of the Metadata. By accessing or using the Metadata You accept that the access and +use will be on and subject to these Terms. These Terms will be binding and enforceable on +You as contractual obligations. + +The SWAMID Metadata Terms of Access and Use can be found here: + +- http://mds.swamid.se/md/swamid-tou-sv.txt Swedish version - Legally Binding! +- http://mds.swamid.se/md/swamid-tou-en.txt English version - Non-normative translation + +If You do not accept these Terms, then You must not continue to use this Metadata. + + </xsl:comment></xsl:if> + <md:EntitiesDescriptor> + <xsl:attribute name="ID"><xsl:value-of select="$ID"/></xsl:attribute> + <xsl:attribute name="Name"> + <xsl:choose> + <xsl:when test="$target"><xsl:value-of select="$target"/></xsl:when> + <xsl:otherwise><xsl:value-of select="@Name"/></xsl:otherwise> + </xsl:choose> + </xsl:attribute> + <xsl:if test="@cacheDuration"> + <xsl:attribute name="cacheDuration"><xsl:value-of select="@cacheDuration"/></xsl:attribute> + </xsl:if> + <xsl:if test="@validUntil"> + <xsl:attribute name="validUntil"><xsl:value-of select="$date"/></xsl:attribute> + </xsl:if> + <xsl:if test="$target"> + <md:Extensions><xsl:call-template name="add-swamid-pi"/></md:Extensions> + </xsl:if> + <xsl:apply-templates/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <xsl:variable name="path"><xsl:value-of select="substring-after(@entityID,'://')"/></xsl:variable> + <xsl:variable name="host"> + <xsl:if test="contains($path,'/')"> + <xsl:value-of select="substring-before($path,'/')"/> + </xsl:if> + <xsl:if test="not(contains($path,'/'))"> + <xsl:value-of select="$path"/> + </xsl:if> + </xsl:variable> + <xsl:variable name="domain"> + <xsl:value-of select="substring-after($host,'.')"/> + </xsl:variable> + <md:EntityDescriptor> + <xsl:apply-templates select="@*"/> + <xsl:if test="$rpi='true' and not(md:Extensions)"> + <md:Extensions><xsl:call-template name="add-swamid-ri"/></md:Extensions> + </xsl:if> + <xsl:apply-templates select="text()|comment()|md:Extensions|md:RoleDescriptor|md:IDPSSODescriptor|md:SPSSODescriptor|md:AuthnAuthorityDescriptor|md:AttributeAuthorityDescriptor|md:PDPDescriptor|md:AffiliationDescriptor"/> + <xsl:apply-templates select="md:Organization"/> + <xsl:if test="$defaultContact='true' and not(md:ContactPerson)"> + <md:ContactPerson contactType="technical"><md:EmailAddress>operations@swamid.se</md:EmailAddress></md:ContactPerson> + </xsl:if> + <xsl:apply-templates select="md:ContactPerson"/> + <xsl:apply-templates select="md:AdditionalMetadataLocation"/> + </md:EntityDescriptor> + </xsl:template> + + <xsl:template match="md:EntityDescriptor/md:Extensions"> + <md:Extensions> + <xsl:call-template name="add-swamid-ri"/> + <xsl:apply-templates select="text()|comment()|node()"/> + </md:Extensions> + </xsl:template> + + <xsl:template name="add-swamid-ri"> + <xsl:if test="$rpi='true' and not(mdrpi:RegistrationInfo[@registrationAuthority])"> + <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/"> + <mdrpi:RegistrationPolicy xml:lang="en">http://swamid.se/policy/mdrps</mdrpi:RegistrationPolicy> + </mdrpi:RegistrationInfo> + </xsl:if> + </xsl:template> + + <xsl:template name="add-swamid-pi"> + <mdrpi:PublicationInfo> + <xsl:attribute name="creationInstant"><xsl:value-of select="$now"/></xsl:attribute> + <xsl:attribute name="publisher"><xsl:value-of select="$target"/></xsl:attribute> + <mdrpi:UsagePolicy xml:lang="en">https://mds.swamid.se/md/swamid-tou-en.txt</mdrpi:UsagePolicy> + </mdrpi:PublicationInfo> + </xsl:template> + + <xsl:template match="@xml:base|@ID|@validUntil|@cacheDuration"/> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/sign-luna-sha256-excl.xsl b/metadata/xslt/sign-luna-sha256-excl.xsl new file mode 100644 index 00000000..08e48270 --- /dev/null +++ b/metadata/xslt/sign-luna-sha256-excl.xsl @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsl:stylesheet version="1.0" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:exsl="http://exslt.org/common" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="@*|text()|comment()"/> + <ds:Signature> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> + <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> + <ds:Reference> + <xsl:attribute name="URI"><xsl:text>#</xsl:text><xsl:value-of select="@ID"/></xsl:attribute> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> + <ds:DigestValue></ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue/> + </ds:Signature> + <xsl:apply-templates/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/sign-luna-sha256.xsl b/metadata/xslt/sign-luna-sha256.xsl new file mode 100644 index 00000000..293bb96d --- /dev/null +++ b/metadata/xslt/sign-luna-sha256.xsl @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsl:stylesheet version="1.0" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:exsl="http://exslt.org/common" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="@*|text()|comment()"/> + <ds:Signature> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> + <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> + <ds:Reference> + <xsl:attribute name="URI"><xsl:text>#</xsl:text><xsl:value-of select="@ID"/></xsl:attribute> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> + <ds:DigestValue></ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue/> + </ds:Signature> + <xsl:apply-templates/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/sign-luna.xsl b/metadata/xslt/sign-luna.xsl new file mode 100644 index 00000000..48364512 --- /dev/null +++ b/metadata/xslt/sign-luna.xsl @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsl:stylesheet version="1.0" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:exsl="http://exslt.org/common" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="@*|text()|comment()"/> + <ds:Signature> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> + <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> + <ds:Reference> + <xsl:attribute name="URI"><xsl:text>#</xsl:text><xsl:value-of select="@ID"/></xsl:attribute> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <ds:DigestValue></ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue/> + </ds:Signature> + <xsl:apply-templates/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/sign.xsl b/metadata/xslt/sign.xsl new file mode 100644 index 00000000..51d2492a --- /dev/null +++ b/metadata/xslt/sign.xsl @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsl:stylesheet version="1.0" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:exsl="http://exslt.org/common" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="xml" indent="yes" encoding="UTF-8"/> + + <xsl:template match="/md:EntitiesDescriptor"> + <md:EntitiesDescriptor> + <xsl:apply-templates select="@*|text()|comment()"/> + <ds:Signature> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> + <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> + <ds:Reference> + <xsl:attribute name="URI"><xsl:text>#</xsl:text><xsl:value-of select="@ID"/></xsl:attribute> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <ds:DigestValue></ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue/> + <ds:KeyInfo> + <ds:X509Data> + </ds:X509Data> + </ds:KeyInfo> + </ds:Signature> + <xsl:apply-templates/> + </md:EntitiesDescriptor> + </xsl:template> + + <xsl:template match="text()|comment()|@*"> + <xsl:copy/> + </xsl:template> + + <xsl:template match="*"> + <xsl:copy> + <xsl:apply-templates select="node()|@*"/> + </xsl:copy> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/sp-summary.xslt b/metadata/xslt/sp-summary.xslt new file mode 100644 index 00000000..e630c954 --- /dev/null +++ b/metadata/xslt/sp-summary.xslt @@ -0,0 +1,134 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" + xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="text"/> + <xsl:variable name="eol"> +<xsl:text>|</xsl:text><xsl:text> +</xsl:text> + </xsl:variable> + + <xsl:template name="entity-name"> + <xsl:variable name="h"><xsl:value-of select="substring-after(@entityID,'://')"/></xsl:variable> + <xsl:if test="contains($h,'/')"> + <xsl:value-of select="substring-before($h,'/')"/> + </xsl:if> + <xsl:if test="not(contains($h,'/'))"> + <xsl:value-of select="$h"/> + </xsl:if> + </xsl:template> + + <xsl:template match="/md:EntitiesDescriptor"> + <xsl:text>||EntityID||Service Name||Organization||Contacts||Entity Categories||Assurance Certification||Registration Authority|| +</xsl:text> + <xsl:apply-templates select="md:EntityDescriptor[md:SPSSODescriptor]"/> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <xsl:text> | </xsl:text><xsl:value-of select="@entityID"/> + <xsl:text> | </xsl:text> + <xsl:apply-templates select="md:SPSSODescriptor/md:AttributeConsumingService/md:ServiceName"/><xsl:text> \\ </xsl:text> + <xsl:apply-templates select="md:SPSSODescriptor/md:AttributeConsumingService/md:ServiceDescription"/> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:Organization"/> + <xsl:text> | </xsl:text> + <xsl:apply-templates select="md:ContactPerson[@contactType='technical']"/> + <xsl:apply-templates select="md:ContactPerson[@contactType='administrative']"/> + <xsl:apply-templates select="md:ContactPerson[@contactType='support']"/> + <xsl:apply-templates select="md:ContactPerson[@contactType='other']"/> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:Extensions/mdattr:EntityAttributes/samla:Attribute[@Name='http://macedir.org/entity-category']/samla:AttributeValue"/> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:Extensions/mdattr:EntityAttributes/samla:Attribute[@Name='urn:oasis:names:tc:SAML:attribute:assurance-certification']/samla:AttributeValue"/><xsl:text> </xsl:text> + <xsl:text> | </xsl:text><xsl:apply-templates select="md:Extensions/mdrpi:RegistrationInfo"/> + <xsl:text> | +</xsl:text> + </xsl:template> + + <xsl:template match="mdrpi:RegistrationInfo"> + <xsl:value-of select="@registrationAuthority"/><xsl:text> </xsl:text> + </xsl:template> + + <xsl:template match="md:AttributeConsumingService"> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="md:ServiceName|md:ServiceDescription"> + <xsl:call-template name="string-replace-all"> + <xsl:with-param name="text" select="text()" /> + <xsl:with-param name="replace" select="'|'" /> + <xsl:with-param name="by" select="'\|'" /> + </xsl:call-template> + </xsl:template> + + <xsl:template match="samla:AttributeValue"> + <xsl:call-template name="string-replace-all"> + <xsl:with-param name="text" select="text()" /> + <xsl:with-param name="replace" select="'-'" /> + <xsl:with-param name="by" select="'-'" /> + </xsl:call-template> + <xsl:text> \\</xsl:text> + </xsl:template> + + <xsl:template match="md:ContactPerson"> + <xsl:value-of select="@contactType"/><xsl:text>: </xsl:text><xsl:apply-templates select="md:EmailAddress"/> + </xsl:template> + + <xsl:template match="md:Organization"> + <xsl:text>[</xsl:text> + <xsl:apply-templates select="md:OrganizationDisplayName[1]"/><xsl:text>|</xsl:text> + <xsl:apply-templates select="md:OrganizationURL[1]"/><xsl:text>]</xsl:text> + </xsl:template> + + <xsl:template match="md:SPPSSODescriptor"> + <xsl:apply-templates select="md:Extensions/shibmd:Scope"/> + </xsl:template> + + <xsl:template match="md:EmailAddress"> + <xsl:text>[</xsl:text><xsl:value-of select="text()"/><xsl:text>] \\</xsl:text> + </xsl:template> + + <xsl:template match="md:OrganizationDisplayName"> + <xsl:value-of select="normalize-space(text())"/> + </xsl:template> + + <xsl:template match="md:OrganizationURL"> + <xsl:value-of select="normalize-space(text())"/> + </xsl:template> + + <xsl:template match="shibmd:Scope"> + <xsl:value-of select="text()"/><xsl:text> </xsl:text> + </xsl:template> + + + <xsl:template match="*"/> + <xsl:template match="text()"/> + + <xsl:template name="string-replace-all"> + <xsl:param name="text" /> + <xsl:param name="replace" /> + <xsl:param name="by" /> + <xsl:choose> + <xsl:when test="contains($text, $replace)"> + <xsl:value-of select="substring-before($text,$replace)" /> + <xsl:value-of select="$by" /> + <xsl:call-template name="string-replace-all"> + <xsl:with-param name="text" select="substring-after($text,$replace)" /> + <xsl:with-param name="replace" select="$replace" /> + <xsl:with-param name="by" select="$by" /> + </xsl:call-template> + </xsl:when> + <xsl:otherwise> + <xsl:value-of select="$text" /> + </xsl:otherwise> + </xsl:choose> + </xsl:template> + +</xsl:stylesheet> diff --git a/metadata/xslt/summary.xslt b/metadata/xslt/summary.xslt new file mode 100644 index 00000000..05152d13 --- /dev/null +++ b/metadata/xslt/summary.xslt @@ -0,0 +1,102 @@ +<?xml version="1.0"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"> + + <xsl:output method="text"/> + <xsl:variable name="eol"> +<xsl:text>|</xsl:text><xsl:text> +</xsl:text> + </xsl:variable> + + <xsl:template name="entity-name"> + <xsl:variable name="h"><xsl:value-of select="substring-after(@entityID,'://')"/></xsl:variable> + <xsl:if test="contains($h,'/')"> + <xsl:value-of select="substring-before($h,'/')"/> + </xsl:if> + <xsl:if test="not(contains($h,'/'))"> + <xsl:value-of select="$h"/> + </xsl:if> + </xsl:template> + + <xsl:template match="md:EntityDescriptor"> + <xsl:text>h2. </xsl:text><xsl:call-template name="entity-name"/><xsl:text> +</xsl:text> + <xsl:text>||EntityID|</xsl:text><xsl:value-of select="@entityID"/><xsl:value-of select="$eol"/> + <xsl:apply-templates select="md:IDPSSODescriptor"/> + <xsl:apply-templates select="md:SPSSODescriptor"/> + <xsl:apply-templates select="md:Organization"/> + <xsl:apply-templates select="md:ContactPerson"/> + <xsl:text> +</xsl:text> + <xsl:apply-templates select="md:SPSSODescriptor/md:AttributeConsumingService"/><xsl:text> +</xsl:text> + <xsl:text>[Supplemental documentation|</xsl:text><xsl:call-template name="entity-name"/><xsl:text>] +</xsl:text> + <xsl:text> +</xsl:text> + </xsl:template> + + <xsl:template match="md:ContactPerson[@contactType='technical']"> + <xsl:text>||Technical contact|</xsl:text> + <xsl:apply-templates select="md:EmailAddress"/> + <xsl:value-of select="$eol"/> + </xsl:template> + + <xsl:template match="md:ContactPerson[@contactType='administrative']"> + <xsl:text>||Administrative contact|</xsl:text> + <xsl:apply-templates select="md:EmailAddress"/> + <xsl:value-of select="$eol"/> + </xsl:template> + + <xsl:template match="md:Organization"> + <xsl:text>||Organization|[</xsl:text> + <xsl:apply-templates select="md:OrganizationDisplayName[1]"/><xsl:text>|</xsl:text><xsl:apply-templates select="md:OrganizationURL[1]"/><xsl:text>]</xsl:text> + <xsl:value-of select="$eol"/> + </xsl:template> + + <xsl:template match="md:SPSSODescriptor"> + <xsl:text>||Role|Service Provider</xsl:text><xsl:value-of select="$eol"/> + </xsl:template> + + <xsl:template match="md:AttributeConsumingService"> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="md:ServiceDescription"> + <xsl:text>{info}</xsl:text><xsl:value-of select="text()"/><xsl:text>{info}</xsl:text> + </xsl:template> + + <xsl:template match="md:IDPSSODescriptor"> + <xsl:text>||Role|Identity Provider</xsl:text><xsl:value-of select="$eol"/> + <xsl:text>||Scopes|</xsl:text><xsl:apply-templates select="md:Extensions/shibmd:Scope"/><xsl:value-of select="$eol"/> + </xsl:template> + + <xsl:template match="md:EmailAddress"> + <xsl:value-of select="text()"/> + </xsl:template> + + <xsl:template match="md:OrganizationDisplayName"> + <xsl:value-of select="text()"/> + </xsl:template> + + <xsl:template match="md:OrganizationURL"> + <xsl:value-of select="text()"/> + </xsl:template> + + <xsl:template match="shibmd:Scope"> + <xsl:text>* </xsl:text><xsl:value-of select="text()"/><xsl:text> +</xsl:text> + </xsl:template> + + + <xsl:template match="*"/> + <xsl:template match="text()"/> + +</xsl:stylesheet> |