xmlns:javaUUID="java.util.UUID"

xmlns:r="http://csrc.nist.gov/ns/random"

<xsl:import href="random-util.xsl"/>

<!-- Provide a top-level UUID for the result catalog as $assign-uuid,

<xsl:param name="assign-uuid" as="xs:string?"/>

<!-- Alternatively, call a web site if the processor supports it -->

<xsl:param name="uuid-service" select="'https://www.uuidgenerator.net/api/version4'"/>

<!-- For checking a UUID before assigning it. -->

<xsl:variable name="uuid-v4-regex" as="xs:string">^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$</xsl:variable>

<xsl:variable name="use-uuid" as="xs:string">

<xsl:choose>

<xsl:when test="matches($assign-uuid,$uuid-v4-regex)">

<xsl:sequence select="$assign-uuid"/>

</xsl:when>

<xsl:when use-when="function-available('random-number-generator')" test="$assign-uuid = 'make-uuid'">

<!-- seed splices a timestamp with a given @uuid -->

<xsl:sequence select="r:make-uuid( /*/@uuid || '-' || replace( string(current-dateTime()),'\D','') )"/>

</xsl:when>

<xsl:when use-when="function-available('javaUUID:randomUUID')" test="function-available('javaUUID:randomUUID')">

<xsl:sequence select="javaUUID:randomUUID()"/>

</xsl:when>

<xsl:when test="unparsed-text-available($uuid-service)">

<xsl:sequence select="unparsed-text($uuid-service)"/>

</xsl:when>

<xsl:otherwise>00000000-0000-4000-B000-000000000000</xsl:otherwise>

</xsl:choose>

</xsl:variable>

<xsl:param name="home" select="/"/>

<!-- Since the fallback is not a valid URI the processor will try Java -->

<xsl:map-entry key="QName('','assign-uuid')" select="$use-uuid"/>

exclude-result-prefixes="xs math o opr"

<!-- Accepts a uuid as $assign-uuid, or provides a dummy UUID. A calling application can provide a 'random' UUID. -->

<xsl:param name="assign-uuid" as="xs:string?"/>

<xsl:variable name="uuid-v4-regex" as="xs:string">^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}$</xsl:variable>

<xsl:variable name="use-uuid" as="xs:string"

select="( $assign-uuid[matches(.,$uuid-v4-regex)], '00000000-0000-4000-B000-000000000000' )[1]"/>

<xsl:template match="* | @*" mode="#all">

<catalog uuid="{ $use-uuid }">

<xsl:variable name="leaders" select="(title | published | last-modified | version | oscal-version | doc-id)"/>

<link href="{$profile-origin-uri}" rel="resolution-source"/>

Profile resolution is implemented here as a set of XSLT transformations to be performed in sequence, applied to defined inputs (a **source profile** with imported **catalog** sources) to produce defined outputs (a **profile resolution result** in the form of a catalog). The word **baseline** is also used to refer to a particular profile in application, whether in its unprocessed form or its resolved, serialized form.

The sequence reflects and roughly corresponds to the three steps in profile resolution described for OSCAL in the [Profile Resolution Specification](https://pages.nist.gov/OSCAL/concepts/processing/profile-resolution/):

- **selection** (importing catalogs or profiles and selecting controls from them)

- **organization (merging)** i.e. specifying how selected controls are to be organized in representation

- **modification** - setting parameters and potentially supplementing, amending or editing control text

For demonstration, the expected interim results for test files are kept in the testing/\* folders

Note that these interim results are *not always valid to any OSCAL schema* while at the same time they are quite close to OSCAL profile and catalog syntax.

Testing files for profile resolution in general are kept [with the specification](../../../specifications/profile-resolution). The testing files in this subdirectory are only for this implementation.

Use a recent version of Saxon for best results -- although we would also be *very interested* to hear from users of other XSLT engines conformant to the 3.1 family of XML standards (XSLT/XPath/XDM/XQuery).

The main entry point for the transformation pipeline is the dynamic build XSLT called `oscal-profile-RESOLVE.xsl`, which invokes the core transformation steps in sequence, taking the source profile document as primary input. Load Saxon with your document and this stylesheet as follows (for example):

Alternatively, set up the bindings in an IDE or programmed environment that has XSLT 3.1 support.

Note that URIs (addresses) given in a profile document must link correctly as absolute or relative paths to their imported catalogs, as demonstrated in examples.

A captured and serialized profile resolution will take the form of an OSCAL catalog, and be valid to the catalog schema for correctly formed inputs.