diff options
Diffstat (limited to 'metadata/xslt')
-rw-r--r-- | metadata/xslt/check_algsupport.xsl | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/metadata/xslt/check_algsupport.xsl b/metadata/xslt/check_algsupport.xsl new file mode 100644 index 00000000..b9a0962d --- /dev/null +++ b/metadata/xslt/check_algsupport.xsl @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + + check_algsupport.xsl + + Checking ruleset for the SAML V2.0 Metadata Profile for Algorithm Support. + + Author: Ian A. Young <ian@iay.org.uk> + +--> +<xsl:stylesheet version="1.0" + xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + <!-- + Common support functions. + --> + <xsl:import href="check_framework.xsl"/> + + <!-- + 2.3 md:EncryptionMethod should appear only in md:KeyDescriptor elements + whose @use is omitted or set to "encryption", i.e., not "signing". + --> + <xsl:template match="md:EncryptionMethod[../@use='signing']"> + <xsl:call-template name="error"> + <xsl:with-param name="m">EncryptionMethod should not be present on 'signing' KeyDescriptor</xsl:with-param> + </xsl:call-template> + </xsl:template> + + <!-- + Check for duplicate SigningMethod or DigestMethod algorithms in any given list. + --> + <xsl:template match="md:Extensions[alg:*]"> + + <!-- check individual alg:SigningMethod and alg:DigestMethod elements --> + <xsl:apply-templates/> + </xsl:template> + + <!-- + 2.4 Check for misplaced SigningMethod or DigestMethod elements. + --> + <xsl:template match="alg:*[not(parent::md:Extensions)]"> + <xsl:call-template name="error"> + <xsl:with-param name="m"> + <xsl:text>alg:</xsl:text> + <xsl:value-of select="local-name()"/> + <xsl:text> must only appear within an Extensions element</xsl:text> + </xsl:with-param> + </xsl:call-template> + </xsl:template> + + <!-- + Check for duplicate EncryptionMethod elements in any given list. + --> + <xsl:template match="md:KeyDescriptor[md:EncryptionMethod]"> + + <!-- check individual md:EncryptionMethod elements --> + <xsl:apply-templates/> + </xsl:template> + +</xsl:stylesheet> |