Add XSL for identifying SPs which don't list AES128-CBC in metadata

See ukf/ukf-meta#243

tests/manual/ukf-meta-243/README.md

@@ -1,5 +1,7 @@
 # Add CBC algorithm if no block encryption algorithms
 
+## Unit tests
+
 The tests directory has a series of tests (the `.xml` files). Each of these
 has a corresponding `.xml.out` which is what we expect is the transform.
 
@@ -10,3 +12,9 @@ This command will run the tests:
 The expected output is a series of headers.
 
 Any errors will show up as a diff from the expected output 
+
+## Deployment test
+
+`xsltproc listSPsnoAES128-CBC.xsl <aggregate>` will list the entityIDs of SPs which do not
+explicitly list the AES128-CBC algorithm. We expect only SPs that already list algorithms
+which aren't AES128-CBC will show up here.

tests/manual/ukf-meta-243/listSPsnoAES128-CBC.xsl

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	Lists entityIDs of SPs with no AES128-CBC
+
+-->
+<xsl:stylesheet version="1.0"
+        xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+        xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+        xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+        <xsl:output method="text" encoding="UTF-8"/>
+
+        <xsl:template match="md:EntityDescriptor
+			[md:SPSSODescriptor]
+			[not(md:SPSSODescriptor/md:KeyDescriptor/md:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'])]">
+                <xsl:value-of select="@entityID"/>
+                <xsl:text>&#10;</xsl:text>
+        </xsl:template>
+
+        <xsl:template match="text()">
+                <!-- do nothing -->
+        </xsl:template>
+
+</xsl:stylesheet>