Add checks for role descriptors lacking KeyDescriptor elements.

InCommon · Jun 25, 2009 · 45c0559 · 45c0559
1 parent 0690cc4
commit 45c0559
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/build/check.xsl b/build/check.xsl
@@ -121,6 +121,29 @@
 		</xsl:call-template>
 	</xsl:template>
 
+
+	<!--
+		Check for role descriptors with missing KeyDescriptor elements.
+	-->
+
+	<xsl:template match="md:IDPSSODescriptor[not(md:KeyDescriptor)]">
+		<xsl:call-template name="fatal">
+			<xsl:with-param name="m">IdP SSO Descriptor lacking KeyDescriptor</xsl:with-param>
+		</xsl:call-template>	
+	</xsl:template>
+
+	<xsl:template match="md:SPSSODescriptor[not(md:KeyDescriptor)]">
+		<xsl:call-template name="fatal">
+			<xsl:with-param name="m">SP SSO Descriptor lacking KeyDescriptor</xsl:with-param>
+		</xsl:call-template>	
+	</xsl:template>
+
+	<xsl:template match="md:AttributeAuthorityDescriptor[not(md:KeyDescriptor)]">
+		<xsl:call-template name="fatal">
+			<xsl:with-param name="m">IdP AA Descriptor lacking KeyDescriptor</xsl:with-param>
+		</xsl:call-template>	
+	</xsl:template>
+
 
 	<!--
 		Check for a construct which is known to cause the Shibboleth 1.3 SP to dump core.