Author: anil.saldhana(a)jboss.com
Date: 2008-12-15 21:26:05 -0500 (Mon, 15 Dec 2008)
New Revision: 166
Added:
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
identity-federation/trunk/identity-fed-model/src/main/resources/schema/xmldsig-core-schema.xsd
Modified:
identity-federation/trunk/identity-fed-api/.classpath
identity-federation/trunk/identity-fed-model/src/main/java/org/jboss/identity/federation/saml/v2/jboss/JBossSAMLURIConstants.java
Log:
JBID-35: xml dsig
Modified: identity-federation/trunk/identity-fed-api/.classpath
===================================================================
--- identity-federation/trunk/identity-fed-api/.classpath 2008-12-16 02:23:36 UTC (rev
165)
+++ identity-federation/trunk/identity-fed-api/.classpath 2008-12-16 02:26:05 UTC (rev
166)
@@ -10,5 +10,6 @@
<classpathentry kind="var"
path="M2_REPO/junit/junit/4.4/junit-4.4.jar"/>
<classpathentry kind="var"
path="M2_REPO/sun-jaxb/jaxb-impl/2.1.9/jaxb-impl-2.1.9.jar"/>
<classpathentry kind="var"
path="M2_REPO/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/apache/xmlsec/1.4.1/xmlsec-1.4.1.jar"/>
<classpathentry kind="output" path="target-eclipse"/>
</classpath>
Added:
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
===================================================================
---
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
(rev 0)
+++
identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2008-12-16
02:26:05 UTC (rev 166)
@@ -0,0 +1,210 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.OutputStream;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.util.Collections;
+
+import javax.security.cert.X509Certificate;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Marshaller;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory;
+import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.w3.xmldsig.ObjectFactory;
+import org.jboss.identity.federation.w3.xmldsig.SignatureType;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+/**
+ * Utility for XML Signature
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 15, 2008
+ */
+public class XMLSignatureUtil
+{
+ private static String pkgName = "org.jboss.identity.federation.w3.xmldsig";
+ private static String schemaLocation = "schema/xmldsig-core-schema.xsd";
+
+ private static ObjectFactory objectFactory = new ObjectFactory();
+
+ private static XMLSignatureFactory fac =
XMLSignatureFactory.getInstance("DOM",
+ new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
+
+ /**
+ * Sign an AuthnRequestType
+ * @param request
+ * @param signingKey Private Key for signing
+ * @param cert X509Certificate public key certificate (may be null)
+ * @param digestMethod (Example: DigestMethod.SHA1)
+ * @param signatureMethod (Example: SignatureMethod.DSA_SHA1)
+ * @return
+ * @throws Exception
+ */
+ public static Document sign(AuthnRequestType request, PrivateKey signingKey,
+ X509Certificate certificate,
+ String digestMethod, String signatureMethod) throws Exception
+ {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ JBossSAMLAuthnRequestFactory.marshall(request, baos);
+
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+ Document doc = builder.parse(new ByteArrayInputStream(baos.toByteArray()) );
+
+ DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
+
+ String referenceURI = "#" + request.getID();
+
+ Reference ref = fac.newReference
+ ( referenceURI, fac.newDigestMethod(digestMethod, null),
+ Collections.singletonList
+ (fac.newTransform(Transform.ENVELOPED,
+ (TransformParameterSpec) null)), null, null);
+
+ SignedInfo si = fac.newSignedInfo
+ (fac.newCanonicalizationMethod
+ (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
+ (C14NMethodParameterSpec) null),
+ fac.newSignatureMethod(signatureMethod, null),
+ Collections.singletonList(ref));
+
+ KeyInfo ki = null;
+ if(certificate != null)
+ {
+ KeyInfoFactory kif = fac.getKeyInfoFactory();
+ KeyValue kv = kif.newKeyValue(certificate.getPublicKey());
+ ki = kif.newKeyInfo(Collections.singletonList(kv));
+ }
+
+ XMLSignature signature = fac.newXMLSignature(si, ki);
+
+ signature.sign(dsc);
+
+ return doc;
+ }
+
+ /**
+ * Sign an AuthnRequestType
+ * @param request
+ * @param keypair Key Pair
+ * @param digestMethod (Example: DigestMethod.SHA1)
+ * @param signatureMethod (Example: SignatureMethod.DSA_SHA1)
+ * @return
+ * @throws Exception
+ */
+ public static Document sign(AuthnRequestType request, KeyPair keypair,
+ String digestMethod, String signatureMethod) throws Exception
+ {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ JBossSAMLAuthnRequestFactory.marshall(request, baos);
+
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+ Document doc = builder.parse(new ByteArrayInputStream(baos.toByteArray()) );
+
+ DOMSignContext dsc = new DOMSignContext(keypair.getPrivate(),
doc.getDocumentElement());
+
+ String referenceURI = "#" + request.getID();
+
+ Reference ref = fac.newReference
+ ( referenceURI, fac.newDigestMethod(digestMethod, null),
+ Collections.singletonList
+ (fac.newTransform(Transform.ENVELOPED,
+ (TransformParameterSpec) null)), null, null);
+
+ SignedInfo si = fac.newSignedInfo
+ (fac.newCanonicalizationMethod
+ (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
+ (C14NMethodParameterSpec) null),
+ fac.newSignatureMethod(signatureMethod, null),
+ Collections.singletonList(ref));
+
+ KeyInfoFactory kif = fac.getKeyInfoFactory();
+ KeyValue kv = kif.newKeyValue(keypair.getPublic());
+ KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
+
+ XMLSignature signature = fac.newXMLSignature(si, ki);
+
+ signature.sign(dsc);
+
+ return doc;
+ }
+
+ public static boolean validate(Document signedDoc, Key publicKey) throws Exception
+ {
+ NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS,
"Signature");
+ if (nl.getLength() == 0)
+ {
+ throw new Exception("Cannot find Signature element");
+ }
+ DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
+
+ XMLSignature signature = fac.unmarshalXMLSignature(valContext);
+ boolean coreValidity = signature.validate(valContext);
+
+ return coreValidity;
+ }
+
+ public static void marshall(SignatureType signature, OutputStream os) throws
Exception
+ {
+ JAXBElement<SignatureType> jsig = objectFactory.createSignature(signature);
+ Marshaller marshaller = JBossSAMLBaseFactory.getValidatingMarshaller(pkgName,
schemaLocation);
+ marshaller.marshal(jsig, os);
+ }
+
+ public static void marshall(Document signedDocument, OutputStream os) throws
Exception
+ {
+ TransformerFactory tf = TransformerFactory.newInstance();
+ Transformer trans = tf.newTransformer();
+ trans.transform(new DOMSource(signedDocument), new StreamResult(os));
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
===================================================================
---
identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2008-12-16
02:26:05 UTC (rev 166)
@@ -0,0 +1,67 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.api.saml.v2;
+
+import static org.junit.Assert.assertTrue;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.SignatureMethod;
+
+import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory;
+import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory;
+import org.jboss.identity.federation.api.util.XMLSignatureUtil;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.junit.Test;
+import org.w3c.dom.Document;
+
+/**
+ * Signatures related unit test cases
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 15, 2008
+ */
+public class SignatureValidationUnitTestCase
+{
+ /**
+ * Test the creation of AuthnRequestType with signature creation
+ * with a private key and then validate the signature with a public
+ * key
+ * @throws Exception
+ */
+
+ @Test
+ public void testAuthnRequestCreationWithSignature() throws Exception
+ {
+ AuthnRequestType authnRequest =
JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ "ID_" + JBossSAMLBaseFactory.createUUID(), "http://sp",
"http://idp", "http://sp");
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ KeyPair kp = kpg.genKeyPair();
+ Document signedDoc = XMLSignatureUtil.sign(authnRequest, kp.getPrivate(), null,
+ DigestMethod.SHA1, SignatureMethod.DSA_SHA1);
+
+ //Validate the signature
+ boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic());
+ assertTrue(isValid);
+ }
+}
\ No newline at end of file
Modified:
identity-federation/trunk/identity-fed-model/src/main/java/org/jboss/identity/federation/saml/v2/jboss/JBossSAMLURIConstants.java
===================================================================
---
identity-federation/trunk/identity-fed-model/src/main/java/org/jboss/identity/federation/saml/v2/jboss/JBossSAMLURIConstants.java 2008-12-16
02:23:36 UTC (rev 165)
+++
identity-federation/trunk/identity-fed-model/src/main/java/org/jboss/identity/federation/saml/v2/jboss/JBossSAMLURIConstants.java 2008-12-16
02:26:05 UTC (rev 166)
@@ -33,8 +33,12 @@
ATTRIBUTE_FORMAT_BASIC("urn:oasis:names:tc:SAML:2.0:attrname-format:basic"),
NAMEID_FORMAT_TRANSIENT("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"),
NAMEID_FORMAT_PERSISTENT("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"),
+
SIGNATURE_DSA_SHA1("http://www.w3.org/2000/09/xmldsig#dsa-sha1"),
+
SIGNATURE_RSA_SHA1("http://www.w3.org/2000/09/xmldsig#rsa-sha1"),
SUBJECT_CONFIRMATION_BEARER("urn:oasis:names:tc:SAML:2.0:cm:bearer"),
- STATUS_SUCCESS("urn:oasis:names:tc:SAML:2.0:status:Success");
+ STATUS_SUCCESS("urn:oasis:names:tc:SAML:2.0:status:Success"),
+
TRANSFORM_ENVELOPED_SIGNATURE("http://www.w3.org/2000/09/xmldsig#env...,
+
TRANSFORM_C14N_EXCL_OMIT_COMMENTS("http://www.w3.org/2001/10/xml-exc...;
private String uri = null;
Added:
identity-federation/trunk/identity-fed-model/src/main/resources/schema/xmldsig-core-schema.xsd
===================================================================
---
identity-federation/trunk/identity-fed-model/src/main/resources/schema/xmldsig-core-schema.xsd
(rev 0)
+++
identity-federation/trunk/identity-fed-model/src/main/resources/schema/xmldsig-core-schema.xsd 2008-12-16
02:26:05 UTC (rev 166)
@@ -0,0 +1,318 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ PUBLIC "-//W3C//DTD XMLSchema 200102//EN"
"http://www.w3.org/2001/XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+
http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+
http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1]
http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2]
http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema
xmlns="http://www.w3.org/2001/XMLSchema"
+
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+
targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0"
maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="base64Binary">
+ <attribute name="Id" type="ID"
use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod"
type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0"
maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI"
use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod"
type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0"
type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0"
maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI"
use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI"
use="optional"/>
+ <attribute name="Type" type="anyURI"
use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI"
use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax"
minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI"
use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="base64Binary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod"
type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI"
use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial"
type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="base64Binary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="base64Binary"/>
+ <element name="X509CRL" type="base64Binary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="base64Binary"/>
+ <element name="PGPKeyPacket" type="base64Binary"
minOccurs="0"/>
+ <any namespace="##other" processContents="lax"
minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="base64Binary"/>
+ <any namespace="##other" processContents="lax"
minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="base64Binary"/>
+ <any namespace="##other" processContents="lax"
minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string"
use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI"
use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties"
type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty"
type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI"
use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="G" type="ds:CryptoBinary"
minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <element name="J" type="ds:CryptoBinary"
minOccurs="0"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>