diff options
Diffstat (limited to 'common')
16 files changed, 1570 insertions, 13 deletions
| diff --git a/common/.settings/org.eclipse.jdt.core.prefs b/common/.settings/org.eclipse.jdt.core.prefs index af8eeb2ca..9c6309855 100644 --- a/common/.settings/org.eclipse.jdt.core.prefs +++ b/common/.settings/org.eclipse.jdt.core.prefs @@ -1,4 +1,3 @@ -#Wed Jan 16 15:02:15 CET 2008
  eclipse.preferences.version=1
  org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
  org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
 @@ -9,4 +8,5 @@ org.eclipse.jdt.core.compiler.debug.localVariable=generate  org.eclipse.jdt.core.compiler.debug.sourceFile=generate
  org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning
  org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
 +org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
  org.eclipse.jdt.core.compiler.source=1.4
 diff --git a/common/.settings/org.eclipse.wst.common.component b/common/.settings/org.eclipse.wst.common.component index 6351b73de..4dd7e3409 100644 --- a/common/.settings/org.eclipse.wst.common.component +++ b/common/.settings/org.eclipse.wst.common.component @@ -1,7 +1,7 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project-modules id="moduleCoreId" project-version="1.5.0"> -    <wb-module deploy-name="moa-common"> -        <wb-resource deploy-path="/" source-path="/src/main/java"/> -        <wb-resource deploy-path="/" source-path="/src/main/resources"/> -    </wb-module> -</project-modules> +<?xml version="1.0" encoding="UTF-8"?>
 +<project-modules id="moduleCoreId" project-version="2.0">
 +  <wb-module deploy-name="moa-common">
 +    <wb-resource deploy-path="/" source-path="src/main/java"/>
 +    <wb-resource deploy-path="/" source-path="src/main/resources"/>
 +  </wb-module>
 +</project-modules>
\ No newline at end of file diff --git a/common/.settings/org.eclipse.wst.common.project.facet.core.xml b/common/.settings/org.eclipse.wst.common.project.facet.core.xml index 8b6262d32..eb7de6322 100644 --- a/common/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/common/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -1,7 +1,7 @@  <?xml version="1.0" encoding="UTF-8"?>
  <faceted-project>
 -  <fixed facet="jst.utility"/>
    <fixed facet="jst.java"/>
 -  <installed facet="jst.java" version="1.4"/>
 +  <fixed facet="jst.utility"/>
    <installed facet="jst.utility" version="1.0"/>
 -</faceted-project>
 +  <installed facet="jst.java" version="1.4"/>
 +</faceted-project>
\ No newline at end of file diff --git a/common/pom.xml b/common/pom.xml index d0ea9db4d..560e6fe5a 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -60,6 +60,12 @@        <scope>runtime</scope>        <optional>true</optional>      </dependency> +    <dependency> +    	  <groupId>joda-time</groupId> +	      <artifactId>joda-time</artifactId> +	      <version>1.6.2</version> +    	</dependency>    +    	    </dependencies>    <build> diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java index 998bbf26f..c4f7eb3f3 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -285,6 +285,61 @@ public interface Constants {    /** URI of the XAdES v1.4.1 namespace */    public static final String XADES_1_4_1_NS_URI = "http://uri.etsi.org/01903/v1.4.1#"; +   +  /** URI of the SAML 2.0 namespace. */ +  public static final String SAML2_NS_URI = +    "urn:oasis:names:tc:SAML:2.0:assertion"; + +  /** Prefix used for the SAML 2.0 XML namespace */ +  public static final String SAML2_PREFIX = "saml2"; + +  /** Local location of the SAML 2.0 XML schema definition. */ +  public static final String SAML2_SCHEMA_LOCATION = +    SCHEMA_ROOT + "saml-schema-assertion-2.0.xsd"; +   +  /** URI of the SAML 2.0 protocol namespace. */ +  public static final String SAML2P_NS_URI = +    "urn:oasis:names:tc:SAML:2.0:protocol"; + +  /** Prefix used for the SAML 2.0 protocol XML namespace */ +  public static final String SAML2P_PREFIX = "saml2p"; + +  /** Local location of the SAML 2.0 protocol XML schema definition. */ +  public static final String SAML2P_SCHEMA_LOCATION = +    SCHEMA_ROOT + "saml-schema-protocol-2.0.xsd"; +   +  /** URI of the STORK namespace. */ +  public static final String STORK_NS_URI = +    "urn:eu:stork:names:tc:STORK:1.0:assertion"; + +  /** Prefix used for the STORK XML namespace */ +  public static final String STORK_PREFIX = "stork"; + +  /** Local location of the STORK XML schema definition. */ +  public static final String STORK_SCHEMA_LOCATION = +    SCHEMA_ROOT + "stork-schema-assertion-1.0.xsd"; +   +  /** URI of the STORK protocol namespace. */ +  public static final String STORKP_NS_URI = +    "urn:eu:stork:names:tc:STORK:1.0:protocol"; + +  /** Prefix used for the STORK protocol XML namespace */ +  public static final String STORKP_PREFIX = "storkp"; + +  /** Local location of the STORK protocol XML schema definition. */ +  public static final String STORKP_SCHEMA_LOCATION = +    SCHEMA_ROOT + "stork-schema-protocol-1.0.xsd"; +   +  /** URI of the XML Encryption namespace. */ +  public static final String XENC_NS_URI = +    "http://www.w3.org/2001/04/xmlenc#"; + +  /** Prefix used for the XML Encryption XML namespace */ +  public static final String XENC_PREFIX = "xenc"; + +  /** Local location of the XML Encryption XML schema definition. */ +  public static final String XENC_SCHEMA_LOCATION = +    SCHEMA_ROOT + "xenc-schema.xsd";    /**     * Contains all namespaces and local schema locations for XML schema @@ -310,7 +365,12 @@ public interface Constants {        + (XADES_1_1_1_NS_URI + " " + XADES_1_1_1_SCHEMA_LOCATION + " ")        + (XADES_1_2_2_NS_URI + " " + XADES_1_2_2_SCHEMA_LOCATION + " ")        + (XADES_1_3_2_NS_URI + " " + XADES_1_3_2_SCHEMA_LOCATION + " ") -      + (XADES_1_4_1_NS_URI + " " + XADES_1_4_1_SCHEMA_LOCATION); +      + (XADES_1_4_1_NS_URI + " " + XADES_1_4_1_SCHEMA_LOCATION + " ") +      + (SAML2_NS_URI + " " + SAML2_SCHEMA_LOCATION + " ") +      + (SAML2P_NS_URI + " " + SAML2P_SCHEMA_LOCATION + " ") +      + (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ") +      + (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ") +      + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION);    /** URN prefix for bPK and wbPK. */    public static final String URN_PREFIX = "urn:publicid:gv.at"; diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java index d70073db8..8d57f911a 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java @@ -25,6 +25,7 @@  package at.gv.egovernment.moa.util;  import java.io.StringWriter; +import java.text.DateFormat;  import java.text.ParseException;  import java.text.SimpleDateFormat;  import java.util.Calendar; @@ -32,6 +33,10 @@ import java.util.Date;  import java.util.GregorianCalendar;  import java.util.TimeZone; +import org.joda.time.DateTime; +import org.joda.time.format.DateTimeFormat; +import org.joda.time.format.DateTimeFormatter; +  /**   * Utility for parsing and building XML type <code>dateTime</code>,   * according to ISO 8601. @@ -396,5 +401,100 @@ public class DateTimeUtils {        }      }    } +   +  /** +   * Calculates the age if date of birth is given (for a calendar time stamp) +   * @param dateOfBirth Date of Birth +   * @param now Calendar time stamp at which the age needs to be calculated for +   * @return Age of a person +   */ +  public static int calcAge(Calendar dateOfBirth, Calendar now) { +      int age = now.get(Calendar.YEAR) - dateOfBirth.get(Calendar.YEAR); +       +      int nowM = now.get(Calendar.MONTH); +      int dobM = dateOfBirth.get(Calendar.MONTH); +      int nowDOM = now.get(Calendar.DAY_OF_MONTH); +      int dobDOM = dateOfBirth.get(Calendar.DAY_OF_MONTH); +       +      if ((nowM < dobM) || ((nowM == dobM) && (nowDOM < dobDOM))) { +         age--; +      } +       +      if (age < 0) { +         throw new IllegalArgumentException("Calculated age results in negative value."); +      } +      return age; +   } + +  /** +   * Calculates the age if date of birth is given as Calendar object +   * @param dateOfBirth Date of Birth as Calendar object +   * @return Age of a person +   */ +   public static int calcAge(Calendar dateOfBirth) { +      return calcAge(dateOfBirth, Calendar.getInstance()); +   } + +   /** +    * Calculates the age if date of birth is given (for a date time stamp) +    * @param dateOfBirth Date of Birth +    * @param now Date time stamp at which the age needs to be calculated for +    * @return Age of a person +    */ +   public static int calcAge(Date dateOfBirth, Date now) { +      Calendar dob = Calendar.getInstance(); +      dob.setTime(dateOfBirth); +      Calendar nowCal = Calendar.getInstance(); +      nowCal.setTime(now); +      return calcAge(dob, nowCal); +   } + +   /** +    * Calculates the age if date of birth is given as Date object +    * @param dateOfBirth Date of Birth as Date object +    * @return Age of a person +    */ +   public static int calcAge(Date dateOfBirth) { +      return calcAge(dateOfBirth, new Date()); +   } +    +   public static String formatPEPSDateToMOADate(String pepsDate) {		 +	    +	   if (StringUtils.isEmpty(pepsDate)) { +		   return null; +	   } +	    +	   DateTimeFormatter fmt = null; +		 +		switch (pepsDate.length()) { +		case 4: +			fmt = DateTimeFormat.forPattern("yyyy"); +			break; +		case 6: +			fmt = DateTimeFormat.forPattern("yyyyMM"); +			break; +		case 8: +			fmt = DateTimeFormat.forPattern("yyyyMMdd"); +			break; +		default: +			break; +		}	 +		 +		DateTime dt = fmt.parseDateTime(pepsDate); +		DateTimeFormatter fmt2 = DateTimeFormat.forPattern("yyyy-MM-dd"); +		return fmt2.print(dt); +		 +	} +    +   /** +    * Returns a date as String using a provided format +    * @param format Format the date/time should be returned +    * @return Date/Time as String formatted according the provided format +    */ +   public static String getDateTimeWithFormat(String format) { +        DateFormat dateFormat = new SimpleDateFormat(format); +        Date date = new Date(); +        return dateFormat.format(date); +    }  } diff --git a/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java index 78fe8a345..9db3ca6e3 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java @@ -26,14 +26,19 @@ package at.gv.egovernment.moa.util;  import iaik.x509.X509Certificate; +import java.io.BufferedInputStream;  import java.io.File;  import java.io.FileInputStream; +import java.io.FileNotFoundException;  import java.io.IOException;  import java.io.InputStream;  import java.net.URL;  import java.security.GeneralSecurityException;  import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException;  import java.security.cert.Certificate; +import java.security.cert.CertificateException;  /**   * Utility for creating and loading key stores. @@ -42,6 +47,18 @@ import java.security.cert.Certificate;   * @version $Id$   */  public class KeyStoreUtils { +	 +	/** +	 * JAVA KeyStore +	 */ +	private static final String KEYSTORE_TYPE_JKS = "JKS"; +	 +	/** +	 * PKCS12 KeyStore +	 */ +	private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12"; +	 +	    /**     * Loads a key store from file. @@ -154,5 +171,42 @@ public class KeyStoreUtils {      in.close();      return cert;    } +   +  +	/** +	 * Loads a keyStore without knowing the keyStore type +	 * @param keyStorePath URL to the keyStore +	 * @param password Password protecting the keyStore +	 * @return keyStore loaded +	 * @throws KeyStoreException thrown if keyStore cannot be loaded +	 * @throws FileNotFoundException  +	 * @throws IOException  +	 */ +  public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{ +		 +		//InputStream is = new FileInputStream(keyStorePath); +	  	URL keystoreURL = new URL(keyStorePath); +	    InputStream in = keystoreURL.openStream(); +		InputStream isBuffered = new BufferedInputStream(in);		 +		 +		isBuffered.mark(1024*1024); +		KeyStore ks = null; +		try { +			try {				 +				ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, isBuffered, password); +			} catch (IOException e2) { +				isBuffered.reset();				 +				ks = loadKeyStore(KEYSTORE_TYPE_JKS, isBuffered, password); +			} +		} catch(Exception e) {			 +			e.printStackTrace(); +			//throw new KeyStoreException(e); +		} +		return ks;	 +						 +	} +	 +	 +  } diff --git a/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java index 7a72c0bfb..faa009b0e 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java @@ -82,6 +82,11 @@ public class XPathUtils {      ctx.addNamespace(Constants.MVV_PREFIX, Constants.MVV_NS_URI);      ctx.addNamespace(Constants.STB_PREFIX, Constants.STB_NS_URI);      ctx.addNamespace(Constants.WRR_PREFIX, Constants.WRR_NS_URI); +    ctx.addNamespace(Constants.STORK_PREFIX, Constants.STORK_NS_URI); +    ctx.addNamespace(Constants.STORKP_PREFIX, Constants.STORKP_NS_URI); +    ctx.addNamespace(Constants.SAML2_PREFIX, Constants.SAML2_NS_URI); +    ctx.addNamespace(Constants.SAML2P_PREFIX, Constants.SAML2P_NS_URI); +    ctx.addNamespace(Constants.XENC_PREFIX, Constants.XENC_NS_URI);      NS_CONTEXT = ctx;    } diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd index f78c3fc1e..c5f751061 100644 --- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd +++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd @@ -1,8 +1,10 @@  <?xml version="1.0" encoding="UTF-8"?>
 -<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
 +<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
  	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
  	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
  	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
 +	<xsd:import namespace="urn:eu:stork:names:tc:STORK:1.0:assertion" schemaLocation="stork-schema-assertion-1.0.xsd"/>
 +	<xsd:import namespace="urn:eu:stork:names:tc:STORK:1.0:protocol" schemaLocation="stork-schema-protocol-1.0.xsd"/>
  	<xsd:element name="Configuration">
  		<xsd:complexType>
  			<xsd:sequence>
 @@ -287,6 +289,11 @@  								<xsd:documentation>Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
  							</xsd:annotation>
  						</xsd:element>
 +						<xsd:element ref="STORK" minOccurs="0">
 +							<xsd:annotation>
 +								<xsd:documentation>Verbindungsparameter zu den Country-PEPS (C-PEPS)</xsd:documentation>
 +							</xsd:annotation>
 +						</xsd:element>
  					</xsd:sequence>
  				</xsd:complexType>
  			</xsd:element>
 @@ -458,6 +465,7 @@  								</xsd:sequence>
  							</xsd:complexType>
  						</xsd:element>
 +						<xsd:element ref="STORK" minOccurs="0"/>
  					</xsd:sequence>
  					<xsd:attribute name="slVersion" use="optional" default="1.1">
  						<xsd:simpleType>
 @@ -657,4 +665,90 @@  			</xsd:simpleType-->
  		</xsd:attribute>
  	</xsd:complexType>
 +	<xsd:complexType name="SignatureCreationParameterType">
 +		<xsd:annotation	>
 +			<xsd:documentation>Enthält Informationen zu einem KeyStore bzw. Key zur STORK SAML AuthnRequest Signaturerstellung</xsd:documentation>
 +		</xsd:annotation>
 +		<xsd:sequence>
 +			<xsd:element ref="KeyStore"/>
 +			<xsd:element ref="KeyName"/>
 +		</xsd:sequence>		
 +	</xsd:complexType>
 +	<xsd:complexType name="SignatureVerificationParameterType">
 +		<xsd:annotation	>
 +			<xsd:documentation>Enthält Informationen zur Verfikation von Signaturen einer STORK SAML Response</xsd:documentation>
 +		</xsd:annotation>
 +		<xsd:sequence>
 +			<xsd:element ref="TrustProfileID"/>			
 +		</xsd:sequence>		
 +	</xsd:complexType>
 +	
 +	<xsd:element name="SAMLSigningParameter">
 +		<xsd:annotation	>
 +			<xsd:documentation>Enthält Informationen zur Erstellung und Verifikation von STORK SAML Messages</xsd:documentation>
 +		</xsd:annotation>
 +		<xsd:complexType>
 +			<xsd:sequence>
 +				<xsd:element name="SignatureCreationParameter" type="SignatureCreationParameterType"/>
 +				<xsd:element name="SignatureVerificationParameter" type="SignatureVerificationParameterType"/>
 +			</xsd:sequence>
 +		</xsd:complexType>
 +	</xsd:element>
 +	
 +	<xsd:element name="KeyStore">
 +		<xsd:annotation	>
 +			<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel zum Erstellen einer Signatur enthält</xsd:documentation>
 +		</xsd:annotation>
 +		<xsd:complexType>
 +			<xsd:simpleContent>
 +				<xsd:extension base="xsd:anyURI">
 +					<xsd:attribute name="password" type="xsd:string" use="optional"/>
 +				</xsd:extension>
 +			</xsd:simpleContent>
 +		</xsd:complexType>
 +	</xsd:element>
 +	<xsd:element name="KeyName">
 +		<xsd:annotation	>
 +			<xsd:documentation>Name zum Key eines KeyStores, der den privaten Schlüssel zum Erstellen einer Signatur darstellt</xsd:documentation>
 +		</xsd:annotation>
 +		<xsd:complexType>
 +			<xsd:simpleContent>
 +				<xsd:extension base="xsd:string">
 +					<xsd:attribute name="password" type="xsd:string" use="optional"/>
 +				</xsd:extension>
 +			</xsd:simpleContent>
 +		</xsd:complexType>
 +	</xsd:element>
 +	
 +	<xsd:element name="C-PEPS">
 +		<xsd:annotation>
 +			<xsd:documentation>Enthält Informationen zu einem Citizen Country  PEPS (C-PEPS)</xsd:documentation>
 +		</xsd:annotation>
 +		<xsd:complexType>
 +			<xsd:sequence>		
 +				<xsd:element ref="stork:RequestedAttribute" minOccurs="0" maxOccurs="unbounded"/>				
 +			</xsd:sequence>		
 +			<xsd:attribute name="countryCode" type="stork:CountryCodeType" use="required"/>
 +			<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
 +		</xsd:complexType>
 +	</xsd:element>
 +	
 +	<xsd:element name="STORK">
 +		<xsd:annotation>
 +			<xsd:documentation>Contains STORK related information</xsd:documentation>
 +		</xsd:annotation>
 +		<xsd:complexType>
 +			<xsd:choice>
 +				<xsd:sequence>
 +					<xsd:element ref="C-PEPS" minOccurs="1" maxOccurs="unbounded"/>
 +					<xsd:element ref="SAMLSigningParameter"/>
 +				</xsd:sequence>
 +				<xsd:sequence>
 +					<xsd:element ref="stork:QualityAuthenticationAssuranceLevel" minOccurs="0"/>
 +					<xsd:element ref="storkp:RequestedAttributes"/>
 +				</xsd:sequence>
 +			</xsd:choice>
 +		</xsd:complexType>
 +		
 +	</xsd:element>						
  </xsd:schema>
 diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd index 9fdaac33e..98659557c 100644 --- a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd +++ b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd @@ -163,6 +163,7 @@  															</xs:sequence>
  														</xs:complexType>
  													</xs:element>
 +													<!-- 
  													<xs:element name="TSLTrustProfile">
  													<xs:complexType>
  															<xs:sequence>
 @@ -179,6 +180,7 @@  															</xs:sequence>
  														</xs:complexType>
  													</xs:element>
 +													 -->
  												</xs:sequence>
  											</xs:complexType>
  										</xs:element>
 diff --git a/common/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd b/common/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd new file mode 100644 index 000000000..91706a8f5 --- /dev/null +++ b/common/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd @@ -0,0 +1,290 @@ +<?xml version="1.0" encoding="US-ASCII"?>
 +<schema
 +    targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
 +    xmlns="http://www.w3.org/2001/XMLSchema"
 +    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
 +    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
 +    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
 +    elementFormDefault="unqualified"
 +    attributeFormDefault="unqualified"
 +    blockDefault="substitution"
 +    version="2.0">
 +    <!-- 
 +    <import namespace="http://www.w3.org/2000/09/xmldsig#"
 +        schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
 +    <import namespace="http://www.w3.org/2001/04/xmlenc#"
 +        schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
 +    -->
 +    <import namespace="http://www.w3.org/2000/09/xmldsig#"
 +        schemaLocation="xmldsig-core-schema.xsd"/>
 +    <import namespace="http://www.w3.org/2001/04/xmlenc#"
 +        schemaLocation="xenc-schema.xsd"/>
 +    
 +    <annotation>
 +        <documentation>
 +            Document identifier: saml-schema-assertion-2.0
 +            Location: http://docs.oasis-open.org/security/saml/v2.0/
 +            Revision history:
 +            V1.0 (November, 2002):
 +              Initial Standard Schema.
 +            V1.1 (September, 2003):
 +              Updates within the same V1.0 namespace.
 +            V2.0 (March, 2005):
 +              New assertion schema for SAML V2.0 namespace.
 +        </documentation>
 +    </annotation>
 +    <attributeGroup name="IDNameQualifiers">
 +        <attribute name="NameQualifier" type="string" use="optional"/>
 +        <attribute name="SPNameQualifier" type="string" use="optional"/>
 +    </attributeGroup>
 +    <element name="BaseID" type="saml:BaseIDAbstractType"/>
 +    <complexType name="BaseIDAbstractType" abstract="true">
 +        <attributeGroup ref="saml:IDNameQualifiers"/>
 +    </complexType>
 +    <element name="NameID" type="saml:NameIDType"/>
 +    <complexType name="NameIDType">
 +        <simpleContent>
 +            <extension base="string">
 +                <attributeGroup ref="saml:IDNameQualifiers"/>
 +                <attribute name="Format" type="anyURI" use="optional"/>
 +                <attribute name="SPProvidedID" type="string" use="optional"/>
 +            </extension>
 +        </simpleContent>
 +    </complexType>
 +    <complexType name="EncryptedElementType">
 +        <sequence>
 +            <element ref="xenc:EncryptedData"/>
 +            <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +    </complexType>
 +    <element name="EncryptedID" type="saml:EncryptedElementType"/>
 +    <element name="Issuer" type="saml:NameIDType"/>
 +    <element name="AssertionIDRef" type="NCName"/>
 +    <element name="AssertionURIRef" type="anyURI"/>
 +    <element name="Assertion" type="saml:AssertionType"/>
 +    <complexType name="AssertionType">
 +        <sequence>
 +            <element ref="saml:Issuer"/>
 +            <element ref="ds:Signature" minOccurs="0"/>
 +            <element ref="saml:Subject" minOccurs="0"/>
 +            <element ref="saml:Conditions" minOccurs="0"/>
 +            <element ref="saml:Advice" minOccurs="0"/>
 +            <choice minOccurs="0" maxOccurs="unbounded">
 +                <element ref="saml:Statement"/>
 +                <element ref="saml:AuthnStatement"/>
 +                <element ref="saml:AuthzDecisionStatement"/>
 +                <element ref="saml:AttributeStatement"/>
 +            </choice>
 +        </sequence>
 +        <attribute name="Version" type="string" use="required"/>
 +        <attribute name="ID" type="ID" use="required"/>
 +        <attribute name="IssueInstant" type="dateTime" use="required"/>
 +    </complexType>
 +    <element name="Subject" type="saml:SubjectType"/>
 +    <complexType name="SubjectType">
 +        <choice>
 +            <sequence>
 +                <choice>
 +                    <element ref="saml:BaseID"/>
 +                    <element ref="saml:NameID"/>
 +                    <element ref="saml:EncryptedID"/>
 +                </choice>
 +                <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
 +            </sequence>
 +            <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
 +        </choice>
 +    </complexType>
 +    <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
 +    <complexType name="SubjectConfirmationType">
 +        <sequence>
 +            <choice minOccurs="0">
 +                <element ref="saml:BaseID"/>
 +                <element ref="saml:NameID"/>
 +                <element ref="saml:EncryptedID"/>
 +            </choice>
 +            <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
 +        </sequence>
 +        <attribute name="Method" type="anyURI" use="required"/>
 +    </complexType>
 +    <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
 +    <complexType name="SubjectConfirmationDataType" mixed="true">
 +        <complexContent>
 +            <restriction base="anyType">
 +                <sequence>
 +                    <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 +                </sequence>
 +                <attribute name="NotBefore" type="dateTime" use="optional"/>
 +                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
 +                <attribute name="Recipient" type="anyURI" use="optional"/>
 +                <attribute name="InResponseTo" type="NCName" use="optional"/>
 +                <attribute name="Address" type="string" use="optional"/>
 +                <anyAttribute namespace="##other" processContents="lax"/>
 +            </restriction>
 +        </complexContent>
 +    </complexType>
 +    <complexType name="KeyInfoConfirmationDataType" mixed="false">
 +        <complexContent>
 +            <restriction base="saml:SubjectConfirmationDataType">
 +                <sequence>
 +                    <element ref="ds:KeyInfo" maxOccurs="unbounded"/>
 +                </sequence>
 +            </restriction>
 +        </complexContent>
 +    </complexType>
 +    <element name="Conditions" type="saml:ConditionsType"/>
 +    <complexType name="ConditionsType">
 +        <choice minOccurs="0" maxOccurs="unbounded">
 +            <element ref="saml:Condition"/>
 +            <element ref="saml:AudienceRestriction"/>
 +            <element ref="saml:OneTimeUse"/>
 +            <element ref="saml:ProxyRestriction"/>
 +        </choice>
 +        <attribute name="NotBefore" type="dateTime" use="optional"/>
 +        <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
 +    </complexType>
 +    <element name="Condition" type="saml:ConditionAbstractType"/>
 +    <complexType name="ConditionAbstractType" abstract="true"/>
 +    <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
 +    <complexType name="AudienceRestrictionType">
 +        <complexContent>
 +            <extension base="saml:ConditionAbstractType">
 +                <sequence>
 +                    <element ref="saml:Audience" maxOccurs="unbounded"/>
 +                </sequence>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="Audience" type="anyURI"/>
 +    <element name="OneTimeUse" type="saml:OneTimeUseType" />
 +    <complexType name="OneTimeUseType">
 +        <complexContent>
 +            <extension base="saml:ConditionAbstractType"/>
 +        </complexContent>
 +    </complexType>
 +    <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
 +    <complexType name="ProxyRestrictionType">
 +    <complexContent>
 +        <extension base="saml:ConditionAbstractType">
 +            <sequence>
 +                <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
 +            </sequence>
 +            <attribute name="Count" type="nonNegativeInteger" use="optional"/>
 +        </extension>
 +	</complexContent>
 +    </complexType>
 +    <element name="Advice" type="saml:AdviceType"/>
 +    <complexType name="AdviceType">
 +        <choice minOccurs="0" maxOccurs="unbounded">
 +            <element ref="saml:AssertionIDRef"/>
 +            <element ref="saml:AssertionURIRef"/>
 +            <element ref="saml:Assertion"/>
 +            <element ref="saml:EncryptedAssertion"/>
 +            <any namespace="##other" processContents="lax"/>
 +        </choice>
 +    </complexType>
 +    <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
 +    <element name="Statement" type="saml:StatementAbstractType"/>
 +    <complexType name="StatementAbstractType" abstract="true"/>
 +    <element name="AuthnStatement" type="saml:AuthnStatementType"/>
 +    <complexType name="AuthnStatementType">
 +        <complexContent>
 +            <extension base="saml:StatementAbstractType">
 +                <sequence>
 +                    <element ref="saml:SubjectLocality" minOccurs="0"/>
 +                    <element ref="saml:AuthnContext"/>
 +                </sequence>
 +                <attribute name="AuthnInstant" type="dateTime" use="required"/>
 +                <attribute name="SessionIndex" type="string" use="optional"/>
 +                <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
 +    <complexType name="SubjectLocalityType">
 +        <attribute name="Address" type="string" use="optional"/>
 +        <attribute name="DNSName" type="string" use="optional"/>
 +    </complexType>
 +    <element name="AuthnContext" type="saml:AuthnContextType"/>
 +    <complexType name="AuthnContextType">
 +        <sequence>
 +            <choice>
 +                <sequence>
 +                    <element ref="saml:AuthnContextClassRef"/>
 +                    <choice minOccurs="0">
 +                        <element ref="saml:AuthnContextDecl"/>
 +                        <element ref="saml:AuthnContextDeclRef"/>
 +                    </choice>
 +                </sequence>
 +                <choice>
 +                    <element ref="saml:AuthnContextDecl"/>
 +                    <element ref="saml:AuthnContextDeclRef"/>
 +                </choice>
 +            </choice>
 +            <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +    </complexType>
 +    <element name="AuthnContextClassRef" type="anyURI"/>
 +    <element name="AuthnContextDeclRef" type="anyURI"/>
 +    <element name="AuthnContextDecl" type="anyType"/>
 +    <element name="AuthenticatingAuthority" type="anyURI"/>
 +    <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
 +    <complexType name="AuthzDecisionStatementType">
 +        <complexContent>
 +            <extension base="saml:StatementAbstractType">
 +                <sequence>
 +                    <element ref="saml:Action" maxOccurs="unbounded"/>
 +                    <element ref="saml:Evidence" minOccurs="0"/>
 +                </sequence>
 +                <attribute name="Resource" type="anyURI" use="required"/>
 +                <attribute name="Decision" type="saml:DecisionType" use="required"/>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <simpleType name="DecisionType">
 +        <restriction base="string">
 +            <enumeration value="Permit"/>
 +            <enumeration value="Deny"/>
 +            <enumeration value="Indeterminate"/>
 +        </restriction>
 +    </simpleType>
 +    <element name="Action" type="saml:ActionType"/>
 +    <complexType name="ActionType">
 +        <simpleContent>
 +            <extension base="string">
 +                <attribute name="Namespace" type="anyURI" use="required"/>
 +            </extension>
 +        </simpleContent>
 +    </complexType>
 +    <element name="Evidence" type="saml:EvidenceType"/>
 +    <complexType name="EvidenceType">
 +        <choice maxOccurs="unbounded">
 +            <element ref="saml:AssertionIDRef"/>
 +            <element ref="saml:AssertionURIRef"/>
 +            <element ref="saml:Assertion"/>
 +            <element ref="saml:EncryptedAssertion"/>
 +        </choice>
 +    </complexType>
 +    <element name="AttributeStatement" type="saml:AttributeStatementType"/>
 +    <complexType name="AttributeStatementType">
 +        <complexContent>
 +            <extension base="saml:StatementAbstractType">
 +                <choice maxOccurs="unbounded">
 +                    <element ref="saml:Attribute"/>
 +                    <element ref="saml:EncryptedAttribute"/>
 +                </choice>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="Attribute" type="saml:AttributeType"/>
 +    <complexType name="AttributeType">
 +        <sequence>
 +            <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +        <attribute name="Name" type="string" use="required"/>
 +        <attribute name="NameFormat" type="anyURI" use="optional"/>
 +        <attribute name="FriendlyName" type="string" use="optional"/>
 +        <anyAttribute namespace="##other" processContents="lax"/>
 +    </complexType>
 +    <element name="AttributeValue" type="anyType" nillable="true"/>
 +    <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
 +</schema>
 diff --git a/common/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd b/common/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd new file mode 100644 index 000000000..0d158c0ba --- /dev/null +++ b/common/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd @@ -0,0 +1,337 @@ +<?xml version="1.0" encoding="UTF-8"?>
 +<schema
 +    targetNamespace="urn:oasis:names:tc:SAML:2.0:metadata"
 +    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
 +    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
 +    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
 +    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
 +    xmlns="http://www.w3.org/2001/XMLSchema"
 +    elementFormDefault="unqualified"
 +    attributeFormDefault="unqualified"
 +    blockDefault="substitution"
 +    version="2.0">
 +    <import namespace="http://www.w3.org/2000/09/xmldsig#"
 +        schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
 +    <import namespace="http://www.w3.org/2001/04/xmlenc#"
 +        schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
 +    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
 +        schemaLocation="saml-schema-assertion-2.0.xsd"/>
 +    <import namespace="http://www.w3.org/XML/1998/namespace"
 +        schemaLocation="http://www.w3.org/2001/xml.xsd"/>
 +    <annotation>
 +        <documentation>
 +            Document identifier: saml-schema-metadata-2.0
 +            Location: http://docs.oasis-open.org/security/saml/v2.0/
 +            Revision history:
 +              V2.0 (March, 2005):
 +                Schema for SAML metadata, first published in SAML 2.0.
 +        </documentation>
 +    </annotation>
 +
 +    <simpleType name="entityIDType">
 +        <restriction base="anyURI">
 +            <maxLength value="1024"/>
 +        </restriction>
 +    </simpleType>
 +    <complexType name="localizedNameType">
 +        <simpleContent>
 +            <extension base="string">
 +                <attribute ref="xml:lang" use="required"/>
 +            </extension>
 +        </simpleContent>
 +    </complexType>
 +    <complexType name="localizedURIType">
 +        <simpleContent>
 +            <extension base="anyURI">
 +                <attribute ref="xml:lang" use="required"/>
 +            </extension>
 +        </simpleContent>
 +    </complexType>
 +    
 +    <element name="Extensions" type="md:ExtensionsType"/>
 +    <complexType final="#all" name="ExtensionsType">
 +        <sequence>
 +            <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
 +        </sequence>
 +    </complexType>
 +    
 +    <complexType name="EndpointType">
 +        <sequence>
 +            <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +        <attribute name="Binding" type="anyURI" use="required"/>
 +        <attribute name="Location" type="anyURI" use="required"/>
 +        <attribute name="ResponseLocation" type="anyURI" use="optional"/>
 +        <anyAttribute namespace="##other" processContents="lax"/>
 +    </complexType>
 +    
 +    <complexType name="IndexedEndpointType">
 +        <complexContent>
 +            <extension base="md:EndpointType">
 +                <attribute name="index" type="unsignedShort" use="required"/>
 +                <attribute name="isDefault" type="boolean" use="optional"/>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    
 +    <element name="EntitiesDescriptor" type="md:EntitiesDescriptorType"/>
 +    <complexType name="EntitiesDescriptorType">
 +        <sequence>
 +            <element ref="ds:Signature" minOccurs="0"/>
 +            <element ref="md:Extensions" minOccurs="0"/>
 +            <choice minOccurs="1" maxOccurs="unbounded">
 +                <element ref="md:EntityDescriptor"/>
 +                <element ref="md:EntitiesDescriptor"/>
 +            </choice>
 +        </sequence>
 +        <attribute name="validUntil" type="dateTime" use="optional"/>
 +        <attribute name="cacheDuration" type="duration" use="optional"/>
 +        <attribute name="ID" type="ID" use="optional"/>
 +        <attribute name="Name" type="string" use="optional"/>
 +    </complexType>
 +
 +    <element name="EntityDescriptor" type="md:EntityDescriptorType"/>
 +    <complexType name="EntityDescriptorType">
 +        <sequence>
 +            <element ref="ds:Signature" minOccurs="0"/>
 +            <element ref="md:Extensions" minOccurs="0"/>
 +            <choice>
 +                <choice maxOccurs="unbounded">
 +                    <element ref="md:RoleDescriptor"/>
 +                    <element ref="md:IDPSSODescriptor"/>
 +                    <element ref="md:SPSSODescriptor"/>
 +                    <element ref="md:AuthnAuthorityDescriptor"/>
 +                    <element ref="md:AttributeAuthorityDescriptor"/>
 +                    <element ref="md:PDPDescriptor"/>
 +                </choice>
 +                <element ref="md:AffiliationDescriptor"/>
 +            </choice>
 +            <element ref="md:Organization" minOccurs="0"/>
 +            <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
 +            <element ref="md:AdditionalMetadataLocation" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +        <attribute name="entityID" type="md:entityIDType" use="required"/>
 +        <attribute name="validUntil" type="dateTime" use="optional"/>
 +        <attribute name="cacheDuration" type="duration" use="optional"/>
 +        <attribute name="ID" type="ID" use="optional"/>
 +        <anyAttribute namespace="##other" processContents="lax"/>
 +    </complexType>
 +    
 +    <element name="Organization" type="md:OrganizationType"/>
 +    <complexType name="OrganizationType">
 +        <sequence>
 +            <element ref="md:Extensions" minOccurs="0"/>
 +            <element ref="md:OrganizationName" maxOccurs="unbounded"/>
 +            <element ref="md:OrganizationDisplayName" maxOccurs="unbounded"/>
 +            <element ref="md:OrganizationURL" maxOccurs="unbounded"/>
 +        </sequence>
 +        <anyAttribute namespace="##other" processContents="lax"/>
 +    </complexType>
 +    <element name="OrganizationName" type="md:localizedNameType"/>
 +    <element name="OrganizationDisplayName" type="md:localizedNameType"/>
 +    <element name="OrganizationURL" type="md:localizedURIType"/>
 +    <element name="ContactPerson" type="md:ContactType"/>
 +    <complexType name="ContactType">
 +        <sequence>
 +            <element ref="md:Extensions" minOccurs="0"/>
 +            <element ref="md:Company" minOccurs="0"/>
 +            <element ref="md:GivenName" minOccurs="0"/>
 +            <element ref="md:SurName" minOccurs="0"/>
 +            <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded"/>
 +            <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +        <attribute name="contactType" type="md:ContactTypeType" use="required"/>
 +        <anyAttribute namespace="##other" processContents="lax"/>
 +    </complexType>
 +    <element name="Company" type="string"/>
 +    <element name="GivenName" type="string"/>
 +    <element name="SurName" type="string"/>
 +    <element name="EmailAddress" type="anyURI"/>
 +    <element name="TelephoneNumber" type="string"/>
 +    <simpleType name="ContactTypeType">
 +        <restriction base="string">
 +            <enumeration value="technical"/>
 +            <enumeration value="support"/>
 +            <enumeration value="administrative"/>
 +            <enumeration value="billing"/>
 +            <enumeration value="other"/>
 +        </restriction>
 +    </simpleType>
 +
 +    <element name="AdditionalMetadataLocation" type="md:AdditionalMetadataLocationType"/>
 +    <complexType name="AdditionalMetadataLocationType">
 +        <simpleContent>
 +            <extension base="anyURI">
 +                <attribute name="namespace" type="anyURI" use="required"/>
 +            </extension>
 +        </simpleContent>
 +    </complexType>
 +
 +    <element name="RoleDescriptor" type="md:RoleDescriptorType"/>
 +    <complexType name="RoleDescriptorType" abstract="true">
 +        <sequence>
 +            <element ref="ds:Signature" minOccurs="0"/>
 +            <element ref="md:Extensions" minOccurs="0"/>
 +            <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
 +            <element ref="md:Organization" minOccurs="0"/>
 +            <element ref="md:ContactPerson" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +        <attribute name="ID" type="ID" use="optional"/>
 +        <attribute name="validUntil" type="dateTime" use="optional"/>
 +        <attribute name="cacheDuration" type="duration" use="optional"/>
 +        <attribute name="protocolSupportEnumeration" type="md:anyURIListType" use="required"/>
 +        <attribute name="errorURL" type="anyURI" use="optional"/>
 +        <anyAttribute namespace="##other" processContents="lax"/>
 +    </complexType>
 +    <simpleType name="anyURIListType">
 +        <list itemType="anyURI"/>
 +    </simpleType>
 +
 +    <element name="KeyDescriptor" type="md:KeyDescriptorType"/>
 +    <complexType name="KeyDescriptorType">
 +        <sequence>
 +            <element ref="ds:KeyInfo"/>
 +            <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +        <attribute name="use" type="md:KeyTypes" use="optional"/>
 +    </complexType>
 +    <simpleType name="KeyTypes">
 +        <restriction base="string">
 +            <enumeration value="encryption"/>
 +            <enumeration value="signing"/>
 +        </restriction>
 +    </simpleType>
 +    <element name="EncryptionMethod" type="xenc:EncryptionMethodType"/>
 +    
 +    <complexType name="SSODescriptorType" abstract="true">
 +        <complexContent>
 +            <extension base="md:RoleDescriptorType">
 +                <sequence>
 +                    <element ref="md:ArtifactResolutionService" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="md:SingleLogoutService" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="md:ManageNameIDService" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
 +                </sequence>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="ArtifactResolutionService" type="md:IndexedEndpointType"/>
 +    <element name="SingleLogoutService" type="md:EndpointType"/>
 +    <element name="ManageNameIDService" type="md:EndpointType"/>
 +    <element name="NameIDFormat" type="anyURI"/>
 +
 +    <element name="IDPSSODescriptor" type="md:IDPSSODescriptorType"/>
 +    <complexType name="IDPSSODescriptorType">
 +        <complexContent>
 +            <extension base="md:SSODescriptorType">
 +                <sequence>
 +                    <element ref="md:SingleSignOnService" maxOccurs="unbounded"/>
 +                    <element ref="md:NameIDMappingService" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
 +                </sequence>
 +                <attribute name="WantAuthnRequestsSigned" type="boolean" use="optional"/>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="SingleSignOnService" type="md:EndpointType"/>
 +    <element name="NameIDMappingService" type="md:EndpointType"/>
 +    <element name="AssertionIDRequestService" type="md:EndpointType"/>
 +    <element name="AttributeProfile" type="anyURI"/>
 +    
 +    <element name="SPSSODescriptor" type="md:SPSSODescriptorType"/>
 +    <complexType name="SPSSODescriptorType">
 +        <complexContent>
 +            <extension base="md:SSODescriptorType">
 +                <sequence>
 +                    <element ref="md:AssertionConsumerService" maxOccurs="unbounded"/>
 +                    <element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
 +                </sequence>
 +                <attribute name="AuthnRequestsSigned" type="boolean" use="optional"/>
 +                <attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
 +    <element name="AttributeConsumingService" type="md:AttributeConsumingServiceType"/>
 +    <complexType name="AttributeConsumingServiceType">
 +        <sequence>
 +            <element ref="md:ServiceName" maxOccurs="unbounded"/>
 +            <element ref="md:ServiceDescription" minOccurs="0" maxOccurs="unbounded"/>
 +            <element ref="md:RequestedAttribute" maxOccurs="unbounded"/>
 +        </sequence>
 +        <attribute name="index" type="unsignedShort" use="required"/>
 +        <attribute name="isDefault" type="boolean" use="optional"/>
 +    </complexType>
 +    <element name="ServiceName" type="md:localizedNameType"/>
 +    <element name="ServiceDescription" type="md:localizedNameType"/>
 +    <element name="RequestedAttribute" type="md:RequestedAttributeType"/>
 +    <complexType name="RequestedAttributeType">
 +        <complexContent>
 +            <extension base="saml:AttributeType">
 +                <attribute name="isRequired" type="boolean" use="optional"/>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +  
 +    <element name="AuthnAuthorityDescriptor" type="md:AuthnAuthorityDescriptorType"/>
 +    <complexType name="AuthnAuthorityDescriptorType">
 +        <complexContent>
 +            <extension base="md:RoleDescriptorType">
 +                <sequence>
 +                    <element ref="md:AuthnQueryService" maxOccurs="unbounded"/>
 +                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
 +                </sequence>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="AuthnQueryService" type="md:EndpointType"/>
 +
 +    <element name="PDPDescriptor" type="md:PDPDescriptorType"/>
 +    <complexType name="PDPDescriptorType">
 +        <complexContent>
 +            <extension base="md:RoleDescriptorType">
 +                <sequence>
 +                    <element ref="md:AuthzService" maxOccurs="unbounded"/>
 +                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
 +                </sequence>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="AuthzService" type="md:EndpointType"/>
 +
 +    <element name="AttributeAuthorityDescriptor" type="md:AttributeAuthorityDescriptorType"/>
 +    <complexType name="AttributeAuthorityDescriptorType">
 +        <complexContent>
 +            <extension base="md:RoleDescriptorType">
 +                <sequence>
 +                    <element ref="md:AttributeService" maxOccurs="unbounded"/>
 +                    <element ref="md:AssertionIDRequestService" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="md:AttributeProfile" minOccurs="0" maxOccurs="unbounded"/>
 +                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
 +                </sequence>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="AttributeService" type="md:EndpointType"/>
 +   
 +    <element name="AffiliationDescriptor" type="md:AffiliationDescriptorType"/>
 +    <complexType name="AffiliationDescriptorType">
 +        <sequence>
 +            <element ref="ds:Signature" minOccurs="0"/>
 +            <element ref="md:Extensions" minOccurs="0"/>
 +            <element ref="md:AffiliateMember" maxOccurs="unbounded"/>
 +            <element ref="md:KeyDescriptor" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +        <attribute name="affiliationOwnerID" type="md:entityIDType" use="required"/>
 +        <attribute name="validUntil" type="dateTime" use="optional"/>
 +        <attribute name="cacheDuration" type="duration" use="optional"/>
 +        <attribute name="ID" type="ID" use="optional"/>
 +        <anyAttribute namespace="##other" processContents="lax"/>
 +    </complexType>
 +    <element name="AffiliateMember" type="md:entityIDType"/>
 +</schema>
 diff --git a/common/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd b/common/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd new file mode 100644 index 000000000..768241056 --- /dev/null +++ b/common/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd @@ -0,0 +1,306 @@ +<?xml version="1.0" encoding="UTF-8"?>
 +<schema
 +    targetNamespace="urn:oasis:names:tc:SAML:2.0:protocol"
 +    xmlns="http://www.w3.org/2001/XMLSchema"
 +    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
 +    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
 +    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
 +    elementFormDefault="unqualified"
 +    attributeFormDefault="unqualified"
 +    blockDefault="substitution"
 +    version="2.0">
 +    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
 +        schemaLocation="saml-schema-assertion-2.0.xsd"/>
 +    <!-- 
 +    <import namespace="http://www.w3.org/2000/09/xmldsig#"
 +        schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
 +    -->
 +    <import namespace="http://www.w3.org/2000/09/xmldsig#"
 +        schemaLocation="xmldsig-core-schema.xsd"/>
 +    <annotation>
 +        <documentation>
 +            Document identifier: saml-schema-protocol-2.0
 +            Location: http://docs.oasis-open.org/security/saml/v2.0/
 +            Revision history:
 +            V1.0 (November, 2002):
 +              Initial Standard Schema.
 +            V1.1 (September, 2003):
 +              Updates within the same V1.0 namespace.
 +            V2.0 (March, 2005):
 +              New protocol schema based in a SAML V2.0 namespace.
 +     </documentation>
 +    </annotation>
 +    <complexType name="RequestAbstractType" abstract="true">
 +        <sequence>
 +            <element ref="saml:Issuer" minOccurs="0"/>
 +            <element ref="ds:Signature" minOccurs="0"/>
 +            <element ref="samlp:Extensions" minOccurs="0"/>
 +        </sequence>
 +        <attribute name="ID" type="ID" use="required"/>
 +        <attribute name="Version" type="string" use="required"/>
 +        <attribute name="IssueInstant" type="dateTime" use="required"/>
 +        <attribute name="Destination" type="anyURI" use="optional"/>
 +    	<attribute name="Consent" type="anyURI" use="optional"/>
 +    </complexType>
 +    <element name="Extensions" type="samlp:ExtensionsType"/>
 +    <complexType name="ExtensionsType">
 +        <sequence>
 +            <any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
 +        </sequence>
 +    </complexType>
 +    <complexType name="StatusResponseType">
 +    	<sequence>
 +            <element ref="saml:Issuer" minOccurs="0"/>
 +            <element ref="ds:Signature" minOccurs="0"/>
 +            <element ref="samlp:Extensions" minOccurs="0"/>
 +            <element ref="samlp:Status"/>
 +    	</sequence>
 +    	<attribute name="ID" type="ID" use="required"/>
 +    	<attribute name="InResponseTo" type="NCName" use="optional"/>
 +    	<attribute name="Version" type="string" use="required"/>
 +    	<attribute name="IssueInstant" type="dateTime" use="required"/>
 +    	<attribute name="Destination" type="anyURI" use="optional"/>
 +    	<attribute name="Consent" type="anyURI" use="optional"/>
 +    </complexType>
 +    <element name="Status" type="samlp:StatusType"/>
 +    <complexType name="StatusType">
 +        <sequence>
 +            <element ref="samlp:StatusCode"/>
 +            <element ref="samlp:StatusMessage" minOccurs="0"/>
 +            <element ref="samlp:StatusDetail" minOccurs="0"/>
 +        </sequence>
 +    </complexType>
 +    <element name="StatusCode" type="samlp:StatusCodeType"/>
 +    <complexType name="StatusCodeType">
 +        <sequence>
 +            <element ref="samlp:StatusCode" minOccurs="0"/>
 +        </sequence>
 +        <attribute name="Value" type="anyURI" use="required"/>
 +    </complexType>
 +    <element name="StatusMessage" type="string"/>
 +    <element name="StatusDetail" type="samlp:StatusDetailType"/>
 +    <complexType name="StatusDetailType">
 +        <sequence>
 +            <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +    </complexType>
 +    <element name="AssertionIDRequest" type="samlp:AssertionIDRequestType"/>
 +    <complexType name="AssertionIDRequestType">
 +    	<complexContent>
 +            <extension base="samlp:RequestAbstractType">
 +                <sequence>
 +                    <element ref="saml:AssertionIDRef" maxOccurs="unbounded"/>
 +                </sequence>
 +            </extension>
 +    	</complexContent>
 +    </complexType>
 +    <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
 +    <complexType name="SubjectQueryAbstractType" abstract="true">
 +    	<complexContent>
 +            <extension base="samlp:RequestAbstractType">
 +                <sequence>
 +                    <element ref="saml:Subject"/>
 +                </sequence>
 +            </extension>
 +    	</complexContent>
 +    </complexType>
 +    <element name="AuthnQuery" type="samlp:AuthnQueryType"/>
 +    <complexType name="AuthnQueryType">
 +        <complexContent>
 +            <extension base="samlp:SubjectQueryAbstractType">
 +                <sequence>
 +                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
 +                </sequence>
 +                <attribute name="SessionIndex" type="string" use="optional"/>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="RequestedAuthnContext" type="samlp:RequestedAuthnContextType"/>
 +    <complexType name="RequestedAuthnContextType">
 +        <choice>
 +            <element ref="saml:AuthnContextClassRef" maxOccurs="unbounded"/>
 +            <element ref="saml:AuthnContextDeclRef" maxOccurs="unbounded"/>
 +        </choice>
 +        <attribute name="Comparison" type="samlp:AuthnContextComparisonType" use="optional"/>
 +    </complexType>
 +    <simpleType name="AuthnContextComparisonType">
 +        <restriction base="string">
 +            <enumeration value="exact"/>
 +            <enumeration value="minimum"/>
 +            <enumeration value="maximum"/>
 +            <enumeration value="better"/>
 +        </restriction>
 +    </simpleType>
 +    <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
 +    <complexType name="AttributeQueryType">
 +        <complexContent>
 +            <extension base="samlp:SubjectQueryAbstractType">
 +                <sequence>
 +                    <element ref="saml:Attribute" minOccurs="0" maxOccurs="unbounded"/>
 +                </sequence>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="AuthzDecisionQuery" type="samlp:AuthzDecisionQueryType"/>
 +    <complexType name="AuthzDecisionQueryType">
 +        <complexContent>
 +            <extension base="samlp:SubjectQueryAbstractType">
 +                <sequence>
 +                    <element ref="saml:Action" maxOccurs="unbounded"/>
 +                    <element ref="saml:Evidence" minOccurs="0"/>
 +                </sequence>
 +                <attribute name="Resource" type="anyURI" use="required"/>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="AuthnRequest" type="samlp:AuthnRequestType"/>
 +    <complexType name="AuthnRequestType">
 +        <complexContent>
 +            <extension base="samlp:RequestAbstractType">
 +                <sequence>
 +                    <element ref="saml:Subject" minOccurs="0"/>
 +                    <element ref="samlp:NameIDPolicy" minOccurs="0"/>
 +                    <element ref="saml:Conditions" minOccurs="0"/>
 +                    <element ref="samlp:RequestedAuthnContext" minOccurs="0"/>
 +                    <element ref="samlp:Scoping" minOccurs="0"/>
 +                </sequence>
 +                <attribute name="ForceAuthn" type="boolean" use="optional"/>
 +                <attribute name="IsPassive" type="boolean" use="optional"/>
 +                <attribute name="ProtocolBinding" type="anyURI" use="optional"/>
 +                <attribute name="AssertionConsumerServiceIndex" type="unsignedShort" use="optional"/>
 +                <attribute name="AssertionConsumerServiceURL" type="anyURI" use="optional"/>
 +                <attribute name="AttributeConsumingServiceIndex" type="unsignedShort" use="optional"/>
 +                <attribute name="ProviderName" type="string" use="optional"/>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="NameIDPolicy" type="samlp:NameIDPolicyType"/>
 +    <complexType name="NameIDPolicyType">
 +        <attribute name="Format" type="anyURI" use="optional"/>
 +        <attribute name="SPNameQualifier" type="string" use="optional"/>
 +        <attribute name="AllowCreate" type="boolean" use="optional"/>
 +    </complexType>
 +    <element name="Scoping" type="samlp:ScopingType"/>
 +    <complexType name="ScopingType">
 +        <sequence>
 +            <element ref="samlp:IDPList" minOccurs="0"/>
 +            <element ref="samlp:RequesterID" minOccurs="0" maxOccurs="unbounded"/>
 +        </sequence>
 +        <attribute name="ProxyCount" type="nonNegativeInteger" use="optional"/>
 +    </complexType>
 +    <element name="RequesterID" type="anyURI"/>
 +    <element name="IDPList" type="samlp:IDPListType"/>
 +    <complexType name="IDPListType">
 +        <sequence>
 +            <element ref="samlp:IDPEntry" maxOccurs="unbounded"/>
 +            <element ref="samlp:GetComplete" minOccurs="0"/>
 +        </sequence>
 +    </complexType>
 +    <element name="IDPEntry" type="samlp:IDPEntryType"/>
 +    <complexType name="IDPEntryType">
 +        <attribute name="ProviderID" type="anyURI" use="required"/>
 +        <attribute name="Name" type="string" use="optional"/>
 +        <attribute name="Loc" type="anyURI" use="optional"/>
 +    </complexType>
 +    <element name="GetComplete" type="anyURI"/>
 +    <element name="Response" type="samlp:ResponseType"/>
 +    <complexType name="ResponseType">
 +    	<complexContent>
 +            <extension base="samlp:StatusResponseType">
 +                <choice minOccurs="0" maxOccurs="unbounded">
 +                    <element ref="saml:Assertion"/>
 +                    <element ref="saml:EncryptedAssertion"/>
 +                </choice>
 +            </extension>
 +    	</complexContent>
 +    </complexType>
 +    <element name="ArtifactResolve" type="samlp:ArtifactResolveType"/>
 +    <complexType name="ArtifactResolveType">
 +    	<complexContent>
 +            <extension base="samlp:RequestAbstractType">
 +                <sequence>
 +                    <element ref="samlp:Artifact"/>
 +                </sequence>
 +            </extension>
 +    	</complexContent>
 +    </complexType>
 +    <element name="Artifact" type="string"/>
 +    <element name="ArtifactResponse" type="samlp:ArtifactResponseType"/>
 +    <complexType name="ArtifactResponseType">
 +    	<complexContent>
 +            <extension base="samlp:StatusResponseType">
 +                <sequence>
 +                    <any namespace="##any" processContents="lax" minOccurs="0"/>
 +                </sequence>
 +            </extension>
 +    	</complexContent>
 +    </complexType>
 +    <element name="ManageNameIDRequest" type="samlp:ManageNameIDRequestType"/>
 +    <complexType name="ManageNameIDRequestType">
 +    	<complexContent>
 +            <extension base="samlp:RequestAbstractType">
 +                <sequence>
 +                    <choice>
 +                        <element ref="saml:NameID"/>
 +                        <element ref="saml:EncryptedID"/>
 +                    </choice>
 +                    <choice>
 +                        <element ref="samlp:NewID"/>
 +                        <element ref="samlp:NewEncryptedID"/>
 +                        <element ref="samlp:Terminate"/>
 +                    </choice>
 +                </sequence>
 +            </extension>
 +    	</complexContent>
 +    </complexType>
 +    <element name="NewID" type="string"/>
 +    <element name="NewEncryptedID" type="saml:EncryptedElementType"/>
 +    <element name="Terminate" type="samlp:TerminateType"/>
 +    <complexType name="TerminateType"/>
 +    <element name="ManageNameIDResponse" type="samlp:StatusResponseType"/>
 +    <element name="LogoutRequest" type="samlp:LogoutRequestType"/>
 +    <complexType name="LogoutRequestType">
 +        <complexContent>
 +            <extension base="samlp:RequestAbstractType">
 +                <sequence>
 +                    <choice>
 +                        <element ref="saml:BaseID"/>
 +                        <element ref="saml:NameID"/>
 +                        <element ref="saml:EncryptedID"/>
 +                    </choice>
 +                    <element ref="samlp:SessionIndex" minOccurs="0" maxOccurs="unbounded"/>
 +                </sequence>
 +                <attribute name="Reason" type="string" use="optional"/>
 +                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="SessionIndex" type="string"/>
 +    <element name="LogoutResponse" type="samlp:StatusResponseType"/>
 +    <element name="NameIDMappingRequest" type="samlp:NameIDMappingRequestType"/>
 +    <complexType name="NameIDMappingRequestType">
 +        <complexContent>
 +            <extension base="samlp:RequestAbstractType">
 +                <sequence>
 +                    <choice>
 +                        <element ref="saml:BaseID"/>
 +                        <element ref="saml:NameID"/>
 +                        <element ref="saml:EncryptedID"/>
 +                    </choice>
 +                    <element ref="samlp:NameIDPolicy"/>
 +                </sequence>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +    <element name="NameIDMappingResponse" type="samlp:NameIDMappingResponseType"/>
 +    <complexType name="NameIDMappingResponseType">
 +        <complexContent>
 +            <extension base="samlp:StatusResponseType">
 +                <choice>
 +                    <element ref="saml:NameID"/>
 +                    <element ref="saml:EncryptedID"/>
 +                </choice>
 +            </extension>
 +        </complexContent>
 +    </complexType>
 +</schema>
 diff --git a/common/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd b/common/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd new file mode 100644 index 000000000..ecb001f68 --- /dev/null +++ b/common/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd @@ -0,0 +1,80 @@ +<?xml version="1.0" encoding="UTF-8"?>
 +<xs:schema 
 +  elementFormDefault="qualified" 
 +  targetNamespace="urn:eu:stork:names:tc:STORK:1.0:assertion" 
 +  xmlns:xs="http://www.w3.org/2001/XMLSchema" 
 +  xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"
 +  xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion">
 +
 +  <xs:element name="QualityAuthenticationAssuranceLevel" type="stork:QualityAuthenticationAssuranceLevelType" />
 +  <xs:element name="spSector" type="stork:SPSectorType" />
 +  <xs:element name="spApplication" type="stork:SPApplicationType"/>
 +  <xs:element name="spCountry" type="stork:CountryCodeType"/>
 +  <xs:element name="CitizenCountryCode" type="stork:CountryCodeType" />
 +  <xs:element name="RequestedAttribute" type="stork:RequestedAttributeType" />
 +  <xs:element name="AttributeValue" type="xs:anyType" />
 +  <xs:element name="canonicalResidenceAddress" type="stork:canonicalResidenceAddressType"/>
 +  <xs:element name="countryCodeAddress" type="stork:CountryCodeType"/>
 +  
 +  <xs:attribute name="AttributeStatus" type="stork:AttributeStatusType" />
 +
 +
 +  <xs:simpleType name="SPSectorType">
 +    <xs:restriction base="xs:string">
 +      <xs:minLength value="1" />
 +      <xs:maxLength value="20" />
 +    </xs:restriction>
 +  </xs:simpleType>
 +
 +  <xs:simpleType name="SPApplicationType">
 +    <xs:restriction base="xs:string">
 +      <xs:minLength value="1" />
 +      <xs:maxLength value="100" />
 +    </xs:restriction>
 +  </xs:simpleType>
 +  
 +  <xs:simpleType name="AttributeStatusType">
 +    <xs:restriction base="xs:string">
 +      <xs:enumeration value="Available" />
 +      <xs:enumeration value="NotAvailable" />
 +      <xs:enumeration value="Withheld" />
 +    </xs:restriction>
 +  </xs:simpleType>
 +
 +  <xs:simpleType name="QualityAuthenticationAssuranceLevelType">
 +    <xs:restriction base="xs:integer">
 +      <xs:minInclusive value="1" />
 +      <xs:maxInclusive value="4" />
 +    </xs:restriction>
 +  </xs:simpleType>
 +
 +  <xs:complexType name="canonicalResidenceAddressType">
 +    <xs:sequence>
 +      <xs:element name="countryCodeAddress" type="stork:CountryCodeType" />
 +      <xs:element name="state" type="xs:string" minOccurs="0"/>            		
 +      <xs:element name="municipalityCode" type="xs:string" minOccurs="0"/>
 +      <xs:element name="town" type="xs:string"/>
 +      <xs:element name="postalCode" type="xs:string"/>
 +      <xs:element name="streetName" type="xs:string"/>
 +      <xs:element name="streetNumber" type="xs:string" minOccurs="0"/>
 +      <xs:element name="apartmentNumber" type="xs:string" minOccurs="0"/>
 +    </xs:sequence>
 +  </xs:complexType>
 +  
 +  <xs:simpleType name="CountryCodeType">
 +    <xs:restriction base="xs:token">
 +      <xs:pattern value="[A-Z]{2}"/>
 +    </xs:restriction>
 +  </xs:simpleType>
 +  
 +  <xs:complexType name="RequestedAttributeType">
 +    <xs:sequence>
 +      <xs:element minOccurs="0" maxOccurs="unbounded" ref="stork:AttributeValue"/>
 +    </xs:sequence>
 +    <xs:attribute name="Name" use="required" type="xs:string"/>
 +    <xs:attribute name="NameFormat" use="required" type="xs:anyURI"/>
 +    <xs:attribute name="FriendlyName" use="optional" type="xs:string"/>
 +    <xs:attribute name="isRequired" use="optional" type="xs:boolean"/>
 +    <xs:anyAttribute namespace="##other" processContents="lax"/>
 +  </xs:complexType>
 +</xs:schema>
 diff --git a/common/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd b/common/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd new file mode 100644 index 000000000..a8efa533c --- /dev/null +++ b/common/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd @@ -0,0 +1,73 @@ +<?xml version="1.0" encoding="UTF-8"?>
 +<xs:schema
 +  elementFormDefault="qualified" 
 +  targetNamespace="urn:eu:stork:names:tc:STORK:1.0:protocol" 
 +  xmlns:xs="http://www.w3.org/2001/XMLSchema"  
 +  xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol" 
 +  xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion"
 +  xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 +
 +  <xs:import namespace="urn:eu:stork:names:tc:STORK:1.0:assertion" schemaLocation="stork-schema-assertion-1.0.xsd"/>
 +  <!--  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd" /> -->
 +  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
 +  
 +
 +  <xs:element name="eIDSectorShare" type="xs:boolean" default="false"/>
 +  <xs:element name="eIDCrossSectorShare" type="xs:boolean" default="false"/>
 +  <xs:element name="eIDCrossBorderShare" type="xs:boolean" default="false"/>
 +  <xs:element name="RequestedAttributes" type="storkp:RequestedAttributesType" />  
 +  <xs:element name="AuthenticationAttributes" type="storkp:AuthenticationAttributesType" />
 +  
 +  <xs:complexType name="RequestedAttributesType">
 +    <xs:sequence>
 +      <xs:element minOccurs="0" maxOccurs="unbounded" ref="stork:RequestedAttribute"/>
 +    </xs:sequence>
 +  </xs:complexType>
 +  
 +  <xs:complexType name="AuthenticationAttributesType">
 +    <xs:sequence>
 +      <xs:element name="VIDPAuthenticationAttributes" type="storkp:VIDPAuthenticationAttributesType" minOccurs="0" maxOccurs="1" />
 +    </xs:sequence>
 +  </xs:complexType>
 +  
 +  <xs:complexType name="VIDPAuthenticationAttributesType">
 +    <xs:sequence>
 +      <xs:element name="CitizenCountryCode" minOccurs="0" maxOccurs="1" type="stork:CountryCodeType" />
 +      <xs:element name="SPInformation" minOccurs="1" maxOccurs="1" type="storkp:SPInformationType"/>
 +    </xs:sequence>
 +  </xs:complexType>
 +  
 +  <xs:complexType name="SPInformationType">
 +    <xs:sequence>
 +      <xs:element name="SPID" minOccurs="1" maxOccurs="1" type="storkp:SPIDType" />
 +      <xs:element name="SPCertSig" minOccurs="0" maxOccurs="1" type="storkp:SPCertSigType" />
 +      <xs:element name="SPCertEnc" minOccurs="0" maxOccurs="1" type="storkp:SPCertEncType" />
 +      <xs:element name="SPAuthRequest" minOccurs="0" maxOccurs="1" type="storkp:SPAuthRequestType"/>
 +    </xs:sequence>
 +  </xs:complexType>
 +  
 +  <xs:simpleType name="SPIDType">
 +    <xs:restriction base="xs:string">
 +      <xs:minLength value="1" />
 +      <xs:maxLength value="20" />
 +    </xs:restriction>
 +  </xs:simpleType>
 +  
 +  <xs:complexType name="SPCertSigType">
 +    <xs:sequence>
 +      <xs:element minOccurs="1" ref="ds:KeyInfo" />
 +    </xs:sequence>    
 +  </xs:complexType>
 +
 +  <xs:complexType name="SPCertEncType">
 +    <xs:sequence>
 +      <xs:element minOccurs="1" ref="ds:KeyInfo" />
 +    </xs:sequence>    
 +  </xs:complexType>
 +  
 +  <xs:complexType name="SPAuthRequestType">
 +    <xs:sequence>
 +        <xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
 +    </xs:sequence>
 +  </xs:complexType> 
 +</xs:schema>
 diff --git a/common/src/main/resources/resources/schemas/xenc-schema.xsd b/common/src/main/resources/resources/schemas/xenc-schema.xsd new file mode 100644 index 000000000..d4519cd7a --- /dev/null +++ b/common/src/main/resources/resources/schemas/xenc-schema.xsd @@ -0,0 +1,150 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE schema  PUBLIC "-//W3C//DTD XMLSchema 200102//EN" + "http://www.w3.org/2001/XMLSchema.dtd" + [ +   <!ATTLIST schema +     xmlns:xenc CDATA #FIXED 'http://www.w3.org/2001/04/xmlenc#' +     xmlns:ds CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'> +   <!ENTITY xenc 'http://www.w3.org/2001/04/xmlenc#'> +   <!ENTITY % p ''> +   <!ENTITY % s ''> +  ]> + +<schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0' +        xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' +        xmlns:ds='http://www.w3.org/2000/09/xmldsig#' +        targetNamespace='http://www.w3.org/2001/04/xmlenc#' +        elementFormDefault='qualified'> + +<!--  +  <import namespace='http://www.w3.org/2000/09/xmldsig#' +          schemaLocation='http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd'/> + --> + <import namespace='http://www.w3.org/2000/09/xmldsig#' +          schemaLocation='xmldsig-core-schema.xsd'/> +           +  <complexType name='EncryptedType' abstract='true'> +    <sequence> +      <element name='EncryptionMethod' type='xenc:EncryptionMethodType' +       minOccurs='0'/> +      <element ref='ds:KeyInfo' minOccurs='0'/> +      <element ref='xenc:CipherData'/> +      <element ref='xenc:EncryptionProperties' minOccurs='0'/> +    </sequence> +    <attribute name='Id' type='ID' use='optional'/> +    <attribute name='Type' type='anyURI' use='optional'/> +    <attribute name='MimeType' type='string' use='optional'/> +    <attribute name='Encoding' type='anyURI' use='optional'/> +  </complexType> +   +  <complexType name='EncryptionMethodType' mixed='true'> +    <sequence> +      <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/> +      <element name='OAEPparams' minOccurs='0' type='base64Binary'/> +      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/> +    </sequence> +    <attribute name='Algorithm' type='anyURI' use='required'/> +  </complexType> + +    <simpleType name='KeySizeType'> +      <restriction base="integer"/> +    </simpleType> + +  <element name='CipherData' type='xenc:CipherDataType'/> +  <complexType name='CipherDataType'> +     <choice> +       <element name='CipherValue' type='base64Binary'/> +       <element ref='xenc:CipherReference'/> +     </choice> +    </complexType> + +   <element name='CipherReference' type='xenc:CipherReferenceType'/> +   <complexType name='CipherReferenceType'> +       <choice> +         <element name='Transforms' type='xenc:TransformsType' minOccurs='0'/> +       </choice> +       <attribute name='URI' type='anyURI' use='required'/> +   </complexType> + +     <complexType name='TransformsType'> +       <sequence> +         <element ref='ds:Transform' maxOccurs='unbounded'/> +       </sequence> +     </complexType> + + +  <element name='EncryptedData' type='xenc:EncryptedDataType'/> +  <complexType name='EncryptedDataType'> +    <complexContent> +      <extension base='xenc:EncryptedType'> +       </extension> +    </complexContent> +  </complexType> + +  <!-- Children of ds:KeyInfo --> + +  <element name='EncryptedKey' type='xenc:EncryptedKeyType'/> +  <complexType name='EncryptedKeyType'> +    <complexContent> +      <extension base='xenc:EncryptedType'> +        <sequence> +          <element ref='xenc:ReferenceList' minOccurs='0'/> +          <element name='CarriedKeyName' type='string' minOccurs='0'/> +        </sequence> +        <attribute name='Recipient' type='string' +         use='optional'/> +      </extension> +    </complexContent> +  </complexType> + +    <element name="AgreementMethod" type="xenc:AgreementMethodType"/> +    <complexType name="AgreementMethodType" mixed="true"> +      <sequence> +        <element name="KA-Nonce" minOccurs="0" type="base64Binary"/> +        <!-- <element ref="ds:DigestMethod" minOccurs="0"/> --> +        <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> +        <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/> +        <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/> +      </sequence> +      <attribute name="Algorithm" type="anyURI" use="required"/> +    </complexType> + +  <!-- End Children of ds:KeyInfo --> + +  <element name='ReferenceList'> +    <complexType> +      <choice minOccurs='1' maxOccurs='unbounded'> +        <element name='DataReference' type='xenc:ReferenceType'/> +        <element name='KeyReference' type='xenc:ReferenceType'/> +      </choice> +    </complexType> +  </element> + +  <complexType name='ReferenceType'> +    <sequence> +      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/> +    </sequence> +    <attribute name='URI' type='anyURI' use='required'/> +  </complexType> + + +  <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/> +  <complexType name='EncryptionPropertiesType'> +    <sequence> +      <element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/> +    </sequence> +    <attribute name='Id' type='ID' use='optional'/> +  </complexType> + +    <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/> +    <complexType name='EncryptionPropertyType' mixed='true'> +      <choice maxOccurs='unbounded'> +        <any namespace='##other' processContents='lax'/> +      </choice> +      <attribute name='Target' type='anyURI' use='optional'/> +      <attribute name='Id' type='ID' use='optional'/> +      <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/> +    </complexType> + +</schema> + | 
