aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/moa-id-commons/src/main')
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java8
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java15
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java9
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java38
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java14
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java56
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java10
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java6
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java9
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java21
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java4
-rw-r--r--id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd15
-rw-r--r--id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd (renamed from id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd)125
-rw-r--r--id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd64
16 files changed, 352 insertions, 88 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index 541285219..a787cea00 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -44,7 +44,7 @@ public interface AuthConfiguration extends ConfigurationProvider{
public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException;
- public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException;
+// public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException;
/**
* Get parameters to connect the Online Mandate-Service (MIS)
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 67a6552ef..5df4a4163 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -22,6 +22,7 @@
*/
package at.gv.egovernment.moa.id.commons.api;
+import java.io.Serializable;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.List;
@@ -227,4 +228,11 @@ public interface IOAAuthParameters extends ISPConfiguration{
public List<Integer> getReversionsLoggingEventCodes();
+ /**
+ * Get a List of sectors for that this service provider requires foreign bPKs
+ *
+ * @return list of sectors, or null if no sectors are defined
+ */
+ public List<String> foreignbPKSectorsRequested();
+
} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
index 388e6d229..b5ae04c4e 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
@@ -50,7 +50,6 @@ import java.io.PrintStream;
import java.io.PrintWriter;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
/**
* Base class of technical MOA exceptions.
@@ -66,12 +65,12 @@ public class MOAIDException extends EAAFException {
*
*/
private static final long serialVersionUID = -1507246171708083912L;
-/** message ID */
- private String messageId;
- /** wrapped exception */
- private Throwable wrapped;
+ /** message ID */
+ private String messageId;
+ /** wrapped exception */
+ private Throwable wrapped;
- private Object[] parameters;
+ private Object[] parameters;
/**
* Create a new <code>MOAIDException</code>.
@@ -81,7 +80,7 @@ public class MOAIDException extends EAAFException {
* @param parameters Additional message parameters.
*/
public MOAIDException(String messageId, Object[] parameters) {
- super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ super(messageId, parameters);
this.messageId = messageId;
this.parameters = parameters;
}
@@ -100,7 +99,7 @@ public class MOAIDException extends EAAFException {
Object[] parameters,
Throwable wrapped) {
- super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ super(messageId, parameters, wrapped);
this.messageId = messageId;
this.wrapped = wrapped;
this.parameters = parameters;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index de120fd9c..4555f61d2 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -32,6 +32,8 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import org.apache.commons.lang3.StringUtils;
+
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
@@ -174,13 +176,32 @@ public class ConfigurationMigrationUtils {
}
}
+ if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList()))
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY);
+
+
//convert selected SZR-GW service
if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL()))
- result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
+ result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
AuthComponentOA oaauth = oa.getAuthComponentOA();
if (oaauth != null) {
+ //convert SL20 infos
+ if (oaauth.isSl20Active() != null)
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, oaauth.isSl20Active().toString());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, Boolean.FALSE.toString());
+
+ if (MiscUtil.isNotEmpty(oaauth.getSl20EndPoints()))
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, oaauth.getSl20EndPoints());
+ else
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, StringUtils.EMPTY);
+
+
+
//convert business identifier
IdentificationNumber idnumber = oaauth.getIdentificationNumber();
if (idnumber != null) {
@@ -770,7 +791,17 @@ public class ConfigurationMigrationUtils {
}
- dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL));
+ //set SL20 things
+ if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)))
+ authoa.setSl20Active(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)));
+ else
+ authoa.setSl20Active(false);
+
+ authoa.setSl20EndPoints(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS));
+
+
+
+ dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL));
dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL));
dbOA.setSaml2PostBindingTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL));
@@ -826,6 +857,9 @@ public class ConfigurationMigrationUtils {
}
}
+ if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)))
+ dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN));
+
//store BKU-URLs
BKUURLS bkuruls = new BKUURLS();
authoa.setBKUURLS(bkuruls);
@@ -1220,7 +1254,7 @@ public class ConfigurationMigrationUtils {
if (foreign != null) {
ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter();
if (connect_foreign != null) {
- result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL,
+ result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL,
connect_foreign.getURL());
}
}
@@ -1738,13 +1772,13 @@ public class ConfigurationMigrationUtils {
dbauth.setForeignIdentities(dbforeign);
}
- if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL))) {
+ if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL))) {
ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter();
if (forcon == null) {
forcon = new ConnectionParameterClientAuthType();
dbforeign.setConnectionParameter(forcon);
}
- forcon.setURL(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL));
+ forcon.setURL(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
}
ForeignIdentities foreign = dbauth.getForeignIdentities();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index bb7bcfd0f..a6315fe2c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -63,6 +63,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
private static final String SERVICE_AUTH_TARGET_BUSINESS = SERVICE_AUTH_TARGET + ".business";
public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type";
public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value";
+ public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign";
+
public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target";
public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB = SERVICE_AUTH_TARGET_PUBLIC + ".target.sub";
@@ -84,6 +86,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_AUTH_BKU_AUTHBLOCKTEXT = AUTH + ".authblock.additionaltext";
public static final String SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK = AUTH + ".authblock.removebPK";
+ public static final String SERVICE_AUTH_SL20_ENABLED = AUTH + ".sl20.enabled";
+ public static final String SERVICE_AUTH_SL20_ENDPOINTS = AUTH + ".sl20.endpoints";
+
private static final String SERVICE_AUTH_TEMPLATES = AUTH + "." + TEMPLATES;
public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA = SERVICE_AUTH_TEMPLATES + ".bkuselection.data";
public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW = SERVICE_AUTH_TEMPLATES + ".bkuselection.preview";
@@ -190,7 +195,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL = ELGA_MANDATE_SERVICE_URL;
public static final String SERVICE_EXTERNAL_MIS_SERVICE_URL = "modules.mis.service.url";
- public static final String SERVICE_EXTERNAL_SZRGW_SERVICE_URL = "modules.szrgw.service.url";
+ public static final String SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL = "modules.szrgw.service.url";
//Namespaces for general MOA-ID config
public static final String GENERAL_PUBLICURLPREFIX = PREFIX_MOAID_GENERAL + ".publicURLPrefix";
@@ -224,7 +229,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String GENERAL_AUTH_MOASP_URL = GENERAL_AUTH + ".moasp.url";
public static final String GENERAL_AUTH_SERVICES_OVS_URL = GENERAL_AUTH + ".services.ovs.url";
- public static final String GENERAL_AUTH_SERVICES_SZRGW_URL = GENERAL_AUTH + ".services.szrgw.url";
+ public static final String GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL = GENERAL_AUTH + ".services.szrgw.url";
public static final String GENERAL_AUTH_SERVICES_HVB_URL = GENERAL_AUTH + ".services.hvb.url";
public static final String GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL = PREFIX_MOAID_GENERAL + "." + ELGA_MANDATE_SERVICE_URL;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
index 04efb0afe..852df16e6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
@@ -11,23 +11,17 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -162,6 +156,13 @@ public class AuthComponentOA
@XmlAttribute(name = "Hjid")
protected Long hjid;
+
+ @XmlTransient
+ protected Boolean sl20Active;
+ @XmlTransient
+ protected String sl20EndPoints;
+
+
/**
* Gets the value of the bkuurls property.
*
@@ -522,11 +523,28 @@ public class AuthComponentOA
+
public Long getHjid() {
return hjid;
}
- /**
+ public Boolean isSl20Active() {
+ return sl20Active;
+ }
+
+ public void setSl20Active(Boolean sl20Active) {
+ this.sl20Active = sl20Active;
+ }
+
+ public String getSl20EndPoints() {
+ return sl20EndPoints;
+ }
+
+ public void setSl20EndPoints(String sl20EndPoints) {
+ this.sl20EndPoints = sl20EndPoints;
+ }
+
+ /**
* Sets the value of the hjid property.
*
* @param value
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
index 196923ce6..e37873a72 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
@@ -115,10 +115,20 @@ public class OnlineApplication
@XmlTransient
protected String mandateServiceSelectionTemplateURL = null;
+ @XmlTransient
+ protected String foreignbPKTargetList = null;
+
-
- /**
+ public String getForeignbPKTargetList() {
+ return foreignbPKTargetList;
+ }
+
+ public void setForeignbPKTargetList(String foreignbPKTargetList) {
+ this.foreignbPKTargetList = foreignbPKTargetList;
+ }
+
+ /**
* @return the saml2PostBindingTemplateURL
*/
public String getSaml2PostBindingTemplateURL() {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index b13f0ba5b..93db98cf9 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -103,6 +103,7 @@ public class AuthenticatedSessionStore implements Serializable{
private String additionalInformation;
@Column(name = "additionalInformationBytes", nullable=true)
+ @Lob
private byte[] additionalInformationBytes;
@Column(name = "created", updatable=false, nullable=false)
@@ -349,19 +350,56 @@ public class AuthenticatedSessionStore implements Serializable{
this.isInterfederatedSSOSession = isInterfederatedSSOSession;
}
- /**
- * @return the additionalInformation
- */
- public byte[] getAdditionalInformation() {
+ @Deprecated
+ public String getAdditionalInformation() {
+ return additionalInformation;
+ }
+
+ @Deprecated
+ public void setAdditionalInformation(String additionalInformation) {
+ this.additionalInformation = additionalInformation;
+ }
+
+ public byte[] getAdditionalInformationBytes() {
return additionalInformationBytes;
}
- /**
- * @param additionalInformation the additionalInformation to set
- */
- public void setAdditionalInformation(byte[] additionalInformation) {
- this.additionalInformationBytes = additionalInformation;
+ public void setAdditionalInformationBytes(byte[] additionalInformationBytes) {
+ this.additionalInformationBytes = additionalInformationBytes;
}
+
+// /**
+// * @return the additionalInformation
+// */
+// @Deprecated
+// public String getAdditionalInformation() {
+// try {
+// if (this.additionalInformationBytes != null)
+// return new String(this.additionalInformationBytes, "UTF-8");
+// else
+// return null;
+//
+// } catch (UnsupportedEncodingException e) {
+// throw new RuntimeException("Something is very strange, because UTF-8 encoding IS NOT supported", e);
+//
+// }
+// }
+
+// @Deprecated
+// public void setAdditionalInformation(String additionalInformation) {
+// try {
+// if (StringUtils.isNotEmpty(additionalInformation))
+// this.additionalInformationBytes = additionalInformation.getBytes("UTF-8");
+//
+// } catch (UnsupportedEncodingException e) {
+// throw new RuntimeException("Something is very strange, because UTF-8 encoding IS NOT supported", e);
+//
+// }
+// }
+
+
+
+
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
index 2cb867cbc..f4143e434 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
@@ -50,7 +50,7 @@ import java.util.Locale;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IStatusMessager;
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException;
@@ -60,7 +60,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("MOAIDMessageProvider")
-public class MOAIDMessageProvider implements IStatusMessager {
+public class MOAIDMessageProvider implements IStatusMessenger {
//internal messanges
private static final String[] DEFAULT_MESSAGE_RESOURCES = { "resources/properties/id_messages" };
@@ -125,10 +125,10 @@ public String getResponseErrorCode(Throwable throwable) {
errorCode = mapInternalErrorToExternalError(error.getMessageId());
} else if (throwable instanceof ProcessExecutionException) {
- errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_PROCESSENGINE;
+ errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_PROCESSENGINE;
} else {
- errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
+ errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC;
}
@@ -141,7 +141,7 @@ public String mapInternalErrorToExternalError(String intErrorCode) {
String extErrorCode = externalError.getMessage(intErrorCode, null);
if (MiscUtil.isEmpty(extErrorCode))
- extErrorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
+ extErrorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC;
return extErrorCode;
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java
new file mode 100644
index 000000000..ce32cbd0d
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java
@@ -0,0 +1,6 @@
+package at.gv.egovernment.moa.id.commons.validation;
+
+public interface IPKIXValidator {
+
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java
new file mode 100644
index 000000000..fda567452
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java
@@ -0,0 +1,9 @@
+package at.gv.egovernment.moa.id.commons.validation;
+
+import org.springframework.stereotype.Service;
+
+@Service
+public class MOASPPKIXCertValidator implements IPKIXValidator {
+
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java
new file mode 100644
index 000000000..20235c4b6
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.commons.validation;
+
+public class PKIXValidatorConfiguration {
+
+ public enum CHAININGMODE {
+ pkix, chaining
+ }
+
+ public enum REVOCATIONCHECKMETHODES {
+ crl, ocsp
+ }
+
+ private String trustStorePath = null;
+ private String certStorePath = null;
+ private boolean revocationChecking = true;
+ private REVOCATIONCHECKMETHODES[] revocationCheckMode = {REVOCATIONCHECKMETHODES.ocsp, REVOCATIONCHECKMETHODES.crl};
+ private CHAININGMODE chaining = CHAININGMODE.pkix;
+
+
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index c94222ea0..47abbf29a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -281,7 +281,7 @@ public interface Constants {
/** Local location of the XAdES v1.1.1 schema definition */
public static final String XADES_1_3_2_SCHEMA_LOCATION =
- SCHEMA_ROOT + "XAdES-1.3.2.xsd";
+ SCHEMA_ROOT + "XAdES01903v132-201601.xsd";
/** URI of the XAdES v1.3.2 namespace */
public static final String XADES_1_3_2_NS_URI = "http://uri.etsi.org/01903/v1.3.2#";
@@ -290,7 +290,7 @@ public interface Constants {
/** Local location of the XAdES v1.4.1 schema definition */
public static final String XADES_1_4_1_SCHEMA_LOCATION =
- SCHEMA_ROOT + "XAdES-1.4.1.xsd";
+ SCHEMA_ROOT + "XAdES01903v141-201601.xsd";
/** URI of the XAdES v1.4.1 namespace */
public static final String XADES_1_4_1_NS_URI = "http://uri.etsi.org/01903/v1.4.1#";
diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd
deleted file mode 100644
index 274dbdca1..000000000
--- a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.4.1#" xmlns="http://uri.etsi.org/01903/v1.4.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" elementFormDefault="qualified">
- <xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="XAdES-1.3.2.xsd"/>
- <!-- Start CertificateValues -->
- <xsd:element name="TimeStampValidationData" type="ValidationDataType"/>
- <xsd:complexType name="ValidationDataType">
- <xsd:sequence>
- <xsd:element ref="xades:CertificateValues" minOccurs="0" />
- <xsd:element ref="xades:RevocationValues" minOccurs="0" />
- </xsd:sequence>
- <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
- <xsd:attribute name="UR" type="xsd:anyURI" use="optional"/>
- </xsd:complexType>
- <xsd:element name="ArchiveTimeStampV2" type="xades:XAdESTimeStampType"/>
-</xsd:schema>
diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd
index b05691515..e7a5f3a02 100644
--- a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd
+++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.3.2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified">
- <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/xmldsig-core-schema.xsd"/>
<!-- Start auxiliary types definitions: AnyType, ObjectIdentifierType,
EncapsulatedPKIDataType and containers for time-stamp tokens -->
<!-- Start AnyType -->
@@ -125,8 +125,8 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="QualifyingProperties" type="QualifyingPropertiesType"/>
<xsd:complexType name="QualifyingPropertiesType">
<xsd:sequence>
- <xsd:element name="SignedProperties" type="SignedPropertiesType" minOccurs="0"/>
- <xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" minOccurs="0"/>
+ <xsd:element ref="SignedProperties" minOccurs="0"/>
+ <xsd:element ref="UnsignedProperties" minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="Target" type="xsd:anyURI" use="required"/>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
@@ -136,8 +136,8 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="SignedProperties" type="SignedPropertiesType"/>
<xsd:complexType name="SignedPropertiesType">
<xsd:sequence>
- <xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType" minOccurs="0"/>
- <xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType" minOccurs="0"/>
+ <xsd:element ref="SignedSignatureProperties" minOccurs="0"/>
+ <xsd:element ref="SignedDataObjectProperties" minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
</xsd:complexType>
@@ -146,21 +146,26 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="UnsignedProperties" type="UnsignedPropertiesType"/>
<xsd:complexType name="UnsignedPropertiesType">
<xsd:sequence>
- <xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType" minOccurs="0"/>
- <xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType" minOccurs="0"/>
+ <xsd:element ref="UnsignedSignatureProperties" minOccurs="0"/>
+ <xsd:element ref="UnsignedDataObjectProperties" minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
</xsd:complexType>
<!-- End UnsignedProperties-->
<!-- Start SignedSignatureProperties-->
+ <!-- Definition changed: added new optional children for EN -->
<xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/>
<xsd:complexType name="SignedSignaturePropertiesType">
<xsd:sequence>
- <xsd:element name="SigningTime" type="xsd:dateTime" minOccurs="0"/>
- <xsd:element name="SigningCertificate" type="CertIDListType" minOccurs="0"/>
- <xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType" minOccurs="0"/>
- <xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType" minOccurs="0"/>
- <xsd:element name="SignerRole" type="SignerRoleType" minOccurs="0"/>
+ <xsd:element ref="SigningTime" minOccurs="0"/>
+ <xsd:element ref="SigningCertificate" minOccurs="0"/>
+ <xsd:element ref="SigningCertificateV2" minOccurs="0"/>
+ <xsd:element ref="SignaturePolicyIdentifier" minOccurs="0"/>
+ <xsd:element ref="SignatureProductionPlace" minOccurs="0"/>
+ <xsd:element ref="SignatureProductionPlaceV2" minOccurs="0"/>
+ <xsd:element ref="SignerRole" minOccurs="0"/>
+ <xsd:element ref="SignerRoleV2" minOccurs="0"/>
+ <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
</xsd:complexType>
@@ -169,10 +174,11 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType"/>
<xsd:complexType name="SignedDataObjectPropertiesType">
<xsd:sequence>
- <xsd:element name="DataObjectFormat" type="DataObjectFormatType" minOccurs="0" maxOccurs="unbounded"/>
- <xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType" minOccurs="0" maxOccurs="unbounded"/>
- <xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/>
- <xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element ref="DataObjectFormat" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element ref="CommitmentTypeIndication" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element ref="AllDataObjectsTimeStamp" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element ref="IndividualDataObjectsTimeStamp" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
</xsd:complexType>
@@ -181,19 +187,19 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType"/>
<xsd:complexType name="UnsignedSignaturePropertiesType">
<xsd:choice maxOccurs="unbounded">
- <xsd:element name="CounterSignature" type="CounterSignatureType"/>
- <xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/>
- <xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/>
- <xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/>
- <xsd:element name="AttributeCertificateRefs" type="CompleteCertificateRefsType"/>
- <xsd:element name="AttributeRevocationRefs" type="CompleteRevocationRefsType"/>
- <xsd:element name="SigAndRefsTimeStamp" type="XAdESTimeStampType"/>
- <xsd:element name="RefsOnlyTimeStamp" type="XAdESTimeStampType"/>
- <xsd:element name="CertificateValues" type="CertificateValuesType"/>
- <xsd:element name="RevocationValues" type="RevocationValuesType"/>
- <xsd:element name="AttrAuthoritiesCertValues" type="CertificateValuesType"/>
- <xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/>
- <xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/>
+ <xsd:element ref="CounterSignature"/>
+ <xsd:element ref="SignatureTimeStamp"/>
+ <xsd:element ref="CompleteCertificateRefs"/>
+ <xsd:element ref="CompleteRevocationRefs"/>
+ <xsd:element ref="AttributeCertificateRefs"/>
+ <xsd:element ref="AttributeRevocationRefs"/>
+ <xsd:element ref="SigAndRefsTimeStamp"/>
+ <xsd:element ref="RefsOnlyTimeStamp"/>
+ <xsd:element ref="CertificateValues"/>
+ <xsd:element ref="RevocationValues"/>
+ <xsd:element ref="AttrAuthoritiesCertValues"/>
+ <xsd:element ref="AttributeRevocationValues"/>
+ <xsd:element ref="ArchiveTimeStamp"/>
<xsd:any namespace="##other"/>
</xsd:choice>
<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
@@ -240,6 +246,21 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
</xsd:sequence>
</xsd:complexType>
<!-- End SigningCertificate -->
+ <!-- Start SigningCertificateV2 and CertIDListV2Type -->
+ <xsd:element name="SigningCertificateV2" type="CertIDListV2Type"/>
+ <xsd:complexType name="CertIDListV2Type">
+ <xsd:sequence>
+ <xsd:element name="Cert" type="CertIDTypeV2" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CertIDTypeV2">
+ <xsd:sequence>
+ <xsd:element name="CertDigest" type="DigestAlgAndValueType"/>
+ <xsd:element name="IssuerSerialV2" type="xsd:base64Binary" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>
+ </xsd:complexType>
+ <!-- End SigningCertificateV2 and CertIDListV2Type -->
<!-- Start SignaturePolicyIdentifier -->
<xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/>
<xsd:complexType name="SignaturePolicyIdentifierType">
@@ -287,6 +308,7 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:sequence>
<xsd:element ref="ds:Signature"/>
</xsd:sequence>
+ <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
</xsd:complexType>
<!-- End CounterSignature -->
<!-- Start DataObjectFormat -->
@@ -330,6 +352,18 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
</xsd:sequence>
</xsd:complexType>
<!-- End SignatureProductionPlace -->
+ <!-- Start SignatureProductionPlaceV2 and SignatureProductionPlaceV2Type -->
+ <xsd:element name="SignatureProductionPlaceV2" type="SignatureProductionPlaceV2Type"/>
+ <xsd:complexType name="SignatureProductionPlaceV2Type">
+ <xsd:sequence>
+ <xsd:element name="City" type="xsd:string" minOccurs="0"/>
+ <xsd:element name="StreetAddress" type="xsd:string" minOccurs="0"/>
+ <xsd:element name="StateOrProvince" type="xsd:string" minOccurs="0"/>
+ <xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/>
+ <xsd:element name="CountryName" type="xsd:string" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!-- End SignatureProductionPlace -->
<!-- Start SignerRole -->
<xsd:element name="SignerRole" type="SignerRoleType"/>
<xsd:complexType name="SignerRoleType">
@@ -349,6 +383,38 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
</xsd:sequence>
</xsd:complexType>
<!-- End SignerRole -->
+ <!-- Start SignerRoleV2 and SignerRoleV2Type -->
+ <xsd:element name="SignerRoleV2" type="SignerRoleV2Type"/>
+ <xsd:complexType name="SignerRoleV2Type">
+ <xsd:sequence>
+ <xsd:element ref="ClaimedRoles" minOccurs="0"/>
+ <xsd:element ref="CertifiedRolesV2" minOccurs="0"/>
+ <xsd:element ref="SignedAssertions" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="ClaimedRoles" type="ClaimedRolesListType"/>
+ <xsd:element name="CertifiedRolesV2" type="CertifiedRolesListTypeV2"/>
+ <xsd:element name="SignedAssertions" type="SignedAssertionsListType"/>
+ <xsd:complexType name="CertifiedRolesListTypeV2">
+ <xsd:sequence>
+ <xsd:element name="CertifiedRole" type="CertifiedRoleTypeV2" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CertifiedRoleTypeV2">
+ <xsd:choice>
+ <xsd:element ref="X509AttributeCertificate"/>
+ <xsd:element ref="OtherAttributeCertificate"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="X509AttributeCertificate" type="EncapsulatedPKIDataType"/>
+ <xsd:element name="OtherAttributeCertificate" type="AnyType"/>
+ <xsd:complexType name="SignedAssertionsListType">
+ <xsd:sequence>
+ <xsd:element ref="SignedAssertion" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="SignedAssertion" type="AnyType"/>
+ <!-- End SignerRoleV2 and SignerRoleV2Type -->
<xsd:element name="AllDataObjectsTimeStamp" type="XAdESTimeStampType"/>
<xsd:element name="IndividualDataObjectsTimeStamp" type="XAdESTimeStampType"/>
<xsd:element name="SignatureTimeStamp" type="XAdESTimeStampType"/>
@@ -464,3 +530,4 @@ EncapsulatedPKIDataType and containers for time-stamp tokens -->
<xsd:element name="AttributeRevocationValues" type="RevocationValuesType"/>
<xsd:element name="ArchiveTimeStamp" type="XAdESTimeStampType"/>
</xsd:schema>
+
diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd
new file mode 100644
index 000000000..1f3aaf935
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.4.1#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="http://uri.etsi.org/01903/v1.4.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" elementFormDefault="qualified">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES01903v132-201601.xsd"/>
+ <!-- Start CertificateValues -->
+ <xsd:element name="TimeStampValidationData" type="ValidationDataType"/>
+ <xsd:complexType name="ValidationDataType">
+ <xsd:sequence>
+ <xsd:element ref="xades:CertificateValues" minOccurs="0"/>
+ <xsd:element ref="xades:RevocationValues" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
+ <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>
+ </xsd:complexType>
+ <xsd:element name="SignaturePolicyStore" type="SignaturePolicyStoreType"/>
+ <xsd:complexType name="SignaturePolicyStoreType">
+ <xsd:sequence>
+ <xsd:element ref="SPDocSpecification"/>
+ <xsd:choice>
+ <xsd:element name="SignaturePolicyDocument" type="xsd:base64Binary"/>
+ <xsd:element name="SigPolDocLocalURI" type="xsd:anyURI"/>
+ </xsd:choice>
+ </xsd:sequence>
+ <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
+ </xsd:complexType>
+ <xsd:element name="SPDocSpecification" type="xades:ObjectIdentifierType"/>
+ <!-- -->
+ <!-- Start RenewedDigests-->
+ <!-- -->
+ <xsd:element name="RenewedDigests" type="RenewedDigestsType"/>
+ <xsd:complexType name="RenewedDigestsType">
+ <xsd:sequence>
+ <xsd:element ref="ds:DigestMethod"/>
+ <xsd:element ref="RecomputedDigestValue" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
+ </xsd:complexType>
+ <xsd:element name="RecomputedDigestValue" type="RecomputedDigestValueType"/>
+ <xsd:complexType name="RecomputedDigestValueType">
+ <xsd:simpleContent>
+ <xsd:extension base="ds:DigestValueType">
+ <xsd:attribute name="Order" type="xsd:integer" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <!-- -->
+ <!-- End RenewedDigests-->
+ <!-- -->
+ <!-- ArchiveTimeStamp in namespace with URI 'http://uri.etsi.org/01903/v1.4.1#'-->
+ <xsd:element name="ArchiveTimeStamp" type="xades:XAdESTimeStampType"/>
+ <!--CompleteCertificateRefsV2 and AttributeCertificateRefsV2-->
+ <xsd:element name="CompleteCertificateRefsV2" type="CompleteCertificateRefsTypeV2"/>
+ <xsd:element name="AttributeCertificateRefsV2" type="CompleteCertificateRefsTypeV2"/>
+ <xsd:complexType name="CompleteCertificateRefsTypeV2">
+ <xsd:sequence>
+ <xsd:element name="CertRefs" type="xades:CertIDListV2Type"/>
+ </xsd:sequence>
+ <xsd:attribute name="Id" type="xsd:ID" use="optional"/>
+ </xsd:complexType>
+ <!-- SigAndRefsTimeStampV2 and RefsOnlyTimeStampV2-->
+ <xsd:element name="SigAndRefsTimeStampV2" type="xades:XAdESTimeStampType"/>
+ <xsd:element name="RefsOnlyTimeStampV2" type="xades:XAdESTimeStampType"/>
+</xsd:schema>
+