-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema targetNamespace="urn:mace:shibboleth:credentials:1.0"
- xmlns:credentials="urn:mace:shibboleth:credentials:1.0"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- elementFormDefault="qualified" attributeFormDefault="unqualified">
- <xs:import namespace="http://www.w3.org/2000/09/xmldsig#"
- schemaLocation="xmldsig-core-schema.xsd"/>
- <xs:element name="Credentials">
- <xs:complexType>
- <xs:choice minOccurs="1" maxOccurs="unbounded">
- <xs:element name="KeyStoreResolver"
- type="credentials:KeyStoreResolverType"/>
- <xs:element name="FileResolver"
- type="credentials:FileResolverType"/>
- <xs:element name="CustomResolver"
- type="credentials:CustomResolverType"/>
- </xs:choice>
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="Credential">
- <xs:complexType>
- <xs:choice minOccurs="1" maxOccurs="1">
- <xs:element name="KeyStoreResolver"
- type="credentials:KeyStoreResolverType"/>
- <xs:element name="FileResolver"
- type="credentials:FileResolverType"/>
- <xs:element name="CustomResolver"
- type="credentials:CustomResolverType"/>
- </xs:choice>
- <xs:anyAttribute namespace="##any" processContents="lax"/>
- </xs:complexType>
- </xs:element>
- <xs:simpleType name="FormatType">
- <xs:restriction base="xs:string">
- <xs:enumeration value="PEM"/>
- <xs:enumeration value="DER"/>
- <xs:enumeration value="PKCS12"/>
- </xs:restriction>
- </xs:simpleType>
- <xs:complexType name="BaseCredentialFinder">
- <xs:attribute name="Id" type="xs:string" use="optional"/>
- </xs:complexType>
- <xs:complexType name="KeyStoreResolverType">
- <xs:annotation>
- <xs:documentation>Pulls credentials from a Java
- keystore.</xs:documentation>
- </xs:annotation>
- <xs:complexContent>
- <xs:extension base="credentials:BaseCredentialFinder">
- <xs:sequence>
- <xs:element name="Path" type="xs:string"/>
- <xs:element name="KeyAlias" type="xs:string"/>
- <xs:element name="CertAlias" type="xs:string"
- minOccurs="0"/>
- <xs:element name="StorePassword" type="xs:string"/>
- <xs:element name="KeyPassword" type="xs:string"
- minOccurs="0"/>
- </xs:sequence>
- <xs:attribute name="storeType" type="xs:string" use="optional"
- default="JKS"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- <xs:complexType name ="FileResolverType">
- <xs:annotation>
- <xs:documentation>Pulls credentials from files.</xs:documentation>
- </xs:annotation>
- <xs:complexContent>
- <xs:extension base="credentials:BaseCredentialFinder">
- <xs:sequence>
- <xs:element name="Key" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Path" type="xs:string"/>
- </xs:sequence>
- <xs:attribute name="format"
- type="credentials:FormatType" use="optional"
- default="PEM"/>
- <xs:attribute name="password" type="xs:string"
- use="optional"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="Certificate" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Path" type="xs:string"/>
- <xs:element name="CAPath" type="xs:string"
- minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="format"
- type="credentials:FormatType" use="optional"
- default="PEM"/>
- <xs:attribute name="password" type="xs:string"
- use="optional"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- <xs:complexType name="CustomResolverType">
- <xs:annotation>
- <xs:documentation>Allows for specification of a Java class that
- loads credentials from a custom storage mechanism.
- </xs:documentation>
- </xs:annotation>
- <xs:complexContent>
- <xs:extension base="credentials:BaseCredentialFinder">
- <xs:sequence>
- <xs:any namespace="##any" processContents="lax"
- minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="class" type="xs:string" use="required"/>
- <xs:anyAttribute namespace="##any"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
-</xs:schema>