<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v2004 rel. 2 U (http://www.xmlspy.com) by Walter F Hoehn, Jr (Columbia University in the City of New York) -->
-<xs:schema targetNamespace="urn:mace:shibboleth:credentials:1.0" xmlns:credentials="urn:mace:shibboleth:credentials:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
- <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+<xs:schema targetNamespace="urn:mace:shibboleth:credentials:1.0"
+ xmlns:credentials="urn:mace:shibboleth:credentials:1.0"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:import namespace="http://www.w3.org/2000/09/xmldsig#"
+ schemaLocation="xmldsig-core-schema.xsd"/>
<xs:element name="Credentials">
<xs:complexType>
- <xs:choice maxOccurs="unbounded">
- <xs:element name="KeyStoreResolver">
- <xs:annotation>
- <xs:documentation>Pulls credentials from a Java keystore.</xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="credentials:BaseCredentialFinder">
- <xs:sequence>
- <xs:element name="Path" type="xs:string"/>
- <xs:element name="KeyAlias" type="xs:string"/>
- <xs:element name="CertAlias" type="xs:string" minOccurs="0"/>
- <xs:element name="StorePassword" type="xs:string"/>
- <xs:element name="KeyPassword" type="xs:string" minOccurs="0"/>
- </xs:sequence>
- <xs:attribute name="storeType" type="xs:string" use="optional" default="JKS"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="FileResolver">
- <xs:annotation>
- <xs:documentation>Pulls credentials from files.</xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="credentials:BaseCredentialFinder">
- <xs:sequence>
- <xs:element name="Key" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Path" type="xs:string"/>
- </xs:sequence>
- <xs:attribute name="format" type="credentials:FormatType" use="optional" default="PEM"/>
- <xs:attribute name="password" type="xs:string" use="optional"/>
- </xs:complexType>
- </xs:element>
- <xs:element name="Certificate" minOccurs="0">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Path" type="xs:string"/>
- <xs:element name="CAPath" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="format" type="credentials:FormatType" use="optional" default="PEM"/>
- <xs:attribute name="password" type="xs:string" use="optional"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:element name="CustomResolver">
- <xs:annotation>
- <xs:documentation>Allows for specification of a Java class that loads credentials from a custom storage mechanism. </xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="credentials:BaseCredentialFinder">
- <xs:sequence>
- <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="class" type="xs:string" use="required"/>
- <xs:anyAttribute namespace="##any"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
+ <xs:choice minOccurs="1" maxOccurs="unbounded">
+ <xs:element name="KeyStoreResolver"
+ type="credentials:KeyStoreResolverType"/>
+ <xs:element name="FileResolver"
+ type="credentials:FileResolverType"/>
+ <xs:element name="CustomResolver"
+ type="credentials:CustomResolverType"/>
+ </xs:choice>
+ <xs:anyAttribute namespace="##any" processContents="lax"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Credential">
+ <xs:complexType>
+ <xs:choice minOccurs="1" maxOccurs="1">
+ <xs:element name="KeyStoreResolver"
+ type="credentials:KeyStoreResolverType"/>
+ <xs:element name="FileResolver"
+ type="credentials:FileResolverType"/>
+ <xs:element name="CustomResolver"
+ type="credentials:CustomResolverType"/>
</xs:choice>
<xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="BaseCredentialFinder">
- <xs:attribute name="Id" type="xs:string" use="required"/>
+ <xs:attribute name="Id" type="xs:string" use="optional"/>
+ </xs:complexType>
+ <xs:complexType name="KeyStoreResolverType">
+ <xs:annotation>
+ <xs:documentation>Pulls credentials from a Java
+ keystore.</xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:extension base="credentials:BaseCredentialFinder">
+ <xs:sequence>
+ <xs:element name="Path" type="xs:string"/>
+ <xs:element name="KeyAlias" type="xs:string"/>
+ <xs:element name="CertAlias" type="xs:string"
+ minOccurs="0"/>
+ <xs:element name="StorePassword" type="xs:string"/>
+ <xs:element name="KeyPassword" type="xs:string"
+ minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="storeType" type="xs:string" use="optional"
+ default="JKS"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <xs:complexType name ="FileResolverType">
+ <xs:annotation>
+ <xs:documentation>Pulls credentials from files.</xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:extension base="credentials:BaseCredentialFinder">
+ <xs:sequence>
+ <xs:element name="Key" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Path" type="xs:string"/>
+ </xs:sequence>
+ <xs:attribute name="format"
+ type="credentials:FormatType" use="optional"
+ default="PEM"/>
+ <xs:attribute name="password" type="xs:string"
+ use="optional"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Certificate" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Path" type="xs:string"/>
+ <xs:element name="CAPath" type="xs:string"
+ minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="format"
+ type="credentials:FormatType" use="optional"
+ default="PEM"/>
+ <xs:attribute name="password" type="xs:string"
+ use="optional"/>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ <xs:complexType name="CustomResolverType">
+ <xs:annotation>
+ <xs:documentation>Allows for specification of a Java class that
+ loads credentials from a custom storage mechanism.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:extension base="credentials:BaseCredentialFinder">
+ <xs:sequence>
+ <xs:any namespace="##any" processContents="lax"
+ minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="class" type="xs:string" use="required"/>
+ <xs:anyAttribute namespace="##any"/>
+ </xs:extension>
+ </xs:complexContent>
</xs:complexType>
</xs:schema>