Repository: camel Updated Branches: refs/heads/master faa20255e -> 122419876
http://git-wip-us.apache.org/repos/asf/camel/blob/12241987/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/SpringXmlSignatureTests.xml ---------------------------------------------------------------------- diff --git a/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/SpringXmlSignatureTests.xml b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/SpringXmlSignatureTests.xml index 13eb958..8ce4688 100644 --- a/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/SpringXmlSignatureTests.xml +++ b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/SpringXmlSignatureTests.xml @@ -1,405 +1,439 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> +<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor + license agreements. See the NOTICE file distributed with this work for additional + information regarding copyright ownership. The ASF licenses this file to + You under the Apache License, Version 2.0 (the "License"); you may not use + this file except in compliance with the License. You may obtain a copy of + the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required + by applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS + OF ANY KIND, either express or implied. See the License for the specific + language governing permissions and limitations under the License. --> <beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation=" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd "> - <camelContext id="camel" xmlns="http://camel.apache.org/schema/spring"> - <onException> - <exception>org.apache.camel.component.xmlsecurity.api.XmlSignatureException - </exception> - <handled> - <constant>false</constant> - </handled> - <to uri="mock:exception" /> - </onException> - - <!-- START SNIPPET: enveloping XML signature --> - <route> - <from uri="direct:enveloping" /> - <to uri="xmlsecurity:sign://enveloping?keyAccessor=#accessorRsa" /> - <to uri="xmlsecurity:verify://enveloping?keySelector=#selectorRsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: enveloping XML signature --> - - <!-- START SNIPPET: enveloping XML signature with plain text --> - <route> - <from uri="direct:plaintext" /> - <to - uri="xmlsecurity:sign://plaintext?keyAccessor=#accessorRsa&plainText=true&plainTextEncoding=UTF-8" /> - <to uri="xmlsecurity:verify://plaintext?keySelector=#selectorRsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: enveloping XML signature with plain text --> - - <!-- START SNIPPET: enveloped XML signature --> - <route> - <from uri="direct:enveloped" /> - <to - uri="xmlsecurity:sign://enveloped?keyAccessor=#accessorRsa&parentLocalName=root&parentNamespace=http://test/test" /> - <to uri="xmlsecurity:verify://enveloped?keySelector=#selectorRsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: enveloped XML signature --> - - <!-- START SNIPPET: canonicalization --> - <route> - <from uri="direct:canonicalization" /> - <to - uri="xmlsecurity:sign://canonicalization?keyAccessor=#accessorRsa&canonicalizationMethod=#canonicalizationMethod1" /> - <to uri="xmlsecurity:verify://canonicalization?keySelector=#selectorRsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: canonicalization --> - - <!-- START SNIPPET: digest and signature algorithm --> - <route> - <from uri="direct:signaturedigestalgorithm" /> - <to - uri="xmlsecurity:sign://signaturedigestalgorithm?keyAccessor=#accessorRsa&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha384&digestAlgorithm=http://www.w3.org/2001/04/xmlenc#sha256" /> - <to - uri="xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selectorRsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: digest and signature algorithm --> - - <!-- START SNIPPET: transforms XPath2 --> - <route> - <from uri="direct:transformsXPath2" /> - <to - uri="xmlsecurity:sign://transformsXPath2?keyAccessor=#accessorRsa&transformMethods=#transformsXPath2" /> - <to uri="xmlsecurity:verify://transformsXPath2?keySelector=#selectorRsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: transforms XPath2 --> - - <!-- START SNIPPET: transforms XSLT, XPath --> - <route> - <from uri="direct:transformsXsltXPath" /> - <to - uri="xmlsecurity:sign://transformsXsltXPath?keyAccessor=#accessorRsa&transformMethods=#transformsXsltXPath" /> - <to - uri="xmlsecurity:verify://transformsXsltXPath?keySelector=#selectorRsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: transforms XSLT, XPath --> - - <!-- START SNIPPET: transforms XSLT, XPath - secure Validation disabled --> - <route> - <from uri="direct:transformsXsltXPathSecureValDisabled" /> - <to - uri="xmlsecurity:sign://transformsXsltXPathSecureValDisabled?keyAccessor=#accessorRsa&transformMethods=#transformsXsltXPath" /> - <to - uri="xmlsecurity:verify://transformsXsltXPathSecureValDisabled?keySelector=#selectorRsa&secureValidation=false" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: transforms XSLT, XPath - secure Validation disabled --> - - - <!-- START SNIPPET: invalid key exception --> - <route> - <from uri="direct:signexceptioninvalidkey" /> - <to - uri="xmlsecurity:sign://signexceptioninvalidkey?keyAccessor=#accessorDsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: invalid key exception --> - - <!-- START SNIPPET: sign exceptions --> - <route> - <from uri="direct:signexceptions" /> - <to - uri="xmlsecurity:sign://signexceptioninvalidkey?keyAccessor=#accessorRsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: sign exceptions --> - - <!-- START SNIPPET: noSuchAlgorithmException --> - <route> - <from uri="direct:noSuchAlgorithmException" /> - <to - uri="xmlsecurity:sign://noSuchAlgorithmException?keyAccessor=#accessorRsa&signatureAlgorithm=wrongalgorithm&digestAlgorithm=http://www.w3.org/2001/04/xmlenc#sha512" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: noSuchAlgorithmException --> - - <!-- START SNIPPET: verify exceptions --> - <route> - <from uri="direct:verifyexceptions" /> - <to uri="xmlsecurity:verify://verifyexceptions?keySelector=#selectorDsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: verify exceptions --> - - <!-- START SNIPPET: verifier InvalidHashException --> - <route> - <from uri="direct:invalidhash" /> - <to - uri="xmlsecurity:verify://invalidhash?keySelector=#selectorKeyValue&baseUri=#baseUri&secureValidation=false" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: verifier InvalidHashException --> - - <!-- START SNIPPET: cryptoContextProperties --> - <route> - <from uri="direct:cryptocontextprops" /> - <to - uri="xmlsecurity:verify://cryptocontextprops?keySelector=#selectorKeyValue&cryptoContextProperties=#cryptoContextProperties" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: cryptoContextProperties --> - - <!-- START SNIPPET: verify InvalidKeyException --> - <route> - <from uri="direct:verifyInvalidKeyException" /> - <to - uri="xmlsecurity:verify://verifyInvalidKeyException?keySelector=#selectorRsa" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: verify InvalidKeyException --> - - - <!-- START SNIPPET: uridereferencer --> - <route> - <from uri="direct:uridereferencer" /> - <to - uri="xmlsecurity:sign://uridereferencer?keyAccessor=#accessorRsa&uriDereferencer=#uriDereferencer" /> - <to - uri="xmlsecurity:verify://uridereferencer?keySelector=#selectorRsa&uriDereferencer=#uriDereferencer" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: uridereferencer --> - - <!-- START SNIPPET: keyAccessorKeySelectorDefault --> - <route> - <from uri="direct:keyAccessorKeySelectorDefault" /> - <to - uri="xmlsecurity:sign://keyAccessorKeySelectorDefault?keyAccessor=#keyAccessorDefault" /> - <to - uri="xmlsecurity:verify://keyAccessorKeySelectorDefault?keySelector=#keySelectorDefault" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: keyAccessorKeySelectorDefault --> - - <!-- START SNIPPET: xmlSignatureChecker --> - <route> - <from uri="direct:xmlSignatureChecker" /> - <to - uri="xmlsecurity:verify://keyAccessorKeySelectorDefault?keySelector=#selectorKeyValue&xmlSignatureChecker=#envelopingSignatureChecker" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: xmlSignatureChecker --> - - <!-- START SNIPPET: properties --> - <route> - <from uri="direct:props" /> - <to - uri="xmlsecurity:sign://properties?keyAccessor=#accessorRsa&properties=#signatureProperties" /> - <to - uri="xmlsecurity:verify://properties?keySelector=#selectorRsa&xmlSignature2Message=#xmlSignature2MessageWithTimestampPropertyy" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: properties --> - - <!-- START SNIPPET: verify output node search element name --> - <route> - <from uri="direct:outputnodesearchelementname" /> - <to - uri="xmlsecurity:verify://outputnodesearchelementname?keySelector=#selectorKeyValue&outputNodeSearchType=ElementName&outputNodeSearch={http://test/test}root&removeSignatureElements=true" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: verify output node search element name --> - - <!-- START SNIPPET: verify output node search xpath --> - <route> - <from uri="direct:outputnodesearchxpath" /> - <to - uri="xmlsecurity:verify://outputnodesearchxpath?keySelector=#selectorKeyValue&outputNodeSearchType=XPath&outputNodeSearch=#nodesearchxpath&removeSignatureElements=true" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: verify output node search xpath --> - - <!-- START SNIPPET: validationFailedHandler --> - <route> - <from uri="direct:validationFailedHandler" /> - <to - uri="xmlsecurity:verify://validationFailedHandler?keySelector=#selectorKeyValue&validationFailedHandler=validationFailedHandlerIgnoreManifestFailures" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: validationFailedHandler --> - - <!-- START SNIPPET: further parameters --> - <route> - <from uri="direct:furtherparams" /> - <to - uri="xmlsecurity:sign://furtherparams?keyAccessor=#accessorRsa&prefixForXmlSignatureNamespace=digsig&disallowDoctypeDecl=false" /> - <to - uri="xmlsecurity:verify://furtherparams?keySelector=#selectorRsa&disallowDoctypeDecl=false" /> - <to uri="mock:result" /> - </route> - <!-- END SNIPPET: further parameters --> - - - </camelContext> - - <bean id="accessorDsa" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getDsaKeyAccessor" /> - <bean id="accessorRsa" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getRsaKeyAccessor" /> - <bean id="selectorDsa" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getDsaKeySelector" /> - <bean id="selectorRsa" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getRsaKeySelector" /> - - <bean id="keyAccessorDefault" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getDefaultKeyAccessor" /> - <bean id="keySelectorDefault" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getDefaultKeySelector" /> - - <bean id="baseUri" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getBaseUri" /> - - <bean id="selectorKeyValue" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getKeyValueKeySelector" /> - - <bean id="cryptoContextProperties" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getCrytoContextProperties" /> - - <bean id="canonicalizationMethod1" - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" - factory-method="getCanonicalizationMethod"> - <constructor-arg type="java.lang.String" - value="http://www.w3.org/2001/10/xml-exc-c14n#" /> - </bean> - - <bean id="transformsXsltXPath" - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" - factory-method="getTransforms"> - <constructor-arg type="java.util.List"> - <list> - <bean - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" - factory-method="getCanonicalizationMethod"> - <constructor-arg type="java.lang.String" - value="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> - </bean> - <bean - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" - factory-method="getXslTransform"> - <constructor-arg type="java.lang.String" - value="/org/apache/camel/component/xmlsecurity/xslt_test.xsl" /> - </bean> - <bean - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" - factory-method="getXPathTransform"> - <constructor-arg type="java.lang.String" value="//n0:XMLSecurity/n0:Content" /> - <constructor-arg type="java.util.Map"> - <map> - <entry key="n0" value="https://org.apache/camel/xmlsecurity/test" /> - </map> - </constructor-arg> - </bean> - <!-- I removed base 64 transform because the JDK provider does not support - correctly this transform <bean class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" - factory-method="getBase64Transform" /> --> - </list> - </constructor-arg> - </bean> - - - <bean id="transformsXPath2" - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" - factory-method="getTransforms"> - <constructor-arg type="java.util.List"> - <list> - <bean - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" - factory-method="getCanonicalizationMethod"> - <constructor-arg type="java.lang.String" - value="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> - </bean> - <bean - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" - factory-method="getXPath2Transform"> - <constructor-arg type="java.util.List"> - <list> - <bean - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper.XPathAndFilter"> - <property name="xpath" value="//n0:ToBeSigned" /> - <property name="filter" value="intersect" /> - </bean> - <bean - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper.XPathAndFilter"> - <property name="xpath" value="//n0:NotToBeSigned" /> - <property name="filter" value="subtract" /> - </bean> - <bean - class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper.XPathAndFilter"> - <property name="xpath" value="//n0:ReallyToBeSigned" /> - <property name="filter" value="union" /> - </bean> - </list> - </constructor-arg> - <constructor-arg type="java.util.Map"> - <map> - <entry key="n0" value="http://test/test" /> - </map> - </constructor-arg> - </bean> - </list> - </constructor-arg> - </bean> - - <bean id="uriDereferencer" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getSameDocumentUriDereferencer" /> - - <bean id="envelopingSignatureChecker" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getEnvelopingXmlSignatureChecker" /> - - <bean id="xmlSignature2MessageWithTimestampPropertyy" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getXmlSignature2MessageWithTimestampdProperty" /> - - <bean id="signatureProperties" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getSignatureProperties" /> - - <bean id="validationFailedHandlerIgnoreManifestFailures" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getValidationFailedHandlerIgnoreManifestFailures" /> - - <bean id="nodesearchxpath" - class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" - factory-method="getNodeSerachXPath" /> - + <camelContext id="camel" + xmlns="http://camel.apache.org/schema/spring"> + <onException> + <exception>java.lang.Exception</exception> + <handled> + <constant>false</constant> + </handled> + <to uri="mock:exception" /> + </onException> + + <!-- START SNIPPET: enveloping XML signature --> + <route> + <from uri="direct:enveloping" /> + <to uri="xmlsecurity:sign://enveloping?keyAccessor=#accessorRsa" /> + <to + uri="xmlsecurity:verify://enveloping?keySelector=#selectorRsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: enveloping XML signature --> + + <!-- START SNIPPET: enveloping XML signature with plain text --> + <route> + <from uri="direct:plaintext" /> + <to + uri="xmlsecurity:sign://plaintext?keyAccessor=#accessorRsa&plainText=true&plainTextEncoding=UTF-8" /> + <to + uri="xmlsecurity:verify://plaintext?keySelector=#selectorRsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: enveloping XML signature with plain text --> + + <!-- START SNIPPET: enveloped XML signature --> + <route> + <from uri="direct:enveloped" /> + <to + uri="xmlsecurity:sign://enveloped?keyAccessor=#accessorRsa&parentLocalName=root&parentNamespace=http://test/test" /> + <to + uri="xmlsecurity:verify://enveloped?keySelector=#selectorRsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: enveloped XML signature --> + + <!-- START SNIPPET: canonicalization --> + <route> + <from uri="direct:canonicalization" /> + <to + uri="xmlsecurity:sign://canonicalization?keyAccessor=#accessorRsa&canonicalizationMethod=#canonicalizationMethod1" /> + <to + uri="xmlsecurity:verify://canonicalization?keySelector=#selectorRsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: canonicalization --> + + <!-- START SNIPPET: digest and signature algorithm --> + <route> + <from uri="direct:signaturedigestalgorithm" /> + <to + uri="xmlsecurity:sign://signaturedigestalgorithm?keyAccessor=#accessorRsa&signatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha384&digestAlgorithm=http://www.w3.org/2001/04/xmlenc#sha256" /> + <to + uri="xmlsecurity:verify://signaturedigestalgorithm?keySelector=#selectorRsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: digest and signature algorithm --> + + <!-- START SNIPPET: transforms XPath2 --> + <route> + <from uri="direct:transformsXPath2" /> + <to + uri="xmlsecurity:sign://transformsXPath2?keyAccessor=#accessorRsa&transformMethods=#transformsXPath2" /> + <to + uri="xmlsecurity:verify://transformsXPath2?keySelector=#selectorRsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: transforms XPath2 --> + + <!-- START SNIPPET: transforms XSLT, XPath --> + <route> + <from uri="direct:transformsXsltXPath" /> + <to + uri="xmlsecurity:sign://transformsXsltXPath?keyAccessor=#accessorRsa&transformMethods=#transformsXsltXPath" /> + <to + uri="xmlsecurity:verify://transformsXsltXPath?keySelector=#selectorRsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: transforms XSLT, XPath --> + + <!-- START SNIPPET: transforms XSLT, XPath - secure Validation disabled --> + <route> + <from uri="direct:transformsXsltXPathSecureValDisabled" /> + <to + uri="xmlsecurity:sign://transformsXsltXPathSecureValDisabled?keyAccessor=#accessorRsa&transformMethods=#transformsXsltXPath" /> + <to + uri="xmlsecurity:verify://transformsXsltXPathSecureValDisabled?keySelector=#selectorRsa&secureValidation=false" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: transforms XSLT, XPath - secure Validation disabled --> + + + <!-- START SNIPPET: invalid key exception --> + <route> + <from uri="direct:signexceptioninvalidkey" /> + <to + uri="xmlsecurity:sign://signexceptioninvalidkey?keyAccessor=#accessorDsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: invalid key exception --> + + <!-- START SNIPPET: sign exceptions --> + <route> + <from uri="direct:signexceptions" /> + <to + uri="xmlsecurity:sign://signexceptioninvalidkey?keyAccessor=#accessorRsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: sign exceptions --> + + <!-- START SNIPPET: noSuchAlgorithmException --> + <route> + <from uri="direct:noSuchAlgorithmException" /> + <to + uri="xmlsecurity:sign://noSuchAlgorithmException?keyAccessor=#accessorRsa&signatureAlgorithm=wrongalgorithm&digestAlgorithm=http://www.w3.org/2001/04/xmlenc#sha512" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: noSuchAlgorithmException --> + + <!-- START SNIPPET: verify exceptions --> + <route> + <from uri="direct:verifyexceptions" /> + <to + uri="xmlsecurity:verify://verifyexceptions?keySelector=#selectorDsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: verify exceptions --> + + <!-- START SNIPPET: verifier InvalidHashException --> + <route> + <from uri="direct:invalidhash" /> + <to + uri="xmlsecurity:verify://invalidhash?keySelector=#selectorKeyValue&baseUri=#baseUri&secureValidation=false" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: verifier InvalidHashException --> + + <!-- START SNIPPET: cryptoContextProperties --> + <route> + <from uri="direct:cryptocontextprops" /> + <to + uri="xmlsecurity:verify://cryptocontextprops?keySelector=#selectorKeyValue&cryptoContextProperties=#cryptoContextProperties" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: cryptoContextProperties --> + + <!-- START SNIPPET: verify InvalidKeyException --> + <route> + <from uri="direct:verifyInvalidKeyException" /> + <to + uri="xmlsecurity:verify://verifyInvalidKeyException?keySelector=#selectorRsa" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: verify InvalidKeyException --> + + + <!-- START SNIPPET: uridereferencer --> + <route> + <from uri="direct:uridereferencer" /> + <to + uri="xmlsecurity:sign://uridereferencer?keyAccessor=#accessorRsa&uriDereferencer=#uriDereferencer" /> + <to + uri="xmlsecurity:verify://uridereferencer?keySelector=#selectorRsa&uriDereferencer=#uriDereferencer" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: uridereferencer --> + + <!-- START SNIPPET: keyAccessorKeySelectorDefault --> + <route> + <from uri="direct:keyAccessorKeySelectorDefault" /> + <to + uri="xmlsecurity:sign://keyAccessorKeySelectorDefault?keyAccessor=#keyAccessorDefault" /> + <to + uri="xmlsecurity:verify://keyAccessorKeySelectorDefault?keySelector=#keySelectorDefault" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: keyAccessorKeySelectorDefault --> + + <!-- START SNIPPET: xmlSignatureChecker --> + <route> + <from uri="direct:xmlSignatureChecker" /> + <to + uri="xmlsecurity:verify://keyAccessorKeySelectorDefault?keySelector=#selectorKeyValue&xmlSignatureChecker=#envelopingSignatureChecker" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: xmlSignatureChecker --> + + <!-- START SNIPPET: properties --> + <route> + <from uri="direct:props" /> + <to + uri="xmlsecurity:sign://properties?keyAccessor=#accessorRsa&properties=#signatureProperties" /> + <to + uri="xmlsecurity:verify://properties?keySelector=#selectorRsa&xmlSignature2Message=#xmlSignature2MessageWithTimestampPropertyy" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: properties --> + + <!-- START SNIPPET: verify output node search element name --> + <route> + <from uri="direct:outputnodesearchelementname" /> + <to + uri="xmlsecurity:verify://outputnodesearchelementname?keySelector=#selectorKeyValue&outputNodeSearchType=ElementName&outputNodeSearch={http://test/test}root&removeSignatureElements=true" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: verify output node search element name --> + + <!-- START SNIPPET: verify output node search xpath --> + <route> + <from uri="direct:outputnodesearchxpath" /> + <to + uri="xmlsecurity:verify://outputnodesearchxpath?keySelector=#selectorKeyValue&outputNodeSearchType=XPath&outputNodeSearch=#nodesearchxpath&removeSignatureElements=true" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: verify output node search xpath --> + + <!-- START SNIPPET: validationFailedHandler --> + <route> + <from uri="direct:validationFailedHandler" /> + <to + uri="xmlsecurity:verify://validationFailedHandler?keySelector=#selectorKeyValue&validationFailedHandler=validationFailedHandlerIgnoreManifestFailures" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: validationFailedHandler --> + + <!-- START SNIPPET: further parameters --> + <route> + <from uri="direct:furtherparams" /> + <to + uri="xmlsecurity:sign://furtherparams?keyAccessor=#accessorRsa&prefixForXmlSignatureNamespace=digsig&disallowDoctypeDecl=false" /> + <to + uri="xmlsecurity:verify://furtherparams?keySelector=#selectorRsa&disallowDoctypeDecl=false" /> + <to uri="mock:result" /> + </route> + <!-- END SNIPPET: further parameters --> + + <!-- START SNIPPET: detached --> + <route> + <from uri="direct:detached" /> + <to + uri="xmlsecurity:sign://detached?keyAccessor=#accessorRsa&xpathsToIdAttributes=#xpathsToIdAttributes&schemaResourceUri=org/apache/camel/component/xmlsecurity/Test.xsd&clearHeaders=false" /> + <to uri="mock:result" /> + <to + uri="xmlsecurity:verify://detached?keySelector=#selectorRsa&schemaResourceUri=org/apache/camel/component/xmlsecurity/Test.xsd" /> + <to uri="mock:verified" /> + </route> + <!-- END SNIPPET: detached --> + + + </camelContext> + + <bean id="accessorDsa" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getDsaKeyAccessor" /> + <bean id="accessorRsa" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getRsaKeyAccessor" /> + <bean id="selectorDsa" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getDsaKeySelector" /> + <bean id="selectorRsa" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getRsaKeySelector" /> + + <bean id="keyAccessorDefault" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getDefaultKeyAccessor" /> + <bean id="keySelectorDefault" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getDefaultKeySelector" /> + + <bean id="baseUri" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getBaseUri" /> + + <bean id="selectorKeyValue" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getKeyValueKeySelector" /> + + <bean id="cryptoContextProperties" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getCrytoContextProperties" /> + + <bean id="canonicalizationMethod1" + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" + factory-method="getCanonicalizationMethod"> + <constructor-arg type="java.lang.String" + value="http://www.w3.org/2001/10/xml-exc-c14n#" /> + </bean> + + <bean id="transformsXsltXPath" + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" + factory-method="getTransforms"> + <constructor-arg type="java.util.List"> + <list> + <bean + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" + factory-method="getCanonicalizationMethod"> + <constructor-arg type="java.lang.String" + value="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> + </bean> + <bean + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" + factory-method="getXslTransform"> + <constructor-arg type="java.lang.String" + value="/org/apache/camel/component/xmlsecurity/xslt_test.xsl" /> + </bean> + <bean + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" + factory-method="getXPathTransform"> + <constructor-arg type="java.lang.String" + value="//n0:XMLSecurity/n0:Content" /> + <constructor-arg type="java.util.Map"> + <map> + <entry key="n0" + value="https://org.apache/camel/xmlsecurity/test" /> + </map> + </constructor-arg> + </bean> + <!-- I removed base 64 transform because the JDK provider + does not support correctly this transform <bean class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" + factory-method="getBase64Transform" /> --> + </list> + </constructor-arg> + </bean> + + + <bean id="transformsXPath2" + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" + factory-method="getTransforms"> + <constructor-arg type="java.util.List"> + <list> + <bean + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" + factory-method="getCanonicalizationMethod"> + <constructor-arg type="java.lang.String" + value="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> + </bean> + <bean + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" + factory-method="getXPath2Transform"> + <constructor-arg type="java.util.List"> + <list> + <bean + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper.XPathAndFilter"> + <property name="xpath" + value="//n0:ToBeSigned" /> + <property name="filter" value="intersect" /> + </bean> + <bean + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper.XPathAndFilter"> + <property name="xpath" + value="//n0:NotToBeSigned" /> + <property name="filter" value="subtract" /> + </bean> + <bean + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper.XPathAndFilter"> + <property name="xpath" + value="//n0:ReallyToBeSigned" /> + <property name="filter" value="union" /> + </bean> + </list> + </constructor-arg> + <constructor-arg type="java.util.Map"> + <map> + <entry key="n0" value="http://test/test" /> + </map> + </constructor-arg> + </bean> + </list> + </constructor-arg> + </bean> + + <bean id="uriDereferencer" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getSameDocumentUriDereferencer" /> + + <bean id="envelopingSignatureChecker" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getEnvelopingXmlSignatureChecker" /> + + <bean id="xmlSignature2MessageWithTimestampPropertyy" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getXmlSignature2MessageWithTimestampdProperty" /> + + <bean id="signatureProperties" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getSignatureProperties" /> + + <bean id="validationFailedHandlerIgnoreManifestFailures" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getValidationFailedHandlerIgnoreManifestFailures" /> + + <bean id="nodesearchxpath" + class="org.apache.camel.component.xmlsecurity.SpringXmlSignatureTest" + factory-method="getNodeSerachXPath" /> + + <bean id="xpathsToIdAttributes" class="java.util.ArrayList"> + <constructor-arg type="java.util.Collection"> + <list> + <bean + class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" + factory-method="getXpathFilter"> + <constructor-arg type="java.lang.String" + value="/ns:root/a/@ID" /> + <constructor-arg type="java.util.Map"> + <map> + <entry key="ns" value="http://test" /> + </map> + </constructor-arg> + </bean> + </list> + </constructor-arg> + </bean> </beans> http://git-wip-us.apache.org/repos/asf/camel/blob/12241987/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/Test.xsd ---------------------------------------------------------------------- diff --git a/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/Test.xsd b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/Test.xsd new file mode 100644 index 0000000..3c233ec --- /dev/null +++ b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/Test.xsd @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8"?> +<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://test" + xmlns:tns="http://test" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <import namespace="http://www.w3.org/2000/09/xmldsig#" + schemaLocation="xmldsig-core-schema.xsd" /> + <element name="root"> + <complexType> + <sequence> + <element name="a"> + <complexType> + <sequence> + <element name="b" type="string" /> + <element ref="ds:Signature" + minOccurs="0" /> + </sequence> + <attribute name="ID" type="ID" use="required" /> + <attribute name="stringAttr" type="string" /> + </complexType> + </element> + <element ref="ds:Signature" minOccurs="0" /> + </sequence> + <attribute name="ID" type="ID" /> + </complexType> + </element> +</schema> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/camel/blob/12241987/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/TestB.xsd ---------------------------------------------------------------------- diff --git a/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/TestB.xsd b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/TestB.xsd new file mode 100644 index 0000000..bfd03ea --- /dev/null +++ b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/TestB.xsd @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://testB" + xmlns:tns="http://testB" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <import namespace="http://www.w3.org/2000/09/xmldsig#" + schemaLocation="xmldsig-core-schema.xsd" /> + <element name="B"> + <complexType> + <sequence> + <element name="C"> + <complexType> + <sequence> + <element name="D" type="string" /> + </sequence> + <attribute name="ID" type="ID" use="required" /> + </complexType> + </element> + <element ref="ds:Signature" minOccurs="0" /> + </sequence> + </complexType> + </element> +</schema> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/camel/blob/12241987/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/TestComplex.xsd ---------------------------------------------------------------------- diff --git a/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/TestComplex.xsd b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/TestComplex.xsd new file mode 100644 index 0000000..33e58fc --- /dev/null +++ b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/TestComplex.xsd @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> +<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://test" + xmlns:tns="http://test" xmlns:nsB="http://testB" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <import namespace="http://www.w3.org/2000/09/xmldsig#" + schemaLocation="xmldsig-core-schema.xsd" /> + <import namespace="http://testB" schemaLocation="TestB.xsd" /> + <element name="root"> + <complexType> + <sequence> + <element name="test"> + <complexType> + <sequence> + <element name="b" type="string" /> + <element ref="nsB:B" /> + </sequence> + <attribute name="ID" type="ID" use="required" /> + </complexType> + </element> + <element ref="ds:Signature" minOccurs="0" /> + </sequence> + </complexType> + </element> +</schema> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/camel/blob/12241987/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/xmldsig-core-schema.xsd ---------------------------------------------------------------------- diff --git a/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/xmldsig-core-schema.xsd b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/xmldsig-core-schema.xsd new file mode 100644 index 0000000..8422fdf --- /dev/null +++ b/components/camel-xmlsecurity/src/test/resources/org/apache/camel/component/xmlsecurity/xmldsig-core-schema.xsd @@ -0,0 +1,308 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Schema for XML Signatures + http://www.w3.org/2000/09/xmldsig# + $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $ + + Copyright 2001 The Internet Society and W3C (Massachusetts Institute + of Technology, Institut National de Recherche en Informatique et en + Automatique, Keio University). All Rights Reserved. + http://www.w3.org/Consortium/Legal/ + + This document is governed by the W3C Software License [1] as described + in the FAQ [2]. + + [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720 + [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD +--> + + +<schema xmlns="http://www.w3.org/2001/XMLSchema" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + targetNamespace="http://www.w3.org/2000/09/xmldsig#" + version="0.1" elementFormDefault="qualified"> + +<!-- Basic Types Defined for Signatures --> + +<simpleType name="CryptoBinary"> + <restriction base="base64Binary"> + </restriction> +</simpleType> + +<!-- Start Signature --> + +<element name="Signature" type="ds:SignatureType"/> +<complexType name="SignatureType"> + <sequence> + <element ref="ds:SignedInfo"/> + <element ref="ds:SignatureValue"/> + <element ref="ds:KeyInfo" minOccurs="0"/> + <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> +</complexType> + + <element name="SignatureValue" type="ds:SignatureValueType"/> + <complexType name="SignatureValueType"> + <simpleContent> + <extension base="base64Binary"> + <attribute name="Id" type="ID" use="optional"/> + </extension> + </simpleContent> + </complexType> + +<!-- Start SignedInfo --> + +<element name="SignedInfo" type="ds:SignedInfoType"/> +<complexType name="SignedInfoType"> + <sequence> + <element ref="ds:CanonicalizationMethod"/> + <element ref="ds:SignatureMethod"/> + <element ref="ds:Reference" maxOccurs="unbounded"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> +</complexType> + + <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/> + <complexType name="CanonicalizationMethodType" mixed="true"> + <sequence> + <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/> + <!-- (0,unbounded) elements from (1,1) namespace --> + </sequence> + <attribute name="Algorithm" type="anyURI" use="required"/> + </complexType> + + <element name="SignatureMethod" type="ds:SignatureMethodType"/> + <complexType name="SignatureMethodType" mixed="true"> + <sequence> + <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/> + <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/> + <!-- (0,unbounded) elements from (1,1) external namespace --> + </sequence> + <attribute name="Algorithm" type="anyURI" use="required"/> + </complexType> + +<!-- Start Reference --> + +<element name="Reference" type="ds:ReferenceType"/> +<complexType name="ReferenceType"> + <sequence> + <element ref="ds:Transforms" minOccurs="0"/> + <element ref="ds:DigestMethod"/> + <element ref="ds:DigestValue"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> + <attribute name="URI" type="anyURI" use="optional"/> + <attribute name="Type" type="anyURI" use="optional"/> +</complexType> + + <element name="Transforms" type="ds:TransformsType"/> + <complexType name="TransformsType"> + <sequence> + <element ref="ds:Transform" maxOccurs="unbounded"/> + </sequence> + </complexType> + + <element name="Transform" type="ds:TransformType"/> + <complexType name="TransformType" mixed="true"> + <choice minOccurs="0" maxOccurs="unbounded"> + <any namespace="##other" processContents="lax"/> + <!-- (1,1) elements from (0,unbounded) namespaces --> + <element name="XPath" type="string"/> + </choice> + <attribute name="Algorithm" type="anyURI" use="required"/> + </complexType> + +<!-- End Reference --> + +<element name="DigestMethod" type="ds:DigestMethodType"/> +<complexType name="DigestMethodType" mixed="true"> + <sequence> + <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="Algorithm" type="anyURI" use="required"/> +</complexType> + +<element name="DigestValue" type="ds:DigestValueType"/> +<simpleType name="DigestValueType"> + <restriction base="base64Binary"/> +</simpleType> + +<!-- End SignedInfo --> + +<!-- Start KeyInfo --> + +<element name="KeyInfo" type="ds:KeyInfoType"/> +<complexType name="KeyInfoType" mixed="true"> + <choice maxOccurs="unbounded"> + <element ref="ds:KeyName"/> + <element ref="ds:KeyValue"/> + <element ref="ds:RetrievalMethod"/> + <element ref="ds:X509Data"/> + <element ref="ds:PGPData"/> + <element ref="ds:SPKIData"/> + <element ref="ds:MgmtData"/> + <any processContents="lax" namespace="##other"/> + <!-- (1,1) elements from (0,unbounded) namespaces --> + </choice> + <attribute name="Id" type="ID" use="optional"/> +</complexType> + + <element name="KeyName" type="string"/> + <element name="MgmtData" type="string"/> + + <element name="KeyValue" type="ds:KeyValueType"/> + <complexType name="KeyValueType" mixed="true"> + <choice> + <element ref="ds:DSAKeyValue"/> + <element ref="ds:RSAKeyValue"/> + <any namespace="##other" processContents="lax"/> + </choice> + </complexType> + + <element name="RetrievalMethod" type="ds:RetrievalMethodType"/> + <complexType name="RetrievalMethodType"> + <sequence> + <element ref="ds:Transforms" minOccurs="0"/> + </sequence> + <attribute name="URI" type="anyURI"/> + <attribute name="Type" type="anyURI" use="optional"/> + </complexType> + +<!-- Start X509Data --> + +<element name="X509Data" type="ds:X509DataType"/> +<complexType name="X509DataType"> + <sequence maxOccurs="unbounded"> + <choice> + <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/> + <element name="X509SKI" type="base64Binary"/> + <element name="X509SubjectName" type="string"/> + <element name="X509Certificate" type="base64Binary"/> + <element name="X509CRL" type="base64Binary"/> + <any namespace="##other" processContents="lax"/> + </choice> + </sequence> +</complexType> + +<complexType name="X509IssuerSerialType"> + <sequence> + <element name="X509IssuerName" type="string"/> + <element name="X509SerialNumber" type="integer"/> + </sequence> +</complexType> + +<!-- End X509Data --> + +<!-- Begin PGPData --> + +<element name="PGPData" type="ds:PGPDataType"/> +<complexType name="PGPDataType"> + <choice> + <sequence> + <element name="PGPKeyID" type="base64Binary"/> + <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/> + <any namespace="##other" processContents="lax" minOccurs="0" + maxOccurs="unbounded"/> + </sequence> + <sequence> + <element name="PGPKeyPacket" type="base64Binary"/> + <any namespace="##other" processContents="lax" minOccurs="0" + maxOccurs="unbounded"/> + </sequence> + </choice> +</complexType> + +<!-- End PGPData --> + +<!-- Begin SPKIData --> + +<element name="SPKIData" type="ds:SPKIDataType"/> +<complexType name="SPKIDataType"> + <sequence maxOccurs="unbounded"> + <element name="SPKISexp" type="base64Binary"/> + <any namespace="##other" processContents="lax" minOccurs="0"/> + </sequence> +</complexType> + +<!-- End SPKIData --> + +<!-- End KeyInfo --> + +<!-- Start Object (Manifest, SignatureProperty) --> + +<element name="Object" type="ds:ObjectType"/> +<complexType name="ObjectType" mixed="true"> + <sequence minOccurs="0" maxOccurs="unbounded"> + <any namespace="##any" processContents="lax"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> + <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet --> + <attribute name="Encoding" type="anyURI" use="optional"/> +</complexType> + +<element name="Manifest" type="ds:ManifestType"/> +<complexType name="ManifestType"> + <sequence> + <element ref="ds:Reference" maxOccurs="unbounded"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> +</complexType> + +<element name="SignatureProperties" type="ds:SignaturePropertiesType"/> +<complexType name="SignaturePropertiesType"> + <sequence> + <element ref="ds:SignatureProperty" maxOccurs="unbounded"/> + </sequence> + <attribute name="Id" type="ID" use="optional"/> +</complexType> + + <element name="SignatureProperty" type="ds:SignaturePropertyType"/> + <complexType name="SignaturePropertyType" mixed="true"> + <choice maxOccurs="unbounded"> + <any namespace="##other" processContents="lax"/> + <!-- (1,1) elements from (1,unbounded) namespaces --> + </choice> + <attribute name="Target" type="anyURI" use="required"/> + <attribute name="Id" type="ID" use="optional"/> + </complexType> + +<!-- End Object (Manifest, SignatureProperty) --> + +<!-- Start Algorithm Parameters --> + +<simpleType name="HMACOutputLengthType"> + <restriction base="integer"/> +</simpleType> + +<!-- Start KeyValue Element-types --> + +<element name="DSAKeyValue" type="ds:DSAKeyValueType"/> +<complexType name="DSAKeyValueType"> + <sequence> + <sequence minOccurs="0"> + <element name="P" type="ds:CryptoBinary"/> + <element name="Q" type="ds:CryptoBinary"/> + </sequence> + <element name="G" type="ds:CryptoBinary" minOccurs="0"/> + <element name="Y" type="ds:CryptoBinary"/> + <element name="J" type="ds:CryptoBinary" minOccurs="0"/> + <sequence minOccurs="0"> + <element name="Seed" type="ds:CryptoBinary"/> + <element name="PgenCounter" type="ds:CryptoBinary"/> + </sequence> + </sequence> +</complexType> + +<element name="RSAKeyValue" type="ds:RSAKeyValueType"/> +<complexType name="RSAKeyValueType"> + <sequence> + <element name="Modulus" type="ds:CryptoBinary"/> + <element name="Exponent" type="ds:CryptoBinary"/> + </sequence> +</complexType> + +<!-- End KeyValue Element-types --> + +<!-- End Signature --> + +</schema>