Add some basic support for XML Encryption 1.1, which we'll need for t…

…he xmlenc11:MGF element as it can be generated in certain cases by the Shibboleth 2.5 SP. Includes a more up-to-date version of the basic XML Encryption 1.1 schema, and a new schema for XML Encryption 1.1.
internet2 · Aug 2, 2012 · b7daaac · b7daaac
1 parent b906e7b
commit b7daaac
Show file tree

Hide file tree

Showing 4 changed files with 179 additions and 9 deletions.
diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml
@@ -160,6 +160,7 @@
                 <entry key="ukfedlabel" value="http://ukfederation.org.uk/2006/11/label"/>
                 <entry key="wayf"       value="http://sdss.ac.uk/2006/06/WAYF"/>
                 <entry key="xenc"       value="http://www.w3.org/2001/04/xmlenc#"/>
+                <entry key="xenc11"     value="http://www.w3.org/2009/xmlenc11#"/>
                 <entry key="xs"         value="http://www.w3.org/2001/XMLSchema"/>
                 <entry key="xsi"        value="http://www.w3.org/2001/XMLSchema-instance"/>
                 <entry key="xsl"        value="http://www.w3.org/1999/XSL/Transform"/>
@@ -441,6 +442,9 @@
         <bean parent="file_parent">
             <constructor-arg value="#{ systemProperties['basedir'] }/xml/xenc-schema.xsd"/>
         </bean>
+        <bean parent="file_parent">
+            <constructor-arg value="#{ systemProperties['basedir'] }/xml/xenc-schema-11.xsd"/>
+        </bean>
         <bean parent="file_parent">
             <constructor-arg value="#{ systemProperties['basedir'] }/xml/xml.xsd"/>
         </bean>

diff --git a/mdx/uk/import.xsl b/mdx/uk/import.xsl
@@ -70,6 +70,7 @@
 			urn:mace:shibboleth:metadata:1.0 ../xml/shibboleth-metadata-1.0.xsd
 			http://ukfederation.org.uk/2006/11/label ../xml/uk-fed-label.xsd
 			http://www.w3.org/2001/04/xmlenc# ../xml/xenc-schema.xsd
+			http://www.w3.org/2009/xmlenc11# ..xml/xenc-schema-11.xsd
 			http://www.w3.org/2000/09/xmldsig# ../xml/xmldsig-core-schema.xsd">
 
 			<!--

diff --git a/xml/xenc-schema-11.xsd b/xml/xenc-schema-11.xsd
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+#
+# Copyright ©[2011] World Wide Web Consortium 
+# (Massachusetts Institute of Technology,  
+#  European Research Consortium for Informatics and Mathematics, 
+#  Keio University). All Rights Reserved.  
+# This work is distributed under the W3C® Software License [1] in the
+# hope that it will be useful, but WITHOUT ANY WARRANTY; without even
+# the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+# PURPOSE. 
+# [1] http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231
+#
+-->
+
+<!DOCTYPE schema  PUBLIC "-//W3C//DTD XMLSchema 200102//EN"
+ "http://www.w3.org/2001/XMLSchema.dtd"
+ [
+	<!ATTLIST schema
+     xmlns:xenc CDATA #FIXED 'http://www.w3.org/2001/04/xmlenc#'
+     xmlns:ds CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'
+     xmlns:xenc11 CDATA #FIXED 'http://www.w3.org/2009/xmlenc11#'>
+	<!ENTITY xenc 'http://www.w3.org/2001/04/xmlenc#'>
+	<!ENTITY % p ''>
+	<!ENTITY % s ''>
+]>
+
+<schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0'
+        xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
+        xmlns:xenc11='http://www.w3.org/2009/xmlenc11#'
+        xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
+        targetNamespace='http://www.w3.org/2009/xmlenc11#'
+        elementFormDefault='qualified'>
+
+	<import namespace='http://www.w3.org/2000/09/xmldsig#'
+			schemaLocation='xmldsig-core-schema.xsd'/>
+
+	<import namespace='http://www.w3.org/2001/04/xmlenc#'
+			schemaLocation='xenc-schema.xsd'/>
+
+	<element name="ConcatKDFParams" type="xenc11:ConcatKDFParamsType"/>
+	<complexType name="ConcatKDFParamsType">
+		<sequence>
+			<element ref="ds:DigestMethod"/>
+		</sequence>
+		<attribute name="AlgorithmID" type="hexBinary"/>
+		<attribute name="PartyUInfo" type="hexBinary"/>
+		<attribute name="PartyVInfo" type="hexBinary"/>
+		<attribute name="SuppPubInfo" type="hexBinary"/>
+		<attribute name="SuppPrivInfo" type="hexBinary"/>
+	</complexType>
+
+	<element name="DerivedKey" type="xenc11:DerivedKeyType"/>
+	<complexType name="DerivedKeyType">
+		<sequence>
+			<element ref="xenc11:KeyDerivationMethod" minOccurs="0"/>
+			<element ref="xenc:ReferenceList" minOccurs="0"/>
+			<element name="DerivedKeyName" type="string" minOccurs="0"/>
+			<element name="MasterKeyName" type="string" minOccurs="0"/>
+		</sequence>
+		<attribute name="Recipient" type="string" use="optional"/>
+		<attribute name="Id" type="ID" use="optional"/>
+		<attribute name="Type" type="anyURI" use="optional"/>
+	</complexType>
+
+	<element name="KeyDerivationMethod" type="xenc11:KeyDerivationMethodType"/>
+	<complexType name="KeyDerivationMethodType">
+		<sequence>
+			<any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+		</sequence>
+		<attribute name="Algorithm" type="anyURI" use="required"/>
+	</complexType>
+
+	<element name="PBKDF2-params" type="xenc11:PBKDF2ParameterType"/>
+
+	<complexType name="AlgorithmIdentifierType">
+		<sequence>
+			<element name="Parameters" minOccurs="0"/>
+		</sequence>
+        <attribute name="Algorithm" type="anyURI" use="required" />
+	</complexType>
+
+	<complexType name="PRFAlgorithmIdentifierType">
+		<complexContent>
+          <restriction base="xenc11:AlgorithmIdentifierType">
+            <attribute name="Algorithm" type="anyURI" use="required" />
+          </restriction>
+        </complexContent>
+	</complexType>
+
+	<complexType name="PBKDF2ParameterType">
+		<sequence>
+			<element name="Salt">
+				<complexType>
+					<choice>
+						<element name="Specified" type="base64Binary"/>
+						<element name="OtherSource" type="xenc11:AlgorithmIdentifierType"/>
+					</choice>
+				</complexType>
+			</element>
+			<element name="IterationCount" type="positiveInteger"/>
+			<element name="KeyLength" type="positiveInteger"/>
+			<element name="PRF" type="xenc11:PRFAlgorithmIdentifierType"/>
+		</sequence>
+	</complexType>
+
+    <element name="MGF" type="xenc11:MGFType"/>
+    <complexType name="MGFType">
+      <complexContent>
+        <restriction base="xenc11:AlgorithmIdentifierType">
+          <attribute name="Algorithm" type="anyURI" use="required" />
+        </restriction>
+      </complexContent>
+    </complexType>
+
+</schema>
+
+
diff --git a/xml/xenc-schema.xsd b/xml/xenc-schema.xsd
@@ -1,5 +1,29 @@
 <?xml version="1.0" encoding="utf-8"?>
 
+<!--
+#
+# Copyright ©[2011] World Wide Web Consortium 
+# (Massachusetts Institute of Technology,  
+#  European Research Consortium for Informatics and Mathematics, 
+#  Keio University). All Rights Reserved.  
+# This work is distributed under the W3C® Software License [1] in the
+# hope that it will be useful, but WITHOUT ANY WARRANTY; without even
+# the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+# PURPOSE. 
+# [1] http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231
+#
+-->
+
+<!DOCTYPE schema  PUBLIC "-//W3C//DTD XMLSchema 200102//EN"
+ "http://www.w3.org/2001/XMLSchema.dtd"
+ [
+   <!ATTLIST schema
+     xmlns:xenc CDATA #FIXED 'http://www.w3.org/2001/04/xmlenc#'
+     xmlns:ds CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'>
+   <!ENTITY xenc 'http://www.w3.org/2001/04/xmlenc#'>
+   <!ENTITY % p ''>
+   <!ENTITY % s ''>
+  ]>
 
 <schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0'
         xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
@@ -27,6 +51,8 @@
     <sequence>
       <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
       <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
+      <!-- note that optional xenc11:MGF element may be used here for
+           RSA-OAEP, when appropriate -->
       <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
     </sequence>
     <attribute name='Algorithm' type='anyURI' use='required'/>
@@ -122,15 +148,35 @@
     <attribute name='Id' type='ID' use='optional'/>
   </complexType>
 
-    <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
-    <complexType name='EncryptionPropertyType' mixed='true'>
-      <choice maxOccurs='unbounded'>
-        <any namespace='##other' processContents='lax'/>
-      </choice>
-      <attribute name='Target' type='anyURI' use='optional'/>
-      <attribute name='Id' type='ID' use='optional'/>
-      <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
-    </complexType>
+  <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
+  <complexType name='EncryptionPropertyType' mixed='true'>
+    <choice maxOccurs='unbounded'>
+      <any namespace='##other' processContents='lax'/>
+    </choice>
+    <attribute name='Target' type='anyURI' use='optional'/>
+    <attribute name='Id' type='ID' use='optional'/>
+    <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
+  </complexType>
+
+  <!-- Children of ds:KeyValue -->
+
+  <element name="DHKeyValue" type="xenc:DHKeyValueType"/>
+  <complexType name="DHKeyValueType">
+    <sequence>
+      <sequence minOccurs="0">
+        <element name="P" type="ds:CryptoBinary"/>
+        <element name="Q" type="ds:CryptoBinary"/>
+        <element name="Generator" type="ds:CryptoBinary"/>
+      </sequence>
+      <element name="Public" type="ds:CryptoBinary"/>
+      <sequence minOccurs="0">
+        <element name="seed" type="ds:CryptoBinary"/>
+        <element name="pgenCounter" type="ds:CryptoBinary"/>
+      </sequence>
+    </sequence>
+  </complexType>
 
+  <!-- End Children of ds:KeyValue -->
+
 </schema>