<?xml version="1.0" encoding="UTF-8"?>

<xsd:schema targetNamespace="http://www.sk.ee/DigiDoc/v1.1.0#"
	xmlns="http://www.sk.ee/DigiDoc/v1.1.0#"
	xmlns:xsd="http://www.w3.org/2001/XMLSchema"
	xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"
	xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
	elementFormDefault="qualified" >

<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" 	schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd" />
<xsd:import namespace="http://uri.etsi.org/01903/v1.1.1#" 
	schemaLocation="http://uri.etsi.org/01903/v1.1.1/XAdES.xsd" />

<!-- Root element for SignedDoc -->

<xsd:element name="SignedDoc" type="SignedDocType"/>
<xsd:complexType name="SignedDocType">
	<xsd:sequence>
		<xsd:element name="DataFile" type="DataFileType" 
			minOccurs="1" maxOccurs="unbounded"/>
		<xsd:element name="Signature" type="SignatureType" 
			minOccurs="0" maxOccurs="unbounded"/>
	</xsd:sequence>
	<xsd:attribute name="format" type="xsd:string" fixed="DIGIDOC-XML"/>
	<xsd:attribute name="version" type="xsd:string" fixed="1.1"/>
</xsd:complexType>

<!-- payload data - DataFile -->

<xsd:complexType name="DataFileType">
	<xsd:attribute name="Id" type="xsd:ID" use="required"/>
	<xsd:attribute name="Filename" type="xsd:string" use="required"/>
	<xsd:attribute name="ContentType">
		<xsd:simpleType>
			<xsd:restriction base="xsd:string">
				<xsd:enumeration value="EMBEDDED"/>
				<xsd:enumeration value="EMBEDDED_BASE64"/>
				<xsd:enumeration value="DETACHED"/>
			</xsd:restriction>
		</xsd:simpleType>
	</xsd:attribute>
	<xsd:attribute name="MimeType" type="xsd:string" use="required"/>
	<xsd:attribute name="Size" type="xsd:decimal" use="required"/>
<!-- but required for DETATCHED files -->
	<xsd:attribute name="DigestType" type="xsd:string" use="optional"/>
	<xsd:attribute name="DigestValue" type="xsd:string" use="optional"/>
</xsd:complexType>
	
<!-- Signature according to XML-DSIG and ETSI TS 101 903 -->

<xsd:element name="Signature" type="SignatureType" />
<xsd:complexType name="SignatureType">
	<xsd:sequence>
		<xsd:element name="SignedInfo" type="SignedInfoType"/>
		<xsd:element name="SignatureValue" type="SignatureValueType"/>
		<xsd:element name="KeyInfo" type="KeyInfoType"/>
		<xsd:element name="Object" type="SignatureAttributesType"/>	
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="SignatureValueType">
	<xsd:simpleContent>
<!-- Difference from XML-DSIG: attribute Id is required -->
		<xsd:extension base="xsd:base64Binary">
			<xsd:attribute name="Id" type="xsd:ID" use="required"/>
		</xsd:extension>
	</xsd:simpleContent>
</xsd:complexType>


<xsd:complexType name="SignedInfoType">
	<xsd:sequence>
<!-- Difference from XML-DSIG: we support only this one canonicalization method -->
	<xsd:element name="CanonicalizationMethod">
	  <xsd:complexType>
		<xsd:attribute name="Algorithm" type="xsd:string" 
			fixed="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
	  </xsd:complexType>
	</xsd:element>
<!-- Difference from XML-DSIG: we support only this one signature method -->
	<xsd:element name="SignatureMethod">
	  <xsd:complexType>
		<xsd:attribute name="Algorithm" type="xsd:string" 
			fixed="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
	  </xsd:complexType>
	</xsd:element>
	<xsd:sequence>
		<xsd:element name="Reference" type="ReferenceType"
			minOccurs="1" maxOccurs="unbounded"/>	
	</xsd:sequence>
	</xsd:sequence>
</xsd:complexType>


<xsd:complexType name="ReferenceType">
	<xsd:sequence>
<!-- Difference from XML-DSIG: we support only one proprietary Transform and only for detatched datafiles -->
		<xsd:element name="Transforms" type="TransformsType" 
			minOccurs="0" />
<!-- Difference from XML-DSIG: we support only this one digest method -->
		<xsd:element name="DigestMethod">
			<xsd:complexType>
				<xsd:attribute name="Algorithm" type="xsd:string" 
			fixed="http://www.w3.org/2000/09/xmldsig#sha1"/>
			</xsd:complexType>
		</xsd:element>
		<xsd:element name="DigestValue" type="ds:DigestValueType"/>
	</xsd:sequence>
<!-- Difference from XML-DSIG: URI is required since we use only detatched signatures -->
	<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
</xsd:complexType>

<xsd:complexType name="TransformsType">
	<xsd:sequence>
		<xsd:element name="Transform">
	  		<xsd:complexType>
				<xsd:attribute name="Algorithm" type="xsd:string" 
		fixed="http://www.sk.ee/2002/10/digidoc#detatched-document-signature"/>
	  		</xsd:complexType>
		</xsd:element>
	</xsd:sequence>
</xsd:complexType>


<!-- signers public sertificate data -->

<xsd:complexType name="KeyInfoType">
<!-- Difference from XML-DSIG: 
no support for KeyName, RetrievalMethod, PGPData, SPKIData, MgmtData 
-->
	<xsd:sequence>
		<xsd:element name="KeyValue" type="KeyValueType" />
		<xsd:element name="X509Data" type="X509DataType" />
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="KeyValueType">
<!-- Difference from XML-DSIG: no support for DSAKeyValue -->
	<xsd:sequence>
		<xsd:element name="RSAKeyValue" type="ds:RSAKeyValueType" />
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="X509DataType">
<!-- Difference from XML-DSIG: 
no support for X509IssuerSerial, X509SKI, X509SubjectName, X509CRL
-->
	<xsd:sequence>
		<xsd:element name="X509Certificate" type="X509CertificateType"/>
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="X509CertificateType">
<!-- Difference from XML-DSIG: attribute Id is required -->
	<xsd:simpleContent>
		<xsd:extension base="xsd:base64Binary">
			<xsd:attribute name="Id" type="xsd:ID" use="required"/>
		</xsd:extension>
	</xsd:simpleContent>
</xsd:complexType>


<!-- signed and unsigned signature properties -->

<xsd:complexType name="SignatureAttributesType">
	<xsd:sequence>
	<xsd:element name="QualifyingProperties" type="QualifyingPropertiesType" />
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="QualifyingPropertiesType">
	<xsd:sequence>
		<xsd:element name="SignedProperties" 
			type="SignedPropertiesType" />
		<xsd:element name="UnsignedProperties" 
			type="UnsignedPropertiesType" />
	</xsd:sequence>
</xsd:complexType>

<!-- signed properties -->

<xsd:complexType name="SignedPropertiesType">
	<xsd:sequence>
		<xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType" />
<!-- Difference from ETSI: we use only empty element, not content for now -->
		<xsd:element name="SignedDataObjectProperties" />
	</xsd:sequence>
	<xsd:attribute name="Id" type="xsd:ID" use="required"/>
	<xsd:attribute name="Target" type="xsd:anyURI" use="required"/>
</xsd:complexType>

<xsd:complexType name="SignedSignaturePropertiesType">
	<xsd:sequence>
		<xsd:element name="SigningTime" type="xsd:dateTime" />
<!-- Difference from ETSI: no list, just one cert info here -->
		<xsd:element name="SigningCertificate" 
			type="SigningCertificateType" />
<!-- Difference from ETSI: we use only empty element, no content for now -->
		<xsd:element name="SignaturePolicyIdentifier" 
			type="SignaturePolicyIdentifierType" />
		<xsd:element name="SignatureProductionPlace" 
			type="etsi:SignatureProductionPlaceType" />
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="SigningCertificateType">
<!-- Difference from ETSI: no list, just one cert info here -->
	<xsd:sequence>
		<xsd:element name="Cert" type="CertType" />
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="CertType">
	<xsd:sequence>
		<xsd:element name="CertDigest" type="etsi:DigestAlgAndValueType" />
		<xsd:element name="IssuerSerial" type="ds:X509IssuerSerialType" />
	</xsd:sequence>
<!-- Difference from ETSI: Id atribute is required -->
	<xsd:attribute name="Id" type="xsd:ID" use="required"/>
</xsd:complexType>

<xsd:complexType name="SignaturePolicyIdentifierType">
	<xsd:sequence>
		<xsd:element name="SignaturePolicyImplied" />
	</xsd:sequence>
</xsd:complexType>


<!-- unsigned signature properties - this contains the OCSP response! -->

<xsd:complexType name="UnsignedPropertiesType">
	<xsd:sequence>
		<xsd:element name="UnsignedSignatureProperties" 
			type="UnsignedSignaturePropertiesType" />
	</xsd:sequence>
	<xsd:attribute name="Target" type="xsd:anyURI" use="required"/>
</xsd:complexType>

<xsd:complexType name="UnsignedSignaturePropertiesType">
<!-- Difference from ETSI: we don't support elements CounterSignature, 
	SignatureTimeStamp, SigAndRefsTimeStamp, RefsOnlyTimeStamp, ArchiveTimeStamp
 -->
	<xsd:sequence>
		<xsd:element name="CompleteCertificateRefs" 
			type="CompleteCertificateRefsType" />
		<xsd:element name="CompleteRevocationRefs" 
			type="CompleteRevocationRefsType" />
		<xsd:element name="CertificateValues" 
			type="CertificateValuesType" />
		<xsd:element name="RevocationValues" 
			type="RevocationValuesType" />
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="CompleteCertificateRefsType">
<!-- Difference from ETSI: no list, just one cert info here -->
	<xsd:sequence>
		<xsd:element name="Cert" type="CertType" />
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="CertificateValuesType">
	<xsd:sequence>
		<xsd:element name="EncapsulatedX509Certificate">
			<xsd:complexType>
			<xsd:simpleContent>
				<xsd:extension base="xsd:base64Binary">
<!-- Difference from ETSI: Id atribute is required -->
				<xsd:attribute name="Id" 
					type="xsd:ID" use="required"/>
				</xsd:extension>
			</xsd:simpleContent>
			</xsd:complexType>
		</xsd:element>
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="RevocationValuesType">
	<xsd:sequence>
		<xsd:element name="EncapsulatedOCSPValue">
			<xsd:complexType>
			<xsd:simpleContent>
				<xsd:extension base="xsd:base64Binary">
<!-- Difference from ETSI: Id atribute is required -->
				<xsd:attribute name="Id" 
					type="xsd:ID" use="required"/>
				</xsd:extension>
			</xsd:simpleContent>
			</xsd:complexType>
		</xsd:element>
	</xsd:sequence>
</xsd:complexType>

<xsd:complexType name="CompleteRevocationRefsType">
<!-- Difference from ETSI: we don't support elements: CRLRefs and OtherRefs -->
	<xsd:sequence>
		<xsd:element name="OCSPRefs" type="etsi:OCSPRefsType" />
	</xsd:sequence>
</xsd:complexType>


</xsd:schema>