diff options
Diffstat (limited to 'auth-client/src/main')
-rw-r--r-- | auth-client/src/main/xsd/aaf_2_0.xsd | 547 | ||||
-rw-r--r-- | auth-client/src/main/xsd/aaf_oauth2.xsd | 141 | ||||
-rw-r--r-- | auth-client/src/main/xsd/certman_1_0.xsd | 169 | ||||
-rw-r--r-- | auth-client/src/main/xsd/certman_2_0.xsd | 169 | ||||
-rw-r--r-- | auth-client/src/main/xsd/locate_1_0.xsd | 79 |
5 files changed, 1105 insertions, 0 deletions
diff --git a/auth-client/src/main/xsd/aaf_2_0.xsd b/auth-client/src/main/xsd/aaf_2_0.xsd new file mode 100644 index 00000000..b4b1ba9c --- /dev/null +++ b/auth-client/src/main/xsd/aaf_2_0.xsd @@ -0,0 +1,547 @@ +<!-- + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * +--> + +<xs:schema + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:aaf="urn:aaf:v2_0" + targetNamespace="urn:aaf:v2_0" + elementFormDefault="qualified"> + +<!-- + June 2, 2017, adding Roles, Perms, etc to NSRequest for Onboarding purposes. + + Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that + with Query Params. + + Eliminate in 3.0 + --> +<!-- + Errors + Note: This Error Structure has been made to conform to the AT&T TSS Policies + --> + <xs:element name="error"> + <xs:complexType> + <xs:sequence> + <!-- + Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is + either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception. + Exception numbers may be in the range of 0001 to 9999 where : + * 0001 to 0199 are reserved for common exception messages + * 0200 to 0999 are reserved for Parlay Web Services specification use + * 1000-9999 are available for exceptions + --> + <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/> + + <!-- + Message text, with replacement + variables marked with %n, where n is + an index into the list of <variables> + elements, starting at 1 + --> + <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/> + + <!-- + List of zero or more strings that + represent the contents of the variables + used by the message text. --> + <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Requests + --> + <xs:complexType name="Request"> + <xs:sequence> + <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <xs:element name="end" type="xs:dateTime" minOccurs="1" maxOccurs="1"/> + <!-- Deprecated. Use Query Command + <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/> + --> + </xs:sequence> + </xs:complexType> + +<!-- + Keys + --> + <xs:element name="keys"> + <xs:complexType> + <xs:sequence> + <xs:element name="key" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + +<!-- + Permissions +--> + <xs:complexType name = "pkey"> + <xs:sequence> + <xs:element name="type" type="xs:string"/> + <xs:element name="instance" type="xs:string"/> + <xs:element name="action" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="permKey"> + <xs:complexType > + <xs:complexContent> + <xs:extension base="aaf:pkey" /> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="perm"> + <xs:complexType > + <xs:complexContent> + <xs:extension base="aaf:pkey"> + <xs:sequence> + <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- This data not filled in unless Requested --> + <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="perms"> + <xs:complexType> + <xs:sequence> + <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="permRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="type" type="xs:string"/> + <xs:element name="instance" type="xs:string"/> + <xs:element name="action" type="xs:string"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + +<!-- + Roles +--> + <xs:complexType name="rkey"> + <xs:sequence> + <xs:element name="name" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="roleKey"> + <xs:complexType > + <xs:complexContent> + <xs:extension base="aaf:rkey" /> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="role"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:rkey"> + <xs:sequence> + <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- This data not filled in unless Requested --> + <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="roles"> + <xs:complexType> + <xs:sequence> + <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="roleRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <!-- Added userRole return types Jonathan 9/16/2015 --> + <xs:element name="userRole"> + <xs:complexType> + <xs:sequence> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" /> + </xs:sequence> + </xs:complexType> + </xs:element> + + <!-- Added userRoles return types Jonathan 9/16/2015 --> + <xs:element name="userRoles"> + <xs:complexType> + <xs:sequence> + <xs:element ref="aaf:userRole" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="userRoleRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="rolePermRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/> + <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="nsRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Note: dec 11, 2015. Request-able NS Type Jonathan --> + <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="1"/> + + <!-- "scope" is deprecated and unused as of AAF 2.0.11. It will be removed in future versions + <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/> + + + <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="aaf_id" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + + --> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="nsAttribRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="ns" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name = "nss"> + <xs:complexType> + <xs:sequence> + <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Note: Dec 16, 2015. Added description field. Verify backward compatibility. Jonathan --> + <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Users +--> + <xs:element name="users"> + <xs:complexType> + <xs:sequence> + <xs:element name="user" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" /> + <!-- Changed type to dateTime, because of importance of Certs --> + <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <!-- need to differentiate User Cred Types, Jonathan 5/20/2015 + This Return Object is shared by multiple functions: + Type is not returned for "UserRole", but only "Cred" + --> + <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Certs + Added Jonathan 5/20/2015 to support identifying Certificate based Services + --> + <xs:element name="certs"> + <xs:complexType> + <xs:sequence> + <xs:element name="cert" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" /> + <xs:element name="x500" type="xs:string" minOccurs="1" maxOccurs="1" /> + <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <xs:element name="fingerprint" type="xs:hexBinary" minOccurs="1" maxOccurs="1" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Credentials +--> + <xs:element name="credRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="id" type="xs:string"/> + <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/> + <xs:choice > + <xs:element name="password" type="xs:string" /> + <xs:element name="entry" type="xs:string" /> + </xs:choice> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + +<!-- + Multi Request + --> + + <xs:element name="multiRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element ref="aaf:nsRequest" minOccurs="0" maxOccurs="1"/> + <xs:element ref="aaf:nsAttribRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:credRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:rolePermRequest" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + +<!-- + History + --> + <xs:element name="history"> + <xs:complexType> + <xs:sequence> + <xs:element name="item" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/> + <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Approvals + --> + <xs:complexType name="approval"> + <xs:sequence> + <!-- Note, id is set by system --> + <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="ticket" type="xs:string"/> + <xs:element name="user" type="xs:string"/> + <xs:element name="approver" type="xs:string"/> + <xs:element name="type" type="xs:string"/> + <xs:element name="memo" type="xs:string"/> + <xs:element name="updated" type="xs:dateTime"/> + <xs:element name="status"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="approve"/> + <xs:enumeration value="reject"/> + <xs:enumeration value="pending"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element name="operation"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="C"/> + <xs:enumeration value="U"/> + <xs:enumeration value="D"/> + <xs:enumeration value="G"/> + <xs:enumeration value="UG"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + </xs:sequence> + </xs:complexType> + <xs:element name="approvals"> + <xs:complexType> + <xs:sequence> + <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Delegates +--> + <xs:complexType name="delg"> + <xs:sequence> + <xs:element name="user" type="xs:string"/> + <xs:element name="delegate" type="xs:string"/> + <xs:element name="expires" type="xs:date"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="delgRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="delgs"> + <xs:complexType> + <xs:sequence> + <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <!-- Jonathan 3/11/2015 New for 2.0.8 --> + <xs:element name="api"> + <xs:complexType> + <xs:sequence> + <xs:element name="route" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/> + <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema> diff --git a/auth-client/src/main/xsd/aaf_oauth2.xsd b/auth-client/src/main/xsd/aaf_oauth2.xsd new file mode 100644 index 00000000..22283184 --- /dev/null +++ b/auth-client/src/main/xsd/aaf_oauth2.xsd @@ -0,0 +1,141 @@ +<!-- + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * +--> +<xs:schema + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:aafoauth="urn:aafoauth:v2_0" + targetNamespace="urn:aafoauth:v2_0" + elementFormDefault="qualified"> + + + <!-- Definition of a GUID found several places on WEB, 5/24/2017 + Developed a HexToken instead + <xs:simpleType name="guid"> + <xs:annotation> + <xs:documentation xml:lang="en"> + The representation of a GUID, generally the id of an element. + </xs:documentation> + </xs:annotation> + <xs:restriction base="xs:string"> + <xs:pattern value="\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}\}"/> + </xs:restriction> + </xs:simpleType> + --> + + <!-- fill this out + <xs:simpleType name="scope"> + <xs:annotation> + <xs:documentation xml:lang="en"> + The representation of a GUID, generally the id of an element. + </xs:documentation> + </xs:annotation> + <xs:restriction base="xs:string"> + <xs:pattern value="[&#x|#-[|D-~]*"/> + </xs:restriction> + </xs:simpleType> + --> + + <!-- + Authenticate: consider "redirect" as well as typical connection info like: + grant_type - use the value “password” + client_id - your API client id + client_secret - the secret key of your client + username - the account username for which you want to obtain an access token + password - the account password + response_type - use the value “token” + + --> + <!-- RFC 6749, Section 4.2.1 --> + <xs:element name="tokenRequest"> + <xs:complexType> + <xs:sequence> + <!-- Must be set to "token" --> + <xs:element name="response_type" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="client_id" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="redirect_uri" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- only include for "refresh_token" type --> + <xs:element name="refresh_token" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="state" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="scope" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Normally put in application/x-www-form-urlencoded --> + <xs:element name="grant_type" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="username" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="password" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="client_secret" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <!-- RFC 6749, Section 4.2.2 --> + <xs:element name="token"> + <xs:complexType> + <xs:sequence> + <xs:element name="access_token" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="token_type" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="refresh_token" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="expires_in" type="xs:int" minOccurs="0" maxOccurs="1"/> + <xs:element name="scope" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="state" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <!-- RFC 6749, Section 4.2.2.1 --> + <xs:element name="error"> + <xs:complexType> + <xs:sequence> + <xs:element name="error"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="invalid_request" /> + <xs:enumeration value="unauthorized_client" /> + <xs:enumeration value="access_denied" /> + <xs:enumeration value="unsupported_response_type" /> + <xs:enumeration value="invalid_scope" /> + <xs:enumeration value="server_error" /> + <xs:enumeration value="temporarily_unavailable" /> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element name="error_description" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="error_uri" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="state" type="xs:string" minOccurs = "0" maxOccurs="1" /> + </xs:sequence> + </xs:complexType> + </xs:element> + + <!-- Jonathan 4/21/2016 New for Certificate Info --> + <xs:element name="introspect"> + <xs:complexType> + <xs:sequence> + <xs:element name="access_token" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="active" type="xs:boolean" minOccurs="1" maxOccurs="1"/> + <xs:element name="client_id" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="username" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="client_type" type="xs:string" minOccurs="1" maxOccurs="1"/> + <!-- Seconds from jan 1 1970 --> + <xs:element name="exp" type="xs:long" minOccurs="0" maxOccurs="1"/> + <xs:element name="scope" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="content" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + +</xs:schema> diff --git a/auth-client/src/main/xsd/certman_1_0.xsd b/auth-client/src/main/xsd/certman_1_0.xsd new file mode 100644 index 00000000..19c698b9 --- /dev/null +++ b/auth-client/src/main/xsd/certman_1_0.xsd @@ -0,0 +1,169 @@ +<!-- + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * +--> + +<xs:schema + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:certman="urn:certman:v1_0" + targetNamespace="urn:certman:v1_0" + elementFormDefault="qualified"> + + + <!-- Jonathan 4/21/2016 New for Certificate Info --> + <xs:element name="certInfo"> + <xs:complexType> + <xs:sequence> + <!-- Base64 Encoded Private Key --> + <xs:element name="privatekey" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Base64 Encoded Certificate --> + <xs:element name="certs" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <!-- Challenge Password (2 method Auth) --> + <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Notes from Server concerning Cert (not an error) --> + <xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Issuer DNs from CA --> + <xs:element name="caIssuerDNs" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <!-- ENV in Cert --> + <xs:element name="env" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:complexType name="baseRequest"> + <xs:sequence> + <xs:element name="mechid" type="xs:string" minOccurs="1" maxOccurs="1"/> + <!-- Sponsor is only required if the caller is not Sponsor. In that case, the calling ID must be delegated to do the work. --> + <xs:element name="sponsor" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <xs:element name="end" type="xs:date" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="specificRequest"> + <xs:complexContent> + <xs:extension base="certman:baseRequest"> + <xs:sequence> + <xs:element name="serial" type="xs:string" minOccurs="1" maxOccurs="1"/> + <!-- Certificate has been compromised or other security issue --> + <xs:element name="revoke" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + + <xs:element name="certificateRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="certman:baseRequest"> + <xs:sequence> + <!-- One FQDN is required. Multiple driven by Policy --> + <xs:element name="fqdns" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <!-- Optional Email for getting Public Certificate --> + <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="clientX509Request"> + <xs:complexType> + <xs:sequence> + <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <xs:element name="email" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <xs:element name="end" type="xs:date" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="certificateRenew"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="certman:specificRequest"> + <xs:sequence> + <!-- One FQDN is required. Multiple driven by Policy --> + <xs:element name="fqdns" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <!-- Challenge Password (for accessing manually) TODO Is it necessary? --> + <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Optional Email for getting Public Certificate --> + <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="certificateDrop"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="certman:specificRequest"> + <xs:sequence> + <!-- Challenge Password (for accessing manually) TODO Is it necessary? --> + <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <!-- Placement Structures --> + + <xs:element name="artifacts"> + <xs:complexType> + <xs:sequence> + <xs:element name="artifact" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="mechid" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="machine" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="type" minOccurs="1" maxOccurs="3"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="file"/> + <xs:enumeration value="jks"/> + <xs:enumeration value="print"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element name="ca" type="xs:string" minOccurs="1" maxOccurs="1" /> + <xs:element name="dir" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="os_user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <!-- Ignored on input, and set by TABLES. However, returned on output --> + <xs:element name="sponsor" type="xs:string" minOccurs="0" maxOccurs="1" /> + <!-- Optional... if empty, will use MechID Namespace --> + <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Optional... if empty, will notify Sponsor --> + <xs:element name="notification" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Optional... Days before auto renewal. Min is 10. Max is 1/3 expiration (60) --> + <xs:element name="renewDays" type="xs:int" minOccurs="0" maxOccurs="1" default="30"/> + <!-- Optional... Additional SANS. May be denied by CA. --> + <xs:element name="sans" type="xs:string" minOccurs="0" maxOccurs="99"/> + + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + + + +</xs:schema> diff --git a/auth-client/src/main/xsd/certman_2_0.xsd b/auth-client/src/main/xsd/certman_2_0.xsd new file mode 100644 index 00000000..35389402 --- /dev/null +++ b/auth-client/src/main/xsd/certman_2_0.xsd @@ -0,0 +1,169 @@ +<!-- + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * +--> + +<xs:schema + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:certman="urn:certman:v2_0" + targetNamespace="urn:certman:v2_0" + elementFormDefault="qualified"> + + + <!-- Jonathan 4/21/2016 New for Certificate Info --> + <xs:element name="certInfo"> + <xs:complexType> + <xs:sequence> + <!-- Base64 Encoded Private Key --> + <xs:element name="privatekey" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Base64 Encoded Certificate --> + <xs:element name="certs" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <!-- Challenge Password (2 method Auth) --> + <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Notes from Server concerning Cert (not an error) --> + <xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Issuer DNs from CA --> + <xs:element name="caIssuerDNs" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <!-- ENV in Cert --> + <xs:element name="env" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:complexType name="baseRequest"> + <xs:sequence> + <xs:element name="mechid" type="xs:string" minOccurs="1" maxOccurs="1"/> + <!-- Sponsor is only required if the caller is not Sponsor. In that case, the calling ID must be delegated to do the work. --> + <xs:element name="sponsor" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <xs:element name="end" type="xs:date" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="specificRequest"> + <xs:complexContent> + <xs:extension base="certman:baseRequest"> + <xs:sequence> + <xs:element name="serial" type="xs:string" minOccurs="1" maxOccurs="1"/> + <!-- Certificate has been compromised or other security issue --> + <xs:element name="revoke" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + + <xs:element name="certificateRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="certman:baseRequest"> + <xs:sequence> + <!-- One FQDN is required. Multiple driven by Policy --> + <xs:element name="fqdns" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <!-- Optional Email for getting Public Certificate --> + <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="clientX509Request"> + <xs:complexType> + <xs:sequence> + <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <xs:element name="email" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <xs:element name="end" type="xs:date" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="certificateRenew"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="certman:specificRequest"> + <xs:sequence> + <!-- One FQDN is required. Multiple driven by Policy --> + <xs:element name="fqdns" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <!-- Challenge Password (for accessing manually) TODO Is it necessary? --> + <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Optional Email for getting Public Certificate --> + <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="certificateDrop"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="certman:specificRequest"> + <xs:sequence> + <!-- Challenge Password (for accessing manually) TODO Is it necessary? --> + <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <!-- Placement Structures --> + + <xs:element name="artifacts"> + <xs:complexType> + <xs:sequence> + <xs:element name="artifact" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="mechid" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="machine" type="xs:string" minOccurs="0" maxOccurs="1" /> + <xs:element name="type" minOccurs="1" maxOccurs="3"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="file"/> + <xs:enumeration value="jks"/> + <xs:enumeration value="print"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element name="ca" type="xs:string" minOccurs="1" maxOccurs="1" /> + <xs:element name="dir" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="os_user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <!-- Ignored on input, and set by TABLES. However, returned on output --> + <xs:element name="sponsor" type="xs:string" minOccurs="0" maxOccurs="1" /> + <!-- Optional... if empty, will use MechID Namespace --> + <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Optional... if empty, will notify Sponsor --> + <xs:element name="notification" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Optional... Days before auto renewal. Min is 10. Max is 1/3 expiration (60) --> + <xs:element name="renewDays" type="xs:int" minOccurs="0" maxOccurs="1" default="30"/> + <!-- Optional... Additional SANS. May be denied by CA. --> + <xs:element name="sans" type="xs:string" minOccurs="0" maxOccurs="99"/> + + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + + + +</xs:schema> diff --git a/auth-client/src/main/xsd/locate_1_0.xsd b/auth-client/src/main/xsd/locate_1_0.xsd new file mode 100644 index 00000000..209e3bf4 --- /dev/null +++ b/auth-client/src/main/xsd/locate_1_0.xsd @@ -0,0 +1,79 @@ +<!-- + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * +--> + +<xs:schema + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:locate="urn:locate:v1_0" + targetNamespace="urn:locate:v1_0" + elementFormDefault="qualified"> + + <xs:complexType name="endpoint"> + <xs:sequence> + <!-- Must be set to "token" --> + <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="major" type="xs:int" minOccurs="1" maxOccurs="1"/> + <xs:element name="minor" type="xs:int" minOccurs="1" maxOccurs="1"/> + <xs:element name="patch" type="xs:int" minOccurs="1" maxOccurs="1"/> + <xs:element name="pkg" type="xs:int" minOccurs="1" maxOccurs="1"/> + <xs:element name="latitude" type="xs:float" minOccurs="1" maxOccurs="1"/> + <xs:element name="longitude" type="xs:float" minOccurs="1" maxOccurs="1"/> + <xs:element name="protocol" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="subprotocol" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="hostname" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="port" type="xs:int" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="endpoints"> + <xs:complexType> + <xs:sequence> + <xs:element name="endpoint" type="locate:endpoint" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:complexType name="mgmt_endpoint"> + <xs:complexContent> + <xs:extension base="locate:endpoint"> + <xs:sequence> + <xs:element name="special_ports" minOccurs="0" maxOccurs="unbounded" > + <xs:complexType> + <xs:sequence> + <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="port" type="xs:int" minOccurs="1" maxOccurs="1"/> + <xs:element name="protocol" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="protocol_versions" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + + <xs:element name="mgmt_endpoints"> + <xs:complexType> + <xs:sequence> + <xs:element name="mgmt_endpoint" type="locate:mgmt_endpoint" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema> |