summaryrefslogtreecommitdiffstats
path: root/authz-client/src/main/xsd/certman_1_0.xsd
diff options
context:
space:
mode:
Diffstat (limited to 'authz-client/src/main/xsd/certman_1_0.xsd')
-rw-r--r--authz-client/src/main/xsd/certman_1_0.xsd131
1 files changed, 131 insertions, 0 deletions
diff --git a/authz-client/src/main/xsd/certman_1_0.xsd b/authz-client/src/main/xsd/certman_1_0.xsd
new file mode 100644
index 00000000..d99c144b
--- /dev/null
+++ b/authz-client/src/main/xsd/certman_1_0.xsd
@@ -0,0 +1,131 @@
+<!-- Used by AAF (ATT inc 2016) -->
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:certman="urn:certman:v1_0"
+ targetNamespace="urn:certman:v1_0"
+ elementFormDefault="qualified">
+
+ <!-- jg 4/21/2016 New for Certificate Info -->
+ <xs:element name="certInfo">
+ <xs:complexType>
+ <xs:sequence>
+ <!-- Base64 Encoded Private Key -->
+ <xs:element name="privatekey" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Base64 Encoded Certificate -->
+ <xs:element name="certs" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Challenge Password (2 method Auth) -->
+ <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Notes from Server concerning Cert (not an error) -->
+ <xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="baseRequest">
+ <xs:sequence>
+ <xs:element name="mechid" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Sponsor is only required if the caller is not Sponsor. In that case, the calling ID must be delegated to do the work. -->
+ <xs:element name="sponsor" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="end" type="xs:date" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="specificRequest">
+ <xs:complexContent>
+ <xs:extension base="certman:baseRequest">
+ <xs:sequence>
+ <xs:element name="serial" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Certificate has been compromised or other security issue -->
+ <xs:element name="revoke" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="certificateRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="certman:baseRequest">
+ <xs:sequence>
+ <!-- One FQDN is required. Multiple driven by Policy -->
+ <xs:element name="fqdns" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Optional Email for getting Public Certificate -->
+ <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="certificateRenew">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="certman:specificRequest">
+ <xs:sequence>
+ <!-- One FQDN is required. Multiple driven by Policy -->
+ <xs:element name="fqdns" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Challenge Password (for accessing manually) TODO Is it necessary? -->
+ <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Optional Email for getting Public Certificate -->
+ <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="certificateDrop">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="certman:specificRequest">
+ <xs:sequence>
+ <!-- Challenge Password (for accessing manually) TODO Is it necessary? -->
+ <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- Placement Structures -->
+
+ <xs:element name="artifacts">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="artifact" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="mechid" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="machine" type="xs:string" minOccurs="0" maxOccurs="1" />
+ <xs:element name="type" minOccurs="1" maxOccurs="3">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="file"/>
+ <xs:enumeration value="jks"/>
+ <xs:enumeration value="print"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ <xs:element name="ca" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <xs:element name="dir" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="os_user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Ignored on input, and set by TABLES. However, returned on output -->
+ <xs:element name="sponsor" type="xs:string" minOccurs="0" maxOccurs="1" />
+ <!-- Optional... if empty, will use MechID Namespace -->
+ <xs:element name="appName" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Optional... if empty, will notify Sponsor -->
+ <xs:element name="notification" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Optional... Days before auto renewal. Min is 10. Max is 1/3 expiration (60) -->
+ <xs:element name="renewDays" type="xs:int" minOccurs="0" maxOccurs="1" default="30"/>
+
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+
+
+</xs:schema> \ No newline at end of file