--- /dev/null
+<!--
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+-->
+
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:certman="urn:certman:v2_0"
+ targetNamespace="urn:certman:v2_0"
+ elementFormDefault="qualified">
+
+
+ <!-- Jonathan 4/21/2016 New for Certificate Info -->
+ <xs:element name="certInfo">
+ <xs:complexType>
+ <xs:sequence>
+ <!-- Base64 Encoded Private Key -->
+ <xs:element name="privatekey" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Base64 Encoded Certificate -->
+ <xs:element name="certs" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Challenge Password (2 method Auth) -->
+ <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Notes from Server concerning Cert (not an error) -->
+ <xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Issuer DNs from CA -->
+ <xs:element name="caIssuerDNs" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- ENV in Cert -->
+ <xs:element name="env" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="baseRequest">
+ <xs:sequence>
+ <xs:element name="mechid" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Sponsor is only required if the caller is not Sponsor. In that case, the calling ID must be delegated to do the work. -->
+ <xs:element name="sponsor" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="end" type="xs:date" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="specificRequest">
+ <xs:complexContent>
+ <xs:extension base="certman:baseRequest">
+ <xs:sequence>
+ <xs:element name="serial" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Certificate has been compromised or other security issue -->
+ <xs:element name="revoke" type="xs:boolean" minOccurs="0" maxOccurs="1" default="false"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="certificateRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="certman:baseRequest">
+ <xs:sequence>
+ <!-- One FQDN is required. Multiple driven by Policy -->
+ <xs:element name="fqdns" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Optional Email for getting Public Certificate -->
+ <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="clientX509Request">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="email" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="end" type="xs:date" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="certificateRenew">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="certman:specificRequest">
+ <xs:sequence>
+ <!-- One FQDN is required. Multiple driven by Policy -->
+ <xs:element name="fqdns" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Challenge Password (for accessing manually) TODO Is it necessary? -->
+ <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Optional Email for getting Public Certificate -->
+ <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="certificateDrop">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="certman:specificRequest">
+ <xs:sequence>
+ <!-- Challenge Password (for accessing manually) TODO Is it necessary? -->
+ <xs:element name="challenge" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- Placement Structures -->
+
+ <xs:element name="artifacts">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="artifact" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="mechid" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="machine" type="xs:string" minOccurs="0" maxOccurs="1" />
+ <xs:element name="type" minOccurs="1" maxOccurs="3">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="file"/>
+ <xs:enumeration value="jks"/>
+ <xs:enumeration value="print"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ <xs:element name="ca" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <xs:element name="dir" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="os_user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Ignored on input, and set by TABLES. However, returned on output -->
+ <xs:element name="sponsor" type="xs:string" minOccurs="0" maxOccurs="1" />
+ <!-- Optional... if empty, will use MechID Namespace -->
+ <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Optional... if empty, will notify Sponsor -->
+ <xs:element name="notification" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Optional... Days before auto renewal. Min is 10. Max is 1/3 expiration (60) -->
+ <xs:element name="renewDays" type="xs:int" minOccurs="0" maxOccurs="1" default="30"/>
+ <!-- Optional... Additional SANS. May be denied by CA. -->
+ <xs:element name="sans" type="xs:string" minOccurs="0" maxOccurs="99"/>
+
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+
+
+</xs:schema>
Code Review / aaf / authz.git / blobdiff