advancedsecurity.wsdl 77 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <?xml-stylesheet type="text/xsl" href="../../../ver20/util/onvif-wsdl-viewer.xsl"?>
  3. <!--
  4. Copyright (c) 2013 - 2014 by ONVIF: Open Network Video Interface Forum. All rights reserved.
  5. Recipients of this document may copy, distribute, publish, or display this document so long as this copyright notice, license and disclaimer are retained with all copies of the document. No license is granted to modify this document.
  6. THIS DOCUMENT IS PROVIDED "AS IS," AND THE CORPORATION AND ITS MEMBERS AND THEIR AFFILIATES, MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THIS DOCUMENT ARE SUITABLE FOR ANY PURPOSE; OR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
  7. IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS DOCUMENT, WHETHER OR NOT (1) THE CORPORATION, MEMBERS OR THEIR AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR (2) SUCH DAMAGES WERE REASONABLY FORESEEABLE, AND ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS DOCUMENT. THE FOREGOING DISCLAIMER AND LIMITATION ON LIABILITY DO NOT APPLY TO, INVALIDATE, OR LIMIT REPRESENTATIONS AND WARRANTIES MADE BY THE MEMBERS AND THEIR RESPECTIVE AFFILIATES TO THE CORPORATION AND OTHER MEMBERS IN CERTAIN WRITTEN POLICIES OF THE CORPORATION.
  8. -->
  9. <wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:tas="http://www.onvif.org/ver10/advancedsecurity/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap12/" targetNamespace="http://www.onvif.org/ver10/advancedsecurity/wsdl">
  10. <wsdl:types>
  11. <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://www.onvif.org/ver10/advancedsecurity/wsdl" version="1.0.2">
  12. <!--===================================================-->
  13. <!-- Data types used by the advanced security features -->
  14. <!--===================================================-->
  15. <xs:simpleType name="KeyID">
  16. <xs:annotation>
  17. <xs:documentation>Unique identifier for keys in the keystore.</xs:documentation>
  18. </xs:annotation>
  19. <xs:restriction base="xs:ID"/>
  20. </xs:simpleType>
  21. <!--===============================-->
  22. <xs:simpleType name="CertificateID">
  23. <xs:annotation>
  24. <xs:documentation>Unique identifier for certificates in the keystore.</xs:documentation>
  25. </xs:annotation>
  26. <xs:restriction base="xs:ID"/>
  27. </xs:simpleType>
  28. <!--===============================-->
  29. <xs:simpleType name="CertificationPathID">
  30. <xs:annotation>
  31. <xs:documentation>Unique identifier for certification paths in the keystore.</xs:documentation>
  32. </xs:annotation>
  33. <xs:restriction base="xs:ID"/>
  34. </xs:simpleType>
  35. <!--===============================-->
  36. <xs:simpleType name="KeyStatus">
  37. <xs:annotation>
  38. <xs:documentation>The status of a key in the keystore.</xs:documentation>
  39. </xs:annotation>
  40. <xs:restriction base="xs:string">
  41. <xs:enumeration value="ok">
  42. <xs:annotation>
  43. <xs:documentation>Key is ready for use</xs:documentation>
  44. </xs:annotation>
  45. </xs:enumeration>
  46. <xs:enumeration value="generating">
  47. <xs:annotation>
  48. <xs:documentation>Key is being generated</xs:documentation>
  49. </xs:annotation>
  50. </xs:enumeration>
  51. <xs:enumeration value="corrupt">
  52. <xs:annotation>
  53. <xs:documentation>Key has not been successfully generated and cannot be used.</xs:documentation>
  54. </xs:annotation>
  55. </xs:enumeration>
  56. </xs:restriction>
  57. </xs:simpleType>
  58. <!--===============================-->
  59. <xs:simpleType name="DotDecimalOID">
  60. <xs:annotation>
  61. <xs:documentation>An object identifier (OID) in dot-decimal form as specified in RFC4512.</xs:documentation>
  62. </xs:annotation>
  63. <xs:restriction base="xs:string">
  64. <xs:pattern value="[0-9]+(.[0-9]+)*"/>
  65. </xs:restriction>
  66. </xs:simpleType>
  67. <!--===============================-->
  68. <xs:simpleType name="DNAttributeType">
  69. <xs:annotation>
  70. <xs:documentation>The distinguished name attribute type encoded as specified in RFC 4514.</xs:documentation>
  71. </xs:annotation>
  72. <xs:restriction base="xs:string"/>
  73. </xs:simpleType>
  74. <!--===============================-->
  75. <xs:simpleType name="DNAttributeValue">
  76. <xs:restriction base="xs:string">
  77. <xs:annotation>
  78. <xs:documentation>
  79. The distinguished name attribute values are encoded in UTF-8 or in hexadecimal form as specified in RFC 4514.
  80. </xs:documentation>
  81. </xs:annotation>
  82. </xs:restriction>
  83. </xs:simpleType>
  84. <!--===============================-->
  85. <xs:complexType name="KeyAttribute">
  86. <xs:annotation>
  87. <xs:documentation>The attributes of a key in the keystore.</xs:documentation>
  88. </xs:annotation>
  89. <xs:sequence>
  90. <xs:element name="KeyID" type="tas:KeyID">
  91. <xs:annotation>
  92. <xs:documentation>The ID of the key.</xs:documentation>
  93. </xs:annotation>
  94. </xs:element>
  95. <xs:element name="Alias" type="xs:string" minOccurs="0">
  96. <xs:annotation>
  97. <xs:documentation>The client-defined alias of the key.</xs:documentation>
  98. </xs:annotation>
  99. </xs:element>
  100. <xs:element name="hasPrivateKey" type="xs:boolean" minOccurs="0">
  101. <xs:annotation>
  102. <xs:documentation>Absent if the key is not a key pair. True if and only if the key is a key pair and contains a private key. False if and only if the key is a key pair and does not contain a private key.</xs:documentation>
  103. </xs:annotation>
  104. </xs:element>
  105. <xs:element name="KeyStatus" type="xs:string">
  106. <xs:annotation>
  107. <xs:documentation>The status of the key. The value should be one of the values in the tas:KeyStatus enumeration.</xs:documentation>
  108. </xs:annotation>
  109. </xs:element>
  110. <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax"/>
  111. </xs:sequence>
  112. <xs:anyAttribute processContents="lax"/>
  113. </xs:complexType>
  114. <!--===============================-->
  115. <xs:complexType name="DNAttributeTypeAndValue">
  116. <xs:annotation>
  117. <xs:documentation>A distinguished name attribute type and value pair.</xs:documentation>
  118. </xs:annotation>
  119. <xs:sequence>
  120. <xs:element name="Type" type="tas:DNAttributeType">
  121. <xs:annotation>
  122. <xs:documentation>The attribute type.</xs:documentation>
  123. </xs:annotation>
  124. </xs:element>
  125. <xs:element name="Value" type="tas:DNAttributeValue">
  126. <xs:annotation>
  127. <xs:documentation>The value of the attribute.</xs:documentation>
  128. </xs:annotation>
  129. </xs:element>
  130. <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax"/>
  131. </xs:sequence>
  132. <xs:anyAttribute processContents="lax"/>
  133. </xs:complexType>
  134. <!--===============================-->
  135. <xs:complexType name="MultiValuedRDN">
  136. <xs:annotation>
  137. <xs:documentation>A multi-valued RDN</xs:documentation>
  138. </xs:annotation>
  139. <xs:sequence>
  140. <xs:element minOccurs="0" maxOccurs="unbounded" name="Attribute" type="tas:DNAttributeTypeAndValue">
  141. <xs:annotation>
  142. <xs:documentation>A list of types and values defining a multi-valued RDN</xs:documentation>
  143. </xs:annotation>
  144. </xs:element>
  145. </xs:sequence>
  146. </xs:complexType>
  147. <!--===============================-->
  148. <xs:complexType name="DistinguishedName">
  149. <xs:sequence>
  150. <xs:element minOccurs="0" maxOccurs="unbounded" name="Country"
  151. type="tas:DNAttributeValue">
  152. <xs:annotation>
  153. <xs:documentation>A country name as specified in
  154. X.500.</xs:documentation>
  155. </xs:annotation>
  156. </xs:element>
  157. <xs:element minOccurs="0" maxOccurs="unbounded" name="Organization"
  158. type="tas:DNAttributeValue">
  159. <xs:annotation>
  160. <xs:documentation>An organization name as specified in
  161. X.500.</xs:documentation>
  162. </xs:annotation>
  163. </xs:element>
  164. <xs:element minOccurs="0" maxOccurs="unbounded" name="OrganizationalUnit"
  165. type="tas:DNAttributeValue">
  166. <xs:annotation>
  167. <xs:documentation>An organizational unit name as specified in
  168. X.500.</xs:documentation>
  169. </xs:annotation>
  170. </xs:element>
  171. <xs:element minOccurs="0" maxOccurs="unbounded"
  172. name="DistinguishedNameQualifier" type="tas:DNAttributeValue">
  173. <xs:annotation>
  174. <xs:documentation>A distinguished name qualifier as specified in
  175. X.500.</xs:documentation>
  176. </xs:annotation>
  177. </xs:element>
  178. <xs:element minOccurs="0" maxOccurs="unbounded" name="StateOrProvinceName"
  179. type="tas:DNAttributeValue">
  180. <xs:annotation>
  181. <xs:documentation>A state or province name as specified in
  182. X.500.</xs:documentation>
  183. </xs:annotation>
  184. </xs:element>
  185. <xs:element minOccurs="0" maxOccurs="unbounded" name="CommonName"
  186. type="tas:DNAttributeValue">
  187. <xs:annotation>
  188. <xs:documentation>A common name as specified in
  189. X.500.</xs:documentation>
  190. </xs:annotation>
  191. </xs:element>
  192. <xs:element minOccurs="0" maxOccurs="unbounded" name="SerialNumber"
  193. type="tas:DNAttributeValue">
  194. <xs:annotation>
  195. <xs:documentation>A serial number as specified in
  196. X.500.</xs:documentation>
  197. </xs:annotation>
  198. </xs:element>
  199. <xs:element minOccurs="0" maxOccurs="unbounded" name="Locality"
  200. type="tas:DNAttributeValue">
  201. <xs:annotation>
  202. <xs:documentation>A locality as specified in X.500.</xs:documentation>
  203. </xs:annotation>
  204. </xs:element>
  205. <xs:element minOccurs="0" maxOccurs="unbounded" name="Title"
  206. type="tas:DNAttributeValue">
  207. <xs:annotation>
  208. <xs:documentation>A title as specified in X.500.</xs:documentation>
  209. </xs:annotation>
  210. </xs:element>
  211. <xs:element minOccurs="0" maxOccurs="unbounded" name="Surname"
  212. type="tas:DNAttributeValue">
  213. <xs:annotation>
  214. <xs:documentation>A surname as specified in X.500.</xs:documentation>
  215. </xs:annotation>
  216. </xs:element>
  217. <xs:element minOccurs="0" maxOccurs="unbounded" name="GivenName"
  218. type="tas:DNAttributeValue">
  219. <xs:annotation>
  220. <xs:documentation>A given name as specified in X.500.</xs:documentation>
  221. </xs:annotation>
  222. </xs:element>
  223. <xs:element minOccurs="0" maxOccurs="unbounded" name="Initials"
  224. type="tas:DNAttributeValue">
  225. <xs:annotation>
  226. <xs:documentation>Initials as specified in X.500.</xs:documentation>
  227. </xs:annotation>
  228. </xs:element>
  229. <xs:element minOccurs="0" maxOccurs="unbounded" name="Pseudonym"
  230. type="tas:DNAttributeValue">
  231. <xs:annotation>
  232. <xs:documentation>A pseudonym as specified in X.500.</xs:documentation>
  233. </xs:annotation>
  234. </xs:element>
  235. <xs:element minOccurs="0" maxOccurs="unbounded" name="GenerationQualifier"
  236. type="tas:DNAttributeValue">
  237. <xs:annotation>
  238. <xs:documentation>A generation qualifier as specified in
  239. X.500.</xs:documentation>
  240. </xs:annotation>
  241. </xs:element>
  242. <xs:element minOccurs="0" maxOccurs="unbounded" name="GenericAttribute"
  243. type="tas:DNAttributeTypeAndValue">
  244. <xs:annotation>
  245. <xs:documentation>A generic type-value pair
  246. attribute.</xs:documentation>
  247. </xs:annotation>
  248. </xs:element>
  249. <xs:element minOccurs="0" maxOccurs="unbounded" name="MultiValuedRDN"
  250. type="tas:MultiValuedRDN">
  251. <xs:annotation>
  252. <xs:documentation>A multi-valued RDN</xs:documentation>
  253. </xs:annotation>
  254. </xs:element>
  255. <xs:element minOccurs="0" name="anyAttribute">
  256. <xs:complexType>
  257. <xs:sequence>
  258. <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any"
  259. processContents="lax"/>
  260. </xs:sequence>
  261. </xs:complexType>
  262. </xs:element>
  263. </xs:sequence>
  264. <xs:anyAttribute processContents="lax"/>
  265. </xs:complexType>
  266. <!--===============================-->
  267. <xs:complexType name="AlgorithmIdentifier">
  268. <xs:annotation>
  269. <xs:documentation>An identifier of an algorithm.</xs:documentation>
  270. </xs:annotation>
  271. <xs:sequence>
  272. <xs:element name="algorithm" type="tas:DotDecimalOID">
  273. <xs:annotation>
  274. <xs:documentation>The OID of the algorithm in dot-decimal form.</xs:documentation>
  275. </xs:annotation>
  276. </xs:element>
  277. <xs:element minOccurs="0" name="parameters" type="tas:Base64DERencodedASN1Value">
  278. <xs:annotation>
  279. <xs:documentation>Optional parameters of the algorithm (depending on the algorithm).</xs:documentation>
  280. </xs:annotation>
  281. </xs:element>
  282. <xs:element minOccurs="0" name="anyParameters">
  283. <xs:complexType>
  284. <xs:sequence>
  285. <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax"/>
  286. </xs:sequence>
  287. </xs:complexType>
  288. </xs:element>
  289. </xs:sequence>
  290. <xs:anyAttribute processContents="lax"/>
  291. </xs:complexType>
  292. <!--===============================-->
  293. <xs:complexType name="BasicRequestAttribute">
  294. <xs:annotation>
  295. <xs:documentation>A CSR attribute as specified in RFC 2986.</xs:documentation>
  296. </xs:annotation>
  297. <xs:sequence>
  298. <xs:element name="OID" type="tas:DotDecimalOID">
  299. <xs:annotation>
  300. <xs:documentation>The OID of the attribute.</xs:documentation>
  301. </xs:annotation>
  302. </xs:element>
  303. <xs:element name="value" type="tas:Base64DERencodedASN1Value">
  304. <xs:annotation>
  305. <xs:documentation>The value of the attribute as a base64-encoded DER representation of an ASN.1 value.</xs:documentation>
  306. </xs:annotation>
  307. </xs:element>
  308. <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax"/>
  309. </xs:sequence>
  310. <xs:anyAttribute processContents="lax"/>
  311. </xs:complexType>
  312. <!--===============================-->
  313. <xs:complexType name="CSRAttribute">
  314. <xs:annotation>
  315. <xs:documentation>A CSR attribute as specified in PKCS#10.</xs:documentation>
  316. </xs:annotation>
  317. <xs:choice>
  318. <xs:element name="X509v3Extension" type="tas:X509v3Extension">
  319. <xs:annotation>
  320. <xs:documentation>An X.509v3 extension field.</xs:documentation>
  321. </xs:annotation>
  322. </xs:element>
  323. <xs:element name="BasicRequestAttribute" type="tas:BasicRequestAttribute">
  324. <xs:annotation>
  325. <xs:documentation>A basic CSR attribute.</xs:documentation>
  326. </xs:annotation>
  327. </xs:element>
  328. <xs:element minOccurs="0" name="anyAttribute">
  329. <xs:complexType>
  330. <xs:sequence>
  331. <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax"/>
  332. </xs:sequence>
  333. </xs:complexType>
  334. </xs:element>
  335. </xs:choice>
  336. <xs:anyAttribute processContents="lax"/>
  337. </xs:complexType>
  338. <!--===============================-->
  339. <xs:simpleType name="Base64DERencodedASN1Value">
  340. <xs:annotation>
  341. <xs:documentation>A base64-encoded ASN.1 value.</xs:documentation>
  342. </xs:annotation>
  343. <xs:restriction base="xs:base64Binary"/>
  344. </xs:simpleType>
  345. <!--===============================-->
  346. <xs:complexType name="X509v3Extension">
  347. <xs:annotation>
  348. <xs:documentation>An X.509v3 extension field as specified in RFC 5280</xs:documentation>
  349. </xs:annotation>
  350. <xs:sequence>
  351. <xs:element name="extnOID" type="tas:DotDecimalOID">
  352. <xs:annotation>
  353. <xs:documentation>The OID of the extension field.</xs:documentation>
  354. </xs:annotation>
  355. </xs:element>
  356. <xs:element default="false" name="critical" type="xs:boolean">
  357. <xs:annotation>
  358. <xs:documentation>True if and only if the extension is critical.</xs:documentation>
  359. </xs:annotation>
  360. </xs:element>
  361. <xs:element name="extnValue" type="tas:Base64DERencodedASN1Value">
  362. <xs:annotation>
  363. <xs:documentation>The value of the extension field as a base64-encoded DER representation of an ASN.1 value.</xs:documentation>
  364. </xs:annotation>
  365. </xs:element>
  366. <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax"/>
  367. </xs:sequence>
  368. <xs:anyAttribute processContents="lax"/>
  369. </xs:complexType>
  370. <!--===============================-->
  371. <xs:complexType name="X509Certificate">
  372. <xs:annotation>
  373. <xs:documentation>An X.509 cerficiate as specified in RFC 5280.</xs:documentation>
  374. </xs:annotation>
  375. <xs:sequence>
  376. <xs:element name="CertificateID" type="tas:CertificateID">
  377. <xs:annotation>
  378. <xs:documentation>The ID of the certificate.</xs:documentation>
  379. </xs:annotation>
  380. </xs:element>
  381. <xs:element name="KeyID" type="tas:KeyID">
  382. <xs:annotation>
  383. <xs:documentation>The ID of the key that this certificate associates to the certificate subject.</xs:documentation>
  384. </xs:annotation>
  385. </xs:element>
  386. <xs:element name="Alias" type="xs:string" minOccurs="0">
  387. <xs:annotation>
  388. <xs:documentation>The client-defined alias of the certificate.</xs:documentation>
  389. </xs:annotation>
  390. </xs:element>
  391. <xs:element name="CertificateContent" type="tas:Base64DERencodedASN1Value">
  392. <xs:annotation>
  393. <xs:documentation>The base64-encoded DER representation of the X.509 certificate.</xs:documentation>
  394. </xs:annotation>
  395. </xs:element>
  396. <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any" processContents="lax"/>
  397. </xs:sequence>
  398. <xs:anyAttribute processContents="lax"/>
  399. </xs:complexType>
  400. <!--===============================-->
  401. <xs:complexType name="CertificateIDs">
  402. <xs:annotation>
  403. <xs:documentation>A sequence of certificate IDs.</xs:documentation>
  404. </xs:annotation>
  405. <xs:sequence>
  406. <xs:element maxOccurs="unbounded" name="CertificateID" type="tas:CertificateID">
  407. <xs:annotation>
  408. <xs:documentation>A certificate ID.</xs:documentation>
  409. </xs:annotation>
  410. </xs:element>
  411. </xs:sequence>
  412. <xs:anyAttribute processContents="lax"/>
  413. </xs:complexType>
  414. <!--===============================-->
  415. <xs:complexType name="CertificationPath">
  416. <xs:annotation>
  417. <xs:documentation>An X.509 certification path as defined in RFC 5280.</xs:documentation>
  418. </xs:annotation>
  419. <xs:sequence>
  420. <xs:element maxOccurs="unbounded" name="CertificateID" type="tas:CertificateID">
  421. <xs:annotation>
  422. <xs:documentation>A certificate in the certification path.</xs:documentation>
  423. </xs:annotation>
  424. </xs:element>
  425. <xs:element name="Alias" type="xs:string" minOccurs="0">
  426. <xs:annotation>
  427. <xs:documentation>The client-defined alias of the certification path.</xs:documentation>
  428. </xs:annotation>
  429. </xs:element>
  430. <xs:element minOccurs="0" name="anyElement">
  431. <xs:complexType>
  432. <xs:sequence>
  433. <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded" processContents="lax"/>
  434. </xs:sequence>
  435. </xs:complexType>
  436. </xs:element>
  437. </xs:sequence>
  438. <xs:anyAttribute processContents="lax"/>
  439. </xs:complexType>
  440. <!--===============================-->
  441. <xs:simpleType name="RSAKeyLengths">
  442. <xs:annotation>
  443. <xs:documentation>A list of RSA key lenghts in bits.</xs:documentation>
  444. </xs:annotation>
  445. <xs:list itemType="xs:nonNegativeInteger"/>
  446. </xs:simpleType>
  447. <xs:simpleType name="X509Versions">
  448. <xs:annotation>
  449. <xs:documentation>A list of X.509 versions.</xs:documentation>
  450. </xs:annotation>
  451. <xs:list itemType="xs:int"/>
  452. </xs:simpleType>
  453. <xs:simpleType name="TLSVersions">
  454. <xs:annotation>
  455. <xs:documentation>A list of TLS versions.</xs:documentation>
  456. </xs:annotation>
  457. <xs:list itemType="xs:string"/>
  458. </xs:simpleType>
  459. <!--===============================-->
  460. <xs:complexType name="KeystoreCapabilities">
  461. <xs:annotation>
  462. <xs:documentation>The capabilities of a keystore implementation on a device.</xs:documentation>
  463. </xs:annotation>
  464. <xs:sequence>
  465. <xs:element minOccurs="0" maxOccurs="unbounded" name="SignatureAlgorithms" type="tas:AlgorithmIdentifier">
  466. <xs:annotation>
  467. <xs:documentation>The signature algorithms supported by the keystore implementation.</xs:documentation>
  468. </xs:annotation>
  469. </xs:element>
  470. <xs:element minOccurs="0" name="anyElement">
  471. <xs:complexType>
  472. <xs:sequence>
  473. <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded" processContents="lax"/>
  474. </xs:sequence>
  475. </xs:complexType>
  476. </xs:element>
  477. </xs:sequence>
  478. <xs:attribute name="MaximumNumberOfKeys" type="xs:positiveInteger">
  479. <xs:annotation>
  480. <xs:documentation>Indicates the maximum number of keys that the device can store simultaneously.</xs:documentation>
  481. </xs:annotation>
  482. </xs:attribute>
  483. <xs:attribute name="MaximumNumberOfCertificates" type="xs:positiveInteger">
  484. <xs:annotation>
  485. <xs:documentation>Indicates the maximum number of certificates that the device can store simultaneously.</xs:documentation>
  486. </xs:annotation>
  487. </xs:attribute>
  488. <xs:attribute name="MaximumNumberOfCertificationPaths" type="xs:positiveInteger">
  489. <xs:annotation>
  490. <xs:documentation>Indicates the maximum number of certification paths that the device can store simultaneously.</xs:documentation>
  491. </xs:annotation>
  492. </xs:attribute>
  493. <xs:attribute name="RSAKeyPairGeneration" type="xs:boolean">
  494. <xs:annotation>
  495. <xs:documentation>Indication that the device supports on-board RSA key pair generation.</xs:documentation>
  496. </xs:annotation>
  497. </xs:attribute>
  498. <xs:attribute name="RSAKeyLengths" type="tas:RSAKeyLengths">
  499. <xs:annotation>
  500. <xs:documentation>Indicates which RSA key lengths are supported by the device.</xs:documentation>
  501. </xs:annotation>
  502. </xs:attribute>
  503. <xs:attribute name="PKCS10ExternalCertificationWithRSA" type="xs:boolean">
  504. <xs:annotation>
  505. <xs:documentation>Indicates support for creating PKCS#10 requests for RSA keys and uploading the certificate obtained from a CA..</xs:documentation>
  506. </xs:annotation>
  507. </xs:attribute>
  508. <xs:attribute name="SelfSignedCertificateCreationWithRSA" type="xs:boolean">
  509. <xs:annotation>
  510. <xs:documentation>Indicates support for creating self-signed certificates for RSA keys.</xs:documentation>
  511. </xs:annotation>
  512. </xs:attribute>
  513. <xs:attribute name="X509Versions" type="tas:X509Versions">
  514. <xs:annotation>
  515. <xs:documentation>Indicates which X.509 versions are supported by the device.</xs:documentation>
  516. </xs:annotation>
  517. </xs:attribute>
  518. <xs:anyAttribute processContents="lax"/>
  519. </xs:complexType>
  520. <!--===============================-->
  521. <xs:complexType name="TLSServerCapabilities">
  522. <xs:annotation>
  523. <xs:documentation>The capabilities of a TLS server implementation on a device.</xs:documentation>
  524. </xs:annotation>
  525. <xs:sequence>
  526. <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  527. </xs:sequence>
  528. <xs:attribute name="TLSServerSupported" type="tas:TLSVersions">
  529. <xs:annotation>
  530. <xs:documentation>Indicates which TLS versions are supported by the device.</xs:documentation>
  531. </xs:annotation>
  532. </xs:attribute>
  533. <xs:attribute name="MaximumNumberOfTLSCertificationPaths" type="xs:positiveInteger">
  534. <xs:annotation>
  535. <xs:documentation>Indicates the maximum number of certification paths that may be assigned to the TLS server simultaneously.</xs:documentation>
  536. </xs:annotation>
  537. </xs:attribute>
  538. <xs:anyAttribute processContents="lax"/>
  539. </xs:complexType>
  540. <!--===============================-->
  541. <xs:complexType name="Capabilities">
  542. <xs:annotation>
  543. <xs:documentation>The capabilities of an Advanced Security Service implementation on a device.</xs:documentation>
  544. </xs:annotation>
  545. <xs:sequence>
  546. <xs:element name="KeystoreCapabilities" type="tas:KeystoreCapabilities">
  547. <xs:annotation>
  548. <xs:documentation>The capabilities of the keystore implementation.</xs:documentation>
  549. </xs:annotation>
  550. </xs:element>
  551. <xs:element name="TLSServerCapabilities" type="tas:TLSServerCapabilities">
  552. <xs:annotation>
  553. <xs:documentation>The capabilities of the TLS server implementation.</xs:documentation>
  554. </xs:annotation>
  555. </xs:element>
  556. <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
  557. </xs:sequence>
  558. <xs:anyAttribute processContents="lax"/>
  559. </xs:complexType>
  560. <xs:element name="Capabilities" type="tas:Capabilities"/>
  561. <!--=========================================-->
  562. <!-- Request/response elements -->
  563. <!--=========================================-->
  564. <xs:element name="GetServiceCapabilities">
  565. <xs:complexType>
  566. <xs:sequence/>
  567. </xs:complexType>
  568. </xs:element>
  569. <xs:element name="GetServiceCapabilitiesResponse">
  570. <xs:complexType>
  571. <xs:sequence>
  572. <xs:element name="Capabilities" type="tas:Capabilities">
  573. <xs:annotation>
  574. <xs:documentation>The capabilities for the advanced secuirty service is returned in the Capabilities element.</xs:documentation>
  575. </xs:annotation>
  576. </xs:element>
  577. </xs:sequence>
  578. </xs:complexType>
  579. </xs:element>
  580. <!--===============================-->
  581. <xs:element name="CreateRSAKeyPair">
  582. <xs:complexType>
  583. <xs:sequence>
  584. <xs:element name="KeyLength" type="xs:nonNegativeInteger">
  585. <xs:annotation>
  586. <xs:documentation>The length of the key to be created.</xs:documentation>
  587. </xs:annotation>
  588. </xs:element>
  589. <xs:element name="Alias" type="xs:string" minOccurs="0">
  590. <xs:annotation>
  591. <xs:documentation>The client-defined alias of the key.</xs:documentation>
  592. </xs:annotation>
  593. </xs:element>
  594. </xs:sequence>
  595. </xs:complexType>
  596. </xs:element>
  597. <xs:element name="CreateRSAKeyPairResponse">
  598. <xs:complexType>
  599. <xs:sequence>
  600. <xs:element name="KeyID" type="tas:KeyID">
  601. <xs:annotation>
  602. <xs:documentation>The key ID of the key pair being generated.</xs:documentation>
  603. </xs:annotation>
  604. </xs:element>
  605. <xs:element name="EstimatedCreationTime" type="xs:duration">
  606. <xs:annotation>
  607. <xs:documentation>Best-effort estimate of how long the key generation will take.</xs:documentation>
  608. </xs:annotation>
  609. </xs:element>
  610. </xs:sequence>
  611. </xs:complexType>
  612. </xs:element>
  613. <!--===============================-->
  614. <xs:element name="GetKeyStatus">
  615. <xs:complexType>
  616. <xs:sequence>
  617. <xs:element name="KeyID" type="tas:KeyID">
  618. <xs:annotation>
  619. <xs:documentation>The ID of the key for which to return the status.</xs:documentation>
  620. </xs:annotation>
  621. </xs:element>
  622. </xs:sequence>
  623. </xs:complexType>
  624. </xs:element>
  625. <xs:element name="GetKeyStatusResponse">
  626. <xs:complexType>
  627. <xs:sequence>
  628. <xs:element name="KeyStatus" type="xs:string">
  629. <xs:annotation>
  630. <xs:documentation>Status of the requested key. The value should be one of the values in the tas:KeyStatus enumeration.</xs:documentation>
  631. </xs:annotation>
  632. </xs:element>
  633. </xs:sequence>
  634. </xs:complexType>
  635. </xs:element>
  636. <!--===============================-->
  637. <xs:element name="GetPrivateKeyStatus">
  638. <xs:complexType>
  639. <xs:sequence>
  640. <xs:element name="KeyID" type="tas:KeyID">
  641. <xs:annotation>
  642. <xs:documentation>The ID of the key pair for which to return whether it contains a private key.</xs:documentation>
  643. </xs:annotation>
  644. </xs:element>
  645. </xs:sequence>
  646. </xs:complexType>
  647. </xs:element>
  648. <xs:element name="GetPrivateKeyStatusResponse">
  649. <xs:complexType>
  650. <xs:sequence>
  651. <xs:element name="hasPrivateKey" type="xs:boolean">
  652. <xs:annotation>
  653. <xs:documentation>True if and only if the key pair contains a private key.</xs:documentation>
  654. </xs:annotation>
  655. </xs:element>
  656. </xs:sequence>
  657. </xs:complexType>
  658. </xs:element>
  659. <!--===============================-->
  660. <xs:element name="GetAllKeys">
  661. <xs:complexType>
  662. <xs:sequence/>
  663. </xs:complexType>
  664. </xs:element>
  665. <xs:element name="GetAllKeysResponse">
  666. <xs:complexType>
  667. <xs:sequence>
  668. <xs:element name="KeyAttribute" type="tas:KeyAttribute" minOccurs="0" maxOccurs="unbounded">
  669. <xs:annotation>
  670. <xs:documentation>Information about a key in the keystore.</xs:documentation>
  671. </xs:annotation>
  672. </xs:element>
  673. </xs:sequence>
  674. </xs:complexType>
  675. </xs:element>
  676. <!--===============================-->
  677. <xs:element name="DeleteKey">
  678. <xs:complexType>
  679. <xs:sequence>
  680. <xs:element name="KeyID" type="tas:KeyID">
  681. <xs:annotation>
  682. <xs:documentation>The ID of the key that is to be deleted from the keystore.</xs:documentation>
  683. </xs:annotation>
  684. </xs:element>
  685. </xs:sequence>
  686. </xs:complexType>
  687. </xs:element>
  688. <xs:element name="DeleteKeyResponse">
  689. <xs:complexType>
  690. <xs:sequence/>
  691. </xs:complexType>
  692. </xs:element>
  693. <!--===============================-->
  694. <xs:element name="CreatePKCS10CSR">
  695. <xs:complexType>
  696. <xs:sequence>
  697. <xs:element name="Subject" type="tas:DistinguishedName">
  698. <xs:annotation>
  699. <xs:documentation>The subject to be included in the CSR.</xs:documentation>
  700. </xs:annotation>
  701. </xs:element>
  702. <xs:element name="KeyID" type="tas:KeyID">
  703. <xs:annotation>
  704. <xs:documentation>The ID of the key for which the CSR shall be created.</xs:documentation>
  705. </xs:annotation>
  706. </xs:element>
  707. <xs:element name="CSRAttribute" minOccurs="0" maxOccurs="unbounded" type="tas:CSRAttribute">
  708. <xs:annotation>
  709. <xs:documentation>An attribute to be included in the CSR.</xs:documentation>
  710. </xs:annotation>
  711. </xs:element>
  712. <xs:element name="SignatureAlgorithm" type="tas:AlgorithmIdentifier">
  713. <xs:annotation>
  714. <xs:documentation>The signature algorithm to be used to sign the CSR. Defaults to SHA1 with RSA Encryption.</xs:documentation>
  715. </xs:annotation>
  716. </xs:element>
  717. </xs:sequence>
  718. </xs:complexType>
  719. </xs:element>
  720. <xs:element name="CreatePKCS10CSRResponse">
  721. <xs:complexType>
  722. <xs:sequence>
  723. <xs:element name="PKCS10CSR" type="tas:Base64DERencodedASN1Value">
  724. <xs:annotation>
  725. <xs:documentation>The DER encoded PKCS#10 certification request.</xs:documentation>
  726. </xs:annotation>
  727. </xs:element>
  728. </xs:sequence>
  729. </xs:complexType>
  730. </xs:element>
  731. <!--===============================-->
  732. <xs:element name="CreateSelfSignedCertificate">
  733. <xs:complexType>
  734. <xs:sequence>
  735. <xs:element minOccurs="0" name="X509Version" type="xs:positiveInteger">
  736. <xs:annotation>
  737. <xs:documentation>The X.509 version that the generated certificate shall comply to.</xs:documentation>
  738. </xs:annotation>
  739. </xs:element>
  740. <xs:element name="Subject" type="tas:DistinguishedName">
  741. <xs:annotation>
  742. <xs:documentation>Distinguished name of the entity that the certificate shall belong to.</xs:documentation>
  743. </xs:annotation>
  744. </xs:element>
  745. <xs:element name="KeyID" type="tas:KeyID">
  746. <xs:annotation>
  747. <xs:documentation>The ID of the key for which the certificate shall be created.</xs:documentation>
  748. </xs:annotation>
  749. </xs:element>
  750. <xs:element name="Alias" type="xs:string" minOccurs="0">
  751. <xs:annotation>
  752. <xs:documentation>The client-defined alias of the certificate to be created.</xs:documentation>
  753. </xs:annotation>
  754. </xs:element>
  755. <xs:element minOccurs="0" name="notValidBefore" type="xs:dateTime">
  756. <xs:annotation>
  757. <xs:documentation>The X.509 not valid before information to be included in the certificate. Defaults to the device's current time or a time before the device's current time.</xs:documentation>
  758. </xs:annotation>
  759. </xs:element>
  760. <xs:element minOccurs="0" name="notValidAfter" type="xs:dateTime">
  761. <xs:annotation>
  762. <xs:documentation>The X.509 not valid after information to be included in the certificate. Defaults to the time 99991231235959Z as specified in RFC 5280.</xs:documentation>
  763. </xs:annotation>
  764. </xs:element>
  765. <xs:element name="SignatureAlgorithm" type="tas:AlgorithmIdentifier">
  766. <xs:annotation>
  767. <xs:documentation>The signature algorithm to be used for signing the certificate. Defaults to SHA1 with RSA Encryption.</xs:documentation>
  768. </xs:annotation>
  769. </xs:element>
  770. <xs:element minOccurs="0" maxOccurs="unbounded" name="Extension" type="tas:X509v3Extension">
  771. <xs:annotation>
  772. <xs:documentation>An X.509v3 extension to be included in the certificate.</xs:documentation>
  773. </xs:annotation>
  774. </xs:element>
  775. </xs:sequence>
  776. </xs:complexType>
  777. </xs:element>
  778. <xs:element name="CreateSelfSignedCertificateResponse">
  779. <xs:complexType>
  780. <xs:sequence>
  781. <xs:element name="CertificateID" type="tas:CertificateID">
  782. <xs:annotation>
  783. <xs:documentation>The ID of the generated certificate.</xs:documentation>
  784. </xs:annotation>
  785. </xs:element>
  786. </xs:sequence>
  787. </xs:complexType>
  788. </xs:element>
  789. <!--===============================-->
  790. <xs:element name="UploadCertificate">
  791. <xs:complexType>
  792. <xs:sequence>
  793. <xs:element name="Certificate" type="tas:Base64DERencodedASN1Value">
  794. <xs:annotation>
  795. <xs:documentation>The base64-encoded DER representation of the X.509 certificate to be uploaded.</xs:documentation>
  796. </xs:annotation>
  797. </xs:element>
  798. <xs:element name="Alias" type="xs:string" minOccurs="0">
  799. <xs:annotation>
  800. <xs:documentation>The client-defined alias of the certificate.</xs:documentation>
  801. </xs:annotation>
  802. </xs:element>
  803. <xs:element name="KeyAlias" type="xs:string" minOccurs="0">
  804. <xs:annotation>
  805. <xs:documentation>The client-defined alias of the key pair.</xs:documentation>
  806. </xs:annotation>
  807. </xs:element>
  808. <xs:element name="PrivateKeyRequired" type="xs:boolean" minOccurs="0" default="false">
  809. <xs:annotation>
  810. <xs:documentation>Indicates if the device shall verify that a matching key pair with a private key exists in the keystore.</xs:documentation>
  811. </xs:annotation>
  812. </xs:element>
  813. </xs:sequence>
  814. </xs:complexType>
  815. </xs:element>
  816. <xs:element name="UploadCertificateResponse">
  817. <xs:complexType>
  818. <xs:sequence>
  819. <xs:element name="CertificateID" type="tas:CertificateID">
  820. <xs:annotation>
  821. <xs:documentation>The ID of the uploaded certificate.</xs:documentation>
  822. </xs:annotation>
  823. </xs:element>
  824. <xs:element name="KeyID" type="tas:KeyID">
  825. <xs:annotation>
  826. <xs:documentation>The ID of the key that the uploaded certificate certifies.</xs:documentation>
  827. </xs:annotation>
  828. </xs:element>
  829. </xs:sequence>
  830. </xs:complexType>
  831. </xs:element>
  832. <!--===============================-->
  833. <xs:element name="GetCertificate">
  834. <xs:complexType>
  835. <xs:sequence>
  836. <xs:element name="CertificateID" type="tas:CertificateID">
  837. <xs:annotation>
  838. <xs:documentation>The ID of the certificate to retrieve.</xs:documentation>
  839. </xs:annotation>
  840. </xs:element>
  841. </xs:sequence>
  842. </xs:complexType>
  843. </xs:element>
  844. <xs:element name="GetCertificateResponse">
  845. <xs:complexType>
  846. <xs:sequence>
  847. <xs:element name="Certificate" type="tas:X509Certificate">
  848. <xs:annotation>
  849. <xs:documentation>The DER representation of the certificate.</xs:documentation>
  850. </xs:annotation>
  851. </xs:element>
  852. </xs:sequence>
  853. </xs:complexType>
  854. </xs:element>
  855. <!--===============================-->
  856. <xs:element name="GetAllCertificates">
  857. <xs:complexType>
  858. <xs:sequence/>
  859. </xs:complexType>
  860. </xs:element>
  861. <xs:element name="GetAllCertificatesResponse">
  862. <xs:complexType>
  863. <xs:annotation>
  864. <xs:documentation>A list with all certificates stored in the keystore.</xs:documentation>
  865. </xs:annotation>
  866. <xs:sequence>
  867. <xs:element minOccurs="0" maxOccurs="unbounded" name="Certificate" type="tas:X509Certificate">
  868. <xs:annotation>
  869. <xs:documentation>A certificate stored in the keystore.</xs:documentation>
  870. </xs:annotation>
  871. </xs:element>
  872. </xs:sequence>
  873. </xs:complexType>
  874. </xs:element>
  875. <!--===============================-->
  876. <xs:element name="DeleteCertificate">
  877. <xs:complexType>
  878. <xs:sequence>
  879. <xs:element name="CertificateID" type="tas:CertificateID">
  880. <xs:annotation>
  881. <xs:documentation>The ID of the certificate to delete.</xs:documentation>
  882. </xs:annotation>
  883. </xs:element>
  884. </xs:sequence>
  885. </xs:complexType>
  886. </xs:element>
  887. <xs:element name="DeleteCertificateResponse">
  888. <xs:complexType>
  889. <xs:sequence/>
  890. </xs:complexType>
  891. </xs:element>
  892. <!--===============================-->
  893. <xs:element name="CreateCertificationPath">
  894. <xs:complexType>
  895. <xs:sequence>
  896. <xs:element name="CertificateIDs" type="tas:CertificateIDs">
  897. <xs:annotation>
  898. <xs:documentation>The IDs of the certificates to include in the certification path, where each certificate signature except for the last one in the path must be verifiable with the public key certified by the next certificate in the path.</xs:documentation>
  899. </xs:annotation>
  900. </xs:element>
  901. <xs:element name="Alias" type="xs:string" minOccurs="0">
  902. <xs:annotation>
  903. <xs:documentation>The client-defined alias of the certification path.</xs:documentation>
  904. </xs:annotation>
  905. </xs:element>
  906. </xs:sequence>
  907. </xs:complexType>
  908. </xs:element>
  909. <xs:element name="CreateCertificationPathResponse">
  910. <xs:complexType>
  911. <xs:sequence>
  912. <xs:element name="CertificationPathID" type="tas:CertificationPathID">
  913. <xs:annotation>
  914. <xs:documentation>The ID of the generated certification path.</xs:documentation>
  915. </xs:annotation>
  916. </xs:element>
  917. </xs:sequence>
  918. </xs:complexType>
  919. </xs:element>
  920. <!--===============================-->
  921. <xs:element name="GetCertificationPath">
  922. <xs:complexType>
  923. <xs:sequence>
  924. <xs:element name="CertificationPathID" type="tas:CertificationPathID">
  925. <xs:annotation>
  926. <xs:documentation>The ID of the certification path to retrieve.</xs:documentation>
  927. </xs:annotation>
  928. </xs:element>
  929. </xs:sequence>
  930. </xs:complexType>
  931. </xs:element>
  932. <xs:element name="GetCertificationPathResponse">
  933. <xs:complexType>
  934. <xs:sequence>
  935. <xs:element name="CertificationPath" type="tas:CertificationPath">
  936. <xs:annotation>
  937. <xs:documentation>The certification path that is stored under the given ID in the keystore.</xs:documentation>
  938. </xs:annotation>
  939. </xs:element>
  940. </xs:sequence>
  941. </xs:complexType>
  942. </xs:element>
  943. <!--===============================-->
  944. <xs:element name="GetAllCertificationPaths">
  945. <xs:complexType>
  946. <xs:sequence/>
  947. </xs:complexType>
  948. </xs:element>
  949. <xs:element name="GetAllCertificationPathsResponse">
  950. <xs:complexType>
  951. <xs:sequence>
  952. <xs:element name="CertificationPathID" type="tas:CertificationPathID" minOccurs="0" maxOccurs="unbounded">
  953. <xs:annotation>
  954. <xs:documentation>An ID of a certification path in the keystore.</xs:documentation>
  955. </xs:annotation>
  956. </xs:element>
  957. </xs:sequence>
  958. </xs:complexType>
  959. </xs:element>
  960. <!--===============================-->
  961. <xs:element name="DeleteCertificationPath">
  962. <xs:complexType>
  963. <xs:sequence>
  964. <xs:element name="CertificationPathID" type="tas:CertificationPathID">
  965. <xs:annotation>
  966. <xs:documentation>The ID of the certification path to delete.</xs:documentation>
  967. </xs:annotation>
  968. </xs:element>
  969. </xs:sequence>
  970. </xs:complexType>
  971. </xs:element>
  972. <xs:element name="DeleteCertificationPathResponse">
  973. <xs:complexType>
  974. <xs:sequence/>
  975. </xs:complexType>
  976. </xs:element>
  977. <!--===============================-->
  978. <xs:element name="AddServerCertificateAssignment">
  979. <xs:complexType>
  980. <xs:sequence>
  981. <xs:element name="CertificationPathID" type="tas:CertificationPathID"/>
  982. </xs:sequence>
  983. </xs:complexType>
  984. </xs:element>
  985. <xs:element name="AddServerCertificateAssignmentResponse">
  986. <xs:complexType>
  987. <xs:sequence/>
  988. </xs:complexType>
  989. </xs:element>
  990. <!--===============================-->
  991. <xs:element name="RemoveServerCertificateAssignment">
  992. <xs:complexType>
  993. <xs:sequence>
  994. <xs:element name="CertificationPathID" type="tas:CertificationPathID"/>
  995. </xs:sequence>
  996. </xs:complexType>
  997. </xs:element>
  998. <xs:element name="RemoveServerCertificateAssignmentResponse">
  999. <xs:complexType>
  1000. <xs:sequence/>
  1001. </xs:complexType>
  1002. </xs:element>
  1003. <!--===============================-->
  1004. <xs:element name="ReplaceServerCertificateAssignment">
  1005. <xs:complexType>
  1006. <xs:sequence>
  1007. <xs:element name="OldCertificationPathID" type="tas:CertificationPathID"/>
  1008. <xs:element name="NewCertificationPathID" type="tas:CertificationPathID"/>
  1009. </xs:sequence>
  1010. </xs:complexType>
  1011. </xs:element>
  1012. <xs:element name="ReplaceServerCertificateAssignmentResponse">
  1013. <xs:complexType>
  1014. <xs:sequence/>
  1015. </xs:complexType>
  1016. </xs:element>
  1017. <!--===============================-->
  1018. <xs:element name="GetAssignedServerCertificates">
  1019. <xs:complexType>
  1020. <xs:sequence/>
  1021. </xs:complexType>
  1022. </xs:element>
  1023. <xs:element name="GetAssignedServerCertificatesResponse">
  1024. <xs:complexType>
  1025. <xs:sequence>
  1026. <xs:element name="CertificationPathID" type="tas:CertificationPathID" minOccurs="0" maxOccurs="unbounded">
  1027. <xs:annotation>
  1028. <xs:documentation>The IDs of all certification paths that are assigned to the TLS server on the device.</xs:documentation>
  1029. </xs:annotation>
  1030. </xs:element>
  1031. </xs:sequence>
  1032. </xs:complexType>
  1033. </xs:element>
  1034. </xs:schema>
  1035. </wsdl:types>
  1036. <wsdl:message name="GetServiceCapabilitiesRequest">
  1037. <wsdl:part name="parameters" element="tas:GetServiceCapabilities"/>
  1038. </wsdl:message>
  1039. <wsdl:message name="GetServiceCapabilitiesResponse">
  1040. <wsdl:part name="parameters" element="tas:GetServiceCapabilitiesResponse"/>
  1041. </wsdl:message>
  1042. <wsdl:message name="CreateRSAKeyPairRequest">
  1043. <wsdl:part name="parameters" element="tas:CreateRSAKeyPair"/>
  1044. </wsdl:message>
  1045. <wsdl:message name="CreateRSAKeyPairResponse">
  1046. <wsdl:part name="parameters" element="tas:CreateRSAKeyPairResponse"/>
  1047. </wsdl:message>
  1048. <wsdl:message name="GetKeyStatusRequest">
  1049. <wsdl:part name="parameters" element="tas:GetKeyStatus"/>
  1050. </wsdl:message>
  1051. <wsdl:message name="GetKeyStatusResponse">
  1052. <wsdl:part name="parameters" element="tas:GetKeyStatusResponse"/>
  1053. </wsdl:message>
  1054. <wsdl:message name="GetPrivateKeyStatusRequest">
  1055. <wsdl:part name="parameters" element="tas:GetPrivateKeyStatus"/>
  1056. </wsdl:message>
  1057. <wsdl:message name="GetPrivateKeyStatusResponse">
  1058. <wsdl:part name="parameters" element="tas:GetPrivateKeyStatusResponse"/>
  1059. </wsdl:message>
  1060. <wsdl:message name="GetAllKeysRequest">
  1061. <wsdl:part name="parameters" element="tas:GetAllKeys"/>
  1062. </wsdl:message>
  1063. <wsdl:message name="GetAllKeysResponse">
  1064. <wsdl:part name="parameters" element="tas:GetAllKeysResponse"/>
  1065. </wsdl:message>
  1066. <wsdl:message name="DeleteKeyRequest">
  1067. <wsdl:part name="parameters" element="tas:DeleteKey"/>
  1068. </wsdl:message>
  1069. <wsdl:message name="DeleteKeyResponse">
  1070. <wsdl:part name="parameters" element="tas:DeleteKeyResponse"/>
  1071. </wsdl:message>
  1072. <wsdl:message name="CreatePKCS10CSRRequest">
  1073. <wsdl:part name="parameters" element="tas:CreatePKCS10CSR"/>
  1074. </wsdl:message>
  1075. <wsdl:message name="CreatePKCS10CSRResponse">
  1076. <wsdl:part name="parameters" element="tas:CreatePKCS10CSRResponse"/>
  1077. </wsdl:message>
  1078. <wsdl:message name="CreateSelfSignedCertificateRequest">
  1079. <wsdl:part name="parameters" element="tas:CreateSelfSignedCertificate"/>
  1080. </wsdl:message>
  1081. <wsdl:message name="CreateSelfSignedCertificateResponse">
  1082. <wsdl:part name="parameters" element="tas:CreateSelfSignedCertificateResponse"/>
  1083. </wsdl:message>
  1084. <wsdl:message name="UploadCertificateRequest">
  1085. <wsdl:part name="parameters" element="tas:UploadCertificate"/>
  1086. </wsdl:message>
  1087. <wsdl:message name="UploadCertificateResponse">
  1088. <wsdl:part name="parameters" element="tas:UploadCertificateResponse"/>
  1089. </wsdl:message>
  1090. <wsdl:message name="GetCertificateRequest">
  1091. <wsdl:part name="parameters" element="tas:GetCertificate"/>
  1092. </wsdl:message>
  1093. <wsdl:message name="GetCertificateResponse">
  1094. <wsdl:part name="parameters" element="tas:GetCertificateResponse"/>
  1095. </wsdl:message>
  1096. <wsdl:message name="GetAllCertificatesRequest">
  1097. <wsdl:part name="parameters" element="tas:GetAllCertificates"/>
  1098. </wsdl:message>
  1099. <wsdl:message name="GetAllCertificatesResponse">
  1100. <wsdl:part name="parameters" element="tas:GetAllCertificatesResponse"/>
  1101. </wsdl:message>
  1102. <wsdl:message name="DeleteCertificateRequest">
  1103. <wsdl:part name="parameters" element="tas:DeleteCertificate"/>
  1104. </wsdl:message>
  1105. <wsdl:message name="DeleteCertificateResponse">
  1106. <wsdl:part name="parameters" element="tas:DeleteCertificateResponse"/>
  1107. </wsdl:message>
  1108. <wsdl:message name="CreateCertificationPathRequest">
  1109. <wsdl:part name="parameters" element="tas:CreateCertificationPath"/>
  1110. </wsdl:message>
  1111. <wsdl:message name="CreateCertificationPathResponse">
  1112. <wsdl:part name="parameters" element="tas:CreateCertificationPathResponse"/>
  1113. </wsdl:message>
  1114. <wsdl:message name="GetCertificationPathRequest">
  1115. <wsdl:part name="parameters" element="tas:GetCertificationPath"/>
  1116. </wsdl:message>
  1117. <wsdl:message name="GetCertificationPathResponse">
  1118. <wsdl:part name="parameters" element="tas:GetCertificationPathResponse"/>
  1119. </wsdl:message>
  1120. <wsdl:message name="GetAllCertificationPathsRequest">
  1121. <wsdl:part name="parameters" element="tas:GetAllCertificationPaths"/>
  1122. </wsdl:message>
  1123. <wsdl:message name="GetAllCertificationPathsResponse">
  1124. <wsdl:part name="parameters" element="tas:GetAllCertificationPathsResponse"/>
  1125. </wsdl:message>
  1126. <wsdl:message name="DeleteCertificationPathRequest">
  1127. <wsdl:part name="parameters" element="tas:DeleteCertificationPath"/>
  1128. </wsdl:message>
  1129. <wsdl:message name="DeleteCertificationPathResponse">
  1130. <wsdl:part name="parameters" element="tas:DeleteCertificationPathResponse"/>
  1131. </wsdl:message>
  1132. <wsdl:message name="AddServerCertificateAssignmentRequest">
  1133. <wsdl:part name="parameters" element="tas:AddServerCertificateAssignment"/>
  1134. </wsdl:message>
  1135. <wsdl:message name="AddServerCertificateAssignmentResponse">
  1136. <wsdl:part name="parameters" element="tas:AddServerCertificateAssignmentResponse"/>
  1137. </wsdl:message>
  1138. <wsdl:message name="RemoveServerCertificateAssignmentRequest">
  1139. <wsdl:part name="parameters" element="tas:RemoveServerCertificateAssignment"/>
  1140. </wsdl:message>
  1141. <wsdl:message name="RemoveServerCertificateAssignmentResponse">
  1142. <wsdl:part name="parameters" element="tas:RemoveServerCertificateAssignmentResponse"/>
  1143. </wsdl:message>
  1144. <wsdl:message name="ReplaceServerCertificateAssignmentRequest">
  1145. <wsdl:part name="parameters" element="tas:ReplaceServerCertificateAssignment"/>
  1146. </wsdl:message>
  1147. <wsdl:message name="ReplaceServerCertificateAssignmentResponse">
  1148. <wsdl:part name="parameters" element="tas:ReplaceServerCertificateAssignmentResponse"/>
  1149. </wsdl:message>
  1150. <wsdl:message name="GetAssignedServerCertificatesRequest">
  1151. <wsdl:part name="parameters" element="tas:GetAssignedServerCertificates"/>
  1152. </wsdl:message>
  1153. <wsdl:message name="GetAssignedServerCertificatesResponse">
  1154. <wsdl:part name="parameters" element="tas:GetAssignedServerCertificatesResponse"/>
  1155. </wsdl:message>
  1156. <wsdl:portType name="AdvancedSecurityService">
  1157. <wsdl:documentation>Common functionality for all advanced security service parts.</wsdl:documentation>
  1158. <wsdl:operation name="GetServiceCapabilities">
  1159. <wsdl:documentation>Returns the capabilities of the advanced security service. The result is returned in a typed answer.</wsdl:documentation>
  1160. <wsdl:input message="tas:GetServiceCapabilitiesRequest"/>
  1161. <wsdl:output message="tas:GetServiceCapabilitiesResponse"/>
  1162. </wsdl:operation>
  1163. </wsdl:portType>
  1164. <wsdl:portType name="Keystore">
  1165. <wsdl:documentation>Basic keystore functionality.</wsdl:documentation>
  1166. <wsdl:operation name="CreateRSAKeyPair">
  1167. <wsdl:documentation>
  1168. This operation triggers the asynchronous generation of an RSA key pair of a particular key length (specified as the number of bits) as specified in [RFC 3447], with a suitable key generation mechanism on the device.
  1169. Keys, especially RSA key pairs, are uniquely identified using key IDs.<br/>
  1170. If the device does not have not enough storage capacity for storing the key pair to be created, the maximum number of keys reached fault shall be produced and no key pair shall be generated.
  1171. Otherwise, the operation generates a keyID for the new key and associates the generating status to it.<br/>
  1172. Immediately after key generation has started, the device shall return the keyID to the client and continue to generate the key pair.
  1173. The client may query the device with the GetKeyStatus operation whether the generation has finished.
  1174. The client may also subscribe to Key Status events to be notified about key status changes.<br/>
  1175. The device also returns a best-effort estimate of how much time it requires to create the key pair.
  1176. A client may use this information as an indication how long to wait before querying the device whether key generation is completed.<br/>
  1177. After the key has been successfully created, the device shall assign it the ok status. If the key generation fails, the device shall assign the key the corrupt status.
  1178. </wsdl:documentation>
  1179. <wsdl:input message="tas:CreateRSAKeyPairRequest"/>
  1180. <wsdl:output message="tas:CreateRSAKeyPairResponse"/>
  1181. </wsdl:operation>
  1182. <wsdl:operation name="GetKeyStatus">
  1183. <wsdl:documentation>
  1184. This operation returns the status of a key.<br/>
  1185. Keys are uniquely identified using key IDs. If no key is stored under the requested key ID in the keystore, an InvalidKeyID fault is produced.
  1186. Otherwise, the status of the key is returned.
  1187. </wsdl:documentation>
  1188. <wsdl:input message="tas:GetKeyStatusRequest"/>
  1189. <wsdl:output message="tas:GetKeyStatusResponse"/>
  1190. </wsdl:operation>
  1191. <wsdl:operation name="GetPrivateKeyStatus">
  1192. <wsdl:documentation>
  1193. This operation returns whether a key pair contains a private key.<br/>
  1194. Keys are uniquely identified using key IDs. If no key is stored under the requested key ID in the keystore or the key identified by the requested key ID does not identify a key pair,
  1195. the device shall produce an InvalidKeyID fault.
  1196. Otherwise, this operation returns true if the key pair identified by the key ID contains a private key, and false otherwise.
  1197. </wsdl:documentation>
  1198. <wsdl:input message="tas:GetPrivateKeyStatusRequest"/>
  1199. <wsdl:output message="tas:GetPrivateKeyStatusResponse"/>
  1200. </wsdl:operation>
  1201. <wsdl:operation name="GetAllKeys">
  1202. <wsdl:documentation>
  1203. This operation returns information about all keys that are stored in the device’s keystore.<br/>
  1204. This operation may be used, e.g., if a client lost track of which keys are present on the device.
  1205. If no key is stored on the device, an empty list is returned.
  1206. </wsdl:documentation>
  1207. <wsdl:input message="tas:GetAllKeysRequest"/>
  1208. <wsdl:output message="tas:GetAllKeysResponse"/>
  1209. </wsdl:operation>
  1210. <wsdl:operation name="DeleteKey">
  1211. <wsdl:documentation>
  1212. This operation deletes a key from the device’s keystore.<br/>
  1213. Keys are uniquely identified using key IDs. If no key is stored under the requested key ID in the keystore, a device shall produce an InvalidArgVal fault.
  1214. If a reference exists for the specified key, a device shall produce the corresponding fault and shall not delete the key.
  1215. If there is a key under the requested key ID stored in the keystore and the key could not be deleted, a device shall produce a KeyDeletion fault.
  1216. If the key has the status generating, a device shall abort the generation of the key and delete from the keystore all data generated for this key.
  1217. After a key is successfully deleted, the device may assign its former ID to other keys.
  1218. </wsdl:documentation>
  1219. <wsdl:input message="tas:DeleteKeyRequest"/>
  1220. <wsdl:output message="tas:DeleteKeyResponse"/>
  1221. </wsdl:operation>
  1222. <wsdl:operation name="CreatePKCS10CSR">
  1223. <wsdl:documentation>
  1224. This operation generates a DER-encoded PKCS#10 v1.7 certification request (sometimes also called certificate signing request or CSR) as specified in RFC 2986
  1225. for a public key on the device.<br/>
  1226. The key pair that contains the public key for which a certification request shall be produced is specified by its key ID.
  1227. If no key is stored under the requested KeyID or the key specified by the requested KeyID is not an asymmetric key pair, an invalid key ID fault shall be produced and
  1228. no CSR shall be generated.<br/>
  1229. A device that supports this command shall as minimum support the sha-1WithRSAEncryption signature algorithm as specified in RFC 3279.
  1230. If the specified signature algorithm is not supported by the device, an UnsupportedSignatureAlgorithm fault shall be produced and no CSR shall be generated.<br/>
  1231. If the public key identified by the requested Key ID is an invalid input to the specified signature algorithm, a KeySignatureAlgorithmMismatch fault shall be produced
  1232. and no CSR shall be generated.
  1233. If the key pair does not have status ok, a device shall produce an InvalidKeyStatus fault and no CSR shall be generated.
  1234. </wsdl:documentation>
  1235. <wsdl:input message="tas:CreatePKCS10CSRRequest"/>
  1236. <wsdl:output message="tas:CreatePKCS10CSRResponse"/>
  1237. </wsdl:operation>
  1238. <wsdl:operation name="CreateSelfSignedCertificate">
  1239. <wsdl:documentation>
  1240. This operation generates for a public key on the device a self-signed X.509 certificate that complies to RFC 5280.<br/>
  1241. The X509Version parameter specifies the version of X.509 that the generated certificate shall comply to.
  1242. A device that supports this command shall support the generation of X.509v3 certificates as specified in RFC 5280 and may additionally be able to handle other X.509 certificate formats
  1243. as indicated by the X.509Versions capability.<br/>
  1244. The key pair that contains the public key for which a self-signed certificate shall be produced is specified by its key pair ID.
  1245. The subject parameter describes the entity that the public key belongs to.
  1246. If the key pair does not have status ok, a device shall produce an InvalidKeyStatus fault and no certificate shall be generated.
  1247. The signature algorithm parameter determines which signature algorithm shall be used for signing the certification request with the public key specified by the key ID parameter.
  1248. A device that supports this command shall as minimum support the sha-1WithRSAEncryption signature algorithm as specified in RFC 3279.
  1249. The Extensions parameter specifies potential X509v3 extensions that shall be contained in the certificate.
  1250. A device that supports this command shall support the extensions that are defined in [RFC 5280], Sect. 4.2] as mandatory for CAs that issue self-signed certificates.<br/>
  1251. Certificates are uniquely identified using certificate IDs. If the command was successful, the device generates a new ID for the generated certificate and returns this ID.<br/>
  1252. If the device does not have not enough storage capacity for storing the certificate to be created, the maximum number of certificates reached fault shall be produced and no certificate shall be generated.
  1253. </wsdl:documentation>
  1254. <wsdl:input message="tas:CreateSelfSignedCertificateRequest"/>
  1255. <wsdl:output message="tas:CreateSelfSignedCertificateResponse"/>
  1256. </wsdl:operation>
  1257. <wsdl:operation name="UploadCertificate">
  1258. <wsdl:documentation>
  1259. This operation uploads an X.509 certificate as specified by [RFC 5280] in DER encoding and the public key in the certificate to a device’s keystore.<br/>
  1260. A device that supports this command shall be able to handle X.509v3 certificates as specified in RFC 5280 and may additionally be able to handle other X.509 certificate formats as indicated by the X.509Versions capability.
  1261. A device that supports this command shall support sha1-WithRSAEncryption as certificate signature algorithm.<br/>
  1262. Certificates are uniquely identified using certificate IDs, and key pairs are uniquely identified using key IDs.
  1263. The device shall generate a new certificate ID for the uploaded certificate.<br/>
  1264. Certain certificate usages, e.g. TLS server authentication, require the private key that corresponds to the public key in the certificate to be present in the keystore.
  1265. In such cases, the client may indicate that it expects the device to produce a fault if the matching private key for
  1266. the uploaded certificate is not present in the keystore by setting the PrivateKeyRequired argument in the upload request to true.<br/>
  1267. The uploaded certificate has to be linked to a key pair in the keystore.
  1268. If no private key is required for the public key in the certificate and a key pair exists in the keystore with a public key equal to the public key in the certificate,
  1269. the uploaded certificate is linked to the key pair identified by the supplied key ID by adding a reference from the certificate to the key pair.
  1270. If no private key is required for the public key in the certificate and no key pair exists with the public key equal to the public key in the certificate,
  1271. a new key pair with status ok is created with the public key from the certificate, and this key pair is linked to the uploaded certificate by adding a reference from
  1272. the certificate to the key pair.
  1273. If a private key is required for the public key in the certificate, and a key pair exists in the keystore with a private key that matches the public key in the certificate,
  1274. the uploaded certificate is linked to this keypair by adding a reference from the certificate to the key pair.
  1275. If a private key is required for the public key and no such keypair exists in the keystore, the NoMatchingPrivateKey fault shall be produced and the certificate
  1276. shall not be stored in the keystore.
  1277. If the key pair that the certificate shall be linked to does not have status ok, an InvalidKeyID fault is produced, and the uploaded certificate is not stored in the keystore.
  1278. If the device cannot process the uploaded certificate, a BadCertificate fault is produced and neither the uploaded certificate nor the public key are stored in the device’s keystore.
  1279. The BadCertificate fault shall not be produced based on the mere fact that the device’s current time lies outside the interval defined by the notBefore and notAfter fields as specified by [RFC 5280], Sect. 4.1 .
  1280. This operation shall not mark the uploaded certificate as trusted.<br/>
  1281. If the device does not have not enough storage capacity for storing the certificate to be uploaded, the maximum number of certificates reached fault shall be produced
  1282. and no certificate shall be uploaded.
  1283. If the device does not have not enough storage capacity for storing the key pair that eventually has to be created, the device shall generate a maximum number of keys reached fault.
  1284. Furthermore the device shall not generate a key pair and no certificate shall be stored.
  1285. </wsdl:documentation>
  1286. <wsdl:input message="tas:UploadCertificateRequest"/>
  1287. <wsdl:output message="tas:UploadCertificateResponse"/>
  1288. </wsdl:operation>
  1289. <wsdl:operation name="GetCertificate">
  1290. <wsdl:documentation>
  1291. This operation returns a specific certificate from the device’s keystore.<br/>
  1292. Certificates are uniquely identified using certificate IDs. If no certificate is stored under the requested certificate ID in the keystore, an InvalidArgVal fault is produced.
  1293. It shall be noted that this command does not return the private key that is associated to the public key in the certificate.
  1294. </wsdl:documentation>
  1295. <wsdl:input message="tas:GetCertificateRequest"/>
  1296. <wsdl:output message="tas:GetCertificateResponse"/>
  1297. </wsdl:operation>
  1298. <wsdl:operation name="GetAllCertificates">
  1299. <wsdl:documentation>
  1300. This operation returns the IDs of all certificates that are stored in the device’s keystore.<br/>
  1301. This operation may be used, e.g., if a client lost track of which certificates are present on the device.
  1302. If no certificate is stored in the device’s keystore, an empty list is returned.
  1303. </wsdl:documentation>
  1304. <wsdl:input message="tas:GetAllCertificatesRequest"/>
  1305. <wsdl:output message="tas:GetAllCertificatesResponse"/>
  1306. </wsdl:operation>
  1307. <wsdl:operation name="DeleteCertificate">
  1308. <wsdl:documentation>
  1309. This operation deletes a certificate from the device’s keystore.<br/>
  1310. The operation shall not delete the public key that is contained in the certificate from the keystore.
  1311. Certificates are uniquely identified using certificate IDs. If no certificate is stored under the requested certificate ID in the keystore, an InvalidArgVal fault is produced.
  1312. If there is a certificate under the requested certificate ID stored in the keystore and the certificate could not be deleted, a CertificateDeletion fault is produced.
  1313. If a reference exists for the specified certificate, the certificate shall not be deleted and the corresponding fault shall be produced.
  1314. After a certificate has been successfully deleted, the device may assign its former ID to other certificates.
  1315. </wsdl:documentation>
  1316. <wsdl:input message="tas:DeleteCertificateRequest"/>
  1317. <wsdl:output message="tas:DeleteCertificateResponse"/>
  1318. </wsdl:operation>
  1319. <wsdl:operation name="CreateCertificationPath">
  1320. <wsdl:documentation>
  1321. This operation creates a sequence of certificates that may be used, e.g., for certification path validation or for TLS server authentication.<br/>
  1322. Certification paths are uniquely identified using certification path IDs. Certificates are uniquely identified using certificate IDs.
  1323. A certification path contains a sequence of certificate IDs.
  1324. If there is a certificate ID in the sequence of supplied certificate IDs for which no certificate exists in the device’s keystore, the corresponding fault shall be produced
  1325. and no certification path shall be created.<br/>
  1326. The signature of each certificate in the certification path except for the last one must be verifiable with the public key contained in the next certificate in the path.
  1327. If there is a certificate ID in the request other than the last ID for which the corresponding certificate cannot be verified with the public key in the certificate identified
  1328. by the next certificate ID, an InvalidCertificateChain fault shall be produced and no certification path shall be created.
  1329. </wsdl:documentation>
  1330. <wsdl:input message="tas:CreateCertificationPathRequest"/>
  1331. <wsdl:output message="tas:CreateCertificationPathResponse"/>
  1332. </wsdl:operation>
  1333. <wsdl:operation name="GetCertificationPath">
  1334. <wsdl:documentation>
  1335. This operation returns a specific certification path from the device’s keystore.<br/>
  1336. Certification paths are uniquely identified using certification path IDs.
  1337. If no certification path is stored under the requested ID in the keystore, an InvalidArgVal fault is produced.
  1338. </wsdl:documentation>
  1339. <wsdl:input message="tas:GetCertificationPathRequest"/>
  1340. <wsdl:output message="tas:GetCertificationPathResponse"/>
  1341. </wsdl:operation>
  1342. <wsdl:operation name="GetAllCertificationPaths">
  1343. <wsdl:documentation>
  1344. This operation returns the IDs of all certification paths that are stored in the device’s keystore.<br/>
  1345. This operation may be used, e.g., if a client lost track of which certificates are present on the device.
  1346. If no certification path is stored on the device, an empty list is returned.
  1347. </wsdl:documentation>
  1348. <wsdl:input message="tas:GetAllCertificationPathsRequest"/>
  1349. <wsdl:output message="tas:GetAllCertificationPathsResponse"/>
  1350. </wsdl:operation>
  1351. <wsdl:operation name="DeleteCertificationPath">
  1352. <wsdl:documentation>
  1353. This operation deletes a certification path from the device’s keystore.<br/>
  1354. This operation shall not delete the certificates that are referenced by the certification path.
  1355. Certification paths are uniquely identified using certification path IDs.
  1356. If no certification path is stored under the requested certification path ID in the keystore, an InvalidArgVal fault is produced.
  1357. If there is a certification path under the requested certification path ID stored in the keystore and the certification path could not be deleted,
  1358. a CertificationPathDeletion fault is produced.
  1359. If a reference exists for the specified certification path, the certification path shall not be deleted and the corresponding fault shall be produced.
  1360. After a certification path is successfully deleted, the device may assign its former ID to other certification paths.
  1361. </wsdl:documentation>
  1362. <wsdl:input message="tas:DeleteCertificationPathRequest"/>
  1363. <wsdl:output message="tas:DeleteCertificationPathResponse"/>
  1364. </wsdl:operation>
  1365. </wsdl:portType>
  1366. <wsdl:portType name="TLSServer">
  1367. <wsdl:documentation>TLS server functionality.</wsdl:documentation>
  1368. <wsdl:operation name="AddServerCertificateAssignment">
  1369. <wsdl:documentation>
  1370. This operation assigns a key pair and certificate along with a certification path (certificate chain) to the TLS server on the device.
  1371. The TLS server shall use this information for key exchange during the TLS handshake, particularly for constructing server certificate messages as specified in RFC 4346 and RFC 2246.<br/>
  1372. Certification paths are identified by their certification path IDs in the keystore. The first certificate in the certification path must be the TLS server certificate.
  1373. Since each certificate has exactly one associated key pair, a reference to the key pair that is associated with the server certificate is not supplied explicitly.
  1374. Devices shall obtain the private key or results of operations under the private key by suitable internal interaction with the keystore.<br/>
  1375. If a device chooses to perform a TLS key exchange based on the supplied certification path, it shall use the key pair that is associated with the server certificate for
  1376. key exchange and transmit the certification path to TLS clients as-is, i.e., the device shall not check conformance of the certification path to RFC 4346 norRFC 2246.
  1377. In order to use the server certificate during the TLS handshake, the corresponding private key is required.
  1378. Therefore, if the key pair that is associated with the server certificate, i.e., the first certificate in the certification path, does not have an associated private key,
  1379. the NoPrivateKey fault is produced and the certification path is not associated to the TLS server.<br/>
  1380. A TLS server may present different certification paths to different clients during the TLS handshake instead of presenting the same certification path to all clients.
  1381. Therefore more than one certification path may be assigned to the TLS server.<br/>
  1382. If the maximum number of certification paths that may be assigned to the TLS server simultaneously is reached, the device shall generate a MaximumNumberOfCertificationPathsReached
  1383. fault and the requested certification path shall not be assigned to the TLS server.
  1384. </wsdl:documentation>
  1385. <wsdl:input message="tas:AddServerCertificateAssignmentRequest"/>
  1386. <wsdl:output message="tas:AddServerCertificateAssignmentResponse"/>
  1387. </wsdl:operation>
  1388. <wsdl:operation name="RemoveServerCertificateAssignment">
  1389. <wsdl:documentation>
  1390. This operation removes a key pair and certificate assignment (including certification path) to the TLS server on the device.<br/>
  1391. Certification paths are identified using certification path IDs. If the supplied certification path ID is not associated to the TLS server, an InvalidArgVal fault is produced.
  1392. </wsdl:documentation>
  1393. <wsdl:input message="tas:RemoveServerCertificateAssignmentRequest"/>
  1394. <wsdl:output message="tas:RemoveServerCertificateAssignmentResponse"/>
  1395. </wsdl:operation>
  1396. <wsdl:operation name="ReplaceServerCertificateAssignment">
  1397. <wsdl:documentation>
  1398. This operation replaces an existing key pair and certificate assignment to the TLS server on the device by a new key pair and certificate assignment (including certification paths).<br/>
  1399. After the replacement, the TLS server shall use the new certificate and certification path exactly in those cases in which it would have used the old certificate and certification path.
  1400. Therefore, especially in the case that several server certificates are assigned to the TLS server, clients that wish to replace an old certificate assignment by a new assignment
  1401. should use this operation instead of a combination of the Add TLS Server Certificate Assignment and the Remove TLS Server Certificate Assignment operations.<br/>
  1402. Certification paths are identified using certification path IDs. If the supplied old certification path ID is not associated to the TLS server, or no certification path exists
  1403. under the new certification path ID, the corresponding InvalidArgVal faults are produced and the associations are unchanged.
  1404. The first certificate in the new certification path must be the TLS server certificate.<br/>
  1405. Since each certificate has exactly one associated key pair, a reference to the key pair that is associated with the new server certificate is not supplied explicitly.
  1406. Devices shall obtain the private key or results of operations under the private key by suitable internal interaction with the keystore.<br/>
  1407. If a device chooses to perform a TLS key exchange based on the new certification path, it shall use the key pair that is associated with the server certificate
  1408. for key exchange and transmit the certification path to TLS clients as-is, i.e., the device shall not check conformance of the certification path to RFC 4346 norRFC 2246.
  1409. In order to use the server certificate during the TLS handshake, the corresponding private key is required.
  1410. Therefore, if the key pair that is associated with the server certificate, i.e., the first certificate in the certification path, does not have an associated private key,
  1411. the NoPrivateKey fault is produced and the certification path is not associated to the TLS server.
  1412. </wsdl:documentation>
  1413. <wsdl:input message="tas:ReplaceServerCertificateAssignmentRequest"/>
  1414. <wsdl:output message="tas:ReplaceServerCertificateAssignmentResponse"/>
  1415. </wsdl:operation>
  1416. <wsdl:operation name="GetAssignedServerCertificates">
  1417. <wsdl:documentation>
  1418. This operation returns the IDs of all key pairs and certificates (including certification paths) that are assigned to the TLS server on the device.<br/>
  1419. This operation may be used, e.g., if a client lost track of the certification path assignments on the device.
  1420. If no certification path is assigned to the TLS server, an empty list is returned.
  1421. </wsdl:documentation>
  1422. <wsdl:input message="tas:GetAssignedServerCertificatesRequest"/>
  1423. <wsdl:output message="tas:GetAssignedServerCertificatesResponse"/>
  1424. </wsdl:operation>
  1425. </wsdl:portType>
  1426. <wsdl:binding name="AdvancedSecurityServiceBinding" type="tas:AdvancedSecurityService">
  1427. <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
  1428. <wsdl:operation name="GetServiceCapabilities">
  1429. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetServiceCapabilities"/>
  1430. <wsdl:input>
  1431. <soap:body use="literal"/>
  1432. </wsdl:input>
  1433. <wsdl:output>
  1434. <soap:body use="literal"/>
  1435. </wsdl:output>
  1436. </wsdl:operation>
  1437. </wsdl:binding>
  1438. <wsdl:binding name="KeystoreBinding" type="tas:Keystore">
  1439. <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
  1440. <wsdl:operation name="CreateRSAKeyPair">
  1441. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/CreateRSAKeyPair"/>
  1442. <wsdl:input>
  1443. <soap:body use="literal"/>
  1444. </wsdl:input>
  1445. <wsdl:output>
  1446. <soap:body use="literal"/>
  1447. </wsdl:output>
  1448. </wsdl:operation>
  1449. <wsdl:operation name="GetKeyStatus">
  1450. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetKeyStatus"/>
  1451. <wsdl:input>
  1452. <soap:body use="literal"/>
  1453. </wsdl:input>
  1454. <wsdl:output>
  1455. <soap:body use="literal"/>
  1456. </wsdl:output>
  1457. </wsdl:operation>
  1458. <wsdl:operation name="GetPrivateKeyStatus">
  1459. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetPrivateKeyStatus"/>
  1460. <wsdl:input>
  1461. <soap:body use="literal"/>
  1462. </wsdl:input>
  1463. <wsdl:output>
  1464. <soap:body use="literal"/>
  1465. </wsdl:output>
  1466. </wsdl:operation>
  1467. <wsdl:operation name="GetAllKeys">
  1468. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetAllKeys"/>
  1469. <wsdl:input>
  1470. <soap:body use="literal"/>
  1471. </wsdl:input>
  1472. <wsdl:output>
  1473. <soap:body use="literal"/>
  1474. </wsdl:output>
  1475. </wsdl:operation>
  1476. <wsdl:operation name="DeleteKey">
  1477. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/DeleteKey"/>
  1478. <wsdl:input>
  1479. <soap:body use="literal"/>
  1480. </wsdl:input>
  1481. <wsdl:output>
  1482. <soap:body use="literal"/>
  1483. </wsdl:output>
  1484. </wsdl:operation>
  1485. <wsdl:operation name="CreatePKCS10CSR">
  1486. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/CreatePKCS10CSR"/>
  1487. <wsdl:input>
  1488. <soap:body use="literal"/>
  1489. </wsdl:input>
  1490. <wsdl:output>
  1491. <soap:body use="literal"/>
  1492. </wsdl:output>
  1493. </wsdl:operation>
  1494. <wsdl:operation name="CreateSelfSignedCertificate">
  1495. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/CreateSelfSignedCertificate"/>
  1496. <wsdl:input>
  1497. <soap:body use="literal"/>
  1498. </wsdl:input>
  1499. <wsdl:output>
  1500. <soap:body use="literal"/>
  1501. </wsdl:output>
  1502. </wsdl:operation>
  1503. <wsdl:operation name="UploadCertificate">
  1504. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/UploadCertificate"/>
  1505. <wsdl:input>
  1506. <soap:body use="literal"/>
  1507. </wsdl:input>
  1508. <wsdl:output>
  1509. <soap:body use="literal"/>
  1510. </wsdl:output>
  1511. </wsdl:operation>
  1512. <wsdl:operation name="GetCertificate">
  1513. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetCertificate"/>
  1514. <wsdl:input>
  1515. <soap:body use="literal"/>
  1516. </wsdl:input>
  1517. <wsdl:output>
  1518. <soap:body use="literal"/>
  1519. </wsdl:output>
  1520. </wsdl:operation>
  1521. <wsdl:operation name="GetAllCertificates">
  1522. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetAllCertificates"/>
  1523. <wsdl:input>
  1524. <soap:body use="literal"/>
  1525. </wsdl:input>
  1526. <wsdl:output>
  1527. <soap:body use="literal"/>
  1528. </wsdl:output>
  1529. </wsdl:operation>
  1530. <wsdl:operation name="DeleteCertificate">
  1531. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/DeleteCertificate"/>
  1532. <wsdl:input>
  1533. <soap:body use="literal"/>
  1534. </wsdl:input>
  1535. <wsdl:output>
  1536. <soap:body use="literal"/>
  1537. </wsdl:output>
  1538. </wsdl:operation>
  1539. <wsdl:operation name="CreateCertificationPath">
  1540. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/CreateCertificationPath"/>
  1541. <wsdl:input>
  1542. <soap:body use="literal"/>
  1543. </wsdl:input>
  1544. <wsdl:output>
  1545. <soap:body use="literal"/>
  1546. </wsdl:output>
  1547. </wsdl:operation>
  1548. <wsdl:operation name="GetCertificationPath">
  1549. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetCertificationPath"/>
  1550. <wsdl:input>
  1551. <soap:body use="literal"/>
  1552. </wsdl:input>
  1553. <wsdl:output>
  1554. <soap:body use="literal"/>
  1555. </wsdl:output>
  1556. </wsdl:operation>
  1557. <wsdl:operation name="GetAllCertificationPaths">
  1558. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetAllCertificationPaths"/>
  1559. <wsdl:input>
  1560. <soap:body use="literal"/>
  1561. </wsdl:input>
  1562. <wsdl:output>
  1563. <soap:body use="literal"/>
  1564. </wsdl:output>
  1565. </wsdl:operation>
  1566. <wsdl:operation name="DeleteCertificationPath">
  1567. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/DeleteCertificationPath"/>
  1568. <wsdl:input>
  1569. <soap:body use="literal"/>
  1570. </wsdl:input>
  1571. <wsdl:output>
  1572. <soap:body use="literal"/>
  1573. </wsdl:output>
  1574. </wsdl:operation>
  1575. </wsdl:binding>
  1576. <wsdl:binding name="TLSServerBinding" type="tas:TLSServer">
  1577. <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
  1578. <wsdl:operation name="AddServerCertificateAssignment">
  1579. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/AddServerCertificateAssignment"/>
  1580. <wsdl:input>
  1581. <soap:body use="literal"/>
  1582. </wsdl:input>
  1583. <wsdl:output>
  1584. <soap:body use="literal"/>
  1585. </wsdl:output>
  1586. </wsdl:operation>
  1587. <wsdl:operation name="RemoveServerCertificateAssignment">
  1588. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/RemoveServerCertificateAssignment"/>
  1589. <wsdl:input>
  1590. <soap:body use="literal"/>
  1591. </wsdl:input>
  1592. <wsdl:output>
  1593. <soap:body use="literal"/>
  1594. </wsdl:output>
  1595. </wsdl:operation>
  1596. <wsdl:operation name="ReplaceServerCertificateAssignment">
  1597. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/ReplaceServerCertificateAssignment"/>
  1598. <wsdl:input>
  1599. <soap:body use="literal"/>
  1600. </wsdl:input>
  1601. <wsdl:output>
  1602. <soap:body use="literal"/>
  1603. </wsdl:output>
  1604. </wsdl:operation>
  1605. <wsdl:operation name="GetAssignedServerCertificates">
  1606. <soap:operation soapAction="http://www.onvif.org/ver10/advancedsecurity/wsdl/GetAssignedServerCertificates"/>
  1607. <wsdl:input>
  1608. <soap:body use="literal"/>
  1609. </wsdl:input>
  1610. <wsdl:output>
  1611. <soap:body use="literal"/>
  1612. </wsdl:output>
  1613. </wsdl:operation>
  1614. </wsdl:binding>
  1615. </wsdl:definitions>