xref: /onnv-gate/usr/src/cmd/cmd-crypto/kmfcfg/kmfpolicy.dtd (revision 12611:d9f75b73c5fd) 
13089Swyllys<?xml version='1.0' encoding='UTF-8' ?>
23089Swyllys
33089Swyllys<!--
4*12611SJan.Pechanec@Sun.COM Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
53089Swyllys
63089Swyllys CDDL HEADER START
73089Swyllys
83089Swyllys The contents of this file are subject to the terms of the
93089Swyllys Common Development and Distribution License (the "License").
103089Swyllys You may not use this file except in compliance with the License.
113089Swyllys
123089Swyllys You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
133089Swyllys or http://www.opensolaris.org/os/licensing.
143089Swyllys See the License for the specific language governing permissions
153089Swyllys and limitations under the License.
163089Swyllys
173089Swyllys When distributing Covered Code, include this CDDL HEADER in each
183089Swyllys file and include the License file at usr/src/OPENSOLARIS.LICENSE.
193089Swyllys If applicable, add the following below this CDDL HEADER, with the
203089Swyllys fields enclosed by brackets "[]" replaced with your own identifying
213089Swyllys information: Portions Copyright [yyyy] [name of copyright owner]
223089Swyllys
233089Swyllys CDDL HEADER END
243089Swyllys-->
253089Swyllys
263089Swyllys<!--Element Definitions-->
273089Swyllys
283089Swyllys<!ELEMENT kmf-policy-db (kmf-policy*)>
293089Swyllys<!ATTLIST kmf-policy-db allow-local-files (TRUE|FALSE) #IMPLIED>
303089Swyllys
31*12611SJan.Pechanec@Sun.COM<!ELEMENT kmf-policy (validation-methods, key-usage-set?,  ext-key-usage?, cert-to-name-mapping?)>
323089Swyllys<!ATTLIST kmf-policy name CDATA #REQUIRED>
333089Swyllys<!ATTLIST kmf-policy ignore-date (TRUE|FALSE) #IMPLIED>
343089Swyllys<!ATTLIST kmf-policy ignore-unknown-eku (TRUE|FALSE) #IMPLIED>
353089Swyllys<!ATTLIST kmf-policy ignore-trust-anchor (TRUE|FALSE) #IMPLIED>
363089Swyllys<!ATTLIST kmf-policy validity-adjusttime CDATA #IMPLIED>
373089Swyllys<!ATTLIST kmf-policy ta-name CDATA #IMPLIED>
383089Swyllys<!ATTLIST kmf-policy ta-serial CDATA #IMPLIED>
393089Swyllys
403089Swyllys<!ELEMENT validation-methods (ocsp?, crl?)>
413089Swyllys<!ELEMENT ocsp (ocsp-basic, responder-cert?)>
423089Swyllys
433089Swyllys<!ELEMENT ocsp-basic EMPTY>
443089Swyllys<!ATTLIST ocsp-basic
453089Swyllys        responder CDATA #IMPLIED
463089Swyllys        proxy CDATA #IMPLIED
473089Swyllys        uri-from-cert (TRUE|FALSE) #IMPLIED
483089Swyllys        response-lifetime CDATA #IMPLIED
493089Swyllys        ignore-response-sign (TRUE|FALSE) #IMPLIED
503089Swyllys>
513089Swyllys
523089Swyllys<!ELEMENT responder-cert EMPTY>
533089Swyllys<!ATTLIST responder-cert
543089Swyllys        name CDATA #REQUIRED
553089Swyllys        serial CDATA #REQUIRED
563089Swyllys>
573089Swyllys
583089Swyllys<!ELEMENT crl EMPTY>
593089Swyllys<!ATTLIST crl basefilename CDATA #IMPLIED>
603089Swyllys<!ATTLIST crl directory CDATA #IMPLIED>
613089Swyllys<!ATTLIST crl get-crl-uri (TRUE|FALSE) #IMPLIED>
623089Swyllys<!ATTLIST crl proxy CDATA #IMPLIED>
633089Swyllys<!ATTLIST crl ignore-crl-sign (TRUE|FALSE) #IMPLIED>
643089Swyllys<!ATTLIST crl ignore-crl-date (TRUE|FALSE) #IMPLIED>
653089Swyllys
663089Swyllys<!ELEMENT key-usage-set (key-usage+)>
673089Swyllys
683089Swyllys<!ELEMENT key-usage EMPTY>
693089Swyllys<!ATTLIST key-usage use (digitalSignature | nonRepudiation |
703089Swyllys        keyEncipherment | dataEncipherment | keyAgreement |
713089Swyllys        keyCertSign | cRLSign | encipherOnly | decipherOnly) #IMPLIED>
723089Swyllys
733089Swyllys<!ELEMENT ext-key-usage (eku-name*, eku-oid*)>
743089Swyllys
753089Swyllys<!ELEMENT eku-name EMPTY>
763089Swyllys<!ATTLIST eku-name name (serverAuth | clientAuth |
773089Swyllys		codeSigning | emailProtection |
783089Swyllys		ipsecEndSystem | ipsecTunnel | ipsecUser |
793089Swyllys		timeStamping | OCSPSigning) #IMPLIED >
803089Swyllys<!ELEMENT eku-oid EMPTY>
813089Swyllys<!ATTLIST eku-oid oid CDATA #IMPLIED>
82*12611SJan.Pechanec@Sun.COM
83*12611SJan.Pechanec@Sun.COM<!ELEMENT cert-to-name-mapping ANY>
84*12611SJan.Pechanec@Sun.COM<!ATTLIST cert-to-name-mapping mapper-name CDATA #IMPLIED>
85*12611SJan.Pechanec@Sun.COM<!ATTLIST cert-to-name-mapping mapper-directory CDATA #IMPLIED>
86*12611SJan.Pechanec@Sun.COM<!ATTLIST cert-to-name-mapping mapper-pathname CDATA #IMPLIED>
87*12611SJan.Pechanec@Sun.COM<!ATTLIST cert-to-name-mapping mapper-options CDATA #IMPLIED>
88