1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
|
<?xml version="1.0" encoding="UTF-8"?>
<!---->
<!--################################################################################ -->
<!--# Redfish Schema: Certificate v1.1.1 -->
<!--# -->
<!--# For a detailed change log, see the README file contained in the DSP8010 bundle, -->
<!--# available at http://www.dmtf.org/standards/redfish -->
<!--# Copyright 2014-2019 DMTF. -->
<!--# For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright -->
<!--################################################################################ -->
<!---->
<edmx:Edmx xmlns:edmx="http://docs.oasis-open.org/odata/ns/edmx" Version="4.0">
<edmx:Reference Uri="http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/complete/vocabularies/Org.OData.Core.V1.xml">
<edmx:Include Namespace="Org.OData.Core.V1" Alias="OData"/>
</edmx:Reference>
<edmx:Reference Uri="http://docs.oasis-open.org/odata/odata/v4.0/errata03/csd01/complete/vocabularies/Org.OData.Capabilities.V1.xml">
<edmx:Include Namespace="Org.OData.Capabilities.V1" Alias="Capabilities"/>
</edmx:Reference>
<edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/Resource_v1.xml">
<edmx:Include Namespace="Resource.v1_0_0"/>
</edmx:Reference>
<edmx:Reference Uri="http://redfish.dmtf.org/schemas/v1/RedfishExtensions_v1.xml">
<edmx:Include Namespace="RedfishExtensions.v1_0_0" Alias="Redfish"/>
</edmx:Reference>
<edmx:DataServices>
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Certificate">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<EntityType Name="Certificate" BaseType="Resource.v1_0_0.Resource" Abstract="true">
<Annotation Term="OData.Description" String="The Certificate schema describes a certificate that proves the identify of a component, account, or service."/>
<Annotation Term="OData.LongDescription" String="This Resource contains a certificate for a Redfish implementation."/>
<Annotation Term="Capabilities.InsertRestrictions">
<Record>
<PropertyValue Property="Insertable" Bool="false"/>
</Record>
</Annotation>
<Annotation Term="Capabilities.UpdateRestrictions">
<Record>
<PropertyValue Property="Updatable" Bool="false"/>
</Record>
</Annotation>
<Annotation Term="Capabilities.DeleteRestrictions">
<Record>
<PropertyValue Property="Deletable" Bool="true"/>
<Annotation Term="OData.Description" String="Use the DELETE operation to remove certificates."/>
</Record>
</Annotation>
<Annotation Term="Redfish.Uris">
<Collection>
<String>/redfish/v1/AccountService/Accounts/{ManagerAccountId}/Certificates/{CertificateId}</String>
<String>/redfish/v1/AccountService/ActiveDirectory/Certificates/{CertificateId}</String>
<String>/redfish/v1/AccountService/LDAP/Certificates/{CertificateId}</String>
<String>/redfish/v1/AccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates/{CertificateId}</String>
<String>/redfish/v1/Managers/{ManagerId}/RemoteAccountService/Accounts/{ManagerAccountId}/Certificates/{CertificateId}</String>
<String>/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ActiveDirectory/Certificates/{CertificateId}</String>
<String>/redfish/v1/Managers/{ManagerId}/RemoteAccountService/LDAP/Certificates/{CertificateId}</String>
<String>/redfish/v1/Managers/{ManagerId}/RemoteAccountService/ExternalAccountProviders/{ExternalAccountProviderId}/Certificates/{CertificateId}</String>
<String>/redfish/v1/Managers/{ManagerId}/NetworkProtocol/HTTPS/Certificates/{CertificateId}</String>
<String>/redfish/v1/Systems/{ComputerSystemId}/Boot/Certificates/{CertificateId}</String>
<String>/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Boot/Certificates/{CertificateId}</String>
<String>/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/Boot/Certificates/{CertificateId}</String>
</Collection>
</Annotation>
</EntityType>
<EnumType Name="CertificateType">
<Member Name="PEM">
<Annotation Term="OData.Description" String="A Privacy Enhanced Mail (PEM)-encoded certificate."/>
<Annotation Term="OData.LongDescription" String="The format of the certificate shall contain a Privacy Enhanced Mail (PEM)-encoded string, containing RFC5280-defined structures."/>
</Member>
<Member Name="PKCS7">
<Annotation Term="OData.Description" String="A Privacy Enhanced Mail (PEM)-encoded PKCS7 certificate."/>
<Annotation Term="OData.LongDescription" String="The format of the certificate shall contain a Privacy Enhanced Mail (PEM)-encoded string, containing RFC5280- and RFC2315-defined structures. The Service may discard additional certificates or other data in the structure."/>
</Member>
</EnumType>
<EnumType Name="KeyUsage">
<Annotation Term="OData.Description" String="The usages of a key contained within a certificate."/>
<Annotation Term="OData.LongDescription" String="This type shall describe the usages of a key within a certificate, as specified by the 'Key Usage' and 'Extended Key Usage' definitions in RFC5280."/>
<Member Name="DigitalSignature">
<Annotation Term="OData.Description" String="Verifies digital signatures, other than signatures on certificates and CRLs."/>
</Member>
<Member Name="NonRepudiation">
<Annotation Term="OData.Description" String="Verifies digital signatures, other than signatures on certificates and CRLs, and provides a non-repudiation service that protects against the signing entity falsely denying some action."/>
</Member>
<Member Name="KeyEncipherment">
<Annotation Term="OData.Description" String="Enciphers private or secret keys."/>
</Member>
<Member Name="DataEncipherment">
<Annotation Term="OData.Description" String="Directly enciphers raw user data without an intermediate symmetric cipher."/>
</Member>
<Member Name="KeyAgreement">
<Annotation Term="OData.Description" String="Key agreement."/>
</Member>
<Member Name="KeyCertSign">
<Annotation Term="OData.Description" String="Verifies signatures on public key certificates."/>
</Member>
<Member Name="CRLSigning">
<Annotation Term="OData.Description" String="Verifies signatures on certificate revocation lists (CLRs)."/>
</Member>
<Member Name="EncipherOnly">
<Annotation Term="OData.Description" String="Enciphers data while performing a key agreement."/>
</Member>
<Member Name="DecipherOnly">
<Annotation Term="OData.Description" String="Deciphers data while performing a key agreement."/>
</Member>
<Member Name="ServerAuthentication">
<Annotation Term="OData.Description" String="TLS WWW server authentication."/>
</Member>
<Member Name="ClientAuthentication">
<Annotation Term="OData.Description" String="TLS WWW client authentication."/>
</Member>
<Member Name="CodeSigning">
<Annotation Term="OData.Description" String="Signs downloadable executable code."/>
</Member>
<Member Name="EmailProtection">
<Annotation Term="OData.Description" String="Email protection."/>
</Member>
<Member Name="Timestamping">
<Annotation Term="OData.Description" String="Binds the hash of an object to a time."/>
</Member>
<Member Name="OCSPSigning">
<Annotation Term="OData.Description" String="Signs OCSP responses."/>
</Member>
</EnumType>
<Action Name="Rekey" IsBound="true">
<Parameter Name="Certificate" Type="Certificate.v1_0_0.Actions"/>
<Parameter Name="KeyPairAlgorithm" Type="Edm.String">
<Annotation Term="OData.Description" String="The type of key-pair for use with signing algorithms."/>
<Annotation Term="OData.LongDescription" String="This parameter shall contain the type of key-pair for use with signing algorithms. The allowable values for this parameter shall be the strings in the 'Algorithm Name' field of the 'TPM_ALG_ID Constants' table within the 'Trusted Computing Group Algorithm Registry'."/>
</Parameter>
<Parameter Name="KeyBitLength" Type="Edm.Int64">
<Annotation Term="OData.Description" String="The length of the key, in bits, if needed based on the KeyPairAlgorithm parameter value."/>
<Annotation Term="OData.LongDescription" String="This parameter shall contain the length of the key, in bits, if needed based on the KeyPairAlgorithm parameter value."/>
</Parameter>
<Parameter Name="KeyCurveId" Type="Edm.String">
<Annotation Term="OData.Description" String="The curve ID to use with the key, if needed based on the KeyPairAlgorithm parameter value."/>
<Annotation Term="OData.LongDescription" String="This parameter shall contain the curve ID to use with the key, if needed based on the KeyPairAlgorithm parameter value. The allowable values for this parameter shall be the strings in the 'Name' field of the 'TPM_ECC_CURVE Constants' table within the 'Trusted Computing Group Algorithm Registry'."/>
</Parameter>
<Parameter Name="ChallengePassword" Type="Edm.String">
<Annotation Term="OData.Description" String="The challenge password to apply to the certificate for revocation requests."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the challenge password to apply to the certificate for revocation requests as defined by the RFC2985 'challengePassword' attribute."/>
</Parameter>
<ReturnType Type="Certificate.v1_1_0.RekeyResponse" Nullable="false"/>
<Annotation Term="OData.Description" String="This action generates a new key-pair for a certificate and produces a certificate signing request."/>
<Annotation Term="OData.LongDescription" String="This action shall use the certificate data to generate a new key-pair for a certificate. The response shall contain a signing request that a certificate authority (CA) must sign. The Service should retain the private key that generated this request for installation of the certificate. The private key should not be part of the response. The private key should not be part of the response."/>
<Annotation Term="Redfish.Revisions">
<Collection>
<Record>
<PropertyValue Property="Kind" EnumMember="Redfish.RevisionKind/Added"/>
<PropertyValue Property="Version" String="v1_1_0"/>
</Record>
</Collection>
</Annotation>
</Action>
<Action Name="Renew" IsBound="true">
<Parameter Name="Certificate" Type="Certificate.v1_0_0.Actions"/>
<Parameter Name="ChallengePassword" Type="Edm.String">
<Annotation Term="OData.Description" String="The challenge password to apply to the certificate for revocation requests."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the challenge password to apply to the certificate for revocation requests as defined by the RFC2985 'challengePassword' attribute."/>
</Parameter>
<ReturnType Type="Certificate.v1_1_0.RenewResponse" Nullable="false"/>
<Annotation Term="OData.Description" String="This action generates a certificate signing request by using the existing information and key-pair of the certificate."/>
<Annotation Term="OData.LongDescription" String="This action shall generate a certificate signing request using the existing information and key-pair of the certificate. The response shall contain a signing request that a certificate authority (CA) must sign. The Service should retain the private key that this request generates for when the certificate is installed. The private key should not be part of the response."/>
<Annotation Term="Redfish.Revisions">
<Collection>
<Record>
<PropertyValue Property="Kind" EnumMember="Redfish.RevisionKind/Added"/>
<PropertyValue Property="Version" String="v1_1_0"/>
</Record>
</Collection>
</Annotation>
</Action>
</Schema>
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Certificate.v1_0_0">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="Redfish.Release" String="2018.3"/>
<EntityType Name="Certificate" BaseType="Certificate.Certificate">
<Property Name="CertificateString" Type="Edm.String">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The string for the certificate."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the certificate, and the format shall follow the requirements specified by the CertificateType property value. If the certificate contains any private keys, they shall be removed from the string in responses. If the service does not know the private key for the certificate and is needed to use the certificate, the client shall provide the private key as part of the string in the POST request."/>
<Annotation Term="Redfish.RequiredOnCreate"/>
</Property>
<Property Name="CertificateType" Type="Certificate.CertificateType">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The format of the certificate."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the format type for the certificate."/>
<Annotation Term="Redfish.RequiredOnCreate"/>
</Property>
<Property Name="Issuer" Type="Certificate.v1_0_0.Identifier" Nullable="false">
<Annotation Term="OData.Description" String="The issuer of the certificate."/>
<Annotation Term="OData.LongDescription" String="This property shall contain an object containing information about the issuer of the certificate."/>
</Property>
<Property Name="Subject" Type="Certificate.v1_0_0.Identifier" Nullable="false">
<Annotation Term="OData.Description" String="The subject of the certificate."/>
<Annotation Term="OData.LongDescription" String="This property shall contain an object containing information about the subject of the certificate."/>
</Property>
<Property Name="ValidNotBefore" Type="Edm.DateTimeOffset" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The date when the certificate becomes valid."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the date when the certificate validity period begins."/>
</Property>
<Property Name="ValidNotAfter" Type="Edm.DateTimeOffset" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The date when the certificate is no longer valid."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the date when the certificate validity period ends."/>
</Property>
<Property Name="KeyUsage" Type="Collection(Certificate.KeyUsage)">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The key usage extension, which defines the purpose of the public keys in this certificate."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the key usage extension, which defines the purpose of the public keys in this certificate."/>
</Property>
<Property Name="Actions" Type="Certificate.v1_0_0.Actions" Nullable="false">
<Annotation Term="OData.Description" String="The available actions for this Resource."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the available actions for this Resource."/>
</Property>
</EntityType>
<ComplexType Name="Identifier">
<Annotation Term="OData.AdditionalProperties" Bool="false"/>
<Annotation Term="OData.Description" String="The identifier information about a certificate."/>
<Annotation Term="OData.LongDescription" String="This type shall contain the properties that identifies the issuer or subject of a certificate."/>
<Property Name="CommonName" Type="Edm.String" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The fully qualified domain name of the entity."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the fully qualified domain name of the entity."/>
</Property>
<Property Name="Organization" Type="Edm.String" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The name of the organization of the entity."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the name of the organization of the entity."/>
</Property>
<Property Name="OrganizationalUnit" Type="Edm.String" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The name of the unit or division of the organization of the entity."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the name of the unit or division of the organization of the entity."/>
</Property>
<Property Name="City" Type="Edm.String" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The city or locality of the organization of the entity."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the city or locality of the organization of the entity."/>
</Property>
<Property Name="State" Type="Edm.String" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The state, province, or region of the organization of the entity."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the state, province, or region of the organization of the entity."/>
</Property>
<Property Name="Country" Type="Edm.String" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The country of the organization of the entity."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the two-letter ISO code for the country of the organization of the entity."/>
</Property>
<Property Name="Email" Type="Edm.String">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The email address of the contact within the organization of the entity."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the email address of the contact within the organization of the entity."/>
</Property>
</ComplexType>
<ComplexType Name="Actions">
<Annotation Term="OData.AdditionalProperties" Bool="false"/>
<Annotation Term="OData.Description" String="The available actions for this Resource."/>
<Annotation Term="OData.LongDescription" String="This type shall contain the available actions for this Resource."/>
<Property Name="Oem" Type="Certificate.v1_0_0.OemActions" Nullable="false">
<Annotation Term="OData.Description" String="The available OEM-specific actions for this Resource."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the available OEM-specific actions for this Resource."/>
</Property>
</ComplexType>
<ComplexType Name="OemActions">
<Annotation Term="OData.AdditionalProperties" Bool="true"/>
<Annotation Term="OData.Description" String="The available OEM-specific actions for this Resource."/>
<Annotation Term="OData.LongDescription" String="This type shall contain the available OEM-specific actions for this Resource."/>
</ComplexType>
</Schema>
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Certificate.v1_0_1">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="OData.Description" String="This version was created to force the regeneration of JSON Schema so that URI properties use the uri-reference format."/>
<EntityType Name="Certificate" BaseType="Certificate.v1_0_0.Certificate"/>
</Schema>
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Certificate.v1_0_2">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="OData.Description" String="This version was created to update the CertificateString description. It was also created to update descriptions that this schema defines."/>
<EntityType Name="Certificate" BaseType="Certificate.v1_0_1.Certificate"/>
</Schema>
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Certificate.v1_1_0">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="Redfish.Release" String="2019.1"/>
<Annotation Term="OData.Description" String="This version was created to add the Renew and Rekey actions."/>
<EntityType Name="Certificate" BaseType="Certificate.v1_0_1.Certificate"/>
<ComplexType Name="RekeyResponse">
<Annotation Term="OData.AdditionalProperties" Bool="false"/>
<Annotation Term="OData.Description" String="The response body for the Rekey action."/>
<Annotation Term="OData.LongDescription" String="This type shall contain the properties found in the response body for the Rekey action."/>
<NavigationProperty Name="Certificate" Type="Certificate.Certificate" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The link to the certificate being rekeyed."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the URI of the Certificate Resource that is replaced after the certificate authority (CA) signs the certificate."/>
<Annotation Term="Redfish.Required"/>
</NavigationProperty>
<Property Name="CSRString" Type="Edm.String" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The string for the certificate signing request."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the certificate signing request as a PEM-encoded string, containing structures specified by RFC2986. The private key should not be part of the string."/>
<Annotation Term="Redfish.Required"/>
</Property>
</ComplexType>
<ComplexType Name="RenewResponse">
<Annotation Term="OData.AdditionalProperties" Bool="false"/>
<Annotation Term="OData.Description" String="The response body for the Renew action."/>
<Annotation Term="OData.LongDescription" String="This type shall contain the properties found in the response body for the Renew action."/>
<NavigationProperty Name="Certificate" Type="Certificate.Certificate" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The link to the certificate being renewed."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the URI of the Certificate Resource that is replaced after the certificate authority (CA) signs the certificate."/>
<Annotation Term="Redfish.Required"/>
</NavigationProperty>
<Property Name="CSRString" Type="Edm.String" Nullable="false">
<Annotation Term="OData.Permissions" EnumMember="OData.Permission/Read"/>
<Annotation Term="OData.Description" String="The string for the certificate signing request."/>
<Annotation Term="OData.LongDescription" String="This property shall contain the certificate signing request as a PEM-encoded string, containing structures specified by RFC2986. The private key should not be part of the string."/>
<Annotation Term="Redfish.Required"/>
</Property>
</ComplexType>
</Schema>
<Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Certificate.v1_1_1">
<Annotation Term="Redfish.OwningEntity" String="DMTF"/>
<Annotation Term="OData.Description" String="This version was created to update the CertificateString description. It was also created to update descriptions that this schema defines."/>
<EntityType Name="Certificate" BaseType="Certificate.v1_1_0.Certificate"/>
</Schema>
</edmx:DataServices>
</edmx:Edmx>
|
