<?xml version=“1.0” encoding=“UTF-8”?> <!– edited with XMLSpy v2009 sp1 (www.altova.com) by Danske Bank (Danske Bank A/S) –> <xs:schema xmlns:xs=“www.w3.org/2001/XMLSchema” xmlns:ds=“www.w3.org/2000/09/xmldsig#” xmlns:tns=“danskebank.dk/PKI/PKIFactoryService/elements” xmlns:xml=“www.w3.org/XML/1998/namespace” targetNamespace=“danskebank.dk/PKI/PKIFactoryService/elements” elementFormDefault=“qualified” attributeFormDefault=“unqualified”>
<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> <!--xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="store:///schemas/xmldsig-core-schema.xsd"/--> <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml_id.xsd"/> <!-- SHARED TYPES SECTION --> <!-- GENERIC TYPES --> <xs:simpleType name="string10"> <xs:restriction base="xs:string"> <xs:minLength value="0"/> <xs:maxLength value="10"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="string50"> <xs:restriction base="xs:string"> <xs:minLength value="0"/> <xs:maxLength value="50"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="RequestIdType"> <xs:restriction base="tns:string10"/> </xs:simpleType> <xs:simpleType name="ReturncodeType"> <xs:restriction base="tns:string10"/> </xs:simpleType> <xs:simpleType name="ReturnTextType"> <xs:restriction base="tns:string50"/> </xs:simpleType> <xs:simpleType name="AdditionalReturnTextType"> <xs:restriction base="xs:string"> <xs:minLength value="0"/> <xs:maxLength value="1000"/> </xs:restriction> </xs:simpleType> <!-- SPECIFIC TYPES --> <xs:simpleType name="InterfaceVersionType"> <xs:restriction base="xs:string"> <xs:minLength value="1"/> <xs:maxLength value="10"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="CRLReasonType"> <xs:restriction base="xs:integer"> <xs:enumeration value="0"/> <xs:enumeration value="1"/> <xs:enumeration value="2"/> <xs:enumeration value="3"/> <xs:enumeration value="4"/> <xs:enumeration value="5"/> <xs:enumeration value="9"/> <!-- Values taken from X.509v3 specification --> </xs:restriction> </xs:simpleType> <xs:simpleType name="CertificateIdType"> <xs:restriction base="xs:string"> <xs:minLength value="1"/> <xs:maxLength value="64"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="CertificateType"> <xs:restriction base="xs:base64Binary"> <xs:minLength value="1"/> <xs:maxLength value="10000"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="Pkcs10requestType"> <xs:restriction base="xs:base64Binary"> <xs:minLength value="1"/> <xs:maxLength value="10000"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="CustomerIdType"> <xs:restriction base="xs:string"> <xs:minLength value="6"/> <xs:maxLength value="6"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="KeyGeneratorTypeType"> <xs:annotation> <xs:documentation>Indicates the machine (hardware or software) used to create the keys in a certificate request. The value 'HSM' indicates that a Hardware Security Module generated the keys, while the value 'software' indicates that the keys were generated in software.</xs:documentation> </xs:annotation> <xs:restriction base="xs:string"> <xs:enumeration value="HSM"/> <xs:enumeration value="software"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="EnvironmentType"> <xs:restriction base="xs:string"> <xs:enumeration value="production"/> <xs:enumeration value="customertest"/> <xs:enumeration value="systemtest"/> <xs:enumeration value="test"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="CertificateTypeType"> <xs:restriction base="xs:string"> <xs:enumeration value="signing"/> <xs:enumeration value="encryption"/> </xs:restriction> </xs:simpleType> <xs:complexType name="CertificateStatusType"> <xs:sequence> <xs:element name="CertificateSerialNo" type="tns:CertificateIdType"/> <xs:element name="CertificateType" type="tns:CertificateTypeType"/> <xs:element name="MatchingCertificateSerialNo" type="tns:CertificateIdType"/> <xs:element name="Status"> <xs:complexType> <xs:choice> <xs:element name="good"> <xs:complexType> <xs:attribute name="expiryDate" type="xs:dateTime" use="optional"/> </xs:complexType> </xs:element> <xs:element name="expires_soon"> <xs:complexType> <xs:attribute name="expiryDate" type="xs:dateTime" use="optional"/> </xs:complexType> </xs:element> <xs:element name="expired"> <xs:complexType> <xs:attribute name="expiryDate" type="xs:dateTime" use="optional"/> </xs:complexType> </xs:element> <xs:element name="revoked"> <xs:complexType> <xs:attribute name="revocationDate" type="xs:dateTime" use="optional"/> <xs:attribute name="CRLReason" type="tns:CRLReasonType" use="optional"/> </xs:complexType> </xs:element> </xs:choice> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> <!-- ELEMENTS SECTION --> <xs:element name="CreateCertificateRequest"> <xs:annotation> <xs:documentation>Request to create a signing certificate and an encryption certificate for the customer. The customer is identified by an agreement number and a CAID.</xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:element name="CustomerId" type="tns:CustomerIdType"/> <xs:element name="KeyGeneratorType" type="tns:KeyGeneratorTypeType"/> <xs:element name="EncryptionCertPKCS10" type="tns:Pkcs10requestType"/> <xs:element name="SigningCertPKCS10" type="tns:Pkcs10requestType"/> <xs:element name="Timestamp" type="xs:dateTime"/> <xs:element name="RequestId" type="tns:RequestIdType"/> <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/> <xs:element name="PIN" type="tns:string10"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="CreateCertificateResponse"> <xs:annotation> <xs:documentation>Response to a CreateCertificateRequest.</xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:element name="ReturnCode" type="tns:ReturncodeType"/> <xs:element name="ReturnText" type="tns:ReturnTextType"/> <xs:element name="EncryptionCert" type="tns:CertificateType"/> <xs:element name="SigningCert" type="tns:CertificateType"/> <xs:element name="CACert" type="tns:CertificateType"/> <xs:element name="RequestId" type="tns:RequestIdType"/> <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/> <!-- Enveloped signature, signing the CreateCertificateResponse element --> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="RenewCertificateRequest"> <xs:annotation> <xs:documentation>Request to renew a signing certificate and an encryption certificate for the customer. The customer is identified by an agreement number and a name. The request is signed with the customers old signing certificate.</xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:element name="CustomerId" type="tns:CustomerIdType"/> <xs:element name="KeyGeneratorType" type="tns:KeyGeneratorTypeType"/> <xs:element name="EncryptionCertPKCS10" type="tns:Pkcs10requestType"/> <xs:element name="SigningCertPKCS10" type="tns:Pkcs10requestType"/> <xs:element name="Timestamp" type="xs:dateTime"/> <xs:element name="RequestId" type="tns:RequestIdType"/> <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/> <!-- Enveloped signature, signing the RenewCertificateRequest element. The signature should be based on the old signing cert --> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="RenewCertificateResponse"> <xs:annotation> <xs:documentation>Response to a RenewCertificateRequest.</xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:element name="ReturnCode" type="tns:ReturncodeType"/> <xs:element name="ReturnText" type="tns:ReturnTextType"/> <xs:element name="EncryptionCert" type="tns:CertificateType"/> <xs:element name="SigningCert" type="tns:CertificateType"/> <xs:element name="CACert" type="tns:CertificateType"/> <xs:element name="RequestId" type="tns:RequestIdType"/> <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/> <!-- Enveloped signature, signing the RenewCertificateResponse element. --> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="RevokeCertificateRequest"> <xs:complexType> <xs:sequence> <xs:element name="KeyGeneratorType" type="tns:KeyGeneratorTypeType"/> <xs:element name="CustomerId" type="tns:CustomerIdType"/> <xs:choice> <xs:element name="RevokeAll"> <xs:complexType> <xs:sequence> <xs:element name="ExceptCertificateSerialNo" minOccurs="0" maxOccurs="10"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="CertificateSerialNo" type="tns:CertificateIdType" maxOccurs="10"/> </xs:choice> <xs:element name="CRLReason" type="tns:CRLReasonType" minOccurs="0"/> <xs:element name="Timestamp" type="xs:dateTime"/> <xs:element name="RequestId" type="tns:RequestIdType"/> <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/> <!-- Enveloped signature, signing the RevokeCertificateRequest element--> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="RevokeCertificateResponse"> <xs:complexType> <xs:sequence> <xs:element name="ReturnCode" type="tns:ReturncodeType"/> <xs:element name="ReturnText" type="tns:ReturnTextType"/> <xs:element name="CertificateSerialNo" type="tns:CertificateIdType" maxOccurs="unbounded"/> <xs:element name="RevocationTime" type="xs:dateTime"/> <xs:element name="RequestId" type="tns:RequestIdType"/> <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/> <!-- Enveloped signature, signing the RevokeCertificateResponse element--> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="CertificateStatusRequest"> <xs:complexType> <xs:sequence> <xs:element name="KeyGeneratorType" type="tns:KeyGeneratorTypeType"/> <xs:element name="CertificateSerialNo" type="tns:CertificateIdType" maxOccurs="10"/> <xs:element name="CustomerId" type="tns:CustomerIdType"/> <xs:element name="Timestamp" type="xs:dateTime"/> <xs:element name="RequestId" type="tns:RequestIdType"/> <!-- Enveloped signature, signing the CertificateStatusRequest element--> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="CertificateStatusResponse"> <xs:complexType> <xs:sequence> <xs:element name="ReturnCode" type="tns:ReturncodeType"/> <xs:element name="ReturnText" type="tns:ReturnTextType"/> <xs:element name="CertificateStatus" type="tns:CertificateStatusType" maxOccurs="10"/> <xs:element name="Timestamp" type="xs:dateTime"/> <xs:element name="RequestId" type="tns:RequestIdType"/> <!-- Enveloped signature, signing the CertificateStatusResponse element--> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="GetOwnCertificateListRequest"> <xs:complexType> <xs:sequence> <xs:element name="KeyGeneratorType" type="tns:KeyGeneratorTypeType"/> <xs:element name="CustomerId" type="tns:CustomerIdType"/> <xs:element name="Timestamp" type="xs:dateTime"/> <xs:element name="RequestId" type="tns:RequestIdType"/> <!-- Enveloped signature, signing the GetCertificateListRequest element--> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="GetOwnCertificateListResponse"> <xs:complexType> <xs:sequence> <xs:element name="ReturnCode" type="tns:ReturncodeType"/> <xs:element name="ReturnText" type="tns:ReturnTextType"/> <xs:element name="CertificateStatus" type="tns:CertificateStatusType" minOccurs="0" maxOccurs="unbounded"/> <!-- Enveloped signature, signing the GetCertificateListResponse element--> <xs:element name="RequestId" type="tns:RequestIdType"/> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="GetBankCertificateRequest"> <xs:complexType> <xs:sequence> <xs:element name="BankRootCertificateSerialNo" type="tns:CertificateIdType"/> <xs:element name="Timestamp" type="xs:dateTime"/> <xs:element name="RequestId" type="tns:RequestIdType"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element> <xs:element name="GetBankCertificateResponse"> <xs:annotation> <xs:documentation>Response to a GetBankCertificate request. Contains the relevant bank certificates.</xs:documentation> </xs:annotation> <xs:complexType> <xs:sequence> <xs:element name="ReturnCode" type="tns:ReturncodeType"/> <xs:element name="ReturnText" type="tns:ReturnTextType"/> <xs:element name="BankEncryptionCert" type="tns:CertificateType"/> <xs:element name="BankSigningCert" type="tns:CertificateType"/> <xs:element name="BankRootCert" type="tns:CertificateType"/> <xs:element name="RequestId" type="tns:RequestIdType"/> <!-- Enveloped signature, signing the GetBankCertificateResponse element--> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute ref="xml:id"/> </xs:complexType> </xs:element>
</xs:schema>