Current File : //usr/share/lib/xml/dtd/kmfpolicy.dtd

<?xml version='1.0' encoding='UTF-8' ?>

<!--
 Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
-->

<!--Element Definitions-->

<!ELEMENT kmf-policy-db (kmf-policy*)>
<!ATTLIST kmf-policy-db allow-local-files (TRUE|FALSE) #IMPLIED>

<!ELEMENT kmf-policy (validation-methods, key-usage-set?,  ext-key-usage?, cert-to-name-mapping?)>
<!ATTLIST kmf-policy name CDATA #REQUIRED>
<!ATTLIST kmf-policy ignore-date (TRUE|FALSE) #IMPLIED>
<!ATTLIST kmf-policy ignore-unknown-eku (TRUE|FALSE) #IMPLIED>
<!ATTLIST kmf-policy ignore-trust-anchor (TRUE|FALSE) #IMPLIED>
<!ATTLIST kmf-policy trust-intermediate-cas (TRUE|FALSE) #IMPLIED>
<!ATTLIST kmf-policy max-cert-path-length CDATA "32">
<!ATTLIST kmf-policy validity-adjusttime CDATA #IMPLIED>
<!ATTLIST kmf-policy ta-name CDATA #IMPLIED>
<!ATTLIST kmf-policy ta-serial CDATA #IMPLIED>
<!ATTLIST kmf-policy cert-revoke-responder-timeout CDATA "30">
<!ATTLIST kmf-policy ignore-cert-revoke-responder-timeout (TRUE|FALSE) #IMPLIED>
<!ATTLIST kmf-policy bypass-ipsec-policy (TRUE|FALSE) #IMPLIED>
<!ATTLIST kmf-policy http-proxy CDATA #IMPLIED>

<!ELEMENT validation-methods (ocsp?, crl?)> 
<!ELEMENT ocsp (ocsp-basic, responder-cert?)>

<!ELEMENT ocsp-basic EMPTY>
<!ATTLIST ocsp-basic
        responder CDATA #IMPLIED
        proxy CDATA #IMPLIED
        uri-from-cert (TRUE|FALSE) #IMPLIED
        response-lifetime CDATA #IMPLIED
        ignore-response-sign (TRUE|FALSE) #IMPLIED
>

<!ELEMENT responder-cert EMPTY> 
<!ATTLIST responder-cert
        name CDATA #REQUIRED
        serial CDATA #REQUIRED
>

<!ELEMENT crl EMPTY>
<!ATTLIST crl basefilename CDATA #IMPLIED>
<!ATTLIST crl directory CDATA #IMPLIED>
<!ATTLIST crl get-crl-uri (TRUE|FALSE) #IMPLIED>
<!ATTLIST crl proxy CDATA #IMPLIED>
<!ATTLIST crl ignore-crl-sign (TRUE|FALSE) #IMPLIED>
<!ATTLIST crl ignore-crl-date (TRUE|FALSE) #IMPLIED>

<!ELEMENT key-usage-set (key-usage+)>

<!ELEMENT key-usage EMPTY>
<!ATTLIST key-usage use (digitalSignature | nonRepudiation | 
        keyEncipherment | dataEncipherment | keyAgreement | 
        keyCertSign | cRLSign | encipherOnly | decipherOnly) #IMPLIED>
 
<!ELEMENT ext-key-usage (eku-name*, eku-oid*)>

<!ELEMENT eku-name EMPTY>
<!ATTLIST eku-name name (serverAuth | clientAuth |
		codeSigning | emailProtection |
		ipsecEndSystem | ipsecTunnel | ipsecUser |
		timeStamping | OCSPSigning) #IMPLIED >
<!ELEMENT eku-oid EMPTY>
<!ATTLIST eku-oid oid CDATA #IMPLIED>

<!ELEMENT cert-to-name-mapping ANY>
<!ATTLIST cert-to-name-mapping mapper-name CDATA #IMPLIED>
<!ATTLIST cert-to-name-mapping mapper-directory CDATA #IMPLIED>
<!ATTLIST cert-to-name-mapping mapper-pathname CDATA #IMPLIED>
<!ATTLIST cert-to-name-mapping mapper-options CDATA #IMPLIED>