<?xml version="1.0" encoding="UTF-8"?>
<!--
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License, as published by the Free Software Foundation and
* available at http://www.fsf.org/licensing/licenses/lgpl.html,
* version 2.1 or above.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU Lesser General Public License for more details.
*
* Copyright (c) 2001-2010 StrongAuth, Inc.
*
* $Date: 2010-09-20 20:41:14 -0700 (Wed, 20 Sep 2010) $
* $Revision: 40 $
* $Author: anoor $
* $URL: https://svn.strongauth.com:9443/repos/topaz/trunk/strongkeyliteClient/src/com/strongauth/strongkeylite/xml/SKLES-EncryptionService.xsd $
*
*************************************************
*
*  888b    888          888
*  8888b   888          888
*  88888b  888          888
*  888Y88b 888  .d88b.  888888  .d88b.  .d8888b
*  888 Y88b888 d88""88b 888    d8P  Y8b 88K
*  888  Y88888 888  888 888    88888888 "Y8888b.
*  888   Y8888 Y88..88P Y88b.  Y8b.          X88
*  888    Y888  "Y88P"   "Y888  "Y8888   88888P'
*
*************************************************
*
* Thsi XSD represents the schema of an SOAP-based web-service calls supported
* by the SKLES appliance.  
-->

<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
            xmlns:tns="http://web.strongkeylite.strongauth.com/"
            targetNamespace="http://web.strongkeylite.strongauth.com/"
            version="1.0 Build 40"
            elementFormDefault="qualified">


    <!-- ********************************************************************
    8888888888 888                                          888
    888        888                                          888
    888        888                                          888
    8888888    888  .d88b.  88888b.d88b.   .d88b.  88888b.  888888 .d8888b
    888        888 d8P  Y8b 888 "888 "88b d8P  Y8b 888 "88b 888    88K
    888        888 88888888 888  888  888 88888888 888  888 888    "Y8888b.
    888        888 Y8b.     888  888  888 Y8b.     888  888 Y88b.       X88
    8888888888 888  "Y8888  888  888  888  "Y8888  888  888  "Y888  88888P'
    ********************************************************************** -->

    <xsd:element name="batchDecrypt" type="tns:batchDecrypt"></xsd:element>
    <xsd:element name="batchDecryptResponse" type="tns:batchDecryptResponse"></xsd:element>
    <xsd:element name="batchDelete" type="tns:batchDelete"></xsd:element>
    <xsd:element name="batchDeleteResponse" type="tns:batchDeleteResponse"></xsd:element>
    <xsd:element name="batchEncrypt" type="tns:batchEncrypt"></xsd:element>
    <xsd:element name="batchEncryptResponse" type="tns:batchEncryptResponse"></xsd:element>
    <xsd:element name="batchSearch" type="tns:batchSearch"></xsd:element>
    <xsd:element name="batchSearchResponse" type="tns:batchSearchResponse"></xsd:element>

    <xsd:element name="decrypt" type="tns:decrypt"></xsd:element>
    <xsd:element name="decryptResponse" type="tns:decryptResponse"></xsd:element>
    <xsd:element name="delete" type="tns:delete"></xsd:element>
    <xsd:element name="deleteResponse" type="tns:deleteResponse"></xsd:element>
    <xsd:element name="encrypt" type="tns:encrypt"></xsd:element>
    <xsd:element name="encryptResponse" type="tns:encryptResponse"></xsd:element>
    <xsd:element name="ping" type="tns:ping"></xsd:element>
    <xsd:element name="pingResponse" type="tns:pingResponse"></xsd:element>
    <xsd:element name="search" type="tns:search"></xsd:element>
    <xsd:element name="searchResponse" type="tns:searchResponse"></xsd:element>

    <xsd:element name="StrongKeyLiteException" type="tns:StrongKeyLiteException"></xsd:element>

    <!-- ********************************************************************
    888888b.            888             888
    888  "88b           888             888
    888  .88P           888             888
    8888888K.   8888b.  888888  .d8888b 88888b.
    888  "Y88b     "88b 888    d88P"    888 "88b
    888    888 .d888888 888    888      888  888
    888   d88P 888  888 Y88b.  Y88b.    888  888
    8888888P"  "Y888888  "Y888  "Y8888P 888  888
    ********************************************************************* -->
    <!-- This type is used to package the parameters necessary to decrypt
         sensitive data in batch-mode on the SKLES.  All elements in this
         complex type are mandatory.
    -->
    <xsd:complexType name="batchDecrypt">
        <xsd:sequence>
            <!-- The unique identifier of the encryption domain on the SKLES -->
            <xsd:element name="did" type="xsd:long" minOccurs="1"></xsd:element>

            <!-- The username of the user/application requestion the service -->
            <xsd:element name="username" type="xsd:string" minOccurs="1"></xsd:element>

            <!-- The password of the username specified above -->
            <xsd:element name="password" type="xsd:string" minOccurs="1"></xsd:element>

            <!-- The unique filename in the "in" sub-directory of the batch-
                 requests user's home-directory, containing the input records
                 of the tokens that must be decrypted and returned.  The token
                 itself is not the ciphertext to be decrypted; it merely
                 represents the unique object in the SKLES database that must
                 be decrypted and returned in an output file to the caller.
                 The file must be transferred to the SKLES appliance securely
                 in a different manner (such as SFTP, SMB, NFS) before this
                 web-service call is made; the web-service does not transfer
                 the file.  -->
            <xsd:element name="inputfile" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- The type of the response to the batch-decrypt service request -->
    <xsd:complexType name="batchDecryptResponse">
        <xsd:sequence>
            <!-- If the web-service call succeeds, the name of the output
                 XML file on the SKLES appliance in the "out" folder of the
                 batch-requestor's home-directory on the SKLES appliance.
                 The output file will have the decrypted data, or error
                 messages, if any, for each decryption.  -->
            <xsd:element name="return" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- ***************************************************************** -->

    <!-- This type is used to package the parameters necessary to delete
         sensitive data in batch-mode on the SKLES.  All elements in this
         complex type are mandatory.
    -->
    <xsd:complexType name="batchDelete">
        <xsd:sequence>
            <!-- The unique identifier of the encryption domain on the SKLES -->
            <xsd:element name="did" type="xsd:long" minOccurs="1"></xsd:element>

            <!-- The username of the user/application requestion the service -->
            <xsd:element name="username" type="xsd:string" minOccurs="1"></xsd:element>

            <!-- The password of the username specified above -->
            <xsd:element name="password" type="xsd:string" minOccurs="1"></xsd:element>

            <!-- The unique filename in the "in" sub-directory of the batch-
                 requests user's home-directory, containing the input records
                 of the tokens that must be deleted.  The file must be
                 transferred to the SKLES appliance securely in a different
                 manner (such as SFTP, SMB, NFS) before this web-service call
                 is made; the web-service does not transfer the file.    -->
            <xsd:element name="inputfile" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- The type of the response to the batch-delete service request -->
    <xsd:complexType name="batchDeleteResponse">
        <xsd:sequence>
            <!-- If the web-service call succeeds, the name of the output
                 XML file on the SKLES appliance in the "out" folder of the
                 batch-requestor's home-directory on the SKLES appliance.
                 The output file will have a "True" or a "False" status for
                 each of the deletion operations. -->
            <xsd:element name="return" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- ***************************************************************** -->

    <!-- This type is used to package the parameters necessary to encrypt
         sensitive data in batch-mode on the SKLES.  All elements in this
         complex type are mandatory.
    -->
    <xsd:complexType name="batchEncrypt">
        <xsd:sequence>
            <!-- The unique identifier of the encryption domain on the SKLES -->
            <xsd:element name="did" type="xsd:long" minOccurs="1"></xsd:element>

            <!-- The username of the user/application requestion the service -->
            <xsd:element name="username" type="xsd:string" minOccurs="1"></xsd:element>

            <!-- The password of the username specified above -->
            <xsd:element name="password" type="xsd:string" minOccurs="1"></xsd:element>

            <!-- The unique filename in the "in" sub-directory of the batch-
                 requests user's home-directory, containing the input records
                 of the tokens that must be encrypted.  The file must be
                 transferred to the SKLES appliance securely in a different
                 manner (such as SFTP, SMB, NFS) before this web-service call
                 is made; the web-service does not transfer the file.    -->
            <xsd:element name="inputfile" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- The type of the response to the batch-encrypt service request -->
    <xsd:complexType name="batchEncryptResponse">
        <xsd:sequence>
            <!-- If the web-service call succeeds, the name of the output
                 XML file on the SKLES appliance in the "out" folder of the
                 batch-requestor's home-directory on the SKLES appliance.
                 The output file will have the pseudo-number (token) or error
                 messages, if any, for each encryption operation.  -->
            <xsd:element name="return" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- ***************************************************************** -->

    <!-- This type is used to package the parameters necessary to search for
         sensitive data in batch-mode on the SKLES.  All elements in this
         complex type are mandatory.
    -->
    <xsd:complexType name="batchSearch">
        <xsd:sequence>
            <!-- The unique identifier of the encryption domain on the SKLES -->
            <xsd:element name="did" type="xsd:long" minOccurs="1"></xsd:element>

            <!-- The username of the user/application requestion the service -->
            <xsd:element name="username" type="xsd:string" minOccurs="1"></xsd:element>

            <!-- The password of the username specified above -->
            <xsd:element name="password" type="xsd:string" minOccurs="1"></xsd:element>

            <!-- The unique filename in the "in" sub-directory of the batch-
                 requests user's home-directory, containing the input records
                 of the tokens that must be searched for.  The file must be
                 transferred to the SKLES appliance securely in a different
                 manner (such as SFTP, SMB, NFS) before this web-service call
                 is made; the web-service does not transfer the file.    -->
            <xsd:element name="inputfile" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- The type of the response to the batch-search service request -->
    <xsd:complexType name="batchSearchResponse">
        <xsd:sequence>
            <!-- If the web-service call succeeds, the name of the output
                 XML file on the SKLES appliance, in the "out" folder of the
                 batch-requestor's home-directory, on the SKLES appliance.
                 The output file will have the pseudo-number (token) or error
                 messages, if any, for each search operation.  -->
            <xsd:element name="return" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- ********************************************************************
    8888888               888 d8b          d8b      888                   888
      888                 888 Y8P          Y8P      888                   888
      888                 888                       888                   888
      888   88888b.   .d88888 888 888  888 888  .d88888 888  888  8888b.  888
      888   888 "88b d88" 888 888 888  888 888 d88" 888 888  888     "88b 888
      888   888  888 888  888 888 Y88  88P 888 888  888 888  888 .d888888 888
      888   888  888 Y88b 888 888  Y8bd8P  888 Y88b 888 Y88b 888 888  888 888
    8888888 888  888  "Y88888 888   Y88P   888  "Y88888  "Y88888 "Y888888 888
    ********************************************************************* -->
    <!-- This type is used to package the parameters necessary to decrypt
         some sensitive data on the SKLES.  It is assumed that the transmission
         media is using TLS or IPSec for network-layer security.  All elements
         in this complex type are mandatory.
    -->
    <xsd:complexType name="decrypt">
        <xsd:sequence>
            <!-- The unique identifier of the encryption domain on the SKLES -->
            <xsd:element name="did" type="xsd:long" minOccurs="1"/>

            <!-- The username of the user/application requestion the service -->
            <xsd:element name="username" type="xsd:string" minOccurs="1"/>

            <!-- The password of the username specified above -->
            <xsd:element name="password" type="xsd:string" minOccurs="1"/>

            <!-- The unique token identifying the object in the SKLES database
                 that must be decrypted and returned.  The token itself is not
                 the ciphertext to be decrypted; it merely represents the
                 unique object in the SKLES database that must be decrypted and
                 returned in plaintext to the caller -->
            <xsd:element name="token" type="xsd:string" minOccurs="1"/>
        </xsd:sequence>
    </xsd:complexType>

    <!-- The type of the response to the decrypt service request -->
    <xsd:complexType name="decryptResponse">
        <xsd:sequence>
            <!-- The plaintext data returned if the service call succeeds -->
            <xsd:element name="return" type="xsd:string" minOccurs="1"/>
        </xsd:sequence>
    </xsd:complexType>

    <!-- ****************************************************************** -->
    <!-- This type is used to package the parameters necessary to delete
         some sensitive data on the SKLES.  It is assumed that the transmission
         media is using TLS or IPSec for network-layer security.  All elements
         in this complex type are mandatory.
    -->
    <xsd:complexType name="delete">
        <xsd:sequence>
            <!-- The unique identifier of the encryption domain on the SKLES -->
            <xsd:element name="did" type="xsd:long" minOccurs="1"/>

            <!-- The username of the user/application requestion the service -->
            <xsd:element name="username" type="xsd:string" minOccurs="1"/>

            <!-- The password of the username specified above -->
            <xsd:element name="password" type="xsd:string" minOccurs="1"/>

            <!-- The unique token identifying the object in the SKLES database
                 that must be deleted.  The token itself is not the ciphertext
                 to be deleted; it merely represents the unique object in the
                 SKLES database that must be deleted. -->
            <xsd:element name="token" type="xsd:string" minOccurs="1"/>
        </xsd:sequence>
    </xsd:complexType>

    <!-- The type of the response to the delete service request -->
    <xsd:complexType name="deleteResponse">
        <xsd:sequence>
            <!-- The boolean indicator returned if the service call succeeds/fails -->
            <xsd:element name="return" type="xsd:boolean" minOccurs="1"/>
        </xsd:sequence>
    </xsd:complexType>

    <!-- ****************************************************************** -->
    <!-- This type is used to package the parameters necessary to encrypt
         some sensitive data on the SKLES.  It is assumed that the transmission
         media is using TLS or IPSec for network-layer security.  All elements
         in this complex type are mandatory.
    -->
    <xsd:complexType name="encrypt">
        <xsd:sequence>
            <!-- The unique identifier of the encryption domain on the SKLES -->
            <xsd:element name="did" type="xsd:long" minOccurs="1"/>

            <!-- The username of the user/application requestion the service -->
            <xsd:element name="username" type="xsd:string" minOccurs="1"/>

            <!-- The password of the username specified above -->
            <xsd:element name="password" type="xsd:string" minOccurs="1"/>

            <!-- The sensitive data that must be encrypted. Maximum lenght of
                 this element is 1024 characters for the standard SKLES -->
            <xsd:element name="plaintext" type="xsd:string" minOccurs="1"/>
        </xsd:sequence>
    </xsd:complexType>

    <!-- The type of the response to the encrypt service request -->
    <xsd:complexType name="encryptResponse">
        <xsd:sequence>
            <!-- The ciphertext data returned if the service call succeeds -->
            <xsd:element name="return" type="xsd:string" minOccurs="1"/>
        </xsd:sequence>
    </xsd:complexType>

    <!-- ****************************************************************** -->
    <!-- This type is used to package the parameters necessary to "ping" the
         web-service on the SKLES.  It is assumed that the transmission
         media is using TLS or IPSec for network-layer security.  All elements
         in this complex type are mandatory. -->
    <xsd:complexType name="ping">
        <xsd:sequence>
            <!-- The unique identifier of the encryption domain on the SKLES -->
            <xsd:element name="did" type="xsd:long" minOccurs="1"></xsd:element>

            <!-- The password of the hard-coded username (pinguser) who has
                 the privilege of decrypting just one hard-coded well-known
                 token in the appliance (9999000000000001) to verify if the
                 TPM has been activated by KeyCustodians. -->
            <xsd:element name="password" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- The type of the response to the ping service request -->
    <xsd:complexType name="pingResponse">
        <xsd:sequence>
            <!-- If the call succeeds, various useful pieces of information
                 is returned to the caller: uptime, version number, the well-
                 known PAN (1235711131719230) and request counts. -->
            <xsd:element name="return" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- ****************************************************************** -->
    <!-- This type is used to package the parameters necessary to search for
         some sensitive data on the SKLES.  It is assumed that the transmission
         media is using TLS or IPSec for network-layer security.  All elements
         in this complex type are mandatory. -->
    <xsd:complexType name="search">
        <xsd:sequence>
            <!-- The unique identifier of the encryption domain on the SKLES -->
            <xsd:element name="did" type="xsd:long" minOccurs="1"></xsd:element>

            <!-- The username of the user/application requestion the service -->
            <xsd:element name="username" type="xsd:string" minOccurs="1"></xsd:element>

            <!-- The password of the username specified above -->
            <xsd:element name="password" type="xsd:string" minOccurs="1"></xsd:element>


            <xsd:element name="inputfile" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- The type of the response to the search service request -->
    <xsd:complexType name="searchResponse">
        <xsd:sequence>
            <!-- The token number of the record is returned if found in the DB -->
            <xsd:element name="return" type="xsd:string" minOccurs="1"></xsd:element>
        </xsd:sequence>
    </xsd:complexType>

    <!-- ****************************************************************** -->
    <!-- The exception returned by the SKLES in the event there is a problem
         with the service request; the problem may be related to invalid
         parameters sent by the caller, unauthorized username, password or
         an invalid token identifier in the database.  Calling application
         must parse the exception to get to the underlying error code and
         message -->
    <xsd:complexType name="StrongKeyLiteException">
        <xsd:sequence>
            <!-- The underlying error code and message from the SKLES -->
            <xsd:element name="message" type="xsd:string" minOccurs="1"/>
        </xsd:sequence>
    </xsd:complexType>
</xsd:schema>

