{ "title": "JSON Schema for the STAR Delegation CSR template", "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://ietf.org/acme/drafts/star-delegation/csr-template", "$defs": { "distinguished-name": { "$id": "#distinguished-name", "type": "object", "minProperties": 1, "properties": { "country": { "type": "string" }, "stateOrProvince": { "type": "string" }, "locality": { "type": "string" }, "organization": { "type": "string" }, "organizationalUnit": { "type": "string" }, "emailAddress": { "type": "string" }, "commonName": { "type": "string" } }, "additionalProperties": false }, "rsaKeyType": { "$id": "#rsaKeyType", "type": "object", "properties": { "PublicKeyType": { "type": "string", "const": "rsaEncryption" }, "PublicKeyLength": { "type": "integer" }, "SignatureType": { "type": "string", "enum": [ "sha256WithRSAEncryption", "sha384WithRSAEncryption", "sha512WithRSAEncryption", "sha256WithRSAandMGF1", "sha384WithRSAandMGF1", "sha512WithRSAandMGF1" ] } }, "required": [ "PublicKeyType", "PublicKeyLength", "SignatureType" ], "additionalProperties": false }, "ecdsaKeyType": { "$id": "#ecdsaKeyType", "type": "object", "properties": { "PublicKeyType": { "type": "string", "const": "id-ecPublicKey" }, "namedCurve": { "type": "string", "enum": [ "secp256r1", "secp384r1", "secp521r1" ] }, "SignatureType": { "type": "string", "enum": [ "ecdsa-with-SHA256", "ecdsa-with-SHA384", "ecdsa-with-SHA512" ] } }, "required": [ "PublicKeyType", "namedCurve", "SignatureType" ], "additionalProperties": false } }, "type": "object", "properties": { "keyTypes": { "type": "array", "minItems": 1, "items": { "anyOf": [ { "$ref": "#rsaKeyType" }, { "$ref": "#ecdsaKeyType" } ] } }, "subject": { "$ref": "#distinguished-name" }, "extensions": { "type": "object", "properties": { "keyUsage": { "type": "array", "minItems": 1, "items": { "type": "string", "enum": [ "digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly" ] } }, "extendedKeyUsage": { "type": "array", "minItems": 1, "items": { "anyOf": [ { "type": "string", "enum": [ "serverAuth", "clientAuth", "codeSigning", "emailProtection", "timeStamping", "OCSPSigning" ] }, { "type": "string", "pattern": "^([0-2])((\\.0)|(\\.[1-9][0-9]*))*$", "description": "Used for OID values" } ] } }, "subjectAltName": { "type": "object", "minProperties": 1, "properties": { "DNS": { "type": "array", "minItems": 1, "items": { "anyOf": [ { "type": "string", "enum": [ "*", "**" ] }, { "type": "string", "format": "hostname" } ] } }, "Email": { "type": "array", "minItems": 1, "items": { "type": "string", "format": "email" } }, "URI": { "type": "array", "minItems": 1, "items": { "type": "string", "format": "uri" } } }, "additionalProperties": false } }, "required": [ "subjectAltName" ], "additionalProperties": false } }, "required": [ "extensions", "keyTypes" ], "additionalProperties": false }