// Copyright (c) 2011 DMTF.  All rights reserved.
   [Version ( "2.29.0" ), 
    ClassConstraint { 
       "/* The constraints below aim to efficiently */ /* represent a singular OctetString. Each of the properties*/  /* is a single encoded stringthus only the first element */  /* needs to be populated. */ inv:self.PublicKey->size()<=1 and self.SerialNumber->size()<=1 and self.EncodedCertificate->size()<=1" }, 
    UMLPackagePath ( "CIM::User::PublicKey" ), 
    Description ( 
       "CIM_X509Certificate describes Internet X509 Public Key "
       "Infrastructure (PKI) standard based certificates. The "
       "certificates are signed by a trusted Certificate Authority "
       "(CA) or by the owner of the certificate and issued to an "
       "authenticated entity (e.g., human user, service, etc.) called "
       "the Subject in the certificate. The public key in the "
       "certificate is cryptographically related to a private key that "
       "is held and kept private by the authenticated Subject. The "
       "certificate and its related private key can then be used for "
       "establishing trust relationships and securing communications "
       "with the Subject. Refer to the Internet X.509 PKI standard "
       "(RFC 3280) for more information." )]
class CIM_X509Certificate : CIM_X509Infrastructure {

      [Description ( 
          "Distinguished name identifying the subject of the "
          "certificate.Subject shall contain information as "
          "required by section 4.1.2.6 of RFC 3280 and shall be "
          "formatted based on RFC 4514." ), 
       DN, MappingStrings { "RFC3280.IETF|Section 4.1.2.6" }]
   string Subject;

      [Description ( 
          "Alternate subject identifier for the Certificate." ), 
       MappingStrings { "RFC3280.IETF|Section 4.2.1.7" }]
   string AltSubject;

      [Description ( 
          "The DER-encoded raw public key that belongs to the "
          "subject the certificate vouches for.Only the first "
          "element of PublicKey array property shall be populated "
          "with DER encoded raw public key octet string." ), 
       OctetString, MappingStrings { "RFC3280.IETF|Section 4.1.2.7" }]
   string PublicKey[];

      [Description ( 
          "The length of the public key represented in the "
          "PublicKey property." ), 
       MappingStrings { "RFC3280.IETF|Section 4.1.2.7" }]
   uint16 PublicKeySize;

      [Description ( 
          "IsValid represents whether the certificate is currently "
          "valid. When the certificate is revoked or expired or put "
          "on hold or invalidated for any reason IsValid shall be "
          "set to FALSE." )]
   boolean IsValid;

      [Description ( 
          "Unique number that identifies this certificate.Only the "
          "first element of the array property shall be populated." ), 
       OctetString, MappingStrings { "RFC3280.IETF|Section 4.1.2.2" }]
   string SerialNumber[];

      [Description ( "Public key algorithm." ), 
       ValueMap { "0", "2", "3", "4", "5..32767", "32768..65535" }, 
       Values { "Unknown", "RSA", "DSA", "ECDSA", "DMTF Reserved", 
          "Vendor Specified" }, 
       MappingStrings { "RFC3280.IETF|Section 4.1.2.7" }]
   uint16 PublicKeyAlgorithm;

      [Description ( 
          "Key usage defines the purpose of the key. Key usage "
          "could include digital signing, key agreement, "
          "certificate signing, and more. The key usage is an "
          "extension to the X.509 specification." ), 
       ValueMap { "0", "2", "3", "4", "5", "6", "7", "8..32767", 
          "32768..65535" }, 
       Values { "Unknown", "Digital Signature", "Non Repudiation", 
          "Key Encipherment", "Data Encipherment", "Key Agreement", 
          "Key Certificate Signature", "DMTF Reserved", 
          "Vendor Specified" }, 
       MappingStrings { "RFC3280.IETF|Section 4.2.1.3" }]
   uint16 KeyUsage[];

      [Description ( 
          "This extension indicates one or more purposes for which "
          "the certified public key may be used, in addition to or "
          "in place of the basic purposes indicated in the key "
          "usage extension." ), 
       MappingStrings { "RFC3280.IETF|Section 4.2.1.13" }]
   string ExtendedKeyUsage[];

      [Description ( 
          "An X.509 certificate may contain an optional extension "
          "that identifies whether the subject of the certificate "
          "is a certificate authority (CA). If the subject is a CA, "
          "this property defines the number of certificates that "
          "may follow this certificate in a certification chain." ), 
       MappingStrings { "RFC3280.IETF|Section 4.2.1.10" }]
   uint16 PathLengthConstraint;

      [Description ( 
          "The full content of the certificate in binary form.Only "
          "the first element of the array property shall be "
          "populated." ), 
       OctetString, MappingStrings { "RFC3280.IETF|Section 4" }]
   string EncodedCertificate[];

      [Description ( 
          "Extension identifier array for additional attributes "
          "associated with the certificate. The corresponding array "
          "element in the IsCritical property denotes whether the "
          "extension is critical. The corresponding array element "
          "in the ExtensionValue property contains the value of the "
          "extension attribute." ), 
       ArrayType ( "Indexed" ), 
       MappingStrings { "RFC3280.IETF|Section 4.1.2.9", 
          "RFC3280.IETF|Section 4.2" }, 
       ModelCorrespondence { "CIM_X509Certificate.IsCritical", 
          "CIM_X509Certificate.ExtensionValue" }]
   string ExtensionID[];

      [Description ( 
          "Certificate extension attribute value array. The "
          "corresponding array element in the ExtensionID property "
          "contains the identifier of the certificate extension "
          "attribute. The corresponding array element in the "
          "IsCritical property denotes whether the extension is "
          "critical." ), 
       ArrayType ( "Indexed" ), 
       MappingStrings { "RFC3280.IETF|Section 4.1.2.9", 
          "RFC3280.IETF|Section 4.2" }, 
       ModelCorrespondence { "CIM_X509Certificate.IsCritical", 
          "CIM_X509Certificate.ExtensionID" }]
   string ExtensionValue[];

      [Description ( 
          "TRUE value represents that the extension attribute is "
          "critical. The corresponding array element in the "
          "ExtensionID property contains the identifier of the "
          "extension attribute. The corresponding array element in "
          "the ExtensionValue property contains the value of the "
          "extension attribute." ), 
       ArrayType ( "Indexed" ), 
       MappingStrings { "RFC3280.IETF|Section 4.1.2.9", 
          "RFC3280.IETF|Section 4.2" }, 
       ModelCorrespondence { "CIM_X509Certificate.ExtensionID", 
          "CIM_X509Certificate.ExtensionValue" }]
   boolean IsCritical[];

      [Description ( 
          "String that identifies the issuer of the certificate." ), 
       MappingStrings { "RFC3280.IETF|Section 4.1.2.8" }]
   string IssuerUniqueID;

      [Description ( "Certificate\'s unique subject identifier." ), 
       MappingStrings { "RFC3280.IETF|Section 4.1.2.8" }]
   string SubjectUniqueID;

      [Description ( 
          "TRUE value represents that the certificate is a trusted "
          "root certificate." )]
   boolean TrustedRootCertificate;


};