Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-dbus-interfaces / 1838fe7365ecd4e867601329f6ae81b852d9d3af^! / . / xyz / openbmc_project / Certs / Certificate.interface.yaml
commit1838fe7365ecd4e867601329f6ae81b852d9d3af[log] [tgz]
authorJayanth Othayoth <ojayanth@in.ibm.com>Fri Nov 02 05:40:09 2018 -0500
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Fri Feb 15 20:18:29 2019 +0000
treef45338cac1caea4e7c9752e3a570dd88379f18c3
parent2dd39570f27fa11c96568ffcf0f0f04309a5147c [diff] [blame]
Add Certs Manager interface.

xyz.openbmc_project.Certs.Certificate provides the properties
for the specific certificates.

Currently KeyUsage property limited to support
ClientAuthentication, KeyCertSign, ServerAuthentication purpose.

Properties are based on the Redfish (DSP2046: 2018.3)
certificate schema.

Change-Id: I2bf74cb43ebb27d1aa6cf570c7f06b148b86ea49
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>

diff --git a/xyz/openbmc_project/Certs/Certificate.interface.yaml b/xyz/openbmc_project/Certs/Certificate.interface.yaml
new file mode 100644
index 0000000..5bddd3b
--- /dev/null
+++ b/xyz/openbmc_project/Certs/Certificate.interface.yaml

@@ -0,0 +1,94 @@
+description: >
+    Implement to provide certificate management features.
+
+    An OpenBMC implementation providing installed certificate management
+    functions. An implementation service should additionally implement
+    xyz.openbmc_project.Object.Delete to allow the deletion of individual
+    certificate objects.
+properties:
+    - name: CertificateString
+      type: string
+      description: >
+          The string for the certificate.
+
+          This is a X.509 public certificate in PEM format.
+          PEM wiki - https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail
+
+          An X.509 certificate contains a public key, validity, and an
+          identity (a hostname, or an organization, or an individual),
+          and is either signed by a certificate authority or self-signed.
+          Refer https://en.wikipedia.org/wiki/X.509 for details.
+    - name: KeyUsage
+      type: array[string]
+      description: >
+          Key usage extensions define the purpose of the public key contained
+          in a certificate.
+
+          Valid Key usage extensions and its usage description is based on
+          Redfish Resource and Schema Guide 2018.3 version.
+          https://www.dmtf.org/sites/default/files/standards/documents/DSP2046_2018.3.pdf
+
+          ClientAuthentication: The public key is used for TLS WWW client
+                                authentication.
+          CodeSigning: The public key is used for the signing of executable code.
+          CRLSigning: The public key is used for verifying signatures on
+                      certificate revocation lists (CLRs).
+          DataEncipherment: The public key is used for directly enciphering
+                            raw user data without the use of an intermediate
+                            symmetric cipher.
+          DecipherOnly: The public key could be used for deciphering data
+                        while performing key agreement.
+          DigitalSignature: The public key is used for verifying digital
+                            signatures, other than signatures on certificates
+                            and CRLs.
+          EmailProtection: The public key is used for email protection.
+          EncipherOnly: The public key could be used for enciphering data
+                        while performing key agreement.
+          KeyCertSign: The public key is used for verifying signatures on
+                       public key certificates.
+          KeyEncipherment: The public key is used for enciphering private or
+                           secret keys.
+          NonRepudiation: The public key is used to verify digital signatures,
+                          other than signatures on certificates and CRLs,
+                          and used to provide a non- repudiation service that
+                          protects against the signing entity falsely denying
+                          some action.
+          OCSPSigning: The public key is used for signing OCSP responses.
+          ServerAuthentication: The public key is used for TLS WWW server
+                                authentication.
+          Timestamping: The public key is used for binding the hash of an
+                        object to a time.
+
+    - name: Issuer
+      type: string
+      description: >
+          The issuer of the certificate.
+
+          Refer X.509 certificate wiki for the "Issuer" Key and value details.
+
+          Example: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
+          Here C = country, O=organization, CN= common name.
+
+    - name: Subject
+      type: string
+      description: >
+          The subject of the certificate
+
+          Refer X.509 certificate wiki for the "Subject" Key and value details.
+          Refer https://en.wikipedia.org/wiki/X.509
+
+          Example:  Subject: C=US, ST=New York, L=Armonk,
+                    O=International Business Machines Corporation,
+                    OU=research, CN=www.research.ibm.com
+          Here C=country, ST=state, L=locality, O=organization, CN= common name.
+               OU= organizational unit
+
+    - name: ValidNotAfter
+      type: uint64
+      description: >
+          The certificate expiry date and time, in epoch time, in milliseconds
+    - name: ValidNotBefore
+      type: uint64
+      description: >
+          The certificate validity start date and time,
+          in epoch time, in milliseconds.