blob: 48b1bd14ce0970affa9ace09d667975f377dc807 [file] [log] [blame]
description: >
Implement to create Certificate Signing Request(CSR).
methods:
- name: GenerateCSR
description: >
This command is used to initiate a certificate signing request.
This command only returns the D-Bus path name for the new CSR object.
User need to listen on InterfacesAdded signal emitted by
/xyz/openbmc_project/Certs to retrieve the CSR string after
successful CSR creation.
Note: Following Parameters are mandatory or optional based on the
Redfish documentation.
Caller is responsible for the input parameter validation.
If the caller does not wish a field to be included in the
CSR Request, initialize the Parameter with blank for strings
and zero for integers.
parameters:
- name: AlternativeNames
type: array[string]
description: >
Additional hostnames of the component that is being secured.
- name: ChallengePassword
type: string
description: >
The challenge password to be applied to the certificate for
revocation requests.
- name: City
type: string
description: >
The city or locality of the organization making the request.
For Example Austin
This is a required parameter.
- name: CommonName
type: string
description: >
The fully qualified domain name of the component that is being
secured.
This is a required parameter.
- name: ContactPerson
type: string
description: >
The name of the user making the request.
- name: Country
type: string
description: >
The country of the organization making the request.
This is a required parameter.
- name: Email
type: string
description: >
The email address of the contact within the organization
making the request.
- name: GivenName
type: string
description: >
The given name of the user making the request.
- name: Initials
type: string
description: >
The initials of the user making the request.
- name: KeyBitLength
type: int64
description: >
The length of the key in bits, if needed based on the value
of the KeyPairAlgorithm parameter.
Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html
- name: KeyCurveId
type: string
description: >
The curve ID to be used with the key, if needed based on the
value of the KeyPairAlgorithm parameter.
Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html
- name: KeyPairAlgorithm
type: string
description: >
The type of key pair for use with signing algorithms.
Valid built-in algorithm names for private key generation are
RSA and EC.
- name: KeyUsage
type: array[string]
description: >
Key usage extensions define the purpose of the public key contained
in a certificate.
Valid Key usage extensions and its usage description.
ClientAuthentication: The public key is used for TLS WWW client
authentication.
CodeSigning: The public key is used for the signing of executable code.
CRLSigning: The public key is used for verifying signatures on
certificate revocation lists (CLRs).
DataEncipherment: The public key is used for directly enciphering
raw user data without the use of an intermediate
symmetric cipher.
DecipherOnly: The public key could be used for deciphering data
while performing key agreement.
DigitalSignature: The public key is used for verifying digital
signatures, other than signatures on certificates
and CRLs.
EmailProtection: The public key is used for email protection.
EncipherOnly: The public key could be used for enciphering data
while performing key agreement.
KeyCertSign: The public key is used for verifying signatures on
public key certificates.
KeyEncipherment: The public key is used for enciphering private or
secret keys.
NonRepudiation: The public key is used to verify digital signatures,
other than signatures on certificates and CRLs,
and used to provide a non- repudiation service that
protects against the signing entity falsely denying
some action.
OCSPSigning: The public key is used for signing OCSP responses.
ServerAuthentication: The public key is used for TLS WWW server
authentication.
Timestamping: The public key is used for binding the hash of an
object to a time.
- name: Organization
type: string
description: >
The legal name of the organization. This should not be abbreviated
and should include suffixes such as Inc, Corp, or LLC.
For example, IBM Corp.
This is a required parameter.
- name: OrganizationalUnit
type: string
description: >
The name of the unit or division of the organization making the
request.
This is a required parameter.
- name: State
type: string
description: >
The state or province where the organization is located.
This should not be abbreviated. For example, Texas.
This is a required parameter.
- name: Surname
type: string
description: >
The surname of the user making the request.
- name: UnstructuredName
type: string
description: >
The unstructured name of the subject.
returns:
- name: path
type: string
description: >
The object path of the D-Bus object to be watch for retrieving
the CSR string.
errors:
- xyz.openbmc_project.Common.Error.InternalFailure