| description: > |
| Implement to provide certificate management features. |
| |
| An OpenBMC implementation providing installed certificate management |
| functions. An implementation service should additionally implement |
| xyz.openbmc_project.Object.Delete to allow the deletion of individual |
| certificate objects. |
| properties: |
| - name: CertificateString |
| type: string |
| description: > |
| The string for the certificate. |
| |
| This is a X.509 public certificate in PEM format. |
| PEM wiki - https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail |
| |
| An X.509 certificate contains a public key, validity, and an |
| identity (a hostname, or an organization, or an individual), |
| and is either signed by a certificate authority or self-signed. |
| Refer https://en.wikipedia.org/wiki/X.509 for details. |
| - name: KeyUsage |
| type: array[string] |
| description: > |
| Key usage extensions define the purpose of the public key contained |
| in a certificate. |
| |
| Valid Key usage extensions and its usage description is based on |
| Redfish Resource and Schema Guide 2018.3 version. |
| https://www.dmtf.org/sites/default/files/standards/documents/DSP2046_2018.3.pdf |
| |
| ClientAuthentication: The public key is used for TLS WWW client |
| authentication. |
| CodeSigning: The public key is used for the signing of executable code. |
| CRLSigning: The public key is used for verifying signatures on |
| certificate revocation lists (CLRs). |
| DataEncipherment: The public key is used for directly enciphering |
| raw user data without the use of an intermediate |
| symmetric cipher. |
| DecipherOnly: The public key could be used for deciphering data |
| while performing key agreement. |
| DigitalSignature: The public key is used for verifying digital |
| signatures, other than signatures on certificates |
| and CRLs. |
| EmailProtection: The public key is used for email protection. |
| EncipherOnly: The public key could be used for enciphering data |
| while performing key agreement. |
| KeyCertSign: The public key is used for verifying signatures on |
| public key certificates. |
| KeyEncipherment: The public key is used for enciphering private or |
| secret keys. |
| NonRepudiation: The public key is used to verify digital signatures, |
| other than signatures on certificates and CRLs, |
| and used to provide a non- repudiation service that |
| protects against the signing entity falsely denying |
| some action. |
| OCSPSigning: The public key is used for signing OCSP responses. |
| ServerAuthentication: The public key is used for TLS WWW server |
| authentication. |
| Timestamping: The public key is used for binding the hash of an |
| object to a time. |
| |
| - name: Issuer |
| type: string |
| description: > |
| The issuer of the certificate. |
| |
| Refer X.509 certificate wiki for the "Issuer" Key and value details. |
| |
| Example: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA |
| Here C = country, O=organization, CN= common name. |
| |
| - name: Subject |
| type: string |
| description: > |
| The subject of the certificate |
| |
| Refer X.509 certificate wiki for the "Subject" Key and value details. |
| Refer https://en.wikipedia.org/wiki/X.509 |
| |
| Example: Subject: C=US, ST=New York, L=Armonk, |
| O=International Business Machines Corporation, |
| OU=research, CN=www.research.ibm.com |
| Here C=country, ST=state, L=locality, O=organization, CN= common name. |
| OU= organizational unit |
| |
| - name: ValidNotAfter |
| type: uint64 |
| description: > |
| The certificate expiry date and time, in epoch time, in milliseconds |
| - name: ValidNotBefore |
| type: uint64 |
| description: > |
| The certificate validity start date and time, |
| in epoch time, in milliseconds. |