blob: 48b1bd14ce0970affa9ace09d667975f377dc807 [file] [log] [blame]
Jayanth Othayothf4543102018-12-10 05:25:32 -06001description: >
2 Implement to create Certificate Signing Request(CSR).
3
4methods:
5 - name: GenerateCSR
6 description: >
7 This command is used to initiate a certificate signing request.
8 This command only returns the D-Bus path name for the new CSR object.
9 User need to listen on InterfacesAdded signal emitted by
10 /xyz/openbmc_project/Certs to retrieve the CSR string after
11 successful CSR creation.
12
13 Note: Following Parameters are mandatory or optional based on the
14 Redfish documentation.
15
16 Caller is responsible for the input parameter validation.
17
18 If the caller does not wish a field to be included in the
19 CSR Request, initialize the Parameter with blank for strings
20 and zero for integers.
21
22 parameters:
23 - name: AlternativeNames
24 type: array[string]
25 description: >
26 Additional hostnames of the component that is being secured.
27 - name: ChallengePassword
28 type: string
29 description: >
30 The challenge password to be applied to the certificate for
31 revocation requests.
32 - name: City
33 type: string
34 description: >
35 The city or locality of the organization making the request.
36 For Example Austin
37 This is a required parameter.
38 - name: CommonName
39 type: string
40 description: >
41 The fully qualified domain name of the component that is being
42 secured.
43 This is a required parameter.
44 - name: ContactPerson
45 type: string
46 description: >
47 The name of the user making the request.
48 - name: Country
49 type: string
50 description: >
51 The country of the organization making the request.
52 This is a required parameter.
53 - name: Email
54 type: string
55 description: >
56 The email address of the contact within the organization
57 making the request.
58 - name: GivenName
59 type: string
60 description: >
61 The given name of the user making the request.
62 - name: Initials
63 type: string
64 description: >
65 The initials of the user making the request.
66 - name: KeyBitLength
67 type: int64
68 description: >
69 The length of the key in bits, if needed based on the value
70 of the KeyPairAlgorithm parameter.
71
72 Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html
73 - name: KeyCurveId
74 type: string
75 description: >
76 The curve ID to be used with the key, if needed based on the
77 value of the KeyPairAlgorithm parameter.
78
79 Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html
80 - name: KeyPairAlgorithm
81 type: string
82 description: >
83 The type of key pair for use with signing algorithms.
84
85 Valid built-in algorithm names for private key generation are
86 RSA and EC.
87 - name: KeyUsage
88 type: array[string]
89 description: >
90 Key usage extensions define the purpose of the public key contained
91 in a certificate.
92
93 Valid Key usage extensions and its usage description.
94
95 ClientAuthentication: The public key is used for TLS WWW client
96 authentication.
97 CodeSigning: The public key is used for the signing of executable code.
98 CRLSigning: The public key is used for verifying signatures on
99 certificate revocation lists (CLRs).
100 DataEncipherment: The public key is used for directly enciphering
101 raw user data without the use of an intermediate
102 symmetric cipher.
103 DecipherOnly: The public key could be used for deciphering data
104 while performing key agreement.
105 DigitalSignature: The public key is used for verifying digital
106 signatures, other than signatures on certificates
107 and CRLs.
108 EmailProtection: The public key is used for email protection.
109 EncipherOnly: The public key could be used for enciphering data
110 while performing key agreement.
111 KeyCertSign: The public key is used for verifying signatures on
112 public key certificates.
113 KeyEncipherment: The public key is used for enciphering private or
114 secret keys.
115 NonRepudiation: The public key is used to verify digital signatures,
116 other than signatures on certificates and CRLs,
117 and used to provide a non- repudiation service that
118 protects against the signing entity falsely denying
119 some action.
120 OCSPSigning: The public key is used for signing OCSP responses.
121 ServerAuthentication: The public key is used for TLS WWW server
122 authentication.
123 Timestamping: The public key is used for binding the hash of an
124 object to a time.
125 - name: Organization
126 type: string
127 description: >
128 The legal name of the organization. This should not be abbreviated
129 and should include suffixes such as Inc, Corp, or LLC.
130 For example, IBM Corp.
131 This is a required parameter.
132 - name: OrganizationalUnit
133 type: string
134 description: >
135 The name of the unit or division of the organization making the
136 request.
137 This is a required parameter.
138 - name: State
139 type: string
140 description: >
141 The state or province where the organization is located.
142 This should not be abbreviated. For example, Texas.
143 This is a required parameter.
144 - name: Surname
145 type: string
146 description: >
147 The surname of the user making the request.
148 - name: UnstructuredName
149 type: string
150 description: >
151 The unstructured name of the subject.
152 returns:
153 - name: path
154 type: string
155 description: >
156 The object path of the D-Bus object to be watch for retrieving
157 the CSR string.
158 errors:
159 - xyz.openbmc_project.Common.Error.InternalFailure