blob: 5bddd3b50320583cd6ae7b1950be0e707edda305 [file] [log] [blame]
Jayanth Othayoth1838fe72018-11-02 05:40:09 -05001description: >
2 Implement to provide certificate management features.
3
4 An OpenBMC implementation providing installed certificate management
5 functions. An implementation service should additionally implement
6 xyz.openbmc_project.Object.Delete to allow the deletion of individual
7 certificate objects.
8properties:
9 - name: CertificateString
10 type: string
11 description: >
12 The string for the certificate.
13
14 This is a X.509 public certificate in PEM format.
15 PEM wiki - https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail
16
17 An X.509 certificate contains a public key, validity, and an
18 identity (a hostname, or an organization, or an individual),
19 and is either signed by a certificate authority or self-signed.
20 Refer https://en.wikipedia.org/wiki/X.509 for details.
21 - name: KeyUsage
22 type: array[string]
23 description: >
24 Key usage extensions define the purpose of the public key contained
25 in a certificate.
26
27 Valid Key usage extensions and its usage description is based on
28 Redfish Resource and Schema Guide 2018.3 version.
29 https://www.dmtf.org/sites/default/files/standards/documents/DSP2046_2018.3.pdf
30
31 ClientAuthentication: The public key is used for TLS WWW client
32 authentication.
33 CodeSigning: The public key is used for the signing of executable code.
34 CRLSigning: The public key is used for verifying signatures on
35 certificate revocation lists (CLRs).
36 DataEncipherment: The public key is used for directly enciphering
37 raw user data without the use of an intermediate
38 symmetric cipher.
39 DecipherOnly: The public key could be used for deciphering data
40 while performing key agreement.
41 DigitalSignature: The public key is used for verifying digital
42 signatures, other than signatures on certificates
43 and CRLs.
44 EmailProtection: The public key is used for email protection.
45 EncipherOnly: The public key could be used for enciphering data
46 while performing key agreement.
47 KeyCertSign: The public key is used for verifying signatures on
48 public key certificates.
49 KeyEncipherment: The public key is used for enciphering private or
50 secret keys.
51 NonRepudiation: The public key is used to verify digital signatures,
52 other than signatures on certificates and CRLs,
53 and used to provide a non- repudiation service that
54 protects against the signing entity falsely denying
55 some action.
56 OCSPSigning: The public key is used for signing OCSP responses.
57 ServerAuthentication: The public key is used for TLS WWW server
58 authentication.
59 Timestamping: The public key is used for binding the hash of an
60 object to a time.
61
62 - name: Issuer
63 type: string
64 description: >
65 The issuer of the certificate.
66
67 Refer X.509 certificate wiki for the "Issuer" Key and value details.
68
69 Example: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
70 Here C = country, O=organization, CN= common name.
71
72 - name: Subject
73 type: string
74 description: >
75 The subject of the certificate
76
77 Refer X.509 certificate wiki for the "Subject" Key and value details.
78 Refer https://en.wikipedia.org/wiki/X.509
79
80 Example: Subject: C=US, ST=New York, L=Armonk,
81 O=International Business Machines Corporation,
82 OU=research, CN=www.research.ibm.com
83 Here C=country, ST=state, L=locality, O=organization, CN= common name.
84 OU= organizational unit
85
86 - name: ValidNotAfter
87 type: uint64
88 description: >
89 The certificate expiry date and time, in epoch time, in milliseconds
90 - name: ValidNotBefore
91 type: uint64
92 description: >
93 The certificate validity start date and time,
94 in epoch time, in milliseconds.