| Jayanth Othayoth | 1838fe7 | 2018-11-02 05:40:09 -0500 | [diff] [blame] | 1 | description: > |
| 2 | Implement to provide certificate management features. |
| 3 | |
| 4 | An OpenBMC implementation providing installed certificate management |
| 5 | functions. An implementation service should additionally implement |
| 6 | xyz.openbmc_project.Object.Delete to allow the deletion of individual |
| 7 | certificate objects. |
| 8 | properties: |
| 9 | - name: CertificateString |
| 10 | type: string |
| 11 | description: > |
| 12 | The string for the certificate. |
| 13 | |
| Patrick Williams | a134741 | 2022-12-06 10:56:22 -0600 | [diff] [blame^] | 14 | This is a X.509 public certificate in PEM format. PEM wiki - |
| 15 | https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail |
| Jayanth Othayoth | 1838fe7 | 2018-11-02 05:40:09 -0500 | [diff] [blame] | 16 | |
| Patrick Williams | a134741 | 2022-12-06 10:56:22 -0600 | [diff] [blame^] | 17 | An X.509 certificate contains a public key, validity, and an identity |
| 18 | (a hostname, or an organization, or an individual), and is either |
| 19 | signed by a certificate authority or self-signed. Refer |
| 20 | https://en.wikipedia.org/wiki/X.509 for details. |
| Jayanth Othayoth | 1838fe7 | 2018-11-02 05:40:09 -0500 | [diff] [blame] | 21 | - name: KeyUsage |
| 22 | type: array[string] |
| 23 | description: > |
| Patrick Williams | a134741 | 2022-12-06 10:56:22 -0600 | [diff] [blame^] | 24 | Key usage extensions define the purpose of the public key contained in |
| 25 | a certificate. |
| Jayanth Othayoth | 1838fe7 | 2018-11-02 05:40:09 -0500 | [diff] [blame] | 26 | |
| 27 | Valid Key usage extensions and its usage description is based on |
| 28 | Redfish Resource and Schema Guide 2018.3 version. |
| 29 | https://www.dmtf.org/sites/default/files/standards/documents/DSP2046_2018.3.pdf |
| 30 | |
| 31 | ClientAuthentication: The public key is used for TLS WWW client |
| 32 | authentication. |
| Patrick Williams | a134741 | 2022-12-06 10:56:22 -0600 | [diff] [blame^] | 33 | CodeSigning: The public key is used for the signing of executable |
| 34 | code. CRLSigning: The public key is used for verifying signatures on |
| Jayanth Othayoth | 1838fe7 | 2018-11-02 05:40:09 -0500 | [diff] [blame] | 35 | certificate revocation lists (CLRs). |
| 36 | DataEncipherment: The public key is used for directly enciphering |
| 37 | raw user data without the use of an intermediate |
| 38 | symmetric cipher. |
| 39 | DecipherOnly: The public key could be used for deciphering data |
| 40 | while performing key agreement. |
| 41 | DigitalSignature: The public key is used for verifying digital |
| 42 | signatures, other than signatures on certificates |
| 43 | and CRLs. |
| 44 | EmailProtection: The public key is used for email protection. |
| 45 | EncipherOnly: The public key could be used for enciphering data |
| 46 | while performing key agreement. |
| 47 | KeyCertSign: The public key is used for verifying signatures on |
| 48 | public key certificates. |
| 49 | KeyEncipherment: The public key is used for enciphering private or |
| 50 | secret keys. |
| 51 | NonRepudiation: The public key is used to verify digital signatures, |
| 52 | other than signatures on certificates and CRLs, |
| 53 | and used to provide a non- repudiation service that |
| 54 | protects against the signing entity falsely denying |
| 55 | some action. |
| 56 | OCSPSigning: The public key is used for signing OCSP responses. |
| 57 | ServerAuthentication: The public key is used for TLS WWW server |
| 58 | authentication. |
| 59 | Timestamping: The public key is used for binding the hash of an |
| 60 | object to a time. |
| 61 | |
| 62 | - name: Issuer |
| 63 | type: string |
| 64 | description: > |
| 65 | The issuer of the certificate. |
| 66 | |
| 67 | Refer X.509 certificate wiki for the "Issuer" Key and value details. |
| 68 | |
| Patrick Williams | a134741 | 2022-12-06 10:56:22 -0600 | [diff] [blame^] | 69 | Example: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA Here |
| 70 | C = country, O=organization, CN= common name. |
| Jayanth Othayoth | 1838fe7 | 2018-11-02 05:40:09 -0500 | [diff] [blame] | 71 | |
| 72 | - name: Subject |
| 73 | type: string |
| 74 | description: > |
| 75 | The subject of the certificate |
| 76 | |
| 77 | Refer X.509 certificate wiki for the "Subject" Key and value details. |
| 78 | Refer https://en.wikipedia.org/wiki/X.509 |
| 79 | |
| 80 | Example: Subject: C=US, ST=New York, L=Armonk, |
| 81 | O=International Business Machines Corporation, |
| 82 | OU=research, CN=www.research.ibm.com |
| 83 | Here C=country, ST=state, L=locality, O=organization, CN= common name. |
| 84 | OU= organizational unit |
| 85 | |
| 86 | - name: ValidNotAfter |
| 87 | type: uint64 |
| 88 | description: > |
| 89 | The certificate expiry date and time, in epoch time, in milliseconds |
| 90 | - name: ValidNotBefore |
| 91 | type: uint64 |
| 92 | description: > |
| Patrick Williams | a134741 | 2022-12-06 10:56:22 -0600 | [diff] [blame^] | 93 | The certificate validity start date and time, in epoch time, in |
| 94 | milliseconds. |