netconfcentral logo

ietf-keychain

HTML

ietf-keychain@2015-10-09



  module ietf-keychain {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-keychain";

    prefix kc;

    organization
      "IETF NETCONF (Network Configuration) Working Group";

    contact
      "WG Web:   <http://tools.ietf.org/wg/netconf/>
    WG List:  <mailto:netconf@ietf.org>

    WG Chair: Mehmet Ersue
              <mailto:mehmet.ersue@nsn.com>

    WG Chair: Mahesh Jethanandani
              <mailto:mjethanandani@gmail.com>

    Editor:   Kent Watsen
              <mailto:kwatsen@juniper.net>";

    description
      "This module defines a keychain to centralize management of
    security credentials.

    Copyright (c) 2014 IETF Trust and the persons identified as
    authors of the code. All rights reserved.

    Redistribution and use in source and binary forms, with or
    without modification, is permitted pursuant to, and subject
    to the license terms contained in, the Simplified BSD
    License set forth in Section 4.c of the IETF Trust's
    Legal Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info).

    This version of this YANG module is part of RFC VVVV; see
    the RFC itself for full legal notices.";

    revision "2015-10-09" {
      description "Initial version";
      reference
        "RFC VVVV: NETCONF Server and RESTCONF Server Configuration
        	  Models";

    }


    container keychain {
      description
        "A list of private-keys and their associated certificates, as
       well as lists of trusted certificates for client certificate
       authentication.  RPCs are provided to generate a new private
       key and to generate a certificate signing requests.";
      container private-keys {
        description
          "A list of private key maintained by the keychain.";
        list private-key {
          key "name";
          description "A private key.";
          leaf name {
            type string;
            description
              "An arbitrary name for the private key.";
          }

          leaf algorithm {
            type enumeration {
              enum "rsa" {
                value 0;
                description "TBD";
              }
              enum "dsa" {
                value 1;
                description "TBD";
              }
              enum "secp192r1" {
                value 2;
                description "TBD";
              }
              enum "sect163k1" {
                value 3;
                description "TBD";
              }
              enum "sect163r2" {
                value 4;
                description "TBD";
              }
              enum "secp224r1" {
                value 5;
                description "TBD";
              }
              enum "sect233k1" {
                value 6;
                description "TBD";
              }
              enum "sect233r1" {
                value 7;
                description "TBD";
              }
              enum "secp256r1" {
                value 8;
                description "TBD";
              }
              enum "sect283k1" {
                value 9;
                description "TBD";
              }
              enum "sect283r1" {
                value 10;
                description "TBD";
              }
              enum "secp384r1" {
                value 11;
                description "TBD";
              }
              enum "sect409k1" {
                value 12;
                description "TBD";
              }
              enum "sect409r1" {
                value 13;
                description "TBD";
              }
              enum "secp521r1" {
                value 14;
                description "TBD";
              }
              enum "sect571k1" {
                value 15;
                description "TBD";
              }
              enum "sect571r1" {
                value 16;
                description "TBD";
              }
            }
            config false;
            description
              "The algorithm used by the private key.";
          }

          leaf key-length {
            type uint32;
            config false;
            description
              "The key-length used by the private key.";
          }

          leaf public-key {
            type string;
            config false;
            description
              "The public-key matching the private key.";
          }

          container certificates {
            description
              "A list of certificates for this public key.";
            list certificate {
              key "name";
              description
                "A certificate for this public key.";
              leaf name {
                type string;
                description
                  "An arbitrary name for the certificate.";
              }

              leaf chain {
                type binary;
                description
                  "The certificate itself, as well as an ordered
                 sequence of intermediate certificates leading
                 to a trust anchor, as specified by RFC 5246,
                 Section 7.4.2.";
                reference
                  "RFC 5246: The Transport Layer Security (TLS)
                  	  Protocol Version 1.2";

              }
            }  // list certificate
          }  // container certificates

          action generate-certificate-signing-request {
            description
              "Generates a certificate signing request structure for
             the associated private key using the passed subject
             and attribute values.";
            input {
              leaf subject {
                type binary;
                mandatory true;
                description
                  "The distinguished name of the certificate subject
                 (the entity whose public key is to be certified).
                 This field is encoded the same as the 'subject'
                 field in the CertificationRequestInfo type defined
                 in RFC 2986, Section 4.1.";
                reference
                  "RFC 2986: PKCS #10: Certification Request Syntax
                  	  Specification Version 1.7";

              }

              leaf attributes {
                type binary;
                description
                  "A collection of attributes providing additional
                 information about the subject of the certificate.
                 This field is encoded the same as the 'attributes'
                 field  in the CertificationRequestInfo type defined
                 in RFC 2986, Section 4.1.";
                reference
                  "RFC 2986: PKCS #10: Certification Request Syntax
                  	  Specification Version 1.7";

              }
            }

            output {
              leaf certificate-signing-request {
                type binary;
                mandatory true;
                description
                  "The certificate signing request to be signed by
                 a certificate authority.  This field is encoded
                 as the CertificationRequest type defined in
                 RFC 2986, Section 4.2.";
                reference
                  "RFC 2986: PKCS #10: Certification Request Syntax
                  	  Specification Version 1.7";

              }
            }
          }  // rpc generate-certificate-signing-request
        }  // list private-key

        action generate-private-key {
          description
            "Generates a private key using the specified algorithm and
           key length.";
          input {
            leaf name {
              type string;
              mandatory true;
              description
                "The name this private-key should have when listed
               in /keychain/private-keys.  As such, the passed
               value must not match any existing 'name' value.";
            }

            leaf algorithm {
              type enumeration {
                enum "rsa" {
                  value 0;
                  description "TBD";
                }
                enum "dsa" {
                  value 1;
                  description "TBD";
                }
                enum "secp192r1" {
                  value 2;
                  description "TBD";
                }
                enum "sect163k1" {
                  value 3;
                  description "TBD";
                }
                enum "sect163r2" {
                  value 4;
                  description "TBD";
                }
                enum "secp224r1" {
                  value 5;
                  description "TBD";
                }
                enum "sect233k1" {
                  value 6;
                  description "TBD";
                }
                enum "sect233r1" {
                  value 7;
                  description "TBD";
                }
                enum "secp256r1" {
                  value 8;
                  description "TBD";
                }
                enum "sect283k1" {
                  value 9;
                  description "TBD";
                }
                enum "sect283r1" {
                  value 10;
                  description "TBD";
                }
                enum "secp384r1" {
                  value 11;
                  description "TBD";
                }
                enum "sect409k1" {
                  value 12;
                  description "TBD";
                }
                enum "sect409r1" {
                  value 13;
                  description "TBD";
                }
                enum "secp521r1" {
                  value 14;
                  description "TBD";
                }
                enum "sect571k1" {
                  value 15;
                  description "TBD";
                }
                enum "sect571r1" {
                  value 16;
                  description "TBD";
                }
              }
              mandatory true;
              description
                "The algorithm to be used.";
            }

            leaf key-length {
              type uint32;
              description
                "For algorithms that need a key length specified
               when generating the key.";
            }
          }
        }  // rpc generate-private-key
      }  // container private-keys

      list trusted-certificates {
        key "name";
        description
          "A list of lists of trusted certificates.";
        leaf name {
          type string;
          description
            "An arbitrary name for this list of trusted
           certificates.";
        }

        leaf description {
          type string;
          description
            "An arbitrary description for this list of trusted
           certificates.";
        }

        list trusted-certificate {
          key "name";
          description
            "A list of trusted certificates for a specific use.";
          leaf name {
            type string;
            description
              "An arbitrary name for this trusted certificate.";
          }

          leaf certificate {
            type binary;
            description
              "The binary certificate structure as specified by RFC
             5246, Section 7.4.6, i.e.,: opaque ASN.1Cert<1..2^24>;
            ";
            reference
              "RFC 5246: The Transport Layer Security (TLS)
              	  Protocol Version 1.2";

          }
        }  // list trusted-certificate
      }  // list trusted-certificates
    }  // container keychain
  }  // module ietf-keychain

Summary

  
  
Organization IETF NETCONF (Network Configuration) Working Group
  
Module ietf-keychain
Version 2015-10-09
File ietf-keychain.yang
  
Prefix kc
Namespace urn:ietf:params:xml:ns:yang:ietf-keychain
  
Cooked /cookedmodules/ietf-keychain/2015-10-09
YANG /src/ietf-keychain@2015-10-09.yang
XSD /xsd/ietf-keychain@2015-10-09.xsd
  
Abstract This module defines a keychain to centralize management of security credentials. Copyright (c) 2014 IETF Trust and the persons ...
  
Contact
WG Web:   <http://tools.ietf.org/wg/netconf/>
WG List:  <mailto:netconf@ietf.org>

WG Chair: Mehmet Ersue
	  <mailto:mehmet.ersue@nsn.com>

WG Chair: Mahesh Jethanandani
	  <mailto:mjethanandani@gmail.com>

Editor:   Kent Watsen
	  <mailto:kwatsen@juniper.net>

Description

 
This module defines a keychain to centralize management of
security credentials.

Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC VVVV; see
the RFC itself for full legal notices.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
keychain container A list of private-keys and their associated certificates, as well as lists of trusted certificates for client certificate authentication. RPCs are provided to generate a new private key and to generate a certificate signing requests.
   private-keys container A list of private key maintained by the keychain.
      private-key list A private key.
         algorithm leaf The algorithm used by the private key.
         certificates container A list of certificates for this public key.
            certificate list A certificate for this public key.
               chain leaf The certificate itself, as well as an ordered sequence of intermediate certificates leading to a trust anchor, as specified by RFC 5246, Section 7.4.2.
               name leaf An arbitrary name for the certificate.
         key-length leaf The key-length used by the private key.
         name leaf An arbitrary name for the private key.
         public-key leaf The public-key matching the private key.
   trusted-certificates list A list of lists of trusted certificates.
      description leaf An arbitrary description for this list of trusted certificates.
      name leaf An arbitrary name for this list of trusted certificates.
      trusted-certificate list A list of trusted certificates for a specific use.
         certificate leaf The binary certificate structure as specified by RFC 5246, Section 7.4.6, i.e.,: opaque ASN.1Cert<1..2^24>;
         name leaf An arbitrary name for this trusted certificate.