netconfcentral logo

ietf-keychain@2015-10-09



  module ietf-keychain {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-keychain";

    prefix kc;

    organization
      "IETF NETCONF (Network Configuration) Working Group";

    contact
      "WG Web:   <http://tools.ietf.org/wg/netconf/>
    WG List:  <mailto:netconf@ietf.org>

    WG Chair: Mehmet Ersue
              <mailto:mehmet.ersue@nsn.com>

    WG Chair: Mahesh Jethanandani
              <mailto:mjethanandani@gmail.com>

    Editor:   Kent Watsen
              <mailto:kwatsen@juniper.net>";

    description
      "This module defines a keychain to centralize management of
    security credentials.

    Copyright (c) 2014 IETF Trust and the persons identified as
    authors of the code. All rights reserved.

    Redistribution and use in source and binary forms, with or
    without modification, is permitted pursuant to, and subject
    to the license terms contained in, the Simplified BSD
    License set forth in Section 4.c of the IETF Trust's
    Legal Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info).

    This version of this YANG module is part of RFC VVVV; see
    the RFC itself for full legal notices.";

    revision "2015-10-09" {
      description "Initial version";
      reference
        "RFC VVVV: NETCONF Server and RESTCONF Server Configuration
        	  Models";

    }


    container keychain {
      description
        "A list of private-keys and their associated certificates, as
       well as lists of trusted certificates for client certificate
       authentication.  RPCs are provided to generate a new private
       key and to generate a certificate signing requests.";
      container private-keys {
        description
          "A list of private key maintained by the keychain.";
        list private-key {
          key "name";
          description "A private key.";
          leaf name {
            type string;
            description
              "An arbitrary name for the private key.";
          }

          leaf algorithm {
            type enumeration {
              enum "rsa" {
                value 0;
                description "TBD";
              }
              enum "dsa" {
                value 1;
                description "TBD";
              }
              enum "secp192r1" {
                value 2;
                description "TBD";
              }
              enum "sect163k1" {
                value 3;
                description "TBD";
              }
              enum "sect163r2" {
                value 4;
                description "TBD";
              }
              enum "secp224r1" {
                value 5;
                description "TBD";
              }
              enum "sect233k1" {
                value 6;
                description "TBD";
              }
              enum "sect233r1" {
                value 7;
                description "TBD";
              }
              enum "secp256r1" {
                value 8;
                description "TBD";
              }
              enum "sect283k1" {
                value 9;
                description "TBD";
              }
              enum "sect283r1" {
                value 10;
                description "TBD";
              }
              enum "secp384r1" {
                value 11;
                description "TBD";
              }
              enum "sect409k1" {
                value 12;
                description "TBD";
              }
              enum "sect409r1" {
                value 13;
                description "TBD";
              }
              enum "secp521r1" {
                value 14;
                description "TBD";
              }
              enum "sect571k1" {
                value 15;
                description "TBD";
              }
              enum "sect571r1" {
                value 16;
                description "TBD";
              }
            }
            config false;
            description
              "The algorithm used by the private key.";
          }

          leaf key-length {
            type uint32;
            config false;
            description
              "The key-length used by the private key.";
          }

          leaf public-key {
            type string;
            config false;
            description
              "The public-key matching the private key.";
          }

          container certificates {
            description
              "A list of certificates for this public key.";
            list certificate {
              key "name";
              description
                "A certificate for this public key.";
              leaf name {
                type string;
                description
                  "An arbitrary name for the certificate.";
              }

              leaf chain {
                type binary;
                description
                  "The certificate itself, as well as an ordered
                 sequence of intermediate certificates leading
                 to a trust anchor, as specified by RFC 5246,
                 Section 7.4.2.";
                reference
                  "RFC 5246: The Transport Layer Security (TLS)
                  	  Protocol Version 1.2";

              }
            }  // list certificate
          }  // container certificates

          action generate-certificate-signing-request {
            description
              "Generates a certificate signing request structure for
             the associated private key using the passed subject
             and attribute values.";
            input {
              leaf subject {
                type binary;
                mandatory true;
                description
                  "The distinguished name of the certificate subject
                 (the entity whose public key is to be certified).
                 This field is encoded the same as the 'subject'
                 field in the CertificationRequestInfo type defined
                 in RFC 2986, Section 4.1.";
                reference
                  "RFC 2986: PKCS #10: Certification Request Syntax
                  	  Specification Version 1.7";

              }

              leaf attributes {
                type binary;
                description
                  "A collection of attributes providing additional
                 information about the subject of the certificate.
                 This field is encoded the same as the 'attributes'
                 field  in the CertificationRequestInfo type defined
                 in RFC 2986, Section 4.1.";
                reference
                  "RFC 2986: PKCS #10: Certification Request Syntax
                  	  Specification Version 1.7";

              }
            }

            output {
              leaf certificate-signing-request {
                type binary;
                mandatory true;
                description
                  "The certificate signing request to be signed by
                 a certificate authority.  This field is encoded
                 as the CertificationRequest type defined in
                 RFC 2986, Section 4.2.";
                reference
                  "RFC 2986: PKCS #10: Certification Request Syntax
                  	  Specification Version 1.7";

              }
            }
          }  // rpc generate-certificate-signing-request
        }  // list private-key

        action generate-private-key {
          description
            "Generates a private key using the specified algorithm and
           key length.";
          input {
            leaf name {
              type string;
              mandatory true;
              description
                "The name this private-key should have when listed
               in /keychain/private-keys.  As such, the passed
               value must not match any existing 'name' value.";
            }

            leaf algorithm {
              type enumeration {
                enum "rsa" {
                  value 0;
                  description "TBD";
                }
                enum "dsa" {
                  value 1;
                  description "TBD";
                }
                enum "secp192r1" {
                  value 2;
                  description "TBD";
                }
                enum "sect163k1" {
                  value 3;
                  description "TBD";
                }
                enum "sect163r2" {
                  value 4;
                  description "TBD";
                }
                enum "secp224r1" {
                  value 5;
                  description "TBD";
                }
                enum "sect233k1" {
                  value 6;
                  description "TBD";
                }
                enum "sect233r1" {
                  value 7;
                  description "TBD";
                }
                enum "secp256r1" {
                  value 8;
                  description "TBD";
                }
                enum "sect283k1" {
                  value 9;
                  description "TBD";
                }
                enum "sect283r1" {
                  value 10;
                  description "TBD";
                }
                enum "secp384r1" {
                  value 11;
                  description "TBD";
                }
                enum "sect409k1" {
                  value 12;
                  description "TBD";
                }
                enum "sect409r1" {
                  value 13;
                  description "TBD";
                }
                enum "secp521r1" {
                  value 14;
                  description "TBD";
                }
                enum "sect571k1" {
                  value 15;
                  description "TBD";
                }
                enum "sect571r1" {
                  value 16;
                  description "TBD";
                }
              }
              mandatory true;
              description
                "The algorithm to be used.";
            }

            leaf key-length {
              type uint32;
              description
                "For algorithms that need a key length specified
               when generating the key.";
            }
          }
        }  // rpc generate-private-key
      }  // container private-keys

      list trusted-certificates {
        key "name";
        description
          "A list of lists of trusted certificates.";
        leaf name {
          type string;
          description
            "An arbitrary name for this list of trusted
           certificates.";
        }

        leaf description {
          type string;
          description
            "An arbitrary description for this list of trusted
           certificates.";
        }

        list trusted-certificate {
          key "name";
          description
            "A list of trusted certificates for a specific use.";
          leaf name {
            type string;
            description
              "An arbitrary name for this trusted certificate.";
          }

          leaf certificate {
            type binary;
            description
              "The binary certificate structure as specified by RFC
             5246, Section 7.4.6, i.e.,: opaque ASN.1Cert<1..2^24>;
            ";
            reference
              "RFC 5246: The Transport Layer Security (TLS)
              	  Protocol Version 1.2";

          }
        }  // list trusted-certificate
      }  // list trusted-certificates
    }  // container keychain
  }  // module ietf-keychain