module ietf-keychain { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-keychain"; prefix "kc"; organization "IETF NETCONF (Network Configuration) Working Group"; contact "WG Web: WG List: WG Chair: Mehmet Ersue WG Chair: Mahesh Jethanandani Editor: Kent Watsen "; description "This module defines a keychain to centralize management of security credentials. Copyright (c) 2014 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC VVVV; see the RFC itself for full legal notices."; revision "2015-10-09" { description "Initial version"; reference "RFC VVVV: NETCONF Server and RESTCONF Server Configuration Models"; } container keychain { description "A list of private-keys and their associated certificates, as well as lists of trusted certificates for client certificate authentication. RPCs are provided to generate a new private key and to generate a certificate signing requests."; container private-keys { description "A list of private key maintained by the keychain."; list private-key { key name; description "A private key."; leaf name { type string; description "An arbitrary name for the private key."; } leaf algorithm { type enumeration { enum rsa { description "TBD"; } enum dsa { description "TBD"; } enum secp192r1 { description "TBD"; } enum sect163k1 { description "TBD"; } enum sect163r2 { description "TBD"; } enum secp224r1 { description "TBD"; } enum sect233k1 { description "TBD"; } enum sect233r1 { description "TBD"; } enum secp256r1 { description "TBD"; } enum sect283k1 { description "TBD"; } enum sect283r1 { description "TBD"; } enum secp384r1 { description "TBD"; } enum sect409k1 { description "TBD"; } enum sect409r1 { description "TBD"; } enum secp521r1 { description "TBD"; } enum sect571k1 { description "TBD"; } enum sect571r1 { description "TBD"; } } config false; description "The algorithm used by the private key."; } leaf key-length { type uint32; config false; description "The key-length used by the private key."; } leaf public-key { type string; config false; description "The public-key matching the private key."; } container certificates { list certificate { key name; description "A certificate for this public key."; leaf name { type string; description "An arbitrary name for the certificate."; } leaf chain { type binary; description "The certificate itself, as well as an ordered sequence of intermediate certificates leading to a trust anchor, as specified by RFC 5246, Section 7.4.2."; reference "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2"; } } description "A list of certificates for this public key."; } action generate-certificate-signing-request { description "Generates a certificate signing request structure for the associated private key using the passed subject and attribute values."; input { leaf subject { type binary; mandatory true; description "The distinguished name of the certificate subject (the entity whose public key is to be certified). This field is encoded the same as the 'subject' field in the CertificationRequestInfo type defined in RFC 2986, Section 4.1."; reference "RFC 2986: PKCS #10: Certification Request Syntax Specification Version 1.7"; } leaf attributes { type binary; description "A collection of attributes providing additional information about the subject of the certificate. This field is encoded the same as the 'attributes' field in the CertificationRequestInfo type defined in RFC 2986, Section 4.1."; reference "RFC 2986: PKCS #10: Certification Request Syntax Specification Version 1.7"; } } output { leaf certificate-signing-request { type binary; mandatory true; description "The certificate signing request to be signed by a certificate authority. This field is encoded as the CertificationRequest type defined in RFC 2986, Section 4.2."; reference "RFC 2986: PKCS #10: Certification Request Syntax Specification Version 1.7"; } } } } action generate-private-key { description "Generates a private key using the specified algorithm and key length."; input { leaf name { type string; mandatory true; description "The name this private-key should have when listed in /keychain/private-keys. As such, the passed value must not match any existing 'name' value."; } leaf algorithm { type enumeration { enum rsa { description "TBD"; } enum dsa { description "TBD"; } enum secp192r1 { description "TBD"; } enum sect163k1 { description "TBD"; } enum sect163r2 { description "TBD"; } enum secp224r1 { description "TBD"; } enum sect233k1 { description "TBD"; } enum sect233r1 { description "TBD"; } enum secp256r1 { description "TBD"; } enum sect283k1 { description "TBD"; } enum sect283r1 { description "TBD"; } enum secp384r1 { description "TBD"; } enum sect409k1 { description "TBD"; } enum sect409r1 { description "TBD"; } enum secp521r1 { description "TBD"; } enum sect571k1 { description "TBD"; } enum sect571r1 { description "TBD"; } } mandatory true; description "The algorithm to be used."; } leaf key-length { type uint32; description "For algorithms that need a key length specified when generating the key."; } } } } list trusted-certificates { key name; description "A list of lists of trusted certificates."; leaf name { type string; description "An arbitrary name for this list of trusted certificates."; } leaf description { type string; description "An arbitrary description for this list of trusted certificates."; } list trusted-certificate { key name; description "A list of trusted certificates for a specific use."; leaf name { type string; description "An arbitrary name for this trusted certificate."; } leaf certificate { type binary; description "The binary certificate structure as specified by RFC 5246, Section 7.4.6, i.e.,: opaque ASN.1Cert<1..2^24>; "; reference "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2"; } } } } }