Cisco-IOS-XE-crypto-pki-oper

This module contains a collection of yang definitions for PKI operational data. Copyright (c) 2018-2020 by Cisco Systems, Inc. A...

  • Version: 2021-03-01

    Cisco-IOS-XE-crypto-pki-oper@2021-03-01


    
      module Cisco-IOS-XE-crypto-pki-oper {
    
        yang-version 1;
    
        namespace
          "http://cisco.com/ns/yang/Cisco-IOS-XE-crypto-pki-oper";
    
        prefix crypto-pki-ios-xe-oper;
    
        import ietf-yang-types {
          prefix yang;
        }
        import cisco-semver {
          prefix cisco-semver;
        }
    
        organization "Cisco Systems, Inc.";
    
        contact
          "Cisco Systems, Inc.
         Customer Service
    
         Postal: 170 W Tasman Drive
         San Jose, CA 95134
    
         Tel: +1 1800 553-NETS
    
         E-mail: cs-yang@cisco.com";
    
        description
          "This module contains a collection of yang definitions
         for PKI operational data.
         Copyright (c) 2018-2020 by Cisco Systems, Inc.
         All rights reserved.";
    
        revision "2021-03-01" {
          description
            "Updated certificate related fields and counters";
          reference
            "1.3.0";
    
        }
    
        revision "2019-11-01" {
          description
            "Updated trustpoint status flags";
          reference
            "1.2.0";
    
        }
    
        revision "2019-05-01" {
          description "Added semantic version";
          reference
            "1.1.0";
    
        }
    
        revision "2018-12-03" {
          description "Initial revision";
          reference
            "1.0.0";
    
        }
    
        cisco-semver:module-version "1.3.0";
        cisco-semver:module-version "1.2.0";
        cisco-semver:module-version "1.1.0";
        cisco-semver:module-version "1.0.0";
    
        typedef crypto-pki-tp-mode {
          type enumeration {
            enum "crypto-pki-mode-none" {
              value 0;
              description "Normal Trustpoint";
            }
            enum "crypto-pki-mode-ra" {
              value 1;
              description
                "Registration Authority mode Trustpoint";
            }
            enum "crypto-pki-mode-subcs" {
              value 2;
              description
                "Subordinate Certificate Server mode Trustpoint";
            }
          }
          description
            "Trustpoint mode whether it is RA or SUBCS or neither.";
        }
    
        typedef crypto-pki-cert-avail {
          type enumeration {
            enum "crypto-pki-cert-not-available" {
              value 0;
              description
                "Certificate Not Available";
            }
            enum "crypto-pki-cert-available" {
              value 1;
              description
                "Certificate Available";
            }
          }
          description
            "Certificate availability.";
        }
    
        typedef crypto-pki-cert-usage {
          type enumeration {
            enum "crypto-pki-cert-usage-unset" {
              value 0;
              description
                "Certificate usage not set.";
            }
            enum
              "crypto-pki-cert-usage-signature" {
              value 1;
              description
                "Certificate usage is for signature";
            }
            enum
              "crypto-pki-cert-usage-encryption" {
              value 2;
              description
                "Certificate usage is for encryption";
            }
            enum
              "crypto-pki-cert-usage-usage-keys" {
              value 3;
              description
                "Certificate type usage keys";
            }
            enum
              "crypto-pki-cert-general-purpose" {
              value 4;
              description
                "Certificate usage is general purpose";
            }
          }
          description
            "Trustpoint certificate usage";
        }
    
        typedef crypto-pki-cert-key-type {
          type enumeration {
            enum "crypto-pki-cert-key-none" {
              value 0;
              description "Key type not set";
            }
            enum "crypto-pki-cert-key-rsa" {
              value 1;
              description "Key type is RSA";
            }
            enum "crypto-pki-cert-key-ec" {
              value 2;
              description
                "Key type is elliptic curve";
            }
          }
          description
            "Trustpoint certificate key type";
        }
    
        typedef crypto-pki-key-export {
          type enumeration {
            enum "crypto-pki-key-not-exportable" {
              value 0;
              description
                "Keys are not exportable";
            }
            enum "crypto-pki-key-exportable" {
              value 1;
              description "Keys are exportable";
            }
          }
          description
            "Trustpoint key exportable field";
        }
    
        container crypto-pki-oper-data {
          config false;
          description
            "Crypto PKI operational data";
          list crypto-pki-bundle {
            key "label";
            description "PKI data list";
            leaf label {
              type string;
              description
                "Trustpoint label or name";
            }
    
            leaf mode {
              type crypto-pki-tp-mode;
              description "Trustpoint mode";
            }
    
            leaf tp-authenticated {
              type boolean;
              description
                "Set to true if trustpoint is authenticated, false otherwise";
            }
    
            leaf tp-keys-generated {
              type boolean;
              description
                "Set to true if keys are generated, false otherwise";
            }
    
            leaf tp-enrolled {
              type boolean;
              description
                "Set to true if trustpoint is enrolled, false otherwise";
            }
    
            leaf tp-scep-enrollment-in-progress {
              type boolean;
              description
                "Set to true if SCEP enrollment is in progress, false otherwise";
            }
    
            leaf key-export {
              type crypto-pki-key-export;
              description
                "Set to true if trust point key is exportable";
            }
    
            list cert {
              description
                "List of Certificates associated with this trustpoint";
              leaf cert-avail {
                type crypto-pki-cert-avail;
                description
                  "Availability of certificate";
              }
    
              leaf cert-usage {
                type crypto-pki-cert-usage;
                description
                  "Usage of certificate";
              }
    
              leaf cert-key-type {
                type crypto-pki-cert-key-type;
                description
                  "Key type of certificate";
              }
    
              leaf serial-number {
                type string;
                description
                  "Serial number of certificate";
              }
    
              leaf subject-name {
                type string;
                description
                  "Subject name of certificate";
              }
    
              leaf issuer-name {
                type string;
                description
                  "Issuer name of certificate";
              }
    
              leaf storage {
                type string;
                description
                  "Filename where the certificate content is stored on the device";
              }
    
              leaf md5-fp {
                type string;
                description
                  "MD5 fingerprint of certificate";
              }
    
              leaf validity-start {
                type yang:date-and-time;
                description
                  "The certificate validity start time";
              }
    
              leaf validity-end {
                type yang:date-and-time;
                description
                  "Expiry time of certificate";
              }
    
              list asc-tp {
                description
                  "Associated trust points of certificate";
                leaf tp-name {
                  type string;
                  description "Trustpoint name";
                }
              }  // list asc-tp
            }  // list cert
          }  // list crypto-pki-bundle
    
          container crypto-pki-counters {
            presence "crypto-pki-counters";
            description "PKI counters";
            leaf ses-started {
              type uint64;
              description
                "Number of PKI sessions started";
            }
    
            leaf ses-ended {
              type uint64;
              description
                "Number of PKI sessions ended";
            }
    
            leaf ses-active {
              type uint64;
              description
                "Number of PKI sessions active";
            }
    
            leaf success-val {
              type uint64;
              description
                "Number of successful PKI validations";
            }
    
            leaf fail-val {
              type uint64;
              description
                "Number of failed PKI validations";
            }
    
            leaf bypassed-val {
              type uint64;
              description
                "Number of bypassed PKI validations";
            }
    
            leaf pend-val {
              type uint64;
              description
                "Number of pending PKI validations";
            }
    
            leaf crl-checked {
              type uint64;
              description
                "Number of PKI crl checked";
            }
    
            leaf crl-fetch-attempts {
              type uint64;
              description
                "Number of PKI crl fetch attempts";
            }
    
            leaf crl-fail-attempts {
              type uint64;
              description
                "Number of PKI crl failed attempts";
            }
    
            leaf crl-busy-fetching {
              type uint64;
              description
                "Number of PKI crl rejected as device was fetching another crl";
            }
    
            leaf aaa-auth {
              type uint64;
              description
                "Number of PKI AAA authorizations";
            }
          }  // container crypto-pki-counters
        }  // container crypto-pki-oper-data
      }  // module Cisco-IOS-XE-crypto-pki-oper
    

© 2023 YumaWorks, Inc. All rights reserved.