This module defines a keychain to centralize management of security credentials. Copyright (c) 2014 IETF Trust and the persons ...
Version: 2015-10-09
module ietf-keychain { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-keychain"; prefix kc; organization "IETF NETCONF (Network Configuration) Working Group"; contact "WG Web: <http://tools.ietf.org/wg/netconf/> WG List: <mailto:netconf@ietf.org> WG Chair: Mehmet Ersue <mailto:mehmet.ersue@nsn.com> WG Chair: Mahesh Jethanandani <mailto:mjethanandani@gmail.com> Editor: Kent Watsen <mailto:kwatsen@juniper.net>"; description "This module defines a keychain to centralize management of security credentials. Copyright (c) 2014 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC VVVV; see the RFC itself for full legal notices."; revision "2015-10-09" { description "Initial version"; reference "RFC VVVV: NETCONF Server and RESTCONF Server Configuration Models"; } container keychain { description "A list of private-keys and their associated certificates, as well as lists of trusted certificates for client certificate authentication. RPCs are provided to generate a new private key and to generate a certificate signing requests."; container private-keys { description "A list of private key maintained by the keychain."; list private-key { key "name"; description "A private key."; leaf name { type string; description "An arbitrary name for the private key."; } leaf algorithm { type enumeration { enum "rsa" { value 0; description "TBD"; } enum "dsa" { value 1; description "TBD"; } enum "secp192r1" { value 2; description "TBD"; } enum "sect163k1" { value 3; description "TBD"; } enum "sect163r2" { value 4; description "TBD"; } enum "secp224r1" { value 5; description "TBD"; } enum "sect233k1" { value 6; description "TBD"; } enum "sect233r1" { value 7; description "TBD"; } enum "secp256r1" { value 8; description "TBD"; } enum "sect283k1" { value 9; description "TBD"; } enum "sect283r1" { value 10; description "TBD"; } enum "secp384r1" { value 11; description "TBD"; } enum "sect409k1" { value 12; description "TBD"; } enum "sect409r1" { value 13; description "TBD"; } enum "secp521r1" { value 14; description "TBD"; } enum "sect571k1" { value 15; description "TBD"; } enum "sect571r1" { value 16; description "TBD"; } } config false; description "The algorithm used by the private key."; } leaf key-length { type uint32; config false; description "The key-length used by the private key."; } leaf public-key { type string; config false; description "The public-key matching the private key."; } container certificates { description "A list of certificates for this public key."; list certificate { key "name"; description "A certificate for this public key."; leaf name { type string; description "An arbitrary name for the certificate."; } leaf chain { type binary; description "The certificate itself, as well as an ordered sequence of intermediate certificates leading to a trust anchor, as specified by RFC 5246, Section 7.4.2."; reference "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2"; } } // list certificate } // container certificates action generate-certificate-signing-request { description "Generates a certificate signing request structure for the associated private key using the passed subject and attribute values."; input { leaf subject { type binary; mandatory true; description "The distinguished name of the certificate subject (the entity whose public key is to be certified). This field is encoded the same as the 'subject' field in the CertificationRequestInfo type defined in RFC 2986, Section 4.1."; reference "RFC 2986: PKCS #10: Certification Request Syntax Specification Version 1.7"; } leaf attributes { type binary; description "A collection of attributes providing additional information about the subject of the certificate. This field is encoded the same as the 'attributes' field in the CertificationRequestInfo type defined in RFC 2986, Section 4.1."; reference "RFC 2986: PKCS #10: Certification Request Syntax Specification Version 1.7"; } } output { leaf certificate-signing-request { type binary; mandatory true; description "The certificate signing request to be signed by a certificate authority. This field is encoded as the CertificationRequest type defined in RFC 2986, Section 4.2."; reference "RFC 2986: PKCS #10: Certification Request Syntax Specification Version 1.7"; } } } // rpc generate-certificate-signing-request } // list private-key action generate-private-key { description "Generates a private key using the specified algorithm and key length."; input { leaf name { type string; mandatory true; description "The name this private-key should have when listed in /keychain/private-keys. As such, the passed value must not match any existing 'name' value."; } leaf algorithm { type enumeration { enum "rsa" { value 0; description "TBD"; } enum "dsa" { value 1; description "TBD"; } enum "secp192r1" { value 2; description "TBD"; } enum "sect163k1" { value 3; description "TBD"; } enum "sect163r2" { value 4; description "TBD"; } enum "secp224r1" { value 5; description "TBD"; } enum "sect233k1" { value 6; description "TBD"; } enum "sect233r1" { value 7; description "TBD"; } enum "secp256r1" { value 8; description "TBD"; } enum "sect283k1" { value 9; description "TBD"; } enum "sect283r1" { value 10; description "TBD"; } enum "secp384r1" { value 11; description "TBD"; } enum "sect409k1" { value 12; description "TBD"; } enum "sect409r1" { value 13; description "TBD"; } enum "secp521r1" { value 14; description "TBD"; } enum "sect571k1" { value 15; description "TBD"; } enum "sect571r1" { value 16; description "TBD"; } } mandatory true; description "The algorithm to be used."; } leaf key-length { type uint32; description "For algorithms that need a key length specified when generating the key."; } } } // rpc generate-private-key } // container private-keys list trusted-certificates { key "name"; description "A list of lists of trusted certificates."; leaf name { type string; description "An arbitrary name for this list of trusted certificates."; } leaf description { type string; description "An arbitrary description for this list of trusted certificates."; } list trusted-certificate { key "name"; description "A list of trusted certificates for a specific use."; leaf name { type string; description "An arbitrary name for this trusted certificate."; } leaf certificate { type binary; description "The binary certificate structure as specified by RFC 5246, Section 7.4.6, i.e.,: opaque ASN.1Cert<1..2^24>; "; reference "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2"; } } // list trusted-certificate } // list trusted-certificates } // container keychain } // module ietf-keychain
© 2023 YumaWorks, Inc. All rights reserved.