diff options
Diffstat (limited to 'xyz/openbmc_project/Certs/Certificate.interface.yaml')
-rw-r--r-- | xyz/openbmc_project/Certs/Certificate.interface.yaml | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/xyz/openbmc_project/Certs/Certificate.interface.yaml b/xyz/openbmc_project/Certs/Certificate.interface.yaml new file mode 100644 index 0000000..5bddd3b --- /dev/null +++ b/xyz/openbmc_project/Certs/Certificate.interface.yaml @@ -0,0 +1,94 @@ +description: > + Implement to provide certificate management features. + + An OpenBMC implementation providing installed certificate management + functions. An implementation service should additionally implement + xyz.openbmc_project.Object.Delete to allow the deletion of individual + certificate objects. +properties: + - name: CertificateString + type: string + description: > + The string for the certificate. + + This is a X.509 public certificate in PEM format. + PEM wiki - https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail + + An X.509 certificate contains a public key, validity, and an + identity (a hostname, or an organization, or an individual), + and is either signed by a certificate authority or self-signed. + Refer https://en.wikipedia.org/wiki/X.509 for details. + - name: KeyUsage + type: array[string] + description: > + Key usage extensions define the purpose of the public key contained + in a certificate. + + Valid Key usage extensions and its usage description is based on + Redfish Resource and Schema Guide 2018.3 version. + https://www.dmtf.org/sites/default/files/standards/documents/DSP2046_2018.3.pdf + + ClientAuthentication: The public key is used for TLS WWW client + authentication. + CodeSigning: The public key is used for the signing of executable code. + CRLSigning: The public key is used for verifying signatures on + certificate revocation lists (CLRs). + DataEncipherment: The public key is used for directly enciphering + raw user data without the use of an intermediate + symmetric cipher. + DecipherOnly: The public key could be used for deciphering data + while performing key agreement. + DigitalSignature: The public key is used for verifying digital + signatures, other than signatures on certificates + and CRLs. + EmailProtection: The public key is used for email protection. + EncipherOnly: The public key could be used for enciphering data + while performing key agreement. + KeyCertSign: The public key is used for verifying signatures on + public key certificates. + KeyEncipherment: The public key is used for enciphering private or + secret keys. + NonRepudiation: The public key is used to verify digital signatures, + other than signatures on certificates and CRLs, + and used to provide a non- repudiation service that + protects against the signing entity falsely denying + some action. + OCSPSigning: The public key is used for signing OCSP responses. + ServerAuthentication: The public key is used for TLS WWW server + authentication. + Timestamping: The public key is used for binding the hash of an + object to a time. + + - name: Issuer + type: string + description: > + The issuer of the certificate. + + Refer X.509 certificate wiki for the "Issuer" Key and value details. + + Example: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA + Here C = country, O=organization, CN= common name. + + - name: Subject + type: string + description: > + The subject of the certificate + + Refer X.509 certificate wiki for the "Subject" Key and value details. + Refer https://en.wikipedia.org/wiki/X.509 + + Example: Subject: C=US, ST=New York, L=Armonk, + O=International Business Machines Corporation, + OU=research, CN=www.research.ibm.com + Here C=country, ST=state, L=locality, O=organization, CN= common name. + OU= organizational unit + + - name: ValidNotAfter + type: uint64 + description: > + The certificate expiry date and time, in epoch time, in milliseconds + - name: ValidNotBefore + type: uint64 + description: > + The certificate validity start date and time, + in epoch time, in milliseconds. |