xref: /openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/Certs/CSR/Create.interface.yaml (revision 387a6191f225335caa052522b4774cdb70853189)
1description: >
2    Implement to create Certificate Signing Request(CSR).
3
4methods:
5    - name: GenerateCSR
6      description: >
7          This command is used to initiate a certificate signing request. This
8          command only returns the D-Bus path name for the new CSR object. User
9          need to listen on InterfacesAdded signal emitted by
10          /xyz/openbmc_project/Certs to retrieve the CSR string after successful
11          CSR creation.
12
13          Note: Following Parameters are mandatory or optional based on the
14                Redfish documentation.
15
16                Caller is responsible for the input parameter validation.
17
18                If the caller does not wish a field to be included in the
19                CSR Request, initialize the Parameter with blank for strings
20                and zero for integers.
21
22      parameters:
23          - name: AlternativeNames
24            type: array[string]
25            description: >
26                Additional hostnames of the component that is being secured.
27          - name: ChallengePassword
28            type: string
29            description: >
30                The challenge password to be applied to the certificate for
31                revocation requests.
32          - name: City
33            type: string
34            description: >
35                The city or locality of the organization making the request. For
36                Example Austin This is a required parameter.
37          - name: CommonName
38            type: string
39            description: >
40                The fully qualified domain name of the component that is being
41                secured. This is a required parameter.
42          - name: ContactPerson
43            type: string
44            description: >
45                The name of the user making the request.
46          - name: Country
47            type: string
48            description: >
49                The country of the organization making the request. This is a
50                required parameter.
51          - name: Email
52            type: string
53            description: >
54                The email address of the contact within the organization making
55                the request.
56          - name: GivenName
57            type: string
58            description: >
59                The given name of the user making the request.
60          - name: Initials
61            type: string
62            description: >
63                The initials of the user making the request.
64          - name: KeyBitLength
65            type: int64
66            description: >
67                The length of the key in bits, if needed based on the value of
68                the KeyPairAlgorithm parameter.
69
70                Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html
71          - name: KeyCurveId
72            type: string
73            description: >
74                The curve ID to be used with the key, if needed based on the
75                value of the KeyPairAlgorithm parameter.
76
77                Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html
78          - name: KeyPairAlgorithm
79            type: string
80            description: >
81                The type of key pair for use with signing algorithms.
82
83                Valid built-in algorithm names for private key generation are
84                RSA and EC.
85          - name: KeyUsage
86            type: array[string]
87            description: >
88                Key usage extensions define the purpose of the public key
89                contained in a certificate.
90
91                Valid Key usage extensions and its usage description.
92
93                ClientAuthentication: The public key is used for TLS WWW client
94                                      authentication.
95                CodeSigning: The public key is used for the signing of
96                executable code. CRLSigning: The public key is used for
97                verifying signatures on
98                            certificate revocation lists (CLRs).
99                DataEncipherment: The public key is used for directly
100                enciphering
101                                  raw user data without the use of an
102                intermediate
103                                  symmetric cipher.
104                DecipherOnly: The public key could be used for deciphering data
105                              while performing key agreement.
106                DigitalSignature: The public key is used for verifying digital
107                                  signatures, other than signatures on
108                certificates
109                                  and CRLs.
110                EmailProtection: The public key is used for email protection.
111                EncipherOnly: The public key could be used for enciphering data
112                              while performing key agreement.
113                KeyCertSign: The public key is used for verifying signatures on
114                             public key certificates.
115                KeyEncipherment: The public key is used for enciphering private
116                or
117                                 secret keys.
118                NonRepudiation: The public key is used to verify digital
119                signatures,
120                                other than signatures on certificates and CRLs,
121                                and used to provide a non- repudiation service
122                that
123                                protects against the signing entity falsely
124                denying
125                                some action.
126                OCSPSigning: The public key is used for signing OCSP responses.
127                ServerAuthentication: The public key is used for TLS WWW server
128                                      authentication.
129                Timestamping: The public key is used for binding the hash of an
130                              object to a time.
131          - name: Organization
132            type: string
133            description: >
134                The legal name of the organization. This should not be
135                abbreviated and should include suffixes such as Inc, Corp, or
136                LLC. For example, IBM Corp. This is a required parameter.
137          - name: OrganizationalUnit
138            type: string
139            description: >
140                The name of the unit or division of the organization making the
141                request. This is a required parameter.
142          - name: State
143            type: string
144            description: >
145                The state or province where the organization is located. This
146                should not be abbreviated. For example, Texas. This is a
147                required parameter.
148          - name: Surname
149            type: string
150            description: >
151                The surname of the user making the request.
152          - name: UnstructuredName
153            type: string
154            description: >
155                The unstructured name of the subject.
156      returns:
157          - name: path
158            type: string
159            description: >
160                The object path of the D-Bus object to be watch for retrieving
161                the CSR string.
162      errors:
163          - xyz.openbmc_project.Common.Error.InternalFailure
164