1description: >
2    Implement to create Certificate Signing Request(CSR).
3
4methods:
5    - name: GenerateCSR
6      description: >
7          This command is used to initiate a certificate signing request.
8          This command only returns the D-Bus path name for the new CSR object.
9          User need to listen on InterfacesAdded signal emitted by
10          /xyz/openbmc_project/Certs to retrieve the CSR string after
11          successful CSR creation.
12
13          Note: Following Parameters are mandatory or optional based on the
14                Redfish documentation.
15
16                Caller is responsible for the input parameter validation.
17
18                If the caller does not wish a field to be included in the
19                CSR Request, initialize the Parameter with blank for strings
20                and zero for integers.
21
22      parameters:
23        - name: AlternativeNames
24          type: array[string]
25          description: >
26              Additional hostnames of the component that is being secured.
27        - name: ChallengePassword
28          type: string
29          description: >
30              The challenge password to be applied to the certificate for
31              revocation requests.
32        - name: City
33          type: string
34          description: >
35              The city or locality of the organization making the request.
36              For Example Austin
37              This is a required parameter.
38        - name: CommonName
39          type: string
40          description: >
41              The fully qualified domain name of the component that is being
42              secured.
43              This is a required parameter.
44        - name: ContactPerson
45          type: string
46          description: >
47              The name of the user making the request.
48        - name: Country
49          type: string
50          description: >
51              The country of the organization making the request.
52              This is a required parameter.
53        - name: Email
54          type: string
55          description: >
56              The email address of the contact within the organization
57              making the request.
58        - name: GivenName
59          type: string
60          description: >
61              The given name of the user making the request.
62        - name: Initials
63          type: string
64          description: >
65              The initials of the user making the request.
66        - name: KeyBitLength
67          type: int64
68          description: >
69              The length of the key in bits, if needed based on the value
70              of the KeyPairAlgorithm parameter.
71
72              Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html
73        - name: KeyCurveId
74          type: string
75          description: >
76              The curve ID to be used with the key, if needed based on the
77              value of the KeyPairAlgorithm parameter.
78
79              Refer https://www.openssl.org/docs/man1.0.2/man1/genpkey.html
80        - name: KeyPairAlgorithm
81          type: string
82          description: >
83             The type of key pair for use with signing algorithms.
84
85             Valid built-in algorithm names for private key generation are
86             RSA and EC.
87        - name: KeyUsage
88          type: array[string]
89          description: >
90             Key usage extensions define the purpose of the public key contained
91             in a certificate.
92
93             Valid Key usage extensions and its usage description.
94
95             ClientAuthentication: The public key is used for TLS WWW client
96                                   authentication.
97             CodeSigning: The public key is used for the signing of executable code.
98             CRLSigning: The public key is used for verifying signatures on
99                         certificate revocation lists (CLRs).
100             DataEncipherment: The public key is used for directly enciphering
101                               raw user data without the use of an intermediate
102                               symmetric cipher.
103             DecipherOnly: The public key could be used for deciphering data
104                           while performing key agreement.
105             DigitalSignature: The public key is used for verifying digital
106                               signatures, other than signatures on certificates
107                               and CRLs.
108             EmailProtection: The public key is used for email protection.
109             EncipherOnly: The public key could be used for enciphering data
110                           while performing key agreement.
111             KeyCertSign: The public key is used for verifying signatures on
112                          public key certificates.
113             KeyEncipherment: The public key is used for enciphering private or
114                              secret keys.
115             NonRepudiation: The public key is used to verify digital signatures,
116                             other than signatures on certificates and CRLs,
117                             and used to provide a non- repudiation service that
118                             protects against the signing entity falsely denying
119                             some action.
120             OCSPSigning: The public key is used for signing OCSP responses.
121             ServerAuthentication: The public key is used for TLS WWW server
122                                   authentication.
123             Timestamping: The public key is used for binding the hash of an
124                           object to a time.
125        - name: Organization
126          type: string
127          description: >
128              The legal name of the organization. This should not be abbreviated
129              and should include suffixes such as Inc, Corp, or LLC.
130              For example, IBM Corp.
131              This is a required parameter.
132        - name: OrganizationalUnit
133          type: string
134          description: >
135              The name of the unit or division of the organization making the
136              request.
137              This is a required parameter.
138        - name: State
139          type: string
140          description: >
141              The state or province where the organization is located.
142              This should not be abbreviated. For example, Texas.
143              This is a required parameter.
144        - name: Surname
145          type: string
146          description: >
147              The surname of the user making the request.
148        - name: UnstructuredName
149          type: string
150          description: >
151              The unstructured name of the subject.
152      returns:
153        - name: path
154          type: string
155          description: >
156              The object path of the D-Bus object to be watch for retrieving
157              the CSR string.
158      errors:
159        - xyz.openbmc_project.Common.Error.InternalFailure
160