1b1b4d261SWilliam A. Kennington IIIdescription: > 2b1b4d261SWilliam A. Kennington III Implement to provide certificate management features. 3b1b4d261SWilliam A. Kennington III 4b1b4d261SWilliam A. Kennington III An OpenBMC implementation providing installed certificate management 5b1b4d261SWilliam A. Kennington III functions. An implementation service should additionally implement 6b1b4d261SWilliam A. Kennington III xyz.openbmc_project.Object.Delete to allow the deletion of individual 7b1b4d261SWilliam A. Kennington III certificate objects. 8b1b4d261SWilliam A. Kennington IIIproperties: 9b1b4d261SWilliam A. Kennington III - name: CertificateString 10b1b4d261SWilliam A. Kennington III type: string 11b1b4d261SWilliam A. Kennington III description: > 12b1b4d261SWilliam A. Kennington III The string for the certificate. 13b1b4d261SWilliam A. Kennington III 14a1347418SPatrick Williams This is a X.509 public certificate in PEM format. PEM wiki - 15a1347418SPatrick Williams https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail 16b1b4d261SWilliam A. Kennington III 17a1347418SPatrick Williams An X.509 certificate contains a public key, validity, and an identity 18a1347418SPatrick Williams (a hostname, or an organization, or an individual), and is either 19a1347418SPatrick Williams signed by a certificate authority or self-signed. Refer 20a1347418SPatrick Williams https://en.wikipedia.org/wiki/X.509 for details. 21b1b4d261SWilliam A. Kennington III - name: KeyUsage 22b1b4d261SWilliam A. Kennington III type: array[string] 23b1b4d261SWilliam A. Kennington III description: > 24a1347418SPatrick Williams Key usage extensions define the purpose of the public key contained in 25a1347418SPatrick Williams a certificate. 26b1b4d261SWilliam A. Kennington III 27b1b4d261SWilliam A. Kennington III Valid Key usage extensions and its usage description is based on 28b1b4d261SWilliam A. Kennington III Redfish Resource and Schema Guide 2018.3 version. 29b1b4d261SWilliam A. Kennington III https://www.dmtf.org/sites/default/files/standards/documents/DSP2046_2018.3.pdf 30b1b4d261SWilliam A. Kennington III 31b1b4d261SWilliam A. Kennington III ClientAuthentication: The public key is used for TLS WWW client 32b1b4d261SWilliam A. Kennington III authentication. 33a1347418SPatrick Williams CodeSigning: The public key is used for the signing of executable 34a1347418SPatrick Williams code. CRLSigning: The public key is used for verifying signatures on 35b1b4d261SWilliam A. Kennington III certificate revocation lists (CLRs). 36b1b4d261SWilliam A. Kennington III DataEncipherment: The public key is used for directly enciphering 37b1b4d261SWilliam A. Kennington III raw user data without the use of an intermediate 38b1b4d261SWilliam A. Kennington III symmetric cipher. 39b1b4d261SWilliam A. Kennington III DecipherOnly: The public key could be used for deciphering data 40b1b4d261SWilliam A. Kennington III while performing key agreement. 41b1b4d261SWilliam A. Kennington III DigitalSignature: The public key is used for verifying digital 42b1b4d261SWilliam A. Kennington III signatures, other than signatures on certificates 43b1b4d261SWilliam A. Kennington III and CRLs. 44b1b4d261SWilliam A. Kennington III EmailProtection: The public key is used for email protection. 45b1b4d261SWilliam A. Kennington III EncipherOnly: The public key could be used for enciphering data 46b1b4d261SWilliam A. Kennington III while performing key agreement. 47b1b4d261SWilliam A. Kennington III KeyCertSign: The public key is used for verifying signatures on 48b1b4d261SWilliam A. Kennington III public key certificates. 49b1b4d261SWilliam A. Kennington III KeyEncipherment: The public key is used for enciphering private or 50b1b4d261SWilliam A. Kennington III secret keys. 51b1b4d261SWilliam A. Kennington III NonRepudiation: The public key is used to verify digital signatures, 52b1b4d261SWilliam A. Kennington III other than signatures on certificates and CRLs, 53b1b4d261SWilliam A. Kennington III and used to provide a non- repudiation service that 54b1b4d261SWilliam A. Kennington III protects against the signing entity falsely denying 55b1b4d261SWilliam A. Kennington III some action. 56b1b4d261SWilliam A. Kennington III OCSPSigning: The public key is used for signing OCSP responses. 57b1b4d261SWilliam A. Kennington III ServerAuthentication: The public key is used for TLS WWW server 58b1b4d261SWilliam A. Kennington III authentication. 59b1b4d261SWilliam A. Kennington III Timestamping: The public key is used for binding the hash of an 60b1b4d261SWilliam A. Kennington III object to a time. 61b1b4d261SWilliam A. Kennington III 62b1b4d261SWilliam A. Kennington III - name: Issuer 63b1b4d261SWilliam A. Kennington III type: string 64b1b4d261SWilliam A. Kennington III description: > 65b1b4d261SWilliam A. Kennington III The issuer of the certificate. 66b1b4d261SWilliam A. Kennington III 67b1b4d261SWilliam A. Kennington III Refer X.509 certificate wiki for the "Issuer" Key and value details. 68b1b4d261SWilliam A. Kennington III 69a1347418SPatrick Williams Example: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA Here 70a1347418SPatrick Williams C = country, O=organization, CN= common name. 71b1b4d261SWilliam A. Kennington III 72b1b4d261SWilliam A. Kennington III - name: Subject 73b1b4d261SWilliam A. Kennington III type: string 74b1b4d261SWilliam A. Kennington III description: > 75b1b4d261SWilliam A. Kennington III The subject of the certificate 76b1b4d261SWilliam A. Kennington III 77b1b4d261SWilliam A. Kennington III Refer X.509 certificate wiki for the "Subject" Key and value details. 78b1b4d261SWilliam A. Kennington III Refer https://en.wikipedia.org/wiki/X.509 79b1b4d261SWilliam A. Kennington III 80b1b4d261SWilliam A. Kennington III Example: Subject: C=US, ST=New York, L=Armonk, 81b1b4d261SWilliam A. Kennington III O=International Business Machines Corporation, 82b1b4d261SWilliam A. Kennington III OU=research, CN=www.research.ibm.com 83b1b4d261SWilliam A. Kennington III Here C=country, ST=state, L=locality, O=organization, CN= common name. 84b1b4d261SWilliam A. Kennington III OU= organizational unit 85b1b4d261SWilliam A. Kennington III 86b1b4d261SWilliam A. Kennington III - name: ValidNotAfter 87b1b4d261SWilliam A. Kennington III type: uint64 88b1b4d261SWilliam A. Kennington III description: > 89b1b4d261SWilliam A. Kennington III The certificate expiry date and time, in epoch time, in milliseconds 90b1b4d261SWilliam A. Kennington III - name: ValidNotBefore 91b1b4d261SWilliam A. Kennington III type: uint64 92b1b4d261SWilliam A. Kennington III description: > 93a1347418SPatrick Williams The certificate validity start date and time, in epoch time, in 94a1347418SPatrick Williams milliseconds. 95*387a6191SZhichuang Sun 96*387a6191SZhichuang Sunassociations: 97*387a6191SZhichuang Sun - name: identifying_requester 98*387a6191SZhichuang Sun description: > 99*387a6191SZhichuang Sun Objects that implement Certificate can optionally implement the 100*387a6191SZhichuang Sun "identifying_requester" association to provide a link to the component 101*387a6191SZhichuang Sun integrity object whose requester's identity is identified by this 102*387a6191SZhichuang Sun certificate. 103*387a6191SZhichuang Sun reverse_name: requester_identified_by 104*387a6191SZhichuang Sun required_endpoint_interfaces: 105*387a6191SZhichuang Sun - xyz.openbmc_project.Attestation.IdentityAuthentication 106*387a6191SZhichuang Sun 107*387a6191SZhichuang Sun - name: identifying_responder 108*387a6191SZhichuang Sun description: > 109*387a6191SZhichuang Sun Objects that implement Certificate can optionally implement the 110*387a6191SZhichuang Sun "identifying_responder" association to provide a link to the component 111*387a6191SZhichuang Sun integrity object whose responder's identity is identified by this 112*387a6191SZhichuang Sun certificate. 113*387a6191SZhichuang Sun reverse_name: responder_identified_by 114*387a6191SZhichuang Sun required_endpoint_interfaces: 115*387a6191SZhichuang Sun - xyz.openbmc_project.Attestation.IdentityAuthentication 116