1 module netconf-keystore {
2 namespace "urn:opendaylight:netconf:keystore";
5 revision "2023-11-09" {
6 description "Using binary type instead of string for base64 leafs.";
9 revision "2017-10-17" {
10 description "Initial revision of the Netconf SBP keystore.";
13 description "Store used for key based Credentials for Netconf SBP. Before a connector with key based authentication
14 is created it needs to have a record for the key pair it uses. All the records here need to be
15 encrypted as they contain sensitive data. Therefore NEVER do direct writes and only use the provided
16 RPCs for adding/removing key entries.";
18 grouping keystore-entry {
27 description "Binary array of Base64 encoded private key that should be used for authentication with a
28 netconf device. Do not include a public key as that is calculated from the private key.
29 Used for writing directly into the data store, encrypted key expected.";
34 description "If the provided key is encrypted by a passphrase this needs to be included. Leave empty
35 if the key does not have a passphrase.
36 Used for writing directly into the data store, encrypted passphrase expected.";
42 grouping rpc-keystore-entry {
51 description "Base64 encoded private key that should be used for authentication with a netconf device.
52 Do not include a public key as that is calculated from the private key.
53 Used for RPCs only. Will encrypt the key before the entry is written into the data store.";
58 description "If the provided key is encrypted by a passphrase this needs to be included. Leave empty
59 if the key does not have a passphrase.
60 Used for RPCs only. Will encrypt the passphrase before the entry is written into the data
67 grouping private-keys {
70 description "A private key.";
75 description "Binary array of Base64 encoded private key.";
78 leaf-list certificate-chain {
79 description "A certificate chain for this public key. Each certificate is an X.509 v3 certificate
80 structure as specified by RFC5280, binary data encoded using the Base64 format.";
87 grouping rpc-private-keys {
90 description "A private key.";
95 description "Base64 encoded private key.";
98 leaf-list certificate-chain {
99 description "A certificate chain for this public key. Each certificate is an X.509 v3 certificate
100 structure as specified by RFC5280, encoded using the Base64 format.";
107 grouping trusted-certificates {
108 list trusted-certificate {
110 description "A list of trusted certificate. These certificates can be used by a server to authenticate
111 clients, or by clients to authenticate servers.";
116 description "An X.509 v3 certificate structure as specified by RFC5280, binary data encoded using
123 grouping rpc-trusted-certificates {
124 list trusted-certificate {
126 description "A list of trusted certificate. These certificates can be used by a server to authenticate
127 clients, or by clients to authenticate servers.";
132 description "An X.509 v3 certificate structure as specified by RFC5280, encoded using
142 uses trusted-certificates;
145 rpc add-keystore-entry {
146 description "Use this rpc to add a single or multiple new keys into the keystore. The private key and passphrase
147 will both be encrypted before they are written into the data store.";
149 uses rpc-keystore-entry;
153 rpc remove-keystore-entry {
154 description "Use this rpc to remove a single or multiple keys from the data store.";
162 rpc add-private-key {
163 description "Add a list of private keys into the keystore.";
165 uses rpc-private-keys;
169 rpc remove-private-key {
170 description "Remove a list of private keys from the data store.";
178 rpc add-trusted-certificate {
179 description "Add a list of trusted certificates into the keystore.";
181 uses rpc-trusted-certificates;
185 rpc remove-trusted-certificate {
186 description "Remove a list of trusted certificates from the data store.";