namespace "urn:opendaylight:netconf:keystore";
prefix "keystore";
+ revision "2023-11-09" {
+ description "Using binary type instead of string for base64 leafs.";
+ }
+
revision "2017-10-17" {
description "Initial revision of the Netconf SBP keystore.";
}
RPCs for adding/removing key entries.";
grouping keystore-entry {
+ list key-credential {
+ key key-id;
+
+ leaf key-id {
+ type string;
+ }
+
+ leaf private-key {
+ description "Binary array of Base64 encoded private key that should be used for authentication with a
+ netconf device. Do not include a public key as that is calculated from the private key.
+ Used for writing directly into the data store, encrypted key expected.";
+ type binary;
+ }
+
+ leaf passphrase {
+ description "If the provided key is encrypted by a passphrase this needs to be included. Leave empty
+ if the key does not have a passphrase.
+ Used for writing directly into the data store, encrypted passphrase expected.";
+ type binary;
+ }
+ }
+ }
+
+ grouping rpc-keystore-entry {
list key-credential {
key key-id;
leaf private-key {
description "Base64 encoded private key that should be used for authentication with a netconf device.
Do not include a public key as that is calculated from the private key.
- DO NOT write this directly into the data store, use the provided RPCs as these will
- encrypt the key before the entry is written into the data store.";
+ Used for RPCs only. Will encrypt the key before the entry is written into the data store.";
type string;
}
leaf passphrase {
description "If the provided key is encrypted by a passphrase this needs to be included. Leave empty
if the key does not have a passphrase.
- DO NOT write write this directly into the data store, use the provided RPCs as these will
- encrypt the passphrase before the entry is written into the data store.";
+ Used for RPCs only. Will encrypt the passphrase before the entry is written into the data
+ store.";
type string;
}
}
}
grouping private-keys {
+ list private-key {
+ key name;
+ description "A private key.";
+ leaf name {
+ type string;
+ }
+ leaf data {
+ description "Binary array of Base64 encoded private key.";
+ type binary;
+ }
+ leaf-list certificate-chain {
+ description "A certificate chain for this public key. Each certificate is an X.509 v3 certificate
+ structure as specified by RFC5280, binary data encoded using the Base64 format.";
+ type binary;
+ ordered-by user;
+ }
+ }
+ }
+
+ grouping rpc-private-keys {
list private-key {
key name;
description "A private key.";
type string;
}
leaf certificate {
- description "An X.509 v3 certificate structure as specified by RFC5280, encoded using
+ description "An X.509 v3 certificate structure as specified by RFC5280, binary data encoded using
the Base64 format.";
+ type binary;
+ }
+ }
+ }
+
+ grouping rpc-trusted-certificates {
+ list trusted-certificate {
+ key name;
+ description "A list of trusted certificate. These certificates can be used by a server to authenticate
+ clients, or by clients to authenticate servers.";
+ leaf name {
type string;
}
+ leaf certificate {
+ description "An X.509 v3 certificate structure as specified by RFC5280, encoded using
+ the Base64 format.";
+ type string;
+ }
}
}
description "Use this rpc to add a single or multiple new keys into the keystore. The private key and passphrase
will both be encrypted before they are written into the data store.";
input {
- uses keystore-entry;
+ uses rpc-keystore-entry;
}
}
rpc add-private-key {
description "Add a list of private keys into the keystore.";
input {
- uses private-keys;
+ uses rpc-private-keys;
}
}
rpc add-trusted-certificate {
description "Add a list of trusted certificates into the keystore.";
input {
- uses trusted-certificates;
+ uses rpc-trusted-certificates;
}
}