1 module netconf-keystore {
2 namespace "urn:opendaylight:netconf:keystore";
5 revision "2017-10-17" {
6 description "Initial revision of the Netconf SBP keystore.";
9 description "Store used for key based Credentials for Netconf SBP. Before a connector with key based authentication
10 is created it needs to have a record for the key pair it uses. All the records here need to be
11 encrypted as they contain sensitive data. Therefore NEVER do direct writes and only use the provided
12 RPC's for adding/removing key entries.";
14 grouping keystore-entry {
23 description "Base64 encoded private key that should be used for authentication with a netconf device.
24 Do not include a public key as that is calculated from the private key.
25 DO NOT write this directly into the datastore, use the provided rpc's as these will
26 encrypt the key before the entry is written into the datastore.";
31 description "If the provided key is encrypted by a passphrase this needs to be included. Leave empty
32 if the key does not have a passphrase.
33 DO NOT write write this directly into the datastore, use the provided rpc's as these will
34 encrypt the passhprase before the entry is written into the datastore.";
40 grouping private-keys {
43 description "A private key.";
48 description "Base64 encoded private key.";
51 leaf-list certificate-chain {
52 description "A certificate chain for this public key. Each certificate is an X.509 v3 certificate
53 structure as specified by RFC5280, encoded using the Base64 format.";
59 grouping trusted-certificates {
60 list trusted-certificate {
62 description "A list of trusted certificate. These cerfitifcates can be used by a server to
63 authenticate clients, or by clients to authenticate servers.";
68 description "An X.509 v3 certificate structure as specified by RFC5280, encoded using
78 uses trusted-certificates;
81 rpc add-keystore-entry {
82 description "Use this rpc to add a single or multiple new keys into the keystore. The private key
83 and passphrase will both be encrypted before they are written into the datastore.";
89 rpc remove-keystore-entry {
90 description "Use this rpc to remove a single or multiple keys from the datastore.";
99 description "Add a list of private keys into the keystore.";
105 rpc remove-private-key {
106 description "Remove a list of private keys from the datastore.";
114 rpc add-trusted-certificate {
115 description "Add a list of trusted certificates into the keystore.";
117 uses trusted-certificates;
121 rpc remove-trusted-certificate {
122 description "Remove a list of trusted certificates from the datastore.";