1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
|
{
"$id": "http://redfish.dmtf.org/schemas/v1/CertificateService.v1_0_2.json",
"$ref": "#/definitions/CertificateService",
"$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json",
"copyright": "Copyright 2014-2019 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright",
"definitions": {
"Actions": {
"additionalProperties": false,
"description": "The available actions for this Resource.",
"longDescription": "This type shall contain the available actions for this Resource.",
"patternProperties": {
"^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
"description": "This property shall specify a valid odata or Redfish property.",
"type": [
"array",
"boolean",
"integer",
"number",
"null",
"object",
"string"
]
}
},
"properties": {
"#CertificateService.GenerateCSR": {
"$ref": "#/definitions/GenerateCSR"
},
"#CertificateService.ReplaceCertificate": {
"$ref": "#/definitions/ReplaceCertificate"
},
"Oem": {
"$ref": "#/definitions/OemActions",
"description": "The available OEM-specific actions for this Resource.",
"longDescription": "This property shall contain the available OEM-specific actions for this Resource."
}
},
"type": "object"
},
"CertificateService": {
"additionalProperties": false,
"description": "The CertificateService schema describes a Certificate Service that represents the actions available to manage certificates and links to the certificates.",
"longDescription": "This Resource shall represent the Certificate Service properties for a Redfish implementation.",
"patternProperties": {
"^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
"description": "This property shall specify a valid odata or Redfish property.",
"type": [
"array",
"boolean",
"integer",
"number",
"null",
"object",
"string"
]
}
},
"properties": {
"@odata.context": {
"$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/context"
},
"@odata.etag": {
"$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/etag"
},
"@odata.id": {
"$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/id"
},
"@odata.type": {
"$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/type"
},
"Actions": {
"$ref": "#/definitions/Actions",
"description": "The available actions for this Resource.",
"longDescription": "This property shall contain the available actions for this Resource."
},
"CertificateLocations": {
"$ref": "http://redfish.dmtf.org/schemas/v1/CertificateLocations.json#/definitions/CertificateLocations",
"description": "The information about the location of certificates.",
"longDescription": "This property shall contain the link to a Resource of type CertificateLocations.",
"readonly": true
},
"Description": {
"anyOf": [
{
"$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Description"
},
{
"type": "null"
}
],
"readonly": true
},
"Id": {
"$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Id",
"readonly": true
},
"Name": {
"$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Name",
"readonly": true
},
"Oem": {
"$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem",
"description": "The OEM extension property.",
"longDescription": "This property shall contain the OEM extensions. All values for properties that this object contains shall conform to the Redfish Specification-described requirements."
}
},
"required": [
"@odata.id",
"@odata.type",
"Id",
"Name"
],
"type": "object"
},
"GenerateCSR": {
"actionResponse": {
"$ref": "#/definitions/GenerateCSRResponse"
},
"additionalProperties": false,
"description": "This action makes a certificate signing request.",
"longDescription": "This action shall make a certificate signing request. The response shall contain a signing request that a certificate authority (CA) must sign. The Service should retain the private key that was generated during this request for installation of the certificate. The private key should not be part of the response.",
"parameters": {
"AlternativeNames": {
"description": "The additional host names of the component to secure.",
"items": {
"type": "string"
},
"longDescription": "This parameter shall contain an array of additional host names of the component to secure, as defined by the RFC5280 'subjectAltName' attribute.",
"type": "array"
},
"CertificateCollection": {
"$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection",
"description": "The URI of the Certificate Resource Collection where the certificate is installed after the certificate authority (CA) signs the certificate.",
"longDescription": "This parameter shall contain the URI of the Certificate Resource Collection where the certificate is installed after the certificate authority (CA) signs the certificate.",
"requiredParameter": true
},
"ChallengePassword": {
"description": "The challenge password to apply to the certificate for revocation requests.",
"longDescription": "This property shall contain the challenge password to apply to the certificate for revocation requests as defined by the RFC2985 'challengePassword' attribute.",
"type": "string"
},
"City": {
"description": "The city or locality of the organization making the request.",
"longDescription": "This parameter shall contain the city or locality of the organization making the request, as defined by the RFC5280 'localityName' attribute.",
"requiredParameter": true,
"type": "string"
},
"CommonName": {
"description": "The fully qualified domain name of the component to secure.",
"longDescription": "This parameter shall contain the fully qualified domain name of the component to secure, as defined by the RFC5280 'commonName' attribute.",
"requiredParameter": true,
"type": "string"
},
"ContactPerson": {
"description": "The name of the user making the request.",
"longDescription": "This property shall contain the name of the user making the request, as defined by the RFC5280 'name' attribute.",
"type": "string"
},
"Country": {
"description": "The two-letter country code of the organization making the request.",
"longDescription": "This parameter shall contain the two-letter ISO code for the country of the organization making the request, as defined by the RFC5280 'countryName' attribute.",
"requiredParameter": true,
"type": "string"
},
"Email": {
"description": "The email address of the contact within the organization making the request.",
"longDescription": "This parameter shall contain the email address of the contact within the organization making the request, as defined by the RFC2985 'emailAddress' attribute.",
"type": "string"
},
"GivenName": {
"description": "The given name of the user making the request.",
"longDescription": "This parameter shall contain the given name of the user making the request, as defined by the RFC5280 'givenName' attribute.",
"type": "string"
},
"Initials": {
"description": "The initials of the user making the request.",
"longDescription": "This parameter shall contain the initials of the user making the request, as defined by the RFC5280 'initials' attribute.",
"type": "string"
},
"KeyBitLength": {
"description": "The length of the key, in bits, if needed based on the KeyPairAlgorithm parameter value.",
"longDescription": "This parameter shall contain the length of the key, in bits, if needed based on the KeyPairAlgorithm parameter value.",
"type": "integer"
},
"KeyCurveId": {
"description": "The curve ID to use with the key, if needed based on the KeyPairAlgorithm parameter value.",
"longDescription": "This parameter shall contain the curve ID to use with the key, if needed based on the KeyPairAlgorithm parameter value. The allowable values for this parameter shall be the strings in the 'Name' field of the 'TPM_ECC_CURVE Constants' table within the 'Trusted Computing Group Algorithm Registry'.",
"type": "string"
},
"KeyPairAlgorithm": {
"description": "The type of key-pair for use with signing algorithms.",
"longDescription": "This parameter shall contain the type of key-pair for use with signing algorithms. The allowable values for this parameter shall be the strings in the 'Algorithm Name' field of the 'TPM_ALG_ID Constants' table within the 'Trusted Computing Group Algorithm Registry'.",
"type": "string"
},
"KeyUsage": {
"description": "The usage of the key contained in the certificate.",
"items": {
"$ref": "http://redfish.dmtf.org/schemas/v1/Certificate.json#/definitions/KeyUsage"
},
"longDescription": "This parameter shall contain the usage of the key contained in the certificate. If the client does not provide this value, the service may determine the appropriate key usage settings in the certificate signing request.",
"type": "array"
},
"Organization": {
"description": "The name of the organization making the request.",
"longDescription": "This parameter shall contain the name of the organization making the request, as defined by the RFC5280 'organizationName' attribute.",
"requiredParameter": true,
"type": "string"
},
"OrganizationalUnit": {
"description": "The name of the unit or division of the organization making the request.",
"longDescription": "This parameter shall contain the name of the unit or division of the organization making the request, as defined by the RFC5280 'organizationalUnitName' attribute.",
"requiredParameter": true,
"type": "string"
},
"State": {
"description": "The state, province, or region of the organization making the request.",
"longDescription": "This parameter shall contain the state, province, or region of the organization making the request, as defined by the RFC5280 'stateOrProvinceName' attribute.",
"requiredParameter": true,
"type": "string"
},
"Surname": {
"description": "The surname of the user making the request.",
"longDescription": "This parameter shall contain the surname of the user making the request, as defined by the RFC5280 'surname' attribute.",
"type": "string"
},
"UnstructuredName": {
"description": "The unstructured name of the subject.",
"longDescription": "This property shall contain the unstructured name of the subject, as defined by the RFC2985 'unstructuredName' attribute.",
"type": "string"
}
},
"patternProperties": {
"^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
"description": "This property shall specify a valid odata or Redfish property.",
"type": [
"array",
"boolean",
"integer",
"number",
"null",
"object",
"string"
]
}
},
"properties": {
"target": {
"description": "Link to invoke action",
"format": "uri-reference",
"type": "string"
},
"title": {
"description": "Friendly action name",
"type": "string"
}
},
"type": "object"
},
"GenerateCSRResponse": {
"additionalProperties": false,
"description": "The response body for the GenerateCSR action.",
"longDescription": "This type shall contain the properties found in the response body for the GenerateCSR action.",
"patternProperties": {
"^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
"description": "This property shall specify a valid odata or Redfish property.",
"type": [
"array",
"boolean",
"integer",
"number",
"null",
"object",
"string"
]
}
},
"properties": {
"CSRString": {
"description": "The string for the certificate signing request.",
"longDescription": "This property shall contain the Privacy Enhanced Mail (PEM)-encoded string, which contains RFC2986-specified structures, of the certificate signing request. The private key should not be part of the string.",
"readonly": true,
"type": "string"
},
"CertificateCollection": {
"$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection",
"description": "The link to the Certificate Resource Collection where the certificate is installed.",
"longDescription": "This property shall contain the URI of the Certificate Resource Collection where the certificate is installed after the certificate authority (CA) has signed the certificate.",
"readonly": true
}
},
"required": [
"CertificateCollection",
"CSRString"
],
"type": "object"
},
"OemActions": {
"additionalProperties": true,
"description": "The available OEM-specific actions for this Resource.",
"longDescription": "This type shall contain the available OEM-specific actions for this Resource.",
"patternProperties": {
"^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
"description": "This property shall specify a valid odata or Redfish property.",
"type": [
"array",
"boolean",
"integer",
"number",
"null",
"object",
"string"
]
}
},
"properties": {},
"type": "object"
},
"ReplaceCertificate": {
"additionalProperties": false,
"description": "This action replaces a certificate.",
"longDescription": "This action shall replace a certificate. The Location header in the response shall contain the URI of the new Certificate Resource.",
"parameters": {
"CertificateString": {
"description": "The string for the certificate.",
"longDescription": "This parameter shall contain the string of the certificate, and the format shall follow the requirements specified by the CertificateType property value. If the certificate contains any private keys, they shall be removed from the string in responses. If the service does not know the private key for the certificate and it is needed to use the certificate, the client shall provide the private key as part of the string in the POST request.",
"requiredParameter": true,
"type": "string"
},
"CertificateType": {
"$ref": "http://redfish.dmtf.org/schemas/v1/Certificate.json#/definitions/CertificateType",
"description": "The format of the certificate.",
"longDescription": "This parameter shall contain the format type for the certificate.",
"requiredParameter": true
},
"CertificateUri": {
"$ref": "http://redfish.dmtf.org/schemas/v1/Certificate.json#/definitions/Certificate",
"description": "The link to the certificate that is being replaced.",
"longDescription": "This parameter shall contain the URI of the Certificate Resource that is being replaced.",
"requiredParameter": true
}
},
"patternProperties": {
"^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
"description": "This property shall specify a valid odata or Redfish property.",
"type": [
"array",
"boolean",
"integer",
"number",
"null",
"object",
"string"
]
}
},
"properties": {
"target": {
"description": "Link to invoke action",
"format": "uri-reference",
"type": "string"
},
"title": {
"description": "Friendly action name",
"type": "string"
}
},
"type": "object"
}
},
"owningEntity": "DMTF",
"release": "2018.3",
"title": "#CertificateService.v1_0_2.CertificateService"
}
|
