diff options
author | Daniil Baturin <daniil@vyos.io> | 2024-02-10 19:07:49 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-10 19:07:49 +0000 |
commit | 3b383b52888ab03674dded022168699c292059ca (patch) | |
tree | 27fde0bc8c75adc5ff37dd2169d553687857ee3f | |
parent | 791c07e804a1a7e1c48e1a2f491c10148137bc20 (diff) | |
parent | ec049d192ddb1d2173d54b429213694ba0e6f15f (diff) | |
download | vyos-1x-3b383b52888ab03674dded022168699c292059ca.tar.gz vyos-1x-3b383b52888ab03674dded022168699c292059ca.zip |
Merge pull request #2984 from vyos/mergify/bp/sagitta/pr-2982
xml: T5738: improve PKI building blocks for CLI (backport #2982)
6 files changed, 84 insertions, 84 deletions
diff --git a/interface-definitions/include/pki/cli-certificate-base64.xml.i b/interface-definitions/include/pki/cli-certificate-base64.xml.i new file mode 100644 index 000000000..a3eff79e8 --- /dev/null +++ b/interface-definitions/include/pki/cli-certificate-base64.xml.i @@ -0,0 +1,11 @@ +<!-- include start from pki/cli-certificate-base64.xml.i --> +<leafNode name="certificate"> + <properties> + <help>Certificate in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/cli-private-key-base64.xml.i b/interface-definitions/include/pki/cli-private-key-base64.xml.i new file mode 100644 index 000000000..3a7ee0ce9 --- /dev/null +++ b/interface-definitions/include/pki/cli-private-key-base64.xml.i @@ -0,0 +1,11 @@ +<!-- include start from pki/pki-cli-private-key.xml.i --> +<leafNode name="key"> + <properties> + <help>Private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/cli-public-key-base64.xml.i b/interface-definitions/include/pki/cli-public-key-base64.xml.i new file mode 100644 index 000000000..3a7ee0ce9 --- /dev/null +++ b/interface-definitions/include/pki/cli-public-key-base64.xml.i @@ -0,0 +1,11 @@ +<!-- include start from pki/pki-cli-private-key.xml.i --> +<leafNode name="key"> + <properties> + <help>Private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/cli-revoke.xml.i b/interface-definitions/include/pki/cli-revoke.xml.i new file mode 100644 index 000000000..61cd978bb --- /dev/null +++ b/interface-definitions/include/pki/cli-revoke.xml.i @@ -0,0 +1,8 @@ +<!-- include start from pki/cli-revoke.xml.i --> +<leafNode name="revoke"> + <properties> + <help>Include certificate in parent CRL</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/password-protected.xml.i b/interface-definitions/include/pki/password-protected.xml.i new file mode 100644 index 000000000..b72e4ecec --- /dev/null +++ b/interface-definitions/include/pki/password-protected.xml.i @@ -0,0 +1,8 @@ +<!-- include start from pki/password-protected.xml.i --> +<leafNode name="password-protected"> + <properties> + <help>Private key portion is password protected</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in index 0ed199539..617bdd584 100644 --- a/interface-definitions/pki.xml.in +++ b/interface-definitions/pki.xml.in @@ -14,36 +14,15 @@ </constraint> </properties> <children> - <leafNode name="certificate"> - <properties> - <help>CA certificate in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>CA certificate is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> + #include <include/pki/cli-certificate-base64.xml.i> #include <include/generic-description.xml.i> <node name="private"> <properties> <help>CA private key in PEM format</help> </properties> <children> - <leafNode name="key"> - <properties> - <help>CA private key in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>CA private key is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="password-protected"> - <properties> - <help>CA private key is password protected</help> - <valueless/> - </properties> - </leafNode> + #include <include/pki/cli-private-key-base64.xml.i> + #include <include/pki/password-protected.xml.i> </children> </node> <leafNode name="crl"> @@ -56,12 +35,7 @@ <multi/> </properties> </leafNode> - <leafNode name="revoke"> - <properties> - <help>If parent CA is present, this CA certificate will be included in generated CRLs</help> - <valueless/> - </properties> - </leafNode> + #include <include/pki/cli-revoke.xml.i> </children> </tagNode> <tagNode name="certificate"> @@ -72,15 +46,7 @@ </constraint> </properties> <children> - <leafNode name="certificate"> - <properties> - <help>Certificate in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> + #include <include/pki/cli-certificate-base64.xml.i> <node name="acme"> <properties> <help>Automatic Certificate Management Environment (ACME) request</help> @@ -141,29 +107,11 @@ <help>Certificate private key</help> </properties> <children> - <leafNode name="key"> - <properties> - <help>Certificate private key in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Certificate private key is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="password-protected"> - <properties> - <help>Certificate private key is password protected</help> - <valueless/> - </properties> - </leafNode> + #include <include/pki/cli-private-key-base64.xml.i> + #include <include/pki/password-protected.xml.i> </children> </node> - <leafNode name="revoke"> - <properties> - <help>If CA is present, this certificate will be included in generated CRLs</help> - <valueless/> - </properties> - </leafNode> + #include <include/pki/cli-revoke.xml.i> </children> </tagNode> <tagNode name="dh"> @@ -195,15 +143,7 @@ <help>Public key</help> </properties> <children> - <leafNode name="key"> - <properties> - <help>Public key in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Public key is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> + #include <include/pki/cli-public-key-base64.xml.i> </children> </node> <node name="private"> @@ -211,21 +151,32 @@ <help>Private key</help> </properties> <children> - <leafNode name="key"> - <properties> - <help>Private key in PEM format</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="password-protected"> - <properties> - <help>Private key is password protected</help> - <valueless/> - </properties> - </leafNode> + #include <include/pki/cli-private-key-base64.xml.i> + #include <include/pki/password-protected.xml.i> + </children> + </node> + </children> + </tagNode> + <tagNode name="openssh"> + <properties> + <help>OpenSSH public and private keys</help> + </properties> + <children> + <node name="public"> + <properties> + <help>Public key</help> + </properties> + <children> + #include <include/pki/cli-public-key-base64.xml.i> + </children> + </node> + <node name="private"> + <properties> + <help>Private key</help> + </properties> + <children> + #include <include/pki/cli-private-key-base64.xml.i> + #include <include/pki/password-protected.xml.i> </children> </node> </children> |