summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2024-02-10 19:07:49 +0000
committerGitHub <noreply@github.com>2024-02-10 19:07:49 +0000
commit3b383b52888ab03674dded022168699c292059ca (patch)
tree27fde0bc8c75adc5ff37dd2169d553687857ee3f
parent791c07e804a1a7e1c48e1a2f491c10148137bc20 (diff)
parentec049d192ddb1d2173d54b429213694ba0e6f15f (diff)
downloadvyos-1x-3b383b52888ab03674dded022168699c292059ca.tar.gz
vyos-1x-3b383b52888ab03674dded022168699c292059ca.zip
Merge pull request #2984 from vyos/mergify/bp/sagitta/pr-2982
xml: T5738: improve PKI building blocks for CLI (backport #2982)
-rw-r--r--interface-definitions/include/pki/cli-certificate-base64.xml.i11
-rw-r--r--interface-definitions/include/pki/cli-private-key-base64.xml.i11
-rw-r--r--interface-definitions/include/pki/cli-public-key-base64.xml.i11
-rw-r--r--interface-definitions/include/pki/cli-revoke.xml.i8
-rw-r--r--interface-definitions/include/pki/password-protected.xml.i8
-rw-r--r--interface-definitions/pki.xml.in119
6 files changed, 84 insertions, 84 deletions
diff --git a/interface-definitions/include/pki/cli-certificate-base64.xml.i b/interface-definitions/include/pki/cli-certificate-base64.xml.i
new file mode 100644
index 000000000..a3eff79e8
--- /dev/null
+++ b/interface-definitions/include/pki/cli-certificate-base64.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from pki/cli-certificate-base64.xml.i -->
+<leafNode name="certificate">
+ <properties>
+ <help>Certificate in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/cli-private-key-base64.xml.i b/interface-definitions/include/pki/cli-private-key-base64.xml.i
new file mode 100644
index 000000000..3a7ee0ce9
--- /dev/null
+++ b/interface-definitions/include/pki/cli-private-key-base64.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from pki/pki-cli-private-key.xml.i -->
+<leafNode name="key">
+ <properties>
+ <help>Private key in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/cli-public-key-base64.xml.i b/interface-definitions/include/pki/cli-public-key-base64.xml.i
new file mode 100644
index 000000000..3a7ee0ce9
--- /dev/null
+++ b/interface-definitions/include/pki/cli-public-key-base64.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from pki/pki-cli-private-key.xml.i -->
+<leafNode name="key">
+ <properties>
+ <help>Private key in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/cli-revoke.xml.i b/interface-definitions/include/pki/cli-revoke.xml.i
new file mode 100644
index 000000000..61cd978bb
--- /dev/null
+++ b/interface-definitions/include/pki/cli-revoke.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from pki/cli-revoke.xml.i -->
+<leafNode name="revoke">
+ <properties>
+ <help>Include certificate in parent CRL</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/password-protected.xml.i b/interface-definitions/include/pki/password-protected.xml.i
new file mode 100644
index 000000000..b72e4ecec
--- /dev/null
+++ b/interface-definitions/include/pki/password-protected.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from pki/password-protected.xml.i -->
+<leafNode name="password-protected">
+ <properties>
+ <help>Private key portion is password protected</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in
index 0ed199539..617bdd584 100644
--- a/interface-definitions/pki.xml.in
+++ b/interface-definitions/pki.xml.in
@@ -14,36 +14,15 @@
</constraint>
</properties>
<children>
- <leafNode name="certificate">
- <properties>
- <help>CA certificate in PEM format</help>
- <constraint>
- <validator name="base64"/>
- </constraint>
- <constraintErrorMessage>CA certificate is not base64-encoded</constraintErrorMessage>
- </properties>
- </leafNode>
+ #include <include/pki/cli-certificate-base64.xml.i>
#include <include/generic-description.xml.i>
<node name="private">
<properties>
<help>CA private key in PEM format</help>
</properties>
<children>
- <leafNode name="key">
- <properties>
- <help>CA private key in PEM format</help>
- <constraint>
- <validator name="base64"/>
- </constraint>
- <constraintErrorMessage>CA private key is not base64-encoded</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="password-protected">
- <properties>
- <help>CA private key is password protected</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/pki/cli-private-key-base64.xml.i>
+ #include <include/pki/password-protected.xml.i>
</children>
</node>
<leafNode name="crl">
@@ -56,12 +35,7 @@
<multi/>
</properties>
</leafNode>
- <leafNode name="revoke">
- <properties>
- <help>If parent CA is present, this CA certificate will be included in generated CRLs</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/pki/cli-revoke.xml.i>
</children>
</tagNode>
<tagNode name="certificate">
@@ -72,15 +46,7 @@
</constraint>
</properties>
<children>
- <leafNode name="certificate">
- <properties>
- <help>Certificate in PEM format</help>
- <constraint>
- <validator name="base64"/>
- </constraint>
- <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage>
- </properties>
- </leafNode>
+ #include <include/pki/cli-certificate-base64.xml.i>
<node name="acme">
<properties>
<help>Automatic Certificate Management Environment (ACME) request</help>
@@ -141,29 +107,11 @@
<help>Certificate private key</help>
</properties>
<children>
- <leafNode name="key">
- <properties>
- <help>Certificate private key in PEM format</help>
- <constraint>
- <validator name="base64"/>
- </constraint>
- <constraintErrorMessage>Certificate private key is not base64-encoded</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="password-protected">
- <properties>
- <help>Certificate private key is password protected</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/pki/cli-private-key-base64.xml.i>
+ #include <include/pki/password-protected.xml.i>
</children>
</node>
- <leafNode name="revoke">
- <properties>
- <help>If CA is present, this certificate will be included in generated CRLs</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/pki/cli-revoke.xml.i>
</children>
</tagNode>
<tagNode name="dh">
@@ -195,15 +143,7 @@
<help>Public key</help>
</properties>
<children>
- <leafNode name="key">
- <properties>
- <help>Public key in PEM format</help>
- <constraint>
- <validator name="base64"/>
- </constraint>
- <constraintErrorMessage>Public key is not base64-encoded</constraintErrorMessage>
- </properties>
- </leafNode>
+ #include <include/pki/cli-public-key-base64.xml.i>
</children>
</node>
<node name="private">
@@ -211,21 +151,32 @@
<help>Private key</help>
</properties>
<children>
- <leafNode name="key">
- <properties>
- <help>Private key in PEM format</help>
- <constraint>
- <validator name="base64"/>
- </constraint>
- <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="password-protected">
- <properties>
- <help>Private key is password protected</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/pki/cli-private-key-base64.xml.i>
+ #include <include/pki/password-protected.xml.i>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ <tagNode name="openssh">
+ <properties>
+ <help>OpenSSH public and private keys</help>
+ </properties>
+ <children>
+ <node name="public">
+ <properties>
+ <help>Public key</help>
+ </properties>
+ <children>
+ #include <include/pki/cli-public-key-base64.xml.i>
+ </children>
+ </node>
+ <node name="private">
+ <properties>
+ <help>Private key</help>
+ </properties>
+ <children>
+ #include <include/pki/cli-private-key-base64.xml.i>
+ #include <include/pki/password-protected.xml.i>
</children>
</node>
</children>