summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-01 20:50:57 +0200
committerChristian Poessinger <christian@poessinger.com>2021-07-01 20:50:57 +0200
commit469e57398f3a9700fee210a94e57601f51466f43 (patch)
tree4b0b4e7e8ea68938511a62e990a7d1b24de1d7ee /interface-definitions
parentd565d4baffb930462f1a913d6f8a80111958a6f8 (diff)
parent30e4f083c98f93058c59f89e140819f7a3151f43 (diff)
downloadvyos-1x-469e57398f3a9700fee210a94e57601f51466f43.tar.gz
vyos-1x-469e57398f3a9700fee210a94e57601f51466f43.zip
Merge branch 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x into pki-cli
* 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x: pki: ipsec: T3642: Update migration script to account for file permission issues pki: ipsec: T3642: Migrate IPSec to use PKI configuration pki: T3642: New PKI config and management
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/pki/ca-certificate.xml.i14
-rw-r--r--interface-definitions/include/pki/certificate-key.xml.i12
-rw-r--r--interface-definitions/include/pki/certificate.xml.i14
-rw-r--r--interface-definitions/include/pki/private-key.xml.i30
-rw-r--r--interface-definitions/include/pki/public-key.xml.i14
-rw-r--r--interface-definitions/pki.xml.in203
-rw-r--r--interface-definitions/vpn_ipsec.xml.in38
7 files changed, 289 insertions, 36 deletions
diff --git a/interface-definitions/include/pki/ca-certificate.xml.i b/interface-definitions/include/pki/ca-certificate.xml.i
new file mode 100644
index 000000000..14295a281
--- /dev/null
+++ b/interface-definitions/include/pki/ca-certificate.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from pki/ca-certificate.xml.i -->
+<leafNode name="ca-certificate">
+ <properties>
+ <help>Certificate Authority in PKI configuration</help>
+ <valueHelp>
+ <format>CA name</format>
+ <description>Name of CA in PKI configuration</description>
+ </valueHelp>
+ <completionHelp>
+ <path>pki ca</path>
+ </completionHelp>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/certificate-key.xml.i b/interface-definitions/include/pki/certificate-key.xml.i
new file mode 100644
index 000000000..7f26d25c1
--- /dev/null
+++ b/interface-definitions/include/pki/certificate-key.xml.i
@@ -0,0 +1,12 @@
+<!-- include start from pki/certificate-key.xml.i -->
+#include <include/pki/certificate.xml.i>
+<leafNode name="passphrase">
+ <properties>
+ <help>Private key passphrase</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Passphrase to decrypt the private key</description>
+ </valueHelp>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/certificate.xml.i b/interface-definitions/include/pki/certificate.xml.i
new file mode 100644
index 000000000..436aa90ba
--- /dev/null
+++ b/interface-definitions/include/pki/certificate.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from pki/certificate.xml.i -->
+<leafNode name="certificate">
+ <properties>
+ <help>Certificate in PKI configuration</help>
+ <valueHelp>
+ <format>cert name</format>
+ <description>Name of certificate in PKI configuration</description>
+ </valueHelp>
+ <completionHelp>
+ <path>pki certificate</path>
+ </completionHelp>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/private-key.xml.i b/interface-definitions/include/pki/private-key.xml.i
new file mode 100644
index 000000000..6099daa89
--- /dev/null
+++ b/interface-definitions/include/pki/private-key.xml.i
@@ -0,0 +1,30 @@
+<!-- include start from pki/private-key.xml.i -->
+<node name="private">
+ <properties>
+ <help>Private key</help>
+ </properties>
+ <children>
+ <leafNode name="key">
+ <properties>
+ <help>Private key in PKI configuration</help>
+ <valueHelp>
+ <format>key name</format>
+ <description>Name of private key in PKI configuration</description>
+ </valueHelp>
+ <completionHelp>
+ <path>pki key-pair</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="passphrase">
+ <properties>
+ <help>Private key passphrase</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Passphrase to decrypt the private key</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/public-key.xml.i b/interface-definitions/include/pki/public-key.xml.i
new file mode 100644
index 000000000..dfc6979fd
--- /dev/null
+++ b/interface-definitions/include/pki/public-key.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from pki/public-key.xml.i -->
+<leafNode name="public-key">
+ <properties>
+ <help>Public key in PKI configuration</help>
+ <valueHelp>
+ <format>key name</format>
+ <description>Name of public key in PKI configuration</description>
+ </valueHelp>
+ <completionHelp>
+ <path>pki key-pair</path>
+ </completionHelp>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in
new file mode 100644
index 000000000..4b082cbc4
--- /dev/null
+++ b/interface-definitions/pki.xml.in
@@ -0,0 +1,203 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="pki" owner="${vyos_conf_scripts_dir}/pki.py">
+ <properties>
+ <help>VyOS PKI configuration</help>
+ </properties>
+ <children>
+ <tagNode name="ca">
+ <properties>
+ <help>Certificate Authority</help>
+ </properties>
+ <children>
+ <leafNode name="certificate">
+ <properties>
+ <help>CA certificate in PEM format</help>
+ </properties>
+ </leafNode>
+ <leafNode name="description">
+ <properties>
+ <help>Description</help>
+ </properties>
+ </leafNode>
+ <node name="private">
+ <properties>
+ <help>CA private key in PEM format</help>
+ </properties>
+ <children>
+ <leafNode name="key">
+ <properties>
+ <help>CA private key in PEM format</help>
+ </properties>
+ </leafNode>
+ <leafNode name="password-protected">
+ <properties>
+ <help>CA private key is password protected</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="crl">
+ <properties>
+ <help>Certificate revocation list in PEM format</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <tagNode name="certificate">
+ <properties>
+ <help>Certificate</help>
+ </properties>
+ <children>
+ <leafNode name="certificate">
+ <properties>
+ <help>Certificate in PEM format</help>
+ </properties>
+ </leafNode>
+ <leafNode name="description">
+ <properties>
+ <help>Description</help>
+ </properties>
+ </leafNode>
+ <node name="private">
+ <properties>
+ <help>Certificate private key</help>
+ </properties>
+ <children>
+ <leafNode name="key">
+ <properties>
+ <help>Certificate private key in PEM format</help>
+ </properties>
+ </leafNode>
+ <leafNode name="password-protected">
+ <properties>
+ <help>Certificate private key is password protected</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="revoke">
+ <properties>
+ <help>If CA is present, this certificate will be included in generated CRLs</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <tagNode name="dh">
+ <properties>
+ <help>Diffie-Hellman parameters</help>
+ </properties>
+ <children>
+ <leafNode name="parameters">
+ <properties>
+ <help>DH parameters in PEM format</help>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <tagNode name="key-pair">
+ <properties>
+ <help>Public and private keys</help>
+ </properties>
+ <children>
+ <node name="public">
+ <properties>
+ <help>Public key</help>
+ </properties>
+ <children>
+ <leafNode name="key">
+ <properties>
+ <help>Public key in PEM format</help>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="private">
+ <properties>
+ <help>Private key</help>
+ </properties>
+ <children>
+ <leafNode name="key">
+ <properties>
+ <help>Private key in PEM format</help>
+ </properties>
+ </leafNode>
+ <leafNode name="password-protected">
+ <properties>
+ <help>Private key is password protected</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ <node name="openvpn">
+ <properties>
+ <help>OpenVPN keys</help>
+ </properties>
+ <children>
+ <tagNode name="shared-secret">
+ <properties>
+ <help>OpenVPN shared secret key</help>
+ </properties>
+ <children>
+ <leafNode name="key">
+ <properties>
+ <help>OpenVPN shared secret key data</help>
+ </properties>
+ </leafNode>
+ <leafNode name="version">
+ <properties>
+ <help>OpenVPN shared secret key version</help>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <node name="x509">
+ <properties>
+ <help>X509 Settings</help>
+ </properties>
+ <children>
+ <node name="default">
+ <properties>
+ <help>X509 Default Values</help>
+ </properties>
+ <children>
+ <leafNode name="country">
+ <properties>
+ <help>Default country</help>
+ </properties>
+ <defaultValue>GB</defaultValue>
+ </leafNode>
+ <leafNode name="state">
+ <properties>
+ <help>Default state</help>
+ </properties>
+ <defaultValue>Some-State</defaultValue>
+ </leafNode>
+ <leafNode name="locality">
+ <properties>
+ <help>Default locality</help>
+ </properties>
+ <defaultValue>Some-City</defaultValue>
+ </leafNode>
+ <leafNode name="organization">
+ <properties>
+ <help>Default organization</help>
+ </properties>
+ <defaultValue>VyOS</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 2031217ba..7b1b3a595 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -804,42 +804,8 @@
<help>X.509 certificate</help>
</properties>
<children>
- #include <include/certificate.xml.i>
- #include <include/certificate-ca.xml.i>
- <leafNode name="crl-file">
- <properties>
- <help>File containing the X.509 Certificate Revocation List (CRL)</help>
- <valueHelp>
- <format>txt</format>
- <description>File in /config/auth</description>
- </valueHelp>
- </properties>
- </leafNode>
- <node name="key">
- <properties>
- <help>Key file and password to open it</help>
- </properties>
- <children>
- <leafNode name="file">
- <properties>
- <help>File containing the private key for the X.509 certificate for this host</help>
- <valueHelp>
- <format>txt</format>
- <description>File in /config/auth</description>
- </valueHelp>
- </properties>
- </leafNode>
- <leafNode name="password">
- <properties>
- <help>Password that protects the private key</help>
- <valueHelp>
- <format>txt</format>
- <description>Password that protects the private key</description>
- </valueHelp>
- </properties>
- </leafNode>
- </children>
- </node>
+ #include <include/pki/certificate-key.xml.i>
+ #include <include/pki/ca-certificate.xml.i>
</children>
</node>
</children>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 03:11:32 +0000