From 6f66e71e4622c54058b8689d4be730905d69fe22 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Thu, 17 Jun 2021 18:08:58 +0200
Subject: pki: T3642: New PKI config and management

---
 .../include/pki/ca-certificate.xml.i               |  14 ++
 .../include/pki/certificate-key.xml.i              |  23 +++
 .../include/pki/certificate.xml.i                  |  14 ++
 .../include/pki/dh-parameters.xml.i                |  14 ++
 .../include/pki/openvpn_tls-auth.xml.i             |  14 ++
 .../include/pki/private-key.xml.i                  |  30 +++
 interface-definitions/include/pki/public-key.xml.i |  14 ++
 interface-definitions/pki.xml.in                   | 203 +++++++++++++++++++++
 8 files changed, 326 insertions(+)
 create mode 100644 interface-definitions/include/pki/ca-certificate.xml.i
 create mode 100644 interface-definitions/include/pki/certificate-key.xml.i
 create mode 100644 interface-definitions/include/pki/certificate.xml.i
 create mode 100644 interface-definitions/include/pki/dh-parameters.xml.i
 create mode 100644 interface-definitions/include/pki/openvpn_tls-auth.xml.i
 create mode 100644 interface-definitions/include/pki/private-key.xml.i
 create mode 100644 interface-definitions/include/pki/public-key.xml.i
 create mode 100644 interface-definitions/pki.xml.in

(limited to 'interface-definitions')

diff --git a/interface-definitions/include/pki/ca-certificate.xml.i b/interface-definitions/include/pki/ca-certificate.xml.i
new file mode 100644
index 000000000..14295a281
--- /dev/null
+++ b/interface-definitions/include/pki/ca-certificate.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from pki/ca-certificate.xml.i -->
+<leafNode name="ca-certificate">
+  <properties>
+    <help>Certificate Authority in PKI configuration</help>
+    <valueHelp>
+      <format>CA name</format>
+      <description>Name of CA in PKI configuration</description>
+    </valueHelp>
+    <completionHelp>
+      <path>pki ca</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/certificate-key.xml.i b/interface-definitions/include/pki/certificate-key.xml.i
new file mode 100644
index 000000000..b68f38442
--- /dev/null
+++ b/interface-definitions/include/pki/certificate-key.xml.i
@@ -0,0 +1,23 @@
+<!-- include start from pki/certificate-key.xml.i -->
+<leafNode name="certificate">
+  <properties>
+    <help>Certificate and private key in PKI configuration</help>
+    <valueHelp>
+      <format>cert name</format>
+      <description>Name of certificate in PKI configuration</description>
+    </valueHelp>
+    <completionHelp>
+      <path>pki certificate</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<leafNode name="private-key-passphrase">
+  <properties>
+    <help>Private key passphrase</help>
+    <valueHelp>
+      <format>txt</format>
+      <description>Passphrase to decrypt the private key</description>
+    </valueHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/certificate.xml.i b/interface-definitions/include/pki/certificate.xml.i
new file mode 100644
index 000000000..436aa90ba
--- /dev/null
+++ b/interface-definitions/include/pki/certificate.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from pki/certificate.xml.i -->
+<leafNode name="certificate">
+  <properties>
+    <help>Certificate in PKI configuration</help>
+    <valueHelp>
+      <format>cert name</format>
+      <description>Name of certificate in PKI configuration</description>
+    </valueHelp>
+    <completionHelp>
+      <path>pki certificate</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/dh-parameters.xml.i b/interface-definitions/include/pki/dh-parameters.xml.i
new file mode 100644
index 000000000..6e69528e7
--- /dev/null
+++ b/interface-definitions/include/pki/dh-parameters.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from pki/dh-parameters.xml.i -->
+<leafNode name="dh-parameters">
+  <properties>
+    <help>Diffie-Hellman parameters in PKI configuration</help>
+    <valueHelp>
+      <format>DH name</format>
+      <description>Name of DH params in PKI configuration</description>
+    </valueHelp>
+    <completionHelp>
+      <path>pki dh</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/openvpn_tls-auth.xml.i b/interface-definitions/include/pki/openvpn_tls-auth.xml.i
new file mode 100644
index 000000000..2b9a69653
--- /dev/null
+++ b/interface-definitions/include/pki/openvpn_tls-auth.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from pki/openvpn_tls-auth.xml.i -->
+<leafNode name="auth-key">
+  <properties>
+    <help>Static key for tls-auth in PKI configuration</help>
+    <valueHelp>
+      <format>key name</format>
+      <description>Name of static key in PKI configuration</description>
+    </valueHelp>
+    <completionHelp>
+      <path>pki openvpn tls-auth</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/private-key.xml.i b/interface-definitions/include/pki/private-key.xml.i
new file mode 100644
index 000000000..6099daa89
--- /dev/null
+++ b/interface-definitions/include/pki/private-key.xml.i
@@ -0,0 +1,30 @@
+<!-- include start from pki/private-key.xml.i -->
+<node name="private">
+  <properties>
+    <help>Private key</help>
+  </properties>
+  <children>
+    <leafNode name="key">
+      <properties>
+        <help>Private key in PKI configuration</help>
+        <valueHelp>
+          <format>key name</format>
+          <description>Name of private key in PKI configuration</description>
+        </valueHelp>
+        <completionHelp>
+          <path>pki key-pair</path>
+        </completionHelp>
+      </properties>
+    </leafNode>
+    <leafNode name="passphrase">
+      <properties>
+        <help>Private key passphrase</help>
+        <valueHelp>
+          <format>txt</format>
+          <description>Passphrase to decrypt the private key</description>
+        </valueHelp>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/public-key.xml.i b/interface-definitions/include/pki/public-key.xml.i
new file mode 100644
index 000000000..dfc6979fd
--- /dev/null
+++ b/interface-definitions/include/pki/public-key.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from pki/public-key.xml.i -->
+<leafNode name="public-key">
+  <properties>
+    <help>Public key in PKI configuration</help>
+    <valueHelp>
+      <format>key name</format>
+      <description>Name of public key in PKI configuration</description>
+    </valueHelp>
+    <completionHelp>
+      <path>pki key-pair</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in
new file mode 100644
index 000000000..e818ae438
--- /dev/null
+++ b/interface-definitions/pki.xml.in
@@ -0,0 +1,203 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="pki" owner="${vyos_conf_scripts_dir}/pki.py">
+    <properties>
+      <help>VyOS PKI configuration</help>
+    </properties>
+    <children>
+      <tagNode name="ca">
+        <properties>
+          <help>Certificate Authority</help>
+        </properties>
+        <children>
+          <leafNode name="certificate">
+            <properties>
+              <help>CA certificate in PEM format</help>
+            </properties>
+          </leafNode>
+          <leafNode name="description">
+            <properties>
+              <help>Description</help>
+            </properties>
+          </leafNode>
+          <node name="private">
+            <properties>
+              <help>CA private key in PEM format</help>
+            </properties>
+            <children>
+              <leafNode name="key">
+                <properties>
+                  <help>CA private key in PEM format</help>
+                </properties>
+              </leafNode>
+              <leafNode name="password-protected">
+                <properties>
+                  <help>CA private key is password protected</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <leafNode name="crl">
+            <properties>
+              <help>Certificate revocation list in PEM format</help>
+              <multi/>
+            </properties>
+          </leafNode>
+        </children>
+      </tagNode>
+      <tagNode name="certificate">
+        <properties>
+          <help>Certificate</help>
+        </properties>
+        <children>
+          <leafNode name="certificate">
+            <properties>
+              <help>Certificate in PEM format</help>
+            </properties>
+          </leafNode>
+          <leafNode name="description">
+            <properties>
+              <help>Description</help>
+            </properties>
+          </leafNode>
+          <node name="private">
+            <properties>
+              <help>Certificate private key</help>
+            </properties>
+            <children>
+              <leafNode name="key">
+                <properties>
+                  <help>Certificate private key in PEM format</help>
+                </properties>
+              </leafNode>
+              <leafNode name="password-protected">
+                <properties>
+                  <help>Certificate private key is password protected</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <leafNode name="revoke">
+            <properties>
+              <help>If CA is present, this certificate will be included in generated CRLs</help>
+              <valueless/>
+            </properties>
+          </leafNode>
+        </children>
+      </tagNode>
+      <tagNode name="dh">
+        <properties>
+          <help>Diffie-Hellman parameters</help>
+        </properties>
+        <children>
+          <leafNode name="parameters">
+            <properties>
+              <help>DH parameters in PEM format</help>
+            </properties>
+          </leafNode>
+        </children>
+      </tagNode>
+      <tagNode name="key-pair">
+        <properties>
+          <help>Public and private keys</help>
+        </properties>
+        <children>
+          <node name="public">
+            <properties>
+              <help>Public key</help>
+            </properties>
+            <children>
+              <leafNode name="key">
+                <properties>
+                  <help>Public key in PEM format</help>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <node name="private">
+            <properties>
+              <help>Private key</help>
+            </properties>
+            <children>
+              <leafNode name="key">
+                <properties>
+                  <help>Private key in PEM format</help>
+                </properties>
+              </leafNode>
+              <leafNode name="password-protected">
+                <properties>
+                  <help>Private key is password protected</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+        </children>
+      </tagNode>
+      <node name="openvpn">
+        <properties>
+          <help>OpenVPN keys</help>
+        </properties>
+        <children>
+          <tagNode name="tls-auth">
+            <properties>
+              <help>OpenVPN TLS auth key</help>
+            </properties>
+            <children>
+              <leafNode name="key">
+                <properties>
+                  <help>OpenVPN TLS auth key data</help>
+                </properties>
+              </leafNode>
+              <leafNode name="version">
+                <properties>
+                  <help>OpenVPN TLS auth key version</help>
+                </properties>
+              </leafNode>
+            </children>
+          </tagNode>
+        </children>
+      </node>
+      <node name="x509">
+        <properties>
+          <help>X509 Settings</help>
+        </properties>
+        <children>
+          <node name="default">
+            <properties>
+              <help>X509 Default Values</help>
+            </properties>
+            <children>
+              <leafNode name="country">
+                <properties>
+                  <help>Default country</help>
+                </properties>
+                <defaultValue>GB</defaultValue>
+              </leafNode>
+              <leafNode name="state">
+                <properties>
+                  <help>Default state</help>
+                </properties>
+                <defaultValue>Some-State</defaultValue>
+              </leafNode>
+              <leafNode name="locality">
+                <properties>
+                  <help>Default locality</help>
+                </properties>
+                <defaultValue>Some-City</defaultValue>
+              </leafNode>
+              <leafNode name="organization">
+                <properties>
+                  <help>Default organization</help>
+                </properties>
+                <defaultValue>VyOS</defaultValue>
+              </leafNode>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
-- 
cgit v1.2.3