--  *****************************************************************
--  DLINKSW-SSL-MIB.mib : Secure Socket Layer MIB
--
--  Copyright (c) 2016 D-Link Corporation, all rights reserved.
--
--  *****************************************************************

-- MODIFICTION HISTORY:
-- -----------------------------------------------------------------------------
--
-- 2016/7/5, Eugene Song
-- Description:
--  [Modification]
		-- [New Object] dSslServicePolicyVersions, Support for SSL/TLS version control. 
		--				ssl3_0(0),
		--				tls1_0(1),
		--				tls1_1(2),
		--				tls1_2(3)
		-- [Modification Object] dSslServicePolicyCipherSuites, Support for additional cipher suites: 
		--				rsaAes128CbcSha(5),
		--				rsaAes256CbcSha(6),
		--				rsaAes128CbcSha256(7),
		--				rsaAes256CbcSha256(8),
		--				dheDssAes256CbcSha(9),
		--				dheRsaAes256CbcSha(10)
--	    
-- Notes: Requested by Eugene Song and for DGS1510-R1.40.
-------------------------------------------------------------------------------


DLINKSW-SSL-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        MODULE-IDENTITY,
        OBJECT-TYPE,
        Integer32,
        Unsigned32
            FROM SNMPv2-SMI
        RowStatus, TruthValue,DisplayString
            FROM SNMPv2-TC
        OBJECT-GROUP, MODULE-COMPLIANCE
            FROM SNMPv2-CONF
        InetAddressType,InetAddress
            FROM INET-ADDRESS-MIB
        dlinkIndustrialCommon
            FROM DLINK-ID-REC-MIB;


    dlinkSwSslMIB MODULE-IDENTITY
        LAST-UPDATED "201607050000Z"
        ORGANIZATION "D-Link Corp."
        CONTACT-INFO
            "        D-Link Corporation

             Postal: No. 289, Sinhu 3rd Rd., Neihu District,
                     Taipei City 114, Taiwan, R.O.C
             Tel:     +886-2-66000123
             E-mail: tsd@dlink.com.tw
            "
        DESCRIPTION
            "This MIB module defines objects for Secure Socket Layer (SSL)."
			
        REVISION "201607050000Z"
        DESCRIPTION
               "1. Support for SSL/TLS version control.
                2. Support for additional Cipher suites:
                            rsaAes128CbcSha 
                            rsaAes256CbcSha
                            rsaAes128CbcSha256           
                            rsaAes256CbcSha256          
                            dheDssAes256CbcSha           
                            dheRsaAes256CbcSha"
			 
        REVISION "201310300000Z"
        DESCRIPTION
            "This is the first version of the MIB file for 'SSL'
             functionality."
    ::= { dlinkIndustrialCommon 7}

-- -----------------------------------------------------------------------------
    dlinkSslNotifications    OBJECT IDENTIFIER ::= { dlinkSwSslMIB 0 }
    dlinkSslObjects          OBJECT IDENTIFIER ::= { dlinkSwSslMIB 1 }
    dlinkSslConformance      OBJECT IDENTIFIER ::= { dlinkSwSslMIB 2 }

-- -----------------------------------------------------------------------------
    dSslCryptoPkiImportCertTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF DSslCryptoPkiImportCertEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "A table of importing certificates and key pairs. There will at any
            time be either 0 or 1 rows in this table, and the only valid index
            for this table is 1.  It is only a table so that we may take
            advantage of the RowStatus textual convention for configuring the
            importing parameters.
            The row in this table is volatile; that is, it is lost if the SNMP
            agent is rebooted."
           ::= { dlinkSslObjects 1 }

    dSslCryptoPkiImportCertEntry OBJECT-TYPE
        SYNTAX          DSslCryptoPkiImportCertEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The row in the dSslCryptoPkiImportCertTable containing the importing
            parameters.
            Once an entry has been activated, the importing parameters cannot be
            modified.  In order to use a new value, you need delete the old entry
            and create a new one."
        INDEX    { dSslCryPkiImportCertIndex }
        ::= { dSslCryptoPkiImportCertTable 1 }

    DSslCryptoPkiImportCertEntry ::=
        SEQUENCE {
            dSslCryPkiImportCertIndex           Integer32,
            dSslCryPkiImportCertTrustPoint      DisplayString,
            dSslCryPkiImportCertSrcType         INTEGER,
            dSslCryPkiImportFilename            DisplayString,
            dSslCryPkiImportCertAddrType        InetAddressType,
            dSslCryPkiImportCertAddr            InetAddress,
            dSslCryPkiImportFileType            BITS,
            dSslCryPkiImportPwdPhrase           DisplayString,
            dSslCryPkiImportErrorStatus         DisplayString,
            dSslCryPkiImportRowStatus           RowStatus
        }

    dSslCryPkiImportCertIndex OBJECT-TYPE
        SYNTAX          Integer32 (1)
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The index which uniquely identifies this row."
        ::= { dSslCryptoPkiImportCertEntry 1 }

    dSslCryPkiImportCertTrustPoint OBJECT-TYPE
        SYNTAX          DisplayString  (SIZE (0..32))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Name of the trustpoint to which the certificates and key pairs
             will be imported."
        DEFVAL      { "" }
        ::= {  dSslCryptoPkiImportCertEntry 2 }

    dSslCryPkiImportCertSrcType OBJECT-TYPE
        SYNTAX          INTEGER {
            filesystem(1),
            tftp(2) }
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "An indication of the source from where the certificates/key pairs
             will be imported.
             filesystem(1) - The certificates/key pairs will be imported from the
                switch's file system.
             tftp(2) - The certificates/key pairs will be imported via tftp."
        DEFVAL   { filesystem }
        ::= { dSslCryptoPkiImportCertEntry 3 }

    dSslCryPkiImportFilename OBJECT-TYPE
        SYNTAX          DisplayString  (SIZE (0..64))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "If dSslCryPkiImportCertSrcType is 'filesystem', this object
            indicates the file name and path of the importing certificate
            and key pairs in switch's file system. The supported file systems
            are project dependent.
            If dSslCryPkiImportCertSrcType is 'tftp', this object indicates
            the file name and path where the switch should import via TFTP
            server. By default, the switch will appends this name with .ca,
            .prv and .crt for CA certificate, private key and certificate
            respectively."
        ::= {  dSslCryptoPkiImportCertEntry 4 }

    dSslCryPkiImportCertAddrType OBJECT-TYPE
        SYNTAX          InetAddressType
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The type of address in the corresponding dSslCryPkiImportCertAddr
            object. "
           ::= { dSslCryptoPkiImportCertEntry 5 }

    dSslCryPkiImportCertAddr OBJECT-TYPE
        SYNTAX          InetAddress
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "The address of TFTP server."
        ::= {  dSslCryptoPkiImportCertEntry 6 }

    dSslCryPkiImportPwdPhrase OBJECT-TYPE
        SYNTAX          DisplayString  (SIZE (0..64))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the encrypted password phrase that is used to undo
            encryption when the private keys are imported."
        ::= {  dSslCryptoPkiImportCertEntry 7 }

    dSslCryPkiImportFileType OBJECT-TYPE
        SYNTAX BITS {
            ca(0),
            local(1)}
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "An object indicates what kind of certificate will be imported.
            Setting a type's bit to 1 means the type of certificate will
            be imported.
            ca (0)    - Import CA certificate.
            local (1) - Import local certificate and key pairs."
--        DEFVAL { {} }   no bits set.
        ::= { dSslCryptoPkiImportCertEntry 8 }

    dSslCryPkiImportErrorStatus OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (0..255))
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "A textual description of the current status of the importing.
            The status information includes: idle, in progress, success, aborted,
            idle, corruptFile, no server...."
           ::= { dSslCryptoPkiImportCertEntry 9 }

    dSslCryPkiImportRowStatus OBJECT-TYPE
        SYNTAX     RowStatus
        MAX-ACCESS read-create
        STATUS     current
        DESCRIPTION
            "The status of this import entry.  This object may not be set to
            'active' if the following columnar objects exist in this row:
            dSslCryPkiImportCertTrustPoint, dSslCryPkiImportFilename, and
            dSslCryPkiImportFileType.
            Besides, if dSslCryPkiImportCertSrcType is 'tftp' the columnar
            objects dSslCryPkiImportCertAddrType and dSslCryPkiImportCertAddr
            must be configured."
        ::= { dSslCryptoPkiImportCertEntry 10 }

-- -----------------------------------------------------------------------------
    dSslConfiguration  OBJECT IDENTIFIER ::= { dlinkSslObjects 2 }

    dSslCryptoPkiTrustpointTable  OBJECT-TYPE
        SYNTAX          SEQUENCE OF DSslCryptoPkiTrustpointEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "A table defines and configures trustpoint(s) in the switch."
        ::= { dSslConfiguration 1 }

    dSslCryptoPkiTrustpointEntry OBJECT-TYPE
        SYNTAX          DSslCryptoPkiTrustpointEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The row in the dSslCryptoPkiTrustpointTable containing the
            trustpoint parameters.
            An entry is created/removed when a name for a specific
            trustpoint is generated or deleted via CLI or by issuing appropriate
            sets to this table using snmp."
        INDEX  { dSslCryptoPkiTrustpointName }
        ::= { dSslCryptoPkiTrustpointTable 1 }

    DSslCryptoPkiTrustpointEntry ::=
        SEQUENCE {
            dSslCryptoPkiTrustpointName         DisplayString,
            dSslCryptoPkiTrustpointPrimary      TruthValue,
            dSslCryptoPkiTrustpointRowStatus    RowStatus }

    dSslCryptoPkiTrustpointName OBJECT-TYPE
        SYNTAX          DisplayString  (SIZE (1..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "Name of the trustpoint for which this entry pertains to."
        ::= { dSslCryptoPkiTrustpointEntry 1 }

    dSslCryptoPkiTrustpointPrimary OBJECT-TYPE
        SYNTAX          TruthValue
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object specifies a given trustpoint as primary.
            This trustpoint can be used as default trustpoint when
            the application doesn't explicitly specify which certificate
            authority (CA) trustpoint should be used.

            Only one trustpoint can be specified as primary. That is the
            last trustpoint you specify as primary will overwrite the
            previous one."
        DEFVAL    { false }
        ::= { dSslCryptoPkiTrustpointEntry 2 }

    dSslCryptoPkiTrustpointRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Status of this trustpoint."
        ::= { dSslCryptoPkiTrustpointEntry 3 }

-- -----------------------------------------------------------------------------
    dSslCryptoPkiCertTable  OBJECT-TYPE
        SYNTAX          SEQUENCE OF DSslCryptoPkiCertEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "A table manages CA certificate(s) or the switch
            certificate(s) and keys."
        ::= { dSslConfiguration 2 }

    dSslCryptoPkiCertEntry OBJECT-TYPE
        SYNTAX          DSslCryptoPkiCertEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The row in the dSslCryptoPkiCertTable containing the
            parameters of a certificate.
            An entry in this table appears automatically whenever
            the certificate or keypairs is imported successfully.
            An entry is removed when a certificate name is deleted
            via CLI or by issuing appropriate sets to this table using snmp."
        INDEX  { dSslCryptoPkiTrustpointName,dSslCryptoPkiCertName }
        ::= { dSslCryptoPkiCertTable 1 }

    DSslCryptoPkiCertEntry ::=
        SEQUENCE {
            dSslCryptoPkiCertName           DisplayString,
            dSslCryptoPkiCertCAType         INTEGER,
            dSslCryptoPkiCertRemoveCtrl     INTEGER }

    dSslCryptoPkiCertName OBJECT-TYPE
        SYNTAX          DisplayString  (SIZE (0..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "Indicates the name of the certificate for which this entry
            pertains to."
        ::= { dSslCryptoPkiCertEntry 1 }

    dSslCryptoPkiCertCAType OBJECT-TYPE
        SYNTAX  INTEGER {
            ca(1),
            localCertificate(2),
            localPrivateKey(3) }
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "This object specifies the type of the certificate.
            ca(1) -  CA certificate.
            localCertificate(2) - local certificate.
            localPrivateKey(3) -  local private key."
        ::= { dSslCryptoPkiCertEntry 2 }

    dSslCryptoPkiCertRemoveCtrl OBJECT-TYPE
        SYNTAX          INTEGER {
            delete(1),
            noOp(2) }
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
            "This object is used to delete this entry.
            No action is taken if this object is set to 'noOp'.
            When read, the value 'noOp' is returned."
        ::= { dSslCryptoPkiCertEntry 3 }

-- -----------------------------------------------------------------------------
   dSslServicePolicyTable  OBJECT-TYPE
        SYNTAX          SEQUENCE OF DSslServicePolicyEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "A table controlls the parameters of SSL service policies."
        ::= { dSslConfiguration 3 }

    dSslServicePolicyEntry OBJECT-TYPE
        SYNTAX          DSslServicePolicyEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "The row in the dSslServicePolicyTable containing the
            parameters of a SSL service policy.

            An entry is created/removed when a name for a specific
            policy is generated or deleted via CLI or by issuing appropriate
            sets to this table using snmp."
        INDEX  { dSslServicePolicyName }
        ::= { dSslServicePolicyTable 1 }

    DSslServicePolicyEntry ::=
        SEQUENCE {
            dSslServicePolicyName               DisplayString,
            dSslServicePolicyVersions           BITS,
            dSslServicePolicyCipherSuites       BITS,
            dSslServicePolicyTrustpoint         DisplayString,
            dSslServicePolicyCacheTimeout       Unsigned32,
            dSslServicePolicyRowStatus          RowStatus }

    dSslServicePolicyName OBJECT-TYPE
        SYNTAX          DisplayString  (SIZE (1..32))
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
            "Indicates the name of the policy for which this entry pertains to."
        ::= { dSslServicePolicyEntry 1 }	
		
    dSslServicePolicyCipherSuites OBJECT-TYPE
        SYNTAX          BITS {
            dheDss3DesEdeCbcSha(0),
            rsa3desEdeCbcSha(1),
            rsaRc4128Sha(2),
            rsaRc4128Md5(3),
            rsaExportRc440Md5(4),
            rsaAes128CbcSha(5),
            rsaAes256CbcSha(6),
            rsaAes128CbcSha256(7),
            rsaAes256CbcSha256(8),
            dheDssAes256CbcSha(9),
            dheRsaAes256CbcSha(10)
            }
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates a ciphersuite should be used by the secure
            service when negotiating a connection with a remote peer. Setting
            a ciphersuite's bit to 1 enables the ciphersuite. Setting this bit
            to 0 disables it.

            dheDss3DesEdeCbcSha(0): Uses ephemeral Diffie-Hellman key exchange with 3DES-EDE-CBC
                encryption and SHA for message digest.

            rsa3desEdeCbcSha(1): Uses RSA key exchange with 3DES-EDE-CBC for
                message encryption and SHA for message digest.

            rsaRc4128Sha(2): Uses RSA key exchange with RC4 128-bit
                encryption for message encryption and SHA for message digest.

            rsaRc4128Md5(3): Uses RSA key exchange with RC4 128-bit
                encryption for message encryption and MD5 for message digest.

            rsaExportRc440Md5(4): Uses RSA EXPORT key exchange with RC4 40
                bits for message encryption and MD5 for message digest.
				
            rsaAes128CbcSha(5): Uses RSA key exchange with AES 128
                bits for message encryption and SHA for message digest.	

            rsaAes256CbcSha(6): Uses RSA exchange with AES 256
                bits for message encryption and SHA for message digest.

            rsaAes128CbcSha256(7): Uses RSA key exchange with AES 128
                bits for message encryption and SHA256 for message digest.
				
            rsaAes256CbcSha256(8): Uses RSA key exchange with AES 256
                bits for message encryption and SHA256 for message digest.

            dheDssAes256CbcSha(9): Uses ephemeral Diffie-Hellman key exchange with AES 256
                bits for message encryption and SHA for message digest.

            dheRsaAes256CbcSha(10): Uses ephemeral Diffie-Hellman key exchange with AES 256
                bits for message encryption and SHA for message digest."
--        DEFVAL  { { dheDss3DesEdeCbcSha, rsa3desEdeCbcSha, rsaRc4128Sha,
--                    rsaRc4128Md5, rsaExportRc440Md5 } }
        ::= { dSslServicePolicyEntry 2}


    dSslServicePolicyTrustpoint OBJECT-TYPE
        SYNTAX          DisplayString  (SIZE (0..32))
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "Specifies the name of the trustpoint that should be used in SSL
            handshake.

            When secure-trustpoint is not specified, the primary trustpoint
            (the value of dSslCryptoPkiTrustpointPrimary is 'true') will be
            used.

            If no trustpoint is specified (empty string), the built-in
            certificate/key pairs will be used."
        ::= { dSslServicePolicyEntry 3 }

    dSslServicePolicyCacheTimeout OBJECT-TYPE
        SYNTAX          Unsigned32 (60..86400)
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
            "This object indicates the Cache Timeout value in the policy for
            SSL module to refresh the session resume data kept in database."
        DEFVAL    { 600 }
        ::= { dSslServicePolicyEntry 4}

    dSslServicePolicyRowStatus OBJECT-TYPE
        SYNTAX          RowStatus
        MAX-ACCESS      read-create
        STATUS          current
        DESCRIPTION
               "Status of this policy."
        ::= { dSslServicePolicyEntry 5 }
		
	dSslServicePolicyVersions OBJECT-TYPE
		SYNTAX      BITS {
						ssl3_0(0),
						tls1_0(1),
						tls1_1(2),
						tls1_2(3)
					}
		MAX-ACCESS  read-create
		STATUS      current
		DESCRIPTION
			"This object indicates the SSL or TLS versions are enabled or not in the system.
			 If the bit is 1 , indicate that version is enabled , else is disabled ."
		::= { dSslServicePolicyEntry 6 }			

-- -----------------------------------------------------------------------------
-- Conformance
-- -----------------------------------------------------------------------------
    dlinkSslCompliances OBJECT IDENTIFIER ::= { dlinkSslConformance 1 }

    dlinkSslGroups OBJECT IDENTIFIER ::= { dlinkSslConformance 2 }

    dlinkSslCompliance MODULE-COMPLIANCE
        STATUS   current
        DESCRIPTION
            "The compliance statement for entities which implement the
            DLINKSW-SSL-MIB."
        MODULE MANDATORY-GROUPS {
            dSslImportCertGroup,
            dSslTrustPointConfigGroup,
            dSslServicePolicyGroup }
        ::= { dlinkSslCompliances 1 }

    dSslImportCertGroup OBJECT-GROUP
        OBJECTS {
            dSslCryPkiImportCertTrustPoint,
            dSslCryPkiImportCertSrcType,
            dSslCryPkiImportFilename,
            dSslCryPkiImportCertAddrType,
            dSslCryPkiImportCertAddr,
            dSslCryPkiImportPwdPhrase,
            dSslCryPkiImportFileType,
            dSslCryPkiImportErrorStatus,
            dSslCryPkiImportRowStatus }
        STATUS current
        DESCRIPTION
            "A collection of objects for manage importing certificates and key pairs."
        ::= { dlinkSslGroups 1 }

    dSslTrustPointConfigGroup OBJECT-GROUP
        OBJECTS {
            dSslCryptoPkiTrustpointPrimary,
            dSslCryptoPkiTrustpointRowStatus,
            dSslCryptoPkiCertCAType,
            dSslCryptoPkiCertRemoveCtrl }
        STATUS current
        DESCRIPTION
            "A collection of objects for manage trustpoints and certificates and key pairs."
        ::= { dlinkSslGroups 2 }

    dSslServicePolicyGroup OBJECT-GROUP
        OBJECTS {
            dSslServicePolicyCipherSuites,
            dSslServicePolicyTrustpoint,
            dSslServicePolicyCacheTimeout,
            dSslServicePolicyRowStatus }
        STATUS current
            DESCRIPTION
                "A collection of objects for manage trustpoints and certificates and key pairs."
            ::= { dlinkSslGroups 3 }
END