ENTERASYS-PKI-MIB DEFINITIONS ::= BEGIN

--  This module provides authoritative definitions for Enterasys 
--  Networks' Resource usage monitoring.

--
--  This module will be extended, as needed.

--  Enterasys Networks reserves the right to make changes in this
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Enterasys Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Enterasys Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Enterasys
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Enterasys Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in 
--  connection with the management of Enterasys Networks products.

--  Copyright March, 2013 Enterasys Networks, Inc.


IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE
        FROM SNMPv2-SMI
    DateAndTime
        FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF
    etsysModules
        FROM ENTERASYS-MIB-NAMES
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB;



etsysPkiMIB  MODULE-IDENTITY
    LAST-UPDATED "201303271108Z"  -- Wed Mar 27 11:08 UTC 2013
    ORGANIZATION "Enterasys Networks, Inc"
    CONTACT-INFO
        "Postal:  Enterasys Networks
                  9 Northeastern Blvd.
                  Salem, NH, 03079
                  USA
         Phone:   +1 603 952 5000
         E-mail:  support@enterasys.com
         WWW:     http://www.enterasys.com"
   
    DESCRIPTION
        "This MIB module defines a portion of the SNMP enterprise
         MIBs under Enterasys Networks' enterprise OID pertaining to
         PKI notifications.

         This MIB was designed to be used for monitoring PKI events
         on the network management system by various remote monitoring
         mechanisms."

    REVISION    "201303271108Z"  -- Wed Mar 27 11:08 UTC 2013
    DESCRIPTION "The initial version of this MIB module."
    ::= { etsysModules 101 } 

-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------


-- -------------------------------------------------------------
-- branches in the ENTERASYS-PKI-NOTIFICATION MIB 
-- -------------------------------------------------------------

etsysPkiObjects        
        OBJECT IDENTIFIER ::= { etsysPkiMIB 1 }

etsysPkiNotificationBranch
        OBJECT IDENTIFIER ::= { etsysPkiObjects 0 }

etsysPkiCertificateBranch 
        OBJECT IDENTIFIER ::= { etsysPkiObjects 1 }

-- -------------------------------------------------------------
-- Objects in the etsysPkiCertificateBranch group 
-- -------------------------------------------------------------

etsysPkiCertListName OBJECT-TYPE
    SYNTAX     SnmpAdminString (SIZE(0..32))
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION 
        "The certificate list name to which the certificate belongs.
         If the list name is not known, then an empty string will be
         returned."
    ::= { etsysPkiCertificateBranch 1 }

etsysPkiCertFingerprint OBJECT-TYPE
    SYNTAX     OCTET STRING (SIZE(20))
    MAX-ACCESS accessible-for-notify
    STATUS     current
    DESCRIPTION 
        "The SHA1 Hash of the certificate."
    ::= { etsysPkiCertificateBranch 2 }

etsysPkiCertIssuerName OBJECT-TYPE
    SYNTAX        SnmpAdminString (SIZE(0..63))
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   
        "The Issuer field of the certificate, which contains a
         distinguished name (DN).  If the length of the actual
         DN exceeds the maximum length of this object, then this
         object will contain a truncated version of the DN."
    ::= { etsysPkiCertificateBranch 3 }

etsysPkiCertSubjectName OBJECT-TYPE
    SYNTAX        SnmpAdminString (SIZE(0..63))
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   
        "The Subject field of the certificate, which contains a
         distinguished name (DN).  If the length of the actual
         DN exceeds the maximum length of this object, then this
         object will contain a truncated version of the DN."
    ::= { etsysPkiCertificateBranch 4 }

etsysPkiCertStartDate OBJECT-TYPE
    SYNTAX        DateAndTime
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   
        "The time when the certificate validity period begins, as defined
         by the notBefore value in certificate's validity field."
    ::= { etsysPkiCertificateBranch 5 }

etsysPkiCertEndDate OBJECT-TYPE
    SYNTAX        DateAndTime
    MAX-ACCESS    accessible-for-notify
    STATUS        current
    DESCRIPTION   
        "The time when the certificate validity period ends, as defined
         by the notAfter value in certificate's validity field."
    ::= { etsysPkiCertificateBranch 6 }

-- -------------------------------------------------------------
-- Objects in the etsysPkiNotificationBranch group
-- -------------------------------------------------------------

etsysPkiCertNearingExpirationNotification NOTIFICATION-TYPE
    OBJECTS    { 
                 etsysPkiCertListName,
                 etsysPkiCertFingerprint,
                 etsysPkiCertIssuerName,
                 etsysPkiCertSubjectName,
                 etsysPkiCertStartDate,
                 etsysPkiCertEndDate
                }
    STATUS      current
    DESCRIPTION
        "Certificate nearing expiration.

         The managed entity will send this notification when an
         installed PKI Certificate is nearing expiration.  The
         entity will resend this notification periodically until
         the certificate is removed from configuration.

         Note that an expired certificate will be automatically
         rejected by the PKI authentication process.  If an
         expired certificate is not replaced by a newer 
         certificate, then any authentication attempt which
         uses the expired certificate will fail."

    ::= { etsysPkiNotificationBranch 1 }

-- ------------------------------------------------------------- --
-- Conformance Information
-- ------------------------------------------------------------- --

etsysPkiConformance 
    OBJECT IDENTIFIER ::= { etsysPkiMIB 2 }

etsysPkiGroups      
    OBJECT IDENTIFIER ::= { etsysPkiConformance  1 }

etsysPkiCompliances 
    OBJECT IDENTIFIER ::= { etsysPkiConformance  2 }

-- ------------------------------------------------------------- --
-- Units of conformance
-- ------------------------------------------------------------- --
etsysPkiCertificateGroup OBJECT-GROUP
    OBJECTS {
              etsysPkiCertListName,
              etsysPkiCertFingerprint,
              etsysPkiCertIssuerName,
              etsysPkiCertSubjectName,
              etsysPkiCertStartDate,
              etsysPkiCertEndDate
            }
    STATUS current
    DESCRIPTION
        "A collection of objects providing basic instrumentation of
         PKI Certificate event notifications."
    ::= { etsysPkiGroups 1 }

etsysPkiNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS { 
                    etsysPkiCertNearingExpirationNotification 
                  }
    STATUS current
    DESCRIPTION
        "The PKI notifications."
    ::= { etsysPkiGroups 2 }

-- ------------------------------------------------------------- --
-- Compliance statements
-- ------------------------------------------------------------- --

etsysPkiCompliance MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for devices that support Enterasys PKI."
    MODULE 
        MANDATORY-GROUPS { 
                          etsysPkiCertificateGroup,
                          etsysPkiNotificationGroup 
                         } 
    ::= { etsysPkiCompliances 1 }

END
