Skip to content
/ open-sztp Public

An open-source implementation of a RFC 8572 sZTP server for touchlessly bootstrapping network devices.

License

Apache-2.0 license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

google/open-sztp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
handlers
handlers
 
 
proto
proto
 
 
testdata
testdata
 
 
util
util
 
 
BUILD.bazel
BUILD.bazel
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
MODULE.bazel
MODULE.bazel
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
server.go
server.go
 
 

Repository files navigation

Open sZTP

Open sZTP is an open-source project providing a functional sZTP (Secure Zero Touch Provisioning) bootstrap server that complies with RFC 8572.

sZTP is used to securely and automatically bootstrap and configure network devices at the conclusion of DHCP. This repository provides a functional sZTP server with drop-in dependencies to allow for easy testing and development.

Running the server

Open sZTP uses Bazel as the build system to manage dependencies. Visit Bazel's website to install Bazel for your operating system.

Once Bazel is installed, you can start up the server with:

bazel run main -- --ip=::1 --port=12345

Customizing the behavior of the server

The Open sZTP server loads its dependencies from the testdata/ directory. Sample certificates, private keys, config scripts, and ownership vouchers are provided by default, but to use your own values instead, simply replace the contents of the files with your own.

Sample values related to OS images are located in main.go:

...
// ============= Replace your values here =============
OSName:       "VendorOS",
OSVersion:    "v1.0.0",
DownloadURIs: []string{"http://www.example.com/your/os/image/here.img"},
ImageVerifications: []bootstrapdata.ImageVerification{
  bootstrapdata.ImageVerification{
    HashAlgorithm: "ietf-sztp-conveyed-info:sha-256",
    HashValue:     "01:23:45:67:89:ab:cd:ef",
  },
},
// ============= Replace your values here =============
...

Sample requests and responses

The following sample requests and responses assume the server has been started with:

bazel run main -- --ip=::1 --port=12345

All of the below curl commands were executed from the root directory of the repository (i.e. the one that contains main.go)

Note: the sample trust anchor certificate used by the server and provided in testdata/ is self-signed, so all the example curl commands below use the --cacert testdata/trustAnchorCertificate.pem flag to explicitly trust the sample cert used by the server. If you wish to test with without explicitly trusting this cert or without disabling SSL verification (i.e. the --insecure flag in curl), then you can replace the sample trust anchor certificate and private key with one from a trusted certificate authority of you own, but using the sample certificate is fine for basic testing and development.

Get Bootstrapping Data: Untrusted Phase

The untrusted phase is the first request sent from the switch after completing DHCP and redirecting to the sZTP server. The goal is for the server to provide the switch with its Ownership Voucher for the switch to validate for correctness.

Request from switch to server

Full curl request sent to server:

curl --cacert testdata/trustAnchorCertificate.pem -X POST -H "Content-Type: application/json" -H "X-MAC: 01:23:45:AB:CD:EF" -H "X-Serial: 123456"  -d '{"ietf-sztp-bootstrap-server:input" : {"signed-data-preferred" : [null]}}' https://[::1]:12345/restconf/operations/ietf-sztp-bootstrap-server:get-bootstrapping-data

Expanded request body for reference:

{
  "ietf-sztp-bootstrap-server:input" : {
    "signed-data-preferred" : [null]
  }
}

Response from server to switch:

Full response body from the server:

{
  "ietf-sztp-bootstrap-server:output": {
    "owner-certificate": "MIIJKwYJKoZIhvcNAQcCoIIJHDCCCRgCAQExDTALBglghkgBZQMEAgEwDwYJKoZIhvcNAQcBoAIEAKCCBc4wggXKMIIDsqADAgECAgIH6DANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0EwHhcNMjQwOTA1MTgwMjAyWhcNMzQwOTA1MTgwMjAyWjCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDHhpdevrYBQTTt+cDFY5H1seu3oStFzehl3EGYsfrp3MX6t+8I139eN/lKB4x8/KYibHt5wOtkIL9rLCBEsPHz3XS2jLXaDTCts83Db6xmXNadFGM5XHDSRJ913hw6vKBPWyw+oCsMIukottOMoRnLX+1ltH2NJ2smOmeK69KFTacDtO8ItIgAN7BBqH6iN62g221E17WCqEMA18+B9it7nbGY4K4apZ8qq51soeS+X2zHxxIYn/cwcCxtyWS4B7Q8eTuhi1eJ8BOtNU6lAjCOT+5q1A16qgDA33y8zJSCsKaitO7pCqA2awRDniFwJeWq5GZxyK8kJCAEBJ/Pc+ZuFywochZY53XJO9Vb4uvu/o5facA1/gdX8RNRcu9iM5NtWZubYBUNqdSLVBHzxCT08QOXIwoSoyhvrZGXmNDgSikBwq7xh3yH8SwNGXFAb5lVAQxtZjBlc6/a8ZARwGUipkznwXUsLL1dijstHegZxCGi8XdBZyvsM6gdrGWAxeDVUa7L6vqsgzXvT2Vx4/+DNIT4muM6MR+6OHtKV4BquEjOEpWE1OWL+FjYi8XHktIu+wf/8IvTRDUw7wBCVjdo53/rgBFvYRYHbnugvd2qj9JEmSXCqh3gY5cKinJTfa+HbzJNRufyoVqc56pToeS+v5vxBsLyY8IXhtOuT7Tc/QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUNFH2RW6ydGumfN8Ffr+gN6nXpUkwDQYJKoZIhvcNAQELBQADggIBAEThtvz+QHKQoNBP5vKgx8ZdDcBTWAqfcylYgjytiB9wxoxQBkH1D8rk/I/GCsmgygoj9OcZzHdrMeGGCp+1I3hmzIlI/XsCYWVA44V0R6l/wGeWwvD4DHIqOvCFLaknwfa5o1wgvPGHXo1uOKJfYxjT02HDPdOYMNAsy4Fm7MYsZraX5g2o24J/QLUNAuZQm2BfkdrvRcHeQBk4E6X899Dzw+FPXf2ZGHFty7ybV1iG3jYbeC7Yh6yFlVG0Sq3mybBIxHjgsIBeaNQ+z+ILov2ii2gW1VvRkQvot9IXXVad/0pL0RGshHeAD+UnNgLuhso6uOVpXQsczkSEKfVJymId3t9FoBVTo+mJIhsLWAybgvPNjUJ69deGRwcTG+JKyfkYrYNnOsk3rUhiGbeLgftp+tXwrnGa3LSiHjjcnfDK48g2O+KuaIYnxpoGvTYxNhsjj5zcAMA9jNvKfUqwTkrkuhL65WXH65+sk7KKQcuWbY54S9E9VaBFdYdonCz8B+4dhxQPhSZ7uk0e2fHyX5DAQzQweo6ePaFfyYIOvPTWj7SwYIL5/bJTl8TFVTywC1732lWfZwtp0HMxixJgxoC2XT684TqgGtw6VqfaYTH8ply6SRWE4QPb4D7KcVBhECSaMFnw+M9skInQ1sPYpUbeVW17zsJmOlq4KVgyTkQYMYIDHzCCAxsCAQEwgYwwgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEhMB8GA1UEChMYR29vZ2xlIEdsb2JhbCBOZXR3b3JraW5nMS4wLAYDVQQDEyVHb29nbGUgQm9vdHN0cmFwcGluZyBTZXJ2aWNlcyBSb290IENBAgIH6DALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yNDA5MDYyMjA5MDRaMC8GCSqGSIb3DQEJBDEiBCDjsMRCmPwcFJr79MiZb7kkJ65B5GSbk0yklZkbeFK4VTALBgkqhkiG9w0BAQsEggIAZYgy2slBZ33azvax8/b4mbtp/UTI4KuWj/ByLGeuxEIHIs84GISrtNOdeVkbpn0ZNLd4k7oSIUquWRywfGI2W5zOeiy52KM8geOeOSoD6eoBnzQReJ13R1A4RM4o7RvqbARluRtHPGlSXWJTgUJ4s4+0QnRZiGX1cbTfkOVqsIWjjPLO6pP5yBVcpVqmryGIcoi2MSy9mMeWZs+PG/OcPmUfvDMeyRpjukjk9U05CcPhMGavgdjqYNyEDwFQU9SMQPa2EFniURkaiaPQEtdHkSeQ4W6aaAZyheYgdRmnCSv3Qig3Usw3lEEXOY2SiOBbDI7RGrY0ikNbOTZLND7iD3tsRnz8SntiyBwhvL5a16ZL1QuvWSZpXZRmI8xl3AJRSgb/PA5g/pz9AMPmGArKgR3SloIYKDyXisXI4vlXi/iaWYci7hVJV5k6nIn2mxlp7kT30fDRicCQkF6eUt/y3OkeFSjDzChmfX69snVXyv0WSl6TJ/7bBUelb1Ev0uaLTkV6rH/0fazESc/G3aXHR7zQ5MfBbd0fZEF65Kisw+aoYYsoBGMX7kI4Y9WM0SX04jeSfV1Hm66moRWdS12SW2PBHXqkmQ9nA3UpMMoDsTatMGHzemdZTDBeTF+PK1owduSBqClz3l1YIem+jBFZ2asEEdsrwsa0jS/NVO95Uds=",
    "ownership-voucher": "MIIR3AYJKoZIhvcNAQcCoIIRzTCCEckCAQExDTALBglghkgBZQMEAgEwggi8BgkqhkiG9w0BBwGgggitBIIIqXsiaWV0Zi12b3VjaGVyOnZvdWNoZXIiOnsiWE1MTmFtZSI6eyJTcGFjZSI6IiIsIkxvY2FsIjoiIn0sImNyZWF0ZWQtb24iOiIyMDI0LTA5LTA1VDE4OjAyOjAzWiIsImV4cGlyZXMtb24iOiIyMDI1LTA5LTA1VDE4OjAyOjAzWiIsInNlcmlhbC1udW1iZXIiOiIxMjM0NSIsImFzc2VydGlvbiI6IiIsInBpbm5lZC1kb21haW4tY2VydCI6Ik1JSUZ5akNDQTdLZ0F3SUJBZ0lDQitnd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1lVeEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlRXOTFiblJoYVc0Z1ZtbGxkekVoTUI4R0ExVUVDaE1ZUjI5dloyeGxJRWRzYjJKaGJDQk9aWFIzYjNKcmFXNW5NUzR3TEFZRFZRUURFeVZIYjI5bmJHVWdRbTl2ZEhOMGNtRndjR2x1WnlCVFpYSjJhV05sY3lCU2IyOTBJRU5CTUI0WERUSTBNRGt3TlRFNE1ESXdNbG9YRFRNME1Ea3dOVEU0TURJd01sb3dnWVV4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVXTUJRR0ExVUVCeE1OVFc5MWJuUmhhVzRnVm1sbGR6RWhNQjhHQTFVRUNoTVlSMjl2WjJ4bElFZHNiMkpoYkNCT1pYUjNiM0pyYVc1bk1TNHdMQVlEVlFRREV5VkhiMjluYkdVZ1FtOXZkSE4wY21Gd2NHbHVaeUJUWlhKMmFXTmxjeUJTYjI5MElFTkJNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXg0YVhYcjYyQVVFMDdmbkF4V09SOWJIcnQ2RXJSYzNvWmR4Qm1MSDY2ZHpGK3JmdkNOZC9YamY1U2dlTWZQeW1JbXg3ZWNEclpDQy9heXdnUkxEeDg5MTB0b3kxMmcwd3JiUE53MitzWmx6V25SUmpPVnh3MGtTZmRkNGNPcnlnVDFzc1BxQXJEQ0xwS0xiVGpLRVp5MS90WmJSOWpTZHJKanBuaXV2U2hVMm5BN1R2Q0xTSUFEZXdRYWgrb2pldG9OdHRSTmUxZ3FoREFOZlBnZllyZTUyeG1PQ3VHcVdmS3F1ZGJLSGt2bDlzeDhjU0dKLzNNSEFzYmNsa3VBZTBQSGs3b1l0WGlmQVRyVFZPcFFJd2prL3VhdFFOZXFvQXdOOTh2TXlVZ3JDbW9yVHU2UXFnTm1zRVE1NGhjQ1hscXVSbWNjaXZKQ1FnQkFTZnozUG1iaGNzS0hJV1dPZDF5VHZWVytMcjd2Nk9YMm5BTmY0SFYvRVRVWEx2WWpPVGJWbWJtMkFWRGFuVWkxUVI4OFFrOVBFRGx5TUtFcU1vYjYyUmw1alE0RW9wQWNLdThZZDhoL0VzRFJseFFHK1pWUUVNYldZd1pYT3YydkdRRWNCbElxWk01OEYxTEN5OVhZbzdMUjNvR2NRaG92RjNRV2NyN0RPb0hheGxnTVhnMVZHdXkrcjZySU0xNzA5bGNlUC9nelNFK0pyak9qRWZ1amg3U2xlQWFyaEl6aEtWaE5UbGkvaFkySXZGeDVMU0x2c0gvL0NMMDBRMU1POEFRbFkzYU9kLzY0QVJiMkVXQjI1N29MM2Rxby9TUkprbHdxb2Q0R09YQ29weVUzMnZoMjh5VFVibjhxRmFuT2VxVTZIa3ZyK2I4UWJDOG1QQ0Y0YlRyayswM1AwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0lFTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkRSUjlrVnVzblJycG56ZkJYNi9vRGVwMTZWSk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQkU0YmI4L2tCeWtLRFFUK2J5b01mR1hRM0FVMWdLbjNNcFdJSThyWWdmY01hTVVBWkI5US9LNVB5UHhnckpvTW9LSS9UbkdjeDNhekhoaGdxZnRTTjRac3lKU1AxN0FtRmxRT09GZEVlcGY4Qm5sc0x3K0F4eUtqcndoUzJwSjhIMnVhTmNJTHp4aDE2TmJqaWlYMk1ZMDlOaHd6M1RtRERRTE11Qlp1ekdMR2EybCtZTnFOdUNmMEMxRFFMbVVKdGdYNUhhNzBYQjNrQVpPQk9sL1BmUTg4UGhUMTM5bVJoeGJjdThtMWRZaHQ0MkczZ3UySWVzaFpWUnRFcXQ1c213U01SNDRMQ0FYbWpVUHMvaUM2TDlvb3RvRnRWYjBaRUw2TGZTRjExV25mOUtTOUVScklSM2dBL2xKellDN29iS09yamxhVjBMSE01RWhDbjFTY3BpSGQ3ZlJhQVZVNlBwaVNJYkMxZ01tNEx6elkxQ2V2WFhoa2NIRXh2aVNzbjVHSzJEWnpySk42MUlZaG0zaTRIN2FmclY4SzV4bXR5MG9oNDQzSjN3eXVQSU5qdmlybWlHSjhhYUJyMDJNVFliSTQrYzNBREFQWXpieW4xS3NFNUs1TG9TK3VWbHgrdWZySk95aWtITGxtMk9lRXZSUFZXZ1JYV0hhSndzL0FmdUhZY1VENFVtZTdwTkh0bng4bCtRd0VNME1IcU9uajJoWDhtQ0RyejAxbyswc0dDQytmMnlVNWZFeFZVOHNBdGU5OXBWbjJjTGFkQnpNWXNTWU1hQXRsMCt2T0U2b0JyY09sYW4ybUV4L0taY3Vra1ZoT0VEMitBK3luRlFZUkFrbWpCWjhQalBiSkNKME5iRDJLVkczbFZ0ZTg3Q1pqcGF1Q2xZTWs1RUdBPT0iLCJkb21haW4tY2VydC1yZXZvY2F0aW9uLWNoZWNrcyI6ZmFsc2V9faCCBc4wggXKMIIDsqADAgECAgIH6DANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0EwHhcNMjQwOTA1MTgwMjAzWhcNMzQwOTA1MTgwMjAzWjCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDnkKJ1VVRoGazpheQ14rpwEuc+9r/Ph1XYBD9h4OHZwgCfPEKwm3fe/8FE/bRFlMsNXeg+FRjrgRMh7UlKOcJ+uNd2hfoRiuROsGAFAvGPI2Ma0DPYOCzo+a0eF3qaRBa+l2MZZ1TR+IlfuRn8t4NNhjxUCu88g77PUTxSw3dt+gEFgMSArOrtHfStYZVtY1uuIUoes+bgShrk4ktYFvq2SowbB5PuEWPO6WYBbvmFvOWP/GjWhrx/T3PWlGBhoIGpcf3i1YotH7zaruJFd/TvqfNRoekfribA4FteI6UxS41MfECyxwoRtrCUI5DS0kJA/377KEjPJ+0HzEAjIDOXV0COGPV9XIjoNT+uyKk6cCy/lgWv6kYyFrfzvlkQgZUDYRFBk2nZL80wTuTxjBQn1DaE9nHHQ4xvm37bNBHf4fyBSvD3xAnljkwwzXugFMbNgvGg6icoG4SI2viWYbqFyEByhyM/onwo0lSd0TOku9+8daCSxetl8E5Qm+XW0VHEHYEeYVHD08lzo2EQKW1RwgdBbDp5Ufpv40NQ9xUU7MSILXlTZew16x/b8ReXftHQfXksug1JAhjnx/DzGXFNwDqQvlQNi+wE22IWsLqqBerSMfyYALxLuKjs2F7Wyjv6KGdxIQmsn0HOINU345cz1mWnILP0NPimLwHAU8Wj/QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU5AGD5Tu46QsWyXnoO2TrqQyoBJowDQYJKoZIhvcNAQELBQADggIBAD/l4FpaDGavP8vhcA/zOe1u9h6PY2TQV5amXpzRDnC9Loyu1jeyKp5fKLTx6GxP5JpX3ylpMEAtMs6Erg9yd1GQ6aHgZw2oTOtukcGD9iHNv+Q3sz0NaIMH5PpS20xC5Q05XJWOEsamI7z1MTvnwJsEUsH4LYTcuIQxcVzXi/L66ivMdccBzfm7mEM7+VaRzw/kBQdxW0agVM32mBWyRgbQAITiCIi/wMST9bL63hRhJxxmrVI7fTfLDXKlQOGmt+yrbb+t4Rik6w9CGgOevJUi/QDuHO292ZA7LyO5NQq2JgyxfWR8O28IXdlfiyuMM2PKoQIz2yD+9z9qdRadG09Qk/e6+aroooXJRwas6I+JdBPpcU0osZSbdvDo2T328BswvBUynxqMld7ls3pjbsIn0O1U7CesB9RvVIPcNh/ClbklS5c3aCVOGOe0MCggsZcw4gRlvVo4HUSzdbGzZoCnEJHBouzSiIRojNt168WmauzPfd/ElsQDuwFKsFDh9NVu3++BFuOS+TXacxHrBRBhDdKV+tNTsaxzkgmIbaNwT+EqqRiGZBNqyOIThtlP5+YO9zMlS27CpYfF7Qv5JRe5JDqq9wroBJXsueEaJ3M+rMglEqXdyaNOtw/HCpsI6S7qzq5iw8uwRhu1sg5hEgy/Y2TFDjJ+0eJS+upGFX40MYIDITCCAx0CAQEwgYwwgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEhMB8GA1UEChMYR29vZ2xlIEdsb2JhbCBOZXR3b3JraW5nMS4wLAYDVQQDEyVHb29nbGUgQm9vdHN0cmFwcGluZyBTZXJ2aWNlcyBSb290IENBAgIH6DALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yNDA5MDUxODAyMDNaMC8GCSqGSIb3DQEJBDEiBCAoLJFjAaIYE9VNESkBOrmwA5Xq0xyPMRCCfwo5ehCB9DANBgkqhkiG9w0BAQsFAASCAgCzxTvnlY1SHxWBF3Wzb221U/pcByejRpmAZ5MQKvaTa+nP9gwTp4JLtwIzBk+zocxHPZuk8aNlHiQ+5Qfm87juh4XFPMJqVCI8ERpEA4jlgGXic6CCh8OvR92rc/exLEb4jAaOpjOygj+ih9cjaxZY24rM3VRPSXQjTJ0+IZyH/XjcR7ASpvFGbUX35B1LU6pPf9sjkNJroyibpFHXNXiRvSl7+zxa8AqhmJ9vE8MX41vzjX30FU4pFXs3WtAwhwdisk07vBt5K+2+Wu/iLyirUEz28+FPWOwVuoSk0R1ifJsUWZPtXw+bM3tr57gy7bRjgt++89XoiHGlQ2ILh8Vr6lxElUtAfM1muJqu0feaYUbQhGBW9+tw+yldsKZGh7rMh24UGUDms4OCcKm9SvmwD7BpJUFq+IE9qt2+Hxsr+QIY4Lx31LbknrGoI33fmjzZ/mxx2H7UxygsIQAdC9ze/u4dS0LMcgXi86ozb1o3kn3BM+I5qSEP7H0V6g0kqnatxweBpmFo6cemmhRnk7qg/LyYHDdIjag0rG2LX+ltogYHgHjyUAaZb9ipJ8pNc750TGnyQnuKkxmJ90lhgTJZryxp/NV9qmzggbUCQYrWqbYv3c1z8uDcN6UzrP5AmNK+B0S8PXqjxsBBHyrFtQpCxD3DlrbrYs8nksiH5Wfgkw==",
    "conveyed-information": "MIIWKAYJKoZIhvcNAQcCoIIWGTCCFhUCAQExDTALBglghkgBZQMEAgEwgg0KBgkqhkiG9w0BBwGgggz7BIIM93sKICAiaWV0Zi1zenRwLWNvbnZleWVkLWluZm86cmVkaXJlY3QtaW5mb3JtYXRpb24iOiB7CiAgICAiYm9vdHN0cmFwLXNlcnZlciI6IFsKICAgICAgewogICAgICAgICJhZGRyZXNzIjogIjo6MSIsCiAgICAgICAgInBvcnQiOiAxMjM0NSwKICAgICAgICAidHJ1c3QtYW5jaG9yIjogIk1JSUpLd1lKS29aSWh2Y05BUWNDb0lJSkhEQ0NDUmdDQVFFeERUQUxCZ2xnaGtnQlpRTUVBZ0V3RHdZSktvWklodmNOQVFjQm9BSUVBS0NDQmM0d2dnWEtNSUlEc3FBREFnRUNBZ0lINkRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaFRFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CTVJZd0ZBWURWUVFIRXcxTmIzVnVkR0ZwYmlCV2FXVjNNU0V3SHdZRFZRUUtFeGhIYjI5bmJHVWdSMnh2WW1Gc0lFNWxkSGR2Y210cGJtY3hMakFzQmdOVkJBTVRKVWR2YjJkc1pTQkNiMjkwYzNSeVlYQndhVzVuSUZObGNuWnBZMlZ6SUZKdmIzUWdRMEV3SGhjTk1qUXdPREl6TWpNek5ETXpXaGNOTXpRd09ESXpNak16TkRNeldqQ0JoVEVMTUFrR0ExVUVCaE1DVlZNeEN6QUpCZ05WQkFnVEFrTkJNUll3RkFZRFZRUUhFdzFOYjNWdWRHRnBiaUJXYVdWM01TRXdId1lEVlFRS0V4aEhiMjluYkdVZ1IyeHZZbUZzSUU1bGRIZHZjbXRwYm1jeExqQXNCZ05WQkFNVEpVZHZiMmRzWlNCQ2IyOTBjM1J5WVhCd2FXNW5JRk5sY25acFkyVnpJRkp2YjNRZ1EwRXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDd2g5VnNoZEV3b1JDYmtldjlBNlNlZ3FOMWdtVm81RFFlT3EyV3JuWUE5b3dreEFqNFljb3JuenZoam1pbHBsSW5aR3kxV2Y5R2VpZExVclRIRUhNS2cwWHpxMkNyd2J5ZVJDaFBPamc5M0twc1FFbWlhQ2hmZS9vZ3hPQkJGcUtGVVNBRDdMT1VucHBDNlpRT2s1cmZDVG4rdC8rbWZNd3d1ZWVZeWR6aTc3V2dQRjc4UFpIdWF5c0p3UDBwUWVhRkF4MTVGYWh0L3ZnRjJlRFNsZGc1TE9wajNMSTVtWVRUUjcyNEhkQkRkVSt5NEtQUkc4ZGZoNzFMMGhseW5PWGFnV2lvRFRUbk9MNllwMUdoWXRBVlh1ZkF4cGN5d2RaU08xbGN2aU13dys4dXRETXl1dXZmc3VjeHhpamhNd2VaNXBiQWVxUy9hMU1DQ2svOUFWQlhpUnRwN1JpU1pSR0RkWTBGUDAwTEloRDdpQnRld2ZkWC95MU5FWENOQWN1SEZjRE9JN1BIT0E2K2ZxTnpPUDFlNFcxK3VMbjlPOS83aWdxeGFsb09neHUvcW43dUVnbjZyWS9sY3FWSmhrdmZ2NThaeUptYWE3NWQ0K1ZHeDhacFJQK0k1TUgwUk4waGZWYzllMUVkcHlWeXJHeWpsYzc0M2d3RXBHRGlEMUVpTmRraE1iendpekVjTjc0YlRhUVhYWWZLM2dmaTZscC9xWXhBK0wzcW1xNVY0NjJ5dUYyK1gyOU55cUZST0xtVEdPUndYNVBQeEZHUUh3ekNwYm9ZV0VMa3QyVVl3MFQyU1k5YWcyc0ZPL2kxOWxLblVEVzNJT25VUVpyLzVnUFh6VEhKdnkzRXQrZm1kaDJCMk1Ib3EzRWZ4N2hnaTVHMjR0eGhsWlVMUHdJREFRQUJvMEl3UURBT0JnTlZIUThCQWY4RUJBTUNBZ1F3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVeEQ2T3FnaXpTWm92K2pINVBTSGNVSXhkbTRBd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFEb0tJd2lueW1xRzJQTG9pQmV6NWl3bHlpT1Z2YkJDTWZ5Q3doamJCdnljdXpYMG0yVzJhMEJxVnlmUVpySmJEQjBBU2ZpVHNKeTB2TlFrOTlDMlRRV0c3cFBtc0k2U0NISHNaemhRRXZYek9vdWFuYkQyd3p3NlU4QVZIZmZFY2RDNVlRTUhMZWcxaDhhQzZVTU90V09YdkFyUC8vRzl4WHVWMlFZdm5pNzg4Q21hTXVkVUE3VHF3cU14ZGZ5RWFJZ0o2S2tyNTFEdmR1M0pyL1FVc2lGeDRkTHpjUGlKQkFBcEFqVVNYQnhnQ0tXc1duMHBkZ1RONnJSZnd0YWtLS010cXFkZXFRSVRaaHlUWTkrbndES1VMS2xPM0M5akw0NHp3ckdpR1pBbTFiYWd2cUZULzhaYStYMHJwV3ZSdUNSM3NhM1Z0UFN2RkcxWi9BYmFDTjlHNXIwekVBcmZ6MS9ML1BPYXBFYTN1N1orejBZNjBTcitHMm9aNHBiaTdPcnliOStSMTAzMmJzQ1BUN1YrOEVMdHpERCtENWRyQnFZM3hudGVVS2FWUEd0S0QwcVl4bG85R2JWSHVqOG1qRFRlWEtaRzMyVFNKNmZWN2hGN0hjT2ZmZWorUEx2UGZacnROUmhpc1R6Tm5NeC9SM1duRTFxQ3J1SmZzZ0JnUGZSbWxiNTcxdG1YNHU0U2ZlTmtwSk0xa2M3czZ1YUV1QzZ5M20vZXVDTzBYczQ4L2tQVU9maGM0aG9XdC9ITWZiZkVDakREVC9TVnU4RVJLVGNoQnNKdWh2NEpJOHl4bHRTUzM4VGIvSExJM1FYQ1IrS3hRYkVBb0U3MUxzTmdLTXFKTTlGWlo4MWFNZXd4NGt5NHJ2cm9DQVVxb0tUMHJRSldoUzRSSGxTM01ZSURIekNDQXhzQ0FRRXdnWXd3Z1lVeEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlRXOTFiblJoYVc0Z1ZtbGxkekVoTUI4R0ExVUVDaE1ZUjI5dloyeGxJRWRzYjJKaGJDQk9aWFIzYjNKcmFXNW5NUzR3TEFZRFZRUURFeVZIYjI5bmJHVWdRbTl2ZEhOMGNtRndjR2x1WnlCVFpYSjJhV05sY3lCU2IyOTBJRU5CQWdJSDZEQUxCZ2xnaGtnQlpRTUVBZ0dnYVRBWUJna3Foa2lHOXcwQkNRTXhDd1lKS29aSWh2Y05BUWNCTUJ3R0NTcUdTSWIzRFFFSkJURVBGdzB5TkRBNU1EWXlNakE1TURSYU1DOEdDU3FHU0liM0RRRUpCREVpQkNEanNNUkNtUHdjRkpyNzlNaVpiN2trSjY1QjVHU2JrMHlrbFprYmVGSzRWVEFMQmdrcWhraUc5dzBCQVFzRWdnSUFoalBHd3hMczBjbnE3eFVUaDQzL2svWnY2RUNtMVQrTEtMenFRS050V2MvS3VGOFNzN3lFQnZKekhKTFplWUxQTmQwVVRHQjcyL3dXM0YwS3ppUjJ2QVpHd3BmRnZzd2k0QzFQbDJ0YjJBQ0Npdk82bXpGS3FvdE11dGVaU0tTeDN4SDFUVzhWZDMwZ1h5ekhtRUFXR1Y3dzZIMHA0eTdicElGM05ESmZZblJMbHJ4cUhGbTJqQlZ6Sk1QcmIxQVpKajdoZ3B4ZGdrOXpXTktObHZKZi9seVRob3RicnVFajNJWjh2YnZhOGh5dWNJWDNFRC9NSlcvTGUwL0MwaHNqczhmVWRiMWlhckxDZS9RdWFxK2NCK3hkS2daY04xSEtTZlMyRWpIRk82a0xqbUlhL00zeVNJdVJlWmQ3ejFFb245bWNjZDVQVzlQTE00TUlPa085SC9CRHBjWW9Zd2tsVGtTS21NVkI1WlJKckhLSnFITXBsNTduZm5RYkNrbUJvSTVTY3RKY2tSSjVsTmVKRXc3c3JwR05oWlpaZVBmcERHSmsxTEMyL0JFdDBwRFJqMldkSjRpOVpXNEQ3WUdFUlJTazlCOVFkbmN6UkljNjJGZitXa0JWUFBmaS9GL0ZYQmZpYXpRSW5TMzUwdU1zWXJzT3VMdjBjZVBPSm1udTJRTWVtK1F4Y2Vjbm8rTWlmOVFwL3BrWTlyamdNRVRCcnJWK0FHTHEvMUFLV2xidmNBWVg5OWc5M3VlcmxMbmMvaVdtWEc3czNZVml4VWcvSDd0UVdheWZTS09uN3J5ZU9OZ2oxRXhHUkUySjNOMkF1WGpJOFFqcjlBR3pYNVV2ZWhoY0x2Tkt6TjI1eVA3dFc2bmdIdUZlTXh5VFp6YmpTYVJUNHZpaTJ5bz0iCiAgICAgIH0KICAgIF0KICB9Cn2gggXOMIIFyjCCA7KgAwIBAgICB+gwDQYJKoZIhvcNAQELBQAwgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEhMB8GA1UEChMYR29vZ2xlIEdsb2JhbCBOZXR3b3JraW5nMS4wLAYDVQQDEyVHb29nbGUgQm9vdHN0cmFwcGluZyBTZXJ2aWNlcyBSb290IENBMB4XDTI0MDkwNTE4MDIwMloXDTM0MDkwNTE4MDIwMlowgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEhMB8GA1UEChMYR29vZ2xlIEdsb2JhbCBOZXR3b3JraW5nMS4wLAYDVQQDEyVHb29nbGUgQm9vdHN0cmFwcGluZyBTZXJ2aWNlcyBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx4aXXr62AUE07fnAxWOR9bHrt6ErRc3oZdxBmLH66dzF+rfvCNd/Xjf5SgeMfPymImx7ecDrZCC/aywgRLDx8910toy12g0wrbPNw2+sZlzWnRRjOVxw0kSfdd4cOrygT1ssPqArDCLpKLbTjKEZy1/tZbR9jSdrJjpniuvShU2nA7TvCLSIADewQah+ojetoNttRNe1gqhDANfPgfYre52xmOCuGqWfKqudbKHkvl9sx8cSGJ/3MHAsbclkuAe0PHk7oYtXifATrTVOpQIwjk/uatQNeqoAwN98vMyUgrCmorTu6QqgNmsEQ54hcCXlquRmccivJCQgBASfz3PmbhcsKHIWWOd1yTvVW+Lr7v6OX2nANf4HV/ETUXLvYjOTbVmbm2AVDanUi1QR88Qk9PEDlyMKEqMob62Rl5jQ4EopAcKu8Yd8h/EsDRlxQG+ZVQEMbWYwZXOv2vGQEcBlIqZM58F1LCy9XYo7LR3oGcQhovF3QWcr7DOoHaxlgMXg1VGuy+r6rIM1709lceP/gzSE+JrjOjEfujh7SleAarhIzhKVhNTli/hY2IvFx5LSLvsH//CL00Q1MO8AQlY3aOd/64ARb2EWB257oL3dqo/SRJklwqod4GOXCopyU32vh28yTUbn8qFanOeqU6Hkvr+b8QbC8mPCF4bTrk+03P0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgIEMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFDRR9kVusnRrpnzfBX6/oDep16VJMA0GCSqGSIb3DQEBCwUAA4ICAQBE4bb8/kBykKDQT+byoMfGXQ3AU1gKn3MpWII8rYgfcMaMUAZB9Q/K5PyPxgrJoMoKI/TnGcx3azHhhgqftSN4ZsyJSP17AmFlQOOFdEepf8BnlsLw+AxyKjrwhS2pJ8H2uaNcILzxh16NbjiiX2MY09Nhwz3TmDDQLMuBZuzGLGa2l+YNqNuCf0C1DQLmUJtgX5Ha70XB3kAZOBOl/PfQ88PhT139mRhxbcu8m1dYht42G3gu2IeshZVRtEqt5smwSMR44LCAXmjUPs/iC6L9ootoFtVb0ZEL6LfSF11Wnf9KS9ERrIR3gA/lJzYC7obKOrjlaV0LHM5EhCn1ScpiHd7fRaAVU6PpiSIbC1gMm4LzzY1CevXXhkcHExviSsn5GK2DZzrJN61IYhm3i4H7afrV8K5xmty0oh443J3wyuPINjvirmiGJ8aaBr02MTYbI4+c3ADAPYzbyn1KsE5K5LoS+uVlx+ufrJOyikHLlm2OeEvRPVWgRXWHaJws/AfuHYcUD4Ume7pNHtnx8l+QwEM0MHqOnj2hX8mCDrz01o+0sGCC+f2yU5fExVU8sAte99pVn2cLadBzMYsSYMaAtl0+vOE6oBrcOlan2mEx/KZcukkVhOED2+A+ynFQYRAkmjBZ8PjPbJCJ0NbD2KVG3lVte87CZjpauClYMk5EGDGCAx8wggMbAgEBMIGMMIGFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxITAfBgNVBAoTGEdvb2dsZSBHbG9iYWwgTmV0d29ya2luZzEuMCwGA1UEAxMlR29vZ2xlIEJvb3RzdHJhcHBpbmcgU2VydmljZXMgUm9vdCBDQQICB+gwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjQwOTA2MjIwOTA0WjAvBgkqhkiG9w0BCQQxIgQglVYMvag6uLUNM+b2dfrVPuVgxLLQzcjZ9cB2By8pNk4wCwYJKoZIhvcNAQELBIICADAEooXeEB+iymYX00ayx5hvd63rXa+uyiK8EDKriJU6udHH6OG2KzPr/4o7wEkf/ZC+7zXDwBrSXl9mt0bjg085uMrTldNFCkbGfqDCAbqBv/9Myo7LTrxUbhlfflgTi2MTUatlZh1A+jIdQL2lgrr7UNh6Hl7dccJL7Jl9G/Z3PG52jCOArqwjNT2AGyECDsMrqQk+JMx0HkheEV+7qMBn86/kd5U0dtEmBDGgOEeO7sXTivqLk3WQSThc8BMVLKPDzdmwkZYg1QEfXGpefgjdi0YGWfFbx/PcD9krOy5SddsDW3yfCb7C15QAHnAMQEQNn0vzLaVSzbpB3M7pTYq1Id1c3wdfpAwfljuAFNsL4kphz1ZYIevn5ll/xiZT90grpz8BHrs3s8DrDdv8H1bkNfGC91lbiczO842ULn5g5rUFWmVwUEz0fQK0wX9tUj1KvEfuYq7F6gBc/eC/d2B5rJzm9uzqkG+UaVpAF5Rx5obZFr104Ce1oofjk9RdQhn8c+cPpo4r2QtDramQBEKk3UGwSPvGylYZ4kYI8aRjFUJzxnP6+qPrAfM5b/G90ojnzR7qFap7No+AUT9mW7LY37vtkEv/nAja4ERC6wO3v29ZDPhIymQqYPIjr3zSf30oqMk6s/hTImONIJP+Mqguio4+TYOc03IPpJr26r9G"
  }
}

"conveyed-information" field decoded from base64 for reference:

{
  "ietf-sztp-conveyed-info:redirect-information": {
    "bootstrap-server": [
      {
        "address": "::1",
        "port": 12345,
        "trust-anchor": "MIIJKwYJKoZIhvcNAQcCoIIJHDCCCRgCAQExDTALBglghkgBZQMEAgEwDwYJKoZIhvcNAQcBoAIEAKCCBc4wggXKMIIDsqADAgECAgIH6DANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0EwHhcNMjQwODIzMjMzNDMzWhcNMzQwODIzMjMzNDMzWjCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwh9VshdEwoRCbkev9A6SegqN1gmVo5DQeOq2WrnYA9owkxAj4YcornzvhjmilplInZGy1Wf9GeidLUrTHEHMKg0Xzq2CrwbyeRChPOjg93KpsQEmiaChfe/ogxOBBFqKFUSAD7LOUnppC6ZQOk5rfCTn+t/+mfMwwueeYydzi77WgPF78PZHuaysJwP0pQeaFAx15Faht/vgF2eDSldg5LOpj3LI5mYTTR724HdBDdU+y4KPRG8dfh71L0hlynOXagWioDTTnOL6Yp1GhYtAVXufAxpcywdZSO1lcviMww+8utDMyuuvfsucxxijhMweZ5pbAeqS/a1MCCk/9AVBXiRtp7RiSZRGDdY0FP00LIhD7iBtewfdX/y1NEXCNAcuHFcDOI7PHOA6+fqNzOP1e4W1+uLn9O9/7igqxaloOgxu/qn7uEgn6rY/lcqVJhkvfv58ZyJmaa75d4+VGx8ZpRP+I5MH0RN0hfVc9e1EdpyVyrGyjlc743gwEpGDiD1EiNdkhMbzwizEcN74bTaQXXYfK3gfi6lp/qYxA+L3qmq5V462yuF2+X29NyqFROLmTGORwX5PPxFGQHwzCpboYWELkt2UYw0T2SY9ag2sFO/i19lKnUDW3IOnUQZr/5gPXzTHJvy3Et+fmdh2B2MHoq3Efx7hgi5G24txhlZULPwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUxD6OqgizSZov+jH5PSHcUIxdm4AwDQYJKoZIhvcNAQELBQADggIBADoKIwinymqG2PLoiBez5iwlyiOVvbBCMfyCwhjbBvycuzX0m2W2a0BqVyfQZrJbDB0ASfiTsJy0vNQk99C2TQWG7pPmsI6SCHHsZzhQEvXzOouanbD2wzw6U8AVHffEcdC5YQMHLeg1h8aC6UMOtWOXvArP//G9xXuV2QYvni788CmaMudUA7TqwqMxdfyEaIgJ6Kkr51Dvdu3Jr/QUsiFx4dLzcPiJBAApAjUSXBxgCKWsWn0pdgTN6rRfwtakKKMtqqdeqQITZhyTY9+nwDKULKlO3C9jL44zwrGiGZAm1bagvqFT/8Za+X0rpWvRuCR3sa3VtPSvFG1Z/AbaCN9G5r0zEArfz1/L/POapEa3u7Z+z0Y60Sr+G2oZ4pbi7Oryb9+R1032bsCPT7V+8ELtzDD+D5drBqY3xnteUKaVPGtKD0qYxlo9GbVHuj8mjDTeXKZG32TSJ6fV7hF7HcOffej+PLvPfZrtNRhisTzNnMx/R3WnE1qCruJfsgBgPfRmlb571tmX4u4SfeNkpJM1kc7s6uaEuC6y3m/euCO0Xs48/kPUOfhc4hoWt/HMfbfECjDDT/SVu8ERKTchBsJuhv4JI8yxltSS38Tb/HLI3QXCR+KxQbEAoE71LsNgKMqJM9FZZ81aMewx4ky4rvroCAUqoKT0rQJWhS4RHlS3MYIDHzCCAxsCAQEwgYwwgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEhMB8GA1UEChMYR29vZ2xlIEdsb2JhbCBOZXR3b3JraW5nMS4wLAYDVQQDEyVHb29nbGUgQm9vdHN0cmFwcGluZyBTZXJ2aWNlcyBSb290IENBAgIH6DALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yNDA5MDYyMjA5MDRaMC8GCSqGSIb3DQEJBDEiBCDjsMRCmPwcFJr79MiZb7kkJ65B5GSbk0yklZkbeFK4VTALBgkqhkiG9w0BAQsEggIAhjPGwxLs0cnq7xUTh43/k/Zv6ECm1T+LKLzqQKNtWc/KuF8Ss7yEBvJzHJLZeYLPNd0UTGB72/wW3F0KziR2vAZGwpfFvswi4C1Pl2tb2ACCivO6mzFKqotMuteZSKSx3xH1TW8Vd30gXyzHmEAWGV7w6H0p4y7bpIF3NDJfYnRLlrxqHFm2jBVzJMPrb1AZJj7hgpxdgk9zWNKNlvJf/lyThotbruEj3IZ8vbva8hyucIX3ED/MJW/Le0/C0hsjs8fUdb1iarLCe/Quaq+cB+xdKgZcN1HKSfS2EjHFO6kLjmIa/M3ySIuReZd7z1Eon9mccd5PW9PLM4MIOkO9H/BDpcYoYwklTkSKmMVB5ZRJrHKJqHMpl57nfnQbCkmBoI5SctJckRJ5lNeJEw7srpGNhZZZePfpDGJk1LC2/BEt0pDRj2WdJ4i9ZW4D7YGERRSk9B9QdnczRIc62Ff+WkBVPPfi/F/FXBfiazQInS350uMsYrsOuLv0cePOJmnu2QMem+Qxcecno+Mif9Qp/pkY9rjgMETBrrV+AGLq/1AKWlbvcAYX99g93uerlLnc/iWmXG7s3YVixUg/H7tQWayfSKOn7ryeONgj1ExGRE2J3N2AuXjI8Qjr9AGzX5UvehhcLvNKzN25yP7tW6ngHuFeMxyTZzbjSaRT4vii2yo="
      }
    ]
  }
}

Get Bootstrapping Data: Trusted Phase

The trusted phase of sZTP occurs immediately after the untrusted phase (if Ownership Voucher validation was successful), with the switch redirecting back to the sZTP server address provided in the earlier response. The goal is for the server to provide the switch with a URL pointing to an OS image to install as well as bootstrap config for the switch to configure itself with.

Request from switch to server

Full curl request sent to server:

curl --cacert testdata/trustAnchorCertificate.pem -X POST -H "Content-Type: application/json" -H "X-MAC: 01:23:45:AB:CD:EF" -H "X-Serial: 123456"  -d '{"ietf-sztp-bootstrap-server:input" : {"hw-model" : "12345", "os-version" : "v1.0.0"}}' https://[::1]:12345/restconf/operations/ietf-sztp-bootstrap-server:get-bootstrapping-data

Expanded request body for reference:

{
  "ietf-sztp-bootstrap-server:input" : {
    "hw-model" : "12345", 
    "os-version" : "v1.0.0"
  }
}

Response from server to switch

Full response body from the server:

{
  "ietf-sztp-bootstrap-server:output": {
    "owner-certificate": "MIIJKwYJKoZIhvcNAQcCoIIJHDCCCRgCAQExDTALBglghkgBZQMEAgEwDwYJKoZIhvcNAQcBoAIEAKCCBc4wggXKMIIDsqADAgECAgIH6DANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0EwHhcNMjQwOTA1MTgwMjAyWhcNMzQwOTA1MTgwMjAyWjCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDHhpdevrYBQTTt+cDFY5H1seu3oStFzehl3EGYsfrp3MX6t+8I139eN/lKB4x8/KYibHt5wOtkIL9rLCBEsPHz3XS2jLXaDTCts83Db6xmXNadFGM5XHDSRJ913hw6vKBPWyw+oCsMIukottOMoRnLX+1ltH2NJ2smOmeK69KFTacDtO8ItIgAN7BBqH6iN62g221E17WCqEMA18+B9it7nbGY4K4apZ8qq51soeS+X2zHxxIYn/cwcCxtyWS4B7Q8eTuhi1eJ8BOtNU6lAjCOT+5q1A16qgDA33y8zJSCsKaitO7pCqA2awRDniFwJeWq5GZxyK8kJCAEBJ/Pc+ZuFywochZY53XJO9Vb4uvu/o5facA1/gdX8RNRcu9iM5NtWZubYBUNqdSLVBHzxCT08QOXIwoSoyhvrZGXmNDgSikBwq7xh3yH8SwNGXFAb5lVAQxtZjBlc6/a8ZARwGUipkznwXUsLL1dijstHegZxCGi8XdBZyvsM6gdrGWAxeDVUa7L6vqsgzXvT2Vx4/+DNIT4muM6MR+6OHtKV4BquEjOEpWE1OWL+FjYi8XHktIu+wf/8IvTRDUw7wBCVjdo53/rgBFvYRYHbnugvd2qj9JEmSXCqh3gY5cKinJTfa+HbzJNRufyoVqc56pToeS+v5vxBsLyY8IXhtOuT7Tc/QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUNFH2RW6ydGumfN8Ffr+gN6nXpUkwDQYJKoZIhvcNAQELBQADggIBAEThtvz+QHKQoNBP5vKgx8ZdDcBTWAqfcylYgjytiB9wxoxQBkH1D8rk/I/GCsmgygoj9OcZzHdrMeGGCp+1I3hmzIlI/XsCYWVA44V0R6l/wGeWwvD4DHIqOvCFLaknwfa5o1wgvPGHXo1uOKJfYxjT02HDPdOYMNAsy4Fm7MYsZraX5g2o24J/QLUNAuZQm2BfkdrvRcHeQBk4E6X899Dzw+FPXf2ZGHFty7ybV1iG3jYbeC7Yh6yFlVG0Sq3mybBIxHjgsIBeaNQ+z+ILov2ii2gW1VvRkQvot9IXXVad/0pL0RGshHeAD+UnNgLuhso6uOVpXQsczkSEKfVJymId3t9FoBVTo+mJIhsLWAybgvPNjUJ69deGRwcTG+JKyfkYrYNnOsk3rUhiGbeLgftp+tXwrnGa3LSiHjjcnfDK48g2O+KuaIYnxpoGvTYxNhsjj5zcAMA9jNvKfUqwTkrkuhL65WXH65+sk7KKQcuWbY54S9E9VaBFdYdonCz8B+4dhxQPhSZ7uk0e2fHyX5DAQzQweo6ePaFfyYIOvPTWj7SwYIL5/bJTl8TFVTywC1732lWfZwtp0HMxixJgxoC2XT684TqgGtw6VqfaYTH8ply6SRWE4QPb4D7KcVBhECSaMFnw+M9skInQ1sPYpUbeVW17zsJmOlq4KVgyTkQYMYIDHzCCAxsCAQEwgYwwgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEhMB8GA1UEChMYR29vZ2xlIEdsb2JhbCBOZXR3b3JraW5nMS4wLAYDVQQDEyVHb29nbGUgQm9vdHN0cmFwcGluZyBTZXJ2aWNlcyBSb290IENBAgIH6DALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yNDA5MDYyMzA5NTVaMC8GCSqGSIb3DQEJBDEiBCDjsMRCmPwcFJr79MiZb7kkJ65B5GSbk0yklZkbeFK4VTALBgkqhkiG9w0BAQsEggIAINF+Bj3jAW1dttVv3r6eKcck5tqnKIb6qbOjIud3lgUxxQelF628KXXhwz8JRnFlMitunmXwnbF7J2fGZhdPM7xJQ2AcDNiOSDZDCiwYMBcxrJxP4RHav+3GEfvyfi0uu9fkUJm2OD27iKtx6Ebu3ZSvj0TU3lrnhfLAgBr+mOZw/PHuy41FUogWgqwZcJY7RvYkzvqAn/Wis3CadrlG2IQmTwewUWaKJKnSLqGe4R36Eaudjvx4e1uSq+MrwlrO68XRnaLvh8MXStj4Id9pEpk+pBb8Z7AZ6ivVkTpMg7+nN1Xrv+bYOTnBbQboWZzM1f9gXO4Elq64tTLFnY95ttpM08/uZbL38KtvfogflFOvNa089+d95EUl1H4Ksoj+Ik3Z6+QfdurY/qKkCPTGhgbWuzmQkvRrx+PRG3StdsCggRjcpaiHwGAsQM8i0i+wT2ugTVvT/jmnF2Ewn6ErtnP5A7Vnpd2x1JzOxKgoyARUj0QIFDgl3atHRTt7+OpexG8Djjep0MMttET5LgwXmQyi4Dm4BQ/xWkSzywGSYwK1kxgV2VktPebz31DyK8KInbk0LggOit6EGmxeQYymT3HaVu6cH496oGHHVj/IGiVVs8Lsj0iQuabhKFh+e50O222pmHDCHv3bQUodnZCnm0iof0uuYjXIqd/70f1b7Dk=",
    "ownership-voucher": "MIIR3AYJKoZIhvcNAQcCoIIRzTCCEckCAQExDTALBglghkgBZQMEAgEwggi8BgkqhkiG9w0BBwGgggitBIIIqXsiaWV0Zi12b3VjaGVyOnZvdWNoZXIiOnsiWE1MTmFtZSI6eyJTcGFjZSI6IiIsIkxvY2FsIjoiIn0sImNyZWF0ZWQtb24iOiIyMDI0LTA5LTA1VDE4OjAyOjAzWiIsImV4cGlyZXMtb24iOiIyMDI1LTA5LTA1VDE4OjAyOjAzWiIsInNlcmlhbC1udW1iZXIiOiIxMjM0NSIsImFzc2VydGlvbiI6IiIsInBpbm5lZC1kb21haW4tY2VydCI6Ik1JSUZ5akNDQTdLZ0F3SUJBZ0lDQitnd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1lVeEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlRXOTFiblJoYVc0Z1ZtbGxkekVoTUI4R0ExVUVDaE1ZUjI5dloyeGxJRWRzYjJKaGJDQk9aWFIzYjNKcmFXNW5NUzR3TEFZRFZRUURFeVZIYjI5bmJHVWdRbTl2ZEhOMGNtRndjR2x1WnlCVFpYSjJhV05sY3lCU2IyOTBJRU5CTUI0WERUSTBNRGt3TlRFNE1ESXdNbG9YRFRNME1Ea3dOVEU0TURJd01sb3dnWVV4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVXTUJRR0ExVUVCeE1OVFc5MWJuUmhhVzRnVm1sbGR6RWhNQjhHQTFVRUNoTVlSMjl2WjJ4bElFZHNiMkpoYkNCT1pYUjNiM0pyYVc1bk1TNHdMQVlEVlFRREV5VkhiMjluYkdVZ1FtOXZkSE4wY21Gd2NHbHVaeUJUWlhKMmFXTmxjeUJTYjI5MElFTkJNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXg0YVhYcjYyQVVFMDdmbkF4V09SOWJIcnQ2RXJSYzNvWmR4Qm1MSDY2ZHpGK3JmdkNOZC9YamY1U2dlTWZQeW1JbXg3ZWNEclpDQy9heXdnUkxEeDg5MTB0b3kxMmcwd3JiUE53MitzWmx6V25SUmpPVnh3MGtTZmRkNGNPcnlnVDFzc1BxQXJEQ0xwS0xiVGpLRVp5MS90WmJSOWpTZHJKanBuaXV2U2hVMm5BN1R2Q0xTSUFEZXdRYWgrb2pldG9OdHRSTmUxZ3FoREFOZlBnZllyZTUyeG1PQ3VHcVdmS3F1ZGJLSGt2bDlzeDhjU0dKLzNNSEFzYmNsa3VBZTBQSGs3b1l0WGlmQVRyVFZPcFFJd2prL3VhdFFOZXFvQXdOOTh2TXlVZ3JDbW9yVHU2UXFnTm1zRVE1NGhjQ1hscXVSbWNjaXZKQ1FnQkFTZnozUG1iaGNzS0hJV1dPZDF5VHZWVytMcjd2Nk9YMm5BTmY0SFYvRVRVWEx2WWpPVGJWbWJtMkFWRGFuVWkxUVI4OFFrOVBFRGx5TUtFcU1vYjYyUmw1alE0RW9wQWNLdThZZDhoL0VzRFJseFFHK1pWUUVNYldZd1pYT3YydkdRRWNCbElxWk01OEYxTEN5OVhZbzdMUjNvR2NRaG92RjNRV2NyN0RPb0hheGxnTVhnMVZHdXkrcjZySU0xNzA5bGNlUC9nelNFK0pyak9qRWZ1amg3U2xlQWFyaEl6aEtWaE5UbGkvaFkySXZGeDVMU0x2c0gvL0NMMDBRMU1POEFRbFkzYU9kLzY0QVJiMkVXQjI1N29MM2Rxby9TUkprbHdxb2Q0R09YQ29weVUzMnZoMjh5VFVibjhxRmFuT2VxVTZIa3ZyK2I4UWJDOG1QQ0Y0YlRyayswM1AwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0lFTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkRSUjlrVnVzblJycG56ZkJYNi9vRGVwMTZWSk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQkU0YmI4L2tCeWtLRFFUK2J5b01mR1hRM0FVMWdLbjNNcFdJSThyWWdmY01hTVVBWkI5US9LNVB5UHhnckpvTW9LSS9UbkdjeDNhekhoaGdxZnRTTjRac3lKU1AxN0FtRmxRT09GZEVlcGY4Qm5sc0x3K0F4eUtqcndoUzJwSjhIMnVhTmNJTHp4aDE2TmJqaWlYMk1ZMDlOaHd6M1RtRERRTE11Qlp1ekdMR2EybCtZTnFOdUNmMEMxRFFMbVVKdGdYNUhhNzBYQjNrQVpPQk9sL1BmUTg4UGhUMTM5bVJoeGJjdThtMWRZaHQ0MkczZ3UySWVzaFpWUnRFcXQ1c213U01SNDRMQ0FYbWpVUHMvaUM2TDlvb3RvRnRWYjBaRUw2TGZTRjExV25mOUtTOUVScklSM2dBL2xKellDN29iS09yamxhVjBMSE01RWhDbjFTY3BpSGQ3ZlJhQVZVNlBwaVNJYkMxZ01tNEx6elkxQ2V2WFhoa2NIRXh2aVNzbjVHSzJEWnpySk42MUlZaG0zaTRIN2FmclY4SzV4bXR5MG9oNDQzSjN3eXVQSU5qdmlybWlHSjhhYUJyMDJNVFliSTQrYzNBREFQWXpieW4xS3NFNUs1TG9TK3VWbHgrdWZySk95aWtITGxtMk9lRXZSUFZXZ1JYV0hhSndzL0FmdUhZY1VENFVtZTdwTkh0bng4bCtRd0VNME1IcU9uajJoWDhtQ0RyejAxbyswc0dDQytmMnlVNWZFeFZVOHNBdGU5OXBWbjJjTGFkQnpNWXNTWU1hQXRsMCt2T0U2b0JyY09sYW4ybUV4L0taY3Vra1ZoT0VEMitBK3luRlFZUkFrbWpCWjhQalBiSkNKME5iRDJLVkczbFZ0ZTg3Q1pqcGF1Q2xZTWs1RUdBPT0iLCJkb21haW4tY2VydC1yZXZvY2F0aW9uLWNoZWNrcyI6ZmFsc2V9faCCBc4wggXKMIIDsqADAgECAgIH6DANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0EwHhcNMjQwOTA1MTgwMjAzWhcNMzQwOTA1MTgwMjAzWjCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDnkKJ1VVRoGazpheQ14rpwEuc+9r/Ph1XYBD9h4OHZwgCfPEKwm3fe/8FE/bRFlMsNXeg+FRjrgRMh7UlKOcJ+uNd2hfoRiuROsGAFAvGPI2Ma0DPYOCzo+a0eF3qaRBa+l2MZZ1TR+IlfuRn8t4NNhjxUCu88g77PUTxSw3dt+gEFgMSArOrtHfStYZVtY1uuIUoes+bgShrk4ktYFvq2SowbB5PuEWPO6WYBbvmFvOWP/GjWhrx/T3PWlGBhoIGpcf3i1YotH7zaruJFd/TvqfNRoekfribA4FteI6UxS41MfECyxwoRtrCUI5DS0kJA/377KEjPJ+0HzEAjIDOXV0COGPV9XIjoNT+uyKk6cCy/lgWv6kYyFrfzvlkQgZUDYRFBk2nZL80wTuTxjBQn1DaE9nHHQ4xvm37bNBHf4fyBSvD3xAnljkwwzXugFMbNgvGg6icoG4SI2viWYbqFyEByhyM/onwo0lSd0TOku9+8daCSxetl8E5Qm+XW0VHEHYEeYVHD08lzo2EQKW1RwgdBbDp5Ufpv40NQ9xUU7MSILXlTZew16x/b8ReXftHQfXksug1JAhjnx/DzGXFNwDqQvlQNi+wE22IWsLqqBerSMfyYALxLuKjs2F7Wyjv6KGdxIQmsn0HOINU345cz1mWnILP0NPimLwHAU8Wj/QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU5AGD5Tu46QsWyXnoO2TrqQyoBJowDQYJKoZIhvcNAQELBQADggIBAD/l4FpaDGavP8vhcA/zOe1u9h6PY2TQV5amXpzRDnC9Loyu1jeyKp5fKLTx6GxP5JpX3ylpMEAtMs6Erg9yd1GQ6aHgZw2oTOtukcGD9iHNv+Q3sz0NaIMH5PpS20xC5Q05XJWOEsamI7z1MTvnwJsEUsH4LYTcuIQxcVzXi/L66ivMdccBzfm7mEM7+VaRzw/kBQdxW0agVM32mBWyRgbQAITiCIi/wMST9bL63hRhJxxmrVI7fTfLDXKlQOGmt+yrbb+t4Rik6w9CGgOevJUi/QDuHO292ZA7LyO5NQq2JgyxfWR8O28IXdlfiyuMM2PKoQIz2yD+9z9qdRadG09Qk/e6+aroooXJRwas6I+JdBPpcU0osZSbdvDo2T328BswvBUynxqMld7ls3pjbsIn0O1U7CesB9RvVIPcNh/ClbklS5c3aCVOGOe0MCggsZcw4gRlvVo4HUSzdbGzZoCnEJHBouzSiIRojNt168WmauzPfd/ElsQDuwFKsFDh9NVu3++BFuOS+TXacxHrBRBhDdKV+tNTsaxzkgmIbaNwT+EqqRiGZBNqyOIThtlP5+YO9zMlS27CpYfF7Qv5JRe5JDqq9wroBJXsueEaJ3M+rMglEqXdyaNOtw/HCpsI6S7qzq5iw8uwRhu1sg5hEgy/Y2TFDjJ+0eJS+upGFX40MYIDITCCAx0CAQEwgYwwgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEhMB8GA1UEChMYR29vZ2xlIEdsb2JhbCBOZXR3b3JraW5nMS4wLAYDVQQDEyVHb29nbGUgQm9vdHN0cmFwcGluZyBTZXJ2aWNlcyBSb290IENBAgIH6DALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yNDA5MDUxODAyMDNaMC8GCSqGSIb3DQEJBDEiBCAoLJFjAaIYE9VNESkBOrmwA5Xq0xyPMRCCfwo5ehCB9DANBgkqhkiG9w0BAQsFAASCAgCzxTvnlY1SHxWBF3Wzb221U/pcByejRpmAZ5MQKvaTa+nP9gwTp4JLtwIzBk+zocxHPZuk8aNlHiQ+5Qfm87juh4XFPMJqVCI8ERpEA4jlgGXic6CCh8OvR92rc/exLEb4jAaOpjOygj+ih9cjaxZY24rM3VRPSXQjTJ0+IZyH/XjcR7ASpvFGbUX35B1LU6pPf9sjkNJroyibpFHXNXiRvSl7+zxa8AqhmJ9vE8MX41vzjX30FU4pFXs3WtAwhwdisk07vBt5K+2+Wu/iLyirUEz28+FPWOwVuoSk0R1ifJsUWZPtXw+bM3tr57gy7bRjgt++89XoiHGlQ2ILh8Vr6lxElUtAfM1muJqu0feaYUbQhGBW9+tw+yldsKZGh7rMh24UGUDms4OCcKm9SvmwD7BpJUFq+IE9qt2+Hxsr+QIY4Lx31LbknrGoI33fmjzZ/mxx2H7UxygsIQAdC9ze/u4dS0LMcgXi86ozb1o3kn3BM+I5qSEP7H0V6g0kqnatxweBpmFo6cemmhRnk7qg/LyYHDdIjag0rG2LX+ltogYHgHjyUAaZb9ipJ8pNc750TGnyQnuKkxmJ90lhgTJZryxp/NV9qmzggbUCQYrWqbYv3c1z8uDcN6UzrP5AmNK+B0S8PXqjxsBBHyrFtQpCxD3DlrbrYs8nksiH5Wfgkw==",
    "conveyed-information": "MIILmgYJKoZIhvcNAQcCoIILizCCC4cCAQExDTALBglghkgBZQMEAgEwggJ8BgkqhkiG9w0BBwGgggJtBIICaXsKICAiaWV0Zi1zenRwLWNvbnZleWVkLWluZm86b25ib2FyZGluZy1pbmZvcm1hdGlvbiI6IHsKICAgICJib290LWltYWdlIjogewogICAgICAiZG93bmxvYWQtdXJpIjogWwogICAgICAgICJodHRwOi8vd3d3LmV4YW1wbGUuY29tL3lvdXIvb3MvaW1hZ2UvaGVyZS5pbWciCiAgICAgIF0sCiAgICAgICJpbWFnZS12ZXJpZmljYXRpb24iOiBbCiAgICAgICAgewogICAgICAgICAgImhhc2gtYWxnb3JpdGhtIjogImlldGYtc3p0cC1jb252ZXllZC1pbmZvOnNoYS0yNTYiLAogICAgICAgICAgImhhc2gtdmFsdWUiOiAiMDE6MjM6NDU6Njc6ODk6YWI6Y2Q6ZWYiCiAgICAgICAgfQogICAgICBdLAogICAgICAib3MtbmFtZSI6ICJWZW5kb3JPUyIsCiAgICAgICJvcy12ZXJzaW9uIjogInYxLjAuMCIKICAgIH0sCiAgICAiY29uZmlndXJhdGlvbiI6ICJZbTl2ZEhOMGNtRndMV052Ym1acFp3PT0iLAogICAgImNvbmZpZ3VyYXRpb24taGFuZGxpbmciOiAicmVwbGFjZSIsCiAgICAicG9zdC1jb25maWd1cmF0aW9uLXNjcmlwdCI6ICJjRzl6ZEMxamIyNW1hV2N0YzJOeWFYQjAiLAogICAgInByZS1jb25maWd1cmF0aW9uLXNjcmlwdCI6ICJjSEpsTFdOdmJtWnBaeTF6WTNKcGNIUT0iCiAgfQp9oIIFzjCCBcowggOyoAMCAQICAgfoMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxITAfBgNVBAoTGEdvb2dsZSBHbG9iYWwgTmV0d29ya2luZzEuMCwGA1UEAxMlR29vZ2xlIEJvb3RzdHJhcHBpbmcgU2VydmljZXMgUm9vdCBDQTAeFw0yNDA5MDUxODAyMDJaFw0zNDA5MDUxODAyMDJaMIGFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxITAfBgNVBAoTGEdvb2dsZSBHbG9iYWwgTmV0d29ya2luZzEuMCwGA1UEAxMlR29vZ2xlIEJvb3RzdHJhcHBpbmcgU2VydmljZXMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMeGl16+tgFBNO35wMVjkfWx67ehK0XN6GXcQZix+uncxfq37wjXf143+UoHjHz8piJse3nA62Qgv2ssIESw8fPddLaMtdoNMK2zzcNvrGZc1p0UYzlccNJEn3XeHDq8oE9bLD6gKwwi6Si204yhGctf7WW0fY0nayY6Z4rr0oVNpwO07wi0iAA3sEGofqI3raDbbUTXtYKoQwDXz4H2K3udsZjgrhqlnyqrnWyh5L5fbMfHEhif9zBwLG3JZLgHtDx5O6GLV4nwE601TqUCMI5P7mrUDXqqAMDffLzMlIKwpqK07ukKoDZrBEOeIXAl5arkZnHIryQkIAQEn89z5m4XLChyFljndck71Vvi6+7+jl9pwDX+B1fxE1Fy72Izk21Zm5tgFQ2p1ItUEfPEJPTxA5cjChKjKG+tkZeY0OBKKQHCrvGHfIfxLA0ZcUBvmVUBDG1mMGVzr9rxkBHAZSKmTOfBdSwsvV2KOy0d6BnEIaLxd0FnK+wzqB2sZYDF4NVRrsvq+qyDNe9PZXHj/4M0hPia4zoxH7o4e0pXgGq4SM4SlYTU5Yv4WNiLxceS0i77B//wi9NENTDvAEJWN2jnf+uAEW9hFgdue6C93aqP0kSZJcKqHeBjlwqKclN9r4dvMk1G5/KhWpznqlOh5L6/m/EGwvJjwheG065PtNz9AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ0UfZFbrJ0a6Z83wV+v6A3qdelSTANBgkqhkiG9w0BAQsFAAOCAgEAROG2/P5AcpCg0E/m8qDHxl0NwFNYCp9zKViCPK2IH3DGjFAGQfUPyuT8j8YKyaDKCiP05xnMd2sx4YYKn7UjeGbMiUj9ewJhZUDjhXRHqX/AZ5bC8PgMcio68IUtqSfB9rmjXCC88YdejW44ol9jGNPTYcM905gw0CzLgWbsxixmtpfmDajbgn9AtQ0C5lCbYF+R2u9Fwd5AGTgTpfz30PPD4U9d/ZkYcW3LvJtXWIbeNht4LtiHrIWVUbRKrebJsEjEeOCwgF5o1D7P4gui/aKLaBbVW9GRC+i30hddVp3/SkvREayEd4AP5Sc2Au6Gyjq45WldCxzORIQp9UnKYh3e30WgFVOj6YkiGwtYDJuC882NQnr114ZHBxMb4krJ+Ritg2c6yTetSGIZt4uB+2n61fCucZrctKIeONyd8MrjyDY74q5ohifGmga9NjE2GyOPnNwAwD2M28p9SrBOSuS6EvrlZcfrn6yTsopBy5ZtjnhL0T1VoEV1h2icLPwH7h2HFA+FJnu6TR7Z8fJfkMBDNDB6jp49oV/Jgg689NaPtLBggvn9slOXxMVVPLALXvfaVZ9nC2nQczGLEmDGgLZdPrzhOqAa3DpWp9phMfymXLpJFYThA9vgPspxUGEQJJowWfD4z2yQidDWw9ilRt5VbXvOwmY6WrgpWDJORBgxggMfMIIDGwIBATCBjDCBhTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKExhHb29nbGUgR2xvYmFsIE5ldHdvcmtpbmcxLjAsBgNVBAMTJUdvb2dsZSBCb290c3RyYXBwaW5nIFNlcnZpY2VzIFJvb3QgQ0ECAgfoMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI0MDkwNjIzMDk1NVowLwYJKoZIhvcNAQkEMSIEIJvqtaQ+/KxBbHkGHpEjXuV62QH2WQnyqKWUMiMgNP48MAsGCSqGSIb3DQEBCwSCAgAKLQDOUIUZF3ZFskqb8jPyUD3SbRipRe9itjWgR2b/bK0JvmWSiqJu+8R4kQhuJSt4sfBv+zQGSn8u1xKM1GUtCj+oKBjXIWO7WbvbBQ1Xm2Vz/Ji/N5sj99MYR3FazguDoN4NlS/NGf41AVF2JKTh16zPs1vaVvOam1LM8/pA1cqvzPJLbIZhwk9tbATBUvcV4o6ms4LTCgcRD3sG8tGfNJsinESpyXLJparuuSTaP7JKC/MQqlGIGIcjOkfWZH+w9TE8W8oLzbqzifs07HZEeQ9hHooLWK5roKSNwcT+GXIhv6nCJD7jMM+kLoiTyFlHHfv0foZMEUAu5lWToPgZMChY3y1B9+ZRgOUsZgiAExJxJr/DDBUMAwH5kO4zkdWDpqK2YEdauXtFFExJv2A68YBJaFq7Grx0bzsDu76PvnTVICGHZSut61q3pCGhKZ1ki3QXd9eHJr3O0UNlLOIeibrMUkj111POpbMMOSj9kC2/fMq2dWsLZ9HzF6aW0Bpt4bubS9C4ipRHElJXFQGD99Q63cDV5otGdyeXMy1+UfcZy837bQgeuH5Xa7aU2GJUnLTqQk1Dqyn2ztqxS0Hcy0lodtfG8WVEQiethymrS/fx87UWNSGn2eHg8QhMj6BL0tZUnibaTAiOAwqh7iRlPn7pqSlvfEXCZAGRr/Vq1w=="
  }
}

"conveyed-information" field decoded from base64 for reference:

{
  "ietf-sztp-conveyed-info:onboarding-information": {
    "boot-image": {
      "download-uri": [
        "http://www.example.com/your/os/image/here.img"
      ],
      "image-verification": [
        {
          "hash-algorithm": "ietf-sztp-conveyed-info:sha-256",
          "hash-value": "01:23:45:67:89:ab:cd:ef"
        }
      ],
      "os-name": "VendorOS",
      "os-version": "v1.0.0"
    },
    "configuration": "Ym9vdHN0cmFwLWNvbmZpZw==",
    "configuration-handling": "replace",
    "post-configuration-script": "cG9zdC1jb25maWctc2NyaXB0",
    "pre-configuration-script": "cHJlLWNvbmZpZy1zY3JpcHQ="
  }
}

"configuration" field decoded from base64 for reference:

bootstrap-config

"post-configuration-script" field decoded from base64 for reference:

post-config-script

"pre-configuration-script" field decoded from base64 for reference:

pre-config-script

Report Progress

Report progress requests are continuously sent from the switch to the server providing it with regular status updates about how bootstrapping is progressing. For example: bootstrap-initiated, parsing-complete, boot-image-initiated, pre-script-complete, config-initiated, and bootstrap-complete.

Request from switch to server

Full curl request sent to server:

curl --cacert testdata/trustAnchorCertificate.pem -X POST -H "Content-Type: application/json" -H "X-MAC: 01:23:45:AB:CD:EF" -H "X-Serial: 123456"  -d '{"ietf-sztp-bootstrap-server:input" : {"progress-type" :"bootstrap-complete","message":"SZTP Bootstrap using server (https://[::1]:12345) successfully completed"}}' https://[::1]:12345/restconf/operations/ietf-sztp-bootstrap-server:report-progress

Expanded request body for reference:

{
  "ietf-sztp-bootstrap-server:input" : {
    "progress-type" :"bootstrap-complete",
    "message":"SZTP Bootstrap using server (https://[2001:4860:f802::41]:15000) successfully completed"
  }
}

Response from server to switch

No response body returned (HTTP 204 No Content)

TPM Enrollment and Attestation

The server also supports TPM enrollment and attestation. The request and responses for /tpm-enrollment:issue-aik-cert and /tpm-enrollment:verify-attestation-credential requests use JSON-encoded Protocol Buffers as the body. These operations aren't defined as a part of sZTP, but are supported by the server with extra HTTP endpoints.

TPM Enrollment (issue-aik-cert)

Request from switch to server

Full curl request sent to server:

curl --cacert testdata/trustAnchorCertificate.pem -X POST -H "Content-Type: application/json" -H "X-MAC: 01:23:45:AB:CD:EF" -H "X-Serial: 123456"  -d '{"deviceId" : { "deviceSerialNumber" : "123456", "deviceManufacturer" : "vendor123", "deviceModel" : "model123"}, "tssIdentityRequest" : "base64-encoded-blob", "tpmEnrollmentSessionId" : "session-id-123"}' https://[::1]:12345/tpm-enrollment:issue-aik-cert

Expanded request body for reference (JSON encoding of the IssueAikCertRequest proto defined in proto/tpm_enrollment.proto):

{
  "deviceId" : { 
    "deviceSerialNumber" : "123456", 
    "deviceManufacturer" : "vendor123", 
    "deviceModel" : "model123"
  }, 
  "tssIdentityRequest" : "base64-encoded-blob", 
  "tpmEnrollmentSessionId" : "session-id-123"
}
Response from server to switch

Full response body from the server (JSON encoding of the IssueAikCertResponse proto defined in proto/tpm_enrollment.proto):

{
  "enc_challenge" : "enc-challenge",
  "enc_data_encryption_key" : "enc-data-encryption-key"
}

Attestation (verify-attestation-credential)

Request from switch to server

Full curl request sent to server:

curl --cacert testdata/trustAnchorCertificate.pem -X POST -H "Content-Type: application/json" -H "X-MAC: 01:23:45:AB:CD:EF" -H "X-Serial: 123456"  -d '{"deviceId" : { "deviceSerialNumber" : "123456", "deviceManufacturer" : "vendor123", "deviceModel" : "model123"}, "credential" : "base64-encoded-blob", "tpmEnrollmentSessionId" : "session-id-123"}' https://[::1]:12345/tpm-enrollment:verify-attestation-credential

Expanded request body for reference (JSON encoding of the VerifyAttestationCredentialRequest proto defined in proto/tpm_enrollment.proto):

{
  "deviceId" : { 
    "deviceSerialNumber" : "123456", 
    "deviceManufacturer" : "vendor123", 
    "deviceModel" : "model123"
  }, 
  "credential" : "base64-encoded-blob", 
  "tpmEnrollmentSessionId" : "session-id-123"
}
Response from server to switch

Full response body from the server (JSON encoding of the VerifyAttestationCredentialResponse proto defined in proto/tpm_enrollment.proto):

{
  "aik_cert" : "aik-cert"
}

Contributing

To contribute to the Open sZTP server, first follow the instructions in the CONTRIBUTING.md file

About

An open-source implementation of a RFC 8572 sZTP server for touchlessly bootstrapping network devices.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

5 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages