Update draft-ietf-client-server models

There is a new drop for drafts, updating the modules we are packaging.
Update them. This aligns the revisions with the models used in
netconf-{client,server}.

Since this requires some code changes, code is cleaned up to eliminate
most of the warnings and take advantage of BindingMap.

JIRA: NETCONF-1073
Change-Id: I5c610d852ab504050cb258c6b42bc6e32e5b19e5
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Signed-off-by: Ruslan Kashapov <ruslan.kashapov@pantheon.tech>

diff --git a/keystore/keystore-api/src/main/yang/ietf-keystore@2022-12-12.yang b/keystore/keystore-api/src/main/yang/ietf-keystore@2023-04-17.yang
similarity index 91%
rename from keystore/keystore-api/src/main/yang/ietf-keystore@2022-12-12.yang
rename to keystore/keystore-api/src/main/yang/ietf-keystore@2023-04-17.yang
index 9424c45ce44b9c4feb3e5096dcf1725f456f2a8d..8e158fabb7690a1fe68fb469bf73424a19785eaf 100644 (file)
--- a/keystore/keystore-api/src/main/yang/ietf-keystore@2022-12-12.yang
+++ b/keystore/keystore-api/src/main/yang/ietf-keystore@2023-04-17.yang
@@ -27,7 +27,7 @@ module ietf-keystore {
     "This module defines a 'keystore' to centralize management
      of security credentials.
 
     "This module defines a 'keystore' to centralize management
      of security credentials.
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -48,7 +48,7 @@ module ietf-keystore {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -66,9 +66,9 @@ module ietf-keystore {
        'ietf-keystore' module).";
   }
 
        'ietf-keystore' module).";
   }
 

-  feature local-definitions-supported {
+  feature inline-definitions-supported {

     description
     description

-      "The 'local-definitions-supported' feature indicates that
+      "The 'inline-definitions-supported' feature indicates that

        the server supports locally-defined keys.";
   }
 
        the server supports locally-defined keys.";
   }
 


@@ -178,9 +178,9 @@ module ietf-keystore {
     }
   }
 
     }
   }
 

-  // local-or-keystore-* groupings
+  // inline-or-keystore-* groupings

 
 

-  grouping local-or-keystore-symmetric-key-grouping {
+  grouping inline-or-keystore-symmetric-key-grouping {

     description
       "A grouping that expands to allow the symmetric key to be
        either stored locally, i.e., within the using data model,
     description
       "A grouping that expands to allow the symmetric key to be
        either stored locally, i.e., within the using data model,


@@ -190,15 +190,15 @@ module ietf-keystore {
        'central-keystore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate keystore locations.";
        'central-keystore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate keystore locations.";

-    choice local-or-keystore {
+    choice inline-or-keystore {

       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the keystore.";
       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the keystore.";

-      case local {
-        if-feature "local-definitions-supported";
-        container local-definition {
+      case inline {
+        if-feature "inline-definitions-supported";
+        container inline-definition {

           description
             "Container to hold the local key definition.";
           uses ct:symmetric-key-grouping;
           description
             "Container to hold the local key definition.";
           uses ct:symmetric-key-grouping;


@@ -216,7 +216,8 @@ module ietf-keystore {
       }
     }
   }
       }
     }
   }

-  grouping local-or-keystore-asymmetric-key-grouping {
+
+  grouping inline-or-keystore-asymmetric-key-grouping {

     description
       "A grouping that expands to allow the asymmetric key to be
        either stored locally, i.e., within the using data model,
     description
       "A grouping that expands to allow the asymmetric key to be
        either stored locally, i.e., within the using data model,


@@ -226,15 +227,15 @@ module ietf-keystore {
        'central-keystore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate keystore locations.";
        'central-keystore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate keystore locations.";

-    choice local-or-keystore {
+    choice inline-or-keystore {

       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the keystore.";
       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the keystore.";

-      case local {
-        if-feature "local-definitions-supported";
-        container local-definition {
+      case inline {
+        if-feature "inline-definitions-supported";
+        container inline-definition {

           description
             "Container to hold the local key definition.";
           uses ct:asymmetric-key-pair-grouping;
           description
             "Container to hold the local key definition.";
           uses ct:asymmetric-key-pair-grouping;


@@ -256,7 +257,7 @@ module ietf-keystore {
     }
   }
 
     }
   }
 

-  grouping local-or-keystore-asymmetric-key-with-certs-grouping {
+  grouping inline-or-keystore-asymmetric-key-with-certs-grouping {

     description
       "A grouping that expands to allow an asymmetric key and
        its associated certificates to be either stored locally,
     description
       "A grouping that expands to allow an asymmetric key and
        its associated certificates to be either stored locally,


@@ -268,15 +269,15 @@ module ietf-keystore {
        'central-keystore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate keystore locations.";
        'central-keystore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate keystore locations.";

-    choice local-or-keystore {
+    choice inline-or-keystore {

       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the keystore.";
       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the keystore.";

-      case local {
-        if-feature "local-definitions-supported";
-        container local-definition {
+      case inline {
+        if-feature "inline-definitions-supported";
+        container inline-definition {

           description
             "Container to hold the local key definition.";
           uses ct:asymmetric-key-pair-with-certs-grouping;
           description
             "Container to hold the local key definition.";
           uses ct:asymmetric-key-pair-with-certs-grouping;


@@ -296,7 +297,7 @@ module ietf-keystore {
     }
   }
 
     }
   }
 

-  grouping local-or-keystore-end-entity-cert-with-key-grouping {
+  grouping inline-or-keystore-end-entity-cert-with-key-grouping {

     description
       "A grouping that expands to allow an end-entity certificate
        (and its associated asymmetric key pair) to be either stored
     description
       "A grouping that expands to allow an end-entity certificate
        (and its associated asymmetric key pair) to be either stored


@@ -307,15 +308,15 @@ module ietf-keystore {
        'central-keystore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate keystore locations.";
        'central-keystore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate keystore locations.";

-    choice local-or-keystore {
+    choice inline-or-keystore {

       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the keystore.";
       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the keystore.";

-      case local {
-        if-feature "local-definitions-supported";
-        container local-definition {
+      case inline {
+        if-feature "inline-definitions-supported";
+        container inline-definition {

           description
             "Container to hold the local key definition.";
           uses ct:asymmetric-key-pair-with-cert-grouping;
           description
             "Container to hold the local key definition.";
           uses ct:asymmetric-key-pair-with-cert-grouping;


@@ -339,7 +340,7 @@ module ietf-keystore {
     description
       "Grouping definition enables use in other contexts.  If ever
        done, implementations MUST augment new 'case' statements
     description
       "Grouping definition enables use in other contexts.  If ever
        done, implementations MUST augment new 'case' statements

-       into the various local-or-keystore 'choice' statements to
+       into the various inline-or-keystore 'choice' statements to

        supply leafrefs to the model-specific location(s).";
     container asymmetric-keys {
       nacm:default-deny-write;
        supply leafrefs to the model-specific location(s).";
     container asymmetric-keys {
       nacm:default-deny-write;

diff --git a/keystore/keystore-none/src/main/java/org/opendaylight/netconf/keystore/none/NoneKeystoreFeatureProvider.java b/keystore/keystore-none/src/main/java/org/opendaylight/netconf/keystore/none/NoneKeystoreFeatureProvider.java
index 68cabcf46da6a50ff73dce631cfe109dc874e3a8..c31f824bad898ecccab802764ed26e2049d93cbe 100644 (file)
--- a/keystore/keystore-none/src/main/java/org/opendaylight/netconf/keystore/none/NoneKeystoreFeatureProvider.java
+++ b/keystore/keystore-none/src/main/java/org/opendaylight/netconf/keystore/none/NoneKeystoreFeatureProvider.java
@@ -10,9 +10,9 @@ package org.opendaylight.netconf.keystore.none;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.AsymmetricKeys;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.IetfKeystoreData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalDefinitionsSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.AsymmetricKeys;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.IetfKeystoreData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineDefinitionsSupported;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 


@@ -29,6 +29,6 @@ public final class NoneKeystoreFeatureProvider implements YangFeatureProvider<Ie
 
     @Override
     public Set<? extends YangFeature<?, IetfKeystoreData>> supportedFeatures() {
 
     @Override
     public Set<? extends YangFeature<?, IetfKeystoreData>> supportedFeatures() {

-        return Set.of(LocalDefinitionsSupported.VALUE, AsymmetricKeys.VALUE);
+        return Set.of(InlineDefinitionsSupported.VALUE, AsymmetricKeys.VALUE);

     }
 }
     }
 }

diff --git a/model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2022-12-12.yang b/model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2023-04-17.yang
similarity index 87%
rename from model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2022-12-12.yang
rename to model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2023-04-17.yang
index 342dde899c0151c05089d99976d0e4b40224c6e9..ddabbeec52400979eb83642a548ed7491e8a438b 100644 (file)
--- a/model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2022-12-12.yang
+++ b/model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2023-04-17.yang
@@ -27,7 +27,7 @@ module ietf-crypto-types {
     "This module defines common YANG types for cryptographic
      applications.
 
     "This module defines common YANG types for cryptographic
      applications.
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -48,7 +48,7 @@ module ietf-crypto-types {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -94,16 +94,9 @@ module ietf-crypto-types {
       "Indicates that the server supports the
        'cms-encrypted-data-format' identity.";
   }
       "Indicates that the server supports the
        'cms-encrypted-data-format' identity.";
   }

-
-  feature csr-generation {
+  feature p10-csr-format {

     description
     description

-      "Indicates that the server implements the
-       'generate-csr' action.";
-  }
-
-  feature p10-based-csrs {
-    description
-      "Indicates that the erver implements support
+      "Indicates that the server implements support

        for generating P10-based CSRs, as defined
        in RFC 2986.";
     reference
        for generating P10-based CSRs, as defined
        in RFC 2986.";
     reference


@@ -111,30 +104,59 @@ module ietf-crypto-types {
                  Specification Version 1.7";
   }
 
                  Specification Version 1.7";
   }
 

+  feature csr-generation {
+    description
+      "Indicates that the server implements the
+       'generate-csr' action.";
+  }
+

   feature certificate-expiration-notification {
     description
       "Indicates that the server implements the
        'certificate-expiration' notification.";
   }
 
   feature certificate-expiration-notification {
     description
       "Indicates that the server implements the
        'certificate-expiration' notification.";
   }
 

-  feature hidden-keys {
+  feature cleartext-passwords {

     description
     description

-      "Indicates that the server supports hidden keys.";
+      "Indicates that the server supports cleartext
+       passwords.";

   }
 
   }
 

-  feature password-encryption {
+  feature encrypted-passwords {

     description
       "Indicates that the server supports password
        encryption.";
   }
 
     description
       "Indicates that the server supports password
        encryption.";
   }
 

-  feature symmetric-key-encryption {
+  feature cleartext-symmetric-keys {
+    description
+      "Indicates that the server supports cleartext
+       symmetric keys.";
+  }
+
+  feature hidden-symmetric-keys {
+    description
+      "Indicates that the server supports hidden keys.";
+  }
+
+  feature encrypted-symmetric-keys {

     description
       "Indicates that the server supports encryption
        of symmetric keys.";
   }
 
     description
       "Indicates that the server supports encryption
        of symmetric keys.";
   }
 

-  feature private-key-encryption {
+  feature cleartext-private-keys {
+    description
+      "Indicates that the server supports cleartext
+       private keys.";
+  }
+
+  feature hidden-private-keys {
+    description
+      "Indicates that the server supports hidden keys.";
+  }
+
+  feature encrypted-private-keys {

     description
       "Indicates that the server supports encryption
        of private keys.";
     description
       "Indicates that the server supports encryption
        of private keys.";


@@ -166,20 +188,35 @@ module ietf-crypto-types {
   identity rsa-private-key-format {
     base private-key-format;
     description
   identity rsa-private-key-format {
     base private-key-format;
     description

-      "Indicates that the private key value is encoded
-       as an RSAPrivateKey (from RFC 3447).";
+      "Indicates that the private key value is encoded as
+       an RSAPrivateKey (from RFC 3447), encoded using ASN.1
+       distinguished encoding rules (DER), as specified in
+       ITU-T X.690.";

     reference
     reference

-      "RFC 3447: PKCS #1: RSA Cryptography
-                 Specifications Version 2.2";
+      "RFC 3447:
+         PKCS #1: RSA Cryptography Specifications Version 2.2
+       ITU-T X.690:
+         Information technology - ASN.1 encoding rules:
+         Specification of Basic Encoding Rules (BER),
+         Canonical Encoding Rules (CER) and Distinguished
+         Encoding Rules (DER) 02/2021.";

   }
 
   identity ec-private-key-format {
     base private-key-format;
     description
   }
 
   identity ec-private-key-format {
     base private-key-format;
     description

-      "Indicates that the private key value is encoded
-       as an ECPrivateKey (from RFC 5915)";
+      "Indicates that the private key value is encoded as
+       an ECPrivateKey (from RFC 5915), encoded using ASN.1
+       distinguished encoding rules (DER), as specified in
+       ITU-T X.690.";

     reference
     reference

-      "RFC 5915: Elliptic Curve Private Key Structure";
+      "RFC 5915:
+         Elliptic Curve Private Key Structure
+       ITU-T X.690:
+         Information technology - ASN.1 encoding rules:
+         Specification of Basic Encoding Rules (BER),
+         Canonical Encoding Rules (CER) and Distinguished
+         Encoding Rules (DER) 02/2021.";

   }
 
   identity one-asymmetric-key-format {
   }
 
   identity one-asymmetric-key-format {


@@ -196,7 +233,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   /***************************************************/
   }
 
   /***************************************************/


@@ -231,7 +268,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   /******************************************************/
   }
 
   /******************************************************/


@@ -245,11 +282,10 @@ module ietf-crypto-types {
        The length of the octet string MUST be appropriate for
        the associated algorithm's block size.
 
        The length of the octet string MUST be appropriate for
        the associated algorithm's block size.
 

-       How the associated algorithm is known is outside the
-       scope of this module.  This statement also applies when
-       the octet string has been encrypted.";
+        The identity of the associated algorithm is outside the
+        scope of this specification.  This is also true when
+        the octet string has been encrypted.";

   }
   }

-

   identity one-symmetric-key-format {
     if-feature "one-symmetric-key-format";
     base symmetric-key-format;
   identity one-symmetric-key-format {
     if-feature "one-symmetric-key-format";
     base symmetric-key-format;


@@ -265,7 +301,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   /*************************************************/
   }
 
   /*************************************************/


@@ -306,7 +342,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   identity cms-enveloped-data-format {
   }
 
   identity cms-enveloped-data-format {


@@ -343,7 +379,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   /*********************************************************/
   }
 
   /*********************************************************/


@@ -357,8 +393,8 @@ module ietf-crypto-types {
        by future efforts.";
   }
 
        by future efforts.";
   }
 

-  identity p10-csr {
-    if-feature "p10-based-csrs";
+  identity p10-csr-format {
+    if-feature "p10-csr-format";

     base csr-format;
     description
       "Indicates the 'CertificationRequest' structure
     base csr-format;
     description
       "Indicates the 'CertificationRequest' structure


@@ -385,7 +421,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   typedef p10-csr {
   }
 
   typedef p10-csr {


@@ -402,7 +438,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   /***************************************************/
   }
 
   /***************************************************/


@@ -423,7 +459,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   typedef crl {
   }
 
   typedef crl {


@@ -440,12 +476,13 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   /***************************************************/
   /*   Typedefs for ASN.1 structures from RFC 6960   */
   /***************************************************/
   }
 
   /***************************************************/
   /*   Typedefs for ASN.1 structures from RFC 6960   */
   /***************************************************/

+

   typedef oscp-request {
     type binary;
     description
   typedef oscp-request {
     type binary;
     description


@@ -460,7 +497,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   typedef oscp-response {
   }
 
   typedef oscp-response {


@@ -477,7 +514,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   /***********************************************/
   }
 
   /***********************************************/


@@ -497,7 +534,7 @@ module ietf-crypto-types {
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished

-         Encoding Rules (DER).";
+         Encoding Rules (DER) 02/2021.";

   }
 
   typedef data-content-cms {
   }
 
   typedef data-content-cms {


@@ -591,7 +628,7 @@ module ietf-crypto-types {
 
        The CMS MUST contain only a single chain of certificates.
        The client or end-entity certificate MUST only authenticate
 
        The CMS MUST contain only a single chain of certificates.
        The client or end-entity certificate MUST only authenticate

-       to last intermediate CA certificate listed in the chain.
+       to the last intermediate CA certificate listed in the chain.

 
        In all cases, the chain MUST include a self-signed root
        certificate.  In the case where the root certificate is
 
        In all cases, the chain MUST include a self-signed root
        certificate.  In the case where the root certificate is


@@ -604,12 +641,15 @@ module ietf-crypto-types {
        verify the revocation status of the certificates.
 
        This CMS encodes the degenerate form of the SignedData
        verify the revocation status of the certificates.
 
        This CMS encodes the degenerate form of the SignedData

-       structure that is commonly used to disseminate X.509
-       certificates and revocation objects (RFC 5280).";
+       structure (RFC 5652, Section 5.2) that is commonly used
+       to disseminate X.509 certificates and revocation objects
+       (RFC 5280).";

     reference
       "RFC 5280:
          Internet X.509 Public Key Infrastructure Certificate
     reference
       "RFC 5280:
          Internet X.509 Public Key Infrastructure Certificate

-         and Certificate Revocation List (CRL) Profile.";
+         and Certificate Revocation List (CRL) Profile.
+       RFC 5652:
+         Cryptographic Message Syntax (CMS)";

   }
 
   typedef end-entity-cert-cms {
   }
 
   typedef end-entity-cert-cms {


@@ -630,12 +670,16 @@ module ietf-crypto-types {
        verify the revocation status of the certificates.
 
        This CMS encodes the degenerate form of the SignedData
        verify the revocation status of the certificates.
 
        This CMS encodes the degenerate form of the SignedData

-       structure that is commonly used to disseminate X.509
-       certificates and revocation objects (RFC 5280).";
+       structure (RFC 5652, Section 5.2) that is commonly
+       used to disseminate X.509 certificates and revocation
+       objects (RFC 5280).";
+

     reference
       "RFC 5280:
          Internet X.509 Public Key Infrastructure Certificate
     reference
       "RFC 5280:
          Internet X.509 Public Key Infrastructure Certificate

-         and Certificate Revocation List (CRL) Profile.";
+         and Certificate Revocation List (CRL) Profile.
+       RFC 5652:
+         Cryptographic Message Syntax (CMS)";

   }
 
   /*****************/
   }
 
   /*****************/


@@ -658,7 +702,8 @@ module ietf-crypto-types {
          via a leaf node called 'asymmetric-key-ref'.
 
          The leaf nodes MUST be direct descendants in the data tree,
          via a leaf node called 'asymmetric-key-ref'.
 
          The leaf nodes MUST be direct descendants in the data tree,

-         and MAY be direct descendants in the schema tree.";
+         and MAY be direct descendants in the schema tree (e.g.,
+         choice/case statements are allowed, but not a container).";

     }
     leaf encrypted-value-format {
       type identityref {
     }
     leaf encrypted-value-format {
       type identityref {


@@ -691,13 +736,14 @@ module ietf-crypto-types {
 
   grouping password-grouping {
     description
 
   grouping password-grouping {
     description

-      "A password that MAY be encrypted.";
+      "A password that may be encrypted.";

     choice password-type {
       nacm:default-deny-write;
       mandatory true;
       description
         "Choice between password types.";
       case cleartext-password {
     choice password-type {
       nacm:default-deny-write;
       mandatory true;
       description
         "Choice between password types.";
       case cleartext-password {

+        if-feature "cleartext-passwords";

         leaf cleartext-password {
           nacm:default-deny-all;
           type string;
         leaf cleartext-password {
           nacm:default-deny-all;
           type string;


@@ -706,7 +752,7 @@ module ietf-crypto-types {
         }
       }
       case encrypted-password {
         }
       }
       case encrypted-password {

-        if-feature "password-encryption";
+        if-feature "encrypted-passwords";

         container encrypted-password {
           description
             "A container for the encrypted password value.";
         container encrypted-password {
           description
             "A container for the encrypted password value.";


@@ -729,8 +775,9 @@ module ietf-crypto-types {
          SHOULD ensure that the incoming symmetric key value is
          encoded in the specified format.
 
          SHOULD ensure that the incoming symmetric key value is
          encoded in the specified format.
 

-         For encrypted keys, the value is the same as it would
-         have been if the key were not encrypted.";
+         For encrypted keys, the value is the decrypted key's
+         format (i.e., the 'encrypted-value-format' conveys the
+         encrypted key's format.";

     }
     choice key-type {
       nacm:default-deny-write;
     }
     choice key-type {
       nacm:default-deny-write;


@@ -739,6 +786,7 @@ module ietf-crypto-types {
         "Choice between key types.";
       case cleartext-key {
         leaf cleartext-key {
         "Choice between key types.";
       case cleartext-key {
         leaf cleartext-key {

+          if-feature "cleartext-symmetric-keys";

           nacm:default-deny-all;
           type binary;
           must '../key-format';
           nacm:default-deny-all;
           type binary;
           must '../key-format';


@@ -748,7 +796,7 @@ module ietf-crypto-types {
         }
       }
       case hidden-key {
         }
       }
       case hidden-key {

-        if-feature "hidden-keys";
+        if-feature "hidden-symmetric-keys";

         leaf hidden-key {
           type empty;
           must 'not(../key-format)';
         leaf hidden-key {
           type empty;
           must 'not(../key-format)';


@@ -758,7 +806,7 @@ module ietf-crypto-types {
         }
       }
       case encrypted-key {
         }
       }
       case encrypted-key {

-        if-feature "symmetric-key-encryption";
+        if-feature "encrypted-symmetric-keys";

         container encrypted-key {
           must '../key-format';
           description
         container encrypted-key {
           must '../key-format';
           description


@@ -810,8 +858,9 @@ module ietf-crypto-types {
          ensure that the incoming private key value is encoded in the
          specified format.
 
          ensure that the incoming private key value is encoded in the
          specified format.
 

-         For encrypted keys, the value is the same as it would have
-         been if the key were not encrypted.";
+         For encrypted keys, the value is the decrypted key's
+         format (i.e., the 'encrypted-value-format' conveys the
+         encrypted key's format.";

     }
     choice private-key-type {
       nacm:default-deny-write;
     }
     choice private-key-type {
       nacm:default-deny-write;


@@ -819,6 +868,7 @@ module ietf-crypto-types {
       description
         "Choice between key types.";
       case cleartext-private-key {
       description
         "Choice between key types.";
       case cleartext-private-key {

+        if-feature "cleartext-private-keys";

         leaf cleartext-private-key {
           nacm:default-deny-all;
           type binary;
         leaf cleartext-private-key {
           nacm:default-deny-all;
           type binary;


@@ -829,7 +879,7 @@ module ietf-crypto-types {
         }
       }
       case hidden-private-key {
         }
       }
       case hidden-private-key {

-        if-feature "hidden-keys";
+        if-feature "hidden-private-keys";

         leaf hidden-private-key {
           type empty;
           must 'not(../private-key-format)';
         leaf hidden-private-key {
           type empty;
           must 'not(../private-key-format)';


@@ -839,7 +889,7 @@ module ietf-crypto-types {
         }
       }
       case encrypted-private-key {
         }
       }
       case encrypted-private-key {

-        if-feature "private-key-encryption";
+        if-feature "encrypted-private-keys";

         container encrypted-private-key {
           must '../private-key-format';
           description
         container encrypted-private-key {
           must '../private-key-format';
           description


@@ -929,7 +979,7 @@ module ietf-crypto-types {
           }
           mandatory true;
           description
           }
           mandatory true;
           description

-            "Specifies the format for the returned certifiacte.";
+            "Specifies the format for the returned certificate.";

         }
         leaf csr-info {
           type csr-info;
         }
         leaf csr-info {
           type csr-info;


@@ -983,7 +1033,7 @@ module ietf-crypto-types {
   grouping asymmetric-key-pair-with-cert-grouping {
     description
       "A private/public key pair and an associated certificate.
   grouping asymmetric-key-pair-with-cert-grouping {
     description
       "A private/public key pair and an associated certificate.

-       Implementations SHOULD assert that certificates contain
+       Implementations SHOULD assert that the certificate contains

        the matching public key.";
     uses asymmetric-key-pair-grouping;
     uses end-entity-cert-grouping;
        the matching public key.";
     uses asymmetric-key-pair-grouping;
     uses end-entity-cert-grouping;


@@ -992,9 +1042,9 @@ module ietf-crypto-types {
 
   grouping asymmetric-key-pair-with-certs-grouping {
     description
 
   grouping asymmetric-key-pair-with-certs-grouping {
     description

-      "A private/public key pair and associated certificates.
-       Implementations SHOULD assert that certificates contain
-       the matching public key.";
+      "A private/public key pair and a list of associated
+       certificates.  Implementations SHOULD assert that
+       certificates contain the matching public key.";

     uses asymmetric-key-pair-grouping;
     container certificates {
       nacm:default-deny-write;
     uses asymmetric-key-pair-grouping;
     container certificates {
       nacm:default-deny-write;

diff --git a/transport/transport-ssh/pom.xml b/transport/transport-ssh/pom.xml
index 5fcb2fb4e61d8002d8d82de2f128cee71cc6d93a..bdbd05ddfe58b5bdedacef3e85fa2162e13f5621 100644 (file)
--- a/transport/transport-ssh/pom.xml
+++ b/transport/transport-ssh/pom.xml
@@ -43,6 +43,10 @@
             <groupId>io.netty</groupId>
             <artifactId>netty-transport</artifactId>
         </dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-transport</artifactId>
         </dependency>

+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk18on</artifactId>
+        </dependency>

         <dependency>
             <groupId>org.kohsuke.metainf-services</groupId>
             <artifactId>metainf-services</artifactId>
         <dependency>
             <groupId>org.kohsuke.metainf-services</groupId>
             <artifactId>metainf-services</artifactId>


@@ -72,8 +76,8 @@
             <artifactId>truststore-api</artifactId>
         </dependency>
         <dependency>
             <artifactId>truststore-api</artifactId>
         </dependency>
         <dependency>

-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk18on</artifactId>
+            <groupId>org.opendaylight.netconf.model</groupId>
+            <artifactId>draft-ietf-netconf-crypto-types</artifactId>

         </dependency>
 
         <!-- testing -->
         </dependency>
 
         <!-- testing -->


@@ -89,6 +93,10 @@
             <artifactId>bcpkix-jdk18on</artifactId>
             <scope>test</scope>
         </dependency>
             <artifactId>bcpkix-jdk18on</artifactId>
             <scope>test</scope>
         </dependency>

-
+        <dependency>
+            <groupId>org.opendaylight.mdsal.binding.model.ietf</groupId>
+            <artifactId>rfc6991-ietf-inet-types</artifactId>
+            <scope>test</scope>
+        </dependency>

     </dependencies>
 </project>
     </dependencies>
 </project>

diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/ConfigUtils.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/ConfigUtils.java
index 8dc4cae09fff962c51259f501198b767e18a4391..c269465d5d5c30a3f9ed759cb9dec17d0ed6f1ff 100644 (file)
--- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/ConfigUtils.java
+++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/ConfigUtils.java
@@ -25,17 +25,17 @@ import org.opendaylight.netconf.shaded.sshd.common.kex.KeyExchangeFactory;
 import org.opendaylight.netconf.shaded.sshd.common.session.SessionHeartbeatController;
 import org.opendaylight.netconf.shaded.sshd.server.ServerFactoryManager;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.opendaylight.netconf.shaded.sshd.common.session.SessionHeartbeatController;
 import org.opendaylight.netconf.shaded.sshd.server.ServerFactoryManager;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.AsymmetricKeyPairGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.server.authentication.SshHostKeys;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.TransportParamsGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.transport.params.grouping.KeyExchange;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.LocalOrTruststoreCertsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.AsymmetricKeyPairGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.SshHostKeys;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.TransportParamsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.KeyExchange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping;

 import org.opendaylight.yangtools.yang.common.Uint16;
 import org.opendaylight.yangtools.yang.common.Uint8;
 
 import org.opendaylight.yangtools.yang.common.Uint16;
 import org.opendaylight.yangtools.yang.common.Uint8;
 


@@ -73,7 +73,7 @@ final class ConfigUtils {
     }
 
     static void setKeepAlives(final @NonNull ServerFactoryManager factoryMgr,
     }
 
     static void setKeepAlives(final @NonNull ServerFactoryManager factoryMgr,

-            final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+            final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417

                     .ssh.server.grouping.Keepalives keepAlives) {
         setKeepAlives(factoryMgr,
                 keepAlives == null ? null : keepAlives.getMaxWait(),
                     .ssh.server.grouping.Keepalives keepAlives) {
         setKeepAlives(factoryMgr,
                 keepAlives == null ? null : keepAlives.getMaxWait(),


@@ -81,7 +81,7 @@ final class ConfigUtils {
     }
 
     static void setKeepAlives(final @NonNull ClientFactoryManager factoryMgr,
     }
 
     static void setKeepAlives(final @NonNull ClientFactoryManager factoryMgr,

-            final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212
+            final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417

                     .ssh.client.grouping.Keepalives keepAlives) {
         setKeepAlives(factoryMgr,
                 keepAlives == null ? null : keepAlives.getMaxWait(),
                     .ssh.client.grouping.Keepalives keepAlives) {
         setKeepAlives(factoryMgr,
                 keepAlives == null ? null : keepAlives.getMaxWait(),


@@ -91,25 +91,25 @@ final class ConfigUtils {
     @SuppressFBWarnings(value = "DLS_DEAD_LOCAL_STORE", justification = "maxAttempts usage need clarification")
     private static void setKeepAlives(final @NonNull FactoryManager factoryMgr, final @Nullable Uint16 cfgMaxWait,
             final @Nullable Uint8 cfgMaxAttempts) {
     @SuppressFBWarnings(value = "DLS_DEAD_LOCAL_STORE", justification = "maxAttempts usage need clarification")
     private static void setKeepAlives(final @NonNull FactoryManager factoryMgr, final @Nullable Uint16 cfgMaxWait,
             final @Nullable Uint8 cfgMaxAttempts) {

-        // FIXME utilize max attempts
+        // FIXME: utilize max attempts

         final var maxAttempts = cfgMaxAttempts == null ? KEEP_ALIVE_DEFAULT_ATTEMPTS : cfgMaxAttempts.intValue();
         final var maxWait = cfgMaxWait == null ? KEEP_ALIVE_DEFAULT_MAX_WAIT : cfgMaxWait.intValue();
         factoryMgr.setSessionHeartbeat(SessionHeartbeatController.HeartbeatType.RESERVED, Duration.ofSeconds(maxWait));
     }
 
     static List<KeyPair> extractServerHostKeys(
         final var maxAttempts = cfgMaxAttempts == null ? KEEP_ALIVE_DEFAULT_ATTEMPTS : cfgMaxAttempts.intValue();
         final var maxWait = cfgMaxWait == null ? KEEP_ALIVE_DEFAULT_MAX_WAIT : cfgMaxWait.intValue();
         factoryMgr.setSessionHeartbeat(SessionHeartbeatController.HeartbeatType.RESERVED, Duration.ofSeconds(maxWait));
     }
 
     static List<KeyPair> extractServerHostKeys(

-            final List<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+            final List<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417

                     .ssh.server.grouping.server.identity.HostKey> serverHostKeys)
             throws UnsupportedConfigurationException {
         var listBuilder = ImmutableList.<KeyPair>builder();
         for (var hostKey : serverHostKeys) {
             if (hostKey.getHostKeyType()
                     .ssh.server.grouping.server.identity.HostKey> serverHostKeys)
             throws UnsupportedConfigurationException {
         var listBuilder = ImmutableList.<KeyPair>builder();
         for (var hostKey : serverHostKeys) {
             if (hostKey.getHostKeyType()

-                    instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+                    instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417

                     .ssh.server.grouping.server.identity.host.key.host.key.type.PublicKey publicKey
                     && publicKey.getPublicKey() != null) {
                     .ssh.server.grouping.server.identity.host.key.host.key.type.PublicKey publicKey
                     && publicKey.getPublicKey() != null) {

-                listBuilder.add(extractKeyPair(publicKey.getPublicKey().getLocalOrKeystore()));
+                listBuilder.add(extractKeyPair(publicKey.getPublicKey().getInlineOrKeystore()));

             } else if (hostKey.getHostKeyType()
             } else if (hostKey.getHostKeyType()

-                    instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+                    instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417

                     .ssh.server.grouping.server.identity.host.key.host.key.type.Certificate certificate
                     && certificate.getCertificate() != null) {
                 listBuilder.add(extractCertificateEntry(certificate.getCertificate()).getKey());
                     .ssh.server.grouping.server.identity.host.key.host.key.type.Certificate certificate
                     && certificate.getCertificate() != null) {
                 listBuilder.add(extractCertificateEntry(certificate.getCertificate()).getKey());


@@ -119,16 +119,16 @@ final class ConfigUtils {
     }
 
     static KeyPair extractKeyPair(
     }
 
     static KeyPair extractKeyPair(

-            final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                    .local.or.keystore.asymmetric.key.grouping.LocalOrKeystore input)
+            final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+                    .inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore input)

             throws UnsupportedConfigurationException {
             throws UnsupportedConfigurationException {

-        final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                .local.or.keystore.asymmetric.key.grouping.local.or.keystore.Local.class, input);
-        final var localDef = local.getLocalDefinition();
-        if (localDef == null) {
-            throw new UnsupportedConfigurationException("Missing local definition in " + local);
+        final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+                .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline.class, input);
+        final var inlineDef = inline.getInlineDefinition();
+        if (inlineDef == null) {
+            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);

         }
         }

-        return extractKeyPair(localDef);
+        return extractKeyPair(inlineDef);

     }
 
     private static KeyPair extractKeyPair(final AsymmetricKeyPairGrouping input)
     }
 
     private static KeyPair extractKeyPair(final AsymmetricKeyPairGrouping input)


@@ -172,36 +172,36 @@ final class ConfigUtils {
         return new KeyPair(publicKey, privateKey);
     }
 
         return new KeyPair(publicKey, privateKey);
     }
 

-    static List<Certificate> extractCertificates(@Nullable final LocalOrTruststoreCertsGrouping input)
+    static List<Certificate> extractCertificates(final @Nullable InlineOrTruststoreCertsGrouping input)

             throws UnsupportedConfigurationException {
         if (input == null) {
             return List.of();
         }
             throws UnsupportedConfigurationException {
         if (input == null) {
             return List.of();
         }

-        final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
-                        .rev221212.local.or.truststore.certs.grouping.local.or.truststore.Local.class,
-                input.getLocalOrTruststore());
-        final var localDef = local.getLocalDefinition();
-        if (localDef == null) {
-            throw new UnsupportedConfigurationException("Missing local definition in " + local);
+        final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
+                        .rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class,
+                input.getInlineOrTruststore());
+        final var inlineDef = inline.getInlineDefinition();
+        if (inlineDef == null) {
+            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);

         }
         final var listBuilder = ImmutableList.<Certificate>builder();
         }
         final var listBuilder = ImmutableList.<Certificate>builder();

-        for (var cert : localDef.nonnullCertificate().values()) {
+        for (var cert : inlineDef.nonnullCertificate().values()) {

             listBuilder.add(KeyUtils.buildX509Certificate(cert.requireCertData().getValue()));
         }
         return listBuilder.build();
     }
 
     private static Map.Entry<KeyPair, List<X509Certificate>> extractCertificateEntry(
             listBuilder.add(KeyUtils.buildX509Certificate(cert.requireCertData().getValue()));
         }
         return listBuilder.build();
     }
 
     private static Map.Entry<KeyPair, List<X509Certificate>> extractCertificateEntry(

-            final LocalOrKeystoreEndEntityCertWithKeyGrouping input) throws UnsupportedConfigurationException {
-        final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                        .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.Local.class,
-                input.getLocalOrKeystore());
-        final var localDef = local.getLocalDefinition();
-        if (localDef == null) {
-            throw new UnsupportedConfigurationException("Missing local definition in " + local);
+            final InlineOrKeystoreEndEntityCertWithKeyGrouping input) throws UnsupportedConfigurationException {
+        final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+                        .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline.class,
+                input.getInlineOrKeystore());
+        final var inlineDef = inline.getInlineDefinition();
+        if (inlineDef == null) {
+            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);

         }
         }

-        final var keyPair = extractKeyPair(localDef);
-        final var certificate = KeyUtils.buildX509Certificate(localDef.requireCertData().getValue());
+        final var keyPair = extractKeyPair(inlineDef);
+        final var certificate = KeyUtils.buildX509Certificate(inlineDef.requireCertData().getValue());

         /*
           ietf-crypto-types:asymmetric-key-pair-with-cert-grouping
           "A private/public key pair and an associated certificate.
         /*
           ietf-crypto-types:asymmetric-key-pair-with-cert-grouping
           "A private/public key pair and an associated certificate.


@@ -221,30 +221,34 @@ final class ConfigUtils {
     }
 
     static List<PublicKey> extractPublicKeys(
     }
 
     static List<PublicKey> extractPublicKeys(

-            final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                    .local.or.truststore._public.keys.grouping.LocalOrTruststore input)
+            final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+                    .inline.or.truststore._public.keys.grouping.InlineOrTruststore input)

             throws UnsupportedConfigurationException {
             throws UnsupportedConfigurationException {

-        final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore._public.keys.grouping.local.or.truststore.Local.class, input);
-        final var localDef = local.getLocalDefinition();
-        if (localDef == null) {
-            throw new UnsupportedConfigurationException("Missing local definition in " + local);
+        final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+                .inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline.class, input);
+        final var inlineDef = inline.getInlineDefinition();
+        if (inlineDef == null) {
+            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);

         }
         }

+
+        final var publicKey = inlineDef.getPublicKey();
+        if (publicKey == null) {
+            return List.of();
+        }
+

         final var listBuilder = ImmutableList.<PublicKey>builder();
         final var listBuilder = ImmutableList.<PublicKey>builder();

-        if (localDef.getPublicKey() != null && localDef.getPublicKey().entrySet() != null) {
-            for (var entry : localDef.getPublicKey().entrySet()) {
-                if (!SshPublicKeyFormat.VALUE.equals(entry.getValue().getPublicKeyFormat())) {
-                    throw new UnsupportedConfigurationException("ssh public key format is expected");
-                }
-                listBuilder.add(KeyUtils.buildPublicKeyFromSshEncoding(entry.getValue().getPublicKey()));
+        for (var entry : publicKey.entrySet()) {
+            if (!SshPublicKeyFormat.VALUE.equals(entry.getValue().getPublicKeyFormat())) {
+                throw new UnsupportedConfigurationException("ssh public key format is expected");

             }
             }

+            listBuilder.add(KeyUtils.buildPublicKeyFromSshEncoding(entry.getValue().getPublicKey()));

         }
         return listBuilder.build();
     }
 
     static List<PublicKey> extractPublicKeys(final @Nullable SshHostKeys sshHostKeys)
             throws UnsupportedConfigurationException {
         }
         return listBuilder.build();
     }
 
     static List<PublicKey> extractPublicKeys(final @Nullable SshHostKeys sshHostKeys)
             throws UnsupportedConfigurationException {

-        return sshHostKeys == null ? List.of() : extractPublicKeys(sshHostKeys.getLocalOrTruststore());
+        return sshHostKeys == null ? List.of() : extractPublicKeys(sshHostKeys.getInlineOrTruststore());

     }
 
     @FunctionalInterface
     }
 
     @FunctionalInterface

diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshClientProvider.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshClientProvider.java
index 382e6206ad2e9a4e06cba81b3e50154b54a3b6b1..b863ef4c405490046fa01d1274e4a85b767c73e0 100644 (file)
--- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshClientProvider.java
+++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshClientProvider.java
@@ -10,11 +10,11 @@ package org.opendaylight.netconf.transport.ssh;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ClientIdentHostbased;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ClientIdentPassword;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ClientIdentPublickey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.IetfSshClientData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.SshClientKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentHostbased;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentPassword;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentPublickey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.IetfSshClientData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientKeepalives;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 

diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshCommonProvider.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshCommonProvider.java
index b34f45ec939b1a834ebc5e25b2e65dd3f7dc7903..e942352ea85b0c2ac16dab1abb54a433b2a57875 100644 (file)
--- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshCommonProvider.java
+++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshCommonProvider.java
@@ -10,9 +10,9 @@ package org.opendaylight.netconf.transport.ssh;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.IetfSshCommonData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.SshX509Certs;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.TransportParams;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.IetfSshCommonData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.SshX509Certs;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.TransportParams;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 

diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshServerProvider.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshServerProvider.java
index 24fdddb71a8c35c7d5559b93f0bf2e8779d312e5..b0c705acc92fbb576c73ca829533f659fac6d926 100644 (file)
--- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshServerProvider.java
+++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshServerProvider.java
@@ -10,12 +10,12 @@ package org.opendaylight.netconf.transport.ssh;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.IetfSshServerData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.LocalUserAuthHostbased;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.LocalUserAuthPassword;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.LocalUserAuthPublickey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.LocalUsersSupported;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.SshServerKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.IetfSshServerData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthHostbased;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthPassword;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthPublickey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUsersSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerKeepalives;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 

diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHClient.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHClient.java
index 8a7e3b744821477654ec83ca430bd2a18955e80f..3449b8566d010988fd7a8ea4580adcb0988add9d 100644 (file)
--- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHClient.java
+++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHClient.java
@@ -35,12 +35,12 @@ import org.opendaylight.netconf.transport.api.TransportStack;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.opendaylight.netconf.transport.tcp.TCPClient;
 import org.opendaylight.netconf.transport.tcp.TCPServer;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.opendaylight.netconf.transport.tcp.TCPClient;
 import org.opendaylight.netconf.transport.tcp.TCPServer;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.password.grouping.password.type.CleartextPassword;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.SshClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ClientIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ServerAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPassword;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;

 
 /**
  * A {@link TransportStack} acting as an SSH client.
 
 /**
  * A {@link TransportStack} acting as an SSH client.


@@ -55,16 +55,16 @@ public final class SSHClient extends SSHTransportStack {
         super(listener);
         this.clientFactoryManager = clientFactoryManager;
         this.clientFactoryManager.addSessionListener(new UserAuthSessionListener(sessionAuthHandlers, sessions));
         super(listener);
         this.clientFactoryManager = clientFactoryManager;
         this.clientFactoryManager.addSessionListener(new UserAuthSessionListener(sessionAuthHandlers, sessions));

-        this.sessionFactory = new SessionFactory(clientFactoryManager) {
+        sessionFactory = new SessionFactory(clientFactoryManager) {

             @Override
             @Override

-            protected ClientSessionImpl setupSession(ClientSessionImpl session) {
+            protected ClientSessionImpl setupSession(final ClientSessionImpl session) {

                 session.setUsername(username);
                 return session;
             }
         };
                 session.setUsername(username);
                 return session;
             }
         };

-        this.ioService = new SshIoService(this.clientFactoryManager,
+        ioService = new SshIoService(this.clientFactoryManager,

                 new DefaultChannelGroup("sshd-client-channels", GlobalEventExecutor.INSTANCE),
                 new DefaultChannelGroup("sshd-client-channels", GlobalEventExecutor.INSTANCE),

-                this.sessionFactory);
+                sessionFactory);

     }
 
     @Override
     }
 
     @Override


@@ -113,17 +113,19 @@ public final class SSHClient extends SSHTransportStack {
         if (clientIdentity == null || clientIdentity.getNone() != null) {
             return;
         }
         if (clientIdentity == null || clientIdentity.getNone() != null) {
             return;
         }

-        var authFactoriesListBuilder = ImmutableList.<UserAuthFactory>builder();
-        if (clientIdentity.getPassword() != null) {
-            if (clientIdentity.getPassword().getPasswordType() instanceof CleartextPassword clearTextPassword) {
+        final var authFactoriesListBuilder = ImmutableList.<UserAuthFactory>builder();
+        final var password = clientIdentity.getPassword();
+        if (password != null) {
+            if (password.getPasswordType() instanceof CleartextPassword clearTextPassword) {

                 factoryMgr.setPasswordIdentityProvider(
                         PasswordIdentityProvider.wrapPasswords(clearTextPassword.requireCleartextPassword()));
                 authFactoriesListBuilder.add(new UserAuthPasswordFactory());
             }
             // TODO support encrypted password -- requires augmentation of default schema
         }
                 factoryMgr.setPasswordIdentityProvider(
                         PasswordIdentityProvider.wrapPasswords(clearTextPassword.requireCleartextPassword()));
                 authFactoriesListBuilder.add(new UserAuthPasswordFactory());
             }
             // TODO support encrypted password -- requires augmentation of default schema
         }

-        if (clientIdentity.getHostbased() != null) {
-            var keyPair = ConfigUtils.extractKeyPair(clientIdentity.getHostbased().getLocalOrKeystore());
+        final var hostBased = clientIdentity.getHostbased();
+        if (hostBased != null) {
+            var keyPair = ConfigUtils.extractKeyPair(hostBased.getInlineOrKeystore());

             var factory = new UserAuthHostBasedFactory();
             factory.setClientHostKeys(HostKeyIdentityProvider.wrap(keyPair));
             factory.setClientUsername(clientIdentity.getUsername());
             var factory = new UserAuthHostBasedFactory();
             factory.setClientHostKeys(HostKeyIdentityProvider.wrap(keyPair));
             factory.setClientUsername(clientIdentity.getUsername());


@@ -131,8 +133,9 @@ public final class SSHClient extends SSHTransportStack {
             factory.setSignatureFactories(factoryMgr.getSignatureFactories());
             authFactoriesListBuilder.add(factory);
         }
             factory.setSignatureFactories(factoryMgr.getSignatureFactories());
             authFactoriesListBuilder.add(factory);
         }

-        if (clientIdentity.getPublicKey() != null) {
-            final var keyPairs = ConfigUtils.extractKeyPair(clientIdentity.getPublicKey().getLocalOrKeystore());
+        final var publicKey = clientIdentity.getPublicKey();
+        if (publicKey != null) {
+            final var keyPairs = ConfigUtils.extractKeyPair(publicKey.getInlineOrKeystore());

             factoryMgr.setKeyIdentityProvider(KeyIdentityProvider.wrapKeyPairs(keyPairs));
             final var factory = new UserAuthPublicKeyFactory();
             factory.setSignatureFactories(factoryMgr.getSignatureFactories());
             factoryMgr.setKeyIdentityProvider(KeyIdentityProvider.wrapKeyPairs(keyPairs));
             final var factory = new UserAuthPublicKeyFactory();
             factory.setSignatureFactories(factoryMgr.getSignatureFactories());

diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHServer.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHServer.java
index 318c07f18e87beb05c9a41e09cf2a3720ce918d9..f4adf2c70de04ca6a14dccadee2038baa8bff5bd 100644 (file)
--- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHServer.java
+++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHServer.java
@@ -35,11 +35,11 @@ import org.opendaylight.netconf.transport.api.TransportStack;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.opendaylight.netconf.transport.tcp.TCPClient;
 import org.opendaylight.netconf.transport.tcp.TCPServer;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.opendaylight.netconf.transport.tcp.TCPClient;
 import org.opendaylight.netconf.transport.tcp.TCPServer;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.SshServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ClientAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ServerIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;

 
 /**
  * A {@link TransportStack} acting as an SSH server.
 
 /**
  * A {@link TransportStack} acting as an SSH server.


@@ -53,10 +53,10 @@ public final class SSHServer extends SSHTransportStack {
         super(listener);
         this.serverFactoryManager = requireNonNull(serverFactoryManager);
         this.serverFactoryManager.addSessionListener(new UserAuthSessionListener(sessionAuthHandlers, sessions));
         super(listener);
         this.serverFactoryManager = requireNonNull(serverFactoryManager);
         this.serverFactoryManager.addSessionListener(new UserAuthSessionListener(sessionAuthHandlers, sessions));

-        this.serverSessionFactory = new SessionFactory(serverFactoryManager);
-        this.ioService = new SshIoService(this.serverFactoryManager,
+        serverSessionFactory = new SessionFactory(serverFactoryManager);
+        ioService = new SshIoService(this.serverFactoryManager,

                 new DefaultChannelGroup("sshd-server-channels", GlobalEventExecutor.INSTANCE),
                 new DefaultChannelGroup("sshd-server-channels", GlobalEventExecutor.INSTANCE),

-                this.serverSessionFactory);
+                serverSessionFactory);

     }
 
     @Override
     }
 
     @Override


@@ -95,18 +95,18 @@ public final class SSHServer extends SSHTransportStack {
     }
 
     private static void setServerIdentity(final @NonNull ServerFactoryManager factoryMgr,
     }
 
     private static void setServerIdentity(final @NonNull ServerFactoryManager factoryMgr,

-            final @NonNull ServerIdentity serverIdentity) throws UnsupportedConfigurationException {
+            final @Nullable ServerIdentity serverIdentity) throws UnsupportedConfigurationException {

         if (serverIdentity == null) {
             throw new UnsupportedConfigurationException("Server identity configuration is required");
         }
         if (serverIdentity == null) {
             throw new UnsupportedConfigurationException("Server identity configuration is required");
         }

-        if (serverIdentity.getHostKey() != null && !serverIdentity.getHostKey().isEmpty()) {
-            final var serverHostKeyPairs = ConfigUtils.extractServerHostKeys(serverIdentity.getHostKey());
-            if (!serverHostKeyPairs.isEmpty()) {
-                factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(serverHostKeyPairs));
-            }
-        } else {
+        final var hostKey = serverIdentity.getHostKey();
+        if (hostKey == null || hostKey.isEmpty()) {

             throw new UnsupportedConfigurationException("Host keys is missing in server identity configuration");
         }
             throw new UnsupportedConfigurationException("Host keys is missing in server identity configuration");
         }

+        final var serverHostKeyPairs = ConfigUtils.extractServerHostKeys(hostKey);
+        if (!serverHostKeyPairs.isEmpty()) {
+            factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(serverHostKeyPairs));
+        }

     }
 
     private static void setClientAuthentication(final @NonNull ServerFactoryManager factoryMgr,
     }
 
     private static void setClientAuthentication(final @NonNull ServerFactoryManager factoryMgr,


@@ -114,22 +114,29 @@ public final class SSHServer extends SSHTransportStack {
         if (clientAuthentication == null) {
             return;
         }
         if (clientAuthentication == null) {
             return;
         }

-        if (clientAuthentication.getUsers() != null && clientAuthentication.getUsers().getUser() != null) {
+        final var users = clientAuthentication.getUsers();
+        if (users == null) {
+            return;
+        }
+        final var userMap = users.getUser();
+        if (userMap != null) {

             final var passwordMapBuilder = ImmutableMap.<String, String>builder();
             final var hostBasedMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
             final var publicKeyMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
             final var passwordMapBuilder = ImmutableMap.<String, String>builder();
             final var hostBasedMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
             final var publicKeyMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();

-            for (var entry : clientAuthentication.getUsers().getUser().entrySet()) {
+            for (var entry : userMap.entrySet()) {

                 final String username = entry.getKey().getName();
                 final String username = entry.getKey().getName();

-                if (entry.getValue().getPassword() != null) { // password
-                    passwordMapBuilder.put(username, entry.getValue().getPassword().getValue());
+                final var value = entry.getValue();
+                final var password = value.getPassword();
+                if (password != null) {
+                    passwordMapBuilder.put(username, password.getValue());

                 }
                 }

-                if (entry.getValue().getHostbased() != null) {
-                    hostBasedMapBuilder.put(username,
-                            ConfigUtils.extractPublicKeys(entry.getValue().getHostbased().getLocalOrTruststore()));
+                final var hostBased = value.getHostbased();
+                if (hostBased != null) {
+                    hostBasedMapBuilder.put(username, ConfigUtils.extractPublicKeys(hostBased.getInlineOrTruststore()));

                 }
                 }

-                if (entry.getValue().getPublicKeys() != null) {
-                    publicKeyMapBuilder.put(username,
-                            ConfigUtils.extractPublicKeys(entry.getValue().getPublicKeys().getLocalOrTruststore()));
+                final var publicKey = value.getPublicKeys();
+                if (publicKey != null) {
+                    publicKeyMapBuilder.put(username, ConfigUtils.extractPublicKeys(publicKey.getInlineOrTruststore()));

                 }
             }
             final var authFactoriesBuilder = ImmutableList.<UserAuthFactory>builder();
                 }
             }
             final var authFactoriesBuilder = ImmutableList.<UserAuthFactory>builder();

diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportUtils.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportUtils.java
index 4c9c0faadf34a62bcddd7d372b3ef6531eef3895..de7e3900314a9e27cc5314c8dd4f3f979f07f407 100644 (file)
--- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportUtils.java
+++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportUtils.java
@@ -72,9 +72,9 @@ import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.alg
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.HmacSha2256;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.HmacSha2512;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.MacAlgBase;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.HmacSha2256;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.HmacSha2512;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.MacAlgBase;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.transport.params.grouping.Encryption;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.transport.params.grouping.HostKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.transport.params.grouping.KeyExchange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.Encryption;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.HostKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.KeyExchange;

 
 final class TransportUtils {
     private static final Map<EncryptionAlgBase, NamedFactory<Cipher>> CIPHERS =
 
 final class TransportUtils {
     private static final Map<EncryptionAlgBase, NamedFactory<Cipher>> CIPHERS =


@@ -243,7 +243,7 @@ final class TransportUtils {
     }
 
     public static List<NamedFactory<Mac>> getMacFactories(
     }
 
     public static List<NamedFactory<Mac>> getMacFactories(

-            final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212
+            final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417

                     .transport.params.grouping.Mac mac) throws UnsupportedConfigurationException {
         if (mac != null) {
             final var macAlg = mac.getMacAlg();
                     .transport.params.grouping.Mac mac) throws UnsupportedConfigurationException {
         if (mac != null) {
             final var macAlg = mac.getMacAlg();

diff --git a/transport/transport-ssh/src/main/yang/ietf-ssh-client@2022-12-12.yang b/transport/transport-ssh/src/main/yang/ietf-ssh-client@2023-04-17.yang
similarity index 91%
rename from transport/transport-ssh/src/main/yang/ietf-ssh-client@2022-12-12.yang
rename to transport/transport-ssh/src/main/yang/ietf-ssh-client@2023-04-17.yang
index e4bf20b09ef72c4205d28f7ace4d6ea2e021bfc7..77c3ea52fc6aacf27ade42637840c5ebe6cc9ada 100644 (file)
--- a/transport/transport-ssh/src/main/yang/ietf-ssh-client@2022-12-12.yang
+++ b/transport/transport-ssh/src/main/yang/ietf-ssh-client@2023-04-17.yang
@@ -42,10 +42,10 @@ module ietf-ssh-client {
      Author:   Kent Watsen <mailto:kent+ietf@watsen.net>";
 
   description
      Author:   Kent Watsen <mailto:kent+ietf@watsen.net>";
 
   description

-    "This module defines reusable groupings for SSH clients that
+    "This module defines a reusable grouping for SSH clients that

      can be used as a basis for specific SSH client instances.
 
      can be used as a basis for specific SSH client instances.
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -66,7 +66,7 @@ module ietf-ssh-client {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -130,7 +130,7 @@ module ietf-ssh-client {
        established.
 
        Note that this grouping uses fairly typical descendant
        established.
 
        Note that this grouping uses fairly typical descendant

-       node names such that a stack of 'uses' statements will
+       node names such that a nesting of 'uses' statements will

        have name conflicts.  It is intended that the consuming
        data model will resolve the issue (e.g., by wrapping
        the 'uses' statement in a container called
        have name conflicts.  It is intended that the consuming
        data model will resolve the issue (e.g., by wrapping
        the 'uses' statement in a container called


@@ -167,12 +167,12 @@ module ietf-ssh-client {
            pair to be used for client identification.";
         reference
           "RFC CCCC: A YANG Data Model for a Keystore";
            pair to be used for client identification.";
         reference
           "RFC CCCC: A YANG Data Model for a Keystore";

-        uses ks:local-or-keystore-asymmetric-key-grouping {
-          refine "local-or-keystore/local/local-definition" {
+        uses ks:inline-or-keystore-asymmetric-key-grouping {
+          refine "inline-or-keystore/inline/inline-definition" {

             must 'derived-from-or-self(public-key-format,'
                + ' "ct:ssh-public-key-format")';
           }
             must 'derived-from-or-self(public-key-format,'
                + ' "ct:ssh-public-key-format")';
           }

-          refine "local-or-keystore/keystore/keystore-reference" {
+          refine "inline-or-keystore/keystore/keystore-reference" {

             must 'derived-from-or-self(deref(.)/../ks:public-key-'
                + 'format, "ct:ssh-public-key-format")';
           }
             must 'derived-from-or-self(deref(.)/../ks:public-key-'
                + 'format, "ct:ssh-public-key-format")';
           }


@@ -201,12 +201,12 @@ module ietf-ssh-client {
            pair to be used for host identification.";
         reference
           "RFC CCCC: A YANG Data Model for a Keystore";
            pair to be used for host identification.";
         reference
           "RFC CCCC: A YANG Data Model for a Keystore";

-        uses ks:local-or-keystore-asymmetric-key-grouping {
-          refine "local-or-keystore/local/local-definition" {
+        uses ks:inline-or-keystore-asymmetric-key-grouping {
+          refine "inline-or-keystore/inline/inline-definition" {

             must 'derived-from-or-self(public-key-format,'
                + ' "ct:ssh-public-key-format")';
           }
             must 'derived-from-or-self(public-key-format,'
                + ' "ct:ssh-public-key-format")';
           }

-          refine "local-or-keystore/keystore/keystore-reference" {
+          refine "inline-or-keystore/keystore/keystore-reference" {

             must 'derived-from-or-self(deref(.)/../ks:public-key-'
                + 'format, "ct:ssh-public-key-format")';
           }
             must 'derived-from-or-self(deref(.)/../ks:public-key-'
                + 'format, "ct:ssh-public-key-format")';
           }


@@ -231,12 +231,13 @@ module ietf-ssh-client {
            to be used for client identification.";
         reference
           "RFC CCCC: A YANG Data Model for a Keystore";
            to be used for client identification.";
         reference
           "RFC CCCC: A YANG Data Model for a Keystore";

-        uses ks:local-or-keystore-end-entity-cert-with-key-grouping {
-          refine "local-or-keystore/local/local-definition" {
+        uses
+          ks:inline-or-keystore-end-entity-cert-with-key-grouping {
+          refine "inline-or-keystore/inline/inline-definition" {

             must 'derived-from-or-self(public-key-format,'
                + ' "ct:subject-public-key-info-format")';
           }
             must 'derived-from-or-self(public-key-format,'
                + ' "ct:subject-public-key-info-format")';
           }

-          refine "local-or-keystore/keystore/keystore-reference"
+          refine "inline-or-keystore/keystore/keystore-reference"

                + "/asymmetric-key" {
             must 'derived-from-or-self(deref(.)/../ks:public-key-'
                + 'format, "ct:subject-public-key-info-format")';
                + "/asymmetric-key" {
             must 'derived-from-or-self(deref(.)/../ks:public-key-'
                + 'format, "ct:subject-public-key-info-format")';


@@ -264,14 +265,15 @@ module ietf-ssh-client {
            configured SSH host key.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            configured SSH host key.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-public-keys-grouping {
+        uses ts:inline-or-truststore-public-keys-grouping {

           refine
           refine

-            "local-or-truststore/local/local-definition/public-key" {
+            "inline-or-truststore/inline/inline-definition/public"
+            + "-key" {

             must 'derived-from-or-self(public-key-format,'
                + ' "ct:ssh-public-key-format")';
           }
           refine
             must 'derived-from-or-self(public-key-format,'
                + ' "ct:ssh-public-key-format")';
           }
           refine

-            "local-or-truststore/truststore/truststore-reference" {
+            "inline-or-truststore/truststore/truststore-reference" {

             must 'not(deref(.)/../ts:public-key/ts:public-key-'
                + 'format[not(derived-from-or-self(., "ct:ssh-'
                + 'public-key-format"))])';
             must 'not(deref(.)/../ts:public-key/ts:public-key-'
                + 'format[not(derived-from-or-self(., "ct:ssh-'
                + 'public-key-format"))])';


@@ -291,7 +293,7 @@ module ietf-ssh-client {
            of trust to a configured CA certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            of trust to a configured CA certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-certs-grouping;
+        uses ts:inline-or-truststore-certs-grouping;

       }
       container ee-certs {
         if-feature "sshcmn:ssh-x509-certs";
       }
       container ee-certs {
         if-feature "sshcmn:ssh-x509-certs";


@@ -306,7 +308,7 @@ module ietf-ssh-client {
            end-entity certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            end-entity certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-certs-grouping;
+        uses ts:inline-or-truststore-certs-grouping;

       }
     } // container server-authentication
 
       }
     } // container server-authentication
 

diff --git a/transport/transport-ssh/src/main/yang/ietf-ssh-common@2022-12-12.yang b/transport/transport-ssh/src/main/yang/ietf-ssh-common@2023-04-17.yang
similarity index 91%
rename from transport/transport-ssh/src/main/yang/ietf-ssh-common@2022-12-12.yang
rename to transport/transport-ssh/src/main/yang/ietf-ssh-common@2023-04-17.yang
index 91f2d72aef159c1b36bad5c737dc672d1ab6746e..d331660f6ccd2be093a4de76ebe3e562e4c65d49 100644 (file)
--- a/transport/transport-ssh/src/main/yang/ietf-ssh-common@2022-12-12.yang
+++ b/transport/transport-ssh/src/main/yang/ietf-ssh-common@2023-04-17.yang
@@ -52,9 +52,8 @@ module ietf-ssh-common {
     "This module defines a common features and groupings for
      Secure Shell (SSH).
 
     "This module defines a common features and groupings for
      Secure Shell (SSH).
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
      as authors of the code. All rights reserved.

-

      Redistribution and use in source and binary forms, with
      or without modification, is permitted pursuant to, and
      subject to the license terms contained in, the Revised
      Redistribution and use in source and binary forms, with
      or without modification, is permitted pursuant to, and
      subject to the license terms contained in, the Revised


@@ -73,7 +72,7 @@ module ietf-ssh-common {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -117,8 +116,9 @@ module ietf-ssh-common {
         }
         ordered-by user;
         description
         }
         ordered-by user;
         description

-          "Acceptable host key algorithms in order of descending
+          "Acceptable host key algorithms in order of decreasing

            preference.
            preference.

+

            If this leaf-list is not configured (has zero elements)
            the acceptable host key algorithms are implementation-
            defined.";
            If this leaf-list is not configured (has zero elements)
            the acceptable host key algorithms are implementation-
            defined.";


@@ -135,7 +135,7 @@ module ietf-ssh-common {
         }
         ordered-by user;
         description
         }
         ordered-by user;
         description

-          "Acceptable key exchange algorithms in order of descending
+          "Acceptable key exchange algorithms in order of decreasing

            preference.
 
            If this leaf-list is not configured (has zero elements)
            preference.
 
            If this leaf-list is not configured (has zero elements)


@@ -152,7 +152,7 @@ module ietf-ssh-common {
         }
         ordered-by user;
         description
         }
         ordered-by user;
         description

-          "Acceptable encryption algorithms in order of descending
+          "Acceptable encryption algorithms in order of decreasing

            preference.
 
            If this leaf-list is not configured (has zero elements)
            preference.
 
            If this leaf-list is not configured (has zero elements)


@@ -169,7 +169,7 @@ module ietf-ssh-common {
         }
         ordered-by user;
         description
         }
         ordered-by user;
         description

-          "Acceptable MAC algorithms in order of descending
+          "Acceptable MAC algorithms in order of decreasing

            preference.
 
            If this leaf-list is not configured (has zero elements)
            preference.
 
            If this leaf-list is not configured (has zero elements)


@@ -200,19 +200,22 @@ module ietf-ssh-common {
            For RSA keys, the minimum size is 1024 bits and
            the default is 3072 bits. Generally, 3072 bits is
            considered sufficient. DSA keys must be exactly 1024
            For RSA keys, the minimum size is 1024 bits and
            the default is 3072 bits. Generally, 3072 bits is
            considered sufficient. DSA keys must be exactly 1024

-           bits as specified by FIPS 186-2.  For ECDSA keys, the
+           bits as specified by FIPS 186-6.  For ECDSA keys, the

            'bits' value determines the key length by selecting
            from one of three elliptic curve sizes: 256, 384 or
            521 bits. Attempting to use bit lengths other than
            these three values for ECDSA keys will fail. ECDSA-SK,
            Ed25519 and Ed25519-SK keys have a fixed length and
            the 'bits' value, if specified, will be ignored.";
            'bits' value determines the key length by selecting
            from one of three elliptic curve sizes: 256, 384 or
            521 bits. Attempting to use bit lengths other than
            these three values for ECDSA keys will fail. ECDSA-SK,
            Ed25519 and Ed25519-SK keys have a fixed length and
            the 'bits' value, if specified, will be ignored.";

+        reference
+          "FIPS 186-6: Digital Signature Standard (DSS)";

       }
       choice private-key-encoding {
       }
       choice private-key-encoding {

-        default cleartext;
+        mandatory true;

         description
           "A choice amongst optional private key handling.";
         case cleartext {
         description
           "A choice amongst optional private key handling.";
         case cleartext {

+          if-feature "ct:encrypted-private-keys";

           leaf cleartext {
             type empty;
             description
           leaf cleartext {
             type empty;
             description


@@ -221,7 +224,7 @@ module ietf-ssh-common {
           }
         }
         case encrypt {
           }
         }
         case encrypt {

-          if-feature "ct:private-key-encryption";
+          if-feature "ct:encrypted-private-keys";

           container encrypt-with {
             description
                "Indicates that the key is to be encrypted using
           container encrypt-with {
             description
                "Indicates that the key is to be encrypted using


@@ -230,7 +233,7 @@ module ietf-ssh-common {
           }
         }
         case hide {
           }
         }
         case hide {

-          if-feature "ct:hidden-keys";
+          if-feature "ct:hidden-private-keys";

           leaf hide {
             type empty;
             description
           leaf hide {
             type empty;
             description

diff --git a/transport/transport-ssh/src/main/yang/ietf-ssh-server@2022-12-12.yang b/transport/transport-ssh/src/main/yang/ietf-ssh-server@2023-04-17.yang
similarity index 86%
rename from transport/transport-ssh/src/main/yang/ietf-ssh-server@2022-12-12.yang
rename to transport/transport-ssh/src/main/yang/ietf-ssh-server@2023-04-17.yang
index 9de0db6c9b74ad87a9092b2c8540997b676ec860..b5b564e72564977ea8211aa26b6d4629a4baf2fa 100644 (file)
--- a/transport/transport-ssh/src/main/yang/ietf-ssh-server@2022-12-12.yang
+++ b/transport/transport-ssh/src/main/yang/ietf-ssh-server@2023-04-17.yang
@@ -48,10 +48,10 @@ module ietf-ssh-server {
      Author:   Kent Watsen <mailto:kent+ietf@watsen.net>";
 
   description
      Author:   Kent Watsen <mailto:kent+ietf@watsen.net>";
 
   description

-    "This module defines reusable groupings for SSH servers that
+    "This module defines a reusable grouping for SSH servers that

      can be used as a basis for specific SSH server instances.
 
      can be used as a basis for specific SSH server instances.
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -72,7 +72,7 @@ module ietf-ssh-server {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -127,7 +127,6 @@ module ietf-ssh-server {
       "RFC 4252:
         The Secure Shell (SSH) Authentication Protocol";
   }
       "RFC 4252:
         The Secure Shell (SSH) Authentication Protocol";
   }

-

   feature local-user-auth-none {
     if-feature "local-users-supported";
     description
   feature local-user-auth-none {
     if-feature "local-users-supported";
     description


@@ -148,7 +147,7 @@ module ietf-ssh-server {
        established.
 
        Note that this grouping uses fairly typical descendant
        established.
 
        Note that this grouping uses fairly typical descendant

-       node names such that a stack of 'uses' statements will
+       node names such that a nesting of 'uses' statements will

        have name conflicts.  It is intended that the consuming
        data model will resolve the issue (e.g., by wrapping
        the 'uses' statement in a container called
        have name conflicts.  It is intended that the consuming
        data model will resolve the issue (e.g., by wrapping
        the 'uses' statement in a container called


@@ -166,12 +165,13 @@ module ietf-ssh-server {
         min-elements 1;
         ordered-by user;
         description
         min-elements 1;
         ordered-by user;
         description

-          "An ordered list of host keys the SSH server will use to
-           construct its ordered list of algorithms, when sending
-           its SSH_MSG_KEXINIT message, as defined in Section 7.1
-           of RFC 4253.";
+          "An ordered list of host keys (see RFC 4251) the SSH
+           server will use to construct its ordered list of
+           algorithms, when sending its SSH_MSG_KEXINIT message,
+           as defined in Section 7.1 of RFC 4253.";

         reference
         reference

-          "RFC 4253: The Secure Shell (SSH) Transport Layer
+          "RFC 4251: The Secure Shell (SSH) Protocol Architecture
+           RFC 4253: The Secure Shell (SSH) Transport Layer

                      Protocol";
         leaf name {
           type string;
                      Protocol";
         leaf name {
           type string;


@@ -188,13 +188,13 @@ module ietf-ssh-server {
                to be used for the SSH server's host key.";
             reference
               "RFC CCCC: A YANG Data Model for a Keystore";
                to be used for the SSH server's host key.";
             reference
               "RFC CCCC: A YANG Data Model for a Keystore";

-            uses ks:local-or-keystore-asymmetric-key-grouping {
-              refine "local-or-keystore/local/local-definition" {
+            uses ks:inline-or-keystore-asymmetric-key-grouping {
+              refine "inline-or-keystore/inline/inline-definition" {

                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:ssh-public-key-format")';
 
               }
                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:ssh-public-key-format")';
 
               }

-              refine "local-or-keystore/keystore/"
+              refine "inline-or-keystore/keystore/"

                    + "keystore-reference" {
                 must 'derived-from-or-self(deref(.)/../ks:public-'
                    + 'key-format, "ct:ssh-public-key-format")';
                    + "keystore-reference" {
                 must 'derived-from-or-self(deref(.)/../ks:public-'
                    + 'key-format, "ct:ssh-public-key-format")';


@@ -210,12 +210,12 @@ module ietf-ssh-server {
             reference
               "RFC CCCC: A YANG Data Model for a Keystore";
             uses
             reference
               "RFC CCCC: A YANG Data Model for a Keystore";
             uses

-            ks:local-or-keystore-end-entity-cert-with-key-grouping {
-              refine "local-or-keystore/local/local-definition" {
+            ks:inline-or-keystore-end-entity-cert-with-key-grouping{
+              refine "inline-or-keystore/inline/inline-definition" {

                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:subject-public-key-info-format")';
               }
                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:subject-public-key-info-format")';
               }

-              refine "local-or-keystore/keystore/keystore-reference"
+              refine "inline-or-keystore/keystore/keystore-reference"

                    + "/asymmetric-key" {
                 must
                   'derived-from-or-self(deref(.)/../ks:public-key-'
                    + "/asymmetric-key" {
                 must
                   'derived-from-or-self(deref(.)/../ks:public-key-'


@@ -230,7 +230,11 @@ module ietf-ssh-server {
     container client-authentication {
       nacm:default-deny-write;
       description
     container client-authentication {
       nacm:default-deny-write;
       description

-        "Specifies how the SSH server can authenticate SSH clients.";
+        "Specifies how the SSH server can be configured to
+         authenticate SSH clients.  See RFC 4252 for a general
+         discussion about SSH authentication.";
+      reference
+        "RFC 4252: The Secure Shell (SSH) Transport Layer";

       container users {
         if-feature "local-users-supported";
         description
       container users {
         if-feature "local-users-supported";
         description


@@ -255,6 +259,9 @@ module ietf-ssh-server {
             description
               "The 'user name' for the SSH client, as defined in
                the SSH_MSG_USERAUTH_REQUEST message in RFC 4253.";
             description
               "The 'user name' for the SSH client, as defined in
                the SSH_MSG_USERAUTH_REQUEST message in RFC 4253.";

+            reference
+              "RFC 4253: The Secure Shell (SSH) Transport Layer
+                         Protocol";

           }
           container public-keys {
             if-feature "local-user-auth-publickey";
           }
           container public-keys {
             if-feature "local-user-auth-publickey";


@@ -270,13 +277,13 @@ module ietf-ssh-server {
                match to a configured public key.";
             reference
               "RFC BBBB: A YANG Data Model for a Truststore";
                match to a configured public key.";
             reference
               "RFC BBBB: A YANG Data Model for a Truststore";

-            uses ts:local-or-truststore-public-keys-grouping {
-              refine "local-or-truststore/local/local-definition/"
+            uses ts:inline-or-truststore-public-keys-grouping {
+              refine "inline-or-truststore/inline/inline-definition/"

                    + "public-key" {
                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:ssh-public-key-format")';
               }
                    + "public-key" {
                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:ssh-public-key-format")';
               }

-              refine "local-or-truststore/truststore/truststore-"
+              refine "inline-or-truststore/truststore/truststore-"

                    + "reference" {
                 must 'not(deref(.)/../ts:public-key/ts:public-key-'
                    + 'format[not(derived-from-or-self(., "ct:ssh-'
                    + "reference" {
                 must 'not(deref(.)/../ts:public-key/ts:public-key-'
                    + 'format[not(derived-from-or-self(., "ct:ssh-'


@@ -293,25 +300,25 @@ module ietf-ssh-server {
           container hostbased {
             if-feature "local-user-auth-hostbased";
             presence
           container hostbased {
             if-feature "local-user-auth-hostbased";
             presence

-              "Indicates that hostbased keys have been configured.
-               This statement is present so the mandatory descendant
-               nodes do not imply that this node must be
-               configured.";
+              "Indicates that hostbased [RFC4252] keys have been
+               configured.  This statement is present so the
+               mandatory descendant nodes do not imply that this
+               node must be configured.";

             description
               "A set of SSH host keys used by the SSH server to
                authenticate this user's host.  A user's host is
                authenticated if its host key is an exact match
                to a configured host key.";
             reference
             description
               "A set of SSH host keys used by the SSH server to
                authenticate this user's host.  A user's host is
                authenticated if its host key is an exact match
                to a configured host key.";
             reference

-              "RFC 4253: The Secure Shell (SSH) Transport Layer
+              "RFC 4252: The Secure Shell (SSH) Transport Layer

                RFC BBBB: A YANG Data Model for a Truststore";
                RFC BBBB: A YANG Data Model for a Truststore";

-            uses ts:local-or-truststore-public-keys-grouping {
-              refine "local-or-truststore/local/local-definition/"
+            uses ts:inline-or-truststore-public-keys-grouping {
+              refine "inline-or-truststore/inline/inline-definition/"

                    + "public-key" {
                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:ssh-public-key-format")';
               }
                    + "public-key" {
                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:ssh-public-key-format")';
               }

-              refine "local-or-truststore/truststore/truststore-"
+              refine "inline-or-truststore/truststore/truststore-"

                    + "reference" {
                 must 'not(deref(.)/../ts:public-key/ts:public-key-'
                    + 'format[not(derived-from-or-self(., "ct:ssh-'
                    + "reference" {
                 must 'not(deref(.)/../ts:public-key/ts:public-key-'
                    + 'format[not(derived-from-or-self(., "ct:ssh-'


@@ -344,7 +351,7 @@ module ietf-ssh-server {
            chain of trust to a configured CA certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            chain of trust to a configured CA certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-certs-grouping;
+        uses ts:inline-or-truststore-certs-grouping;

       }
       container ee-certs {
         if-feature "sshcmn:ssh-x509-certs";
       }
       container ee-certs {
         if-feature "sshcmn:ssh-x509-certs";


@@ -360,7 +367,7 @@ module ietf-ssh-server {
            to a configured end-entity certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            to a configured end-entity certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-certs-grouping;
+        uses ts:inline-or-truststore-certs-grouping;

       }
     } // container client-authentication
 
       }
     } // container client-authentication
 


@@ -371,6 +378,7 @@ module ietf-ssh-server {
         "Configurable parameters of the SSH transport layer.";
       uses sshcmn:transport-params-grouping;
     } // container transport-params
         "Configurable parameters of the SSH transport layer.";
       uses sshcmn:transport-params-grouping;
     } // container transport-params

+

     container keepalives {
       nacm:default-deny-write;
       if-feature "ssh-server-keepalives";
     container keepalives {
       nacm:default-deny-write;
       if-feature "ssh-server-keepalives";

diff --git a/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/SshClientServerTest.java b/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/SshClientServerTest.java
index f31fa26817433bf9a24ccc345b73f1edd7e72551..f6c3a53a673c158e3a7c8ea8d34372e178bbacd3 100644 (file)
--- a/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/SshClientServerTest.java
+++ b/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/SshClientServerTest.java
@@ -58,14 +58,14 @@ import org.opendaylight.netconf.transport.tcp.NettyTransportSupport;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.SshClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ClientIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ServerAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.SshServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ClientAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ServerIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;

 import org.opendaylight.yangtools.yang.common.Uint16;
 
 @ExtendWith(MockitoExtension.class)
 import org.opendaylight.yangtools.yang.common.Uint16;
 
 @ExtendWith(MockitoExtension.class)

diff --git a/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/TestUtils.java b/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/TestUtils.java
index cb441b677f7512c7633c946780450003b92512ec..148618ed0510d65f7d9d64b945b09c94d495a5ba 100644 (file)
--- a/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/TestUtils.java
+++ b/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/TestUtils.java
@@ -24,7 +24,6 @@ import java.time.Duration;
 import java.time.Instant;
 import java.util.Date;
 import java.util.List;
 import java.time.Instant;
 import java.util.Date;
 import java.util.List;

-import java.util.Map;

 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;


@@ -34,30 +33,31 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.crypt.hash.rev140806.CryptHash;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.crypt.hash.rev140806.CryptHash;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EndEntityCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.PrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.TrustAnchorCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.password.grouping.password.type.CleartextPasswordBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ClientIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ServerAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ServerAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.server.authentication.CaCertsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.server.authentication.SshHostKeysBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ClientAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ClientAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ServerIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ServerIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.client.authentication.UsersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.client.authentication.users.User;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.client.authentication.users.UserBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.client.authentication.users.user.PublicKeysBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.local.or.truststore.certs.grouping.local.or.truststore.local.local.definition.CertificateBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EndEntityCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.TrustAnchorCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.CaCertsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.SshHostKeysBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.UsersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.User;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.UserBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.user.PublicKeysBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder;
+import org.opendaylight.yangtools.yang.binding.util.BindingMap;

 
 public final class TestUtils {
 
 
 public final class TestUtils {
 


@@ -84,116 +84,122 @@ public final class TestUtils {
         return new ServerIdentityBuilder().setHostKey(List.of(buildServerHostKeyWithCertificate(keyData))).build();
     }
 
         return new ServerIdentityBuilder().setHostKey(List.of(buildServerHostKeyWithCertificate(keyData))).build();
     }
 

-    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417

             .ssh.server.grouping.server.identity.HostKey buildServerHostKeyWithKeyPair(final KeyData keyData) {
             .ssh.server.grouping.server.identity.HostKey buildServerHostKeyWithKeyPair(final KeyData keyData) {

-        var local = buildAsymmetricKeyLocal(keyData);
-        var publicKey = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+            .ssh.server.grouping.server.identity.HostKeyBuilder()
+            .setName(HOST_KEY_NAME)
+            .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417

                 .ssh.server.grouping.server.identity.host.key.host.key.type.PublicKeyBuilder()
                 .ssh.server.grouping.server.identity.host.key.host.key.type.PublicKeyBuilder()

-                .setPublicKey(
-                        new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
-                                .ssh.server.grouping.server.identity.host.key.host.key.type._public.key
-                                .PublicKeyBuilder().setLocalOrKeystore(local).build()
-                ).build();
-        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
-                .ssh.server.grouping.server.identity.HostKeyBuilder()
-                .setName(HOST_KEY_NAME).setHostKeyType(publicKey).build();
+                .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+                    .ssh.server.grouping.server.identity.host.key.host.key.type._public.key.PublicKeyBuilder()
+                    .setInlineOrKeystore(buildAsymmetricKeyLocal(keyData))
+                    .build())
+                .build())
+            .build();

     }
 
     }
 

-    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417

             .ssh.server.grouping.server.identity.HostKey buildServerHostKeyWithCertificate(final KeyData keyData) {
             .ssh.server.grouping.server.identity.HostKey buildServerHostKeyWithCertificate(final KeyData keyData) {

-        var local = buildEndEntityCertWithKeyLocal(keyData);
-        var cert = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+            .ssh.server.grouping.server.identity.HostKeyBuilder()
+            .setName(HOST_KEY_NAME)
+            .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417

                 .ssh.server.grouping.server.identity.host.key.host.key.type.CertificateBuilder()
                 .ssh.server.grouping.server.identity.host.key.host.key.type.CertificateBuilder()

-                .setCertificate(
-                        new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
-                                .ssh.server.grouping.server.identity.host.key.host.key.type.certificate
-                                .CertificateBuilder().setLocalOrKeystore(local).build()
-                ).build();
-        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
-                .ssh.server.grouping.server.identity.HostKeyBuilder()
-                .setName(HOST_KEY_NAME).setHostKeyType(cert).build();
+                .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+                    .ssh.server.grouping.server.identity.host.key.host.key.type.certificate.CertificateBuilder()
+                    .setInlineOrKeystore(buildEndEntityCertWithKeyLocal(keyData))
+                    .build())
+                .build())
+            .build();

     }
 
     public static ServerAuthentication buildServerAuthWithPublicKey(final KeyData keyData) {
     }
 
     public static ServerAuthentication buildServerAuthWithPublicKey(final KeyData keyData) {

-        return new ServerAuthenticationBuilder().setSshHostKeys(
-                new SshHostKeysBuilder().setLocalOrTruststore(buildTruststorePublicKeyLocal(keyData)).build()
-        ).build();
+        return new ServerAuthenticationBuilder()
+            .setSshHostKeys(new SshHostKeysBuilder()
+                .setInlineOrTruststore(buildTruststorePublicKeyLocal(keyData))
+                .build())
+            .build();

     }
 
     }
 

-    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-            .local.or.truststore._public.keys.grouping.local.or.truststore.Local buildTruststorePublicKeyLocal(
+    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+            .inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline buildTruststorePublicKeyLocal(

             final KeyData keyData) {
             final KeyData keyData) {

-        final var publicKey = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore._public.keys.grouping.local.or.truststore.local.local.definition.PublicKeyBuilder()
-                .setName(PUBLIC_KEY_NAME).setPublicKeyFormat(SshPublicKeyFormat.VALUE)
-                .setPublicKey(keyData.publicKeySshBytes()).build();
-        final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore._public.keys.grouping.local.or.truststore.local.LocalDefinitionBuilder()
-                .setPublicKey(Map.of(publicKey.key(), publicKey)).build();
-        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore._public.keys.grouping.local.or.truststore.LocalBuilder()
-                .setLocalDefinition(localDef).build();
+        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+            .inline.or.truststore._public.keys.grouping.inline.or.truststore.InlineBuilder()
+            .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+                .inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
+                .setPublicKey(BindingMap.of(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
+                    .rev230417.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline.definition
+                    .PublicKeyBuilder()
+                        .setName(PUBLIC_KEY_NAME)
+                        .setPublicKeyFormat(SshPublicKeyFormat.VALUE)
+                        .setPublicKey(keyData.publicKeySshBytes())
+                        .build()))
+                .build())
+            .build();

     }
 
     public static ServerAuthentication buildServerAuthWithCertificate(final KeyData keyData) {
         // NB both CA anc EE certificates are processed same way, no reason for additional eeCerts builder
     }
 
     public static ServerAuthentication buildServerAuthWithCertificate(final KeyData keyData) {
         // NB both CA anc EE certificates are processed same way, no reason for additional eeCerts builder

-        return new ServerAuthenticationBuilder().setCaCerts(
-                new CaCertsBuilder().setLocalOrTruststore(
-                        buildTruststoreCertificatesLocal(keyData.certificateBytes())
-                ).build()).build();
+        return new ServerAuthenticationBuilder()
+            .setCaCerts(new CaCertsBuilder()
+                .setInlineOrTruststore(buildTruststoreCertificatesLocal(keyData.certificateBytes()))
+                .build())
+            .build();

     }
 
     }
 

-    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-            .local.or.truststore.certs.grouping.local.or.truststore.Local buildTruststoreCertificatesLocal(
+    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+            .inline.or.truststore.certs.grouping.inline.or.truststore.Inline buildTruststoreCertificatesLocal(

             final byte[] certificateBytes) {
             final byte[] certificateBytes) {

-        final var cert = new CertificateBuilder().setName(CERTIFICATE_NAME)
-                .setCertData(new TrustAnchorCertCms(certificateBytes)).build();
-        final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore.certs.grouping.local.or.truststore.local.LocalDefinitionBuilder()
-                .setCertificate(Map.of(cert.key(), cert)).build();
-        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore.certs.grouping.local.or.truststore.LocalBuilder()
-                .setLocalDefinition(localDef).build();
+        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+            .inline.or.truststore.certs.grouping.inline.or.truststore.InlineBuilder()
+            .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+                .inline.or.truststore.certs.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
+                .setCertificate(BindingMap.of(new CertificateBuilder()
+                    .setName(CERTIFICATE_NAME)
+                    .setCertData(new TrustAnchorCertCms(certificateBytes))
+                    .build()))
+                .build())
+            .build();

     }
 
     }
 

-    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-            .local.or.keystore.asymmetric.key.grouping.LocalOrKeystore buildAsymmetricKeyLocal(
-            final KeyData data) {
+    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+            .inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore buildAsymmetricKeyLocal(final KeyData data) {

         return buildAsymmetricKeyLocal(data.algorithm(), data.publicKeyBytes(), data.privateKeyBytes());
     }
 
         return buildAsymmetricKeyLocal(data.algorithm(), data.publicKeyBytes(), data.privateKeyBytes());
     }
 

-    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-            .local.or.keystore.asymmetric.key.grouping.LocalOrKeystore buildAsymmetricKeyLocal(
-            final String algorithm, final byte[] publicKeyBytes, final byte[] privateKeyBytes) {
-        var keyFormat = getPrivateKeyFormat(algorithm);
-        final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                .local.or.keystore.asymmetric.key.grouping.local.or.keystore.local.LocalDefinitionBuilder()
+    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+            .inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore buildAsymmetricKeyLocal(final String algorithm,
+                final byte[] publicKeyBytes, final byte[] privateKeyBytes) {
+        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+            .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder()
+            .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+                .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline.InlineDefinitionBuilder()

                 .setPublicKeyFormat(SubjectPublicKeyInfoFormat.VALUE)
                 .setPublicKey(publicKeyBytes)
                 .setPublicKeyFormat(SubjectPublicKeyInfoFormat.VALUE)
                 .setPublicKey(publicKeyBytes)

-                .setPrivateKeyFormat(keyFormat)
+                .setPrivateKeyFormat(getPrivateKeyFormat(algorithm))

                 .setPrivateKeyType(new CleartextPrivateKeyBuilder().setCleartextPrivateKey(privateKeyBytes).build())
                 .setPrivateKeyType(new CleartextPrivateKeyBuilder().setCleartextPrivateKey(privateKeyBytes).build())

-                .build();
-        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                .local.or.keystore.asymmetric.key.grouping.local.or.keystore.LocalBuilder()
-                .setLocalDefinition(localDef).build();
+                .build())
+            .build();

     }
 
     }
 

-    public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-            .local.or.keystore.end.entity.cert.with.key.grouping.LocalOrKeystore buildEndEntityCertWithKeyLocal(
+    public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+            .inline.or.keystore.end.entity.cert.with.key.grouping.InlineOrKeystore buildEndEntityCertWithKeyLocal(

             final KeyData keyData) {
             final KeyData keyData) {

-        var keyFormat = getPrivateKeyFormat(keyData.algorithm());
-        final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.local.LocalDefinitionBuilder()
+        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+            .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.InlineBuilder()
+            .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+                .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline
+                .InlineDefinitionBuilder()

                 .setPublicKeyFormat(SubjectPublicKeyInfoFormat.VALUE)
                 .setPublicKey(keyData.publicKeyBytes())
                 .setPublicKeyFormat(SubjectPublicKeyInfoFormat.VALUE)
                 .setPublicKey(keyData.publicKeyBytes())

-                .setPrivateKeyFormat(keyFormat)
+                .setPrivateKeyFormat(getPrivateKeyFormat(keyData.algorithm()))

                 .setPrivateKeyType(new CleartextPrivateKeyBuilder()
                 .setPrivateKeyType(new CleartextPrivateKeyBuilder()

-                        .setCleartextPrivateKey(keyData.privateKeyBytes()).build())
+                    .setCleartextPrivateKey(keyData.privateKeyBytes()).build())

                 .setCertData(new EndEntityCertCms(keyData.certificateBytes()))
                 .setCertData(new EndEntityCertCms(keyData.certificateBytes()))

-                .build();
-        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.LocalBuilder()
-                .setLocalDefinition(localDef).build();
+                .build())
+            .build();

     }
 
     public static ClientAuthentication buildClientAuthWithPassword(final String userName, final String cryptHash) {
     }
 
     public static ClientAuthentication buildClientAuthWithPassword(final String userName, final String cryptHash) {


@@ -209,37 +215,44 @@ public final class TestUtils {
     }
 
     private static ClientAuthentication buildClientAuth(final User user) {
     }
 
     private static ClientAuthentication buildClientAuth(final User user) {

-        return new ClientAuthenticationBuilder().setUsers(
-                new UsersBuilder().setUser(Map.of(user.key(), user)).build()).build();
+        return new ClientAuthenticationBuilder()
+            .setUsers(new UsersBuilder().setUser(BindingMap.of(user)).build())
+            .build();

     }
 
     private static User buildServerUserHostBased(final String userName, final byte[] publicKeyBytes) {
     }
 
     private static User buildServerUserHostBased(final String userName, final byte[] publicKeyBytes) {

-        final var hostBased = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+        return new UserBuilder()
+            .setName(userName)
+            .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417

                 .ssh.server.grouping.client.authentication.users.user.HostbasedBuilder()
                 .ssh.server.grouping.client.authentication.users.user.HostbasedBuilder()

-                .setLocalOrTruststore(buildPublicKeyLocal(publicKeyBytes)).build();
-        return new UserBuilder().setName(userName).setHostbased(hostBased).build();
+                .setInlineOrTruststore(buildPublicKeyLocal(publicKeyBytes))
+                .build())
+            .build();

     }
 
     }
 

-    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-            .local.or.truststore._public.keys.grouping.local.or.truststore.Local buildPublicKeyLocal(
+    private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+            .inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline buildPublicKeyLocal(

             final byte[] publicKeyBytes) {
             final byte[] publicKeyBytes) {

-        final var publicKey = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore._public.keys.grouping.local.or.truststore.local.local.definition.PublicKeyBuilder()
-                .setPublicKeyFormat(SshPublicKeyFormat.VALUE)
-                .setName(PUBLIC_KEY_NAME)
-                .setPublicKey(publicKeyBytes).build();
-        final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore._public.keys.grouping.local.or.truststore.local.LocalDefinitionBuilder()
-                .setPublicKey(Map.of(publicKey.key(), publicKey)).build();
-        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore._public.keys.grouping.local.or.truststore.LocalBuilder()
-                .setLocalDefinition(localDef).build();
+        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+            .inline.or.truststore._public.keys.grouping.inline.or.truststore.InlineBuilder()
+            .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+                .inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
+                .setPublicKey(BindingMap.of(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf
+                    .truststore.rev230417.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline
+                    .definition.PublicKeyBuilder()
+                    .setPublicKeyFormat(SshPublicKeyFormat.VALUE)
+                    .setName(PUBLIC_KEY_NAME)
+                    .setPublicKey(publicKeyBytes)
+                    .build()))
+                .build())
+            .build();

     }
 
     public static User buildServerUserWithPublicKey(final String userName, final byte[] publicKeyBytes) {
     }
 
     public static User buildServerUserWithPublicKey(final String userName, final byte[] publicKeyBytes) {

-        final var publicKeys = new PublicKeysBuilder()
-                .setLocalOrTruststore(buildPublicKeyLocal(publicKeyBytes)).build();
-        return new UserBuilder().setName(userName).setPublicKeys(publicKeys).build();
+        return new UserBuilder()
+            .setName(userName)
+            .setPublicKeys(new PublicKeysBuilder().setInlineOrTruststore(buildPublicKeyLocal(publicKeyBytes)).build())
+            .build();

     }
 
     private static User buildServerUserWithPassword(final String userName, final String cryptHash) {
     }
 
     private static User buildServerUserWithPassword(final String userName, final String cryptHash) {


@@ -247,28 +260,32 @@ public final class TestUtils {
     }
 
     public static ClientIdentity buildClientIdentityWithPassword(final String username, final String password) {
     }
 
     public static ClientIdentity buildClientIdentityWithPassword(final String username, final String password) {

-        return new ClientIdentityBuilder().setUsername(username).setPassword(
-                new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212
-                        .ssh.client.grouping.client.identity.PasswordBuilder()
-                        .setPasswordType(
-                                new CleartextPasswordBuilder().setCleartextPassword(password).build()
-                        ).build()).build();
+        return new ClientIdentityBuilder()
+            .setUsername(username)
+            .setPassword(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417
+                .ssh.client.grouping.client.identity.PasswordBuilder()
+                .setPasswordType(new CleartextPasswordBuilder().setCleartextPassword(password).build()).build())
+            .build();

     }
 
     public static ClientIdentity buildClientIdentityHostBased(final String username, final KeyData data) {
     }
 
     public static ClientIdentity buildClientIdentityHostBased(final String username, final KeyData data) {

-        return new ClientIdentityBuilder().setUsername(username).setHostbased(
-                new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212
-                        .ssh.client.grouping.client.identity.HostbasedBuilder()
-                        .setLocalOrKeystore(buildAsymmetricKeyLocal(data)).build()
-        ).build();
+        return new ClientIdentityBuilder()
+            .setUsername(username)
+            .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417
+                .ssh.client.grouping.client.identity.HostbasedBuilder()
+                .setInlineOrKeystore(buildAsymmetricKeyLocal(data))
+                .build())
+            .build();

     }
 
     public static ClientIdentity buildClientIdentityWithPublicKey(final String username, final KeyData data) {
     }
 
     public static ClientIdentity buildClientIdentityWithPublicKey(final String username, final KeyData data) {

-        return new ClientIdentityBuilder().setUsername(username).setPublicKey(
-                new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212
-                        .ssh.client.grouping.client.identity.PublicKeyBuilder()
-                        .setLocalOrKeystore(buildAsymmetricKeyLocal(data)).build()
-        ).build();
+        return new ClientIdentityBuilder()
+            .setUsername(username)
+            .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417
+                .ssh.client.grouping.client.identity.PublicKeyBuilder()
+                .setInlineOrKeystore(buildAsymmetricKeyLocal(data))
+                .build())
+            .build();

     }
 
     private static PrivateKeyFormat getPrivateKeyFormat(final String algorithm) {
     }
 
     private static PrivateKeyFormat getPrivateKeyFormat(final String algorithm) {

diff --git a/transport/transport-tcp/pom.xml b/transport/transport-tcp/pom.xml
index 9ede8b560667d9b47ae88d257d2e0b5d04088495..3100b233c968287b325460e34ee0fff8e5dab7f4 100644 (file)
--- a/transport/transport-tcp/pom.xml
+++ b/transport/transport-tcp/pom.xml
@@ -27,6 +27,10 @@
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
         </dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
         </dependency>

+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-common</artifactId>
+        </dependency>

         <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-transport</artifactId>
         <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-transport</artifactId>

diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/AbstractNettyImpl.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/AbstractNettyImpl.java
index 4d62993db74e039fdf6ac2ae027582432e610d04..e550b4feacb6e9c7d9e2b633f802f655b9a04be6 100644 (file)
--- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/AbstractNettyImpl.java
+++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/AbstractNettyImpl.java
@@ -14,7 +14,7 @@ import io.netty.channel.socket.ServerSocketChannel;
 import io.netty.channel.socket.SocketChannel;
 import java.util.concurrent.ThreadFactory;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import io.netty.channel.socket.SocketChannel;
 import java.util.concurrent.ThreadFactory;
 import org.eclipse.jdt.annotation.NonNullByDefault;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;

 
 /**
  * Wrapper around a particular Netty transport implementation.
 
 /**
  * Wrapper around a particular Netty transport implementation.

diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/EpollNettyImpl.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/EpollNettyImpl.java
index 2b6f0f3dea5b9eda23fbb704a17a103bc2d65136..52d8df6832d63da54a2077360545b47640524b9c 100644 (file)
--- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/EpollNettyImpl.java
+++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/EpollNettyImpl.java
@@ -17,7 +17,7 @@ import io.netty.channel.epoll.EpollServerSocketChannel;
 import io.netty.channel.epoll.EpollSocketChannel;
 import java.util.concurrent.ThreadFactory;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import io.netty.channel.epoll.EpollSocketChannel;
 import java.util.concurrent.ThreadFactory;
 import org.eclipse.jdt.annotation.NonNullByDefault;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;

 
 @NonNullByDefault
 final class EpollNettyImpl extends AbstractNettyImpl {
 
 @NonNullByDefault
 final class EpollNettyImpl extends AbstractNettyImpl {

diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpClientFeatureProvider.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpClientFeatureProvider.java
index 34ba6bda388abfcc85039297635bf625c08b7e22..a819e2b498d4794c132762fcf1c2f9f135428af1 100644 (file)
--- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpClientFeatureProvider.java
+++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpClientFeatureProvider.java
@@ -10,9 +10,9 @@ package org.opendaylight.netconf.transport.tcp;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.IetfTcpClientData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.LocalBindingSupported;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.IetfTcpClientData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.LocalBindingSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientKeepalives;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 

diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpCommonFeatureProvider.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpCommonFeatureProvider.java
index 94a3618b17b597fe0bf4bbb340805be29b1f9863..a1335be81bc39652f2a081b9e553a995e30051df 100644 (file)
--- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpCommonFeatureProvider.java
+++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpCommonFeatureProvider.java
@@ -10,8 +10,8 @@ package org.opendaylight.netconf.transport.tcp;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.IetfTcpCommonData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.KeepalivesSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.IetfTcpCommonData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.KeepalivesSupported;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 

diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpServerFeatureProvider.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpServerFeatureProvider.java
index 394924837a976b07a856ec50cd38dabed7aa1dfe..04cfd38382275e1df7fde12567a59985920cd042 100644 (file)
--- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpServerFeatureProvider.java
+++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpServerFeatureProvider.java
@@ -10,8 +10,8 @@ package org.opendaylight.netconf.transport.tcp;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.IetfTcpServerData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.IetfTcpServerData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerKeepalives;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 

diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NettyTransportSupport.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NettyTransportSupport.java
index 9146cbd85993548174b11a2dea410b1814c71347..e89c700ef72372bc266665a14a79581cd9ffcb6f 100644 (file)
--- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NettyTransportSupport.java
+++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NettyTransportSupport.java
@@ -19,7 +19,7 @@ import io.netty.channel.socket.SocketChannel;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.eclipse.jdt.annotation.Nullable;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.eclipse.jdt.annotation.Nullable;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NioNettyImpl.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NioNettyImpl.java
index 6bb74e8ddb30ea294899598c20f138d983c45c7d..3e1f93cf4513962204778f1bd102edff9108f216 100644 (file)
--- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NioNettyImpl.java
+++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NioNettyImpl.java
@@ -20,7 +20,7 @@ import java.util.Map;
 import java.util.concurrent.ThreadFactory;
 import jdk.net.ExtendedSocketOptions;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import java.util.concurrent.ThreadFactory;
 import jdk.net.ExtendedSocketOptions;
 import org.eclipse.jdt.annotation.NonNullByDefault;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;

 import org.slf4j.LoggerFactory;
 
 @NonNullByDefault
 import org.slf4j.LoggerFactory;
 
 @NonNullByDefault

diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPClient.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPClient.java
index b5d52d86714fb4d96c4deabf7faab5794a8786ce..ede9973cf84f1231708b80dcd2b908c59fc32e78 100644 (file)
--- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPClient.java
+++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPClient.java
@@ -18,7 +18,7 @@ import io.netty.channel.ChannelInitializer;
 import org.eclipse.jdt.annotation.NonNull;
 import org.opendaylight.netconf.transport.api.TransportChannelListener;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.eclipse.jdt.annotation.NonNull;
 import org.opendaylight.netconf.transport.api.TransportChannelListener;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;

 import org.opendaylight.yangtools.yang.common.Empty;
 
 /**
 import org.opendaylight.yangtools.yang.common.Empty;
 
 /**

diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPServer.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPServer.java
index 02d71be5cc063c04e0aa4dd5cf9f5d89f08552ac..eb49f2099b7981dbe3bfaa86c721060ac9e6f9ed 100644 (file)
--- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPServer.java
+++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPServer.java
@@ -21,7 +21,7 @@ import io.netty.channel.ChannelInitializer;
 import org.eclipse.jdt.annotation.NonNull;
 import org.opendaylight.netconf.transport.api.TransportChannelListener;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.eclipse.jdt.annotation.NonNull;
 import org.opendaylight.netconf.transport.api.TransportChannelListener;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;

 import org.opendaylight.yangtools.yang.common.Empty;
 
 /**
 import org.opendaylight.yangtools.yang.common.Empty;
 
 /**

diff --git a/transport/transport-tcp/src/main/yang/ietf-tcp-client@2022-12-12.yang b/transport/transport-tcp/src/main/yang/ietf-tcp-client@2023-04-17.yang
similarity index 89%
rename from transport/transport-tcp/src/main/yang/ietf-tcp-client@2022-12-12.yang
rename to transport/transport-tcp/src/main/yang/ietf-tcp-client@2023-04-17.yang
index 171b463d707842609fc9184597ec05494d025b71..95e62149b58819acece6b47e19b945d8e1440a85 100644 (file)
--- a/transport/transport-tcp/src/main/yang/ietf-tcp-client@2022-12-12.yang
+++ b/transport/transport-tcp/src/main/yang/ietf-tcp-client@2023-04-17.yang
@@ -38,7 +38,7 @@ module ietf-tcp-client {
     "This module defines reusable groupings for TCP clients that
      can be used as a basis for specific TCP client instances.
 
     "This module defines reusable groupings for TCP clients that
      can be used as a basis for specific TCP client instances.
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -59,7 +59,7 @@ module ietf-tcp-client {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -79,28 +79,39 @@ module ietf-tcp-client {
     description
       "Per socket TCP keepalive parameters are configurable for
        TCP clients on the server implementing this feature.";
     description
       "Per socket TCP keepalive parameters are configurable for
        TCP clients on the server implementing this feature.";

+    reference
+      "RFC 9293: Transmission Control Protocol (TCP)";

   }
 
   feature proxy-connect {
     description
       "Proxy connection configuration is configurable for
   }
 
   feature proxy-connect {
     description
       "Proxy connection configuration is configurable for

-       TCP clients on the server implementing this feature.";
+       TCP clients on the server implementing this feature.
+       Currently supports SOCKS 4, SOCKS 4a, and SOCKS 5.";
+    reference
+      "SOCKS Proceedings:
+         1992 Usenix Security Symposium.
+       OpenSSH message:
+         SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
+         https://www.openssh.com/txt/socks4a.protocol
+       RFC 1928:
+         SOCKS Protocol Version 5";

   }
 
   feature socks5-gss-api {
     description
   }
 
   feature socks5-gss-api {
     description

-      "Indicates that the server supports authenticating
-       using GSSAPI when initiating TCP connections via
-       and SOCKS Version 5 proxy server.";
+      "Indicates that the server, when acting as a TCP-client,
+       supports authenticating to a SOCKS Version 5 proxy server
+       using GSSAPI credentials.";

     reference
       "RFC 1928: SOCKS Protocol Version 5";
   }
 
   feature socks5-username-password {
     description
     reference
       "RFC 1928: SOCKS Protocol Version 5";
   }
 
   feature socks5-username-password {
     description

-      "Indicates that the server supports authenticating using
-       username/password when initiating TCP connections via
-       and SOCKS Version 5 proxy server.";
+      "Indicates that the server, when acting as a TCP-client,
+       supports authenticating to a SOCKS Version 5 proxy server
+       using 'username' and 'password' credentials.";

     reference
       "RFC 1928: SOCKS Protocol Version 5";
   }
     reference
       "RFC 1928: SOCKS Protocol Version 5";
   }


@@ -111,7 +122,7 @@ module ietf-tcp-client {
     description
       "A reusable grouping for configuring a TCP client.
 
     description
       "A reusable grouping for configuring a TCP client.
 

-      Note that this grouping uses fairly typical descendant
+       Note that this grouping uses fairly typical descendant

        node names such that a stack of 'uses' statements will
        have name conflicts.  It is intended that the consuming
        data model will resolve the issue (e.g., by wrapping
        node names such that a stack of 'uses' statements will
        have name conflicts.  It is intended that the consuming
        data model will resolve the issue (e.g., by wrapping


@@ -138,16 +149,15 @@ module ietf-tcp-client {
       default "0";
       description
         "The IP port number for the remote peer to establish a
       default "0";
       description
         "The IP port number for the remote peer to establish a

-         connection with.  An invalid default value (0) is used
-         (instead of 'mandatory true') so that as application
-         level data model may 'refine' it with an application
-         specific default port number value.";
+         connection with.  An invalid default value is used
+         so that importing modules may 'refine' it with the
+         appropriate default port number value.";

     }
     leaf local-address {
       if-feature "local-binding-supported";
       type inet:ip-address;
       description
     }
     leaf local-address {
       if-feature "local-binding-supported";
       type inet:ip-address;
       description

-        "The local IP address/interface (VRF?) to bind to for when
+        "The local IP address/interface to bind to for when

          connecting to the remote peer.  INADDR_ANY ('0.0.0.0') or
          INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') MAY be used to
          explicitly indicate the implicit default, that the server
          connecting to the remote peer.  INADDR_ANY ('0.0.0.0') or
          INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') MAY be used to
          explicitly indicate the implicit default, that the server

diff --git a/transport/transport-tcp/src/main/yang/ietf-tcp-common@2022-12-12.yang b/transport/transport-tcp/src/main/yang/ietf-tcp-common@2023-04-17.yang
similarity index 95%
rename from transport/transport-tcp/src/main/yang/ietf-tcp-common@2022-12-12.yang
rename to transport/transport-tcp/src/main/yang/ietf-tcp-common@2023-04-17.yang
index 48dfbab00359fcff15f505a6c1eec2f2807b0112..100380ff032c1a2f35781b56b8e387dc9266ccb3 100644 (file)
--- a/transport/transport-tcp/src/main/yang/ietf-tcp-common@2022-12-12.yang
+++ b/transport/transport-tcp/src/main/yang/ietf-tcp-common@2023-04-17.yang
@@ -20,7 +20,7 @@ module ietf-tcp-common {
     "This module defines reusable groupings for TCP commons that
      can be used as a basis for specific TCP common instances.
 
     "This module defines reusable groupings for TCP commons that
      can be used as a basis for specific TCP common instances.
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -41,7 +41,7 @@ module ietf-tcp-common {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -72,6 +72,9 @@ module ietf-tcp-common {
          aliveness of the TCP peer.  An unresponsive TCP peer is
          dropped after approximately (idle-time + max-probes
          * probe-interval) seconds.";
          aliveness of the TCP peer.  An unresponsive TCP peer is
          dropped after approximately (idle-time + max-probes
          * probe-interval) seconds.";

+      reference
+        "RFC 9293:
+          Transmission Control Protocol (TCP), Section 3.8.4..";

       leaf idle-time {
         type uint16 {
           range "1..max";
       leaf idle-time {
         type uint16 {
           range "1..max";

diff --git a/transport/transport-tcp/src/main/yang/ietf-tcp-server@2022-12-12.yang b/transport/transport-tcp/src/main/yang/ietf-tcp-server@2023-04-17.yang
similarity index 96%
rename from transport/transport-tcp/src/main/yang/ietf-tcp-server@2022-12-12.yang
rename to transport/transport-tcp/src/main/yang/ietf-tcp-server@2023-04-17.yang
index a8337ff743150328eca0e12fe34d3cf21b871d2c..734494481b841bbd0254cfe22c633391b15f6bab 100644 (file)
--- a/transport/transport-tcp/src/main/yang/ietf-tcp-server@2022-12-12.yang
+++ b/transport/transport-tcp/src/main/yang/ietf-tcp-server@2023-04-17.yang
@@ -27,12 +27,11 @@ module ietf-tcp-server {
      Authors:  Kent Watsen <mailto:kent+ietf@watsen.net>
                Michael Scharf
                <mailto:michael.scharf@hs-esslingen.de>";
      Authors:  Kent Watsen <mailto:kent+ietf@watsen.net>
                Michael Scharf
                <mailto:michael.scharf@hs-esslingen.de>";

-

   description
     "This module defines reusable groupings for TCP servers that
      can be used as a basis for specific TCP server instances.
 
   description
     "This module defines reusable groupings for TCP servers that
      can be used as a basis for specific TCP server instances.
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -53,7 +52,7 @@ module ietf-tcp-server {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -66,6 +65,8 @@ module ietf-tcp-server {
     description
       "Per socket TCP keepalive parameters are configurable for
        TCP servers on the server implementing this feature.";
     description
       "Per socket TCP keepalive parameters are configurable for
        TCP servers on the server implementing this feature.";

+    reference
+      "RFC 9293: Transmission Control Protocol (TCP)";

   }
 
   // Groupings
   }
 
   // Groupings

diff --git a/transport/transport-tcp/src/test/java/org/opendaylight/netconf/transport/tcp/TCPClientServerTest.java b/transport/transport-tcp/src/test/java/org/opendaylight/netconf/transport/tcp/TCPClientServerTest.java
index 8e970ee34c0ddd663b8edbc4ae5302fa59541ae3..238533851d20c6d643f9ac60feed8d305069f628 100644 (file)
--- a/transport/transport-tcp/src/test/java/org/opendaylight/netconf/transport/tcp/TCPClientServerTest.java
+++ b/transport/transport-tcp/src/test/java/org/opendaylight/netconf/transport/tcp/TCPClientServerTest.java
@@ -37,8 +37,8 @@ import org.opendaylight.netconf.transport.api.TransportChannelListener;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;

 import org.opendaylight.yangtools.yang.common.Uint16;
 
 @ExtendWith(MockitoExtension.class)
 import org.opendaylight.yangtools.yang.common.Uint16;
 
 @ExtendWith(MockitoExtension.class)

diff --git a/transport/transport-tls/pom.xml b/transport/transport-tls/pom.xml
index d6a1954e041415074c1d203878b5e37334a079ee..df6d074412cab963f4277ccbb5ef143b210c6719 100644 (file)
--- a/transport/transport-tls/pom.xml
+++ b/transport/transport-tls/pom.xml
@@ -23,6 +23,14 @@
     <description>NETCONF TLS transport</description>
 
     <dependencies>
     <description>NETCONF TLS transport</description>
 
     <dependencies>

+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-buffer</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-common</artifactId>
+        </dependency>

         <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-handler</artifactId>
         <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-handler</artifactId>


@@ -31,6 +39,10 @@
             <groupId>io.netty</groupId>
             <artifactId>netty-transport</artifactId>
         </dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-transport</artifactId>
         </dependency>

+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk18on</artifactId>
+        </dependency>

         <dependency>
             <groupId>org.kohsuke.metainf-services</groupId>
             <artifactId>metainf-services</artifactId>
         <dependency>
             <groupId>org.kohsuke.metainf-services</groupId>
             <artifactId>metainf-services</artifactId>


@@ -52,9 +64,10 @@
             <artifactId>truststore-api</artifactId>
         </dependency>
         <dependency>
             <artifactId>truststore-api</artifactId>
         </dependency>
         <dependency>

-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk18on</artifactId>
+            <groupId>org.opendaylight.netconf.model</groupId>
+            <artifactId>draft-ietf-netconf-crypto-types</artifactId>

         </dependency>
         </dependency>

+

         <!-- testing -->
         <dependency>
             <groupId>org.bouncycastle</groupId>
         <!-- testing -->
         <dependency>
             <groupId>org.bouncycastle</groupId>


@@ -67,5 +80,10 @@
             <classifier>linux-x86_64</classifier>
             <scope>test</scope>
         </dependency>
             <classifier>linux-x86_64</classifier>
             <scope>test</scope>
         </dependency>

+        <dependency>
+            <groupId>org.opendaylight.mdsal.binding.model.ietf</groupId>
+            <artifactId>rfc6991-ietf-inet-types</artifactId>
+            <scope>test</scope>
+        </dependency>

     </dependencies>
 </project>
     </dependencies>
 </project>

diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/ConfigUtils.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/ConfigUtils.java
index 78c42552eb997dede4dde830d507e097190d113b..a7d05b33b436094c938530034d5424f394f325a5 100644 (file)
--- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/ConfigUtils.java
+++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/ConfigUtils.java
@@ -27,15 +27,15 @@ import java.util.Map;
 import org.eclipse.jdt.annotation.NonNull;
 import org.eclipse.jdt.annotation.Nullable;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.eclipse.jdt.annotation.NonNull;
 import org.eclipse.jdt.annotation.Nullable;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.AsymmetricKeyPairGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreAsymmetricKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.LocalOrTruststoreCertsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.AsymmetricKeyPairGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping;

 
 final class ConfigUtils {
 
 
 final class ConfigUtils {
 


@@ -56,11 +56,12 @@ final class ConfigUtils {
      * @throws UnsupportedConfigurationException if error occurs
      */
     static void setX509Certificates(final @NonNull KeyStore keyStore,
      * @throws UnsupportedConfigurationException if error occurs
      */
     static void setX509Certificates(final @NonNull KeyStore keyStore,

-            final @Nullable LocalOrTruststoreCertsGrouping caCerts,
-            final @Nullable LocalOrTruststoreCertsGrouping eeCerts) throws UnsupportedConfigurationException {
+            final @Nullable InlineOrTruststoreCertsGrouping caCerts,
+            final @Nullable InlineOrTruststoreCertsGrouping eeCerts) throws UnsupportedConfigurationException {

         var certMap = ImmutableMap.<String, Certificate>builder()
                 .putAll(extractCertificates(caCerts, "ca-"))
         var certMap = ImmutableMap.<String, Certificate>builder()
                 .putAll(extractCertificates(caCerts, "ca-"))

-                .putAll(extractCertificates(eeCerts, "ee-")).build();
+                .putAll(extractCertificates(eeCerts, "ee-"))
+                .build();

         for (var entry : certMap.entrySet()) {
             try {
                 keyStore.setCertificateEntry(entry.getKey(), entry.getValue());
         for (var entry : certMap.entrySet()) {
             try {
                 keyStore.setCertificateEntry(entry.getKey(), entry.getValue());


@@ -71,20 +72,20 @@ final class ConfigUtils {
     }
 
     private static Map<String, Certificate> extractCertificates(
     }
 
     private static Map<String, Certificate> extractCertificates(

-            @Nullable final LocalOrTruststoreCertsGrouping certs,
+            @Nullable final InlineOrTruststoreCertsGrouping certs,

             @NonNull final String aliasPrefix) throws UnsupportedConfigurationException {
         if (certs == null) {
             return Map.of();
         }
             @NonNull final String aliasPrefix) throws UnsupportedConfigurationException {
         if (certs == null) {
             return Map.of();
         }

-        final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
-                        .rev221212.local.or.truststore.certs.grouping.local.or.truststore.Local.class,
-                certs.getLocalOrTruststore());
-        final var localDef = local.getLocalDefinition();
-        if (localDef == null) {
-            throw new UnsupportedConfigurationException("Missing local definition in " + local);
+        final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
+                        .rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class,
+                certs.getInlineOrTruststore());
+        final var inlineDef = inline.getInlineDefinition();
+        if (inlineDef == null) {
+            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);

         }
         final var mapBuilder = ImmutableMap.<String, Certificate>builder();
         }
         final var mapBuilder = ImmutableMap.<String, Certificate>builder();

-        for (var cert : localDef.nonnullCertificate().values()) {
+        for (var cert : inlineDef.nonnullCertificate().values()) {

             try {
                 final var alias = aliasPrefix + cert.requireName();
                 mapBuilder.put(alias, buildX509Certificate(cert.requireCertData().getValue()));
             try {
                 final var alias = aliasPrefix + cert.requireName();
                 mapBuilder.put(alias, buildX509Certificate(cert.requireCertData().getValue()));


@@ -103,27 +104,24 @@ final class ConfigUtils {
      * @throws UnsupportedConfigurationException if key pair is not set to key store
      */
     static void setAsymmetricKey(final @NonNull KeyStore keyStore,
      * @throws UnsupportedConfigurationException if key pair is not set to key store
      */
     static void setAsymmetricKey(final @NonNull KeyStore keyStore,

-            final @NonNull LocalOrKeystoreAsymmetricKeyGrouping input)
+            final @NonNull InlineOrKeystoreAsymmetricKeyGrouping input)

             throws UnsupportedConfigurationException {
 
             throws UnsupportedConfigurationException {
 

-        final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                        .local.or.keystore.asymmetric.key.grouping.local.or.keystore.Local.class,
-                input.getLocalOrKeystore());
-        final var localDef = local.getLocalDefinition();
-        if (localDef == null) {
-            throw new UnsupportedConfigurationException("Missing local definition in " + local);
+        final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+                        .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline.class,
+                input.getInlineOrKeystore());
+        final var inlineDef = inline.getInlineDefinition();
+        if (inlineDef == null) {
+            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);

         }
         }

-        final var keyPair = extractKeyPair(localDef);
-        /*
-            ietf-crypto-types:grouping asymmetric-key-pair-grouping
-            "A private key and its associated public key.  Implementations
-            SHOULD ensure that the two keys are a matching pair."
-         */
+        final var keyPair = extractKeyPair(inlineDef);
+        // ietf-crypto-types:grouping asymmetric-key-pair-grouping
+        // "A private key and its associated public key.  Implementations
+        // SHOULD ensure that the two keys are a matching pair."

         validateKeyPair(keyPair.getPublic(), keyPair.getPrivate());
         try {
         validateKeyPair(keyPair.getPublic(), keyPair.getPrivate());
         try {

-            // FIXME
-            // below line throws an exception bc keyStore does not support private key without certificate chain
-            // (belongs to implementation of raw public key feature support)
+            // FIXME: the below line throws an exception bc keyStore does not support private key without certificate
+            //        chain (belongs to implementation of raw public key feature support)

             keyStore.setKeyEntry(DEFAULT_PRIVATE_KEY_ALIAS, keyPair.getPrivate(), EMPTY_SECRET, null);
         } catch (KeyStoreException e) {
             throw new UnsupportedConfigurationException("Failed to load private key", e);
             keyStore.setKeyEntry(DEFAULT_PRIVATE_KEY_ALIAS, keyPair.getPrivate(), EMPTY_SECRET, null);
         } catch (KeyStoreException e) {
             throw new UnsupportedConfigurationException("Failed to load private key", e);


@@ -139,26 +137,25 @@ final class ConfigUtils {
      * @throws UnsupportedConfigurationException if key pair and certificate are not set to key store
      */
     static void setEndEntityCertificateWithKey(final @NonNull KeyStore keyStore,
      * @throws UnsupportedConfigurationException if key pair and certificate are not set to key store
      */
     static void setEndEntityCertificateWithKey(final @NonNull KeyStore keyStore,

-            final @NonNull LocalOrKeystoreEndEntityCertWithKeyGrouping input) throws UnsupportedConfigurationException {
-        final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                        .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.Local.class,
-                input.getLocalOrKeystore());
-        final var localDef = local.getLocalDefinition();
-        if (localDef == null) {
-            throw new UnsupportedConfigurationException("Missing local definition in " + local);
+            final @NonNull InlineOrKeystoreEndEntityCertWithKeyGrouping input)
+                throws UnsupportedConfigurationException {
+        final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+                        .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline.class,
+                input.getInlineOrKeystore());
+        final var inlineDef = inline.getInlineDefinition();
+        if (inlineDef == null) {
+            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);

         }
         }

-        final var keyPair = extractKeyPair(localDef);
+        final var keyPair = extractKeyPair(inlineDef);

         final Certificate certificate;
         try {
         final Certificate certificate;
         try {

-            certificate = buildX509Certificate(localDef.requireCertData().getValue());
+            certificate = buildX509Certificate(inlineDef.requireCertData().getValue());

         } catch (IOException | CertificateException e) {
         } catch (IOException | CertificateException e) {

-            throw new UnsupportedConfigurationException("Failed to load certificate" + localDef, e);
+            throw new UnsupportedConfigurationException("Failed to load certificate" + inlineDef, e);

         }
         }

-        /*
-          ietf-crypto-types:asymmetric-key-pair-with-cert-grouping
-          "A private/public key pair and an associated certificate.
-          Implementations SHOULD assert that certificates contain the matching public key."
-         */
+        // ietf-crypto-types:asymmetric-key-pair-with-cert-grouping
+        // "A private/public key pair and an associated certificate.
+        // Implementations SHOULD assert that certificates contain the matching public key."

         validateKeyPair(keyPair.getPublic(), keyPair.getPrivate());
         validatePublicKey(keyPair.getPublic(), certificate);
         try {
         validateKeyPair(keyPair.getPublic(), keyPair.getPrivate());
         validatePublicKey(keyPair.getPublic(), certificate);
         try {

diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsClientFeatureProvider.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsClientFeatureProvider.java
index 21e1bef96e102183932402500457036480bccf1e..e651f0b489815d99894bf7a6338ac4fd8ea7de5b 100644 (file)
--- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsClientFeatureProvider.java
+++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsClientFeatureProvider.java
@@ -10,9 +10,9 @@ package org.opendaylight.netconf.transport.tls;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.ClientIdentX509Cert;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.IetfTlsClientData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.ServerAuthX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.ClientIdentX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.IetfTlsClientData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.ServerAuthX509Cert;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 

diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsCommonFeatureProvider.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsCommonFeatureProvider.java
index 604877dabaf76c4c0bf72f9640048ad4407734b1..927a7dce27b04004d497b670bb5ea686addb3418 100644 (file)
--- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsCommonFeatureProvider.java
+++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsCommonFeatureProvider.java
@@ -12,13 +12,13 @@ import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.eclipse.jdt.annotation.Nullable;
 import org.kohsuke.MetaInfServices;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.eclipse.jdt.annotation.Nullable;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.HelloParams;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.IetfTlsCommonData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.Tls12$F;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.Tls12$I;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.Tls13$F;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.Tls13$I;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.TlsVersionBase;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParams;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.IetfTlsCommonData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls12$F;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls12$I;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls13$F;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls13$I;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.TlsVersionBase;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 

diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsServerFeatureProvider.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsServerFeatureProvider.java
index d29068b0a04c3f4ef635b142de43d7477ab74597..6537f86115acac85fe4d71a3199b0ab3dc1c654a 100644 (file)
--- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsServerFeatureProvider.java
+++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsServerFeatureProvider.java
@@ -10,10 +10,10 @@ package org.opendaylight.netconf.transport.tls;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.ClientAuthSupported;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.ClientAuthX509Cert;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.IetfTlsServerData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.ServerIdentX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ClientAuthSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ClientAuthX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.IetfTlsServerData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ServerIdentX509Cert;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 

diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SSLEngineFactory.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SSLEngineFactory.java
index a35ff52c9d9de4686f3b8acc23871118be81bf4c..c75edfc635c04547cf8e6719d31cc997462c9279 100644 (file)
--- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SSLEngineFactory.java
+++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SSLEngineFactory.java
@@ -19,7 +19,7 @@ import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.HelloParamsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParamsGrouping;

 
 /**
  * A pre-configured factory for creating {@link SslHandler}s.
 
 /**
  * A pre-configured factory for creating {@link SslHandler}s.

diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSClient.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSClient.java
index e20f6b7e157a236c371d5cb4b9ce7e1617a68af1..b3ec9b7591a5b09ed95c144511cb6868081156f2 100644 (file)
--- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSClient.java
+++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSClient.java
@@ -18,11 +18,11 @@ import org.opendaylight.netconf.transport.api.TransportStack;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.opendaylight.netconf.transport.tcp.TCPClient;
 import org.opendaylight.netconf.transport.tcp.TCPServer;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.opendaylight.netconf.transport.tcp.TCPClient;
 import org.opendaylight.netconf.transport.tcp.TCPServer;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.TlsClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.client.identity.auth.type.Certificate;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.client.identity.auth.type.RawPublicKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.Certificate;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.RawPublicKey;

 
 /**
  * A {@link TransportStack} acting as a TLS client.
 
 /**
  * A {@link TransportStack} acting as a TLS client.

diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSServer.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSServer.java
index 0c7cc60bd75ce4936366eb6696e19e30b23e79fe..3f0e52726bc08b8eafec672fedc461186c051c4b 100644 (file)
--- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSServer.java
+++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSServer.java
@@ -19,11 +19,11 @@ import org.opendaylight.netconf.transport.api.TransportStack;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.opendaylight.netconf.transport.tcp.TCPClient;
 import org.opendaylight.netconf.transport.tcp.TCPServer;
 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
 import org.opendaylight.netconf.transport.tcp.TCPClient;
 import org.opendaylight.netconf.transport.tcp.TCPServer;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.TlsServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.tls.server.grouping.server.identity.auth.type.Certificate;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.tls.server.grouping.server.identity.auth.type.RawPrivateKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.TlsServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.Certificate;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.RawPrivateKey;

 
 /**
  * A {@link TransportStack} acting as a TLS server.
 
 /**
  * A {@link TransportStack} acting as a TLS server.

diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSTransportStack.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSTransportStack.java
index 3c4ed1e39a30ac7d834be71097c229f08a18a9d5..2fd483a386bfa8897cd88d8c221f4d3d23d35b45 100644 (file)
--- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSTransportStack.java
+++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSTransportStack.java
@@ -56,12 +56,12 @@ import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithAes128GcmSha256;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithAes256GcmSha384;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithChacha20Poly1305Sha256;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithAes128GcmSha256;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithAes256GcmSha384;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithChacha20Poly1305Sha256;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreAsymmetricKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.HelloParamsGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.TlsVersionBase;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.LocalOrTruststoreCertsGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.LocalOrTruststorePublicKeysGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParamsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.TlsVersionBase;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststorePublicKeysGrouping;

 
 /**
  * Base class for TLS TransportStacks.
 
 /**
  * Base class for TLS TransportStacks.


@@ -126,14 +126,14 @@ public abstract sealed class TLSTransportStack extends AbstractOverlayTransportS
     }
 
     static KeyManagerFactory newKeyManager(
     }
 
     static KeyManagerFactory newKeyManager(

-            final @NonNull LocalOrKeystoreEndEntityCertWithKeyGrouping endEntityCert
+            final @NonNull InlineOrKeystoreEndEntityCertWithKeyGrouping endEntityCert

     ) throws UnsupportedConfigurationException {
         final var keyStore = newKeyStore();
         setEndEntityCertificateWithKey(keyStore, endEntityCert);
         return buildKeyManagerFactory(keyStore);
     }
 
     ) throws UnsupportedConfigurationException {
         final var keyStore = newKeyStore();
         setEndEntityCertificateWithKey(keyStore, endEntityCert);
         return buildKeyManagerFactory(keyStore);
     }
 

-    static KeyManagerFactory newKeyManager(final @NonNull LocalOrKeystoreAsymmetricKeyGrouping rawPrivateKey)
+    static KeyManagerFactory newKeyManager(final @NonNull InlineOrKeystoreAsymmetricKeyGrouping rawPrivateKey)

             throws UnsupportedConfigurationException {
         final var keyStore = newKeyStore();
         setAsymmetricKey(keyStore, rawPrivateKey);
             throws UnsupportedConfigurationException {
         final var keyStore = newKeyStore();
         setAsymmetricKey(keyStore, rawPrivateKey);


@@ -142,9 +142,9 @@ public abstract sealed class TLSTransportStack extends AbstractOverlayTransportS
 
     // FIXME: should be TrustManagerBuilder
     protected static @Nullable TrustManagerFactory newTrustManager(
 
     // FIXME: should be TrustManagerBuilder
     protected static @Nullable TrustManagerFactory newTrustManager(

-            final @Nullable LocalOrTruststoreCertsGrouping caCerts,
-            final @Nullable LocalOrTruststoreCertsGrouping eeCerts,
-            final @Nullable LocalOrTruststorePublicKeysGrouping publicKeys) throws UnsupportedConfigurationException {
+            final @Nullable InlineOrTruststoreCertsGrouping caCerts,
+            final @Nullable InlineOrTruststoreCertsGrouping eeCerts,
+            final @Nullable InlineOrTruststorePublicKeysGrouping publicKeys) throws UnsupportedConfigurationException {

 
         if (publicKeys != null) {
             // FIXME: implement this and advertize server-auth-raw-public-key from IetfTlsClientFeatureProvider
 
         if (publicKeys != null) {
             // FIXME: implement this and advertize server-auth-raw-public-key from IetfTlsClientFeatureProvider

diff --git a/transport/transport-tls/src/main/yang/ietf-tls-client@2022-12-12.yang b/transport/transport-tls/src/main/yang/ietf-tls-client@2023-04-17.yang
similarity index 94%
rename from transport/transport-tls/src/main/yang/ietf-tls-client@2022-12-12.yang
rename to transport/transport-tls/src/main/yang/ietf-tls-client@2023-04-17.yang
index 00b7ad379536059d7cf64bdd9454570c1acaa39e..8bcdb0178b5b297a0cf8524f3b5b6aa3d9c11f15 100644 (file)
--- a/transport/transport-tls/src/main/yang/ietf-tls-client@2022-12-12.yang
+++ b/transport/transport-tls/src/main/yang/ietf-tls-client@2023-04-17.yang
@@ -46,7 +46,7 @@ module ietf-tls-client {
     "This module defines reusable groupings for TLS clients that
      can be used as a basis for specific TLS client instances.
 
     "This module defines reusable groupings for TLS clients that
      can be used as a basis for specific TLS client instances.
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -67,7 +67,7 @@ module ietf-tls-client {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -208,12 +208,13 @@ module ietf-tls-client {
             description
               "Specifies the client identity using a certificate.";
             uses
             description
               "Specifies the client identity using a certificate.";
             uses

-              ks:local-or-keystore-end-entity-cert-with-key-grouping{
-              refine "local-or-keystore/local/local-definition" {
+              "ks:inline-or-keystore-end-entity-cert-with-key-"
+              + "grouping" {
+              refine "inline-or-keystore/inline/inline-definition" {

                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:subject-public-key-info-format")';
               }
                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:subject-public-key-info-format")';
               }

-              refine "local-or-keystore/keystore/keystore-reference"
+              refine "inline-or-keystore/keystore/keystore-reference"

                    + "/asymmetric-key" {
                 must 'derived-from-or-self(deref(.)/../ks:public-'
                    + 'key-format, "ct:subject-public-key-info-'
                    + "/asymmetric-key" {
                 must 'derived-from-or-self(deref(.)/../ks:public-'
                    + 'key-format, "ct:subject-public-key-info-'


@@ -228,12 +229,13 @@ module ietf-tls-client {
             description
               "Specifies the client identity using a raw
                private key.";
             description
               "Specifies the client identity using a raw
                private key.";

-            uses ks:local-or-keystore-asymmetric-key-grouping {
-              refine "local-or-keystore/local/local-definition" {
+            uses ks:inline-or-keystore-asymmetric-key-grouping {
+              refine "inline-or-keystore/inline/inline-definition" {

                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:subject-public-key-info-format")';
               }
                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:subject-public-key-info-format")';
               }

-              refine "local-or-keystore/keystore/keystore-reference"{
+              refine
+                "inline-or-keystore/keystore/keystore-reference" {

                 must 'derived-from-or-self(deref(.)/../ks:public-'
                    + 'key-format, "ct:subject-public-key-info-'
                    + 'format")';
                 must 'derived-from-or-self(deref(.)/../ks:public-'
                    + 'key-format, "ct:subject-public-key-info-'
                    + 'format")';


@@ -247,7 +249,7 @@ module ietf-tls-client {
             description
               "Specifies the client identity using a PSK (pre-shared
                or pairwise-symmetric key).";
             description
               "Specifies the client identity using a PSK (pre-shared
                or pairwise-symmetric key).";

-            uses ks:local-or-keystore-symmetric-key-grouping;
+            uses ks:inline-or-keystore-symmetric-key-grouping;

             leaf id {
               type string;
               description
             leaf id {
               type string;
               description


@@ -279,7 +281,7 @@ module ietf-tls-client {
               and the EPSK input fields detailed in I-D
               draft-ietf-tls-external-psk-importer
               Section 3.1.  The base-key is based upon
               and the EPSK input fields detailed in I-D
               draft-ietf-tls-external-psk-importer
               Section 3.1.  The base-key is based upon

-              ks:local-or-keystore-symmetric-key-grouping
+              ks:inline-or-keystore-symmetric-key-grouping

               in order to provide users with flexible and
               secure storage options.";
             reference
               in order to provide users with flexible and
               secure storage options.";
             reference


@@ -289,7 +291,7 @@ module ietf-tls-client {
                          Importing External PSKs for TLS
                I-D.ietf-tls-external-psk-guidance:
                          Guidance for External PSK Usage in TLS";
                          Importing External PSKs for TLS
                I-D.ietf-tls-external-psk-guidance:
                          Guidance for External PSK Usage in TLS";

-            uses ks:local-or-keystore-symmetric-key-grouping;
+            uses ks:inline-or-keystore-symmetric-key-grouping;

             leaf external-identity {
               type string;
               mandatory true;
             leaf external-identity {
               type string;
               mandatory true;


@@ -388,7 +390,7 @@ module ietf-tls-client {
            chain of trust to a configured CA certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            chain of trust to a configured CA certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-certs-grouping;
+        uses ts:inline-or-truststore-certs-grouping;

       }
       container ee-certs {
         if-feature "server-auth-x509-cert";
       }
       container ee-certs {
         if-feature "server-auth-x509-cert";


@@ -404,7 +406,7 @@ module ietf-tls-client {
            match to a configured server certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            match to a configured server certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-certs-grouping;
+        uses ts:inline-or-truststore-certs-grouping;

       }
       container raw-public-keys {
         if-feature "server-auth-raw-public-key";
       }
       container raw-public-keys {
         if-feature "server-auth-raw-public-key";


@@ -419,13 +421,13 @@ module ietf-tls-client {
            is an exact match to a configured raw public key.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            is an exact match to a configured raw public key.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-public-keys-grouping {
-          refine "local-or-truststore/local/local-definition/"
+        uses ts:inline-or-truststore-public-keys-grouping {
+          refine "inline-or-truststore/inline/inline-definition/"

                + "public-key" {
             must 'derived-from-or-self(public-key-format,'
                + ' "ct:subject-public-key-info-format")';
           }
                + "public-key" {
             must 'derived-from-or-self(public-key-format,'
                + ' "ct:subject-public-key-info-format")';
           }

-          refine "local-or-truststore/truststore/truststore-"
+          refine "inline-or-truststore/truststore/truststore-"

                + "reference" {
             must 'not(deref(.)/../ts:public-key/ts:public-key-'
                + 'format[not(derived-from-or-self(., "ct:subject-'
                + "reference" {
             must 'not(deref(.)/../ts:public-key/ts:public-key-'
                + 'format[not(derived-from-or-self(., "ct:subject-'

diff --git a/transport/transport-tls/src/main/yang/ietf-tls-common@2022-12-12.yang b/transport/transport-tls/src/main/yang/ietf-tls-common@2023-04-17.yang
similarity index 97%
rename from transport/transport-tls/src/main/yang/ietf-tls-common@2022-12-12.yang
rename to transport/transport-tls/src/main/yang/ietf-tls-common@2023-04-17.yang
index 7c6c0c450d1a73d578a614199741c3fa1c588730..5ad06f4198be5d612cf747f6a4fdadf251e745b5 100644 (file)
--- a/transport/transport-tls/src/main/yang/ietf-tls-common@2022-12-12.yang
+++ b/transport/transport-tls/src/main/yang/ietf-tls-common@2023-04-17.yang
@@ -35,7 +35,7 @@ module ietf-tls-common {
     "This module defines a common features and groupings for
      Transport Layer Security (TLS).
 
     "This module defines a common features and groupings for
      Transport Layer Security (TLS).
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -56,7 +56,7 @@ module ietf-tls-common {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -271,6 +271,7 @@ module ietf-tls-common {
         description
           "A choice amongst optional private key handling.";
         case cleartext {
         description
           "A choice amongst optional private key handling.";
         case cleartext {

+          if-feature "ct:cleartext-private-keys";

           leaf cleartext {
             type empty;
             description
           leaf cleartext {
             type empty;
             description


@@ -279,7 +280,7 @@ module ietf-tls-common {
           }
         }
         case encrypt {
           }
         }
         case encrypt {

-          if-feature "ct:private-key-encryption";
+          if-feature "ct:encrypted-private-keys";

           container encrypt-with {
             description
                "Indicates that the key is to be encrypted using
           container encrypt-with {
             description
                "Indicates that the key is to be encrypted using


@@ -288,7 +289,7 @@ module ietf-tls-common {
           }
         }
         case hide {
           }
         }
         case hide {

-          if-feature "ct:hidden-keys";
+          if-feature "ct:hidden-private-keys";

           leaf hide {
             type empty;
             description
           leaf hide {
             type empty;
             description

diff --git a/transport/transport-tls/src/main/yang/ietf-tls-server@2022-12-12.yang b/transport/transport-tls/src/main/yang/ietf-tls-server@2023-04-17.yang
similarity index 94%
rename from transport/transport-tls/src/main/yang/ietf-tls-server@2022-12-12.yang
rename to transport/transport-tls/src/main/yang/ietf-tls-server@2023-04-17.yang
index 4fb37ef4e25cbe953b484ddb038c6fc1110bf5a0..70db15024a259313f177a0fd9552a6a7c3072799 100644 (file)
--- a/transport/transport-tls/src/main/yang/ietf-tls-server@2022-12-12.yang
+++ b/transport/transport-tls/src/main/yang/ietf-tls-server@2023-04-17.yang
@@ -46,7 +46,7 @@ module ietf-tls-server {
     "This module defines reusable groupings for TLS servers that
      can be used as a basis for specific TLS server instances.
 
     "This module defines reusable groupings for TLS servers that
      can be used as a basis for specific TLS server instances.
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -67,7 +67,7 @@ module ietf-tls-server {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -210,12 +210,13 @@ module ietf-tls-server {
             description
               "Specifies the server identity using a certificate.";
             uses
             description
               "Specifies the server identity using a certificate.";
             uses

-              ks:local-or-keystore-end-entity-cert-with-key-grouping{
-              refine "local-or-keystore/local/local-definition" {
+              "ks:inline-or-keystore-end-entity-cert-with-key-"
+              + "grouping" {
+              refine "inline-or-keystore/inline/inline-definition" {

                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:subject-public-key-info-format")';
               }
                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:subject-public-key-info-format")';
               }

-              refine "local-or-keystore/keystore/keystore-reference"
+              refine "inline-or-keystore/keystore/keystore-reference"

                    + "/asymmetric-key" {
                 must 'derived-from-or-self(deref(.)/../ks:public-'
                    + 'key-format, "ct:subject-public-key-info-'
                    + "/asymmetric-key" {
                 must 'derived-from-or-self(deref(.)/../ks:public-'
                    + 'key-format, "ct:subject-public-key-info-'


@@ -230,12 +231,13 @@ module ietf-tls-server {
             description
               "Specifies the server identity using a raw
                private key.";
             description
               "Specifies the server identity using a raw
                private key.";

-            uses ks:local-or-keystore-asymmetric-key-grouping {
-              refine "local-or-keystore/local/local-definition" {
+            uses ks:inline-or-keystore-asymmetric-key-grouping {
+              refine "inline-or-keystore/inline/inline-definition" {

                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:subject-public-key-info-format")';
               }
                 must 'derived-from-or-self(public-key-format,'
                    + ' "ct:subject-public-key-info-format")';
               }

-              refine "local-or-keystore/keystore/keystore-reference"{
+              refine
+                "inline-or-keystore/keystore/keystore-reference" {

                 must 'derived-from-or-self(deref(.)/../ks:public-'
                    + 'key-format, "ct:subject-public-key-info-'
                    + 'format")';
                 must 'derived-from-or-self(deref(.)/../ks:public-'
                    + 'key-format, "ct:subject-public-key-info-'
                    + 'format")';


@@ -249,7 +251,7 @@ module ietf-tls-server {
             description
               "Specifies the server identity using a PSK (pre-shared
                or pairwise-symmetric key).";
             description
               "Specifies the server identity using a PSK (pre-shared
                or pairwise-symmetric key).";

-            uses ks:local-or-keystore-symmetric-key-grouping;
+            uses ks:inline-or-keystore-symmetric-key-grouping;

             leaf id_hint {
               type string;
               description
             leaf id_hint {
               type string;
               description


@@ -281,7 +283,7 @@ module ietf-tls-server {
               and the EPSK input fields detailed in
               I-D draft-ietf-tls-external-psk-importer
               Section 3.1.  The base-key is based upon
               and the EPSK input fields detailed in
               I-D draft-ietf-tls-external-psk-importer
               Section 3.1.  The base-key is based upon

-              ks:local-or-keystore-symmetric-key-grouping
+              ks:inline-or-keystore-symmetric-key-grouping

               in order to provide users with flexible and
               secure storage options.";
             reference
               in order to provide users with flexible and
               secure storage options.";
             reference


@@ -291,7 +293,7 @@ module ietf-tls-server {
                          External PSKs for TLS
                I-D.ietf-tls-external-psk-guidance: Guidance
                          for External PSK Usage in TLS";
                          External PSKs for TLS
                I-D.ietf-tls-external-psk-guidance: Guidance
                          for External PSK Usage in TLS";

-            uses ks:local-or-keystore-symmetric-key-grouping;
+            uses ks:inline-or-keystore-symmetric-key-grouping;

             leaf external-identity {
               type string;
               mandatory true;
             leaf external-identity {
               type string;
               mandatory true;


@@ -396,7 +398,7 @@ module ietf-tls-server {
            chain of trust to a configured CA certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            chain of trust to a configured CA certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-certs-grouping;
+        uses ts:inline-or-truststore-certs-grouping;

       }
       container ee-certs {
         if-feature "client-auth-x509-cert";
       }
       container ee-certs {
         if-feature "client-auth-x509-cert";


@@ -412,7 +414,7 @@ module ietf-tls-server {
            match to a configured client certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            match to a configured client certificate.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-certs-grouping;
+        uses ts:inline-or-truststore-certs-grouping;

       }
       container raw-public-keys {
         if-feature "client-auth-raw-public-key";
       }
       container raw-public-keys {
         if-feature "client-auth-raw-public-key";


@@ -427,13 +429,13 @@ module ietf-tls-server {
            is an exact match to a configured raw public key.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";
            is an exact match to a configured raw public key.";
         reference
           "RFC BBBB: A YANG Data Model for a Truststore";

-        uses ts:local-or-truststore-public-keys-grouping {
-          refine "local-or-truststore/local/local-definition/"
+        uses ts:inline-or-truststore-public-keys-grouping {
+          refine "inline-or-truststore/inline/inline-definition/"

                + "public-key" {
             must 'derived-from-or-self(public-key-format,'
                + ' "ct:subject-public-key-info-format")';
           }
                + "public-key" {
             must 'derived-from-or-self(public-key-format,'
                + ' "ct:subject-public-key-info-format")';
           }

-          refine "local-or-truststore/truststore/truststore-"
+          refine "inline-or-truststore/truststore/truststore-"

                + "reference" {
             must 'not(deref(.)/../ts:public-key/ts:public-key-'
                + 'format[not(derived-from-or-self(., "ct:subject-'
                + "reference" {
             must 'not(deref(.)/../ts:public-key/ts:public-key-'
                + 'format[not(derived-from-or-self(., "ct:subject-'

diff --git a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/ConfigUtilsTest.java b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/ConfigUtilsTest.java
index acd9df1f9171424536a1d94b519ac13556a1e46e..3524ea5ca1a958a499602c04705b912e03b3db96 100644 (file)
--- a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/ConfigUtilsTest.java
+++ b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/ConfigUtilsTest.java
@@ -16,7 +16,7 @@ import static org.opendaylight.netconf.transport.tls.ConfigUtils.DEFAULT_PRIVATE
 import static org.opendaylight.netconf.transport.tls.ConfigUtils.EMPTY_SECRET;
 import static org.opendaylight.netconf.transport.tls.TestUtils.buildAsymmetricKeyGrouping;
 import static org.opendaylight.netconf.transport.tls.TestUtils.buildEndEntityCertWithKeyGrouping;
 import static org.opendaylight.netconf.transport.tls.ConfigUtils.EMPTY_SECRET;
 import static org.opendaylight.netconf.transport.tls.TestUtils.buildAsymmetricKeyGrouping;
 import static org.opendaylight.netconf.transport.tls.TestUtils.buildEndEntityCertWithKeyGrouping;

-import static org.opendaylight.netconf.transport.tls.TestUtils.buildLocalOrTruststore;
+import static org.opendaylight.netconf.transport.tls.TestUtils.buildInlineOrTruststore;

 import static org.opendaylight.netconf.transport.tls.TestUtils.generateX509CertData;
 
 import java.security.KeyStore;
 import static org.opendaylight.netconf.transport.tls.TestUtils.generateX509CertData;
 
 import java.security.KeyStore;


@@ -31,16 +31,14 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.PrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.PublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.server.authentication.CaCerts;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.server.authentication.CaCertsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.server.authentication.EeCerts;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.server.authentication.EeCertsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.server.authentication.CaCertsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.server.authentication.EeCertsBuilder;

 
 class ConfigUtilsTest {
 
 
 class ConfigUtilsTest {
 


@@ -61,10 +59,10 @@ class ConfigUtilsTest {
         assertFalse(keyStore.aliases().hasMoreElements());
 
         // defined
         assertFalse(keyStore.aliases().hasMoreElements());
 
         // defined

-        final var localOrTruststore = buildLocalOrTruststore(
+        final var inlineOrTruststore = buildInlineOrTruststore(

                 Map.of("cert-rsa", rsaCertData.certBytes(), "cert-ec", ecCertData.certBytes()));
                 Map.of("cert-rsa", rsaCertData.certBytes(), "cert-ec", ecCertData.certBytes()));

-        final CaCerts caCerts = new CaCertsBuilder().setLocalOrTruststore(localOrTruststore).build();
-        final EeCerts eeCerts = new EeCertsBuilder().setLocalOrTruststore(localOrTruststore).build();
+        final var caCerts = new CaCertsBuilder().setInlineOrTruststore(inlineOrTruststore).build();
+        final var eeCerts = new EeCertsBuilder().setInlineOrTruststore(inlineOrTruststore).build();

         ConfigUtils.setX509Certificates(keyStore, caCerts, eeCerts);
 
         final List<String> aliases = Collections.list(keyStore.aliases());
         ConfigUtils.setX509Certificates(keyStore, caCerts, eeCerts);
 
         final List<String> aliases = Collections.list(keyStore.aliases());

diff --git a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TestUtils.java b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TestUtils.java
index 6f554605b24ab71b2ce00a345c6347a53423da27..3d666b1c54a9fc5bbfe35100419e5fe2c09513a9 100644 (file)
--- a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TestUtils.java
+++ b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TestUtils.java
@@ -18,7 +18,6 @@ import java.time.Duration;
 import java.time.Instant;
 import java.util.Date;
 import java.util.Map;
 import java.time.Instant;
 import java.util.Date;
 import java.util.Map;

-import java.util.stream.Collectors;

 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;


@@ -26,16 +25,17 @@ import org.bouncycastle.crypto.util.OpenSSHPublicKeyUtil;
 import org.bouncycastle.crypto.util.PublicKeyFactory;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.bouncycastle.crypto.util.PublicKeyFactory;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EndEntityCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.PrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.PublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.TrustAnchorCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreAsymmetricKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.tls.server.grouping.server.identity.auth.type.raw._private.key.RawPrivateKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.local.or.truststore.certs.grouping.LocalOrTruststore;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.local.or.truststore.certs.grouping.local.or.truststore.local.local.definition.CertificateBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EndEntityCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.TrustAnchorCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.raw._private.key.RawPrivateKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.InlineOrTruststore;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder;
+import org.opendaylight.yangtools.yang.binding.util.BindingMap;

 
 public final class TestUtils {
     private static final SecureRandom SECURE_RANDOM = new SecureRandom();
 
 public final class TestUtils {
     private static final SecureRandom SECURE_RANDOM = new SecureRandom();


@@ -44,57 +44,59 @@ public final class TestUtils {
         // utility class
     }
 
         // utility class
     }
 

-    public static LocalOrTruststore buildLocalOrTruststore(Map<String, byte[]> certNameToBytesMap) {
-        final var certMap = certNameToBytesMap.entrySet().stream()
-                .map(entry -> new CertificateBuilder()
+    public static InlineOrTruststore buildInlineOrTruststore(final Map<String, byte[]> certNameToBytesMap) {
+        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+            .inline.or.truststore.certs.grouping.inline.or.truststore.InlineBuilder()
+            .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+                .inline.or.truststore.certs.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
+                .setCertificate(certNameToBytesMap.entrySet().stream()
+                    .map(entry -> new CertificateBuilder()

                         .setName(entry.getKey())
                         .setCertData(new TrustAnchorCertCms(entry.getValue()))
                         .setName(entry.getKey())
                         .setCertData(new TrustAnchorCertCms(entry.getValue()))

-                        .build()
-                ).collect(Collectors.toMap(cert -> cert.key(), cert -> cert));
-        final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore.certs.grouping.local.or.truststore.local.LocalDefinitionBuilder()
-                .setCertificate(certMap).build();
-        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
-                .local.or.truststore.certs.grouping.local.or.truststore.LocalBuilder()
-                .setLocalDefinition(localDef).build();
+                        .build())
+                    .collect(BindingMap.toMap()))
+                .build())
+            .build();

     }
 
     }
 

-    public static LocalOrKeystoreAsymmetricKeyGrouping buildAsymmetricKeyGrouping(
+    public static InlineOrKeystoreAsymmetricKeyGrouping buildAsymmetricKeyGrouping(

             final PublicKeyFormat publicKeyFormat, final byte[] publicKeyBytes,
             final PrivateKeyFormat privateKeyFormat, final byte[] privateKeyBytes) {
             final PublicKeyFormat publicKeyFormat, final byte[] publicKeyBytes,
             final PrivateKeyFormat privateKeyFormat, final byte[] privateKeyBytes) {

-        final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                .local.or.keystore.asymmetric.key.grouping.local.or.keystore.local.LocalDefinitionBuilder()
-                .setPublicKeyFormat(publicKeyFormat)
-                .setPublicKey(publicKeyBytes)
-                .setPrivateKeyFormat(privateKeyFormat)
-                .setPrivateKeyType(new CleartextPrivateKeyBuilder().setCleartextPrivateKey(privateKeyBytes).build())
-                .build();

         return new RawPrivateKeyBuilder()
         return new RawPrivateKeyBuilder()

-                .setLocalOrKeystore(
-                        new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                                .local.or.keystore.asymmetric.key.grouping.local.or.keystore.LocalBuilder()
-                                .setLocalDefinition(localDef).build())
-                .build();
+            .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+                .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder()
+                .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore
+                    .rev230417.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline
+                    .InlineDefinitionBuilder()
+                        .setPublicKeyFormat(publicKeyFormat)
+                        .setPublicKey(publicKeyBytes)
+                        .setPrivateKeyFormat(privateKeyFormat)
+                        .setPrivateKeyType(new CleartextPrivateKeyBuilder()
+                            .setCleartextPrivateKey(privateKeyBytes)
+                            .build())
+                        .build())
+                .build())
+            .build();

     }
 
     }
 

-    public static LocalOrKeystoreEndEntityCertWithKeyGrouping buildEndEntityCertWithKeyGrouping(
+    public static InlineOrKeystoreEndEntityCertWithKeyGrouping buildEndEntityCertWithKeyGrouping(

             final PublicKeyFormat publicKeyFormat, final byte[] publicKeyBytes,
             final PrivateKeyFormat privateKeyFormat, final byte[] privateKeyBytes, final byte[] certificateBytes) {
             final PublicKeyFormat publicKeyFormat, final byte[] publicKeyBytes,
             final PrivateKeyFormat privateKeyFormat, final byte[] privateKeyBytes, final byte[] certificateBytes) {

-        final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.local.LocalDefinitionBuilder()
-                .setPublicKeyFormat(publicKeyFormat)
-                .setPublicKey(publicKeyBytes)
-                .setPrivateKeyFormat(privateKeyFormat)
-                .setPrivateKeyType(new CleartextPrivateKeyBuilder().setCleartextPrivateKey(privateKeyBytes).build())
-                .setCertData(new EndEntityCertCms(certificateBytes))
-                .build();
-        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212
-                .tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder()
-                .setLocalOrKeystore(
-                        new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
-                                .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.LocalBuilder()
-                                .setLocalDefinition(localDef).build())
-                .build();
+        return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+            .tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder()
+            .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+                .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.InlineBuilder()
+                .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore
+                    .rev230417.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline
+                    .InlineDefinitionBuilder()
+                    .setPublicKeyFormat(publicKeyFormat)
+                    .setPublicKey(publicKeyBytes)
+                    .setPrivateKeyFormat(privateKeyFormat)
+                    .setPrivateKeyType(new CleartextPrivateKeyBuilder().setCleartextPrivateKey(privateKeyBytes).build())
+                    .setCertData(new EndEntityCertCms(certificateBytes))
+                    .build())
+                .build())
+            .build();

     }
 
     public static X509CertData generateX509CertData(final String algorithm) throws Exception {
     }
 
     public static X509CertData generateX509CertData(final String algorithm) throws Exception {

diff --git a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TlsClientServerTest.java b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TlsClientServerTest.java
index a4406c21072951b167674fc430fe40aabc575b4b..622802eb6c191fac63c58cee1213322c64913dfa 100644 (file)
--- a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TlsClientServerTest.java
+++ b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TlsClientServerTest.java
@@ -17,7 +17,7 @@ import static org.mockito.Mockito.when;
 import static org.opendaylight.netconf.transport.tls.KeyUtils.EC_ALGORITHM;
 import static org.opendaylight.netconf.transport.tls.KeyUtils.RSA_ALGORITHM;
 import static org.opendaylight.netconf.transport.tls.TestUtils.buildEndEntityCertWithKeyGrouping;
 import static org.opendaylight.netconf.transport.tls.KeyUtils.EC_ALGORITHM;
 import static org.opendaylight.netconf.transport.tls.KeyUtils.RSA_ALGORITHM;
 import static org.opendaylight.netconf.transport.tls.TestUtils.buildEndEntityCertWithKeyGrouping;

-import static org.opendaylight.netconf.transport.tls.TestUtils.buildLocalOrTruststore;
+import static org.opendaylight.netconf.transport.tls.TestUtils.buildInlineOrTruststore;

 import static org.opendaylight.netconf.transport.tls.TestUtils.generateX509CertData;
 import static org.opendaylight.netconf.transport.tls.TestUtils.isRSA;
 
 import static org.opendaylight.netconf.transport.tls.TestUtils.generateX509CertData;
 import static org.opendaylight.netconf.transport.tls.TestUtils.isRSA;
 


@@ -43,20 +43,20 @@ import org.mockito.junit.jupiter.MockitoExtension;
 import org.opendaylight.netconf.transport.api.TransportChannel;
 import org.opendaylight.netconf.transport.api.TransportChannelListener;
 import org.opendaylight.netconf.transport.tcp.NettyTransportSupport;
 import org.opendaylight.netconf.transport.api.TransportChannel;
 import org.opendaylight.netconf.transport.api.TransportChannelListener;
 import org.opendaylight.netconf.transport.tcp.NettyTransportSupport;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;

 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.TlsClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.ServerAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.TlsServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.tls.server.grouping.ClientAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.tls.server.grouping.ServerIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.ServerAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.TlsServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.ClientAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.ServerIdentityBuilder;

 import org.opendaylight.yangtools.yang.common.Uint16;
 
 @ExtendWith(MockitoExtension.class)
 import org.opendaylight.yangtools.yang.common.Uint16;
 
 @ExtendWith(MockitoExtension.class)


@@ -121,41 +121,47 @@ class TlsClientServerTest {
         final var data = generateX509CertData(algorithm);
 
         // common config parts
         final var data = generateX509CertData(algorithm);
 
         // common config parts

-        var localOrKeystore = buildEndEntityCertWithKeyGrouping(
+        var inlineOrKeystore = buildEndEntityCertWithKeyGrouping(

                 SubjectPublicKeyInfoFormat.VALUE, data.publicKey(),
                 isRSA(algorithm) ? RsaPrivateKeyFormat.VALUE : EcPrivateKeyFormat.VALUE,
                 SubjectPublicKeyInfoFormat.VALUE, data.publicKey(),
                 isRSA(algorithm) ? RsaPrivateKeyFormat.VALUE : EcPrivateKeyFormat.VALUE,

-                data.privateKey(), data.certBytes()).getLocalOrKeystore();
-        var localOrTrustStore = buildLocalOrTruststore(Map.of("cert", data.certBytes()));
+                data.privateKey(), data.certBytes()).getInlineOrKeystore();
+        var inlineOrTrustStore = buildInlineOrTruststore(Map.of("cert", data.certBytes()));

 
         // client config
         final var clientIdentity = new ClientIdentityBuilder()
 
         // client config
         final var clientIdentity = new ClientIdentityBuilder()

-                .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212
-                        .tls.client.grouping.client.identity.auth.type.CertificateBuilder()
-                        .setCertificate(
-                                new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212
-                                        .tls.client.grouping.client.identity.auth.type.certificate.CertificateBuilder()
-                                        .setLocalOrKeystore(localOrKeystore)
-                                        .build()).build()).build();
-        final var serverAuth = new ServerAuthenticationBuilder().setCaCerts(
-                new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212
-                        .tls.client.grouping.server.authentication.CaCertsBuilder()
-                        .setLocalOrTruststore(localOrTrustStore).build()).build();
+            .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417
+                .tls.client.grouping.client.identity.auth.type.CertificateBuilder()
+                .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417
+                    .tls.client.grouping.client.identity.auth.type.certificate.CertificateBuilder()
+                    .setInlineOrKeystore(inlineOrKeystore)
+                    .build())
+                .build())
+            .build();
+        final var serverAuth = new ServerAuthenticationBuilder()
+            .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417
+                .tls.client.grouping.server.authentication.CaCertsBuilder()
+                .setInlineOrTruststore(inlineOrTrustStore)
+                .build())
+            .build();

         when(tlsClientConfig.getClientIdentity()).thenReturn(clientIdentity);
         when(tlsClientConfig.getServerAuthentication()).thenReturn(serverAuth);
 
         // server config
         final var serverIdentity = new ServerIdentityBuilder()
         when(tlsClientConfig.getClientIdentity()).thenReturn(clientIdentity);
         when(tlsClientConfig.getServerAuthentication()).thenReturn(serverAuth);
 
         // server config
         final var serverIdentity = new ServerIdentityBuilder()

-                .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212
-                        .tls.server.grouping.server.identity.auth.type.CertificateBuilder()
-                        .setCertificate(
-                                new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212
-                                        .tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder()
-                                        .setLocalOrKeystore(localOrKeystore)
-                                        .build()).build()).build();
-        final var clientAuth = new ClientAuthenticationBuilder().setCaCerts(
-                new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212
-                        .tls.server.grouping.client.authentication.CaCertsBuilder()
-                        .setLocalOrTruststore(localOrTrustStore).build()).build();
+            .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+                .tls.server.grouping.server.identity.auth.type.CertificateBuilder()
+                .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+                    .tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder()
+                    .setInlineOrKeystore(inlineOrKeystore)
+                    .build())
+                .build())
+            .build();
+        final var clientAuth = new ClientAuthenticationBuilder()
+            .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+                .tls.server.grouping.client.authentication.CaCertsBuilder()
+                .setInlineOrTruststore(inlineOrTrustStore)
+                .build())
+            .build();

         when(tlsServerConfig.getServerIdentity()).thenReturn(serverIdentity);
         when(tlsServerConfig.getClientAuthentication()).thenReturn(clientAuth);
 
         when(tlsServerConfig.getServerIdentity()).thenReturn(serverIdentity);
         when(tlsServerConfig.getClientAuthentication()).thenReturn(clientAuth);
 


@@ -190,7 +196,7 @@ class TlsClientServerTest {
         }
     }
 
         }
     }
 

-    private static Channel assertChannel(List<TransportChannel> transportChannels) {
+    private static Channel assertChannel(final List<TransportChannel> transportChannels) {

         assertNotNull(transportChannels);
         assertEquals(1, transportChannels.size());
         final var channel = assertInstanceOf(TLSTransportChannel.class, transportChannels.get(0)).channel();
         assertNotNull(transportChannels);
         assertEquals(1, transportChannels.size());
         final var channel = assertInstanceOf(TLSTransportChannel.class, transportChannels.get(0)).channel();

diff --git a/truststore/truststore-api/src/main/yang/ietf-truststore@2022-12-12.yang b/truststore/truststore-api/src/main/yang/ietf-truststore@2023-04-17.yang
similarity index 94%
rename from truststore/truststore-api/src/main/yang/ietf-truststore@2022-12-12.yang
rename to truststore/truststore-api/src/main/yang/ietf-truststore@2023-04-17.yang
index f74f1ef1dbd35fd9d4f81de78966ea50ea80bbb1..cd0d875f1c68aec55b4e8d80f834e8cc17f4513a 100644 (file)
--- a/truststore/truststore-api/src/main/yang/ietf-truststore@2022-12-12.yang
+++ b/truststore/truststore-api/src/main/yang/ietf-truststore@2023-04-17.yang
@@ -26,7 +26,7 @@ module ietf-truststore {
     "This module defines a 'truststore' to centralize management
      of trust anchors including certificates and public keys.
 
     "This module defines a 'truststore' to centralize management
      of trust anchors including certificates and public keys.
 

-     Copyright (c) 2022 IETF Trust and the persons identified
+     Copyright (c) 2023 IETF Trust and the persons identified

      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with
      as authors of the code. All rights reserved.
 
      Redistribution and use in source and binary forms, with


@@ -47,7 +47,7 @@ module ietf-truststore {
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 
      (RFC 8174) when, and only when, they appear in all
      capitals, as shown here.";
 

-  revision 2022-12-12 {
+  revision 2023-04-17 {

     description
       "Initial version";
     reference
     description
       "Initial version";
     reference


@@ -65,9 +65,9 @@ module ietf-truststore {
        'ietf-truststore' module).";
   }
 
        'ietf-truststore' module).";
   }
 

-  feature local-definitions-supported {
+  feature inline-definitions-supported {

     description
     description

-      "The 'local-definitions-supported' feature indicates that
+      "The 'inline-definitions-supported' feature indicates that

        the server supports locally-defined trust anchors.";
   }
   feature certificates {
        the server supports locally-defined trust anchors.";
   }
   feature certificates {


@@ -138,7 +138,7 @@ module ietf-truststore {
   /*   Groupings   */
   /*****************/
 
   /*   Groupings   */
   /*****************/
 

-  grouping local-or-truststore-certs-grouping {
+  grouping inline-or-truststore-certs-grouping {

     description
       "A grouping that allows the certificates to be either
        configured locally, within the using data model, or be a
     description
       "A grouping that allows the certificates to be either
        configured locally, within the using data model, or be a


@@ -148,15 +148,15 @@ module ietf-truststore {
        'central-truststore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate truststore locations.";
        'central-truststore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate truststore locations.";

-    choice local-or-truststore {
+    choice inline-or-truststore {

       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the truststore.";
       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the truststore.";

-      case local {
-        if-feature "local-definitions-supported";
-        container local-definition {
+      case inline {
+        if-feature "inline-definitions-supported";
+        container inline-definition {

           description
             "A container for locally configured trust anchor
              certificates.";
           description
             "A container for locally configured trust anchor
              certificates.";


@@ -191,7 +191,7 @@ module ietf-truststore {
     }
   }
 
     }
   }
 

-  grouping local-or-truststore-public-keys-grouping {
+  grouping inline-or-truststore-public-keys-grouping {

     description
       "A grouping that allows the public keys to be either
        configured locally, within the using data model, or be a
     description
       "A grouping that allows the public keys to be either
        configured locally, within the using data model, or be a


@@ -201,15 +201,15 @@ module ietf-truststore {
        'central-truststore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate truststore locations.";
        'central-truststore-supported' is not defined, SHOULD
        augment in custom 'case' statements enabling references
        to the alternate truststore locations.";

-    choice local-or-truststore {
+    choice inline-or-truststore {

       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the truststore.";
       nacm:default-deny-write;
       mandatory true;
       description
         "A choice between an inlined definition and a definition
          that exists in the truststore.";

-      case local {
-        if-feature "local-definitions-supported";
-        container local-definition {
+      case inline {
+        if-feature "inline-definitions-supported";
+        container inline-definition {

           description
             "A container to hold local public key definitions.";
           list public-key {
           description
             "A container to hold local public key definitions.";
           list public-key {


@@ -242,7 +242,7 @@ module ietf-truststore {
     description
       "A grouping definition that enables use in other contexts.
        Where used, implementations MUST augment new 'case'
     description
       "A grouping definition that enables use in other contexts.
        Where used, implementations MUST augment new 'case'

-       statements into the various local-or-truststore 'choice'
+       statements into the various inline-or-truststore 'choice'

        statements to supply leafrefs to the model-specific
        location(s).";
     container certificate-bags {
        statements to supply leafrefs to the model-specific
        location(s).";
     container certificate-bags {

diff --git a/truststore/truststore-none/src/main/java/org/opendaylight/netconf/truststore/none/NoneTruststoreFeatureProvider.java b/truststore/truststore-none/src/main/java/org/opendaylight/netconf/truststore/none/NoneTruststoreFeatureProvider.java
index 0bce94af0877fcdb0d6eaf5826d7a6b441ee2ead..625e82477f013ed9a306d625f997a95407fbcf68 100644 (file)
--- a/truststore/truststore-none/src/main/java/org/opendaylight/netconf/truststore/none/NoneTruststoreFeatureProvider.java
+++ b/truststore/truststore-none/src/main/java/org/opendaylight/netconf/truststore/none/NoneTruststoreFeatureProvider.java
@@ -10,8 +10,8 @@ package org.opendaylight.netconf.truststore.none;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;
 import java.util.Set;
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.kohsuke.MetaInfServices;

-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.IetfTruststoreData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.LocalDefinitionsSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.IetfTruststoreData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineDefinitionsSupported;

 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 
 import org.opendaylight.yangtools.yang.binding.YangFeature;
 import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
 


@@ -28,6 +28,6 @@ public final class NoneTruststoreFeatureProvider implements YangFeatureProvider<
 
     @Override
     public Set<? extends YangFeature<?, IetfTruststoreData>> supportedFeatures() {
 
     @Override
     public Set<? extends YangFeature<?, IetfTruststoreData>> supportedFeatures() {

-        return Set.of(LocalDefinitionsSupported.VALUE);
+        return Set.of(InlineDefinitionsSupported.VALUE);

     }
 }
     }
 }