import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.connection.parameters.Protocol;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.connection.parameters.ProtocolBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev231121.NetconfNodeBuilder;
import org.opendaylight.netconf.transport.ssh.SSHServer;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev230417.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev231228.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.opendaylight.netconf.transport.tcp.TCPServer;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev230417.netconf.server.listen.stack.grouping.transport.tls.tls.TcpServerParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev231228.netconf.server.listen.stack.grouping.transport.tls.tls.TcpServerParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.opendaylight.netconf.client.mdsal.api.SslHandlerFactoryProvider;
import org.opendaylight.netconf.shaded.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.opendaylight.netconf.shaded.sshd.common.keyprovider.KeyIdentityProvider;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.PasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.client.identity.PasswordBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.connection.parameters.Protocol.Name;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.Credentials;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.credentials.KeyAuth;
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
feature central-keystore-supported {
description
"The 'central-keystore-supported' feature indicates that
- the server supports the keystore (i.e., implements the
- 'ietf-keystore' module).";
+ the server supports the central keystore (i.e., fully
+ implements the 'ietf-keystore' module).";
}
feature inline-definitions-supported {
}
description
"This typedef enables modules to easily define a reference
- to a symmetric key stored in the keystore, when this
- module is implemented.";
+ to a symmetric key stored in the central keystore.";
}
typedef asymmetric-key-ref {
}
description
"This typedef enables modules to easily define a reference
- to an asymmetric key stored in the keystore, when this
- module is implemented.";
+ to an asymmetric key stored in the central keystore.";
}
/*****************/
/* Groupings */
/*****************/
- grouping encrypted-by-choice-grouping {
+ grouping encrypted-by-grouping {
description
"A grouping that defines a 'choice' statement that can be
augmented into the 'encrypted-by' node, present in the
'symmetric-key-grouping' and 'asymmetric-key-pair-grouping'
groupings defined in RFC AAAA, enabling references to keys
- in the keystore, when this module is implemented.";
- choice encrypted-by-choice {
+ in the central keystore.";
+ choice encrypted-by {
nacm:default-deny-write;
mandatory true;
description
}
}
+ // *-ref groupings
+
grouping asymmetric-key-certificate-ref-grouping {
description
- "This grouping defines a reference to a specific certificate
- associated with an asymmetric key stored in the keystore,
- when this module is implemented.";
+ "Grouping for the reference to a certificate associated
+ with an asymmetric key stored in the central keystore.";
leaf asymmetric-key {
nacm:default-deny-write;
if-feature "central-keystore-supported";
grouping inline-or-keystore-symmetric-key-grouping {
description
- "A grouping that expands to allow the symmetric key to be
- either stored locally, i.e., within the using data model,
- or a reference to a symmetric key stored in the keystore.
-
- Servers that do not 'implement' this module, and hence
- 'central-keystore-supported' is not defined, SHOULD
- augment in custom 'case' statements enabling references
- to the alternate keystore locations.";
+ "A grouping for the configuration of a symmetric key. The
+ symmetric key may be defined inline or as a reference to
+ a symmetric key stored in the central keystore.
+
+ Servers that do not define the 'central-keystore-supported'
+ feature SHOULD augment in custom 'case' statements enabling
+ references to alternate keystore locations.";
choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
uses ct:symmetric-key-grouping;
}
}
- case keystore {
+ case central-keystore {
if-feature "central-keystore-supported";
if-feature "symmetric-keys";
- leaf keystore-reference {
+ leaf central-keystore-reference {
type ks:symmetric-key-ref;
description
"A reference to an symmetric key that exists in
- the keystore, when this module is implemented.";
+ the central keystore.";
}
}
}
grouping inline-or-keystore-asymmetric-key-grouping {
description
- "A grouping that expands to allow the asymmetric key to be
- either stored locally, i.e., within the using data model,
- or a reference to an asymmetric key stored in the keystore.
-
- Servers that do not 'implement' this module, and hence
- 'central-keystore-supported' is not defined, SHOULD
- augment in custom 'case' statements enabling references
- to the alternate keystore locations.";
+ "A grouping for the configuration of an asymmetric key. The
+ asymmetric key may be defined inline or as a reference to
+ an asymmetric key stored in the central keystore.
+
+ Servers that do not define the 'central-keystore-supported'
+ feature SHOULD augment in custom 'case' statements enabling
+ references to alternate keystore locations.";
choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
uses ct:asymmetric-key-pair-grouping;
}
}
- case keystore {
+ case central-keystore {
if-feature "central-keystore-supported";
if-feature "asymmetric-keys";
- leaf keystore-reference {
+ leaf central-keystore-reference {
type ks:asymmetric-key-ref;
description
"A reference to an asymmetric key that exists in
- the keystore, when this module is implemented. The
- intent is to reference just the asymmetric key
- without any regard for any certificates that may
- be associated with it.";
+ the central keystore. The intent is to reference
+ just the asymmetric key without any regard for
+ any certificates that may be associated with it.";
}
}
}
grouping inline-or-keystore-asymmetric-key-with-certs-grouping {
description
- "A grouping that expands to allow an asymmetric key and
- its associated certificates to be either stored locally,
- i.e., within the using data model, or a reference to an
- asymmetric key (and its associated certificates) stored
- in the keystore.
-
- Servers that do not 'implement' this module, and hence
- 'central-keystore-supported' is not defined, SHOULD
- augment in custom 'case' statements enabling references
- to the alternate keystore locations.";
+ "A grouping for the configuration of an asymmetric key and
+ its associated certificates. The asymmetric key and its
+ associated certificates may be defined inline or as a
+ reference to an asymmetric key (and its associated
+ certificates) in the central keystore.
+
+ Servers that do not define the 'central-keystore-supported'
+ feature SHOULD augment in custom 'case' statements enabling
+ references to alternate keystore locations.";
choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
uses ct:asymmetric-key-pair-with-certs-grouping;
}
}
- case keystore {
+ case central-keystore {
if-feature "central-keystore-supported";
if-feature "asymmetric-keys";
- leaf keystore-reference {
+ leaf central-keystore-reference {
type ks:asymmetric-key-ref;
description
"A reference to an asymmetric-key (and all of its
grouping inline-or-keystore-end-entity-cert-with-key-grouping {
description
- "A grouping that expands to allow an end-entity certificate
- (and its associated asymmetric key pair) to be either stored
- locally, i.e., within the using data model, or a reference
- to a specific certificate in the keystore.
-
- Servers that do not 'implement' this module, and hence
- 'central-keystore-supported' is not defined, SHOULD
- augment in custom 'case' statements enabling references
- to the alternate keystore locations.";
+ "A grouping for the configuration of an asymmetric key and
+ its associated end-entity certificate. The asymmetric key
+ and its associated end-entity certificate may be defined
+ inline or as a reference to an asymmetric key (and its
+ associated end-entity certificate) in the central keystore.
+
+ Servers that do not define the 'central-keystore-supported'
+ feature SHOULD augment in custom 'case' statements enabling
+ references to alternate keystore locations.";
choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
uses ct:asymmetric-key-pair-with-cert-grouping;
}
}
- case keystore {
+ case central-keystore {
if-feature "central-keystore-supported";
if-feature "asymmetric-keys";
- container keystore-reference {
+ container central-keystore-reference {
uses asymmetric-key-certificate-ref-grouping;
description
"A reference to a specific certificate associated with
- an asymmetric key stored in the keystore, when this
- module is implemented.";
+ an asymmetric key stored in the central keystore.";
}
}
}
}
+ // the keystore grouping
+
grouping keystore-grouping {
description
"Grouping definition enables use in other contexts. If ever
"Augments in a choice statement enabling the encrypting
key to be any other symmetric or asymmetric key in the
central keystore.";
- uses encrypted-by-choice-grouping;
+ uses encrypted-by-grouping;
}
augment "asymmetric-keys/asymmetric-key/private-key-type/"
+ "encrypted-private-key/encrypted-private-key/"
"Augments in a choice statement enabling the encrypting
key to be any other symmetric or asymmetric key in the
central keystore.";
- uses encrypted-by-choice-grouping;
+ uses encrypted-by-grouping;
}
}
}
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.AsymmetricKeys;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.IetfKeystoreData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineDefinitionsSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.AsymmetricKeys;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.IetfKeystoreData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineDefinitionsSupported;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
"Indicates that the server supports the
'cms-encrypted-data-format' identity.";
}
+
feature p10-csr-format {
description
"Indicates that the server implements support
scope of this specification. This is also true when
the octet string has been encrypted.";
}
+
identity one-symmetric-key-format {
if-feature "one-symmetric-key-format";
base symmetric-key-format;
Specification Version 1.7";
}
+
/***************************************************/
/* Typedefs for ASN.1 structures from RFC 2986 */
/***************************************************/
}
}
- grouping asymmetric-key-pair-grouping {
+ grouping private-key-grouping {
description
- "A private key and its associated public key. Implementations
- SHOULD ensure that the two keys are a matching pair.";
- uses public-key-grouping;
+ "A private key.";
leaf private-key-format {
nacm:default-deny-write;
type identityref {
}
}
+ grouping asymmetric-key-pair-grouping {
+ description
+ "A private key and, optionally, its associated public key.
+ Implementations SHOULD ensure that the two keys, when both
+ are specified, are a matching pair.";
+ uses public-key-grouping {
+ refine public-key-format {
+ mandatory false;
+ }
+ refine public-key {
+ mandatory false;
+ }
+ }
+ uses private-key-grouping;
+ }
+
grouping certificate-expiration-grouping {
description
"A notification for when a certificate is about to, or
uses certificate-expiration-grouping;
}
+
+
grouping generate-csr-grouping {
description
"Defines the 'generate-csr' action.";
import org.opendaylight.netconf.transport.ssh.SSHTransportStackFactory;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.opendaylight.netconf.transport.tls.TLSClient;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
public final class CallHomeTlsServer implements AutoCloseable {
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.Capabilities;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.CapabilitiesBuilder;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.Capabilities;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.CapabilitiesBuilder;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev230417.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev231228.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Revision;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.opendaylight.yangtools.yang.model.api.EffectiveModelContext;
import org.opendaylight.netconf.test.tool.TestToolUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.netconf.base._1._0.rev110601.CommitInput;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.netconf.base._1._0.rev110601.EditConfigInput;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPasswordBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.PasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.client.identity.PasswordBuilder;
import org.opendaylight.yangtools.yang.common.QName;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.slf4j.Logger;
import org.opendaylight.netconf.client.conf.NetconfClientConfigurationBuilder;
import org.opendaylight.netconf.test.tool.config.Configuration;
import org.opendaylight.netconf.test.tool.config.ConfigurationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPasswordBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.listen.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.PasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.listen.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.client.identity.PasswordBuilder;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.w3c.dom.Document;
* Basic interface for {@link SslHandler} builder. Used to establish TSL connection.
*
* @deprecated due to design change. SslHandler will be created dynamically based on TLS layer configuration
- * {@link org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping}
+ * {@link org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping}
* by {@link NetconfClientFactory}.
*/
@Deprecated
import org.opendaylight.netconf.transport.ssh.ClientFactoryManagerConfigurator;
import org.opendaylight.netconf.transport.tls.SslHandlerFactory;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping;
public final class NetconfClientConfiguration {
import org.opendaylight.netconf.transport.ssh.ClientFactoryManagerConfigurator;
import org.opendaylight.netconf.transport.tls.SslHandlerFactory;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping;
/**
* Builder for {@link NetconfClientConfiguration}.
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
grouping netconf-client-initiate-stack-grouping {
description
"A reusable grouping for configuring a NETCONF client
- 'initiate' protocol stack for a single connection.";
+ 'initiate' protocol stack for a single outbound connection.";
choice transport {
mandatory true;
description
if-feature "ssh-initiate";
container ssh {
description
- "Specifies IP and SSH specific configuration
+ "Specifies TCP, SSH, and NETCONF configuration
for the connection.";
container tcp-client-parameters {
description
- "A wrapper around the TCP client parameters
- to avoid name collisions.";
+ "TCP-level client parameters to initiate
+ a NETCONF over SSH connection.";
uses tcpc:tcp-client-grouping {
refine "remote-port" {
default "830";
}
container ssh-client-parameters {
description
- "A wrapper around the SSH client parameters to
- avoid name collisions.";
+ "SSH-level client parameters to initiate
+ a NETCONF over SSH connection.";
uses sshc:ssh-client-grouping;
}
container netconf-client-parameters {
description
- "A wrapper around the NETCONF client parameters
- to avoid name collisions.
-
- This container does not define any nodes. It
- exists as a potential augmentation target by
- other modules.";
+ "NETCONF-level client parameters to initiate
+ a NETCONF over SSH connection.";
uses ncc:netconf-client-grouping;
}
}
if-feature "tls-initiate";
container tls {
description
- "Specifies IP and TLS specific configuration
+ "Specifies TCP, TLS, and NETCONF configuration
for the connection.";
container tcp-client-parameters {
description
- "A wrapper around the TCP client parameters
- to avoid name collisions.";
+ "TCP-level client parameters to initiate
+ a NETCONF over TLS connection.";
uses tcpc:tcp-client-grouping {
refine "remote-port" {
default "6513";
authentication credentials.";
}
description
- "A wrapper around the TLS client parameters
- to avoid name collisions.";
+ "TLS-level client parameters to initiate
+ a NETCONF over TLS connection.";
uses tlsc:tls-client-grouping;
}
container netconf-client-parameters {
description
- "A wrapper around the NETCONF client parameters
- to avoid name collisions.
-
- This container does not define any nodes. It
- exists as a potential augmentation target by
- other modules.";
+ "NETCONF-level client parameters to initiate
+ a NETCONF over TLS connection.";
uses ncc:netconf-client-grouping;
}
}
grouping netconf-client-listen-stack-grouping {
description
"A reusable grouping for configuring a NETCONF client
- 'listen' protocol stack for a single connection. The
+ 'listen' protocol stack for listening on a single port. The
'listen' stack supports call home connections, as
described in RFC 8071";
reference
if-feature "ssh-listen";
container ssh {
description
- "SSH-specific listening configuration for inbound
- connections.";
+ "TCP, SSH, and NETCONF configuration to listen
+ for NETCONF over SSH Call Home connections.";
container tcp-server-parameters {
description
- "A wrapper around the TCP server parameters
- to avoid name collisions.";
+ "TCP-level server parameters to listen for
+ NETCONF over SSH Call Home connections.";
uses tcps:tcp-server-grouping {
refine "local-port" {
default "4334";
}
container ssh-client-parameters {
description
- "A wrapper around the SSH client parameters
- to avoid name collisions.";
+ "SSH-level client parameters to listen for
+ NETCONF over SSH Call Home connections.";
uses sshc:ssh-client-grouping;
}
container netconf-client-parameters {
description
- "A wrapper around the NETCONF client parameters
- to avoid name collisions.
-
- This container does not define any nodes. It
- exists as a potential augmentation target by
- other modules.";
+ "NETCONF-level client parameters to listen for
+ NETCONF over SSH Call Home connections.";
uses ncc:netconf-client-grouping;
}
}
if-feature "tls-listen";
container tls {
description
- "TLS-specific listening configuration for inbound
- connections.";
+ "TCP, TLS, and NETCONF configuration to listen
+ for NETCONF over TLS Call Home connections.";
container tcp-server-parameters {
description
- "A wrapper around the TCP server parameters
- to avoid name collisions.";
+ "TCP-level server parameters to listen for
+ NETCONF over TLS Call Home connections.";
uses tcps:tcp-server-grouping {
refine "local-port" {
default "4335";
authentication credentials.";
}
description
- "A wrapper around the TLS client parameters
- to avoid name collisions.";
+ "TLS-level client parameters to listen for
+ NETCONF over TLS Call Home connections.";
uses tlsc:tls-client-grouping;
}
container netconf-client-parameters {
description
- "A wrapper around the NETCONF client parameters
- to avoid name collisions.
-
- This container does not define any nodes. It
- exists as a potential augmentation target by
- other modules.";
+ "NETCONF-level client parameters to listen for
+ NETCONF over TLS Call Home connections.";
uses ncc:netconf-client-grouping;
}
}
number of seconds. If set to zero, then the server
will never drop a session because it is idle.";
}
- list endpoint {
- key "name";
- min-elements 1;
+ container endpoints {
description
- "List of endpoints to listen for NETCONF connections.";
- leaf name {
- type string;
+ "Container for a list of endpoints.";
+ list endpoint {
+ key "name";
+ min-elements 1;
description
- "An arbitrary name for the NETCONF listen endpoint.";
+ "List of endpoints to listen for NETCONF connections.";
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for the NETCONF listen endpoint.";
+ }
+ uses netconf-client-listen-stack-grouping;
}
- uses netconf-client-listen-stack-grouping;
- } // endpoint
+ }
} // listen
} // netconf-client-app-grouping
import org.opendaylight.netconf.transport.ssh.ClientFactoryManagerConfigurator;
import org.opendaylight.netconf.transport.tls.SslHandlerFactory;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping;
@ExtendWith(MockitoExtension.class)
class NetconfClientConfigurationTest {
import org.opendaylight.netconf.transport.tcp.TCPServer;
import org.opendaylight.netconf.transport.tls.TLSServer;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.crypt.hash.rev140806.CryptHash;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228._private.key.grouping._private.key.type.CleartextPrivateKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPasswordBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline.InlineDefinitionBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.tls.tls.TcpClientParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.listen.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.PasswordBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.UsersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.UserBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.server.identity.HostKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.server.identity.host.key.host.key.type.PublicKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline.InlineDefinitionBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.tls.tls.TcpClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.listen.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.client.identity.PasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.UsersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.users.UserBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.server.identity.HostKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.server.identity.host.key.host.key.type.PublicKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
@ExtendWith(MockitoExtension.class)
).build();
final var inline = new InlineBuilder().setInlineDefinition(inlineDef).build();
final var publicKey = new PublicKeyBuilder().setPublicKey(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.host.key.host.key.type._public.key
.PublicKeyBuilder().setInlineOrKeystore(inline).build()
).build();
prefix x509c2n;
reference
"RFC 7407: A YANG Data Model for SNMP Configuration";
- }
+ }
import ietf-tcp-client {
prefix tcpc;
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
grouping netconf-server-listen-stack-grouping {
description
"A reusable grouping for configuring a NETCONF server
- 'listen' protocol stack for a single connection.";
+ 'listen' protocol stack for listening on a single port.";
choice transport {
mandatory true;
description
if-feature "ssh-listen";
container ssh {
description
- "SSH-specific listening configuration for inbound
- connections.";
+ "TCP, SSH, and NETCONF configuration to listen
+ for NETCONF over SSH connections.";
container tcp-server-parameters {
description
- "A wrapper around the TCP client parameters
- to avoid name collisions.";
+ "TCP-level server parameters to listen
+ for NETCONF over SSH connections.";
uses tcps:tcp-server-grouping {
refine "local-port" {
default "830";
}
container ssh-server-parameters {
description
- "A wrapper around the SSH server parameters
- to avoid name collisions.";
+ "SSH-level server parameters to listen
+ for NETCONF over SSH connections.";
uses sshs:ssh-server-grouping;
}
container netconf-server-parameters {
description
- "A wrapper around the NETCONF server parameters
- to avoid name collisions.";
+ "NETCONF-level server parameters to listen
+ for NETCONF over SSH connections.";
uses ncs:netconf-server-grouping {
refine "client-identity-mappings" {
if-feature "sshcmn:ssh-x509-certs";
description
- "Augments in an 'if-feature' statement
+ "Adds in an 'if-feature' statement
ensuring the 'client-identity-mappings'
descendant is enabled only when SSH
supports X.509 certificates.";
if-feature "tls-listen";
container tls {
description
- "TLS-specific listening configuration for inbound
- connections.";
+ "TCP, TLS, and NETCONF configuration to listen
+ for NETCONF over TLS connections.";
container tcp-server-parameters {
description
- "A wrapper around the TCP client parameters
- to avoid name collisions.";
+ "TCP-level server parameters to listen
+ for NETCONF over TLS connections.";
uses tcps:tcp-server-grouping {
refine "local-port" {
default "6513";
}
container tls-server-parameters {
description
- "A wrapper around the TLS server parameters to
- avoid name collisions.";
+ "TLS-level server parameters to listen
+ for NETCONF over TLS connections.";
uses tlss:tls-server-grouping {
refine "client-authentication" {
must 'ca-certs or ee-certs';
description
"NETCONF/TLS servers MUST validate client
certificates. This configures certificates
- at the socket-level (i.e. bags), more
+ at the socket-level (i.e. bags). More
discriminating client-certificate checks
SHOULD be implemented by the application.";
reference
}
container netconf-server-parameters {
description
- "A wrapper around the NETCONF server parameters
- to avoid name collisions.";
+ "NETCONF-level server parameters to listen
+ for NETCONF over TLS connections.";
uses ncs:netconf-server-grouping {
refine "client-identity-mappings/cert-to-name" {
min-elements 1;
grouping netconf-server-callhome-stack-grouping {
description
"A reusable grouping for configuring a NETCONF server
- 'call-home' protocol stack, for a single connection.";
+ 'call-home' protocol stack, for a single outbound
+ connection.";
choice transport {
mandatory true;
description
if-feature "ssh-call-home";
container ssh {
description
- "Specifies SSH-specific call-home transport
- configuration.";
+ "TCP, SSH, and NETCONF configuration to initiate
+ a NETCONF over SSH Call Home connection.";
container tcp-client-parameters {
description
- "A wrapper around the TCP client parameters
- to avoid name collisions.";
+ "TCP-level client parameters to initiate a
+ NETCONF over SSH Call Home connection.";
uses tcpc:tcp-client-grouping {
refine "remote-port" {
default "4334";
}
container ssh-server-parameters {
description
- "A wrapper around the SSH server parameters
- to avoid name collisions.";
+ "SSH-level server parameters to initiate a
+ NETCONF over SSH Call Home connection.";
uses sshs:ssh-server-grouping;
}
container netconf-server-parameters {
description
- "A wrapper around the NETCONF server parameters
- to avoid name collisions.";
+ "NETCONF-level server parameters to initiate a
+ NETCONF over SSH Call Home connection.";
uses ncs:netconf-server-grouping {
refine "client-identity-mappings" {
if-feature "sshcmn:ssh-x509-certs";
description
- "Augments in an 'if-feature' statement
+ "Adds in an 'if-feature' statement
ensuring the 'client-identity-mappings'
descendant is enabled only when SSH
supports X.509 certificates.";
if-feature "tls-call-home";
container tls {
description
- "Specifies TLS-specific call-home transport
- configuration.";
+ "TCP, TLS, and NETCONF configuration to initiate
+ a NETCONF over TLS Call Home connection.";
container tcp-client-parameters {
description
- "A wrapper around the TCP client parameters
- to avoid name collisions.";
+ "TCP-level client parameters to initiate a
+ NETCONF over TLS Call Home connection.";
uses tcpc:tcp-client-grouping {
refine "remote-port" {
default "4335";
}
container tls-server-parameters {
description
- "A wrapper around the TLS server parameters to
- avoid name collisions.";
+ "TLS-level server parameters to initiate a
+ NETCONF over TLS Call Home connection.";
uses tlss:tls-server-grouping {
refine "client-authentication" {
must 'ca-certs or ee-certs';
description
"NETCONF/TLS servers MUST validate client
certificates. This configures certificates
- at the socket-level (i.e. bags), more
+ at the socket-level (i.e. bags). More
discriminating client-certificate checks
SHOULD be implemented by the application.";
reference
}
container netconf-server-parameters {
description
- "A wrapper around the NETCONF server parameters
- to avoid name collisions.";
+ "NETCONF-level server parameters to initiate a
+ NETCONF over TLS Call Home connection.";
uses ncs:netconf-server-grouping {
refine "client-identity-mappings/cert-to-name" {
min-elements 1;
number of seconds. If set to zero, then the server
will never drop a session because it is idle.";
}
- list endpoint {
- key "name";
- min-elements 1;
+ container endpoints {
description
- "List of endpoints to listen for NETCONF connections.";
- leaf name {
- type string;
+ "Container for a list of endpoints.";
+ list endpoint {
+ key "name";
+ min-elements 1;
description
- "An arbitrary name for the NETCONF listen endpoint.";
+ "List of endpoints to listen for NETCONF connections.";
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for the NETCONF listen endpoint.";
+ }
+ uses netconf-server-listen-stack-grouping;
}
- uses netconf-server-listen-stack-grouping;
}
}
container call-home {
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.Capabilities;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.CapabilitiesBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev230417.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev231228.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.opendaylight.yangtools.concepts.Registration;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.slf4j.Logger;
import org.opendaylight.netconf.shaded.sshd.common.kex.KeyExchangeFactory;
import org.opendaylight.netconf.shaded.sshd.common.session.SessionHeartbeatController;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.AsymmetricKeyPairGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.SshHostKeys;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.TransportParamsGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.KeyExchange;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.AsymmetricKeyPairGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228._private.key.grouping._private.key.type.CleartextPrivateKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.server.authentication.SshHostKeys;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.TransportParamsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.transport.params.grouping.KeyExchange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.InlineOrTruststoreCertsGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.opendaylight.yangtools.yang.common.Uint8;
}
static List<KeyPair> extractServerHostKeys(
- final List<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ final List<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.HostKey> serverHostKeys)
throws UnsupportedConfigurationException {
var listBuilder = ImmutableList.<KeyPair>builder();
for (var hostKey : serverHostKeys) {
if (hostKey.getHostKeyType()
- instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.host.key.host.key.type.PublicKey publicKey
&& publicKey.getPublicKey() != null) {
listBuilder.add(extractKeyPair(publicKey.getPublicKey().getInlineOrKeystore()));
} else if (hostKey.getHostKeyType()
- instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.host.key.host.key.type.Certificate certificate
&& certificate.getCertificate() != null) {
listBuilder.add(extractCertificateEntry(certificate.getCertificate()).getKey());
}
static KeyPair extractKeyPair(
- final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore input)
throws UnsupportedConfigurationException {
- final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline.class, input);
final var inlineDef = inline.getInlineDefinition();
if (inlineDef == null) {
return List.of();
}
final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
- .rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class,
+ .rev231228.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class,
input.getInlineOrTruststore());
final var inlineDef = inline.getInlineDefinition();
if (inlineDef == null) {
private static Map.Entry<KeyPair, List<X509Certificate>> extractCertificateEntry(
final InlineOrKeystoreEndEntityCertWithKeyGrouping input) throws UnsupportedConfigurationException {
- final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline.class,
input.getInlineOrKeystore());
final var inlineDef = inline.getInlineDefinition();
}
static List<PublicKey> extractPublicKeys(
- final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore._public.keys.grouping.InlineOrTruststore input)
throws UnsupportedConfigurationException {
- final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline.class, input);
final var inlineDef = inline.getInlineDefinition();
if (inlineDef == null) {
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentHostbased;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentPassword;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentPublickey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.IetfSshClientData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ClientIdentHostbased;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ClientIdentPassword;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ClientIdentPublickey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.IetfSshClientData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientKeepalives;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.IetfSshCommonData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.SshX509Certs;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.TransportParams;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.IetfSshCommonData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.SshX509Certs;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.TransportParams;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.IetfSshServerData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthHostbased;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthPassword;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthPublickey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUsersSupported;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.IetfSshServerData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.LocalUserAuthHostbased;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.LocalUserAuthPassword;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.LocalUserAuthPublickey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.LocalUsersSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerKeepalives;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.TCPClient;
import org.opendaylight.netconf.transport.tcp.TCPServer;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.TCPClient;
import org.opendaylight.netconf.transport.tcp.TCPServer;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.opendaylight.netconf.transport.api.TransportChannelListener;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.BootstrapFactory;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
/**
* A {@link BootstrapFactory} additionally capable of instantiating {@link SSHClient}s and {@link SSHServer}s.
import org.opendaylight.netconf.shaded.sshd.common.keyprovider.KeyIdentityProvider;
import org.opendaylight.netconf.shaded.sshd.netty.NettyIoServiceFactoryFactory;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPassword;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.Keepalives;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.TransportParamsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPassword;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ServerAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.TransportParamsGrouping;
/**
* Our internal-use {@link SshClient}. We reuse all the properties and logic of an {@link SshClient}, but we never allow
import org.opendaylight.netconf.shaded.sshd.server.auth.pubkey.UserAuthPublicKeyFactory;
import org.opendaylight.netconf.shaded.sshd.server.forward.DirectTcpipFactory;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.Keepalives;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentity;
/**
* Our internal-use {@link SshServer}. We reuse all the properties and logic of an {@link SshServer}, but we never allow
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.HmacSha2256;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.HmacSha2512;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.MacAlgBase;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.Encryption;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.HostKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.KeyExchange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.transport.params.grouping.Encryption;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.transport.params.grouping.HostKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.transport.params.grouping.KeyExchange;
final class TransportUtils {
private static final Map<EncryptionAlgBase, NamedFactory<Cipher>> CIPHERS =
}
public static List<NamedFactory<Mac>> getMacFactories(
- final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228
.transport.params.grouping.Mac mac) throws UnsupportedConfigurationException {
if (mac != null) {
final var macAlg = mac.getMacAlg();
revision 2022-06-16 {
description
- "Updated to reflect contents of the encryption algorithms
- registry on June 16, 2022.";
- }
-
- revision 2021-06-01 {
- description
- "Initial version";
+ "Reflects contents of the encryption algorithms registry
+ on June 16, 2022.";
reference
"RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
}
"A reference to a SSH encryption algorithm identifier.";
}
+
// Identities
identity encryption-alg-base {
identity aes128-cbc {
base encryption-alg-base;
+ status deprecated;
description
"AES128-CBC";
reference
"RFC 4253:
The Secure Shell (SSH) Transport Layer Protocol";
}
+
identity des-cbc {
base encryption-alg-base;
status obsolete;
identity aes128-ctr {
base encryption-alg-base;
+ status deprecated;
description
"AES128-CTR";
reference
leaf-list supported-algorithm {
type encryption-algorithm-ref;
description
- "A encryption algorithm supported by the server.";
+ "An encryption algorithm supported by the server.";
}
}
revision 2022-06-16 {
description
- "Updated to reflect contents of the key exchange algorithms
- registry on June 16, 2022.";
- }
-
- revision 2021-06-01 {
- description
- "Initial version";
+ "Reflects contents of the key exchange algorithms registry
+ on June 16, 2022.";
reference
"RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
}
"A reference to a SSH key exchange algorithm identifier.";
}
+
// Identities
identity key-exchange-alg-base {
identity diffie-hellman-group-exchange-sha1 {
base key-exchange-alg-base;
+ status deprecated;
description
"DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA1";
reference
identity diffie-hellman-group1-sha1 {
base key-exchange-alg-base;
+ status deprecated;
description
"DIFFIE-HELLMAN-GROUP1-SHA1";
reference
identity diffie-hellman-group14-sha1 {
base key-exchange-alg-base;
+ status deprecated;
description
"DIFFIE-HELLMAN-GROUP14-SHA1";
reference
identity diffie-hellman-group14-sha256 {
base key-exchange-alg-base;
+ status deprecated;
description
"DIFFIE-HELLMAN-GROUP14-SHA256";
reference
identity ecdh-sha2-nistp256 {
base key-exchange-alg-base;
+ status deprecated;
description
"ECDH-SHA2-NISTP256 (secp256r1)";
reference
Generic Security Service Application Program Interface
(GSS-API) Key Exchange with SHA-2";
}
+
identity gss-group14-sha1-1.3.132.0.36 {
base key-exchange-alg-base;
status deprecated;
Generic Security Service Application Program Interface
(GSS-API) Key Exchange with SHA-2";
}
+
identity gss-curve25519-sha256-curve25519-sha256 {
base key-exchange-alg-base;
description
revision 2022-06-16 {
description
- "Updated to reflect contents of the MAC algorithms
- registry on June 16, 2022.";
- }
-
- revision 2021-06-01 {
- description
- "Initial version";
+ "Reflects contents of the MAC algorithms registry on
+ June 16, 2022.";
reference
"RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
}
"A reference to a SSH mac algorithm identifier.";
}
+
// Identities
identity mac-alg-base {
revision 2022-06-16 {
description
- "Updated to reflect contents of the public key algorithms
- registry on June 16, 2022.";
- }
-
- revision 2021-06-01 {
- description
- "Initial version";
+ "Reflects contents of the public key algorithms registry
+ on June 16, 2022.";
reference
"RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
}
"A reference to a SSH public key algorithm identifier.";
}
+
// Identities
identity public-key-alg-base {
identity ecdsa-sha2-nistp256 {
base public-key-alg-base;
+ status deprecated;
description
"ECDSA-SHA2-NISTP256 (secp256r1)";
reference
identity x509v3-rsa2048-sha256 {
base public-key-alg-base;
+ status deprecated;
description
"X509V3-RSA2048-SHA256";
reference
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
description
"Indicates that the 'publickey' authentication type, per
RFC 4252, is supported for client identification.
-
The 'publickey' authentication type is required by
- RFC 4252, but common implementations enable it to
+ RFC 4252, but common implementations allow it to
be disabled.";
reference
"RFC 4252:
feature client-ident-none {
description
"Indicates that the 'none' authentication type, per
- RFC 4252, is supported for client identification.";
+ RFC 4252, is supported for client identification.
+ It is NOT RECOMMENDED to enable this feature.";
reference
"RFC 4252:
The Secure Shell (SSH) Authentication Protocol";
"RFC CCCC: A YANG Data Model for a Keystore";
uses ks:inline-or-keystore-asymmetric-key-grouping {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:ssh-public-key-format")';
+ must 'not(public-key-format) or derived-from-or-self'
+ + '(public-key-format, "ct:ssh-public-key-format")';
}
- refine "inline-or-keystore/keystore/keystore-reference" {
- must 'derived-from-or-self(deref(.)/../ks:public-key-'
- + 'format, "ct:ssh-public-key-format")';
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference" {
+ must 'not(deref(.)/../ks:public-key-format) or derived-'
+ + 'from-or-self(deref(.)/../ks:public-key-format, '
+ + '"ct:ssh-public-key-format")';
}
}
}
"RFC CCCC: A YANG Data Model for a Keystore";
uses ks:inline-or-keystore-asymmetric-key-grouping {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:ssh-public-key-format")';
+ must 'not(public-key-format) or derived-from-or-self('
+ + 'public-key-format, "ct:ssh-public-key-format")';
}
- refine "inline-or-keystore/keystore/keystore-reference" {
- must 'derived-from-or-self(deref(.)/../ks:public-key-'
- + 'format, "ct:ssh-public-key-format")';
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference" {
+ must 'not(deref(.)/../ks:public-key-format) or derived-'
+ + 'from-or-self(deref(.)/../ks:public-key-format, '
+ + '"ct:ssh-public-key-format")';
}
}
}
uses
ks:inline-or-keystore-end-entity-cert-with-key-grouping {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:subject-public-key-info-format")';
+ must 'not(public-key-format) or derived-from-or-self('
+ + 'public-key-format, "ct:subject-public-key-info-'
+ + 'format")';
}
- refine "inline-or-keystore/keystore/keystore-reference"
- + "/asymmetric-key" {
- must 'derived-from-or-self(deref(.)/../ks:public-key-'
- + 'format, "ct:subject-public-key-info-format")';
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference/asymmetric-key" {
+ must 'not(deref(.)/../ks:public-key-format) or derived-'
+ + 'from-or-self(deref(.)/../ks:public-key-format, '
+ + '"ct:subject-public-key-info-format")';
}
}
}
must 'derived-from-or-self(public-key-format,'
+ ' "ct:ssh-public-key-format")';
}
- refine
- "inline-or-truststore/truststore/truststore-reference" {
+ refine "inline-or-truststore/central-truststore/"
+ + "central-truststore-reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:ssh-'
+ 'public-key-format"))])';
description
"Configures the keep-alive policy, to proactively test
the aliveness of the SSH server. An unresponsive SSH
- server is dropped after approximately max-wait *
+ server is dropped after approximately max-wait *
max-attempts seconds. Per Section 4 of RFC 4254,
the SSH client SHOULD send an SSH_MSG_GLOBAL_REQUEST
message with a purposely nonexistent 'request name'
Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
+
Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Revised
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
description
"The algorithm to be used when generating the key.";
}
- leaf bits {
+ leaf num-bits {
type uint16;
description
"Specifies the number of bits in the key to create.
the default is 3072 bits. Generally, 3072 bits is
considered sufficient. DSA keys must be exactly 1024
bits as specified by FIPS 186-6. For ECDSA keys, the
- 'bits' value determines the key length by selecting
+ 'num-bits' value determines the key length by selecting
from one of three elliptic curve sizes: 256, 384 or
521 bits. Attempting to use bit lengths other than
these three values for ECDSA keys will fail. ECDSA-SK,
Ed25519 and Ed25519-SK keys have a fixed length and
- the 'bits' value, if specified, will be ignored.";
+ thus the 'num-bits' value is not specified.";
reference
"FIPS 186-6: Digital Signature Standard (DSS)";
}
- choice private-key-encoding {
- mandatory true;
+ container private-key-encoding {
description
- "A choice amongst optional private key handling.";
- case cleartext {
- if-feature "ct:encrypted-private-keys";
- leaf cleartext {
- type empty;
- description
- "Indicates that the private key is to be returned
- as a cleartext value.";
+ "Indicates how the private key is to be encoded.";
+ choice private-key-encoding {
+ mandatory true;
+ description
+ "A choice amongst optional private key handling.";
+ case cleartext {
+ if-feature "ct:cleartext-private-keys";
+ leaf cleartext {
+ type empty;
+ description
+ "Indicates that the private key is to be returned
+ as a cleartext value.";
+ }
}
- }
- case encrypt {
- if-feature "ct:encrypted-private-keys";
- container encrypt-with {
- description
- "Indicates that the key is to be encrypted using
- the specified symmetric or asymmetric key.";
- uses ks:encrypted-by-choice-grouping;
+ case encrypted {
+ if-feature "ct:encrypted-private-keys";
+ container encrypted {
+ description
+ "Indicates that the private key is to be encrypted
+ using the specified symmetric or asymmetric key.";
+ uses ks:encrypted-by-grouping;
+ }
}
- }
- case hide {
- if-feature "ct:hidden-private-keys";
- leaf hide {
- type empty;
- description
- "Indicates that the private key is to be hidden.
-
- Unlike the 'cleartext' and 'encrypt' options, the
- key returned is a placeholder for an internally
- stored key. See the 'Support for Built-in Keys'
- section in RFC CCCC for information about hidden
- keys.";
+ case hidden {
+ if-feature "ct:hidden-private-keys";
+ leaf hidden {
+ type empty;
+ description
+ "Indicates that the private key is to be hidden.
+
+ Unlike the 'cleartext' and 'encrypt' options, the
+ key returned is a placeholder for an internally
+ stored key. See the 'Support for Built-in Keys'
+ section in RFC CCCC for information about hidden
+ keys.";
+ }
}
}
}
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
description
"Indicates that the 'publickey' authentication type,
per RFC 4252, is supported for locally-defined users.
-
The 'publickey' authentication type is required by
- RFC 4252, but common implementations enable it to
+ RFC 4252, but common implementations allow it to
be disabled.";
reference
"RFC 4252:
"RFC 4252:
The Secure Shell (SSH) Authentication Protocol";
}
+
feature local-user-auth-none {
if-feature "local-users-supported";
description
"RFC CCCC: A YANG Data Model for a Keystore";
uses ks:inline-or-keystore-asymmetric-key-grouping {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:ssh-public-key-format")';
+ must 'not(public-key-format) or derived-from-or-self'
+ + '(public-key-format, "ct:ssh-public-key-format")';
}
- refine "inline-or-keystore/keystore/"
- + "keystore-reference" {
- must 'derived-from-or-self(deref(.)/../ks:public-'
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference" {
+ must 'not(deref(.)/../ks:public-key-format) or '
+ + 'derived-from-or-self(deref(.)/../ks:public-'
+ 'key-format, "ct:ssh-public-key-format")';
}
}
reference
"RFC CCCC: A YANG Data Model for a Keystore";
uses
- ks:inline-or-keystore-end-entity-cert-with-key-grouping{
+ ks:inline-or-keystore-end-entity-cert-with-key-grouping{
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:subject-public-key-info-format")';
+ must 'not(public-key-format) or derived-from-or-self'
+ + '(public-key-format, "ct:subject-public-key-'
+ + 'info-format")';
}
- refine "inline-or-keystore/keystore/keystore-reference"
- + "/asymmetric-key" {
- must
- 'derived-from-or-self(deref(.)/../ks:public-key-'
- + 'format, "ct:subject-public-key-info-format")';
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference/asymmetric-key" {
+ must 'not(deref(.)/../ks:public-key-format) or '
+ + 'derived-from-or-self(deref(.)/../ks:public-key'
+ + '-format, "ct:subject-public-key-info-format")';
}
}
}
5.1 and 5.2 in RFC 4252.
The authentication methods are unordered. Clients
- must authenticate to all configured methods.
+ must authenticate to all configured methods.
Whenever a choice amongst methods arises,
implementations SHOULD use a default ordering
that prioritizes automation over human-interaction.";
must 'derived-from-or-self(public-key-format,'
+ ' "ct:ssh-public-key-format")';
}
- refine "inline-or-truststore/truststore/truststore-"
- + "reference" {
+ refine "inline-or-truststore/central-truststore/"
+ + "central-truststore-reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:ssh-'
+ 'public-key-format"))])';
must 'derived-from-or-self(public-key-format,'
+ ' "ct:ssh-public-key-format")';
}
- refine "inline-or-truststore/truststore/truststore-"
- + "reference" {
+ refine "inline-or-truststore/central-truststore/"
+ + "central-truststore-reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:ssh-'
+ 'public-key-format"))])';
Protocol.";
}
}
- }
+ } // users
container ca-certs {
if-feature "sshcmn:ssh-x509-certs";
presence
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ServerAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
@ExtendWith(MockitoExtension.class)
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.crypt.hash.rev140806.CryptHash;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EndEntityCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.TrustAnchorCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.CaCertsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.SshHostKeysBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.UsersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.User;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.UserBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.user.PublicKeysBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EndEntityCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.PrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.TrustAnchorCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228._private.key.grouping._private.key.type.CleartextPrivateKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ServerAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ServerAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.server.authentication.CaCertsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.server.authentication.SshHostKeysBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.UsersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.users.User;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.users.UserBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.users.user.PublicKeysBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder;
import org.opendaylight.yangtools.yang.binding.util.BindingMap;
public final class TestUtils {
return new ServerIdentityBuilder().setHostKey(List.of(buildServerHostKeyWithCertificate(keyData))).build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.HostKey buildServerHostKeyWithKeyPair(final KeyData keyData) {
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.HostKeyBuilder()
.setName(HOST_KEY_NAME)
- .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.host.key.host.key.type.PublicKeyBuilder()
- .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.host.key.host.key.type._public.key.PublicKeyBuilder()
.setInlineOrKeystore(buildAsymmetricKeyLocal(keyData))
.build())
.build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.HostKey buildServerHostKeyWithCertificate(final KeyData keyData) {
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.HostKeyBuilder()
.setName(HOST_KEY_NAME)
- .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.host.key.host.key.type.CertificateBuilder()
- .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.server.identity.host.key.host.key.type.certificate.CertificateBuilder()
.setInlineOrKeystore(buildEndEntityCertWithKeyLocal(keyData))
.build())
.build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline buildTruststorePublicKeyLocal(
final KeyData keyData) {
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore._public.keys.grouping.inline.or.truststore.InlineBuilder()
- .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
.setPublicKey(BindingMap.of(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
- .rev230417.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline.definition
+ .rev231228.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline.definition
.PublicKeyBuilder()
.setName(PUBLIC_KEY_NAME)
.setPublicKeyFormat(SshPublicKeyFormat.VALUE)
.build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore.certs.grouping.inline.or.truststore.Inline buildTruststoreCertificatesLocal(
final byte[] certificateBytes) {
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore.certs.grouping.inline.or.truststore.InlineBuilder()
- .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore.certs.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
.setCertificate(BindingMap.of(new CertificateBuilder()
.setName(CERTIFICATE_NAME)
.build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore buildAsymmetricKeyLocal(final KeyData data) {
return buildAsymmetricKeyLocal(data.algorithm(), data.publicKeyBytes(), data.privateKeyBytes());
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore buildAsymmetricKeyLocal(final String algorithm,
final byte[] publicKeyBytes, final byte[] privateKeyBytes) {
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder()
- .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline.InlineDefinitionBuilder()
.setPublicKeyFormat(SubjectPublicKeyInfoFormat.VALUE)
.setPublicKey(publicKeyBytes)
.build();
}
- public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.end.entity.cert.with.key.grouping.InlineOrKeystore buildEndEntityCertWithKeyLocal(
final KeyData keyData) {
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.InlineBuilder()
- .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline
.InlineDefinitionBuilder()
.setPublicKeyFormat(SubjectPublicKeyInfoFormat.VALUE)
private static User buildServerUserHostBased(final String userName, final byte[] publicKeyBytes) {
return new UserBuilder()
.setName(userName)
- .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228
.ssh.server.grouping.client.authentication.users.user.HostbasedBuilder()
.setInlineOrTruststore(buildPublicKeyLocal(publicKeyBytes))
.build())
.build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline buildPublicKeyLocal(
final byte[] publicKeyBytes) {
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore._public.keys.grouping.inline.or.truststore.InlineBuilder()
- .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
.setPublicKey(BindingMap.of(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf
- .truststore.rev230417.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline
+ .truststore.rev231228.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline
.definition.PublicKeyBuilder()
.setPublicKeyFormat(SshPublicKeyFormat.VALUE)
.setName(PUBLIC_KEY_NAME)
public static ClientIdentity buildClientIdentityWithPassword(final String username, final String password) {
return new ClientIdentityBuilder()
.setUsername(username)
- .setPassword(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417
+ .setPassword(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228
.ssh.client.grouping.client.identity.PasswordBuilder()
.setPasswordType(new CleartextPasswordBuilder().setCleartextPassword(password).build()).build())
.build();
public static ClientIdentity buildClientIdentityHostBased(final String username, final KeyData data) {
return new ClientIdentityBuilder()
.setUsername(username)
- .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417
+ .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228
.ssh.client.grouping.client.identity.HostbasedBuilder()
.setInlineOrKeystore(buildAsymmetricKeyLocal(data))
.build())
public static ClientIdentity buildClientIdentityWithPublicKey(final String username, final KeyData data) {
return new ClientIdentityBuilder()
.setUsername(username)
- .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417
+ .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228
.ssh.client.grouping.client.identity.PublicKeyBuilder()
.setInlineOrKeystore(buildAsymmetricKeyLocal(data))
.build())
import io.netty.channel.socket.SocketChannel;
import java.util.concurrent.ThreadFactory;
import org.eclipse.jdt.annotation.NonNullByDefault;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.tcp.common.grouping.Keepalives;
/**
* Wrapper around a particular Netty transport implementation.
import io.netty.channel.epoll.EpollSocketChannel;
import java.util.concurrent.ThreadFactory;
import org.eclipse.jdt.annotation.NonNullByDefault;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.tcp.common.grouping.Keepalives;
@NonNullByDefault
final class EpollNettyImpl extends AbstractNettyImpl {
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.IetfTcpClientData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.LocalBindingSupported;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.IetfTcpClientData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.LocalBindingSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientKeepalives;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.IetfTcpCommonData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.KeepalivesSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.IetfTcpCommonData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.KeepalivesSupported;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.IetfTcpServerData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.IetfTcpServerData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerKeepalives;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.eclipse.jdt.annotation.Nullable;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.tcp.common.grouping.Keepalives;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.concurrent.ThreadFactory;
import jdk.net.ExtendedSocketOptions;
import org.eclipse.jdt.annotation.NonNullByDefault;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.tcp.common.grouping.Keepalives;
import org.slf4j.LoggerFactory;
@NonNullByDefault
import org.eclipse.jdt.annotation.NonNull;
import org.opendaylight.netconf.transport.api.TransportChannelListener;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
import org.opendaylight.yangtools.yang.common.Empty;
/**
import org.eclipse.jdt.annotation.NonNull;
import org.opendaylight.netconf.transport.api.TransportChannelListener;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Empty;
/**
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
}
uses tcpcmn:tcp-common-grouping {
- augment "keepalives" {
+ refine "keepalives" {
if-feature "tcp-client-keepalives";
description
"Add an if-feature statement so that implementations
<mailto:michael.scharf@hs-esslingen.de>";
description
- "This module defines reusable groupings for TCP commons that
- can be used as a basis for specific TCP common instances.
+ "This module define a reusable 'grouping' that is common
+ to both TCP-clients and TCP-servers. This grouping statement
+ is used by both the 'ietf-tcp-client' and 'ietf-tcp-server'
+ modules.
Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
}
// Groupings
+
grouping tcp-common-grouping {
description
"A reusable grouping for configuring TCP parameters common
whole.";
container keepalives {
if-feature "keepalives-supported";
- presence
- "Indicates that keepalives are enabled. This statement is
- present so the mandatory descendant nodes do not imply that
- this node must be configured.";
description
"Configures the keep-alive policy, to proactively test the
aliveness of the TCP peer. An unresponsive TCP peer is
- dropped after approximately (idle-time + max-probes
- * probe-interval) seconds.";
+ dropped after approximately (idle-time + max-probes *
+ probe-interval) seconds. Further guidance can be found
+ in Section 2.1.5 of RFC DDDD.";
reference
"RFC 9293:
Transmission Control Protocol (TCP), Section 3.8.4..";
range "1..max";
}
units "seconds";
- mandatory true;
+ default 7200;
description
"Sets the amount of time after which if no data has been
received from the TCP peer, a TCP-level probe message
type uint16 {
range "1..max";
}
- mandatory true;
+ default 9;
description
"Sets the maximum number of sequential keep-alive probes
that can fail to obtain a response from the TCP peer
range "1..max";
}
units "seconds";
- mandatory true;
+ default 75;
description
"Sets the time interval between failed probes. The interval
SHOULD be significantly longer than one second in order to
Authors: Kent Watsen <mailto:kent+ietf@watsen.net>
Michael Scharf
<mailto:michael.scharf@hs-esslingen.de>";
+
description
"This module defines reusable groupings for TCP servers that
can be used as a basis for specific TCP server instances.
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
an application specific default port number value.";
}
uses tcpcmn:tcp-common-grouping {
- augment "keepalives" {
+ refine "keepalives" {
if-feature "tcp-server-keepalives";
description
"Add an if-feature statement so that implementations
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
@ExtendWith(MockitoExtension.class)
import org.eclipse.jdt.annotation.NonNull;
import org.eclipse.jdt.annotation.Nullable;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.AsymmetricKeyPairGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.AsymmetricKeyPairGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228._private.key.grouping._private.key.type.CleartextPrivateKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreAsymmetricKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.InlineOrTruststoreCertsGrouping;
final class ConfigUtils {
return Map.of();
}
final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
- .rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class,
+ .rev231228.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class,
certs.getInlineOrTruststore());
final var inlineDef = inline.getInlineDefinition();
if (inlineDef == null) {
final @NonNull InlineOrKeystoreAsymmetricKeyGrouping input)
throws UnsupportedConfigurationException {
- final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline.class,
input.getInlineOrKeystore());
final var inlineDef = inline.getInlineDefinition();
static void setEndEntityCertificateWithKey(final @NonNull KeyStore keyStore,
final @NonNull InlineOrKeystoreEndEntityCertWithKeyGrouping input)
throws UnsupportedConfigurationException {
- final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline.class,
input.getInlineOrKeystore());
final var inlineDef = inline.getInlineDefinition();
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.ClientIdentX509Cert;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.IetfTlsClientData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.ServerAuthX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.ClientIdentX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.IetfTlsClientData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.ServerAuthX509Cert;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.eclipse.jdt.annotation.Nullable;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParams;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.IetfTlsCommonData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls12$F;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls12$I;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls13$F;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls13$I;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.TlsVersionBase;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.HelloParams;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.IetfTlsCommonData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.Tls12$F;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.Tls12$I;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.Tls13$F;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.Tls13$I;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.TlsVersionBase;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ClientAuthSupported;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ClientAuthX509Cert;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.IetfTlsServerData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ServerIdentX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.ClientAuthSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.ClientAuthX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.IetfTlsServerData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.ServerIdentX509Cert;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParamsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.HelloParamsGrouping;
/**
* A pre-configured factory for creating {@link SslHandler}s.
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.TCPClient;
import org.opendaylight.netconf.transport.tcp.TCPServer;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.Certificate;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.RawPublicKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.client.identity.auth.type.Certificate;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.client.identity.auth.type.RawPublicKey;
/**
* A {@link TransportStack} acting as a TLS client.
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.TCPClient;
import org.opendaylight.netconf.transport.tcp.TCPServer;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.TlsServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.Certificate;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.RawPrivateKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.TlsServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.tls.server.grouping.server.identity.auth.type.Certificate;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.tls.server.grouping.server.identity.auth.type.RawPrivateKey;
/**
* A {@link TransportStack} acting as a TLS server.
import io.netty.handler.ssl.SslContextBuilder;
import java.security.KeyStore;
import java.util.List;
-import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithAes128GcmSha256;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithAes256GcmSha384;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithChacha20Poly1305Sha256;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParamsGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.TlsVersionBase;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststorePublicKeysGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreAsymmetricKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.HelloParamsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.TlsVersionBase;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.InlineOrTruststoreCertsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.InlineOrTruststorePublicKeysGrouping;
/**
* Base class for TLS TransportStacks.
}
}
- private static String[] createTlsStrings(final Set<TlsVersionBase> versions)
+ private static String[] createTlsStrings(final List<TlsVersionBase> versions)
throws UnsupportedConfigurationException {
// FIXME: cache these
final var ret = new String[versions.size()];
revision 2022-06-16 {
description
- "Updated to reflect contents of the public key algorithms
- registry on June 16, 2022.";
- }
-
- revision 2021-06-02 {
- description
- "Initial version";
+ "Reflect contents of the public key algorithms registry
+ on June 16, 2022.";
reference
- "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
+ "RFC FFFF: YANG Groupings for TLS Clients and TLS Servers";
}
// Typedefs
description
"A reference to a TLS cipher suite algorithm identifier.";
}
+
+
// Identities
identity cipher-suite-alg-base {
RFC 6347:
Datagram Transport Layer Security version 1.2";
}
+
identity tls-rsa-with-rc4-128-md5 {
base cipher-suite-alg-base;
status deprecated;
"RFC 5246:
The Transport Layer Security (TLS) Protocol Version 1.2";
}
+
identity tls-dh-dss-with-aes-128-cbc-sha {
base cipher-suite-alg-base;
status deprecated;
ShangMi (SM) Cipher Suites for Transport Layer Security
(TLS) Protocol Version 1.3";
}
+
identity tls-sm4-ccm-sm3 {
base cipher-suite-alg-base;
status deprecated;
"RFC 8446:
The Transport Layer Security (TLS) Protocol Version 1.3";
}
+
identity tls-aes-128-ccm-sha256 {
base cipher-suite-alg-base;
description
"RFC 5054:
Using SRP for TLS Authentication";
}
+
identity tls-srp-sha-rsa-with-aes-256-cbc-sha {
base cipher-suite-alg-base;
status deprecated;
TLS Elliptic Curve Cipher Suites with SHA-256/384
and AES Galois Counter Mode";
}
+
identity tls-ecdh-rsa-with-aes-256-cbc-sha384 {
base cipher-suite-alg-base;
status deprecated;
Addition of the ARIA Cipher Suites to
Transport Layer Security (TLS)";
}
+
identity tls-ecdh-rsa-with-aria-128-cbc-sha256 {
base cipher-suite-alg-base;
status deprecated;
Addition of the ARIA Cipher Suites to
Transport Layer Security (TLS)";
}
+
identity tls-ecdhe-psk-with-aria-256-cbc-sha384 {
base cipher-suite-alg-base;
status deprecated;
Addition of the Camellia Cipher Suites to
Transport Layer Security (TLS)";
}
+
identity tls-psk-with-camellia-128-cbc-sha256 {
base cipher-suite-alg-base;
status deprecated;
"RFC 8442:
ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites";
}
+
identity tls-ecdhe-psk-with-aes-128-ccm-sha256 {
base cipher-suite-alg-base;
description
ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites";
}
+
// Protocol-accessible Nodes
container supported-algorithms {
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
}
feature client-ident-tls12-psk {
+ if-feature "tlscmn:tls12";
description
"Indicates that the client supports identifying itself
using TLS-1.2 PSKs (pre-shared or pairwise-symmetric keys).";
}
feature client-ident-tls13-epsk {
+ if-feature "tlscmn:tls13";
description
"Indicates that the client supports identifying itself
using TLS-1.3 External PSKs (pre-shared keys).";
Using Raw Public Keys in Transport Layer Security (TLS)
and Datagram Transport Layer Security (DTLS)";
}
+
feature server-auth-tls12-psk {
description
"Indicates that the client supports authenticating servers
"Identity credentials the TLS client MAY present when
establishing a connection to a TLS server. If not
configured, then client authentication is presumed to
- occur a protocol layer above TLS. When configured,
+ occur in a protocol layer above TLS. When configured,
and requested by the TLS server when establishing a
TLS session, these credentials are passed in the
Certificate message defined in Section 7.4.2 of
"ks:inline-or-keystore-end-entity-cert-with-key-"
+ "grouping" {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:subject-public-key-info-format")';
+ must 'not(public-key-format) or derived-from-or-self'
+ + '(public-key-format, "ct:subject-public-key-'
+ + 'info-format")';
}
- refine "inline-or-keystore/keystore/keystore-reference"
- + "/asymmetric-key" {
- must 'derived-from-or-self(deref(.)/../ks:public-'
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference/asymmetric-key" {
+ must 'not(deref(.)/../ks:public-key-format) or '
+ + 'derived-from-or-self(deref(.)/../ks:public-'
+ 'key-format, "ct:subject-public-key-info-'
+ 'format")';
}
private key.";
uses ks:inline-or-keystore-asymmetric-key-grouping {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:subject-public-key-info-format")';
+ must 'not(public-key-format) or derived-from-or-self'
+ + '(public-key-format, "ct:subject-public-key-'
+ + 'info-format")';
}
- refine
- "inline-or-keystore/keystore/keystore-reference" {
- must 'derived-from-or-self(deref(.)/../ks:public-'
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference" {
+ must 'not(deref(.)/../ks:public-key-format) or '
+ + 'derived-from-or-self(deref(.)/../ks:public-'
+ 'key-format, "ct:subject-public-key-info-'
+ 'format")';
}
and the KDF hash algorithm to be used with the PSK
MUST also be provisioned.
- The structure of this container is designed
- to satisfy the requirements of RFC 8446
- Section 4.2.11, the recommendations from I-D
- ietf-tls-external-psk-guidance Section 6,
- and the EPSK input fields detailed in I-D
- draft-ietf-tls-external-psk-importer
- Section 3.1. The base-key is based upon
- ks:inline-or-keystore-symmetric-key-grouping
+ The structure of this container is designed to
+ satisfy the requirements of RFC 8446 Section
+ 4.2.11, the recommendations from Section 6 in
+ RFC 9257, and the EPSK input fields detailed in
+ Section 5.1 in RFC 9258. The base-key is based
+ upon ks:inline-or-keystore-symmetric-key-grouping
in order to provide users with flexible and
secure storage options.";
reference
"RFC 8446: The Transport Layer Security (TLS)
Protocol Version 1.3
- I-D.ietf-tls-external-psk-importer:
- Importing External PSKs for TLS
- I-D.ietf-tls-external-psk-guidance:
- Guidance for External PSK Usage in TLS";
+ RFC 9257: Guidance for External Pre-Shared Key
+ (PSK) Usage in TLS
+ RFC 9258: Importing External Pre-Shared Keys
+ (PSKs) for TLS 1.3";
uses ks:inline-or-keystore-symmetric-key-grouping;
leaf external-identity {
type string;
mandatory true;
description
"As per Section 4.2.11 of RFC 8446, and Section 4.1
- of I-D. ietf-tls-external-psk-guidance:
- A sequence of bytes used to identify an EPSK. A
- label for a pre-shared key established externally.";
+ of RFC 9257, a sequence of bytes used to identify
+ an EPSK. A label for a pre-shared key established
+ externally.";
reference
"RFC 8446: The Transport Layer Security (TLS)
Protocol Version 1.3
- I-D.ietf-tls-external-psk-guidance:
- Guidance for External PSK Usage in TLS";
+ RFC 9257: Guidance for External Pre-Shared Key
+ (PSK) Usage in TLS";
}
leaf hash {
type tlscmn:epsk-supported-hash;
- mandatory true;
+ default sha-256;
description
"As per Section 4.2.11 of RFC 8446, for externally
established PSKs, the Hash algorithm MUST be set
leaf context {
type string;
description
- "As per Section 4.1 of I-D.
- ietf-tls-external-psk-guidance: Context may include
- information about peer roles or identities to
- mitigate Selfie-style reflection attacks [Selfie].
- If the EPSK is a key derived from some other
- protocol or sequence of protocols, context
- MUST include a channel binding for the deriving
- protocols [RFC5056]. The details of this binding
- are protocol specific.";
+ "Per Section 5.1 of RFC 9258, context MUST include
+ the context used to determine the EPSK, if
+ any exists. For example, context may include
+ information about peer roles or identities
+ to mitigate Selfie-style reflection attacks.
+ Since the EPSK is a key derived from an external
+ protocol or sequence of protocols, context MUST
+ include a channel binding for the deriving
+ protocols [RFC5056]. The details of this
+ binding are protocol specfic and out of scope
+ for this document.";
reference
- "I-D.ietf-tls-external-psk-importer:
- Importing External PSKs for TLS
- I-D.ietf-tls-external-psk-guidance:
- Guidance for External PSK Usage in TLS";
+ "RFC 9258: Importing External Pre-Shared Keys
+ (PSKs) for TLS 1.3";
}
leaf target-protocol {
type uint16;
description
- "As per Section 3.1 of I-D.
- ietf-tls-external-psk-guidance:
- The protocol for which a PSK is imported for use.";
+ "As per Section 3 of RFC 9258, the protocol
+ for which a PSK is imported for use.";
reference
- "I-D.ietf-tls-external-psk-importer:
- Importing External PSKs for TLS";
+ "RFC 9258: Importing External Pre-Shared Keys
+ (PSKs) for TLS 1.3";
}
leaf target-kdf {
type uint16;
description
- "As per Section 3.1 of I-D.
- ietf-tls-external-psk-guidance:
- The specific Key Derivation Function (KDF) for which
- a PSK is imported for use.";
+ "As per Section 3 of RFC 9258, the KDF for
+ which a PSK is imported for use.";
reference
- "I-D.ietf-tls-external-psk-importer:
- Importing External PSKs for TLS";
+ "RFC 9258: Importing External Pre-Shared Keys
+ (PSKs) for TLS 1.3";
}
}
}
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "inline-or-truststore/truststore/truststore-"
- + "reference" {
+ refine "inline-or-truststore/central-truststore/"
+ + "central-truststore-reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:subject-'
+ 'public-key-info-format"))])';
type empty;
description
"Indicates that the TLS client can authenticate TLS servers
- using configure PSKs (pre-shared or pairwise-symmetric
+ using configured PSKs (pre-shared or pairwise-symmetric
keys).
No configuration is required since the PSK value is the
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
feature tls12 {
status "deprecated";
description
- "TLS Protocol Version 1.2 is supported TLS 1.2 is obsolete
+ "TLS Protocol Version 1.2 is supported. TLS 1.2 is obsolete
and thus it is NOT RECOMMENDED to enable this feature.";
reference
"RFC 5246: The Transport Layer Security (TLS) Protocol
Protocol Version 1.3";
}
+ // Typedefs
+
typedef epsk-supported-hash {
type enumeration {
enum sha-256 {
Key (EPSK).";
reference
"RFC 8446: The Transport Layer Security (TLS)
- Protocol Version 1.3
- I-D.ietf-tls-external-psk-importer: Importing
- External PSKs for TLS
- I-D.ietf-tls-external-psk-guidance: Guidance
- for External PSK Usage in TLS";
+ Protocol Version 1.3";
}
+
// Groupings
grouping hello-params-grouping {
type identityref {
base tls-version-base;
}
+ ordered-by user;
description
"Acceptable TLS protocol versions.
cipher suite 'tls-rsa-with-aes-256-cbc-sha256' maps
to the RSA public key.";
}
- leaf bits {
+ leaf num-bits {
type uint16;
description
"Specifies the number of bits in the key to create.
the default is 3072 bits. Generally, 3072 bits is
considered sufficient. DSA keys must be exactly 1024
bits as specified by FIPS 186-2. For elliptical
- keys, the 'bits' value determines the key length
+ keys, the 'num-bits' value determines the key length
of the curve (e.g., 256, 384 or 521), where valid
values supported by the server are conveyed via an
unspecified mechanism. For some public algorithms,
- the keys have a fixed length and the 'bits' value,
- if specified, will be ignored.";
+ the keys have a fixed length and thus the 'num-bits'
+ value is not specified.";
}
- choice private-key-encoding {
- default cleartext;
+ container private-key-encoding {
description
- "A choice amongst optional private key handling.";
- case cleartext {
- if-feature "ct:cleartext-private-keys";
- leaf cleartext {
- type empty;
- description
- "Indicates that the private key is to be returned
- as a cleartext value.";
+ "Indicates how the private key is to be encoded.";
+ choice private-key-encoding {
+ mandatory true;
+ description
+ "A choice amongst optional private key handling.";
+ case cleartext {
+ if-feature "ct:cleartext-private-keys";
+ leaf cleartext {
+ type empty;
+ description
+ "Indicates that the private key is to be returned
+ as a cleartext value.";
+ }
}
- }
- case encrypt {
- if-feature "ct:encrypted-private-keys";
- container encrypt-with {
- description
- "Indicates that the key is to be encrypted using
- the specified symmetric or asymmetric key.";
- uses ks:encrypted-by-choice-grouping;
+ case encrypted {
+ if-feature "ct:encrypted-private-keys";
+ container encrypted {
+ description
+ "Indicates that the key is to be encrypted using
+ the specified symmetric or asymmetric key.";
+ uses ks:encrypted-by-grouping;
+ }
}
- }
- case hide {
- if-feature "ct:hidden-private-keys";
- leaf hide {
- type empty;
- description
- "Indicates that the private key is to be hidden.
-
- Unlike the 'cleartext' and 'encrypt' options, the
- key returned is a placeholder for an internally
- stored key. See the 'Support for Built-in Keys'
- section in RFC CCCC for information about hidden
- keys.";
+ case hidden {
+ if-feature "ct:hidden-private-keys";
+ leaf hidden {
+ type empty;
+ description
+ "Indicates that the private key is to be hidden.
+
+ Unlike the 'cleartext' and 'encrypt' options, the
+ key returned is a placeholder for an internally
+ stored key. See the 'Support for Built-in Keys'
+ section in RFC CCCC for information about hidden
+ keys.";
+ }
}
}
}
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
}
feature server-ident-tls12-psk {
+ if-feature "tlscmn:tls12";
description
"Indicates that the server supports identifying itself
using TLS-1.2 PSKs (pre-shared or pairwise-symmetric keys).";
}
feature server-ident-tls13-epsk {
+ if-feature "tlscmn:tls13";
description
"Indicates that the server supports identifying itself
using TLS-1.3 External PSKs (pre-shared keys).";
"ks:inline-or-keystore-end-entity-cert-with-key-"
+ "grouping" {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:subject-public-key-info-format")';
+ must 'not(public-key-format) or derived-from-or-self'
+ + '(public-key-format,' + ' "ct:subject-public-'
+ + 'key-info-format")';
}
- refine "inline-or-keystore/keystore/keystore-reference"
- + "/asymmetric-key" {
- must 'derived-from-or-self(deref(.)/../ks:public-'
- + 'key-format, "ct:subject-public-key-info-'
- + 'format")';
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference/asymmetric-key" {
+ must 'not(deref(.)/../ks:public-key-format) or '
+ + 'derived-from-or-self(deref(.)/../ks:public-key'
+ + '-format, "ct:subject-public-key-info-format")';
}
}
}
private key.";
uses ks:inline-or-keystore-asymmetric-key-grouping {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:subject-public-key-info-format")';
+ must 'not(public-key-format) or derived-from-or-self'
+ + '(public-key-format,' + ' "ct:subject-public-'
+ + 'key-info-format")';
}
- refine
- "inline-or-keystore/keystore/keystore-reference" {
- must 'derived-from-or-self(deref(.)/../ks:public-'
- + 'key-format, "ct:subject-public-key-info-'
- + 'format")';
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference" {
+ must 'not(deref(.)/../ks:public-key-format) or '
+ + 'derived-from-or-self(deref(.)/../ks:public-key'
+ + '-format, "ct:subject-public-key-info-format")';
}
}
}
"Specifies the server identity using a PSK (pre-shared
or pairwise-symmetric key).";
uses ks:inline-or-keystore-symmetric-key-grouping;
- leaf id_hint {
+ leaf id-hint {
type string;
description
"The key 'psk_identity_hint' value used in the TLS
identity and the KDF hash algorithm to be used
with the PSK MUST also be provisioned.
- The structure of this container is designed
- to satisfy the requirements of RFC 8446
- Section 4.2.11, the recommendations from
- I-D ietf-tls-external-psk-guidance Section 6,
- and the EPSK input fields detailed in
- I-D draft-ietf-tls-external-psk-importer
- Section 3.1. The base-key is based upon
- ks:inline-or-keystore-symmetric-key-grouping
+ The structure of this container is designed to
+ satisfy the requirements of RFC 8446 Section
+ 4.2.11, the recommendations from Section 6 in
+ RFC 9257, and the EPSK input fields detailed in
+ Section 5.1 in RFC 9258. The base-key is based
+ upon ks:inline-or-keystore-symmetric-key-grouping
in order to provide users with flexible and
secure storage options.";
reference
"RFC 8446: The Transport Layer Security (TLS)
Protocol Version 1.3
- I-D.ietf-tls-external-psk-importer: Importing
- External PSKs for TLS
- I-D.ietf-tls-external-psk-guidance: Guidance
- for External PSK Usage in TLS";
+ RFC 9257: Guidance for External Pre-Shared Key
+ (PSK) Usage in TLS
+ RFC 9258: Importing External Pre-Shared Keys
+ (PSKs) for TLS 1.3";
uses ks:inline-or-keystore-symmetric-key-grouping;
leaf external-identity {
type string;
mandatory true;
description
"As per Section 4.2.11 of RFC 8446, and Section 4.1
- of I-D. ietf-tls-external-psk-guidance: A sequence
- of bytes used to identify an EPSK. A label for a
- pre-shared key established externally.";
+ of RFC 9257, a sequence of bytes used to identify
+ an EPSK. A label for a pre-shared key established
+ externally.";
reference
"RFC 8446: The Transport Layer Security (TLS)
Protocol Version 1.3
- I-D.ietf-tls-external-psk-guidance:
- Guidance for External PSK Usage in TLS";
+ RFC 9257: Guidance for External Pre-Shared Key
+ (PSK) Usage in TLS";
}
leaf hash {
type tlscmn:epsk-supported-hash;
- mandatory true;
+ default sha-256;
description
"As per Section 4.2.11 of RFC 8446, for externally
established PSKs, the Hash algorithm MUST be set
leaf context {
type string;
description
- "As per Section 4.1 of I-D.
- ietf-tls-external-psk-guidance: Context
- may include information about peer roles or
- identities to mitigate Selfie-style reflection
- attacks [Selfie]. If the EPSK is a key derived
- from some other protocol or sequence of protocols,
- context MUST include a channel binding for the
- deriving protocols [RFC5056]. The details of
- this binding are protocol specific.";
+ "Per Section 5.1 of RFC 9258, context MUST include
+ the context used to determine the EPSK, if
+ any exists. For example, context may include
+ information about peer roles or identities
+ to mitigate Selfie-style reflection attacks.
+ Since the EPSK is a key derived from an external
+ protocol or sequence of protocols, context MUST
+ include a channel binding for the deriving
+ protocols [RFC5056]. The details of this
+ binding are protocol specfic and out of scope
+ for this document.";
reference
- "I-D.ietf-tls-external-psk-importer:
- Importing External PSKs for TLS
- I-D.ietf-tls-external-psk-guidance:
- Guidance for External PSK Usage in TLS";
+ "RFC 9258: Importing External Pre-Shared Keys
+ (PSKs) for TLS 1.3";
}
leaf target-protocol {
type uint16;
description
- "As per Section 3.1 of I-D.
- ietf-tls-external-psk-guidance: The protocol
+ "As per Section 3.1 of RFC 9258, the protocol
for which a PSK is imported for use.";
reference
- "I-D.ietf-tls-external-psk-importer:
- Importing External PSKs for TLS";
+ "RFC 9258: Importing External Pre-Shared Keys
+ (PSKs) for TLS 1.3";
}
leaf target-kdf {
type uint16;
description
- "As per Section 3.1 of I-D.
- ietf-tls-external-psk-guidance: The specific Key
- Derivation Function (KDF) for which a PSK is
- imported for use.";
+ "As per Section 3 of RFC 9258, the KDF for
+ which a PSK is imported for use.";
reference
- "I-D.ietf-tls-external-psk-importer:
- Importing External PSKs for TLS";
+ "RFC 9258: Importing External Pre-Shared Keys
+ (PSKs) for TLS 1.3";
}
}
}
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "inline-or-truststore/truststore/truststore-"
- + "reference" {
+ refine "inline-or-truststore/central-truststore/"
+ + "central-truststore-reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:subject-'
+ 'public-key-info-format"))])';
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.server.authentication.CaCertsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.server.authentication.EeCertsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.PrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.PublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.server.authentication.CaCertsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.server.authentication.EeCertsBuilder;
class ConfigUtilsTest {
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EndEntityCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.TrustAnchorCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.raw._private.key.RawPrivateKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.InlineOrTruststore;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EndEntityCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.PrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.PublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.TrustAnchorCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228._private.key.grouping._private.key.type.CleartextPrivateKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreAsymmetricKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.tls.server.grouping.server.identity.auth.type.raw._private.key.RawPrivateKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.inline.or.truststore.certs.grouping.InlineOrTruststore;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder;
import org.opendaylight.yangtools.yang.binding.util.BindingMap;
public final class TestUtils {
}
public static InlineOrTruststore buildInlineOrTruststore(final Map<String, byte[]> certNameToBytesMap) {
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore.certs.grouping.inline.or.truststore.InlineBuilder()
- .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228
.inline.or.truststore.certs.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
.setCertificate(certNameToBytesMap.entrySet().stream()
.map(entry -> new CertificateBuilder()
final PublicKeyFormat publicKeyFormat, final byte[] publicKeyBytes,
final PrivateKeyFormat privateKeyFormat, final byte[] privateKeyBytes) {
return new RawPrivateKeyBuilder()
- .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder()
.setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore
- .rev230417.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline
+ .rev231228.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline
.InlineDefinitionBuilder()
.setPublicKeyFormat(publicKeyFormat)
.setPublicKey(publicKeyBytes)
public static InlineOrKeystoreEndEntityCertWithKeyGrouping buildEndEntityCertWithKeyGrouping(
final PublicKeyFormat publicKeyFormat, final byte[] publicKeyBytes,
final PrivateKeyFormat privateKeyFormat, final byte[] privateKeyBytes, final byte[] certificateBytes) {
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228
.tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder()
- .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228
.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.InlineBuilder()
.setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore
- .rev230417.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline
+ .rev231228.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline
.InlineDefinitionBuilder()
.setPublicKeyFormat(publicKeyFormat)
.setPublicKey(publicKeyBytes)
import org.opendaylight.netconf.transport.api.TransportChannelListener;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.NettyTransportSupport;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.ServerAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.TlsServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.ClientAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.ServerIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.ServerAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.TlsServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.tls.server.grouping.ClientAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.tls.server.grouping.ServerIdentityBuilder;
import org.opendaylight.yangtools.yang.common.Uint16;
@ExtendWith(MockitoExtension.class)
// client config
final var clientIdentity = new ClientIdentityBuilder()
- .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417
+ .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228
.tls.client.grouping.client.identity.auth.type.CertificateBuilder()
- .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417
+ .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228
.tls.client.grouping.client.identity.auth.type.certificate.CertificateBuilder()
.setInlineOrKeystore(inlineOrKeystore)
.build())
.build())
.build();
final var serverAuth = new ServerAuthenticationBuilder()
- .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417
+ .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228
.tls.client.grouping.server.authentication.CaCertsBuilder()
.setInlineOrTruststore(inlineOrTrustStore)
.build())
// server config
final var serverIdentity = new ServerIdentityBuilder()
- .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+ .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228
.tls.server.grouping.server.identity.auth.type.CertificateBuilder()
- .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+ .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228
.tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder()
.setInlineOrKeystore(inlineOrKeystore)
.build())
.build())
.build();
final var clientAuth = new ClientAuthenticationBuilder()
- .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+ .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228
.tls.server.grouping.client.authentication.CaCertsBuilder()
.setInlineOrTruststore(inlineOrTrustStore)
.build())
"WG Web : https://datatracker.ietf.org/wg/netconf
WG List : NETCONF WG list <mailto:netconf@ietf.org>
Author : Kent Watsen <kent+ietf@watsen.net>";
+
description
"This module defines a 'truststore' to centralize management
of trust anchors including certificates and public keys.
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
"The 'inline-definitions-supported' feature indicates that
the server supports locally-defined trust anchors.";
}
+
feature certificates {
description
"The 'certificates' feature indicates that the server
}
description
"This typedef defines a reference to a certificate bag
- in the truststore, when this module is implemented.";
+ in the central truststore.";
}
typedef certificate-ref {
type leafref {
path "/ts:truststore/ts:certificate-bags/ts:certificate-bag"
- + "[ts:name = current()/../ts:certificate-bag]/"
+ + "[ts:name = current()/../certificate-bag]/"
+ "ts:certificate/ts:name";
}
description
"This typedef defines a reference to a specific certificate
- in a certificate bag in the truststore, when this module
- is implemented. This typedef requires that there exist a
- sibling 'leaf' node called 'certificate-bag' that SHOULD
- have the typedef 'certificate-bag-ref'.";
+ in a certificate bag in the central truststore. This typedef
+ requires that there exist a sibling 'leaf' node called
+ 'certificate-bag' that SHOULD have the typedef
+ 'certificate-bag-ref'.";
}
typedef public-key-bag-ref {
}
description
"This typedef defines a reference to a public key bag
- in the truststore, when this module is implemented.";
+ in the central truststore.";
}
typedef public-key-ref {
type leafref {
path "/ts:truststore/ts:public-key-bags/ts:public-key-bag"
- + "[ts:name = current()/../ts:public-key-bag]/"
+ + "[ts:name = current()/../public-key-bag]/"
+ "ts:public-key/ts:name";
}
description
"This typedef defines a reference to a specific public key
- in a public key bag in the truststore, when this module is
- implemented. This typedef requires that there exist a
- sibling 'leaf' node called 'public-key-bag' that SHOULD
- have the typedef 'public-key-bag-ref'.";
+ in a public key bag in the truststore. This typedef
+ requires that there exist a sibling 'leaf' node called
+ 'public-key-bag' that SHOULD have the typedef
+ 'public-key-bag-ref'.";
}
/*****************/
/* Groupings */
/*****************/
+ // *-ref groupings
+
+ grouping certificate-ref-grouping {
+ description
+ "Grouping for the reference to a certificate in a
+ certificate-bag in the central truststore.";
+ leaf certificate-bag {
+ nacm:default-deny-write;
+ if-feature "central-truststore-supported";
+ if-feature "certificates";
+ type ts:certificate-bag-ref;
+ must "../certificate";
+ description
+ "Reference to a certificate-bag in the truststore.";
+ }
+ leaf certificate {
+ nacm:default-deny-write;
+
+ // FIXME: these two lines are missing in the published model
+ if-feature "central-truststore-supported";
+ if-feature "certificates";
+
+ type ts:certificate-ref;
+ must "../certificate-bag";
+ description
+ "Reference to a specific certificate in the
+ referenced certificate-bag.";
+ }
+ }
+
+ grouping public-key-ref-grouping {
+ description
+ "Grouping for the reference to a public key in a
+ public-key-bag in the central truststore.";
+ leaf public-key-bag {
+ nacm:default-deny-write;
+ if-feature "central-truststore-supported";
+ if-feature "public-keys";
+ type ts:public-key-bag-ref;
+ description
+ "Reference of a public key bag in the truststore inlucding
+ the certificate to authenticate the TLS client.";
+ }
+ leaf public-key {
+ nacm:default-deny-write;
+
+ // FIXME: these two lines are missing in the published model
+ if-feature "central-truststore-supported";
+ if-feature "public-keys";
+
+ type ts:public-key-ref;
+ description
+ "Reference to a specific public key in the
+ referenced public-key-bag.";
+ }
+ }
+
+ // inline-or-truststore-* groupings
+
grouping inline-or-truststore-certs-grouping {
description
- "A grouping that allows the certificates to be either
- configured locally, within the using data model, or be a
- reference to a certificate bag stored in the truststore.
+ "A grouping for the configuration of a list of certificates.
+ The list of certificate may be defined inline or as a
+ reference to a certificate bag in the central truststore.
- Servers that do not 'implement' this module, and hence
- 'central-truststore-supported' is not defined, SHOULD
- augment in custom 'case' statements enabling references
- to the alternate truststore locations.";
+ Servers that do not define the 'central-truststore-supported'
+ feature SHOULD augment in custom 'case' statements enabling
+ references to alternate truststore locations.";
choice inline-or-truststore {
nacm:default-deny-write;
mandatory true;
}
}
}
- case truststore {
+ case central-truststore {
if-feature "central-truststore-supported";
if-feature "certificates";
- leaf truststore-reference {
+ leaf central-truststore-reference {
type ts:certificate-bag-ref;
description
"A reference to a certificate bag that exists in the
- truststore, when this module is implemented.";
+ central truststore.";
}
}
}
configured locally, within the using data model, or be a
reference to a public key bag stored in the truststore.
- Servers that do not 'implement' this module, and hence
- 'central-truststore-supported' is not defined, SHOULD
- augment in custom 'case' statements enabling references
- to the alternate truststore locations.";
+ Servers that do not define the 'central-truststore-supported'
+ feature SHOULD augment in custom 'case' statements enabling
+ references to alternate truststore locations.";
choice inline-or-truststore {
nacm:default-deny-write;
mandatory true;
}
}
}
- case truststore {
+ case central-truststore {
if-feature "central-truststore-supported";
if-feature "public-keys";
- leaf truststore-reference {
+ leaf central-truststore-reference {
type ts:public-key-bag-ref;
description
"A reference to a bag of public keys that exists
- in the truststore, when this module is implemented.";
+ in the central truststore.";
}
}
}
}
+
+ // the truststore grouping
+
grouping truststore-grouping {
description
"A grouping definition that enables use in other contexts.
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.IetfTruststoreData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineDefinitionsSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.IetfTruststoreData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.InlineDefinitionsSupported;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;