"This module defines a 'keystore' to centralize management
of security credentials.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
'ietf-keystore' module).";
}
- feature local-definitions-supported {
+ feature inline-definitions-supported {
description
- "The 'local-definitions-supported' feature indicates that
+ "The 'inline-definitions-supported' feature indicates that
the server supports locally-defined keys.";
}
}
}
- // local-or-keystore-* groupings
+ // inline-or-keystore-* groupings
- grouping local-or-keystore-symmetric-key-grouping {
+ grouping inline-or-keystore-symmetric-key-grouping {
description
"A grouping that expands to allow the symmetric key to be
either stored locally, i.e., within the using data model,
'central-keystore-supported' is not defined, SHOULD
augment in custom 'case' statements enabling references
to the alternate keystore locations.";
- choice local-or-keystore {
+ choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
description
"A choice between an inlined definition and a definition
that exists in the keystore.";
- case local {
- if-feature "local-definitions-supported";
- container local-definition {
+ case inline {
+ if-feature "inline-definitions-supported";
+ container inline-definition {
description
"Container to hold the local key definition.";
uses ct:symmetric-key-grouping;
}
}
}
- grouping local-or-keystore-asymmetric-key-grouping {
+
+ grouping inline-or-keystore-asymmetric-key-grouping {
description
"A grouping that expands to allow the asymmetric key to be
either stored locally, i.e., within the using data model,
'central-keystore-supported' is not defined, SHOULD
augment in custom 'case' statements enabling references
to the alternate keystore locations.";
- choice local-or-keystore {
+ choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
description
"A choice between an inlined definition and a definition
that exists in the keystore.";
- case local {
- if-feature "local-definitions-supported";
- container local-definition {
+ case inline {
+ if-feature "inline-definitions-supported";
+ container inline-definition {
description
"Container to hold the local key definition.";
uses ct:asymmetric-key-pair-grouping;
}
}
- grouping local-or-keystore-asymmetric-key-with-certs-grouping {
+ grouping inline-or-keystore-asymmetric-key-with-certs-grouping {
description
"A grouping that expands to allow an asymmetric key and
its associated certificates to be either stored locally,
'central-keystore-supported' is not defined, SHOULD
augment in custom 'case' statements enabling references
to the alternate keystore locations.";
- choice local-or-keystore {
+ choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
description
"A choice between an inlined definition and a definition
that exists in the keystore.";
- case local {
- if-feature "local-definitions-supported";
- container local-definition {
+ case inline {
+ if-feature "inline-definitions-supported";
+ container inline-definition {
description
"Container to hold the local key definition.";
uses ct:asymmetric-key-pair-with-certs-grouping;
}
}
- grouping local-or-keystore-end-entity-cert-with-key-grouping {
+ grouping inline-or-keystore-end-entity-cert-with-key-grouping {
description
"A grouping that expands to allow an end-entity certificate
(and its associated asymmetric key pair) to be either stored
'central-keystore-supported' is not defined, SHOULD
augment in custom 'case' statements enabling references
to the alternate keystore locations.";
- choice local-or-keystore {
+ choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
description
"A choice between an inlined definition and a definition
that exists in the keystore.";
- case local {
- if-feature "local-definitions-supported";
- container local-definition {
+ case inline {
+ if-feature "inline-definitions-supported";
+ container inline-definition {
description
"Container to hold the local key definition.";
uses ct:asymmetric-key-pair-with-cert-grouping;
description
"Grouping definition enables use in other contexts. If ever
done, implementations MUST augment new 'case' statements
- into the various local-or-keystore 'choice' statements to
+ into the various inline-or-keystore 'choice' statements to
supply leafrefs to the model-specific location(s).";
container asymmetric-keys {
nacm:default-deny-write;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.AsymmetricKeys;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.IetfKeystoreData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalDefinitionsSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.AsymmetricKeys;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.IetfKeystoreData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineDefinitionsSupported;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
@Override
public Set<? extends YangFeature<?, IetfKeystoreData>> supportedFeatures() {
- return Set.of(LocalDefinitionsSupported.VALUE, AsymmetricKeys.VALUE);
+ return Set.of(InlineDefinitionsSupported.VALUE, AsymmetricKeys.VALUE);
}
}
"This module defines common YANG types for cryptographic
applications.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
"Indicates that the server supports the
'cms-encrypted-data-format' identity.";
}
-
- feature csr-generation {
+ feature p10-csr-format {
description
- "Indicates that the server implements the
- 'generate-csr' action.";
- }
-
- feature p10-based-csrs {
- description
- "Indicates that the erver implements support
+ "Indicates that the server implements support
for generating P10-based CSRs, as defined
in RFC 2986.";
reference
Specification Version 1.7";
}
+ feature csr-generation {
+ description
+ "Indicates that the server implements the
+ 'generate-csr' action.";
+ }
+
feature certificate-expiration-notification {
description
"Indicates that the server implements the
'certificate-expiration' notification.";
}
- feature hidden-keys {
+ feature cleartext-passwords {
description
- "Indicates that the server supports hidden keys.";
+ "Indicates that the server supports cleartext
+ passwords.";
}
- feature password-encryption {
+ feature encrypted-passwords {
description
"Indicates that the server supports password
encryption.";
}
- feature symmetric-key-encryption {
+ feature cleartext-symmetric-keys {
+ description
+ "Indicates that the server supports cleartext
+ symmetric keys.";
+ }
+
+ feature hidden-symmetric-keys {
+ description
+ "Indicates that the server supports hidden keys.";
+ }
+
+ feature encrypted-symmetric-keys {
description
"Indicates that the server supports encryption
of symmetric keys.";
}
- feature private-key-encryption {
+ feature cleartext-private-keys {
+ description
+ "Indicates that the server supports cleartext
+ private keys.";
+ }
+
+ feature hidden-private-keys {
+ description
+ "Indicates that the server supports hidden keys.";
+ }
+
+ feature encrypted-private-keys {
description
"Indicates that the server supports encryption
of private keys.";
identity rsa-private-key-format {
base private-key-format;
description
- "Indicates that the private key value is encoded
- as an RSAPrivateKey (from RFC 3447).";
+ "Indicates that the private key value is encoded as
+ an RSAPrivateKey (from RFC 3447), encoded using ASN.1
+ distinguished encoding rules (DER), as specified in
+ ITU-T X.690.";
reference
- "RFC 3447: PKCS #1: RSA Cryptography
- Specifications Version 2.2";
+ "RFC 3447:
+ PKCS #1: RSA Cryptography Specifications Version 2.2
+ ITU-T X.690:
+ Information technology - ASN.1 encoding rules:
+ Specification of Basic Encoding Rules (BER),
+ Canonical Encoding Rules (CER) and Distinguished
+ Encoding Rules (DER) 02/2021.";
}
identity ec-private-key-format {
base private-key-format;
description
- "Indicates that the private key value is encoded
- as an ECPrivateKey (from RFC 5915)";
+ "Indicates that the private key value is encoded as
+ an ECPrivateKey (from RFC 5915), encoded using ASN.1
+ distinguished encoding rules (DER), as specified in
+ ITU-T X.690.";
reference
- "RFC 5915: Elliptic Curve Private Key Structure";
+ "RFC 5915:
+ Elliptic Curve Private Key Structure
+ ITU-T X.690:
+ Information technology - ASN.1 encoding rules:
+ Specification of Basic Encoding Rules (BER),
+ Canonical Encoding Rules (CER) and Distinguished
+ Encoding Rules (DER) 02/2021.";
}
identity one-asymmetric-key-format {
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
/***************************************************/
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
/******************************************************/
The length of the octet string MUST be appropriate for
the associated algorithm's block size.
- How the associated algorithm is known is outside the
- scope of this module. This statement also applies when
- the octet string has been encrypted.";
+ The identity of the associated algorithm is outside the
+ scope of this specification. This is also true when
+ the octet string has been encrypted.";
}
-
identity one-symmetric-key-format {
if-feature "one-symmetric-key-format";
base symmetric-key-format;
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
/*************************************************/
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
identity cms-enveloped-data-format {
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
/*********************************************************/
by future efforts.";
}
- identity p10-csr {
- if-feature "p10-based-csrs";
+ identity p10-csr-format {
+ if-feature "p10-csr-format";
base csr-format;
description
"Indicates the 'CertificationRequest' structure
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
typedef p10-csr {
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
/***************************************************/
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
typedef crl {
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
/***************************************************/
/* Typedefs for ASN.1 structures from RFC 6960 */
/***************************************************/
+
typedef oscp-request {
type binary;
description
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
typedef oscp-response {
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
/***********************************************/
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
- Encoding Rules (DER).";
+ Encoding Rules (DER) 02/2021.";
}
typedef data-content-cms {
The CMS MUST contain only a single chain of certificates.
The client or end-entity certificate MUST only authenticate
- to last intermediate CA certificate listed in the chain.
+ to the last intermediate CA certificate listed in the chain.
In all cases, the chain MUST include a self-signed root
certificate. In the case where the root certificate is
verify the revocation status of the certificates.
This CMS encodes the degenerate form of the SignedData
- structure that is commonly used to disseminate X.509
- certificates and revocation objects (RFC 5280).";
+ structure (RFC 5652, Section 5.2) that is commonly used
+ to disseminate X.509 certificates and revocation objects
+ (RFC 5280).";
reference
"RFC 5280:
Internet X.509 Public Key Infrastructure Certificate
- and Certificate Revocation List (CRL) Profile.";
+ and Certificate Revocation List (CRL) Profile.
+ RFC 5652:
+ Cryptographic Message Syntax (CMS)";
}
typedef end-entity-cert-cms {
verify the revocation status of the certificates.
This CMS encodes the degenerate form of the SignedData
- structure that is commonly used to disseminate X.509
- certificates and revocation objects (RFC 5280).";
+ structure (RFC 5652, Section 5.2) that is commonly
+ used to disseminate X.509 certificates and revocation
+ objects (RFC 5280).";
+
reference
"RFC 5280:
Internet X.509 Public Key Infrastructure Certificate
- and Certificate Revocation List (CRL) Profile.";
+ and Certificate Revocation List (CRL) Profile.
+ RFC 5652:
+ Cryptographic Message Syntax (CMS)";
}
/*****************/
via a leaf node called 'asymmetric-key-ref'.
The leaf nodes MUST be direct descendants in the data tree,
- and MAY be direct descendants in the schema tree.";
+ and MAY be direct descendants in the schema tree (e.g.,
+ choice/case statements are allowed, but not a container).";
}
leaf encrypted-value-format {
type identityref {
grouping password-grouping {
description
- "A password that MAY be encrypted.";
+ "A password that may be encrypted.";
choice password-type {
nacm:default-deny-write;
mandatory true;
description
"Choice between password types.";
case cleartext-password {
+ if-feature "cleartext-passwords";
leaf cleartext-password {
nacm:default-deny-all;
type string;
}
}
case encrypted-password {
- if-feature "password-encryption";
+ if-feature "encrypted-passwords";
container encrypted-password {
description
"A container for the encrypted password value.";
SHOULD ensure that the incoming symmetric key value is
encoded in the specified format.
- For encrypted keys, the value is the same as it would
- have been if the key were not encrypted.";
+ For encrypted keys, the value is the decrypted key's
+ format (i.e., the 'encrypted-value-format' conveys the
+ encrypted key's format.";
}
choice key-type {
nacm:default-deny-write;
"Choice between key types.";
case cleartext-key {
leaf cleartext-key {
+ if-feature "cleartext-symmetric-keys";
nacm:default-deny-all;
type binary;
must '../key-format';
}
}
case hidden-key {
- if-feature "hidden-keys";
+ if-feature "hidden-symmetric-keys";
leaf hidden-key {
type empty;
must 'not(../key-format)';
}
}
case encrypted-key {
- if-feature "symmetric-key-encryption";
+ if-feature "encrypted-symmetric-keys";
container encrypted-key {
must '../key-format';
description
ensure that the incoming private key value is encoded in the
specified format.
- For encrypted keys, the value is the same as it would have
- been if the key were not encrypted.";
+ For encrypted keys, the value is the decrypted key's
+ format (i.e., the 'encrypted-value-format' conveys the
+ encrypted key's format.";
}
choice private-key-type {
nacm:default-deny-write;
description
"Choice between key types.";
case cleartext-private-key {
+ if-feature "cleartext-private-keys";
leaf cleartext-private-key {
nacm:default-deny-all;
type binary;
}
}
case hidden-private-key {
- if-feature "hidden-keys";
+ if-feature "hidden-private-keys";
leaf hidden-private-key {
type empty;
must 'not(../private-key-format)';
}
}
case encrypted-private-key {
- if-feature "private-key-encryption";
+ if-feature "encrypted-private-keys";
container encrypted-private-key {
must '../private-key-format';
description
}
mandatory true;
description
- "Specifies the format for the returned certifiacte.";
+ "Specifies the format for the returned certificate.";
}
leaf csr-info {
type csr-info;
grouping asymmetric-key-pair-with-cert-grouping {
description
"A private/public key pair and an associated certificate.
- Implementations SHOULD assert that certificates contain
+ Implementations SHOULD assert that the certificate contains
the matching public key.";
uses asymmetric-key-pair-grouping;
uses end-entity-cert-grouping;
grouping asymmetric-key-pair-with-certs-grouping {
description
- "A private/public key pair and associated certificates.
- Implementations SHOULD assert that certificates contain
- the matching public key.";
+ "A private/public key pair and a list of associated
+ certificates. Implementations SHOULD assert that
+ certificates contain the matching public key.";
uses asymmetric-key-pair-grouping;
container certificates {
nacm:default-deny-write;
<groupId>io.netty</groupId>
<artifactId>netty-transport</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
<dependency>
<groupId>org.kohsuke.metainf-services</groupId>
<artifactId>metainf-services</artifactId>
<artifactId>truststore-api</artifactId>
</dependency>
<dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk18on</artifactId>
+ <groupId>org.opendaylight.netconf.model</groupId>
+ <artifactId>draft-ietf-netconf-crypto-types</artifactId>
</dependency>
<!-- testing -->
<artifactId>bcpkix-jdk18on</artifactId>
<scope>test</scope>
</dependency>
-
+ <dependency>
+ <groupId>org.opendaylight.mdsal.binding.model.ietf</groupId>
+ <artifactId>rfc6991-ietf-inet-types</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
import org.opendaylight.netconf.shaded.sshd.common.session.SessionHeartbeatController;
import org.opendaylight.netconf.shaded.sshd.server.ServerFactoryManager;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.AsymmetricKeyPairGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.server.authentication.SshHostKeys;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.TransportParamsGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.transport.params.grouping.KeyExchange;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.LocalOrTruststoreCertsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.AsymmetricKeyPairGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.SshHostKeys;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.TransportParamsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.KeyExchange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.opendaylight.yangtools.yang.common.Uint8;
}
static void setKeepAlives(final @NonNull ServerFactoryManager factoryMgr,
- final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
.ssh.server.grouping.Keepalives keepAlives) {
setKeepAlives(factoryMgr,
keepAlives == null ? null : keepAlives.getMaxWait(),
}
static void setKeepAlives(final @NonNull ClientFactoryManager factoryMgr,
- final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417
.ssh.client.grouping.Keepalives keepAlives) {
setKeepAlives(factoryMgr,
keepAlives == null ? null : keepAlives.getMaxWait(),
@SuppressFBWarnings(value = "DLS_DEAD_LOCAL_STORE", justification = "maxAttempts usage need clarification")
private static void setKeepAlives(final @NonNull FactoryManager factoryMgr, final @Nullable Uint16 cfgMaxWait,
final @Nullable Uint8 cfgMaxAttempts) {
- // FIXME utilize max attempts
+ // FIXME: utilize max attempts
final var maxAttempts = cfgMaxAttempts == null ? KEEP_ALIVE_DEFAULT_ATTEMPTS : cfgMaxAttempts.intValue();
final var maxWait = cfgMaxWait == null ? KEEP_ALIVE_DEFAULT_MAX_WAIT : cfgMaxWait.intValue();
factoryMgr.setSessionHeartbeat(SessionHeartbeatController.HeartbeatType.RESERVED, Duration.ofSeconds(maxWait));
}
static List<KeyPair> extractServerHostKeys(
- final List<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+ final List<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
.ssh.server.grouping.server.identity.HostKey> serverHostKeys)
throws UnsupportedConfigurationException {
var listBuilder = ImmutableList.<KeyPair>builder();
for (var hostKey : serverHostKeys) {
if (hostKey.getHostKeyType()
- instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+ instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
.ssh.server.grouping.server.identity.host.key.host.key.type.PublicKey publicKey
&& publicKey.getPublicKey() != null) {
- listBuilder.add(extractKeyPair(publicKey.getPublicKey().getLocalOrKeystore()));
+ listBuilder.add(extractKeyPair(publicKey.getPublicKey().getInlineOrKeystore()));
} else if (hostKey.getHostKeyType()
- instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+ instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
.ssh.server.grouping.server.identity.host.key.host.key.type.Certificate certificate
&& certificate.getCertificate() != null) {
listBuilder.add(extractCertificateEntry(certificate.getCertificate()).getKey());
}
static KeyPair extractKeyPair(
- final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.asymmetric.key.grouping.LocalOrKeystore input)
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore input)
throws UnsupportedConfigurationException {
- final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.asymmetric.key.grouping.local.or.keystore.Local.class, input);
- final var localDef = local.getLocalDefinition();
- if (localDef == null) {
- throw new UnsupportedConfigurationException("Missing local definition in " + local);
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline.class, input);
+ final var inlineDef = inline.getInlineDefinition();
+ if (inlineDef == null) {
+ throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
}
- return extractKeyPair(localDef);
+ return extractKeyPair(inlineDef);
}
private static KeyPair extractKeyPair(final AsymmetricKeyPairGrouping input)
return new KeyPair(publicKey, privateKey);
}
- static List<Certificate> extractCertificates(@Nullable final LocalOrTruststoreCertsGrouping input)
+ static List<Certificate> extractCertificates(final @Nullable InlineOrTruststoreCertsGrouping input)
throws UnsupportedConfigurationException {
if (input == null) {
return List.of();
}
- final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
- .rev221212.local.or.truststore.certs.grouping.local.or.truststore.Local.class,
- input.getLocalOrTruststore());
- final var localDef = local.getLocalDefinition();
- if (localDef == null) {
- throw new UnsupportedConfigurationException("Missing local definition in " + local);
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
+ .rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class,
+ input.getInlineOrTruststore());
+ final var inlineDef = inline.getInlineDefinition();
+ if (inlineDef == null) {
+ throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
}
final var listBuilder = ImmutableList.<Certificate>builder();
- for (var cert : localDef.nonnullCertificate().values()) {
+ for (var cert : inlineDef.nonnullCertificate().values()) {
listBuilder.add(KeyUtils.buildX509Certificate(cert.requireCertData().getValue()));
}
return listBuilder.build();
}
private static Map.Entry<KeyPair, List<X509Certificate>> extractCertificateEntry(
- final LocalOrKeystoreEndEntityCertWithKeyGrouping input) throws UnsupportedConfigurationException {
- final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.Local.class,
- input.getLocalOrKeystore());
- final var localDef = local.getLocalDefinition();
- if (localDef == null) {
- throw new UnsupportedConfigurationException("Missing local definition in " + local);
+ final InlineOrKeystoreEndEntityCertWithKeyGrouping input) throws UnsupportedConfigurationException {
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline.class,
+ input.getInlineOrKeystore());
+ final var inlineDef = inline.getInlineDefinition();
+ if (inlineDef == null) {
+ throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
}
- final var keyPair = extractKeyPair(localDef);
- final var certificate = KeyUtils.buildX509Certificate(localDef.requireCertData().getValue());
+ final var keyPair = extractKeyPair(inlineDef);
+ final var certificate = KeyUtils.buildX509Certificate(inlineDef.requireCertData().getValue());
/*
ietf-crypto-types:asymmetric-key-pair-with-cert-grouping
"A private/public key pair and an associated certificate.
}
static List<PublicKey> extractPublicKeys(
- final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore._public.keys.grouping.LocalOrTruststore input)
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore._public.keys.grouping.InlineOrTruststore input)
throws UnsupportedConfigurationException {
- final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore._public.keys.grouping.local.or.truststore.Local.class, input);
- final var localDef = local.getLocalDefinition();
- if (localDef == null) {
- throw new UnsupportedConfigurationException("Missing local definition in " + local);
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline.class, input);
+ final var inlineDef = inline.getInlineDefinition();
+ if (inlineDef == null) {
+ throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
}
+
+ final var publicKey = inlineDef.getPublicKey();
+ if (publicKey == null) {
+ return List.of();
+ }
+
final var listBuilder = ImmutableList.<PublicKey>builder();
- if (localDef.getPublicKey() != null && localDef.getPublicKey().entrySet() != null) {
- for (var entry : localDef.getPublicKey().entrySet()) {
- if (!SshPublicKeyFormat.VALUE.equals(entry.getValue().getPublicKeyFormat())) {
- throw new UnsupportedConfigurationException("ssh public key format is expected");
- }
- listBuilder.add(KeyUtils.buildPublicKeyFromSshEncoding(entry.getValue().getPublicKey()));
+ for (var entry : publicKey.entrySet()) {
+ if (!SshPublicKeyFormat.VALUE.equals(entry.getValue().getPublicKeyFormat())) {
+ throw new UnsupportedConfigurationException("ssh public key format is expected");
}
+ listBuilder.add(KeyUtils.buildPublicKeyFromSshEncoding(entry.getValue().getPublicKey()));
}
return listBuilder.build();
}
static List<PublicKey> extractPublicKeys(final @Nullable SshHostKeys sshHostKeys)
throws UnsupportedConfigurationException {
- return sshHostKeys == null ? List.of() : extractPublicKeys(sshHostKeys.getLocalOrTruststore());
+ return sshHostKeys == null ? List.of() : extractPublicKeys(sshHostKeys.getInlineOrTruststore());
}
@FunctionalInterface
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ClientIdentHostbased;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ClientIdentPassword;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ClientIdentPublickey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.IetfSshClientData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.SshClientKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentHostbased;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentPassword;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentPublickey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.IetfSshClientData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientKeepalives;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.IetfSshCommonData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.SshX509Certs;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.TransportParams;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.IetfSshCommonData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.SshX509Certs;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.TransportParams;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.IetfSshServerData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.LocalUserAuthHostbased;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.LocalUserAuthPassword;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.LocalUserAuthPublickey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.LocalUsersSupported;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.SshServerKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.IetfSshServerData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthHostbased;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthPassword;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthPublickey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUsersSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerKeepalives;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.TCPClient;
import org.opendaylight.netconf.transport.tcp.TCPServer;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.password.grouping.password.type.CleartextPassword;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.SshClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ClientIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ServerAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPassword;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
/**
* A {@link TransportStack} acting as an SSH client.
super(listener);
this.clientFactoryManager = clientFactoryManager;
this.clientFactoryManager.addSessionListener(new UserAuthSessionListener(sessionAuthHandlers, sessions));
- this.sessionFactory = new SessionFactory(clientFactoryManager) {
+ sessionFactory = new SessionFactory(clientFactoryManager) {
@Override
- protected ClientSessionImpl setupSession(ClientSessionImpl session) {
+ protected ClientSessionImpl setupSession(final ClientSessionImpl session) {
session.setUsername(username);
return session;
}
};
- this.ioService = new SshIoService(this.clientFactoryManager,
+ ioService = new SshIoService(this.clientFactoryManager,
new DefaultChannelGroup("sshd-client-channels", GlobalEventExecutor.INSTANCE),
- this.sessionFactory);
+ sessionFactory);
}
@Override
if (clientIdentity == null || clientIdentity.getNone() != null) {
return;
}
- var authFactoriesListBuilder = ImmutableList.<UserAuthFactory>builder();
- if (clientIdentity.getPassword() != null) {
- if (clientIdentity.getPassword().getPasswordType() instanceof CleartextPassword clearTextPassword) {
+ final var authFactoriesListBuilder = ImmutableList.<UserAuthFactory>builder();
+ final var password = clientIdentity.getPassword();
+ if (password != null) {
+ if (password.getPasswordType() instanceof CleartextPassword clearTextPassword) {
factoryMgr.setPasswordIdentityProvider(
PasswordIdentityProvider.wrapPasswords(clearTextPassword.requireCleartextPassword()));
authFactoriesListBuilder.add(new UserAuthPasswordFactory());
}
// TODO support encrypted password -- requires augmentation of default schema
}
- if (clientIdentity.getHostbased() != null) {
- var keyPair = ConfigUtils.extractKeyPair(clientIdentity.getHostbased().getLocalOrKeystore());
+ final var hostBased = clientIdentity.getHostbased();
+ if (hostBased != null) {
+ var keyPair = ConfigUtils.extractKeyPair(hostBased.getInlineOrKeystore());
var factory = new UserAuthHostBasedFactory();
factory.setClientHostKeys(HostKeyIdentityProvider.wrap(keyPair));
factory.setClientUsername(clientIdentity.getUsername());
factory.setSignatureFactories(factoryMgr.getSignatureFactories());
authFactoriesListBuilder.add(factory);
}
- if (clientIdentity.getPublicKey() != null) {
- final var keyPairs = ConfigUtils.extractKeyPair(clientIdentity.getPublicKey().getLocalOrKeystore());
+ final var publicKey = clientIdentity.getPublicKey();
+ if (publicKey != null) {
+ final var keyPairs = ConfigUtils.extractKeyPair(publicKey.getInlineOrKeystore());
factoryMgr.setKeyIdentityProvider(KeyIdentityProvider.wrapKeyPairs(keyPairs));
final var factory = new UserAuthPublicKeyFactory();
factory.setSignatureFactories(factoryMgr.getSignatureFactories());
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.TCPClient;
import org.opendaylight.netconf.transport.tcp.TCPServer;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.SshServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ClientAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ServerIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
/**
* A {@link TransportStack} acting as an SSH server.
super(listener);
this.serverFactoryManager = requireNonNull(serverFactoryManager);
this.serverFactoryManager.addSessionListener(new UserAuthSessionListener(sessionAuthHandlers, sessions));
- this.serverSessionFactory = new SessionFactory(serverFactoryManager);
- this.ioService = new SshIoService(this.serverFactoryManager,
+ serverSessionFactory = new SessionFactory(serverFactoryManager);
+ ioService = new SshIoService(this.serverFactoryManager,
new DefaultChannelGroup("sshd-server-channels", GlobalEventExecutor.INSTANCE),
- this.serverSessionFactory);
+ serverSessionFactory);
}
@Override
}
private static void setServerIdentity(final @NonNull ServerFactoryManager factoryMgr,
- final @NonNull ServerIdentity serverIdentity) throws UnsupportedConfigurationException {
+ final @Nullable ServerIdentity serverIdentity) throws UnsupportedConfigurationException {
if (serverIdentity == null) {
throw new UnsupportedConfigurationException("Server identity configuration is required");
}
- if (serverIdentity.getHostKey() != null && !serverIdentity.getHostKey().isEmpty()) {
- final var serverHostKeyPairs = ConfigUtils.extractServerHostKeys(serverIdentity.getHostKey());
- if (!serverHostKeyPairs.isEmpty()) {
- factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(serverHostKeyPairs));
- }
- } else {
+ final var hostKey = serverIdentity.getHostKey();
+ if (hostKey == null || hostKey.isEmpty()) {
throw new UnsupportedConfigurationException("Host keys is missing in server identity configuration");
}
+ final var serverHostKeyPairs = ConfigUtils.extractServerHostKeys(hostKey);
+ if (!serverHostKeyPairs.isEmpty()) {
+ factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(serverHostKeyPairs));
+ }
}
private static void setClientAuthentication(final @NonNull ServerFactoryManager factoryMgr,
if (clientAuthentication == null) {
return;
}
- if (clientAuthentication.getUsers() != null && clientAuthentication.getUsers().getUser() != null) {
+ final var users = clientAuthentication.getUsers();
+ if (users == null) {
+ return;
+ }
+ final var userMap = users.getUser();
+ if (userMap != null) {
final var passwordMapBuilder = ImmutableMap.<String, String>builder();
final var hostBasedMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
final var publicKeyMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
- for (var entry : clientAuthentication.getUsers().getUser().entrySet()) {
+ for (var entry : userMap.entrySet()) {
final String username = entry.getKey().getName();
- if (entry.getValue().getPassword() != null) { // password
- passwordMapBuilder.put(username, entry.getValue().getPassword().getValue());
+ final var value = entry.getValue();
+ final var password = value.getPassword();
+ if (password != null) {
+ passwordMapBuilder.put(username, password.getValue());
}
- if (entry.getValue().getHostbased() != null) {
- hostBasedMapBuilder.put(username,
- ConfigUtils.extractPublicKeys(entry.getValue().getHostbased().getLocalOrTruststore()));
+ final var hostBased = value.getHostbased();
+ if (hostBased != null) {
+ hostBasedMapBuilder.put(username, ConfigUtils.extractPublicKeys(hostBased.getInlineOrTruststore()));
}
- if (entry.getValue().getPublicKeys() != null) {
- publicKeyMapBuilder.put(username,
- ConfigUtils.extractPublicKeys(entry.getValue().getPublicKeys().getLocalOrTruststore()));
+ final var publicKey = value.getPublicKeys();
+ if (publicKey != null) {
+ publicKeyMapBuilder.put(username, ConfigUtils.extractPublicKeys(publicKey.getInlineOrTruststore()));
}
}
final var authFactoriesBuilder = ImmutableList.<UserAuthFactory>builder();
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.HmacSha2256;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.HmacSha2512;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.MacAlgBase;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.transport.params.grouping.Encryption;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.transport.params.grouping.HostKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212.transport.params.grouping.KeyExchange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.Encryption;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.HostKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.KeyExchange;
final class TransportUtils {
private static final Map<EncryptionAlgBase, NamedFactory<Cipher>> CIPHERS =
}
public static List<NamedFactory<Mac>> getMacFactories(
- final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev221212
+ final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417
.transport.params.grouping.Mac mac) throws UnsupportedConfigurationException {
if (mac != null) {
final var macAlg = mac.getMacAlg();
description
- "This module defines reusable groupings for SSH clients that
+ "This module defines a reusable grouping for SSH clients that
can be used as a basis for specific SSH client instances.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
established.
Note that this grouping uses fairly typical descendant
- node names such that a stack of 'uses' statements will
+ node names such that a nesting of 'uses' statements will
have name conflicts. It is intended that the consuming
data model will resolve the issue (e.g., by wrapping
the 'uses' statement in a container called
pair to be used for client identification.";
reference
"RFC CCCC: A YANG Data Model for a Keystore";
- uses ks:local-or-keystore-asymmetric-key-grouping {
- refine "local-or-keystore/local/local-definition" {
+ uses ks:inline-or-keystore-asymmetric-key-grouping {
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:ssh-public-key-format")';
}
- refine "local-or-keystore/keystore/keystore-reference" {
+ refine "inline-or-keystore/keystore/keystore-reference" {
must 'derived-from-or-self(deref(.)/../ks:public-key-'
+ 'format, "ct:ssh-public-key-format")';
}
pair to be used for host identification.";
reference
"RFC CCCC: A YANG Data Model for a Keystore";
- uses ks:local-or-keystore-asymmetric-key-grouping {
- refine "local-or-keystore/local/local-definition" {
+ uses ks:inline-or-keystore-asymmetric-key-grouping {
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:ssh-public-key-format")';
}
- refine "local-or-keystore/keystore/keystore-reference" {
+ refine "inline-or-keystore/keystore/keystore-reference" {
must 'derived-from-or-self(deref(.)/../ks:public-key-'
+ 'format, "ct:ssh-public-key-format")';
}
to be used for client identification.";
reference
"RFC CCCC: A YANG Data Model for a Keystore";
- uses ks:local-or-keystore-end-entity-cert-with-key-grouping {
- refine "local-or-keystore/local/local-definition" {
+ uses
+ ks:inline-or-keystore-end-entity-cert-with-key-grouping {
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-keystore/keystore/keystore-reference"
+ refine "inline-or-keystore/keystore/keystore-reference"
+ "/asymmetric-key" {
must 'derived-from-or-self(deref(.)/../ks:public-key-'
+ 'format, "ct:subject-public-key-info-format")';
configured SSH host key.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-public-keys-grouping {
+ uses ts:inline-or-truststore-public-keys-grouping {
refine
- "local-or-truststore/local/local-definition/public-key" {
+ "inline-or-truststore/inline/inline-definition/public"
+ + "-key" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:ssh-public-key-format")';
}
refine
- "local-or-truststore/truststore/truststore-reference" {
+ "inline-or-truststore/truststore/truststore-reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:ssh-'
+ 'public-key-format"))])';
of trust to a configured CA certificate.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-certs-grouping;
+ uses ts:inline-or-truststore-certs-grouping;
}
container ee-certs {
if-feature "sshcmn:ssh-x509-certs";
end-entity certificate.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-certs-grouping;
+ uses ts:inline-or-truststore-certs-grouping;
}
} // container server-authentication
"This module defines a common features and groupings for
Secure Shell (SSH).
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
-
Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Revised
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
}
ordered-by user;
description
- "Acceptable host key algorithms in order of descending
+ "Acceptable host key algorithms in order of decreasing
preference.
+
If this leaf-list is not configured (has zero elements)
the acceptable host key algorithms are implementation-
defined.";
}
ordered-by user;
description
- "Acceptable key exchange algorithms in order of descending
+ "Acceptable key exchange algorithms in order of decreasing
preference.
If this leaf-list is not configured (has zero elements)
}
ordered-by user;
description
- "Acceptable encryption algorithms in order of descending
+ "Acceptable encryption algorithms in order of decreasing
preference.
If this leaf-list is not configured (has zero elements)
}
ordered-by user;
description
- "Acceptable MAC algorithms in order of descending
+ "Acceptable MAC algorithms in order of decreasing
preference.
If this leaf-list is not configured (has zero elements)
For RSA keys, the minimum size is 1024 bits and
the default is 3072 bits. Generally, 3072 bits is
considered sufficient. DSA keys must be exactly 1024
- bits as specified by FIPS 186-2. For ECDSA keys, the
+ bits as specified by FIPS 186-6. For ECDSA keys, the
'bits' value determines the key length by selecting
from one of three elliptic curve sizes: 256, 384 or
521 bits. Attempting to use bit lengths other than
these three values for ECDSA keys will fail. ECDSA-SK,
Ed25519 and Ed25519-SK keys have a fixed length and
the 'bits' value, if specified, will be ignored.";
+ reference
+ "FIPS 186-6: Digital Signature Standard (DSS)";
}
choice private-key-encoding {
- default cleartext;
+ mandatory true;
description
"A choice amongst optional private key handling.";
case cleartext {
+ if-feature "ct:encrypted-private-keys";
leaf cleartext {
type empty;
description
}
}
case encrypt {
- if-feature "ct:private-key-encryption";
+ if-feature "ct:encrypted-private-keys";
container encrypt-with {
description
"Indicates that the key is to be encrypted using
}
}
case hide {
- if-feature "ct:hidden-keys";
+ if-feature "ct:hidden-private-keys";
leaf hide {
type empty;
description
description
- "This module defines reusable groupings for SSH servers that
+ "This module defines a reusable grouping for SSH servers that
can be used as a basis for specific SSH server instances.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
"RFC 4252:
The Secure Shell (SSH) Authentication Protocol";
}
-
feature local-user-auth-none {
if-feature "local-users-supported";
description
established.
Note that this grouping uses fairly typical descendant
- node names such that a stack of 'uses' statements will
+ node names such that a nesting of 'uses' statements will
have name conflicts. It is intended that the consuming
data model will resolve the issue (e.g., by wrapping
the 'uses' statement in a container called
min-elements 1;
ordered-by user;
description
- "An ordered list of host keys the SSH server will use to
- construct its ordered list of algorithms, when sending
- its SSH_MSG_KEXINIT message, as defined in Section 7.1
- of RFC 4253.";
+ "An ordered list of host keys (see RFC 4251) the SSH
+ server will use to construct its ordered list of
+ algorithms, when sending its SSH_MSG_KEXINIT message,
+ as defined in Section 7.1 of RFC 4253.";
reference
- "RFC 4253: The Secure Shell (SSH) Transport Layer
+ "RFC 4251: The Secure Shell (SSH) Protocol Architecture
+ RFC 4253: The Secure Shell (SSH) Transport Layer
Protocol";
leaf name {
type string;
to be used for the SSH server's host key.";
reference
"RFC CCCC: A YANG Data Model for a Keystore";
- uses ks:local-or-keystore-asymmetric-key-grouping {
- refine "local-or-keystore/local/local-definition" {
+ uses ks:inline-or-keystore-asymmetric-key-grouping {
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:ssh-public-key-format")';
}
- refine "local-or-keystore/keystore/"
+ refine "inline-or-keystore/keystore/"
+ "keystore-reference" {
must 'derived-from-or-self(deref(.)/../ks:public-'
+ 'key-format, "ct:ssh-public-key-format")';
reference
"RFC CCCC: A YANG Data Model for a Keystore";
uses
- ks:local-or-keystore-end-entity-cert-with-key-grouping {
- refine "local-or-keystore/local/local-definition" {
+ ks:inline-or-keystore-end-entity-cert-with-key-grouping{
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-keystore/keystore/keystore-reference"
+ refine "inline-or-keystore/keystore/keystore-reference"
+ "/asymmetric-key" {
must
'derived-from-or-self(deref(.)/../ks:public-key-'
container client-authentication {
nacm:default-deny-write;
description
- "Specifies how the SSH server can authenticate SSH clients.";
+ "Specifies how the SSH server can be configured to
+ authenticate SSH clients. See RFC 4252 for a general
+ discussion about SSH authentication.";
+ reference
+ "RFC 4252: The Secure Shell (SSH) Transport Layer";
container users {
if-feature "local-users-supported";
description
description
"The 'user name' for the SSH client, as defined in
the SSH_MSG_USERAUTH_REQUEST message in RFC 4253.";
+ reference
+ "RFC 4253: The Secure Shell (SSH) Transport Layer
+ Protocol";
}
container public-keys {
if-feature "local-user-auth-publickey";
match to a configured public key.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-public-keys-grouping {
- refine "local-or-truststore/local/local-definition/"
+ uses ts:inline-or-truststore-public-keys-grouping {
+ refine "inline-or-truststore/inline/inline-definition/"
+ "public-key" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:ssh-public-key-format")';
}
- refine "local-or-truststore/truststore/truststore-"
+ refine "inline-or-truststore/truststore/truststore-"
+ "reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:ssh-'
container hostbased {
if-feature "local-user-auth-hostbased";
presence
- "Indicates that hostbased keys have been configured.
- This statement is present so the mandatory descendant
- nodes do not imply that this node must be
- configured.";
+ "Indicates that hostbased [RFC4252] keys have been
+ configured. This statement is present so the
+ mandatory descendant nodes do not imply that this
+ node must be configured.";
description
"A set of SSH host keys used by the SSH server to
authenticate this user's host. A user's host is
authenticated if its host key is an exact match
to a configured host key.";
reference
- "RFC 4253: The Secure Shell (SSH) Transport Layer
+ "RFC 4252: The Secure Shell (SSH) Transport Layer
RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-public-keys-grouping {
- refine "local-or-truststore/local/local-definition/"
+ uses ts:inline-or-truststore-public-keys-grouping {
+ refine "inline-or-truststore/inline/inline-definition/"
+ "public-key" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:ssh-public-key-format")';
}
- refine "local-or-truststore/truststore/truststore-"
+ refine "inline-or-truststore/truststore/truststore-"
+ "reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:ssh-'
chain of trust to a configured CA certificate.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-certs-grouping;
+ uses ts:inline-or-truststore-certs-grouping;
}
container ee-certs {
if-feature "sshcmn:ssh-x509-certs";
to a configured end-entity certificate.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-certs-grouping;
+ uses ts:inline-or-truststore-certs-grouping;
}
} // container client-authentication
"Configurable parameters of the SSH transport layer.";
uses sshcmn:transport-params-grouping;
} // container transport-params
+
container keepalives {
nacm:default-deny-write;
if-feature "ssh-server-keepalives";
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.SshClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ClientIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ServerAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.SshServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ClientAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ServerIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
@ExtendWith(MockitoExtension.class)
import java.time.Instant;
import java.util.Date;
import java.util.List;
-import java.util.Map;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.crypt.hash.rev140806.CryptHash;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EndEntityCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.PrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.TrustAnchorCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.password.grouping.password.type.CleartextPasswordBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ClientIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ServerAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.ServerAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.server.authentication.CaCertsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212.ssh.client.grouping.server.authentication.SshHostKeysBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ClientAuthentication;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ClientAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ServerIdentity;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ServerIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.client.authentication.UsersBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.client.authentication.users.User;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.client.authentication.users.UserBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.client.authentication.users.user.PublicKeysBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.local.or.truststore.certs.grouping.local.or.truststore.local.local.definition.CertificateBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EndEntityCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.TrustAnchorCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.CaCertsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.SshHostKeysBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.UsersBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.User;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.UserBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.user.PublicKeysBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder;
+import org.opendaylight.yangtools.yang.binding.util.BindingMap;
public final class TestUtils {
return new ServerIdentityBuilder().setHostKey(List.of(buildServerHostKeyWithCertificate(keyData))).build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
.ssh.server.grouping.server.identity.HostKey buildServerHostKeyWithKeyPair(final KeyData keyData) {
- var local = buildAsymmetricKeyLocal(keyData);
- var publicKey = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ .ssh.server.grouping.server.identity.HostKeyBuilder()
+ .setName(HOST_KEY_NAME)
+ .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
.ssh.server.grouping.server.identity.host.key.host.key.type.PublicKeyBuilder()
- .setPublicKey(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
- .ssh.server.grouping.server.identity.host.key.host.key.type._public.key
- .PublicKeyBuilder().setLocalOrKeystore(local).build()
- ).build();
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
- .ssh.server.grouping.server.identity.HostKeyBuilder()
- .setName(HOST_KEY_NAME).setHostKeyType(publicKey).build();
+ .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ .ssh.server.grouping.server.identity.host.key.host.key.type._public.key.PublicKeyBuilder()
+ .setInlineOrKeystore(buildAsymmetricKeyLocal(keyData))
+ .build())
+ .build())
+ .build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
.ssh.server.grouping.server.identity.HostKey buildServerHostKeyWithCertificate(final KeyData keyData) {
- var local = buildEndEntityCertWithKeyLocal(keyData);
- var cert = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ .ssh.server.grouping.server.identity.HostKeyBuilder()
+ .setName(HOST_KEY_NAME)
+ .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
.ssh.server.grouping.server.identity.host.key.host.key.type.CertificateBuilder()
- .setCertificate(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
- .ssh.server.grouping.server.identity.host.key.host.key.type.certificate
- .CertificateBuilder().setLocalOrKeystore(local).build()
- ).build();
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
- .ssh.server.grouping.server.identity.HostKeyBuilder()
- .setName(HOST_KEY_NAME).setHostKeyType(cert).build();
+ .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
+ .ssh.server.grouping.server.identity.host.key.host.key.type.certificate.CertificateBuilder()
+ .setInlineOrKeystore(buildEndEntityCertWithKeyLocal(keyData))
+ .build())
+ .build())
+ .build();
}
public static ServerAuthentication buildServerAuthWithPublicKey(final KeyData keyData) {
- return new ServerAuthenticationBuilder().setSshHostKeys(
- new SshHostKeysBuilder().setLocalOrTruststore(buildTruststorePublicKeyLocal(keyData)).build()
- ).build();
+ return new ServerAuthenticationBuilder()
+ .setSshHostKeys(new SshHostKeysBuilder()
+ .setInlineOrTruststore(buildTruststorePublicKeyLocal(keyData))
+ .build())
+ .build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore._public.keys.grouping.local.or.truststore.Local buildTruststorePublicKeyLocal(
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline buildTruststorePublicKeyLocal(
final KeyData keyData) {
- final var publicKey = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore._public.keys.grouping.local.or.truststore.local.local.definition.PublicKeyBuilder()
- .setName(PUBLIC_KEY_NAME).setPublicKeyFormat(SshPublicKeyFormat.VALUE)
- .setPublicKey(keyData.publicKeySshBytes()).build();
- final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore._public.keys.grouping.local.or.truststore.local.LocalDefinitionBuilder()
- .setPublicKey(Map.of(publicKey.key(), publicKey)).build();
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore._public.keys.grouping.local.or.truststore.LocalBuilder()
- .setLocalDefinition(localDef).build();
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore._public.keys.grouping.inline.or.truststore.InlineBuilder()
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
+ .setPublicKey(BindingMap.of(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
+ .rev230417.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline.definition
+ .PublicKeyBuilder()
+ .setName(PUBLIC_KEY_NAME)
+ .setPublicKeyFormat(SshPublicKeyFormat.VALUE)
+ .setPublicKey(keyData.publicKeySshBytes())
+ .build()))
+ .build())
+ .build();
}
public static ServerAuthentication buildServerAuthWithCertificate(final KeyData keyData) {
// NB both CA anc EE certificates are processed same way, no reason for additional eeCerts builder
- return new ServerAuthenticationBuilder().setCaCerts(
- new CaCertsBuilder().setLocalOrTruststore(
- buildTruststoreCertificatesLocal(keyData.certificateBytes())
- ).build()).build();
+ return new ServerAuthenticationBuilder()
+ .setCaCerts(new CaCertsBuilder()
+ .setInlineOrTruststore(buildTruststoreCertificatesLocal(keyData.certificateBytes()))
+ .build())
+ .build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore.certs.grouping.local.or.truststore.Local buildTruststoreCertificatesLocal(
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore.certs.grouping.inline.or.truststore.Inline buildTruststoreCertificatesLocal(
final byte[] certificateBytes) {
- final var cert = new CertificateBuilder().setName(CERTIFICATE_NAME)
- .setCertData(new TrustAnchorCertCms(certificateBytes)).build();
- final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore.certs.grouping.local.or.truststore.local.LocalDefinitionBuilder()
- .setCertificate(Map.of(cert.key(), cert)).build();
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore.certs.grouping.local.or.truststore.LocalBuilder()
- .setLocalDefinition(localDef).build();
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore.certs.grouping.inline.or.truststore.InlineBuilder()
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore.certs.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
+ .setCertificate(BindingMap.of(new CertificateBuilder()
+ .setName(CERTIFICATE_NAME)
+ .setCertData(new TrustAnchorCertCms(certificateBytes))
+ .build()))
+ .build())
+ .build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.asymmetric.key.grouping.LocalOrKeystore buildAsymmetricKeyLocal(
- final KeyData data) {
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore buildAsymmetricKeyLocal(final KeyData data) {
return buildAsymmetricKeyLocal(data.algorithm(), data.publicKeyBytes(), data.privateKeyBytes());
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.asymmetric.key.grouping.LocalOrKeystore buildAsymmetricKeyLocal(
- final String algorithm, final byte[] publicKeyBytes, final byte[] privateKeyBytes) {
- var keyFormat = getPrivateKeyFormat(algorithm);
- final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.asymmetric.key.grouping.local.or.keystore.local.LocalDefinitionBuilder()
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore buildAsymmetricKeyLocal(final String algorithm,
+ final byte[] publicKeyBytes, final byte[] privateKeyBytes) {
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder()
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline.InlineDefinitionBuilder()
.setPublicKeyFormat(SubjectPublicKeyInfoFormat.VALUE)
.setPublicKey(publicKeyBytes)
- .setPrivateKeyFormat(keyFormat)
+ .setPrivateKeyFormat(getPrivateKeyFormat(algorithm))
.setPrivateKeyType(new CleartextPrivateKeyBuilder().setCleartextPrivateKey(privateKeyBytes).build())
- .build();
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.asymmetric.key.grouping.local.or.keystore.LocalBuilder()
- .setLocalDefinition(localDef).build();
+ .build())
+ .build();
}
- public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.end.entity.cert.with.key.grouping.LocalOrKeystore buildEndEntityCertWithKeyLocal(
+ public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.end.entity.cert.with.key.grouping.InlineOrKeystore buildEndEntityCertWithKeyLocal(
final KeyData keyData) {
- var keyFormat = getPrivateKeyFormat(keyData.algorithm());
- final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.local.LocalDefinitionBuilder()
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.InlineBuilder()
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline
+ .InlineDefinitionBuilder()
.setPublicKeyFormat(SubjectPublicKeyInfoFormat.VALUE)
.setPublicKey(keyData.publicKeyBytes())
- .setPrivateKeyFormat(keyFormat)
+ .setPrivateKeyFormat(getPrivateKeyFormat(keyData.algorithm()))
.setPrivateKeyType(new CleartextPrivateKeyBuilder()
- .setCleartextPrivateKey(keyData.privateKeyBytes()).build())
+ .setCleartextPrivateKey(keyData.privateKeyBytes()).build())
.setCertData(new EndEntityCertCms(keyData.certificateBytes()))
- .build();
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.LocalBuilder()
- .setLocalDefinition(localDef).build();
+ .build())
+ .build();
}
public static ClientAuthentication buildClientAuthWithPassword(final String userName, final String cryptHash) {
}
private static ClientAuthentication buildClientAuth(final User user) {
- return new ClientAuthenticationBuilder().setUsers(
- new UsersBuilder().setUser(Map.of(user.key(), user)).build()).build();
+ return new ClientAuthenticationBuilder()
+ .setUsers(new UsersBuilder().setUser(BindingMap.of(user)).build())
+ .build();
}
private static User buildServerUserHostBased(final String userName, final byte[] publicKeyBytes) {
- final var hostBased = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212
+ return new UserBuilder()
+ .setName(userName)
+ .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417
.ssh.server.grouping.client.authentication.users.user.HostbasedBuilder()
- .setLocalOrTruststore(buildPublicKeyLocal(publicKeyBytes)).build();
- return new UserBuilder().setName(userName).setHostbased(hostBased).build();
+ .setInlineOrTruststore(buildPublicKeyLocal(publicKeyBytes))
+ .build())
+ .build();
}
- private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore._public.keys.grouping.local.or.truststore.Local buildPublicKeyLocal(
+ private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline buildPublicKeyLocal(
final byte[] publicKeyBytes) {
- final var publicKey = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore._public.keys.grouping.local.or.truststore.local.local.definition.PublicKeyBuilder()
- .setPublicKeyFormat(SshPublicKeyFormat.VALUE)
- .setName(PUBLIC_KEY_NAME)
- .setPublicKey(publicKeyBytes).build();
- final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore._public.keys.grouping.local.or.truststore.local.LocalDefinitionBuilder()
- .setPublicKey(Map.of(publicKey.key(), publicKey)).build();
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore._public.keys.grouping.local.or.truststore.LocalBuilder()
- .setLocalDefinition(localDef).build();
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore._public.keys.grouping.inline.or.truststore.InlineBuilder()
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
+ .setPublicKey(BindingMap.of(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf
+ .truststore.rev230417.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline
+ .definition.PublicKeyBuilder()
+ .setPublicKeyFormat(SshPublicKeyFormat.VALUE)
+ .setName(PUBLIC_KEY_NAME)
+ .setPublicKey(publicKeyBytes)
+ .build()))
+ .build())
+ .build();
}
public static User buildServerUserWithPublicKey(final String userName, final byte[] publicKeyBytes) {
- final var publicKeys = new PublicKeysBuilder()
- .setLocalOrTruststore(buildPublicKeyLocal(publicKeyBytes)).build();
- return new UserBuilder().setName(userName).setPublicKeys(publicKeys).build();
+ return new UserBuilder()
+ .setName(userName)
+ .setPublicKeys(new PublicKeysBuilder().setInlineOrTruststore(buildPublicKeyLocal(publicKeyBytes)).build())
+ .build();
}
private static User buildServerUserWithPassword(final String userName, final String cryptHash) {
}
public static ClientIdentity buildClientIdentityWithPassword(final String username, final String password) {
- return new ClientIdentityBuilder().setUsername(username).setPassword(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212
- .ssh.client.grouping.client.identity.PasswordBuilder()
- .setPasswordType(
- new CleartextPasswordBuilder().setCleartextPassword(password).build()
- ).build()).build();
+ return new ClientIdentityBuilder()
+ .setUsername(username)
+ .setPassword(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417
+ .ssh.client.grouping.client.identity.PasswordBuilder()
+ .setPasswordType(new CleartextPasswordBuilder().setCleartextPassword(password).build()).build())
+ .build();
}
public static ClientIdentity buildClientIdentityHostBased(final String username, final KeyData data) {
- return new ClientIdentityBuilder().setUsername(username).setHostbased(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212
- .ssh.client.grouping.client.identity.HostbasedBuilder()
- .setLocalOrKeystore(buildAsymmetricKeyLocal(data)).build()
- ).build();
+ return new ClientIdentityBuilder()
+ .setUsername(username)
+ .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417
+ .ssh.client.grouping.client.identity.HostbasedBuilder()
+ .setInlineOrKeystore(buildAsymmetricKeyLocal(data))
+ .build())
+ .build();
}
public static ClientIdentity buildClientIdentityWithPublicKey(final String username, final KeyData data) {
- return new ClientIdentityBuilder().setUsername(username).setPublicKey(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev221212
- .ssh.client.grouping.client.identity.PublicKeyBuilder()
- .setLocalOrKeystore(buildAsymmetricKeyLocal(data)).build()
- ).build();
+ return new ClientIdentityBuilder()
+ .setUsername(username)
+ .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417
+ .ssh.client.grouping.client.identity.PublicKeyBuilder()
+ .setInlineOrKeystore(buildAsymmetricKeyLocal(data))
+ .build())
+ .build();
}
private static PrivateKeyFormat getPrivateKeyFormat(final String algorithm) {
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ </dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport</artifactId>
import io.netty.channel.socket.SocketChannel;
import java.util.concurrent.ThreadFactory;
import org.eclipse.jdt.annotation.NonNullByDefault;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;
/**
* Wrapper around a particular Netty transport implementation.
import io.netty.channel.epoll.EpollSocketChannel;
import java.util.concurrent.ThreadFactory;
import org.eclipse.jdt.annotation.NonNullByDefault;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;
@NonNullByDefault
final class EpollNettyImpl extends AbstractNettyImpl {
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.IetfTcpClientData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.LocalBindingSupported;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.IetfTcpClientData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.LocalBindingSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientKeepalives;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.IetfTcpCommonData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.KeepalivesSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.IetfTcpCommonData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.KeepalivesSupported;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.IetfTcpServerData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerKeepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.IetfTcpServerData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerKeepalives;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.eclipse.jdt.annotation.Nullable;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.concurrent.ThreadFactory;
import jdk.net.ExtendedSocketOptions;
import org.eclipse.jdt.annotation.NonNullByDefault;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev221212.tcp.common.grouping.Keepalives;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives;
import org.slf4j.LoggerFactory;
@NonNullByDefault
import org.eclipse.jdt.annotation.NonNull;
import org.opendaylight.netconf.transport.api.TransportChannelListener;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
import org.opendaylight.yangtools.yang.common.Empty;
/**
import org.eclipse.jdt.annotation.NonNull;
import org.opendaylight.netconf.transport.api.TransportChannelListener;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Empty;
/**
"This module defines reusable groupings for TCP clients that
can be used as a basis for specific TCP client instances.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
description
"Per socket TCP keepalive parameters are configurable for
TCP clients on the server implementing this feature.";
+ reference
+ "RFC 9293: Transmission Control Protocol (TCP)";
}
feature proxy-connect {
description
"Proxy connection configuration is configurable for
- TCP clients on the server implementing this feature.";
+ TCP clients on the server implementing this feature.
+ Currently supports SOCKS 4, SOCKS 4a, and SOCKS 5.";
+ reference
+ "SOCKS Proceedings:
+ 1992 Usenix Security Symposium.
+ OpenSSH message:
+ SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
+ https://www.openssh.com/txt/socks4a.protocol
+ RFC 1928:
+ SOCKS Protocol Version 5";
}
feature socks5-gss-api {
description
- "Indicates that the server supports authenticating
- using GSSAPI when initiating TCP connections via
- and SOCKS Version 5 proxy server.";
+ "Indicates that the server, when acting as a TCP-client,
+ supports authenticating to a SOCKS Version 5 proxy server
+ using GSSAPI credentials.";
reference
"RFC 1928: SOCKS Protocol Version 5";
}
feature socks5-username-password {
description
- "Indicates that the server supports authenticating using
- username/password when initiating TCP connections via
- and SOCKS Version 5 proxy server.";
+ "Indicates that the server, when acting as a TCP-client,
+ supports authenticating to a SOCKS Version 5 proxy server
+ using 'username' and 'password' credentials.";
reference
"RFC 1928: SOCKS Protocol Version 5";
}
description
"A reusable grouping for configuring a TCP client.
- Note that this grouping uses fairly typical descendant
+ Note that this grouping uses fairly typical descendant
node names such that a stack of 'uses' statements will
have name conflicts. It is intended that the consuming
data model will resolve the issue (e.g., by wrapping
default "0";
description
"The IP port number for the remote peer to establish a
- connection with. An invalid default value (0) is used
- (instead of 'mandatory true') so that as application
- level data model may 'refine' it with an application
- specific default port number value.";
+ connection with. An invalid default value is used
+ so that importing modules may 'refine' it with the
+ appropriate default port number value.";
}
leaf local-address {
if-feature "local-binding-supported";
type inet:ip-address;
description
- "The local IP address/interface (VRF?) to bind to for when
+ "The local IP address/interface to bind to for when
connecting to the remote peer. INADDR_ANY ('0.0.0.0') or
INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') MAY be used to
explicitly indicate the implicit default, that the server
"This module defines reusable groupings for TCP commons that
can be used as a basis for specific TCP common instances.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
aliveness of the TCP peer. An unresponsive TCP peer is
dropped after approximately (idle-time + max-probes
* probe-interval) seconds.";
+ reference
+ "RFC 9293:
+ Transmission Control Protocol (TCP), Section 3.8.4..";
leaf idle-time {
type uint16 {
range "1..max";
Michael Scharf
-
description
"This module defines reusable groupings for TCP servers that
can be used as a basis for specific TCP server instances.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
description
"Per socket TCP keepalive parameters are configurable for
TCP servers on the server implementing this feature.";
+ reference
+ "RFC 9293: Transmission Control Protocol (TCP)";
}
// Groupings
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
import org.opendaylight.yangtools.yang.common.Uint16;
@ExtendWith(MockitoExtension.class)
<description>NETCONF TLS transport</description>
<dependencies>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ </dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-handler</artifactId>
<groupId>io.netty</groupId>
<artifactId>netty-transport</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk18on</artifactId>
+ </dependency>
<dependency>
<groupId>org.kohsuke.metainf-services</groupId>
<artifactId>metainf-services</artifactId>
<artifactId>truststore-api</artifactId>
</dependency>
<dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk18on</artifactId>
+ <groupId>org.opendaylight.netconf.model</groupId>
+ <artifactId>draft-ietf-netconf-crypto-types</artifactId>
</dependency>
+
<!-- testing -->
<dependency>
<groupId>org.bouncycastle</groupId>
<classifier>linux-x86_64</classifier>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.opendaylight.mdsal.binding.model.ietf</groupId>
+ <artifactId>rfc6991-ietf-inet-types</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
import org.eclipse.jdt.annotation.NonNull;
import org.eclipse.jdt.annotation.Nullable;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.AsymmetricKeyPairGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreAsymmetricKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.LocalOrTruststoreCertsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.AsymmetricKeyPairGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping;
final class ConfigUtils {
* @throws UnsupportedConfigurationException if error occurs
*/
static void setX509Certificates(final @NonNull KeyStore keyStore,
- final @Nullable LocalOrTruststoreCertsGrouping caCerts,
- final @Nullable LocalOrTruststoreCertsGrouping eeCerts) throws UnsupportedConfigurationException {
+ final @Nullable InlineOrTruststoreCertsGrouping caCerts,
+ final @Nullable InlineOrTruststoreCertsGrouping eeCerts) throws UnsupportedConfigurationException {
var certMap = ImmutableMap.<String, Certificate>builder()
.putAll(extractCertificates(caCerts, "ca-"))
- .putAll(extractCertificates(eeCerts, "ee-")).build();
+ .putAll(extractCertificates(eeCerts, "ee-"))
+ .build();
for (var entry : certMap.entrySet()) {
try {
keyStore.setCertificateEntry(entry.getKey(), entry.getValue());
}
private static Map<String, Certificate> extractCertificates(
- @Nullable final LocalOrTruststoreCertsGrouping certs,
+ @Nullable final InlineOrTruststoreCertsGrouping certs,
@NonNull final String aliasPrefix) throws UnsupportedConfigurationException {
if (certs == null) {
return Map.of();
}
- final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
- .rev221212.local.or.truststore.certs.grouping.local.or.truststore.Local.class,
- certs.getLocalOrTruststore());
- final var localDef = local.getLocalDefinition();
- if (localDef == null) {
- throw new UnsupportedConfigurationException("Missing local definition in " + local);
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore
+ .rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class,
+ certs.getInlineOrTruststore());
+ final var inlineDef = inline.getInlineDefinition();
+ if (inlineDef == null) {
+ throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
}
final var mapBuilder = ImmutableMap.<String, Certificate>builder();
- for (var cert : localDef.nonnullCertificate().values()) {
+ for (var cert : inlineDef.nonnullCertificate().values()) {
try {
final var alias = aliasPrefix + cert.requireName();
mapBuilder.put(alias, buildX509Certificate(cert.requireCertData().getValue()));
* @throws UnsupportedConfigurationException if key pair is not set to key store
*/
static void setAsymmetricKey(final @NonNull KeyStore keyStore,
- final @NonNull LocalOrKeystoreAsymmetricKeyGrouping input)
+ final @NonNull InlineOrKeystoreAsymmetricKeyGrouping input)
throws UnsupportedConfigurationException {
- final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.asymmetric.key.grouping.local.or.keystore.Local.class,
- input.getLocalOrKeystore());
- final var localDef = local.getLocalDefinition();
- if (localDef == null) {
- throw new UnsupportedConfigurationException("Missing local definition in " + local);
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline.class,
+ input.getInlineOrKeystore());
+ final var inlineDef = inline.getInlineDefinition();
+ if (inlineDef == null) {
+ throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
}
- final var keyPair = extractKeyPair(localDef);
- /*
- ietf-crypto-types:grouping asymmetric-key-pair-grouping
- "A private key and its associated public key. Implementations
- SHOULD ensure that the two keys are a matching pair."
- */
+ final var keyPair = extractKeyPair(inlineDef);
+ // ietf-crypto-types:grouping asymmetric-key-pair-grouping
+ // "A private key and its associated public key. Implementations
+ // SHOULD ensure that the two keys are a matching pair."
validateKeyPair(keyPair.getPublic(), keyPair.getPrivate());
try {
- // FIXME
- // below line throws an exception bc keyStore does not support private key without certificate chain
- // (belongs to implementation of raw public key feature support)
+ // FIXME: the below line throws an exception bc keyStore does not support private key without certificate
+ // chain (belongs to implementation of raw public key feature support)
keyStore.setKeyEntry(DEFAULT_PRIVATE_KEY_ALIAS, keyPair.getPrivate(), EMPTY_SECRET, null);
} catch (KeyStoreException e) {
throw new UnsupportedConfigurationException("Failed to load private key", e);
* @throws UnsupportedConfigurationException if key pair and certificate are not set to key store
*/
static void setEndEntityCertificateWithKey(final @NonNull KeyStore keyStore,
- final @NonNull LocalOrKeystoreEndEntityCertWithKeyGrouping input) throws UnsupportedConfigurationException {
- final var local = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.Local.class,
- input.getLocalOrKeystore());
- final var localDef = local.getLocalDefinition();
- if (localDef == null) {
- throw new UnsupportedConfigurationException("Missing local definition in " + local);
+ final @NonNull InlineOrKeystoreEndEntityCertWithKeyGrouping input)
+ throws UnsupportedConfigurationException {
+ final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline.class,
+ input.getInlineOrKeystore());
+ final var inlineDef = inline.getInlineDefinition();
+ if (inlineDef == null) {
+ throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
}
- final var keyPair = extractKeyPair(localDef);
+ final var keyPair = extractKeyPair(inlineDef);
final Certificate certificate;
try {
- certificate = buildX509Certificate(localDef.requireCertData().getValue());
+ certificate = buildX509Certificate(inlineDef.requireCertData().getValue());
} catch (IOException | CertificateException e) {
- throw new UnsupportedConfigurationException("Failed to load certificate" + localDef, e);
+ throw new UnsupportedConfigurationException("Failed to load certificate" + inlineDef, e);
}
- /*
- ietf-crypto-types:asymmetric-key-pair-with-cert-grouping
- "A private/public key pair and an associated certificate.
- Implementations SHOULD assert that certificates contain the matching public key."
- */
+ // ietf-crypto-types:asymmetric-key-pair-with-cert-grouping
+ // "A private/public key pair and an associated certificate.
+ // Implementations SHOULD assert that certificates contain the matching public key."
validateKeyPair(keyPair.getPublic(), keyPair.getPrivate());
validatePublicKey(keyPair.getPublic(), certificate);
try {
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.ClientIdentX509Cert;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.IetfTlsClientData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.ServerAuthX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.ClientIdentX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.IetfTlsClientData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.ServerAuthX509Cert;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.eclipse.jdt.annotation.Nullable;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.HelloParams;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.IetfTlsCommonData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.Tls12$F;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.Tls12$I;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.Tls13$F;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.Tls13$I;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.TlsVersionBase;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParams;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.IetfTlsCommonData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls12$F;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls12$I;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls13$F;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls13$I;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.TlsVersionBase;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.ClientAuthSupported;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.ClientAuthX509Cert;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.IetfTlsServerData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.ServerIdentX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ClientAuthSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ClientAuthX509Cert;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.IetfTlsServerData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ServerIdentX509Cert;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.HelloParamsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParamsGrouping;
/**
* A pre-configured factory for creating {@link SslHandler}s.
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.TCPClient;
import org.opendaylight.netconf.transport.tcp.TCPServer;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.TlsClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.client.identity.auth.type.Certificate;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.client.identity.auth.type.RawPublicKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.Certificate;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.RawPublicKey;
/**
* A {@link TransportStack} acting as a TLS client.
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.TCPClient;
import org.opendaylight.netconf.transport.tcp.TCPServer;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.TlsServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.tls.server.grouping.server.identity.auth.type.Certificate;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.tls.server.grouping.server.identity.auth.type.RawPrivateKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.TlsServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.Certificate;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.RawPrivateKey;
/**
* A {@link TransportStack} acting as a TLS server.
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithAes128GcmSha256;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithAes256GcmSha384;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithChacha20Poly1305Sha256;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreAsymmetricKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.HelloParamsGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev221212.TlsVersionBase;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.LocalOrTruststoreCertsGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.LocalOrTruststorePublicKeysGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParamsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.TlsVersionBase;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststorePublicKeysGrouping;
/**
* Base class for TLS TransportStacks.
}
static KeyManagerFactory newKeyManager(
- final @NonNull LocalOrKeystoreEndEntityCertWithKeyGrouping endEntityCert
+ final @NonNull InlineOrKeystoreEndEntityCertWithKeyGrouping endEntityCert
) throws UnsupportedConfigurationException {
final var keyStore = newKeyStore();
setEndEntityCertificateWithKey(keyStore, endEntityCert);
return buildKeyManagerFactory(keyStore);
}
- static KeyManagerFactory newKeyManager(final @NonNull LocalOrKeystoreAsymmetricKeyGrouping rawPrivateKey)
+ static KeyManagerFactory newKeyManager(final @NonNull InlineOrKeystoreAsymmetricKeyGrouping rawPrivateKey)
throws UnsupportedConfigurationException {
final var keyStore = newKeyStore();
setAsymmetricKey(keyStore, rawPrivateKey);
// FIXME: should be TrustManagerBuilder
protected static @Nullable TrustManagerFactory newTrustManager(
- final @Nullable LocalOrTruststoreCertsGrouping caCerts,
- final @Nullable LocalOrTruststoreCertsGrouping eeCerts,
- final @Nullable LocalOrTruststorePublicKeysGrouping publicKeys) throws UnsupportedConfigurationException {
+ final @Nullable InlineOrTruststoreCertsGrouping caCerts,
+ final @Nullable InlineOrTruststoreCertsGrouping eeCerts,
+ final @Nullable InlineOrTruststorePublicKeysGrouping publicKeys) throws UnsupportedConfigurationException {
if (publicKeys != null) {
// FIXME: implement this and advertize server-auth-raw-public-key from IetfTlsClientFeatureProvider
"This module defines reusable groupings for TLS clients that
can be used as a basis for specific TLS client instances.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
description
"Specifies the client identity using a certificate.";
uses
- ks:local-or-keystore-end-entity-cert-with-key-grouping{
- refine "local-or-keystore/local/local-definition" {
+ "ks:inline-or-keystore-end-entity-cert-with-key-"
+ + "grouping" {
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-keystore/keystore/keystore-reference"
+ refine "inline-or-keystore/keystore/keystore-reference"
+ "/asymmetric-key" {
must 'derived-from-or-self(deref(.)/../ks:public-'
+ 'key-format, "ct:subject-public-key-info-'
description
"Specifies the client identity using a raw
private key.";
- uses ks:local-or-keystore-asymmetric-key-grouping {
- refine "local-or-keystore/local/local-definition" {
+ uses ks:inline-or-keystore-asymmetric-key-grouping {
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-keystore/keystore/keystore-reference"{
+ refine
+ "inline-or-keystore/keystore/keystore-reference" {
must 'derived-from-or-self(deref(.)/../ks:public-'
+ 'key-format, "ct:subject-public-key-info-'
+ 'format")';
description
"Specifies the client identity using a PSK (pre-shared
or pairwise-symmetric key).";
- uses ks:local-or-keystore-symmetric-key-grouping;
+ uses ks:inline-or-keystore-symmetric-key-grouping;
leaf id {
type string;
description
and the EPSK input fields detailed in I-D
draft-ietf-tls-external-psk-importer
Section 3.1. The base-key is based upon
- ks:local-or-keystore-symmetric-key-grouping
+ ks:inline-or-keystore-symmetric-key-grouping
in order to provide users with flexible and
secure storage options.";
reference
Importing External PSKs for TLS
I-D.ietf-tls-external-psk-guidance:
Guidance for External PSK Usage in TLS";
- uses ks:local-or-keystore-symmetric-key-grouping;
+ uses ks:inline-or-keystore-symmetric-key-grouping;
leaf external-identity {
type string;
mandatory true;
chain of trust to a configured CA certificate.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-certs-grouping;
+ uses ts:inline-or-truststore-certs-grouping;
}
container ee-certs {
if-feature "server-auth-x509-cert";
match to a configured server certificate.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-certs-grouping;
+ uses ts:inline-or-truststore-certs-grouping;
}
container raw-public-keys {
if-feature "server-auth-raw-public-key";
is an exact match to a configured raw public key.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-public-keys-grouping {
- refine "local-or-truststore/local/local-definition/"
+ uses ts:inline-or-truststore-public-keys-grouping {
+ refine "inline-or-truststore/inline/inline-definition/"
+ "public-key" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-truststore/truststore/truststore-"
+ refine "inline-or-truststore/truststore/truststore-"
+ "reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:subject-'
"This module defines a common features and groupings for
Transport Layer Security (TLS).
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
description
"A choice amongst optional private key handling.";
case cleartext {
+ if-feature "ct:cleartext-private-keys";
leaf cleartext {
type empty;
description
}
}
case encrypt {
- if-feature "ct:private-key-encryption";
+ if-feature "ct:encrypted-private-keys";
container encrypt-with {
description
"Indicates that the key is to be encrypted using
}
}
case hide {
- if-feature "ct:hidden-keys";
+ if-feature "ct:hidden-private-keys";
leaf hide {
type empty;
description
"This module defines reusable groupings for TLS servers that
can be used as a basis for specific TLS server instances.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
description
"Specifies the server identity using a certificate.";
uses
- ks:local-or-keystore-end-entity-cert-with-key-grouping{
- refine "local-or-keystore/local/local-definition" {
+ "ks:inline-or-keystore-end-entity-cert-with-key-"
+ + "grouping" {
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-keystore/keystore/keystore-reference"
+ refine "inline-or-keystore/keystore/keystore-reference"
+ "/asymmetric-key" {
must 'derived-from-or-self(deref(.)/../ks:public-'
+ 'key-format, "ct:subject-public-key-info-'
description
"Specifies the server identity using a raw
private key.";
- uses ks:local-or-keystore-asymmetric-key-grouping {
- refine "local-or-keystore/local/local-definition" {
+ uses ks:inline-or-keystore-asymmetric-key-grouping {
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-keystore/keystore/keystore-reference"{
+ refine
+ "inline-or-keystore/keystore/keystore-reference" {
must 'derived-from-or-self(deref(.)/../ks:public-'
+ 'key-format, "ct:subject-public-key-info-'
+ 'format")';
description
"Specifies the server identity using a PSK (pre-shared
or pairwise-symmetric key).";
- uses ks:local-or-keystore-symmetric-key-grouping;
+ uses ks:inline-or-keystore-symmetric-key-grouping;
leaf id_hint {
type string;
description
and the EPSK input fields detailed in
I-D draft-ietf-tls-external-psk-importer
Section 3.1. The base-key is based upon
- ks:local-or-keystore-symmetric-key-grouping
+ ks:inline-or-keystore-symmetric-key-grouping
in order to provide users with flexible and
secure storage options.";
reference
External PSKs for TLS
I-D.ietf-tls-external-psk-guidance: Guidance
for External PSK Usage in TLS";
- uses ks:local-or-keystore-symmetric-key-grouping;
+ uses ks:inline-or-keystore-symmetric-key-grouping;
leaf external-identity {
type string;
mandatory true;
chain of trust to a configured CA certificate.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-certs-grouping;
+ uses ts:inline-or-truststore-certs-grouping;
}
container ee-certs {
if-feature "client-auth-x509-cert";
match to a configured client certificate.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-certs-grouping;
+ uses ts:inline-or-truststore-certs-grouping;
}
container raw-public-keys {
if-feature "client-auth-raw-public-key";
is an exact match to a configured raw public key.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-public-keys-grouping {
- refine "local-or-truststore/local/local-definition/"
+ uses ts:inline-or-truststore-public-keys-grouping {
+ refine "inline-or-truststore/inline/inline-definition/"
+ "public-key" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-truststore/truststore/truststore-"
+ refine "inline-or-truststore/truststore/truststore-"
+ "reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:subject-'
import static org.opendaylight.netconf.transport.tls.ConfigUtils.EMPTY_SECRET;
import static org.opendaylight.netconf.transport.tls.TestUtils.buildAsymmetricKeyGrouping;
import static org.opendaylight.netconf.transport.tls.TestUtils.buildEndEntityCertWithKeyGrouping;
-import static org.opendaylight.netconf.transport.tls.TestUtils.buildLocalOrTruststore;
+import static org.opendaylight.netconf.transport.tls.TestUtils.buildInlineOrTruststore;
import static org.opendaylight.netconf.transport.tls.TestUtils.generateX509CertData;
import java.security.KeyStore;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.PrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.PublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SshPublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SubjectPublicKeyInfoFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.server.authentication.CaCerts;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.server.authentication.CaCertsBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.server.authentication.EeCerts;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.server.authentication.EeCertsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.server.authentication.CaCertsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.server.authentication.EeCertsBuilder;
class ConfigUtilsTest {
assertFalse(keyStore.aliases().hasMoreElements());
// defined
- final var localOrTruststore = buildLocalOrTruststore(
+ final var inlineOrTruststore = buildInlineOrTruststore(
Map.of("cert-rsa", rsaCertData.certBytes(), "cert-ec", ecCertData.certBytes()));
- final CaCerts caCerts = new CaCertsBuilder().setLocalOrTruststore(localOrTruststore).build();
- final EeCerts eeCerts = new EeCertsBuilder().setLocalOrTruststore(localOrTruststore).build();
+ final var caCerts = new CaCertsBuilder().setInlineOrTruststore(inlineOrTruststore).build();
+ final var eeCerts = new EeCertsBuilder().setInlineOrTruststore(inlineOrTruststore).build();
ConfigUtils.setX509Certificates(keyStore, caCerts, eeCerts);
final List<String> aliases = Collections.list(keyStore.aliases());
import java.time.Instant;
import java.util.Date;
import java.util.Map;
-import java.util.stream.Collectors;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EndEntityCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.PrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.PublicKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.TrustAnchorCertCms;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreAsymmetricKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212.LocalOrKeystoreEndEntityCertWithKeyGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.tls.server.grouping.server.identity.auth.type.raw._private.key.RawPrivateKeyBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.local.or.truststore.certs.grouping.LocalOrTruststore;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.local.or.truststore.certs.grouping.local.or.truststore.local.local.definition.CertificateBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EndEntityCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PublicKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.TrustAnchorCertCms;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.raw._private.key.RawPrivateKeyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.InlineOrTruststore;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder;
+import org.opendaylight.yangtools.yang.binding.util.BindingMap;
public final class TestUtils {
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
// utility class
}
- public static LocalOrTruststore buildLocalOrTruststore(Map<String, byte[]> certNameToBytesMap) {
- final var certMap = certNameToBytesMap.entrySet().stream()
- .map(entry -> new CertificateBuilder()
+ public static InlineOrTruststore buildInlineOrTruststore(final Map<String, byte[]> certNameToBytesMap) {
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore.certs.grouping.inline.or.truststore.InlineBuilder()
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417
+ .inline.or.truststore.certs.grouping.inline.or.truststore.inline.InlineDefinitionBuilder()
+ .setCertificate(certNameToBytesMap.entrySet().stream()
+ .map(entry -> new CertificateBuilder()
.setName(entry.getKey())
.setCertData(new TrustAnchorCertCms(entry.getValue()))
- .build()
- ).collect(Collectors.toMap(cert -> cert.key(), cert -> cert));
- final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore.certs.grouping.local.or.truststore.local.LocalDefinitionBuilder()
- .setCertificate(certMap).build();
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212
- .local.or.truststore.certs.grouping.local.or.truststore.LocalBuilder()
- .setLocalDefinition(localDef).build();
+ .build())
+ .collect(BindingMap.toMap()))
+ .build())
+ .build();
}
- public static LocalOrKeystoreAsymmetricKeyGrouping buildAsymmetricKeyGrouping(
+ public static InlineOrKeystoreAsymmetricKeyGrouping buildAsymmetricKeyGrouping(
final PublicKeyFormat publicKeyFormat, final byte[] publicKeyBytes,
final PrivateKeyFormat privateKeyFormat, final byte[] privateKeyBytes) {
- final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.asymmetric.key.grouping.local.or.keystore.local.LocalDefinitionBuilder()
- .setPublicKeyFormat(publicKeyFormat)
- .setPublicKey(publicKeyBytes)
- .setPrivateKeyFormat(privateKeyFormat)
- .setPrivateKeyType(new CleartextPrivateKeyBuilder().setCleartextPrivateKey(privateKeyBytes).build())
- .build();
return new RawPrivateKeyBuilder()
- .setLocalOrKeystore(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.asymmetric.key.grouping.local.or.keystore.LocalBuilder()
- .setLocalDefinition(localDef).build())
- .build();
+ .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder()
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore
+ .rev230417.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline
+ .InlineDefinitionBuilder()
+ .setPublicKeyFormat(publicKeyFormat)
+ .setPublicKey(publicKeyBytes)
+ .setPrivateKeyFormat(privateKeyFormat)
+ .setPrivateKeyType(new CleartextPrivateKeyBuilder()
+ .setCleartextPrivateKey(privateKeyBytes)
+ .build())
+ .build())
+ .build())
+ .build();
}
- public static LocalOrKeystoreEndEntityCertWithKeyGrouping buildEndEntityCertWithKeyGrouping(
+ public static InlineOrKeystoreEndEntityCertWithKeyGrouping buildEndEntityCertWithKeyGrouping(
final PublicKeyFormat publicKeyFormat, final byte[] publicKeyBytes,
final PrivateKeyFormat privateKeyFormat, final byte[] privateKeyBytes, final byte[] certificateBytes) {
- final var localDef = new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.local.LocalDefinitionBuilder()
- .setPublicKeyFormat(publicKeyFormat)
- .setPublicKey(publicKeyBytes)
- .setPrivateKeyFormat(privateKeyFormat)
- .setPrivateKeyType(new CleartextPrivateKeyBuilder().setCleartextPrivateKey(privateKeyBytes).build())
- .setCertData(new EndEntityCertCms(certificateBytes))
- .build();
- return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212
- .tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder()
- .setLocalOrKeystore(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev221212
- .local.or.keystore.end.entity.cert.with.key.grouping.local.or.keystore.LocalBuilder()
- .setLocalDefinition(localDef).build())
- .build();
+ return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+ .tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder()
+ .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417
+ .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.InlineBuilder()
+ .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore
+ .rev230417.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline
+ .InlineDefinitionBuilder()
+ .setPublicKeyFormat(publicKeyFormat)
+ .setPublicKey(publicKeyBytes)
+ .setPrivateKeyFormat(privateKeyFormat)
+ .setPrivateKeyType(new CleartextPrivateKeyBuilder().setCleartextPrivateKey(privateKeyBytes).build())
+ .setCertData(new EndEntityCertCms(certificateBytes))
+ .build())
+ .build())
+ .build();
}
public static X509CertData generateX509CertData(final String algorithm) throws Exception {
import static org.opendaylight.netconf.transport.tls.KeyUtils.EC_ALGORITHM;
import static org.opendaylight.netconf.transport.tls.KeyUtils.RSA_ALGORITHM;
import static org.opendaylight.netconf.transport.tls.TestUtils.buildEndEntityCertWithKeyGrouping;
-import static org.opendaylight.netconf.transport.tls.TestUtils.buildLocalOrTruststore;
+import static org.opendaylight.netconf.transport.tls.TestUtils.buildInlineOrTruststore;
import static org.opendaylight.netconf.transport.tls.TestUtils.generateX509CertData;
import static org.opendaylight.netconf.transport.tls.TestUtils.isRSA;
import org.opendaylight.netconf.transport.api.TransportChannel;
import org.opendaylight.netconf.transport.api.TransportChannelListener;
import org.opendaylight.netconf.transport.tcp.NettyTransportSupport;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.EcPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.RsaPrivateKeyFormat;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev221212.SubjectPublicKeyInfoFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.TlsClientGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.ClientIdentityBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212.tls.client.grouping.ServerAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.TlsServerGrouping;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.tls.server.grouping.ClientAuthenticationBuilder;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212.tls.server.grouping.ServerIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.ClientIdentityBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.ServerAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.TlsServerGrouping;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.ClientAuthenticationBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.ServerIdentityBuilder;
import org.opendaylight.yangtools.yang.common.Uint16;
@ExtendWith(MockitoExtension.class)
final var data = generateX509CertData(algorithm);
// common config parts
- var localOrKeystore = buildEndEntityCertWithKeyGrouping(
+ var inlineOrKeystore = buildEndEntityCertWithKeyGrouping(
SubjectPublicKeyInfoFormat.VALUE, data.publicKey(),
isRSA(algorithm) ? RsaPrivateKeyFormat.VALUE : EcPrivateKeyFormat.VALUE,
- data.privateKey(), data.certBytes()).getLocalOrKeystore();
- var localOrTrustStore = buildLocalOrTruststore(Map.of("cert", data.certBytes()));
+ data.privateKey(), data.certBytes()).getInlineOrKeystore();
+ var inlineOrTrustStore = buildInlineOrTruststore(Map.of("cert", data.certBytes()));
// client config
final var clientIdentity = new ClientIdentityBuilder()
- .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212
- .tls.client.grouping.client.identity.auth.type.CertificateBuilder()
- .setCertificate(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212
- .tls.client.grouping.client.identity.auth.type.certificate.CertificateBuilder()
- .setLocalOrKeystore(localOrKeystore)
- .build()).build()).build();
- final var serverAuth = new ServerAuthenticationBuilder().setCaCerts(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev221212
- .tls.client.grouping.server.authentication.CaCertsBuilder()
- .setLocalOrTruststore(localOrTrustStore).build()).build();
+ .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417
+ .tls.client.grouping.client.identity.auth.type.CertificateBuilder()
+ .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417
+ .tls.client.grouping.client.identity.auth.type.certificate.CertificateBuilder()
+ .setInlineOrKeystore(inlineOrKeystore)
+ .build())
+ .build())
+ .build();
+ final var serverAuth = new ServerAuthenticationBuilder()
+ .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417
+ .tls.client.grouping.server.authentication.CaCertsBuilder()
+ .setInlineOrTruststore(inlineOrTrustStore)
+ .build())
+ .build();
when(tlsClientConfig.getClientIdentity()).thenReturn(clientIdentity);
when(tlsClientConfig.getServerAuthentication()).thenReturn(serverAuth);
// server config
final var serverIdentity = new ServerIdentityBuilder()
- .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212
- .tls.server.grouping.server.identity.auth.type.CertificateBuilder()
- .setCertificate(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212
- .tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder()
- .setLocalOrKeystore(localOrKeystore)
- .build()).build()).build();
- final var clientAuth = new ClientAuthenticationBuilder().setCaCerts(
- new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev221212
- .tls.server.grouping.client.authentication.CaCertsBuilder()
- .setLocalOrTruststore(localOrTrustStore).build()).build();
+ .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+ .tls.server.grouping.server.identity.auth.type.CertificateBuilder()
+ .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+ .tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder()
+ .setInlineOrKeystore(inlineOrKeystore)
+ .build())
+ .build())
+ .build();
+ final var clientAuth = new ClientAuthenticationBuilder()
+ .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417
+ .tls.server.grouping.client.authentication.CaCertsBuilder()
+ .setInlineOrTruststore(inlineOrTrustStore)
+ .build())
+ .build();
when(tlsServerConfig.getServerIdentity()).thenReturn(serverIdentity);
when(tlsServerConfig.getClientAuthentication()).thenReturn(clientAuth);
}
}
- private static Channel assertChannel(List<TransportChannel> transportChannels) {
+ private static Channel assertChannel(final List<TransportChannel> transportChannels) {
assertNotNull(transportChannels);
assertEquals(1, transportChannels.size());
final var channel = assertInstanceOf(TLSTransportChannel.class, transportChannels.get(0)).channel();
"This module defines a 'truststore' to centralize management
of trust anchors including certificates and public keys.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
'ietf-truststore' module).";
}
- feature local-definitions-supported {
+ feature inline-definitions-supported {
description
- "The 'local-definitions-supported' feature indicates that
+ "The 'inline-definitions-supported' feature indicates that
the server supports locally-defined trust anchors.";
}
feature certificates {
/* Groupings */
/*****************/
- grouping local-or-truststore-certs-grouping {
+ grouping inline-or-truststore-certs-grouping {
description
"A grouping that allows the certificates to be either
configured locally, within the using data model, or be a
'central-truststore-supported' is not defined, SHOULD
augment in custom 'case' statements enabling references
to the alternate truststore locations.";
- choice local-or-truststore {
+ choice inline-or-truststore {
nacm:default-deny-write;
mandatory true;
description
"A choice between an inlined definition and a definition
that exists in the truststore.";
- case local {
- if-feature "local-definitions-supported";
- container local-definition {
+ case inline {
+ if-feature "inline-definitions-supported";
+ container inline-definition {
description
"A container for locally configured trust anchor
certificates.";
}
}
- grouping local-or-truststore-public-keys-grouping {
+ grouping inline-or-truststore-public-keys-grouping {
description
"A grouping that allows the public keys to be either
configured locally, within the using data model, or be a
'central-truststore-supported' is not defined, SHOULD
augment in custom 'case' statements enabling references
to the alternate truststore locations.";
- choice local-or-truststore {
+ choice inline-or-truststore {
nacm:default-deny-write;
mandatory true;
description
"A choice between an inlined definition and a definition
that exists in the truststore.";
- case local {
- if-feature "local-definitions-supported";
- container local-definition {
+ case inline {
+ if-feature "inline-definitions-supported";
+ container inline-definition {
description
"A container to hold local public key definitions.";
list public-key {
description
"A grouping definition that enables use in other contexts.
Where used, implementations MUST augment new 'case'
- statements into the various local-or-truststore 'choice'
+ statements into the various inline-or-truststore 'choice'
statements to supply leafrefs to the model-specific
location(s).";
container certificate-bags {
import java.util.Set;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.kohsuke.MetaInfServices;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.IetfTruststoreData;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev221212.LocalDefinitionsSupported;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.IetfTruststoreData;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineDefinitionsSupported;
import org.opendaylight.yangtools.yang.binding.YangFeature;
import org.opendaylight.yangtools.yang.binding.YangFeatureProvider;
@Override
public Set<? extends YangFeature<?, IetfTruststoreData>> supportedFeatures() {
- return Set.of(LocalDefinitionsSupported.VALUE);
+ return Set.of(InlineDefinitionsSupported.VALUE);
}
}
Code Review / netconf.git / commitdiff