From 3b4f0880195460f9d9a00cc6bf4bc319f81e5bb7 Mon Sep 17 00:00:00 2001 From: Robert Varga Date: Wed, 24 Jan 2024 21:19:10 +0100 Subject: [PATCH] Refresh IETF client/server models This updates the models to the versions published in - draft-ietf-netconf-crypto-types-28 - draft-ietf-netconf-keystore-29 - draft-ietf-netconf-trust-anchors-22 - draft-ietf-netconf-tcp-client-server-17 - draft-ietf-netconf-tls-client-server-34 - draft-ietf-netconf-ssh-client-server-34 - draft-ietf-netconf-netconf-client-server-30 The ietf-truststore.yang model is augmented with four if-feature statements which are missing in the published model. Their absence causes binding runtime to fail because it sees the two leaves using their respective leafref types and it cannot resolve them (becase we do not support central-truststore). JIRA: NETCONF-590 Change-Id: I1fe3be6151a5aa633b1e8a2405454063cfba8c84 Signed-off-by: Robert Varga --- .../callhome/mount/CallHomeMountService.java | 2 +- .../northbound/SshServerTransport.java | 4 +- .../northbound/TcpServerTransport.java | 4 +- ...ClientConfigurationBuilderFactoryImpl.java | 12 +- ...-17.yang => ietf-keystore@2023-12-28.yang} | 126 +++++++++--------- .../none/NoneKeystoreFeatureProvider.java | 6 +- ...yang => ietf-crypto-types@2023-12-28.yang} | 29 +++- .../server/ssh/CallHomeSshServer.java | 8 +- .../server/tls/CallHomeTlsServer.java | 4 +- .../server/ssh/CallHomeSshServerTest.java | 2 +- .../server/tls/CallHomeTlsServerTest.java | 2 +- .../test/tool/NetconfDeviceSimulator.java | 4 +- .../test/tool/client/stress/StressClient.java | 10 +- .../netconf/test/tool/TestToolTest.java | 10 +- .../netconf/client/SslHandlerFactory.java | 2 +- .../conf/NetconfClientConfiguration.java | 6 +- .../NetconfClientConfigurationBuilder.java | 6 +- ...ng => ietf-netconf-client@2023-12-28.yang} | 104 +++++++-------- .../NetconfClientConfigurationTest.java | 6 +- .../client/NetconfClientFactoryImplTest.java | 46 +++---- ...ng => ietf-netconf-server@2023-12-28.yang} | 101 +++++++------- .../netconf/server/ConcurrentClientsTest.java | 8 +- .../netconf/transport/ssh/ConfigUtils.java | 40 +++--- .../transport/ssh/IetfSshClientProvider.java | 10 +- .../transport/ssh/IetfSshCommonProvider.java | 6 +- .../transport/ssh/IetfSshServerProvider.java | 12 +- .../netconf/transport/ssh/SSHClient.java | 6 +- .../netconf/transport/ssh/SSHServer.java | 6 +- .../ssh/SSHTransportStackFactory.java | 8 +- .../transport/ssh/TransportSshClient.java | 10 +- .../transport/ssh/TransportSshServer.java | 8 +- .../netconf/transport/ssh/TransportUtils.java | 8 +- .../iana-ssh-encryption-algs@2022-06-16.yang | 15 +-- ...iana-ssh-key-exchange-algs@2022-06-16.yang | 17 ++- .../yang/iana-ssh-mac-algs@2022-06-16.yang | 10 +- .../iana-ssh-public-key-algs@2022-06-16.yang | 12 +- ...7.yang => ietf-ssh-client@2023-12-28.yang} | 52 ++++---- ...7.yang => ietf-ssh-common@2023-12-28.yang} | 75 ++++++----- ...7.yang => ietf-ssh-server@2023-12-28.yang} | 46 ++++--- .../transport/ssh/SshClientServerTest.java | 18 +-- .../netconf/transport/ssh/TestUtils.java | 108 +++++++-------- .../transport/tcp/AbstractNettyImpl.java | 2 +- .../netconf/transport/tcp/EpollNettyImpl.java | 2 +- .../tcp/IetfTcpClientFeatureProvider.java | 6 +- .../tcp/IetfTcpCommonFeatureProvider.java | 4 +- .../tcp/IetfTcpServerFeatureProvider.java | 4 +- .../transport/tcp/NettyTransportSupport.java | 2 +- .../netconf/transport/tcp/NioNettyImpl.java | 2 +- .../netconf/transport/tcp/TCPClient.java | 2 +- .../netconf/transport/tcp/TCPServer.java | 2 +- ...7.yang => ietf-tcp-client@2023-12-28.yang} | 4 +- ...7.yang => ietf-tcp-common@2023-12-28.yang} | 24 ++-- ...7.yang => ietf-tcp-server@2023-12-28.yang} | 5 +- .../transport/tcp/TCPClientServerTest.java | 4 +- .../netconf/transport/tls/ConfigUtils.java | 24 ++-- .../tls/IetfTlsClientFeatureProvider.java | 6 +- .../tls/IetfTlsCommonFeatureProvider.java | 14 +- .../tls/IetfTlsServerFeatureProvider.java | 8 +- .../transport/tls/SSLEngineFactory.java | 2 +- .../netconf/transport/tls/TLSClient.java | 10 +- .../netconf/transport/tls/TLSServer.java | 10 +- .../transport/tls/TLSTransportStack.java | 15 +-- ...iana-tls-cipher-suite-algs@2022-06-16.yang | 24 ++-- ...7.yang => ietf-tls-client@2023-12-28.yang} | 116 ++++++++-------- ...7.yang => ietf-tls-common@2023-12-28.yang} | 88 ++++++------ ...7.yang => ietf-tls-server@2023-12-28.yang} | 117 ++++++++-------- .../transport/tls/ConfigUtilsTest.java | 16 +-- .../netconf/transport/tls/TestUtils.java | 34 ++--- .../transport/tls/TlsClientServerTest.java | 34 ++--- ...7.yang => ietf-truststore@2023-12-28.yang} | 122 ++++++++++++----- .../none/NoneTruststoreFeatureProvider.java | 4 +- 71 files changed, 884 insertions(+), 792 deletions(-) rename keystore/keystore-api/src/main/yang/{ietf-keystore@2023-04-17.yang => ietf-keystore@2023-12-28.yang} (76%) rename model/draft-ietf-netconf-crypto-types/src/main/yang/{ietf-crypto-types@2023-04-17.yang => ietf-crypto-types@2023-12-28.yang} (98%) rename protocol/netconf-client/src/main/yang/{ietf-netconf-client@2023-04-17.yang => ietf-netconf-client@2023-12-28.yang} (87%) rename protocol/netconf-server/src/main/yang/{ietf-netconf-server@2023-04-17.yang => ietf-netconf-server@2023-12-28.yang} (89%) rename transport/transport-ssh/src/main/yang/{ietf-ssh-client@2023-04-17.yang => ietf-ssh-client@2023-12-28.yang} (87%) rename transport/transport-ssh/src/main/yang/{ietf-ssh-common@2023-04-17.yang => ietf-ssh-common@2023-12-28.yang} (80%) rename transport/transport-ssh/src/main/yang/{ietf-ssh-server@2023-04-17.yang => ietf-ssh-server@2023-12-28.yang} (91%) rename transport/transport-tcp/src/main/yang/{ietf-tcp-client@2023-04-17.yang => ietf-tcp-client@2023-12-28.yang} (99%) rename transport/transport-tcp/src/main/yang/{ietf-tcp-common@2023-04-17.yang => ietf-tcp-common@2023-12-28.yang} (87%) rename transport/transport-tcp/src/main/yang/{ietf-tcp-server@2023-04-17.yang => ietf-tcp-server@2023-12-28.yang} (98%) rename transport/transport-tls/src/main/yang/{ietf-tls-client@2023-04-17.yang => ietf-tls-client@2023-12-28.yang} (83%) rename transport/transport-tls/src/main/yang/{ietf-tls-common@2023-04-17.yang => ietf-tls-common@2023-12-28.yang} (81%) rename transport/transport-tls/src/main/yang/{ietf-tls-server@2023-04-17.yang => ietf-tls-server@2023-12-28.yang} (83%) rename truststore/truststore-api/src/main/yang/{ietf-truststore@2023-04-17.yang => ietf-truststore@2023-12-28.yang} (74%) diff --git a/apps/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountService.java b/apps/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountService.java index b3da205391..a63ca67c18 100644 --- a/apps/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountService.java +++ b/apps/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountService.java @@ -45,7 +45,7 @@ import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.connection.parameters.Protocol; import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.connection.parameters.ProtocolBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev231121.NetconfNodeBuilder; diff --git a/apps/netconf-nb/src/main/java/org/opendaylight/netconf/northbound/SshServerTransport.java b/apps/netconf-nb/src/main/java/org/opendaylight/netconf/northbound/SshServerTransport.java index 2120582ab1..7567b2ab60 100644 --- a/apps/netconf-nb/src/main/java/org/opendaylight/netconf/northbound/SshServerTransport.java +++ b/apps/netconf-nb/src/main/java/org/opendaylight/netconf/northbound/SshServerTransport.java @@ -19,8 +19,8 @@ import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; import org.opendaylight.netconf.transport.ssh.SSHServer; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev230417.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev231228.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.opendaylight.yangtools.yang.common.Uint16; import org.osgi.service.component.annotations.Activate; import org.osgi.service.component.annotations.Component; diff --git a/apps/netconf-nb/src/main/java/org/opendaylight/netconf/northbound/TcpServerTransport.java b/apps/netconf-nb/src/main/java/org/opendaylight/netconf/northbound/TcpServerTransport.java index d7c2df1d9a..aed46922af 100644 --- a/apps/netconf-nb/src/main/java/org/opendaylight/netconf/northbound/TcpServerTransport.java +++ b/apps/netconf-nb/src/main/java/org/opendaylight/netconf/northbound/TcpServerTransport.java @@ -13,8 +13,8 @@ import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; import org.opendaylight.netconf.transport.tcp.TCPServer; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev230417.netconf.server.listen.stack.grouping.transport.tls.tls.TcpServerParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev231228.netconf.server.listen.stack.grouping.transport.tls.tls.TcpServerParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.opendaylight.yangtools.yang.common.Uint16; import org.osgi.service.component.annotations.Activate; import org.osgi.service.component.annotations.Component; diff --git a/apps/netconf-topology/src/main/java/org/opendaylight/netconf/topology/spi/NetconfClientConfigurationBuilderFactoryImpl.java b/apps/netconf-topology/src/main/java/org/opendaylight/netconf/topology/spi/NetconfClientConfigurationBuilderFactoryImpl.java index 8df5e5bad6..1bb0cb2574 100644 --- a/apps/netconf-topology/src/main/java/org/opendaylight/netconf/topology/spi/NetconfClientConfigurationBuilderFactoryImpl.java +++ b/apps/netconf-topology/src/main/java/org/opendaylight/netconf/topology/spi/NetconfClientConfigurationBuilderFactoryImpl.java @@ -25,12 +25,12 @@ import org.opendaylight.netconf.client.mdsal.api.CredentialProvider; import org.opendaylight.netconf.client.mdsal.api.SslHandlerFactoryProvider; import org.opendaylight.netconf.shaded.sshd.client.auth.pubkey.UserAuthPublicKeyFactory; import org.opendaylight.netconf.shaded.sshd.common.keyprovider.KeyIdentityProvider; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.PasswordBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPasswordBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentity; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.client.identity.PasswordBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.connection.parameters.Protocol.Name; import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.Credentials; import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.credentials.KeyAuth; diff --git a/keystore/keystore-api/src/main/yang/ietf-keystore@2023-04-17.yang b/keystore/keystore-api/src/main/yang/ietf-keystore@2023-12-28.yang similarity index 76% rename from keystore/keystore-api/src/main/yang/ietf-keystore@2023-04-17.yang rename to keystore/keystore-api/src/main/yang/ietf-keystore@2023-12-28.yang index 8e158fabb7..b492c77bb5 100644 --- a/keystore/keystore-api/src/main/yang/ietf-keystore@2023-04-17.yang +++ b/keystore/keystore-api/src/main/yang/ietf-keystore@2023-12-28.yang @@ -48,7 +48,7 @@ module ietf-keystore { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -62,8 +62,8 @@ module ietf-keystore { feature central-keystore-supported { description "The 'central-keystore-supported' feature indicates that - the server supports the keystore (i.e., implements the - 'ietf-keystore' module)."; + the server supports the central keystore (i.e., fully + implements the 'ietf-keystore' module)."; } feature inline-definitions-supported { @@ -96,8 +96,7 @@ module ietf-keystore { } description "This typedef enables modules to easily define a reference - to a symmetric key stored in the keystore, when this - module is implemented."; + to a symmetric key stored in the central keystore."; } typedef asymmetric-key-ref { @@ -107,22 +106,21 @@ module ietf-keystore { } description "This typedef enables modules to easily define a reference - to an asymmetric key stored in the keystore, when this - module is implemented."; + to an asymmetric key stored in the central keystore."; } /*****************/ /* Groupings */ /*****************/ - grouping encrypted-by-choice-grouping { + grouping encrypted-by-grouping { description "A grouping that defines a 'choice' statement that can be augmented into the 'encrypted-by' node, present in the 'symmetric-key-grouping' and 'asymmetric-key-pair-grouping' groupings defined in RFC AAAA, enabling references to keys - in the keystore, when this module is implemented."; - choice encrypted-by-choice { + in the central keystore."; + choice encrypted-by { nacm:default-deny-write; mandatory true; description @@ -150,11 +148,12 @@ module ietf-keystore { } } + // *-ref groupings + grouping asymmetric-key-certificate-ref-grouping { description - "This grouping defines a reference to a specific certificate - associated with an asymmetric key stored in the keystore, - when this module is implemented."; + "Grouping for the reference to a certificate associated + with an asymmetric key stored in the central keystore."; leaf asymmetric-key { nacm:default-deny-write; if-feature "central-keystore-supported"; @@ -182,14 +181,13 @@ module ietf-keystore { grouping inline-or-keystore-symmetric-key-grouping { description - "A grouping that expands to allow the symmetric key to be - either stored locally, i.e., within the using data model, - or a reference to a symmetric key stored in the keystore. - - Servers that do not 'implement' this module, and hence - 'central-keystore-supported' is not defined, SHOULD - augment in custom 'case' statements enabling references - to the alternate keystore locations."; + "A grouping for the configuration of a symmetric key. The + symmetric key may be defined inline or as a reference to + a symmetric key stored in the central keystore. + + Servers that do not define the 'central-keystore-supported' + feature SHOULD augment in custom 'case' statements enabling + references to alternate keystore locations."; choice inline-or-keystore { nacm:default-deny-write; mandatory true; @@ -204,14 +202,14 @@ module ietf-keystore { uses ct:symmetric-key-grouping; } } - case keystore { + case central-keystore { if-feature "central-keystore-supported"; if-feature "symmetric-keys"; - leaf keystore-reference { + leaf central-keystore-reference { type ks:symmetric-key-ref; description "A reference to an symmetric key that exists in - the keystore, when this module is implemented."; + the central keystore."; } } } @@ -219,14 +217,13 @@ module ietf-keystore { grouping inline-or-keystore-asymmetric-key-grouping { description - "A grouping that expands to allow the asymmetric key to be - either stored locally, i.e., within the using data model, - or a reference to an asymmetric key stored in the keystore. - - Servers that do not 'implement' this module, and hence - 'central-keystore-supported' is not defined, SHOULD - augment in custom 'case' statements enabling references - to the alternate keystore locations."; + "A grouping for the configuration of an asymmetric key. The + asymmetric key may be defined inline or as a reference to + an asymmetric key stored in the central keystore. + + Servers that do not define the 'central-keystore-supported' + feature SHOULD augment in custom 'case' statements enabling + references to alternate keystore locations."; choice inline-or-keystore { nacm:default-deny-write; mandatory true; @@ -241,17 +238,16 @@ module ietf-keystore { uses ct:asymmetric-key-pair-grouping; } } - case keystore { + case central-keystore { if-feature "central-keystore-supported"; if-feature "asymmetric-keys"; - leaf keystore-reference { + leaf central-keystore-reference { type ks:asymmetric-key-ref; description "A reference to an asymmetric key that exists in - the keystore, when this module is implemented. The - intent is to reference just the asymmetric key - without any regard for any certificates that may - be associated with it."; + the central keystore. The intent is to reference + just the asymmetric key without any regard for + any certificates that may be associated with it."; } } } @@ -259,16 +255,15 @@ module ietf-keystore { grouping inline-or-keystore-asymmetric-key-with-certs-grouping { description - "A grouping that expands to allow an asymmetric key and - its associated certificates to be either stored locally, - i.e., within the using data model, or a reference to an - asymmetric key (and its associated certificates) stored - in the keystore. - - Servers that do not 'implement' this module, and hence - 'central-keystore-supported' is not defined, SHOULD - augment in custom 'case' statements enabling references - to the alternate keystore locations."; + "A grouping for the configuration of an asymmetric key and + its associated certificates. The asymmetric key and its + associated certificates may be defined inline or as a + reference to an asymmetric key (and its associated + certificates) in the central keystore. + + Servers that do not define the 'central-keystore-supported' + feature SHOULD augment in custom 'case' statements enabling + references to alternate keystore locations."; choice inline-or-keystore { nacm:default-deny-write; mandatory true; @@ -283,10 +278,10 @@ module ietf-keystore { uses ct:asymmetric-key-pair-with-certs-grouping; } } - case keystore { + case central-keystore { if-feature "central-keystore-supported"; if-feature "asymmetric-keys"; - leaf keystore-reference { + leaf central-keystore-reference { type ks:asymmetric-key-ref; description "A reference to an asymmetric-key (and all of its @@ -299,15 +294,15 @@ module ietf-keystore { grouping inline-or-keystore-end-entity-cert-with-key-grouping { description - "A grouping that expands to allow an end-entity certificate - (and its associated asymmetric key pair) to be either stored - locally, i.e., within the using data model, or a reference - to a specific certificate in the keystore. - - Servers that do not 'implement' this module, and hence - 'central-keystore-supported' is not defined, SHOULD - augment in custom 'case' statements enabling references - to the alternate keystore locations."; + "A grouping for the configuration of an asymmetric key and + its associated end-entity certificate. The asymmetric key + and its associated end-entity certificate may be defined + inline or as a reference to an asymmetric key (and its + associated end-entity certificate) in the central keystore. + + Servers that do not define the 'central-keystore-supported' + feature SHOULD augment in custom 'case' statements enabling + references to alternate keystore locations."; choice inline-or-keystore { nacm:default-deny-write; mandatory true; @@ -322,20 +317,21 @@ module ietf-keystore { uses ct:asymmetric-key-pair-with-cert-grouping; } } - case keystore { + case central-keystore { if-feature "central-keystore-supported"; if-feature "asymmetric-keys"; - container keystore-reference { + container central-keystore-reference { uses asymmetric-key-certificate-ref-grouping; description "A reference to a specific certificate associated with - an asymmetric key stored in the keystore, when this - module is implemented."; + an asymmetric key stored in the central keystore."; } } } } + // the keystore grouping + grouping keystore-grouping { description "Grouping definition enables use in other contexts. If ever @@ -395,7 +391,7 @@ module ietf-keystore { "Augments in a choice statement enabling the encrypting key to be any other symmetric or asymmetric key in the central keystore."; - uses encrypted-by-choice-grouping; + uses encrypted-by-grouping; } augment "asymmetric-keys/asymmetric-key/private-key-type/" + "encrypted-private-key/encrypted-private-key/" @@ -404,7 +400,7 @@ module ietf-keystore { "Augments in a choice statement enabling the encrypting key to be any other symmetric or asymmetric key in the central keystore."; - uses encrypted-by-choice-grouping; + uses encrypted-by-grouping; } } } diff --git a/keystore/keystore-none/src/main/java/org/opendaylight/netconf/keystore/none/NoneKeystoreFeatureProvider.java b/keystore/keystore-none/src/main/java/org/opendaylight/netconf/keystore/none/NoneKeystoreFeatureProvider.java index c31f824bad..e74243e56d 100644 --- a/keystore/keystore-none/src/main/java/org/opendaylight/netconf/keystore/none/NoneKeystoreFeatureProvider.java +++ b/keystore/keystore-none/src/main/java/org/opendaylight/netconf/keystore/none/NoneKeystoreFeatureProvider.java @@ -10,9 +10,9 @@ package org.opendaylight.netconf.keystore.none; import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.AsymmetricKeys; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.IetfKeystoreData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineDefinitionsSupported; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.AsymmetricKeys; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.IetfKeystoreData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineDefinitionsSupported; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; diff --git a/model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2023-04-17.yang b/model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2023-12-28.yang similarity index 98% rename from model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2023-04-17.yang rename to model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2023-12-28.yang index ddabbeec52..38dc215383 100644 --- a/model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2023-04-17.yang +++ b/model/draft-ietf-netconf-crypto-types/src/main/yang/ietf-crypto-types@2023-12-28.yang @@ -48,7 +48,7 @@ module ietf-crypto-types { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -94,6 +94,7 @@ module ietf-crypto-types { "Indicates that the server supports the 'cms-encrypted-data-format' identity."; } + feature p10-csr-format { description "Indicates that the server implements support @@ -286,6 +287,7 @@ module ietf-crypto-types { scope of this specification. This is also true when the octet string has been encrypted."; } + identity one-symmetric-key-format { if-feature "one-symmetric-key-format"; base symmetric-key-format; @@ -404,6 +406,7 @@ module ietf-crypto-types { Specification Version 1.7"; } + /***************************************************/ /* Typedefs for ASN.1 structures from RFC 2986 */ /***************************************************/ @@ -843,11 +846,9 @@ module ietf-crypto-types { } } - grouping asymmetric-key-pair-grouping { + grouping private-key-grouping { description - "A private key and its associated public key. Implementations - SHOULD ensure that the two keys are a matching pair."; - uses public-key-grouping; + "A private key."; leaf private-key-format { nacm:default-deny-write; type identityref { @@ -902,6 +903,22 @@ module ietf-crypto-types { } } + grouping asymmetric-key-pair-grouping { + description + "A private key and, optionally, its associated public key. + Implementations SHOULD ensure that the two keys, when both + are specified, are a matching pair."; + uses public-key-grouping { + refine public-key-format { + mandatory false; + } + refine public-key { + mandatory false; + } + } + uses private-key-grouping; + } + grouping certificate-expiration-grouping { description "A notification for when a certificate is about to, or @@ -952,6 +969,8 @@ module ietf-crypto-types { uses certificate-expiration-grouping; } + + grouping generate-csr-grouping { description "Defines the 'generate-csr' action."; diff --git a/netconf/callhome-server/src/main/java/org/opendaylight/netconf/callhome/server/ssh/CallHomeSshServer.java b/netconf/callhome-server/src/main/java/org/opendaylight/netconf/callhome/server/ssh/CallHomeSshServer.java index 76005e3f2b..5bb353137f 100644 --- a/netconf/callhome-server/src/main/java/org/opendaylight/netconf/callhome/server/ssh/CallHomeSshServer.java +++ b/netconf/callhome-server/src/main/java/org/opendaylight/netconf/callhome/server/ssh/CallHomeSshServer.java @@ -36,10 +36,10 @@ import org.opendaylight.netconf.transport.ssh.SSHClient; import org.opendaylight.netconf.transport.ssh.SSHTransportStackFactory; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.opendaylight.yangtools.yang.common.Uint16; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/netconf/callhome-server/src/main/java/org/opendaylight/netconf/callhome/server/tls/CallHomeTlsServer.java b/netconf/callhome-server/src/main/java/org/opendaylight/netconf/callhome/server/tls/CallHomeTlsServer.java index fbec4c17e3..faa210d7d5 100644 --- a/netconf/callhome-server/src/main/java/org/opendaylight/netconf/callhome/server/tls/CallHomeTlsServer.java +++ b/netconf/callhome-server/src/main/java/org/opendaylight/netconf/callhome/server/tls/CallHomeTlsServer.java @@ -26,8 +26,8 @@ import org.opendaylight.netconf.transport.tcp.BootstrapFactory; import org.opendaylight.netconf.transport.tls.TLSClient; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.opendaylight.yangtools.yang.common.Uint16; public final class CallHomeTlsServer implements AutoCloseable { diff --git a/netconf/callhome-server/src/test/java/org/opendaylight/netconf/callhome/server/ssh/CallHomeSshServerTest.java b/netconf/callhome-server/src/test/java/org/opendaylight/netconf/callhome/server/ssh/CallHomeSshServerTest.java index c029abf9c2..63fdafbb3a 100644 --- a/netconf/callhome-server/src/test/java/org/opendaylight/netconf/callhome/server/ssh/CallHomeSshServerTest.java +++ b/netconf/callhome-server/src/test/java/org/opendaylight/netconf/callhome/server/ssh/CallHomeSshServerTest.java @@ -57,7 +57,7 @@ import org.opendaylight.netconf.transport.ssh.SSHTransportStackFactory; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.Capabilities; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.CapabilitiesBuilder; import org.opendaylight.yangtools.yang.common.Uint16; diff --git a/netconf/callhome-server/src/test/java/org/opendaylight/netconf/callhome/server/tls/CallHomeTlsServerTest.java b/netconf/callhome-server/src/test/java/org/opendaylight/netconf/callhome/server/tls/CallHomeTlsServerTest.java index 66984e0fcc..03e2afe41d 100644 --- a/netconf/callhome-server/src/test/java/org/opendaylight/netconf/callhome/server/tls/CallHomeTlsServerTest.java +++ b/netconf/callhome-server/src/test/java/org/opendaylight/netconf/callhome/server/tls/CallHomeTlsServerTest.java @@ -70,7 +70,7 @@ import org.opendaylight.netconf.transport.tls.TLSServer; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.Capabilities; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.CapabilitiesBuilder; import org.opendaylight.yangtools.yang.common.Uint16; diff --git a/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java b/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java index eab2564930..33c4d9c0fc 100644 --- a/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java +++ b/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java @@ -54,8 +54,8 @@ import org.opendaylight.netconf.transport.tcp.TCPServer; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev230417.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev231228.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.opendaylight.yangtools.yang.common.Revision; import org.opendaylight.yangtools.yang.common.Uint16; import org.opendaylight.yangtools.yang.model.api.EffectiveModelContext; diff --git a/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/client/stress/StressClient.java b/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/client/stress/StressClient.java index d06340e7f4..9b1c30d244 100644 --- a/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/client/stress/StressClient.java +++ b/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/client/stress/StressClient.java @@ -33,15 +33,15 @@ import org.opendaylight.netconf.client.mdsal.api.RemoteDevice; import org.opendaylight.netconf.test.tool.TestToolUtils; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.netconf.base._1._0.rev110601.CommitInput; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.netconf.base._1._0.rev110601.EditConfigInput; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPasswordBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.PasswordBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.client.identity.PasswordBuilder; import org.opendaylight.yangtools.yang.common.QName; import org.opendaylight.yangtools.yang.common.Uint16; import org.slf4j.Logger; diff --git a/netconf/tools/netconf-testtool/src/test/java/org/opendaylight/netconf/test/tool/TestToolTest.java b/netconf/tools/netconf-testtool/src/test/java/org/opendaylight/netconf/test/tool/TestToolTest.java index 6145ec5dde..f16bf76611 100644 --- a/netconf/tools/netconf-testtool/src/test/java/org/opendaylight/netconf/test/tool/TestToolTest.java +++ b/netconf/tools/netconf-testtool/src/test/java/org/opendaylight/netconf/test/tool/TestToolTest.java @@ -38,14 +38,14 @@ import org.opendaylight.netconf.client.conf.NetconfClientConfiguration.NetconfCl import org.opendaylight.netconf.client.conf.NetconfClientConfigurationBuilder; import org.opendaylight.netconf.test.tool.config.Configuration; import org.opendaylight.netconf.test.tool.config.ConfigurationBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPasswordBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.listen.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.PasswordBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.listen.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.client.identity.PasswordBuilder; import org.opendaylight.yangtools.yang.common.Uint16; import org.w3c.dom.Document; diff --git a/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/SslHandlerFactory.java b/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/SslHandlerFactory.java index d960c623a2..e71315615d 100644 --- a/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/SslHandlerFactory.java +++ b/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/SslHandlerFactory.java @@ -14,7 +14,7 @@ import java.util.Set; * Basic interface for {@link SslHandler} builder. Used to establish TSL connection. * * @deprecated due to design change. SslHandler will be created dynamically based on TLS layer configuration - * {@link org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping} + * {@link org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping} * by {@link NetconfClientFactory}. */ @Deprecated diff --git a/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/conf/NetconfClientConfiguration.java b/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/conf/NetconfClientConfiguration.java index b6b4ee1288..bce687d01c 100644 --- a/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/conf/NetconfClientConfiguration.java +++ b/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/conf/NetconfClientConfiguration.java @@ -19,9 +19,9 @@ import org.opendaylight.netconf.client.NetconfClientSessionListener; import org.opendaylight.netconf.transport.ssh.ClientFactoryManagerConfigurator; import org.opendaylight.netconf.transport.tls.SslHandlerFactory; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping; public final class NetconfClientConfiguration { diff --git a/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/conf/NetconfClientConfigurationBuilder.java b/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/conf/NetconfClientConfigurationBuilder.java index 3ed7298ec0..d8a04b944b 100644 --- a/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/conf/NetconfClientConfigurationBuilder.java +++ b/protocol/netconf-client/src/main/java/org/opendaylight/netconf/client/conf/NetconfClientConfigurationBuilder.java @@ -17,9 +17,9 @@ import org.opendaylight.netconf.nettyutil.NetconfSessionNegotiator; import org.opendaylight.netconf.transport.ssh.ClientFactoryManagerConfigurator; import org.opendaylight.netconf.transport.tls.SslHandlerFactory; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping; /** * Builder for {@link NetconfClientConfiguration}. diff --git a/protocol/netconf-client/src/main/yang/ietf-netconf-client@2023-04-17.yang b/protocol/netconf-client/src/main/yang/ietf-netconf-client@2023-12-28.yang similarity index 87% rename from protocol/netconf-client/src/main/yang/ietf-netconf-client@2023-04-17.yang rename to protocol/netconf-client/src/main/yang/ietf-netconf-client@2023-12-28.yang index 08027a281f..21e567ab91 100644 --- a/protocol/netconf-client/src/main/yang/ietf-netconf-client@2023-04-17.yang +++ b/protocol/netconf-client/src/main/yang/ietf-netconf-client@2023-12-28.yang @@ -66,7 +66,7 @@ module ietf-netconf-client { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -139,7 +139,7 @@ module ietf-netconf-client { grouping netconf-client-initiate-stack-grouping { description "A reusable grouping for configuring a NETCONF client - 'initiate' protocol stack for a single connection."; + 'initiate' protocol stack for a single outbound connection."; choice transport { mandatory true; description @@ -148,12 +148,12 @@ module ietf-netconf-client { if-feature "ssh-initiate"; container ssh { description - "Specifies IP and SSH specific configuration + "Specifies TCP, SSH, and NETCONF configuration for the connection."; container tcp-client-parameters { description - "A wrapper around the TCP client parameters - to avoid name collisions."; + "TCP-level client parameters to initiate + a NETCONF over SSH connection."; uses tcpc:tcp-client-grouping { refine "remote-port" { default "830"; @@ -167,18 +167,14 @@ module ietf-netconf-client { } container ssh-client-parameters { description - "A wrapper around the SSH client parameters to - avoid name collisions."; + "SSH-level client parameters to initiate + a NETCONF over SSH connection."; uses sshc:ssh-client-grouping; } container netconf-client-parameters { description - "A wrapper around the NETCONF client parameters - to avoid name collisions. - - This container does not define any nodes. It - exists as a potential augmentation target by - other modules."; + "NETCONF-level client parameters to initiate + a NETCONF over SSH connection."; uses ncc:netconf-client-grouping; } } @@ -187,12 +183,12 @@ module ietf-netconf-client { if-feature "tls-initiate"; container tls { description - "Specifies IP and TLS specific configuration + "Specifies TCP, TLS, and NETCONF configuration for the connection."; container tcp-client-parameters { description - "A wrapper around the TCP client parameters - to avoid name collisions."; + "TCP-level client parameters to initiate + a NETCONF over TLS connection."; uses tcpc:tcp-client-grouping { refine "remote-port" { default "6513"; @@ -211,18 +207,14 @@ module ietf-netconf-client { authentication credentials."; } description - "A wrapper around the TLS client parameters - to avoid name collisions."; + "TLS-level client parameters to initiate + a NETCONF over TLS connection."; uses tlsc:tls-client-grouping; } container netconf-client-parameters { description - "A wrapper around the NETCONF client parameters - to avoid name collisions. - - This container does not define any nodes. It - exists as a potential augmentation target by - other modules."; + "NETCONF-level client parameters to initiate + a NETCONF over TLS connection."; uses ncc:netconf-client-grouping; } } @@ -233,7 +225,7 @@ module ietf-netconf-client { grouping netconf-client-listen-stack-grouping { description "A reusable grouping for configuring a NETCONF client - 'listen' protocol stack for a single connection. The + 'listen' protocol stack for listening on a single port. The 'listen' stack supports call home connections, as described in RFC 8071"; reference @@ -246,12 +238,12 @@ module ietf-netconf-client { if-feature "ssh-listen"; container ssh { description - "SSH-specific listening configuration for inbound - connections."; + "TCP, SSH, and NETCONF configuration to listen + for NETCONF over SSH Call Home connections."; container tcp-server-parameters { description - "A wrapper around the TCP server parameters - to avoid name collisions."; + "TCP-level server parameters to listen for + NETCONF over SSH Call Home connections."; uses tcps:tcp-server-grouping { refine "local-port" { default "4334"; @@ -264,18 +256,14 @@ module ietf-netconf-client { } container ssh-client-parameters { description - "A wrapper around the SSH client parameters - to avoid name collisions."; + "SSH-level client parameters to listen for + NETCONF over SSH Call Home connections."; uses sshc:ssh-client-grouping; } container netconf-client-parameters { description - "A wrapper around the NETCONF client parameters - to avoid name collisions. - - This container does not define any nodes. It - exists as a potential augmentation target by - other modules."; + "NETCONF-level client parameters to listen for + NETCONF over SSH Call Home connections."; uses ncc:netconf-client-grouping; } } @@ -284,12 +272,12 @@ module ietf-netconf-client { if-feature "tls-listen"; container tls { description - "TLS-specific listening configuration for inbound - connections."; + "TCP, TLS, and NETCONF configuration to listen + for NETCONF over TLS Call Home connections."; container tcp-server-parameters { description - "A wrapper around the TCP server parameters - to avoid name collisions."; + "TCP-level server parameters to listen for + NETCONF over TLS Call Home connections."; uses tcps:tcp-server-grouping { refine "local-port" { default "4335"; @@ -307,18 +295,14 @@ module ietf-netconf-client { authentication credentials."; } description - "A wrapper around the TLS client parameters - to avoid name collisions."; + "TLS-level client parameters to listen for + NETCONF over TLS Call Home connections."; uses tlsc:tls-client-grouping; } container netconf-client-parameters { description - "A wrapper around the NETCONF client parameters - to avoid name collisions. - - This container does not define any nodes. It - exists as a potential augmentation target by - other modules."; + "NETCONF-level client parameters to listen for + NETCONF over TLS Call Home connections."; uses ncc:netconf-client-grouping; } } @@ -544,18 +528,22 @@ module ietf-netconf-client { number of seconds. If set to zero, then the server will never drop a session because it is idle."; } - list endpoint { - key "name"; - min-elements 1; + container endpoints { description - "List of endpoints to listen for NETCONF connections."; - leaf name { - type string; + "Container for a list of endpoints."; + list endpoint { + key "name"; + min-elements 1; description - "An arbitrary name for the NETCONF listen endpoint."; + "List of endpoints to listen for NETCONF connections."; + leaf name { + type string; + description + "An arbitrary name for the NETCONF listen endpoint."; + } + uses netconf-client-listen-stack-grouping; } - uses netconf-client-listen-stack-grouping; - } // endpoint + } } // listen } // netconf-client-app-grouping diff --git a/protocol/netconf-client/src/test/java/org/opendaylight/netconf/client/NetconfClientConfigurationTest.java b/protocol/netconf-client/src/test/java/org/opendaylight/netconf/client/NetconfClientConfigurationTest.java index f4175637ae..df817bc5e3 100644 --- a/protocol/netconf-client/src/test/java/org/opendaylight/netconf/client/NetconfClientConfigurationTest.java +++ b/protocol/netconf-client/src/test/java/org/opendaylight/netconf/client/NetconfClientConfigurationTest.java @@ -29,9 +29,9 @@ import org.opendaylight.netconf.client.conf.NetconfClientConfigurationBuilder; import org.opendaylight.netconf.transport.ssh.ClientFactoryManagerConfigurator; import org.opendaylight.netconf.transport.tls.SslHandlerFactory; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping; @ExtendWith(MockitoExtension.class) class NetconfClientConfigurationTest { diff --git a/protocol/netconf-client/src/test/java/org/opendaylight/netconf/client/NetconfClientFactoryImplTest.java b/protocol/netconf-client/src/test/java/org/opendaylight/netconf/client/NetconfClientFactoryImplTest.java index c67a3fdb2d..26993e1fcb 100644 --- a/protocol/netconf-client/src/test/java/org/opendaylight/netconf/client/NetconfClientFactoryImplTest.java +++ b/protocol/netconf-client/src/test/java/org/opendaylight/netconf/client/NetconfClientFactoryImplTest.java @@ -57,31 +57,31 @@ import org.opendaylight.netconf.transport.ssh.ServerFactoryManagerConfigurator; import org.opendaylight.netconf.transport.tcp.TCPServer; import org.opendaylight.netconf.transport.tls.TLSServer; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.crypt.hash.rev140806.CryptHash; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228._private.key.grouping._private.key.type.CleartextPrivateKeyBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPasswordBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline.InlineDefinitionBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.tls.tls.TcpClientParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.listen.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.PasswordBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthenticationBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentityBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.UsersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.UserBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.server.identity.HostKeyBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.server.identity.host.key.host.key.type.PublicKeyBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline.InlineDefinitionBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.tls.tls.TcpClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.listen.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.client.identity.PasswordBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthentication; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthenticationBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentity; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.UsersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.users.UserBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.server.identity.HostKeyBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.server.identity.host.key.host.key.type.PublicKeyBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.opendaylight.yangtools.yang.common.Uint16; @ExtendWith(MockitoExtension.class) @@ -248,7 +248,7 @@ class NetconfClientFactoryImplTest { ).build(); final var inline = new InlineBuilder().setInlineDefinition(inlineDef).build(); final var publicKey = new PublicKeyBuilder().setPublicKey( - new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.host.key.host.key.type._public.key .PublicKeyBuilder().setInlineOrKeystore(inline).build() ).build(); diff --git a/protocol/netconf-server/src/main/yang/ietf-netconf-server@2023-04-17.yang b/protocol/netconf-server/src/main/yang/ietf-netconf-server@2023-12-28.yang similarity index 89% rename from protocol/netconf-server/src/main/yang/ietf-netconf-server@2023-04-17.yang rename to protocol/netconf-server/src/main/yang/ietf-netconf-server@2023-12-28.yang index ddb05954af..14354da03a 100644 --- a/protocol/netconf-server/src/main/yang/ietf-netconf-server@2023-04-17.yang +++ b/protocol/netconf-server/src/main/yang/ietf-netconf-server@2023-12-28.yang @@ -13,7 +13,7 @@ module ietf-netconf-server { prefix x509c2n; reference "RFC 7407: A YANG Data Model for SNMP Configuration"; - } + } import ietf-tcp-client { prefix tcpc; @@ -78,7 +78,7 @@ module ietf-netconf-server { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -194,7 +194,7 @@ module ietf-netconf-server { grouping netconf-server-listen-stack-grouping { description "A reusable grouping for configuring a NETCONF server - 'listen' protocol stack for a single connection."; + 'listen' protocol stack for listening on a single port."; choice transport { mandatory true; description @@ -203,12 +203,12 @@ module ietf-netconf-server { if-feature "ssh-listen"; container ssh { description - "SSH-specific listening configuration for inbound - connections."; + "TCP, SSH, and NETCONF configuration to listen + for NETCONF over SSH connections."; container tcp-server-parameters { description - "A wrapper around the TCP client parameters - to avoid name collisions."; + "TCP-level server parameters to listen + for NETCONF over SSH connections."; uses tcps:tcp-server-grouping { refine "local-port" { default "830"; @@ -222,19 +222,19 @@ module ietf-netconf-server { } container ssh-server-parameters { description - "A wrapper around the SSH server parameters - to avoid name collisions."; + "SSH-level server parameters to listen + for NETCONF over SSH connections."; uses sshs:ssh-server-grouping; } container netconf-server-parameters { description - "A wrapper around the NETCONF server parameters - to avoid name collisions."; + "NETCONF-level server parameters to listen + for NETCONF over SSH connections."; uses ncs:netconf-server-grouping { refine "client-identity-mappings" { if-feature "sshcmn:ssh-x509-certs"; description - "Augments in an 'if-feature' statement + "Adds in an 'if-feature' statement ensuring the 'client-identity-mappings' descendant is enabled only when SSH supports X.509 certificates."; @@ -259,12 +259,12 @@ module ietf-netconf-server { if-feature "tls-listen"; container tls { description - "TLS-specific listening configuration for inbound - connections."; + "TCP, TLS, and NETCONF configuration to listen + for NETCONF over TLS connections."; container tcp-server-parameters { description - "A wrapper around the TCP client parameters - to avoid name collisions."; + "TCP-level server parameters to listen + for NETCONF over TLS connections."; uses tcps:tcp-server-grouping { refine "local-port" { default "6513"; @@ -278,15 +278,15 @@ module ietf-netconf-server { } container tls-server-parameters { description - "A wrapper around the TLS server parameters to - avoid name collisions."; + "TLS-level server parameters to listen + for NETCONF over TLS connections."; uses tlss:tls-server-grouping { refine "client-authentication" { must 'ca-certs or ee-certs'; description "NETCONF/TLS servers MUST validate client certificates. This configures certificates - at the socket-level (i.e. bags), more + at the socket-level (i.e. bags). More discriminating client-certificate checks SHOULD be implemented by the application."; reference @@ -298,8 +298,8 @@ module ietf-netconf-server { } container netconf-server-parameters { description - "A wrapper around the NETCONF server parameters - to avoid name collisions."; + "NETCONF-level server parameters to listen + for NETCONF over TLS connections."; uses ncs:netconf-server-grouping { refine "client-identity-mappings/cert-to-name" { min-elements 1; @@ -316,7 +316,8 @@ module ietf-netconf-server { grouping netconf-server-callhome-stack-grouping { description "A reusable grouping for configuring a NETCONF server - 'call-home' protocol stack, for a single connection."; + 'call-home' protocol stack, for a single outbound + connection."; choice transport { mandatory true; description @@ -325,12 +326,12 @@ module ietf-netconf-server { if-feature "ssh-call-home"; container ssh { description - "Specifies SSH-specific call-home transport - configuration."; + "TCP, SSH, and NETCONF configuration to initiate + a NETCONF over SSH Call Home connection."; container tcp-client-parameters { description - "A wrapper around the TCP client parameters - to avoid name collisions."; + "TCP-level client parameters to initiate a + NETCONF over SSH Call Home connection."; uses tcpc:tcp-client-grouping { refine "remote-port" { default "4334"; @@ -344,19 +345,19 @@ module ietf-netconf-server { } container ssh-server-parameters { description - "A wrapper around the SSH server parameters - to avoid name collisions."; + "SSH-level server parameters to initiate a + NETCONF over SSH Call Home connection."; uses sshs:ssh-server-grouping; } container netconf-server-parameters { description - "A wrapper around the NETCONF server parameters - to avoid name collisions."; + "NETCONF-level server parameters to initiate a + NETCONF over SSH Call Home connection."; uses ncs:netconf-server-grouping { refine "client-identity-mappings" { if-feature "sshcmn:ssh-x509-certs"; description - "Augments in an 'if-feature' statement + "Adds in an 'if-feature' statement ensuring the 'client-identity-mappings' descendant is enabled only when SSH supports X.509 certificates."; @@ -381,12 +382,12 @@ module ietf-netconf-server { if-feature "tls-call-home"; container tls { description - "Specifies TLS-specific call-home transport - configuration."; + "TCP, TLS, and NETCONF configuration to initiate + a NETCONF over TLS Call Home connection."; container tcp-client-parameters { description - "A wrapper around the TCP client parameters - to avoid name collisions."; + "TCP-level client parameters to initiate a + NETCONF over TLS Call Home connection."; uses tcpc:tcp-client-grouping { refine "remote-port" { default "4335"; @@ -400,15 +401,15 @@ module ietf-netconf-server { } container tls-server-parameters { description - "A wrapper around the TLS server parameters to - avoid name collisions."; + "TLS-level server parameters to initiate a + NETCONF over TLS Call Home connection."; uses tlss:tls-server-grouping { refine "client-authentication" { must 'ca-certs or ee-certs'; description "NETCONF/TLS servers MUST validate client certificates. This configures certificates - at the socket-level (i.e. bags), more + at the socket-level (i.e. bags). More discriminating client-certificate checks SHOULD be implemented by the application."; reference @@ -420,8 +421,8 @@ module ietf-netconf-server { } container netconf-server-parameters { description - "A wrapper around the NETCONF server parameters - to avoid name collisions."; + "NETCONF-level server parameters to initiate a + NETCONF over TLS Call Home connection."; uses ncs:netconf-server-grouping { refine "client-identity-mappings/cert-to-name" { min-elements 1; @@ -459,17 +460,21 @@ module ietf-netconf-server { number of seconds. If set to zero, then the server will never drop a session because it is idle."; } - list endpoint { - key "name"; - min-elements 1; + container endpoints { description - "List of endpoints to listen for NETCONF connections."; - leaf name { - type string; + "Container for a list of endpoints."; + list endpoint { + key "name"; + min-elements 1; description - "An arbitrary name for the NETCONF listen endpoint."; + "List of endpoints to listen for NETCONF connections."; + leaf name { + type string; + description + "An arbitrary name for the NETCONF listen endpoint."; + } + uses netconf-server-listen-stack-grouping; } - uses netconf-server-listen-stack-grouping; } } container call-home { diff --git a/protocol/netconf-server/src/test/java/org/opendaylight/netconf/server/ConcurrentClientsTest.java b/protocol/netconf-server/src/test/java/org/opendaylight/netconf/server/ConcurrentClientsTest.java index 8e571db834..74f3e2e5ec 100644 --- a/protocol/netconf-server/src/test/java/org/opendaylight/netconf/server/ConcurrentClientsTest.java +++ b/protocol/netconf-server/src/test/java/org/opendaylight/netconf/server/ConcurrentClientsTest.java @@ -75,12 +75,12 @@ import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.netconf.base._1._0.re import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev230417.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.Capabilities; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.CapabilitiesBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev230417.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev231228.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.opendaylight.yangtools.concepts.Registration; import org.opendaylight.yangtools.yang.common.Uint16; import org.slf4j.Logger; diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/ConfigUtils.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/ConfigUtils.java index 4afca81c76..a2a56b76e3 100644 --- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/ConfigUtils.java +++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/ConfigUtils.java @@ -24,17 +24,17 @@ import org.opendaylight.netconf.shaded.sshd.common.FactoryManager; import org.opendaylight.netconf.shaded.sshd.common.kex.KeyExchangeFactory; import org.opendaylight.netconf.shaded.sshd.common.session.SessionHeartbeatController; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.AsymmetricKeyPairGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.SshHostKeys; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.TransportParamsGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.KeyExchange; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.AsymmetricKeyPairGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EcPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SshPublicKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228._private.key.grouping._private.key.type.CleartextPrivateKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreEndEntityCertWithKeyGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.server.authentication.SshHostKeys; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.TransportParamsGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.transport.params.grouping.KeyExchange; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.InlineOrTruststoreCertsGrouping; import org.opendaylight.yangtools.yang.common.Uint16; import org.opendaylight.yangtools.yang.common.Uint8; @@ -67,18 +67,18 @@ final class ConfigUtils { } static List extractServerHostKeys( - final List serverHostKeys) throws UnsupportedConfigurationException { var listBuilder = ImmutableList.builder(); for (var hostKey : serverHostKeys) { if (hostKey.getHostKeyType() - instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.host.key.host.key.type.PublicKey publicKey && publicKey.getPublicKey() != null) { listBuilder.add(extractKeyPair(publicKey.getPublicKey().getInlineOrKeystore())); } else if (hostKey.getHostKeyType() - instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.host.key.host.key.type.Certificate certificate && certificate.getCertificate() != null) { listBuilder.add(extractCertificateEntry(certificate.getCertificate()).getKey()); @@ -88,10 +88,10 @@ final class ConfigUtils { } static KeyPair extractKeyPair( - final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore input) throws UnsupportedConfigurationException { - final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline.class, input); final var inlineDef = inline.getInlineDefinition(); if (inlineDef == null) { @@ -147,7 +147,7 @@ final class ConfigUtils { return List.of(); } final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore - .rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class, + .rev231228.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class, input.getInlineOrTruststore()); final var inlineDef = inline.getInlineDefinition(); if (inlineDef == null) { @@ -162,7 +162,7 @@ final class ConfigUtils { private static Map.Entry> extractCertificateEntry( final InlineOrKeystoreEndEntityCertWithKeyGrouping input) throws UnsupportedConfigurationException { - final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline.class, input.getInlineOrKeystore()); final var inlineDef = inline.getInlineDefinition(); @@ -190,10 +190,10 @@ final class ConfigUtils { } static List extractPublicKeys( - final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore._public.keys.grouping.InlineOrTruststore input) throws UnsupportedConfigurationException { - final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline.class, input); final var inlineDef = inline.getInlineDefinition(); if (inlineDef == null) { diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshClientProvider.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshClientProvider.java index b863ef4c40..303f98d9c5 100644 --- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshClientProvider.java +++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshClientProvider.java @@ -10,11 +10,11 @@ package org.opendaylight.netconf.transport.ssh; import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentHostbased; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentPassword; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ClientIdentPublickey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.IetfSshClientData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientKeepalives; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ClientIdentHostbased; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ClientIdentPassword; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ClientIdentPublickey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.IetfSshClientData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientKeepalives; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshCommonProvider.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshCommonProvider.java index e942352ea8..15cb4b0c2d 100644 --- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshCommonProvider.java +++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshCommonProvider.java @@ -10,9 +10,9 @@ package org.opendaylight.netconf.transport.ssh; import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.IetfSshCommonData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.SshX509Certs; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.TransportParams; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.IetfSshCommonData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.SshX509Certs; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.TransportParams; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshServerProvider.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshServerProvider.java index b0c705acc9..c80b610a37 100644 --- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshServerProvider.java +++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/IetfSshServerProvider.java @@ -10,12 +10,12 @@ package org.opendaylight.netconf.transport.ssh; import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.IetfSshServerData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthHostbased; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthPassword; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUserAuthPublickey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.LocalUsersSupported; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerKeepalives; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.IetfSshServerData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.LocalUserAuthHostbased; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.LocalUserAuthPassword; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.LocalUserAuthPublickey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.LocalUsersSupported; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerKeepalives; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHClient.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHClient.java index 3225065e85..e87b5c40ef 100644 --- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHClient.java +++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHClient.java @@ -25,9 +25,9 @@ import org.opendaylight.netconf.transport.api.TransportStack; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; import org.opendaylight.netconf.transport.tcp.TCPClient; import org.opendaylight.netconf.transport.tcp.TCPServer; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHServer.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHServer.java index 9c4479be10..0a8cf7fecf 100644 --- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHServer.java +++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHServer.java @@ -26,9 +26,9 @@ import org.opendaylight.netconf.transport.api.TransportStack; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; import org.opendaylight.netconf.transport.tcp.TCPClient; import org.opendaylight.netconf.transport.tcp.TCPServer; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHTransportStackFactory.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHTransportStackFactory.java index 2c74d8ca19..77cd75e012 100644 --- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHTransportStackFactory.java +++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/SSHTransportStackFactory.java @@ -16,10 +16,10 @@ import org.opendaylight.netconf.shaded.sshd.netty.NettyIoServiceFactoryFactory; import org.opendaylight.netconf.transport.api.TransportChannelListener; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; import org.opendaylight.netconf.transport.tcp.BootstrapFactory; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; /** * A {@link BootstrapFactory} additionally capable of instantiating {@link SSHClient}s and {@link SSHServer}s. diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportSshClient.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportSshClient.java index 1e2e990e24..6888fbfe4a 100644 --- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportSshClient.java +++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportSshClient.java @@ -25,11 +25,11 @@ import org.opendaylight.netconf.shaded.sshd.client.keyverifier.ServerKeyVerifier import org.opendaylight.netconf.shaded.sshd.common.keyprovider.KeyIdentityProvider; import org.opendaylight.netconf.shaded.sshd.netty.NettyIoServiceFactoryFactory; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPassword; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.Keepalives; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.TransportParamsGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPassword; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentity; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.Keepalives; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ServerAuthentication; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.TransportParamsGrouping; /** * Our internal-use {@link SshClient}. We reuse all the properties and logic of an {@link SshClient}, but we never allow diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportSshServer.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportSshServer.java index 14fb53b211..535acf84a7 100644 --- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportSshServer.java +++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportSshServer.java @@ -26,10 +26,10 @@ import org.opendaylight.netconf.shaded.sshd.server.auth.password.UserAuthPasswor import org.opendaylight.netconf.shaded.sshd.server.auth.pubkey.UserAuthPublicKeyFactory; import org.opendaylight.netconf.shaded.sshd.server.forward.DirectTcpipFactory; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.Keepalives; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthentication; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.Keepalives; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentity; /** * Our internal-use {@link SshServer}. We reuse all the properties and logic of an {@link SshServer}, but we never allow diff --git a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportUtils.java b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportUtils.java index 6ae35af8ed..1d5f7fdbf7 100644 --- a/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportUtils.java +++ b/transport/transport-ssh/src/main/java/org/opendaylight/netconf/transport/ssh/TransportUtils.java @@ -78,9 +78,9 @@ import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.alg import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.HmacSha2256; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.HmacSha2512; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.ssh.mac.algs.rev220616.MacAlgBase; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.Encryption; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.HostKey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417.transport.params.grouping.KeyExchange; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.transport.params.grouping.Encryption; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.transport.params.grouping.HostKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228.transport.params.grouping.KeyExchange; final class TransportUtils { private static final Map> CIPHERS = @@ -249,7 +249,7 @@ final class TransportUtils { } public static List> getMacFactories( - final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev230417 + final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev231228 .transport.params.grouping.Mac mac) throws UnsupportedConfigurationException { if (mac != null) { final var macAlg = mac.getMacAlg(); diff --git a/transport/transport-ssh/src/main/yang/iana-ssh-encryption-algs@2022-06-16.yang b/transport/transport-ssh/src/main/yang/iana-ssh-encryption-algs@2022-06-16.yang index fabfd96bfc..aaacbac34d 100644 --- a/transport/transport-ssh/src/main/yang/iana-ssh-encryption-algs@2022-06-16.yang +++ b/transport/transport-ssh/src/main/yang/iana-ssh-encryption-algs@2022-06-16.yang @@ -36,13 +36,8 @@ module iana-ssh-encryption-algs { revision 2022-06-16 { description - "Updated to reflect contents of the encryption algorithms - registry on June 16, 2022."; - } - - revision 2021-06-01 { - description - "Initial version"; + "Reflects contents of the encryption algorithms registry + on June 16, 2022."; reference "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers"; } @@ -57,6 +52,7 @@ module iana-ssh-encryption-algs { "A reference to a SSH encryption algorithm identifier."; } + // Identities identity encryption-alg-base { @@ -138,6 +134,7 @@ module iana-ssh-encryption-algs { identity aes128-cbc { base encryption-alg-base; + status deprecated; description "AES128-CBC"; reference @@ -208,6 +205,7 @@ module iana-ssh-encryption-algs { "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; } + identity des-cbc { base encryption-alg-base; status obsolete; @@ -240,6 +238,7 @@ module iana-ssh-encryption-algs { identity aes128-ctr { base encryption-alg-base; + status deprecated; description "AES128-CTR"; reference @@ -385,7 +384,7 @@ module iana-ssh-encryption-algs { leaf-list supported-algorithm { type encryption-algorithm-ref; description - "A encryption algorithm supported by the server."; + "An encryption algorithm supported by the server."; } } diff --git a/transport/transport-ssh/src/main/yang/iana-ssh-key-exchange-algs@2022-06-16.yang b/transport/transport-ssh/src/main/yang/iana-ssh-key-exchange-algs@2022-06-16.yang index c4bab5b9b3..b2487b5312 100644 --- a/transport/transport-ssh/src/main/yang/iana-ssh-key-exchange-algs@2022-06-16.yang +++ b/transport/transport-ssh/src/main/yang/iana-ssh-key-exchange-algs@2022-06-16.yang @@ -36,13 +36,8 @@ module iana-ssh-key-exchange-algs { revision 2022-06-16 { description - "Updated to reflect contents of the key exchange algorithms - registry on June 16, 2022."; - } - - revision 2021-06-01 { - description - "Initial version"; + "Reflects contents of the key exchange algorithms registry + on June 16, 2022."; reference "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers"; } @@ -57,6 +52,7 @@ module iana-ssh-key-exchange-algs { "A reference to a SSH key exchange algorithm identifier."; } + // Identities identity key-exchange-alg-base { @@ -66,6 +62,7 @@ module iana-ssh-key-exchange-algs { identity diffie-hellman-group-exchange-sha1 { base key-exchange-alg-base; + status deprecated; description "DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA1"; reference @@ -86,6 +83,7 @@ module iana-ssh-key-exchange-algs { identity diffie-hellman-group1-sha1 { base key-exchange-alg-base; + status deprecated; description "DIFFIE-HELLMAN-GROUP1-SHA1"; reference @@ -95,6 +93,7 @@ module iana-ssh-key-exchange-algs { identity diffie-hellman-group14-sha1 { base key-exchange-alg-base; + status deprecated; description "DIFFIE-HELLMAN-GROUP14-SHA1"; reference @@ -104,6 +103,7 @@ module iana-ssh-key-exchange-algs { identity diffie-hellman-group14-sha256 { base key-exchange-alg-base; + status deprecated; description "DIFFIE-HELLMAN-GROUP14-SHA256"; reference @@ -154,6 +154,7 @@ module iana-ssh-key-exchange-algs { identity ecdh-sha2-nistp256 { base key-exchange-alg-base; + status deprecated; description "ECDH-SHA2-NISTP256 (secp256r1)"; reference @@ -534,6 +535,7 @@ module iana-ssh-key-exchange-algs { Generic Security Service Application Program Interface (GSS-API) Key Exchange with SHA-2"; } + identity gss-group14-sha1-1.3.132.0.36 { base key-exchange-alg-base; status deprecated; @@ -2022,6 +2024,7 @@ module iana-ssh-key-exchange-algs { Generic Security Service Application Program Interface (GSS-API) Key Exchange with SHA-2"; } + identity gss-curve25519-sha256-curve25519-sha256 { base key-exchange-alg-base; description diff --git a/transport/transport-ssh/src/main/yang/iana-ssh-mac-algs@2022-06-16.yang b/transport/transport-ssh/src/main/yang/iana-ssh-mac-algs@2022-06-16.yang index c2574007e8..6302442b89 100644 --- a/transport/transport-ssh/src/main/yang/iana-ssh-mac-algs@2022-06-16.yang +++ b/transport/transport-ssh/src/main/yang/iana-ssh-mac-algs@2022-06-16.yang @@ -36,13 +36,8 @@ module iana-ssh-mac-algs { revision 2022-06-16 { description - "Updated to reflect contents of the MAC algorithms - registry on June 16, 2022."; - } - - revision 2021-06-01 { - description - "Initial version"; + "Reflects contents of the MAC algorithms registry on + June 16, 2022."; reference "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers"; } @@ -57,6 +52,7 @@ module iana-ssh-mac-algs { "A reference to a SSH mac algorithm identifier."; } + // Identities identity mac-alg-base { diff --git a/transport/transport-ssh/src/main/yang/iana-ssh-public-key-algs@2022-06-16.yang b/transport/transport-ssh/src/main/yang/iana-ssh-public-key-algs@2022-06-16.yang index 647a7edb64..e17679922f 100644 --- a/transport/transport-ssh/src/main/yang/iana-ssh-public-key-algs@2022-06-16.yang +++ b/transport/transport-ssh/src/main/yang/iana-ssh-public-key-algs@2022-06-16.yang @@ -36,13 +36,8 @@ module iana-ssh-public-key-algs { revision 2022-06-16 { description - "Updated to reflect contents of the public key algorithms - registry on June 16, 2022."; - } - - revision 2021-06-01 { - description - "Initial version"; + "Reflects contents of the public key algorithms registry + on June 16, 2022."; reference "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers"; } @@ -57,6 +52,7 @@ module iana-ssh-public-key-algs { "A reference to a SSH public key algorithm identifier."; } + // Identities identity public-key-alg-base { @@ -151,6 +147,7 @@ module iana-ssh-public-key-algs { identity ecdsa-sha2-nistp256 { base public-key-alg-base; + status deprecated; description "ECDSA-SHA2-NISTP256 (secp256r1)"; reference @@ -289,6 +286,7 @@ module iana-ssh-public-key-algs { identity x509v3-rsa2048-sha256 { base public-key-alg-base; + status deprecated; description "X509V3-RSA2048-SHA256"; reference diff --git a/transport/transport-ssh/src/main/yang/ietf-ssh-client@2023-04-17.yang b/transport/transport-ssh/src/main/yang/ietf-ssh-client@2023-12-28.yang similarity index 87% rename from transport/transport-ssh/src/main/yang/ietf-ssh-client@2023-04-17.yang rename to transport/transport-ssh/src/main/yang/ietf-ssh-client@2023-12-28.yang index 77c3ea52fc..afe7ac1ab9 100644 --- a/transport/transport-ssh/src/main/yang/ietf-ssh-client@2023-04-17.yang +++ b/transport/transport-ssh/src/main/yang/ietf-ssh-client@2023-12-28.yang @@ -66,7 +66,7 @@ module ietf-ssh-client { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -85,9 +85,8 @@ module ietf-ssh-client { description "Indicates that the 'publickey' authentication type, per RFC 4252, is supported for client identification. - The 'publickey' authentication type is required by - RFC 4252, but common implementations enable it to + RFC 4252, but common implementations allow it to be disabled."; reference "RFC 4252: @@ -115,7 +114,8 @@ module ietf-ssh-client { feature client-ident-none { description "Indicates that the 'none' authentication type, per - RFC 4252, is supported for client identification."; + RFC 4252, is supported for client identification. + It is NOT RECOMMENDED to enable this feature."; reference "RFC 4252: The Secure Shell (SSH) Authentication Protocol"; @@ -169,12 +169,14 @@ module ietf-ssh-client { "RFC CCCC: A YANG Data Model for a Keystore"; uses ks:inline-or-keystore-asymmetric-key-grouping { refine "inline-or-keystore/inline/inline-definition" { - must 'derived-from-or-self(public-key-format,' - + ' "ct:ssh-public-key-format")'; + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format, "ct:ssh-public-key-format")'; } - refine "inline-or-keystore/keystore/keystore-reference" { - must 'derived-from-or-self(deref(.)/../ks:public-key-' - + 'format, "ct:ssh-public-key-format")'; + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference" { + must 'not(deref(.)/../ks:public-key-format) or derived-' + + 'from-or-self(deref(.)/../ks:public-key-format, ' + + '"ct:ssh-public-key-format")'; } } } @@ -203,12 +205,14 @@ module ietf-ssh-client { "RFC CCCC: A YANG Data Model for a Keystore"; uses ks:inline-or-keystore-asymmetric-key-grouping { refine "inline-or-keystore/inline/inline-definition" { - must 'derived-from-or-self(public-key-format,' - + ' "ct:ssh-public-key-format")'; + must 'not(public-key-format) or derived-from-or-self(' + + 'public-key-format, "ct:ssh-public-key-format")'; } - refine "inline-or-keystore/keystore/keystore-reference" { - must 'derived-from-or-self(deref(.)/../ks:public-key-' - + 'format, "ct:ssh-public-key-format")'; + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference" { + must 'not(deref(.)/../ks:public-key-format) or derived-' + + 'from-or-self(deref(.)/../ks:public-key-format, ' + + '"ct:ssh-public-key-format")'; } } } @@ -234,13 +238,15 @@ module ietf-ssh-client { uses ks:inline-or-keystore-end-entity-cert-with-key-grouping { refine "inline-or-keystore/inline/inline-definition" { - must 'derived-from-or-self(public-key-format,' - + ' "ct:subject-public-key-info-format")'; + must 'not(public-key-format) or derived-from-or-self(' + + 'public-key-format, "ct:subject-public-key-info-' + + 'format")'; } - refine "inline-or-keystore/keystore/keystore-reference" - + "/asymmetric-key" { - must 'derived-from-or-self(deref(.)/../ks:public-key-' - + 'format, "ct:subject-public-key-info-format")'; + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference/asymmetric-key" { + must 'not(deref(.)/../ks:public-key-format) or derived-' + + 'from-or-self(deref(.)/../ks:public-key-format, ' + + '"ct:subject-public-key-info-format")'; } } } @@ -272,8 +278,8 @@ module ietf-ssh-client { must 'derived-from-or-self(public-key-format,' + ' "ct:ssh-public-key-format")'; } - refine - "inline-or-truststore/truststore/truststore-reference" { + refine "inline-or-truststore/central-truststore/" + + "central-truststore-reference" { must 'not(deref(.)/../ts:public-key/ts:public-key-' + 'format[not(derived-from-or-self(., "ct:ssh-' + 'public-key-format"))])'; @@ -329,7 +335,7 @@ module ietf-ssh-client { description "Configures the keep-alive policy, to proactively test the aliveness of the SSH server. An unresponsive SSH - server is dropped after approximately max-wait * + server is dropped after approximately max-wait * max-attempts seconds. Per Section 4 of RFC 4254, the SSH client SHOULD send an SSH_MSG_GLOBAL_REQUEST message with a purposely nonexistent 'request name' diff --git a/transport/transport-ssh/src/main/yang/ietf-ssh-common@2023-04-17.yang b/transport/transport-ssh/src/main/yang/ietf-ssh-common@2023-12-28.yang similarity index 80% rename from transport/transport-ssh/src/main/yang/ietf-ssh-common@2023-04-17.yang rename to transport/transport-ssh/src/main/yang/ietf-ssh-common@2023-12-28.yang index d331660f6c..943f023e95 100644 --- a/transport/transport-ssh/src/main/yang/ietf-ssh-common@2023-04-17.yang +++ b/transport/transport-ssh/src/main/yang/ietf-ssh-common@2023-12-28.yang @@ -54,6 +54,7 @@ module ietf-ssh-common { Copyright (c) 2023 IETF Trust and the persons identified as authors of the code. All rights reserved. + Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised @@ -72,7 +73,7 @@ module ietf-ssh-common { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -193,7 +194,7 @@ module ietf-ssh-common { description "The algorithm to be used when generating the key."; } - leaf bits { + leaf num-bits { type uint16; description "Specifies the number of bits in the key to create. @@ -201,49 +202,53 @@ module ietf-ssh-common { the default is 3072 bits. Generally, 3072 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-6. For ECDSA keys, the - 'bits' value determines the key length by selecting + 'num-bits' value determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. Attempting to use bit lengths other than these three values for ECDSA keys will fail. ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length and - the 'bits' value, if specified, will be ignored."; + thus the 'num-bits' value is not specified."; reference "FIPS 186-6: Digital Signature Standard (DSS)"; } - choice private-key-encoding { - mandatory true; + container private-key-encoding { description - "A choice amongst optional private key handling."; - case cleartext { - if-feature "ct:encrypted-private-keys"; - leaf cleartext { - type empty; - description - "Indicates that the private key is to be returned - as a cleartext value."; + "Indicates how the private key is to be encoded."; + choice private-key-encoding { + mandatory true; + description + "A choice amongst optional private key handling."; + case cleartext { + if-feature "ct:cleartext-private-keys"; + leaf cleartext { + type empty; + description + "Indicates that the private key is to be returned + as a cleartext value."; + } } - } - case encrypt { - if-feature "ct:encrypted-private-keys"; - container encrypt-with { - description - "Indicates that the key is to be encrypted using - the specified symmetric or asymmetric key."; - uses ks:encrypted-by-choice-grouping; + case encrypted { + if-feature "ct:encrypted-private-keys"; + container encrypted { + description + "Indicates that the private key is to be encrypted + using the specified symmetric or asymmetric key."; + uses ks:encrypted-by-grouping; + } } - } - case hide { - if-feature "ct:hidden-private-keys"; - leaf hide { - type empty; - description - "Indicates that the private key is to be hidden. - - Unlike the 'cleartext' and 'encrypt' options, the - key returned is a placeholder for an internally - stored key. See the 'Support for Built-in Keys' - section in RFC CCCC for information about hidden - keys."; + case hidden { + if-feature "ct:hidden-private-keys"; + leaf hidden { + type empty; + description + "Indicates that the private key is to be hidden. + + Unlike the 'cleartext' and 'encrypt' options, the + key returned is a placeholder for an internally + stored key. See the 'Support for Built-in Keys' + section in RFC CCCC for information about hidden + keys."; + } } } } diff --git a/transport/transport-ssh/src/main/yang/ietf-ssh-server@2023-04-17.yang b/transport/transport-ssh/src/main/yang/ietf-ssh-server@2023-12-28.yang similarity index 91% rename from transport/transport-ssh/src/main/yang/ietf-ssh-server@2023-04-17.yang rename to transport/transport-ssh/src/main/yang/ietf-ssh-server@2023-12-28.yang index b5b564e725..5f5c685eee 100644 --- a/transport/transport-ssh/src/main/yang/ietf-ssh-server@2023-04-17.yang +++ b/transport/transport-ssh/src/main/yang/ietf-ssh-server@2023-12-28.yang @@ -72,7 +72,7 @@ module ietf-ssh-server { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -99,9 +99,8 @@ module ietf-ssh-server { description "Indicates that the 'publickey' authentication type, per RFC 4252, is supported for locally-defined users. - The 'publickey' authentication type is required by - RFC 4252, but common implementations enable it to + RFC 4252, but common implementations allow it to be disabled."; reference "RFC 4252: @@ -127,6 +126,7 @@ module ietf-ssh-server { "RFC 4252: The Secure Shell (SSH) Authentication Protocol"; } + feature local-user-auth-none { if-feature "local-users-supported"; description @@ -190,13 +190,14 @@ module ietf-ssh-server { "RFC CCCC: A YANG Data Model for a Keystore"; uses ks:inline-or-keystore-asymmetric-key-grouping { refine "inline-or-keystore/inline/inline-definition" { - must 'derived-from-or-self(public-key-format,' - + ' "ct:ssh-public-key-format")'; + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format, "ct:ssh-public-key-format")'; } - refine "inline-or-keystore/keystore/" - + "keystore-reference" { - must 'derived-from-or-self(deref(.)/../ks:public-' + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference" { + must 'not(deref(.)/../ks:public-key-format) or ' + + 'derived-from-or-self(deref(.)/../ks:public-' + 'key-format, "ct:ssh-public-key-format")'; } } @@ -210,16 +211,17 @@ module ietf-ssh-server { reference "RFC CCCC: A YANG Data Model for a Keystore"; uses - ks:inline-or-keystore-end-entity-cert-with-key-grouping{ + ks:inline-or-keystore-end-entity-cert-with-key-grouping{ refine "inline-or-keystore/inline/inline-definition" { - must 'derived-from-or-self(public-key-format,' - + ' "ct:subject-public-key-info-format")'; + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format, "ct:subject-public-key-' + + 'info-format")'; } - refine "inline-or-keystore/keystore/keystore-reference" - + "/asymmetric-key" { - must - 'derived-from-or-self(deref(.)/../ks:public-key-' - + 'format, "ct:subject-public-key-info-format")'; + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference/asymmetric-key" { + must 'not(deref(.)/../ks:public-key-format) or ' + + 'derived-from-or-self(deref(.)/../ks:public-key' + + '-format, "ct:subject-public-key-info-format")'; } } } @@ -250,7 +252,7 @@ module ietf-ssh-server { 5.1 and 5.2 in RFC 4252. The authentication methods are unordered. Clients - must authenticate to all configured methods. + must authenticate to all configured methods. Whenever a choice amongst methods arises, implementations SHOULD use a default ordering that prioritizes automation over human-interaction."; @@ -283,8 +285,8 @@ module ietf-ssh-server { must 'derived-from-or-self(public-key-format,' + ' "ct:ssh-public-key-format")'; } - refine "inline-or-truststore/truststore/truststore-" - + "reference" { + refine "inline-or-truststore/central-truststore/" + + "central-truststore-reference" { must 'not(deref(.)/../ts:public-key/ts:public-key-' + 'format[not(derived-from-or-self(., "ct:ssh-' + 'public-key-format"))])'; @@ -318,8 +320,8 @@ module ietf-ssh-server { must 'derived-from-or-self(public-key-format,' + ' "ct:ssh-public-key-format")'; } - refine "inline-or-truststore/truststore/truststore-" - + "reference" { + refine "inline-or-truststore/central-truststore/" + + "central-truststore-reference" { must 'not(deref(.)/../ts:public-key/ts:public-key-' + 'format[not(derived-from-or-self(., "ct:ssh-' + 'public-key-format"))])'; @@ -337,7 +339,7 @@ module ietf-ssh-server { Protocol."; } } - } + } // users container ca-certs { if-feature "sshcmn:ssh-x509-certs"; presence diff --git a/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/SshClientServerTest.java b/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/SshClientServerTest.java index 53371f4924..b845531773 100644 --- a/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/SshClientServerTest.java +++ b/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/SshClientServerTest.java @@ -67,15 +67,15 @@ import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.SshClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentity; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ServerAuthentication; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.SshServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthentication; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentity; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.opendaylight.yangtools.yang.common.Uint16; @ExtendWith(MockitoExtension.class) diff --git a/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/TestUtils.java b/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/TestUtils.java index 148618ed05..9b96c136ff 100644 --- a/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/TestUtils.java +++ b/transport/transport-ssh/src/test/java/org/opendaylight/netconf/transport/ssh/TestUtils.java @@ -33,30 +33,30 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.crypt.hash.rev140806.CryptHash; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EndEntityCertCms; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.TrustAnchorCertCms; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPasswordBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentityBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthenticationBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.CaCertsBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.server.authentication.SshHostKeysBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthenticationBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentityBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.UsersBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.User; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.UserBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.client.authentication.users.user.PublicKeysBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EcPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EndEntityCertCms; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.PrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SshPublicKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.TrustAnchorCertCms; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228._private.key.grouping._private.key.type.CleartextPrivateKeyBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.password.grouping.password.type.CleartextPasswordBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentity; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ClientIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ServerAuthentication; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.ServerAuthenticationBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.server.authentication.CaCertsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228.ssh.client.grouping.server.authentication.SshHostKeysBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthentication; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ClientAuthenticationBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentity; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.ServerIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.UsersBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.users.User; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.users.UserBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228.ssh.server.grouping.client.authentication.users.user.PublicKeysBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder; import org.opendaylight.yangtools.yang.binding.util.BindingMap; public final class TestUtils { @@ -84,14 +84,14 @@ public final class TestUtils { return new ServerIdentityBuilder().setHostKey(List.of(buildServerHostKeyWithCertificate(keyData))).build(); } - private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.HostKey buildServerHostKeyWithKeyPair(final KeyData keyData) { - return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.HostKeyBuilder() .setName(HOST_KEY_NAME) - .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.host.key.host.key.type.PublicKeyBuilder() - .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.host.key.host.key.type._public.key.PublicKeyBuilder() .setInlineOrKeystore(buildAsymmetricKeyLocal(keyData)) .build()) @@ -99,14 +99,14 @@ public final class TestUtils { .build(); } - private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.HostKey buildServerHostKeyWithCertificate(final KeyData keyData) { - return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.HostKeyBuilder() .setName(HOST_KEY_NAME) - .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + .setHostKeyType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.host.key.host.key.type.CertificateBuilder() - .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.server.identity.host.key.host.key.type.certificate.CertificateBuilder() .setInlineOrKeystore(buildEndEntityCertWithKeyLocal(keyData)) .build()) @@ -122,15 +122,15 @@ public final class TestUtils { .build(); } - private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline buildTruststorePublicKeyLocal( final KeyData keyData) { - return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore._public.keys.grouping.inline.or.truststore.InlineBuilder() - .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.InlineDefinitionBuilder() .setPublicKey(BindingMap.of(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore - .rev230417.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline.definition + .rev231228.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline.definition .PublicKeyBuilder() .setName(PUBLIC_KEY_NAME) .setPublicKeyFormat(SshPublicKeyFormat.VALUE) @@ -149,12 +149,12 @@ public final class TestUtils { .build(); } - private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore.certs.grouping.inline.or.truststore.Inline buildTruststoreCertificatesLocal( final byte[] certificateBytes) { - return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore.certs.grouping.inline.or.truststore.InlineBuilder() - .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore.certs.grouping.inline.or.truststore.inline.InlineDefinitionBuilder() .setCertificate(BindingMap.of(new CertificateBuilder() .setName(CERTIFICATE_NAME) @@ -164,17 +164,17 @@ public final class TestUtils { .build(); } - private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore buildAsymmetricKeyLocal(final KeyData data) { return buildAsymmetricKeyLocal(data.algorithm(), data.publicKeyBytes(), data.privateKeyBytes()); } - private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore buildAsymmetricKeyLocal(final String algorithm, final byte[] publicKeyBytes, final byte[] privateKeyBytes) { - return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder() - .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline.InlineDefinitionBuilder() .setPublicKeyFormat(SubjectPublicKeyInfoFormat.VALUE) .setPublicKey(publicKeyBytes) @@ -184,12 +184,12 @@ public final class TestUtils { .build(); } - public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + public static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.end.entity.cert.with.key.grouping.InlineOrKeystore buildEndEntityCertWithKeyLocal( final KeyData keyData) { - return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.InlineBuilder() - .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline .InlineDefinitionBuilder() .setPublicKeyFormat(SubjectPublicKeyInfoFormat.VALUE) @@ -223,22 +223,22 @@ public final class TestUtils { private static User buildServerUserHostBased(final String userName, final byte[] publicKeyBytes) { return new UserBuilder() .setName(userName) - .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417 + .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev231228 .ssh.server.grouping.client.authentication.users.user.HostbasedBuilder() .setInlineOrTruststore(buildPublicKeyLocal(publicKeyBytes)) .build()) .build(); } - private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + private static org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline buildPublicKeyLocal( final byte[] publicKeyBytes) { - return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore._public.keys.grouping.inline.or.truststore.InlineBuilder() - .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.InlineDefinitionBuilder() .setPublicKey(BindingMap.of(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf - .truststore.rev230417.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline + .truststore.rev231228.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline .definition.PublicKeyBuilder() .setPublicKeyFormat(SshPublicKeyFormat.VALUE) .setName(PUBLIC_KEY_NAME) @@ -262,7 +262,7 @@ public final class TestUtils { public static ClientIdentity buildClientIdentityWithPassword(final String username, final String password) { return new ClientIdentityBuilder() .setUsername(username) - .setPassword(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417 + .setPassword(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228 .ssh.client.grouping.client.identity.PasswordBuilder() .setPasswordType(new CleartextPasswordBuilder().setCleartextPassword(password).build()).build()) .build(); @@ -271,7 +271,7 @@ public final class TestUtils { public static ClientIdentity buildClientIdentityHostBased(final String username, final KeyData data) { return new ClientIdentityBuilder() .setUsername(username) - .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417 + .setHostbased(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228 .ssh.client.grouping.client.identity.HostbasedBuilder() .setInlineOrKeystore(buildAsymmetricKeyLocal(data)) .build()) @@ -281,7 +281,7 @@ public final class TestUtils { public static ClientIdentity buildClientIdentityWithPublicKey(final String username, final KeyData data) { return new ClientIdentityBuilder() .setUsername(username) - .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417 + .setPublicKey(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev231228 .ssh.client.grouping.client.identity.PublicKeyBuilder() .setInlineOrKeystore(buildAsymmetricKeyLocal(data)) .build()) diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/AbstractNettyImpl.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/AbstractNettyImpl.java index e550b4feac..406e2d3239 100644 --- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/AbstractNettyImpl.java +++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/AbstractNettyImpl.java @@ -14,7 +14,7 @@ import io.netty.channel.socket.ServerSocketChannel; import io.netty.channel.socket.SocketChannel; import java.util.concurrent.ThreadFactory; import org.eclipse.jdt.annotation.NonNullByDefault; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.tcp.common.grouping.Keepalives; /** * Wrapper around a particular Netty transport implementation. diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/EpollNettyImpl.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/EpollNettyImpl.java index 52d8df6832..d3867ae847 100644 --- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/EpollNettyImpl.java +++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/EpollNettyImpl.java @@ -17,7 +17,7 @@ import io.netty.channel.epoll.EpollServerSocketChannel; import io.netty.channel.epoll.EpollSocketChannel; import java.util.concurrent.ThreadFactory; import org.eclipse.jdt.annotation.NonNullByDefault; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.tcp.common.grouping.Keepalives; @NonNullByDefault final class EpollNettyImpl extends AbstractNettyImpl { diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpClientFeatureProvider.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpClientFeatureProvider.java index a819e2b498..3340ca7612 100644 --- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpClientFeatureProvider.java +++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpClientFeatureProvider.java @@ -10,9 +10,9 @@ package org.opendaylight.netconf.transport.tcp; import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.IetfTcpClientData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.LocalBindingSupported; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientKeepalives; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.IetfTcpClientData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.LocalBindingSupported; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientKeepalives; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpCommonFeatureProvider.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpCommonFeatureProvider.java index a1335be81b..24c8ace9bd 100644 --- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpCommonFeatureProvider.java +++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpCommonFeatureProvider.java @@ -10,8 +10,8 @@ package org.opendaylight.netconf.transport.tcp; import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.IetfTcpCommonData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.KeepalivesSupported; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.IetfTcpCommonData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.KeepalivesSupported; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpServerFeatureProvider.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpServerFeatureProvider.java index 04cfd38382..b976177104 100644 --- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpServerFeatureProvider.java +++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/IetfTcpServerFeatureProvider.java @@ -10,8 +10,8 @@ package org.opendaylight.netconf.transport.tcp; import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.IetfTcpServerData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerKeepalives; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.IetfTcpServerData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerKeepalives; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NettyTransportSupport.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NettyTransportSupport.java index ed12a12227..a62191aadc 100644 --- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NettyTransportSupport.java +++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NettyTransportSupport.java @@ -19,7 +19,7 @@ import io.netty.channel.socket.SocketChannel; import org.eclipse.jdt.annotation.NonNullByDefault; import org.eclipse.jdt.annotation.Nullable; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.tcp.common.grouping.Keepalives; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NioNettyImpl.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NioNettyImpl.java index c25f9b7db4..fcede0c390 100644 --- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NioNettyImpl.java +++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/NioNettyImpl.java @@ -20,7 +20,7 @@ import java.util.Map; import java.util.concurrent.ThreadFactory; import jdk.net.ExtendedSocketOptions; import org.eclipse.jdt.annotation.NonNullByDefault; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev230417.tcp.common.grouping.Keepalives; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.common.rev231228.tcp.common.grouping.Keepalives; import org.slf4j.LoggerFactory; @NonNullByDefault diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPClient.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPClient.java index ede9973cf8..f70cd1043a 100644 --- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPClient.java +++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPClient.java @@ -18,7 +18,7 @@ import io.netty.channel.ChannelInitializer; import org.eclipse.jdt.annotation.NonNull; import org.opendaylight.netconf.transport.api.TransportChannelListener; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; import org.opendaylight.yangtools.yang.common.Empty; /** diff --git a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPServer.java b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPServer.java index eb49f2099b..5bd7834ed6 100644 --- a/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPServer.java +++ b/transport/transport-tcp/src/main/java/org/opendaylight/netconf/transport/tcp/TCPServer.java @@ -21,7 +21,7 @@ import io.netty.channel.ChannelInitializer; import org.eclipse.jdt.annotation.NonNull; import org.opendaylight.netconf.transport.api.TransportChannelListener; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.opendaylight.yangtools.yang.common.Empty; /** diff --git a/transport/transport-tcp/src/main/yang/ietf-tcp-client@2023-04-17.yang b/transport/transport-tcp/src/main/yang/ietf-tcp-client@2023-12-28.yang similarity index 99% rename from transport/transport-tcp/src/main/yang/ietf-tcp-client@2023-04-17.yang rename to transport/transport-tcp/src/main/yang/ietf-tcp-client@2023-12-28.yang index 95e62149b5..567fb5d7cf 100644 --- a/transport/transport-tcp/src/main/yang/ietf-tcp-client@2023-04-17.yang +++ b/transport/transport-tcp/src/main/yang/ietf-tcp-client@2023-12-28.yang @@ -59,7 +59,7 @@ module ietf-tcp-client { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -315,7 +315,7 @@ module ietf-tcp-client { } uses tcpcmn:tcp-common-grouping { - augment "keepalives" { + refine "keepalives" { if-feature "tcp-client-keepalives"; description "Add an if-feature statement so that implementations diff --git a/transport/transport-tcp/src/main/yang/ietf-tcp-common@2023-04-17.yang b/transport/transport-tcp/src/main/yang/ietf-tcp-common@2023-12-28.yang similarity index 87% rename from transport/transport-tcp/src/main/yang/ietf-tcp-common@2023-04-17.yang rename to transport/transport-tcp/src/main/yang/ietf-tcp-common@2023-12-28.yang index 100380ff03..f9a291e6b6 100644 --- a/transport/transport-tcp/src/main/yang/ietf-tcp-common@2023-04-17.yang +++ b/transport/transport-tcp/src/main/yang/ietf-tcp-common@2023-12-28.yang @@ -17,8 +17,10 @@ module ietf-tcp-common { "; description - "This module defines reusable groupings for TCP commons that - can be used as a basis for specific TCP common instances. + "This module define a reusable 'grouping' that is common + to both TCP-clients and TCP-servers. This grouping statement + is used by both the 'ietf-tcp-client' and 'ietf-tcp-server' + modules. Copyright (c) 2023 IETF Trust and the persons identified as authors of the code. All rights reserved. @@ -41,7 +43,7 @@ module ietf-tcp-common { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -56,6 +58,7 @@ module ietf-tcp-common { } // Groupings + grouping tcp-common-grouping { description "A reusable grouping for configuring TCP parameters common @@ -63,15 +66,12 @@ module ietf-tcp-common { whole."; container keepalives { if-feature "keepalives-supported"; - presence - "Indicates that keepalives are enabled. This statement is - present so the mandatory descendant nodes do not imply that - this node must be configured."; description "Configures the keep-alive policy, to proactively test the aliveness of the TCP peer. An unresponsive TCP peer is - dropped after approximately (idle-time + max-probes - * probe-interval) seconds."; + dropped after approximately (idle-time + max-probes * + probe-interval) seconds. Further guidance can be found + in Section 2.1.5 of RFC DDDD."; reference "RFC 9293: Transmission Control Protocol (TCP), Section 3.8.4.."; @@ -80,7 +80,7 @@ module ietf-tcp-common { range "1..max"; } units "seconds"; - mandatory true; + default 7200; description "Sets the amount of time after which if no data has been received from the TCP peer, a TCP-level probe message @@ -94,7 +94,7 @@ module ietf-tcp-common { type uint16 { range "1..max"; } - mandatory true; + default 9; description "Sets the maximum number of sequential keep-alive probes that can fail to obtain a response from the TCP peer @@ -105,7 +105,7 @@ module ietf-tcp-common { range "1..max"; } units "seconds"; - mandatory true; + default 75; description "Sets the time interval between failed probes. The interval SHOULD be significantly longer than one second in order to diff --git a/transport/transport-tcp/src/main/yang/ietf-tcp-server@2023-04-17.yang b/transport/transport-tcp/src/main/yang/ietf-tcp-server@2023-12-28.yang similarity index 98% rename from transport/transport-tcp/src/main/yang/ietf-tcp-server@2023-04-17.yang rename to transport/transport-tcp/src/main/yang/ietf-tcp-server@2023-12-28.yang index 734494481b..ee6c657d30 100644 --- a/transport/transport-tcp/src/main/yang/ietf-tcp-server@2023-04-17.yang +++ b/transport/transport-tcp/src/main/yang/ietf-tcp-server@2023-12-28.yang @@ -27,6 +27,7 @@ module ietf-tcp-server { Authors: Kent Watsen Michael Scharf "; + description "This module defines reusable groupings for TCP servers that can be used as a basis for specific TCP server instances. @@ -52,7 +53,7 @@ module ietf-tcp-server { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -104,7 +105,7 @@ module ietf-tcp-server { an application specific default port number value."; } uses tcpcmn:tcp-common-grouping { - augment "keepalives" { + refine "keepalives" { if-feature "tcp-server-keepalives"; description "Add an if-feature statement so that implementations diff --git a/transport/transport-tcp/src/test/java/org/opendaylight/netconf/transport/tcp/TCPClientServerTest.java b/transport/transport-tcp/src/test/java/org/opendaylight/netconf/transport/tcp/TCPClientServerTest.java index 238533851d..c726fcdb84 100644 --- a/transport/transport-tcp/src/test/java/org/opendaylight/netconf/transport/tcp/TCPClientServerTest.java +++ b/transport/transport-tcp/src/test/java/org/opendaylight/netconf/transport/tcp/TCPClientServerTest.java @@ -37,8 +37,8 @@ import org.opendaylight.netconf.transport.api.TransportChannelListener; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; import org.opendaylight.yangtools.yang.common.Uint16; @ExtendWith(MockitoExtension.class) diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/ConfigUtils.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/ConfigUtils.java index a7d05b33b4..61145057f7 100644 --- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/ConfigUtils.java +++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/ConfigUtils.java @@ -27,15 +27,15 @@ import java.util.Map; import org.eclipse.jdt.annotation.NonNull; import org.eclipse.jdt.annotation.Nullable; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.AsymmetricKeyPairGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.AsymmetricKeyPairGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EcPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SshPublicKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228._private.key.grouping._private.key.type.CleartextPrivateKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreAsymmetricKeyGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreEndEntityCertWithKeyGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.InlineOrTruststoreCertsGrouping; final class ConfigUtils { @@ -78,7 +78,7 @@ final class ConfigUtils { return Map.of(); } final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore - .rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class, + .rev231228.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class, certs.getInlineOrTruststore()); final var inlineDef = inline.getInlineDefinition(); if (inlineDef == null) { @@ -107,7 +107,7 @@ final class ConfigUtils { final @NonNull InlineOrKeystoreAsymmetricKeyGrouping input) throws UnsupportedConfigurationException { - final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline.class, input.getInlineOrKeystore()); final var inlineDef = inline.getInlineDefinition(); @@ -139,7 +139,7 @@ final class ConfigUtils { static void setEndEntityCertificateWithKey(final @NonNull KeyStore keyStore, final @NonNull InlineOrKeystoreEndEntityCertWithKeyGrouping input) throws UnsupportedConfigurationException { - final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + final var inline = ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline.class, input.getInlineOrKeystore()); final var inlineDef = inline.getInlineDefinition(); diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsClientFeatureProvider.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsClientFeatureProvider.java index e651f0b489..8746858cdf 100644 --- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsClientFeatureProvider.java +++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsClientFeatureProvider.java @@ -10,9 +10,9 @@ package org.opendaylight.netconf.transport.tls; import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.ClientIdentX509Cert; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.IetfTlsClientData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.ServerAuthX509Cert; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.ClientIdentX509Cert; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.IetfTlsClientData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.ServerAuthX509Cert; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsCommonFeatureProvider.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsCommonFeatureProvider.java index 927a7dce27..773e43519c 100644 --- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsCommonFeatureProvider.java +++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsCommonFeatureProvider.java @@ -12,13 +12,13 @@ import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.eclipse.jdt.annotation.Nullable; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParams; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.IetfTlsCommonData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls12$F; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls12$I; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls13$F; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.Tls13$I; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.TlsVersionBase; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.HelloParams; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.IetfTlsCommonData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.Tls12$F; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.Tls12$I; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.Tls13$F; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.Tls13$I; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.TlsVersionBase; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsServerFeatureProvider.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsServerFeatureProvider.java index 6537f86115..090e7d01ce 100644 --- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsServerFeatureProvider.java +++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/IetfTlsServerFeatureProvider.java @@ -10,10 +10,10 @@ package org.opendaylight.netconf.transport.tls; import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ClientAuthSupported; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ClientAuthX509Cert; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.IetfTlsServerData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.ServerIdentX509Cert; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.ClientAuthSupported; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.ClientAuthX509Cert; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.IetfTlsServerData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.ServerIdentX509Cert; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SSLEngineFactory.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SSLEngineFactory.java index c75edfc635..4e2acedf10 100644 --- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SSLEngineFactory.java +++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SSLEngineFactory.java @@ -19,7 +19,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParamsGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.HelloParamsGrouping; /** * A pre-configured factory for creating {@link SslHandler}s. diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSClient.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSClient.java index 0009dcfc2b..92bb0868b9 100644 --- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSClient.java +++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSClient.java @@ -18,11 +18,11 @@ import org.opendaylight.netconf.transport.api.TransportStack; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; import org.opendaylight.netconf.transport.tcp.TCPClient; import org.opendaylight.netconf.transport.tcp.TCPServer; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.Certificate; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.RawPublicKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.client.identity.auth.type.Certificate; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.client.identity.auth.type.RawPublicKey; /** * A {@link TransportStack} acting as a TLS client. diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSServer.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSServer.java index b912d81f1a..b436289dca 100644 --- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSServer.java +++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSServer.java @@ -19,11 +19,11 @@ import org.opendaylight.netconf.transport.api.TransportStack; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; import org.opendaylight.netconf.transport.tcp.TCPClient; import org.opendaylight.netconf.transport.tcp.TCPServer; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.TlsServerGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.Certificate; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.RawPrivateKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.TlsServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.tls.server.grouping.server.identity.auth.type.Certificate; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.tls.server.grouping.server.identity.auth.type.RawPrivateKey; /** * A {@link TransportStack} acting as a TLS server. diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSTransportStack.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSTransportStack.java index 53565546d4..131d07983b 100644 --- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSTransportStack.java +++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/TLSTransportStack.java @@ -21,7 +21,6 @@ import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import java.security.KeyStore; import java.util.List; -import java.util.Set; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLException; import javax.net.ssl.TrustManagerFactory; @@ -56,12 +55,12 @@ import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher. import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithAes128GcmSha256; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithAes256GcmSha384; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana.tls.cipher.suite.algs.rev220616.TlsEcdheRsaWithChacha20Poly1305Sha256; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParamsGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.TlsVersionBase; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststoreCertsGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineOrTruststorePublicKeysGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreAsymmetricKeyGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreEndEntityCertWithKeyGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.HelloParamsGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev231228.TlsVersionBase; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.InlineOrTruststoreCertsGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.InlineOrTruststorePublicKeysGrouping; /** * Base class for TLS TransportStacks. @@ -184,7 +183,7 @@ public abstract sealed class TLSTransportStack extends AbstractOverlayTransportS } } - private static String[] createTlsStrings(final Set versions) + private static String[] createTlsStrings(final List versions) throws UnsupportedConfigurationException { // FIXME: cache these final var ret = new String[versions.size()]; diff --git a/transport/transport-tls/src/main/yang/iana-tls-cipher-suite-algs@2022-06-16.yang b/transport/transport-tls/src/main/yang/iana-tls-cipher-suite-algs@2022-06-16.yang index 78d310d474..bd000378a9 100644 --- a/transport/transport-tls/src/main/yang/iana-tls-cipher-suite-algs@2022-06-16.yang +++ b/transport/transport-tls/src/main/yang/iana-tls-cipher-suite-algs@2022-06-16.yang @@ -36,15 +36,10 @@ module iana-tls-cipher-suite-algs { revision 2022-06-16 { description - "Updated to reflect contents of the public key algorithms - registry on June 16, 2022."; - } - - revision 2021-06-02 { - description - "Initial version"; + "Reflect contents of the public key algorithms registry + on June 16, 2022."; reference - "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers"; + "RFC FFFF: YANG Groupings for TLS Clients and TLS Servers"; } // Typedefs @@ -56,6 +51,8 @@ module iana-tls-cipher-suite-algs { description "A reference to a TLS cipher suite algorithm identifier."; } + + // Identities identity cipher-suite-alg-base { @@ -104,6 +101,7 @@ module iana-tls-cipher-suite-algs { RFC 6347: Datagram Transport Layer Security version 1.2"; } + identity tls-rsa-with-rc4-128-md5 { base cipher-suite-alg-base; status deprecated; @@ -584,6 +582,7 @@ module iana-tls-cipher-suite-algs { "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2"; } + identity tls-dh-dss-with-aes-128-cbc-sha { base cipher-suite-alg-base; status deprecated; @@ -1592,6 +1591,7 @@ module iana-tls-cipher-suite-algs { ShangMi (SM) Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.3"; } + identity tls-sm4-ccm-sm3 { base cipher-suite-alg-base; status deprecated; @@ -1640,6 +1640,7 @@ module iana-tls-cipher-suite-algs { "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3"; } + identity tls-aes-128-ccm-sha256 { base cipher-suite-alg-base; description @@ -2024,6 +2025,7 @@ module iana-tls-cipher-suite-algs { "RFC 5054: Using SRP for TLS Authentication"; } + identity tls-srp-sha-rsa-with-aes-256-cbc-sha { base cipher-suite-alg-base; status deprecated; @@ -2120,6 +2122,7 @@ module iana-tls-cipher-suite-algs { TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode"; } + identity tls-ecdh-rsa-with-aes-256-cbc-sha384 { base cipher-suite-alg-base; status deprecated; @@ -2504,6 +2507,7 @@ module iana-tls-cipher-suite-algs { Addition of the ARIA Cipher Suites to Transport Layer Security (TLS)"; } + identity tls-ecdh-rsa-with-aria-128-cbc-sha256 { base cipher-suite-alg-base; status deprecated; @@ -2888,6 +2892,7 @@ module iana-tls-cipher-suite-algs { Addition of the ARIA Cipher Suites to Transport Layer Security (TLS)"; } + identity tls-ecdhe-psk-with-aria-256-cbc-sha384 { base cipher-suite-alg-base; status deprecated; @@ -3272,6 +3277,7 @@ module iana-tls-cipher-suite-algs { Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)"; } + identity tls-psk-with-camellia-128-cbc-sha256 { base cipher-suite-alg-base; status deprecated; @@ -3752,6 +3758,7 @@ module iana-tls-cipher-suite-algs { "RFC 8442: ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites"; } + identity tls-ecdhe-psk-with-aes-128-ccm-sha256 { base cipher-suite-alg-base; description @@ -3761,6 +3768,7 @@ module iana-tls-cipher-suite-algs { ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites"; } + // Protocol-accessible Nodes container supported-algorithms { diff --git a/transport/transport-tls/src/main/yang/ietf-tls-client@2023-04-17.yang b/transport/transport-tls/src/main/yang/ietf-tls-client@2023-12-28.yang similarity index 83% rename from transport/transport-tls/src/main/yang/ietf-tls-client@2023-04-17.yang rename to transport/transport-tls/src/main/yang/ietf-tls-client@2023-12-28.yang index 8bcdb0178b..2d03b4af01 100644 --- a/transport/transport-tls/src/main/yang/ietf-tls-client@2023-04-17.yang +++ b/transport/transport-tls/src/main/yang/ietf-tls-client@2023-12-28.yang @@ -67,7 +67,7 @@ module ietf-tls-client { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -103,6 +103,7 @@ module ietf-tls-client { } feature client-ident-tls12-psk { + if-feature "tlscmn:tls12"; description "Indicates that the client supports identifying itself using TLS-1.2 PSKs (pre-shared or pairwise-symmetric keys)."; @@ -113,6 +114,7 @@ module ietf-tls-client { } feature client-ident-tls13-epsk { + if-feature "tlscmn:tls13"; description "Indicates that the client supports identifying itself using TLS-1.3 External PSKs (pre-shared keys)."; @@ -140,6 +142,7 @@ module ietf-tls-client { Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)"; } + feature server-auth-tls12-psk { description "Indicates that the client supports authenticating servers @@ -186,7 +189,7 @@ module ietf-tls-client { "Identity credentials the TLS client MAY present when establishing a connection to a TLS server. If not configured, then client authentication is presumed to - occur a protocol layer above TLS. When configured, + occur in a protocol layer above TLS. When configured, and requested by the TLS server when establishing a TLS session, these credentials are passed in the Certificate message defined in Section 7.4.2 of @@ -211,12 +214,14 @@ module ietf-tls-client { "ks:inline-or-keystore-end-entity-cert-with-key-" + "grouping" { refine "inline-or-keystore/inline/inline-definition" { - must 'derived-from-or-self(public-key-format,' - + ' "ct:subject-public-key-info-format")'; + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format, "ct:subject-public-key-' + + 'info-format")'; } - refine "inline-or-keystore/keystore/keystore-reference" - + "/asymmetric-key" { - must 'derived-from-or-self(deref(.)/../ks:public-' + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference/asymmetric-key" { + must 'not(deref(.)/../ks:public-key-format) or ' + + 'derived-from-or-self(deref(.)/../ks:public-' + 'key-format, "ct:subject-public-key-info-' + 'format")'; } @@ -231,12 +236,14 @@ module ietf-tls-client { private key."; uses ks:inline-or-keystore-asymmetric-key-grouping { refine "inline-or-keystore/inline/inline-definition" { - must 'derived-from-or-self(public-key-format,' - + ' "ct:subject-public-key-info-format")'; + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format, "ct:subject-public-key-' + + 'info-format")'; } - refine - "inline-or-keystore/keystore/keystore-reference" { - must 'derived-from-or-self(deref(.)/../ks:public-' + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference" { + must 'not(deref(.)/../ks:public-key-format) or ' + + 'derived-from-or-self(deref(.)/../ks:public-' + 'key-format, "ct:subject-public-key-info-' + 'format")'; } @@ -274,41 +281,39 @@ module ietf-tls-client { and the KDF hash algorithm to be used with the PSK MUST also be provisioned. - The structure of this container is designed - to satisfy the requirements of RFC 8446 - Section 4.2.11, the recommendations from I-D - ietf-tls-external-psk-guidance Section 6, - and the EPSK input fields detailed in I-D - draft-ietf-tls-external-psk-importer - Section 3.1. The base-key is based upon - ks:inline-or-keystore-symmetric-key-grouping + The structure of this container is designed to + satisfy the requirements of RFC 8446 Section + 4.2.11, the recommendations from Section 6 in + RFC 9257, and the EPSK input fields detailed in + Section 5.1 in RFC 9258. The base-key is based + upon ks:inline-or-keystore-symmetric-key-grouping in order to provide users with flexible and secure storage options."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3 - I-D.ietf-tls-external-psk-importer: - Importing External PSKs for TLS - I-D.ietf-tls-external-psk-guidance: - Guidance for External PSK Usage in TLS"; + RFC 9257: Guidance for External Pre-Shared Key + (PSK) Usage in TLS + RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; uses ks:inline-or-keystore-symmetric-key-grouping; leaf external-identity { type string; mandatory true; description "As per Section 4.2.11 of RFC 8446, and Section 4.1 - of I-D. ietf-tls-external-psk-guidance: - A sequence of bytes used to identify an EPSK. A - label for a pre-shared key established externally."; + of RFC 9257, a sequence of bytes used to identify + an EPSK. A label for a pre-shared key established + externally."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3 - I-D.ietf-tls-external-psk-guidance: - Guidance for External PSK Usage in TLS"; + RFC 9257: Guidance for External Pre-Shared Key + (PSK) Usage in TLS"; } leaf hash { type tlscmn:epsk-supported-hash; - mandatory true; + default sha-256; description "As per Section 4.2.11 of RFC 8446, for externally established PSKs, the Hash algorithm MUST be set @@ -324,41 +329,38 @@ module ietf-tls-client { leaf context { type string; description - "As per Section 4.1 of I-D. - ietf-tls-external-psk-guidance: Context may include - information about peer roles or identities to - mitigate Selfie-style reflection attacks [Selfie]. - If the EPSK is a key derived from some other - protocol or sequence of protocols, context - MUST include a channel binding for the deriving - protocols [RFC5056]. The details of this binding - are protocol specific."; + "Per Section 5.1 of RFC 9258, context MUST include + the context used to determine the EPSK, if + any exists. For example, context may include + information about peer roles or identities + to mitigate Selfie-style reflection attacks. + Since the EPSK is a key derived from an external + protocol or sequence of protocols, context MUST + include a channel binding for the deriving + protocols [RFC5056]. The details of this + binding are protocol specfic and out of scope + for this document."; reference - "I-D.ietf-tls-external-psk-importer: - Importing External PSKs for TLS - I-D.ietf-tls-external-psk-guidance: - Guidance for External PSK Usage in TLS"; + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; } leaf target-protocol { type uint16; description - "As per Section 3.1 of I-D. - ietf-tls-external-psk-guidance: - The protocol for which a PSK is imported for use."; + "As per Section 3 of RFC 9258, the protocol + for which a PSK is imported for use."; reference - "I-D.ietf-tls-external-psk-importer: - Importing External PSKs for TLS"; + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; } leaf target-kdf { type uint16; description - "As per Section 3.1 of I-D. - ietf-tls-external-psk-guidance: - The specific Key Derivation Function (KDF) for which - a PSK is imported for use."; + "As per Section 3 of RFC 9258, the KDF for + which a PSK is imported for use."; reference - "I-D.ietf-tls-external-psk-importer: - Importing External PSKs for TLS"; + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; } } } @@ -427,8 +429,8 @@ module ietf-tls-client { must 'derived-from-or-self(public-key-format,' + ' "ct:subject-public-key-info-format")'; } - refine "inline-or-truststore/truststore/truststore-" - + "reference" { + refine "inline-or-truststore/central-truststore/" + + "central-truststore-reference" { must 'not(deref(.)/../ts:public-key/ts:public-key-' + 'format[not(derived-from-or-self(., "ct:subject-' + 'public-key-info-format"))])'; @@ -440,7 +442,7 @@ module ietf-tls-client { type empty; description "Indicates that the TLS client can authenticate TLS servers - using configure PSKs (pre-shared or pairwise-symmetric + using configured PSKs (pre-shared or pairwise-symmetric keys). No configuration is required since the PSK value is the diff --git a/transport/transport-tls/src/main/yang/ietf-tls-common@2023-04-17.yang b/transport/transport-tls/src/main/yang/ietf-tls-common@2023-12-28.yang similarity index 81% rename from transport/transport-tls/src/main/yang/ietf-tls-common@2023-04-17.yang rename to transport/transport-tls/src/main/yang/ietf-tls-common@2023-12-28.yang index 5ad06f4198..e17c538612 100644 --- a/transport/transport-tls/src/main/yang/ietf-tls-common@2023-04-17.yang +++ b/transport/transport-tls/src/main/yang/ietf-tls-common@2023-12-28.yang @@ -56,7 +56,7 @@ module ietf-tls-common { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -87,7 +87,7 @@ module ietf-tls-common { feature tls12 { status "deprecated"; description - "TLS Protocol Version 1.2 is supported TLS 1.2 is obsolete + "TLS Protocol Version 1.2 is supported. TLS 1.2 is obsolete and thus it is NOT RECOMMENDED to enable this feature."; reference "RFC 5246: The Transport Layer Security (TLS) Protocol @@ -162,6 +162,8 @@ module ietf-tls-common { Protocol Version 1.3"; } + // Typedefs + typedef epsk-supported-hash { type enumeration { enum sha-256 { @@ -179,13 +181,10 @@ module ietf-tls-common { Key (EPSK)."; reference "RFC 8446: The Transport Layer Security (TLS) - Protocol Version 1.3 - I-D.ietf-tls-external-psk-importer: Importing - External PSKs for TLS - I-D.ietf-tls-external-psk-guidance: Guidance - for External PSK Usage in TLS"; + Protocol Version 1.3"; } + // Groupings grouping hello-params-grouping { @@ -203,6 +202,7 @@ module ietf-tls-common { type identityref { base tls-version-base; } + ordered-by user; description "Acceptable TLS protocol versions. @@ -251,7 +251,7 @@ module ietf-tls-common { cipher suite 'tls-rsa-with-aes-256-cbc-sha256' maps to the RSA public key."; } - leaf bits { + leaf num-bits { type uint16; description "Specifies the number of bits in the key to create. @@ -259,47 +259,51 @@ module ietf-tls-common { the default is 3072 bits. Generally, 3072 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2. For elliptical - keys, the 'bits' value determines the key length + keys, the 'num-bits' value determines the key length of the curve (e.g., 256, 384 or 521), where valid values supported by the server are conveyed via an unspecified mechanism. For some public algorithms, - the keys have a fixed length and the 'bits' value, - if specified, will be ignored."; + the keys have a fixed length and thus the 'num-bits' + value is not specified."; } - choice private-key-encoding { - default cleartext; + container private-key-encoding { description - "A choice amongst optional private key handling."; - case cleartext { - if-feature "ct:cleartext-private-keys"; - leaf cleartext { - type empty; - description - "Indicates that the private key is to be returned - as a cleartext value."; + "Indicates how the private key is to be encoded."; + choice private-key-encoding { + mandatory true; + description + "A choice amongst optional private key handling."; + case cleartext { + if-feature "ct:cleartext-private-keys"; + leaf cleartext { + type empty; + description + "Indicates that the private key is to be returned + as a cleartext value."; + } } - } - case encrypt { - if-feature "ct:encrypted-private-keys"; - container encrypt-with { - description - "Indicates that the key is to be encrypted using - the specified symmetric or asymmetric key."; - uses ks:encrypted-by-choice-grouping; + case encrypted { + if-feature "ct:encrypted-private-keys"; + container encrypted { + description + "Indicates that the key is to be encrypted using + the specified symmetric or asymmetric key."; + uses ks:encrypted-by-grouping; + } } - } - case hide { - if-feature "ct:hidden-private-keys"; - leaf hide { - type empty; - description - "Indicates that the private key is to be hidden. - - Unlike the 'cleartext' and 'encrypt' options, the - key returned is a placeholder for an internally - stored key. See the 'Support for Built-in Keys' - section in RFC CCCC for information about hidden - keys."; + case hidden { + if-feature "ct:hidden-private-keys"; + leaf hidden { + type empty; + description + "Indicates that the private key is to be hidden. + + Unlike the 'cleartext' and 'encrypt' options, the + key returned is a placeholder for an internally + stored key. See the 'Support for Built-in Keys' + section in RFC CCCC for information about hidden + keys."; + } } } } diff --git a/transport/transport-tls/src/main/yang/ietf-tls-server@2023-04-17.yang b/transport/transport-tls/src/main/yang/ietf-tls-server@2023-12-28.yang similarity index 83% rename from transport/transport-tls/src/main/yang/ietf-tls-server@2023-04-17.yang rename to transport/transport-tls/src/main/yang/ietf-tls-server@2023-12-28.yang index 70db15024a..4b33cf3b16 100644 --- a/transport/transport-tls/src/main/yang/ietf-tls-server@2023-04-17.yang +++ b/transport/transport-tls/src/main/yang/ietf-tls-server@2023-12-28.yang @@ -67,7 +67,7 @@ module ietf-tls-server { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -103,6 +103,7 @@ module ietf-tls-server { } feature server-ident-tls12-psk { + if-feature "tlscmn:tls12"; description "Indicates that the server supports identifying itself using TLS-1.2 PSKs (pre-shared or pairwise-symmetric keys)."; @@ -113,6 +114,7 @@ module ietf-tls-server { } feature server-ident-tls13-epsk { + if-feature "tlscmn:tls13"; description "Indicates that the server supports identifying itself using TLS-1.3 External PSKs (pre-shared keys)."; @@ -213,14 +215,15 @@ module ietf-tls-server { "ks:inline-or-keystore-end-entity-cert-with-key-" + "grouping" { refine "inline-or-keystore/inline/inline-definition" { - must 'derived-from-or-self(public-key-format,' - + ' "ct:subject-public-key-info-format")'; + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format,' + ' "ct:subject-public-' + + 'key-info-format")'; } - refine "inline-or-keystore/keystore/keystore-reference" - + "/asymmetric-key" { - must 'derived-from-or-self(deref(.)/../ks:public-' - + 'key-format, "ct:subject-public-key-info-' - + 'format")'; + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference/asymmetric-key" { + must 'not(deref(.)/../ks:public-key-format) or ' + + 'derived-from-or-self(deref(.)/../ks:public-key' + + '-format, "ct:subject-public-key-info-format")'; } } } @@ -233,14 +236,15 @@ module ietf-tls-server { private key."; uses ks:inline-or-keystore-asymmetric-key-grouping { refine "inline-or-keystore/inline/inline-definition" { - must 'derived-from-or-self(public-key-format,' - + ' "ct:subject-public-key-info-format")'; + must 'not(public-key-format) or derived-from-or-self' + + '(public-key-format,' + ' "ct:subject-public-' + + 'key-info-format")'; } - refine - "inline-or-keystore/keystore/keystore-reference" { - must 'derived-from-or-self(deref(.)/../ks:public-' - + 'key-format, "ct:subject-public-key-info-' - + 'format")'; + refine "inline-or-keystore/central-keystore/" + + "central-keystore-reference" { + must 'not(deref(.)/../ks:public-key-format) or ' + + 'derived-from-or-self(deref(.)/../ks:public-key' + + '-format, "ct:subject-public-key-info-format")'; } } } @@ -252,7 +256,7 @@ module ietf-tls-server { "Specifies the server identity using a PSK (pre-shared or pairwise-symmetric key)."; uses ks:inline-or-keystore-symmetric-key-grouping; - leaf id_hint { + leaf id-hint { type string; description "The key 'psk_identity_hint' value used in the TLS @@ -276,41 +280,39 @@ module ietf-tls-server { identity and the KDF hash algorithm to be used with the PSK MUST also be provisioned. - The structure of this container is designed - to satisfy the requirements of RFC 8446 - Section 4.2.11, the recommendations from - I-D ietf-tls-external-psk-guidance Section 6, - and the EPSK input fields detailed in - I-D draft-ietf-tls-external-psk-importer - Section 3.1. The base-key is based upon - ks:inline-or-keystore-symmetric-key-grouping + The structure of this container is designed to + satisfy the requirements of RFC 8446 Section + 4.2.11, the recommendations from Section 6 in + RFC 9257, and the EPSK input fields detailed in + Section 5.1 in RFC 9258. The base-key is based + upon ks:inline-or-keystore-symmetric-key-grouping in order to provide users with flexible and secure storage options."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3 - I-D.ietf-tls-external-psk-importer: Importing - External PSKs for TLS - I-D.ietf-tls-external-psk-guidance: Guidance - for External PSK Usage in TLS"; + RFC 9257: Guidance for External Pre-Shared Key + (PSK) Usage in TLS + RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; uses ks:inline-or-keystore-symmetric-key-grouping; leaf external-identity { type string; mandatory true; description "As per Section 4.2.11 of RFC 8446, and Section 4.1 - of I-D. ietf-tls-external-psk-guidance: A sequence - of bytes used to identify an EPSK. A label for a - pre-shared key established externally."; + of RFC 9257, a sequence of bytes used to identify + an EPSK. A label for a pre-shared key established + externally."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3 - I-D.ietf-tls-external-psk-guidance: - Guidance for External PSK Usage in TLS"; + RFC 9257: Guidance for External Pre-Shared Key + (PSK) Usage in TLS"; } leaf hash { type tlscmn:epsk-supported-hash; - mandatory true; + default sha-256; description "As per Section 4.2.11 of RFC 8446, for externally established PSKs, the Hash algorithm MUST be set @@ -326,41 +328,38 @@ module ietf-tls-server { leaf context { type string; description - "As per Section 4.1 of I-D. - ietf-tls-external-psk-guidance: Context - may include information about peer roles or - identities to mitigate Selfie-style reflection - attacks [Selfie]. If the EPSK is a key derived - from some other protocol or sequence of protocols, - context MUST include a channel binding for the - deriving protocols [RFC5056]. The details of - this binding are protocol specific."; + "Per Section 5.1 of RFC 9258, context MUST include + the context used to determine the EPSK, if + any exists. For example, context may include + information about peer roles or identities + to mitigate Selfie-style reflection attacks. + Since the EPSK is a key derived from an external + protocol or sequence of protocols, context MUST + include a channel binding for the deriving + protocols [RFC5056]. The details of this + binding are protocol specfic and out of scope + for this document."; reference - "I-D.ietf-tls-external-psk-importer: - Importing External PSKs for TLS - I-D.ietf-tls-external-psk-guidance: - Guidance for External PSK Usage in TLS"; + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; } leaf target-protocol { type uint16; description - "As per Section 3.1 of I-D. - ietf-tls-external-psk-guidance: The protocol + "As per Section 3.1 of RFC 9258, the protocol for which a PSK is imported for use."; reference - "I-D.ietf-tls-external-psk-importer: - Importing External PSKs for TLS"; + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; } leaf target-kdf { type uint16; description - "As per Section 3.1 of I-D. - ietf-tls-external-psk-guidance: The specific Key - Derivation Function (KDF) for which a PSK is - imported for use."; + "As per Section 3 of RFC 9258, the KDF for + which a PSK is imported for use."; reference - "I-D.ietf-tls-external-psk-importer: - Importing External PSKs for TLS"; + "RFC 9258: Importing External Pre-Shared Keys + (PSKs) for TLS 1.3"; } } } @@ -435,8 +434,8 @@ module ietf-tls-server { must 'derived-from-or-self(public-key-format,' + ' "ct:subject-public-key-info-format")'; } - refine "inline-or-truststore/truststore/truststore-" - + "reference" { + refine "inline-or-truststore/central-truststore/" + + "central-truststore-reference" { must 'not(deref(.)/../ts:public-key/ts:public-key-' + 'format[not(derived-from-or-self(., "ct:subject-' + 'public-key-info-format"))])'; diff --git a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/ConfigUtilsTest.java b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/ConfigUtilsTest.java index 3524ea5ca1..fed2e6d838 100644 --- a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/ConfigUtilsTest.java +++ b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/ConfigUtilsTest.java @@ -31,14 +31,14 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.MethodSource; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PublicKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SshPublicKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.server.authentication.CaCertsBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.server.authentication.EeCertsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EcPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.PrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.PublicKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SshPublicKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.server.authentication.CaCertsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.server.authentication.EeCertsBuilder; class ConfigUtilsTest { diff --git a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TestUtils.java b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TestUtils.java index 436a2e732f..9a2d7b7f5c 100644 --- a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TestUtils.java +++ b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TestUtils.java @@ -25,16 +25,16 @@ import org.bouncycastle.crypto.util.OpenSSHPublicKeyUtil; import org.bouncycastle.crypto.util.PublicKeyFactory; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EndEntityCertCms; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.PublicKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.TrustAnchorCertCms; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.asymmetric.key.pair.grouping._private.key.type.CleartextPrivateKeyBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreAsymmetricKeyGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417.InlineOrKeystoreEndEntityCertWithKeyGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.server.identity.auth.type.raw._private.key.RawPrivateKeyBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.InlineOrTruststore; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EndEntityCertCms; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.PrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.PublicKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.TrustAnchorCertCms; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228._private.key.grouping._private.key.type.CleartextPrivateKeyBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreAsymmetricKeyGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228.InlineOrKeystoreEndEntityCertWithKeyGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.tls.server.grouping.server.identity.auth.type.raw._private.key.RawPrivateKeyBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.inline.or.truststore.certs.grouping.InlineOrTruststore; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.CertificateBuilder; import org.opendaylight.yangtools.yang.binding.util.BindingMap; public final class TestUtils { @@ -45,9 +45,9 @@ public final class TestUtils { } public static InlineOrTruststore buildInlineOrTruststore(final Map certNameToBytesMap) { - return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore.certs.grouping.inline.or.truststore.InlineBuilder() - .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417 + .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228 .inline.or.truststore.certs.grouping.inline.or.truststore.inline.InlineDefinitionBuilder() .setCertificate(certNameToBytesMap.entrySet().stream() .map(entry -> new CertificateBuilder() @@ -63,10 +63,10 @@ public final class TestUtils { final PublicKeyFormat publicKeyFormat, final byte[] publicKeyBytes, final PrivateKeyFormat privateKeyFormat, final byte[] privateKeyBytes) { return new RawPrivateKeyBuilder() - .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.InlineBuilder() .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore - .rev230417.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline + .rev231228.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline .InlineDefinitionBuilder() .setPublicKeyFormat(publicKeyFormat) .setPublicKey(publicKeyBytes) @@ -82,12 +82,12 @@ public final class TestUtils { public static InlineOrKeystoreEndEntityCertWithKeyGrouping buildEndEntityCertWithKeyGrouping( final PublicKeyFormat publicKeyFormat, final byte[] publicKeyBytes, final PrivateKeyFormat privateKeyFormat, final byte[] privateKeyBytes, final byte[] certificateBytes) { - return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417 + return new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228 .tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder() - .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev230417 + .setInlineOrKeystore(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev231228 .inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.InlineBuilder() .setInlineDefinition(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore - .rev230417.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline + .rev231228.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline .InlineDefinitionBuilder() .setPublicKeyFormat(publicKeyFormat) .setPublicKey(publicKeyBytes) diff --git a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TlsClientServerTest.java b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TlsClientServerTest.java index ee9bcfcd48..45f75378d2 100644 --- a/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TlsClientServerTest.java +++ b/transport/transport-tls/src/test/java/org/opendaylight/netconf/transport/tls/TlsClientServerTest.java @@ -56,20 +56,20 @@ import org.opendaylight.netconf.transport.api.TransportChannel; import org.opendaylight.netconf.transport.api.TransportChannelListener; import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException; import org.opendaylight.netconf.transport.tcp.NettyTransportSupport; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.EcPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.RsaPrivateKeyFormat; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.SubjectPublicKeyInfoFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.EcPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.RsaPrivateKeyFormat; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev231228.SubjectPublicKeyInfoFormat; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.ClientIdentityBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.ServerAuthenticationBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.TlsServerGrouping; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.ClientAuthenticationBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417.tls.server.grouping.ServerIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev231228.TcpClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev231228.TcpServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.TlsClientGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.ClientIdentityBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228.tls.client.grouping.ServerAuthenticationBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.TlsServerGrouping; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.tls.server.grouping.ClientAuthenticationBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228.tls.server.grouping.ServerIdentityBuilder; import org.opendaylight.yangtools.yang.common.Uint16; @ExtendWith(MockitoExtension.class) @@ -144,16 +144,16 @@ class TlsClientServerTest { // client config final var clientIdentity = new ClientIdentityBuilder() - .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417 + .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228 .tls.client.grouping.client.identity.auth.type.CertificateBuilder() - .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417 + .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228 .tls.client.grouping.client.identity.auth.type.certificate.CertificateBuilder() .setInlineOrKeystore(inlineOrKeystore) .build()) .build()) .build(); final var serverAuth = new ServerAuthenticationBuilder() - .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417 + .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev231228 .tls.client.grouping.server.authentication.CaCertsBuilder() .setInlineOrTruststore(inlineOrTrustStore) .build()) @@ -163,16 +163,16 @@ class TlsClientServerTest { // server config final var serverIdentity = new ServerIdentityBuilder() - .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417 + .setAuthType(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228 .tls.server.grouping.server.identity.auth.type.CertificateBuilder() - .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417 + .setCertificate(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228 .tls.server.grouping.server.identity.auth.type.certificate.CertificateBuilder() .setInlineOrKeystore(inlineOrKeystore) .build()) .build()) .build(); final var clientAuth = new ClientAuthenticationBuilder() - .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev230417 + .setCaCerts(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.server.rev231228 .tls.server.grouping.client.authentication.CaCertsBuilder() .setInlineOrTruststore(inlineOrTrustStore) .build()) diff --git a/truststore/truststore-api/src/main/yang/ietf-truststore@2023-04-17.yang b/truststore/truststore-api/src/main/yang/ietf-truststore@2023-12-28.yang similarity index 74% rename from truststore/truststore-api/src/main/yang/ietf-truststore@2023-04-17.yang rename to truststore/truststore-api/src/main/yang/ietf-truststore@2023-12-28.yang index cd0d875f1c..68d5597d50 100644 --- a/truststore/truststore-api/src/main/yang/ietf-truststore@2023-04-17.yang +++ b/truststore/truststore-api/src/main/yang/ietf-truststore@2023-12-28.yang @@ -22,6 +22,7 @@ module ietf-truststore { "WG Web : https://datatracker.ietf.org/wg/netconf WG List : NETCONF WG list Author : Kent Watsen "; + description "This module defines a 'truststore' to centralize management of trust anchors including certificates and public keys. @@ -47,7 +48,7 @@ module ietf-truststore { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2023-04-17 { + revision 2023-12-28 { description "Initial version"; reference @@ -70,6 +71,7 @@ module ietf-truststore { "The 'inline-definitions-supported' feature indicates that the server supports locally-defined trust anchors."; } + feature certificates { description "The 'certificates' feature indicates that the server @@ -93,21 +95,21 @@ module ietf-truststore { } description "This typedef defines a reference to a certificate bag - in the truststore, when this module is implemented."; + in the central truststore."; } typedef certificate-ref { type leafref { path "/ts:truststore/ts:certificate-bags/ts:certificate-bag" - + "[ts:name = current()/../ts:certificate-bag]/" + + "[ts:name = current()/../certificate-bag]/" + "ts:certificate/ts:name"; } description "This typedef defines a reference to a specific certificate - in a certificate bag in the truststore, when this module - is implemented. This typedef requires that there exist a - sibling 'leaf' node called 'certificate-bag' that SHOULD - have the typedef 'certificate-bag-ref'."; + in a certificate bag in the central truststore. This typedef + requires that there exist a sibling 'leaf' node called + 'certificate-bag' that SHOULD have the typedef + 'certificate-bag-ref'."; } typedef public-key-bag-ref { @@ -117,37 +119,95 @@ module ietf-truststore { } description "This typedef defines a reference to a public key bag - in the truststore, when this module is implemented."; + in the central truststore."; } typedef public-key-ref { type leafref { path "/ts:truststore/ts:public-key-bags/ts:public-key-bag" - + "[ts:name = current()/../ts:public-key-bag]/" + + "[ts:name = current()/../public-key-bag]/" + "ts:public-key/ts:name"; } description "This typedef defines a reference to a specific public key - in a public key bag in the truststore, when this module is - implemented. This typedef requires that there exist a - sibling 'leaf' node called 'public-key-bag' that SHOULD - have the typedef 'public-key-bag-ref'."; + in a public key bag in the truststore. This typedef + requires that there exist a sibling 'leaf' node called + 'public-key-bag' that SHOULD have the typedef + 'public-key-bag-ref'."; } /*****************/ /* Groupings */ /*****************/ + // *-ref groupings + + grouping certificate-ref-grouping { + description + "Grouping for the reference to a certificate in a + certificate-bag in the central truststore."; + leaf certificate-bag { + nacm:default-deny-write; + if-feature "central-truststore-supported"; + if-feature "certificates"; + type ts:certificate-bag-ref; + must "../certificate"; + description + "Reference to a certificate-bag in the truststore."; + } + leaf certificate { + nacm:default-deny-write; + + // FIXME: these two lines are missing in the published model + if-feature "central-truststore-supported"; + if-feature "certificates"; + + type ts:certificate-ref; + must "../certificate-bag"; + description + "Reference to a specific certificate in the + referenced certificate-bag."; + } + } + + grouping public-key-ref-grouping { + description + "Grouping for the reference to a public key in a + public-key-bag in the central truststore."; + leaf public-key-bag { + nacm:default-deny-write; + if-feature "central-truststore-supported"; + if-feature "public-keys"; + type ts:public-key-bag-ref; + description + "Reference of a public key bag in the truststore inlucding + the certificate to authenticate the TLS client."; + } + leaf public-key { + nacm:default-deny-write; + + // FIXME: these two lines are missing in the published model + if-feature "central-truststore-supported"; + if-feature "public-keys"; + + type ts:public-key-ref; + description + "Reference to a specific public key in the + referenced public-key-bag."; + } + } + + // inline-or-truststore-* groupings + grouping inline-or-truststore-certs-grouping { description - "A grouping that allows the certificates to be either - configured locally, within the using data model, or be a - reference to a certificate bag stored in the truststore. + "A grouping for the configuration of a list of certificates. + The list of certificate may be defined inline or as a + reference to a certificate bag in the central truststore. - Servers that do not 'implement' this module, and hence - 'central-truststore-supported' is not defined, SHOULD - augment in custom 'case' statements enabling references - to the alternate truststore locations."; + Servers that do not define the 'central-truststore-supported' + feature SHOULD augment in custom 'case' statements enabling + references to alternate truststore locations."; choice inline-or-truststore { nacm:default-deny-write; mandatory true; @@ -178,14 +238,14 @@ module ietf-truststore { } } } - case truststore { + case central-truststore { if-feature "central-truststore-supported"; if-feature "certificates"; - leaf truststore-reference { + leaf central-truststore-reference { type ts:certificate-bag-ref; description "A reference to a certificate bag that exists in the - truststore, when this module is implemented."; + central truststore."; } } } @@ -197,10 +257,9 @@ module ietf-truststore { configured locally, within the using data model, or be a reference to a public key bag stored in the truststore. - Servers that do not 'implement' this module, and hence - 'central-truststore-supported' is not defined, SHOULD - augment in custom 'case' statements enabling references - to the alternate truststore locations."; + Servers that do not define the 'central-truststore-supported' + feature SHOULD augment in custom 'case' statements enabling + references to alternate truststore locations."; choice inline-or-truststore { nacm:default-deny-write; mandatory true; @@ -225,19 +284,22 @@ module ietf-truststore { } } } - case truststore { + case central-truststore { if-feature "central-truststore-supported"; if-feature "public-keys"; - leaf truststore-reference { + leaf central-truststore-reference { type ts:public-key-bag-ref; description "A reference to a bag of public keys that exists - in the truststore, when this module is implemented."; + in the central truststore."; } } } } + + // the truststore grouping + grouping truststore-grouping { description "A grouping definition that enables use in other contexts. diff --git a/truststore/truststore-none/src/main/java/org/opendaylight/netconf/truststore/none/NoneTruststoreFeatureProvider.java b/truststore/truststore-none/src/main/java/org/opendaylight/netconf/truststore/none/NoneTruststoreFeatureProvider.java index 625e82477f..af62019d78 100644 --- a/truststore/truststore-none/src/main/java/org/opendaylight/netconf/truststore/none/NoneTruststoreFeatureProvider.java +++ b/truststore/truststore-none/src/main/java/org/opendaylight/netconf/truststore/none/NoneTruststoreFeatureProvider.java @@ -10,8 +10,8 @@ package org.opendaylight.netconf.truststore.none; import java.util.Set; import org.eclipse.jdt.annotation.NonNullByDefault; import org.kohsuke.MetaInfServices; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.IetfTruststoreData; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev230417.InlineDefinitionsSupported; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.IetfTruststoreData; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev231228.InlineDefinitionsSupported; import org.opendaylight.yangtools.yang.binding.YangFeature; import org.opendaylight.yangtools.yang.binding.YangFeatureProvider; -- 2.36.6