diff options
Diffstat (limited to 'sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-keystore@2019-07-02.yang')
-rw-r--r-- | sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-keystore@2019-07-02.yang | 428 |
1 files changed, 428 insertions, 0 deletions
diff --git a/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-keystore@2019-07-02.yang b/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-keystore@2019-07-02.yang new file mode 100644 index 000000000..becced7db --- /dev/null +++ b/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-keystore@2019-07-02.yang @@ -0,0 +1,428 @@ +module ietf-keystore { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-keystore"; + prefix ks; + + import ietf-crypto-types { + prefix ct; + reference + "RFC CCCC: Common YANG Data Types for Cryptography"; + } + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: <http://datatracker.ietf.org/wg/netconf/> + WG List: <mailto:netconf@ietf.org> + Author: Kent Watsen <mailto:kent+ietf@watsen.net>"; + description + "This module defines a keystore to centralize management + of security credentials. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-07-02 { + description + "Initial version"; + reference + "RFC VVVV: A YANG Data Model for a Keystore"; + } + + feature keystore-supported { + description + "The 'keystore-supported' feature indicates that the server + supports the keystore."; + } + + feature local-definitions-supported { + description + "The 'local-definitions-supported' feature indicates that the + server supports locally-defined keys."; + } + + feature key-generation { + description + "Indicates that the server supports the actions related to + the life cycling keys in <operational>. To be used by + configuration, keys in <operational> must be copied to + <running>."; + } + + typedef asymmetric-key-ref { + type leafref { + path "/ks:keystore/ks:asymmetric-keys/ks:asymmetric-key/ks:name"; + } + description + "This typedef enables modules to easily define a reference + to an asymmetric key stored in the keystore."; + } + + grouping key-reference-type-grouping { + description + "A reusable grouping for a choice for the type of key + referenced in the keystore."; + choice key-type { + mandatory true; + description + "A choice between a reference to a symmetric or asymmetric + key in the keystore."; + leaf symmetric-key-ref { + if-feature "keystore-supported"; + type leafref { + path "/ks:keystore/ks:symmetric-keys/ks:symmetric-key/ks:name"; + } + description + "Identifies a symmetric key used to encrypt this key."; + } + leaf asymmetric-key-ref { + if-feature "keystore-supported"; + type leafref { + path "/ks:keystore/ks:asymmetric-keys/ks:asymmetric-key/ks:name"; + } + description + "Identifies an asymmetric key used to encrypt this key."; + } + } + } + + grouping encrypted-value-grouping { + description + "A reusable grouping for a value that has been encrypted by + a symmetric or asymmetric key in the keystore."; + uses key-reference-type-grouping; + leaf value { + type binary; + description + "The private key, encrypted using the specified symmetric + or asymmetric key."; + } + } + + grouping symmetric-key-grouping { + description + "This grouping is identical to the one in ietf-crypt-types + except that it adds a couple case statements enabling the + key value to be encrypted by a symmetric or an asymmetric + key known to the keystore."; + uses ct:symmetric-key-grouping { + augment "key-type" { + description + "Augments a new 'case' statement into the 'choice' + statement defined by the ietf-crypto-types module."; + container encrypted-key { + description + "A container for the encrypted symmetric key value."; + uses encrypted-value-grouping; + } + } + } + } + + grouping asymmetric-key-pair-grouping { + description + "This grouping is identical to the one in ietf-crypt-types + except that it adds a couple case statements enabling the + key value to be encrypted by a symmetric or an asymmetric + key known to the keystore."; + uses ct:asymmetric-key-pair-grouping { + augment "private-key-type" { + description + "Augments a new 'case' statement into the 'choice' + statement defined by the ietf-crypto-types module."; + container encrypted-private-key { + description + "A container for the encrypted asymmetric private + key value."; + uses encrypted-value-grouping; + } + } + } + } + + grouping asymmetric-key-pair-with-cert-grouping { + description + "This grouping is identical to the one in ietf-crypt-types + except that it adds a couple case statements enabling the + key value to be encrypted by a symmetric or an asymmetric + key known to the keystore."; + uses ct:asymmetric-key-pair-with-cert-grouping { + augment "private-key-type" { + description + "Augments a new 'case' statement into the 'choice' + statement defined by the ietf-crypto-types module."; + container encrypted-private-key { + description + "A container for the encrypted asymmetric private + key value."; + uses encrypted-value-grouping; + } + } + } + } + + grouping asymmetric-key-pair-with-certs-grouping { + description + "This grouping is identical to the one in ietf-crypt-types + except that it adds a couple case statements enabling the + key value to be encrypted by a symmetric or an asymmetric + key known to the keystore."; + uses ct:asymmetric-key-pair-with-certs-grouping { + augment "private-key-type" { + description + "Augments a new 'case' statement into the 'choice' + statement defined by the ietf-crypto-types module."; + container encrypted-private-key { + description + "A container for the encrypted asymmetric private + key value."; + uses encrypted-value-grouping; + } + } + } + } + + grouping asymmetric-key-certificate-ref-grouping { + description + "This grouping defines a reference to a specific certificate + associated with an asymmetric key stored in the keystore."; + leaf asymmetric-key { + type ks:asymmetric-key-ref; + must "../certificate"; + description + "A reference to an asymmetric key in the keystore."; + } + leaf certificate { + type leafref { + path "/ks:keystore/ks:asymmetric-keys/ks:asymmetric-key[ks:name = current()/../asymmetric-key]/ks:certificates/ks:certificate/ks:name"; + } + must "../asymmetric-key"; + description + "A reference to a specific certificate of the + asymmetric key in the keystore."; + } + } + + grouping local-or-keystore-asymmetric-key-grouping { + description + "A grouping that expands to allow the asymmetric key to be + either stored locally, within the using data model, or be + a reference to an asymmetric key stored in the keystore."; + choice local-or-keystore { + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold the local key definition."; + uses asymmetric-key-pair-grouping; + } + } + case keystore { + if-feature "keystore-supported"; + leaf keystore-reference { + type ks:asymmetric-key-ref; + description + "A reference to an asymmetric key that exists in + the keystore. The intent is to reference just the + asymmetric key, not any certificates that may also + be associated with the asymmetric key."; + } + } + } + } + + grouping local-or-keystore-asymmetric-key-with-certs-grouping { + description + "A grouping that expands to allow an asymmetric key and its + associated certificates to be either stored locally, within + the using data model, or be a reference to an asymmetric key + (and its associated certificates) stored in the keystore."; + choice local-or-keystore { + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold the local key definition."; + uses asymmetric-key-pair-with-certs-grouping; + } + } + case keystore { + if-feature "keystore-supported"; + leaf keystore-reference { + type ks:asymmetric-key-ref; + description + "A reference to an asymmetric-key (and all of its + associated certificates) in the keystore."; + } + } + } + } + + grouping local-or-keystore-end-entity-cert-with-key-grouping { + description + "A grouping that expands to allow an end-entity certificate + (and its associated private key) to be either stored locally, + within the using data model, or be a reference to a specific + certificate in the keystore."; + choice local-or-keystore { + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold the local key definition."; + uses asymmetric-key-pair-with-cert-grouping; + } + } + case keystore { + if-feature "keystore-supported"; + container keystore-reference { + description + "A reference to a specific certificate (and its + associated private key) in the keystore."; + uses asymmetric-key-certificate-ref-grouping; + } + } + } + } + + grouping keystore-grouping { + description + "Grouping definition enables use in other contexts. If ever + done, implementations SHOULD augment new 'case' statements + into local-or-keystore 'choice' statements to supply leafrefs + to the new location."; + container asymmetric-keys { + description + "A list of asymmetric keys."; + list asymmetric-key { + key "name"; + description + "An asymmetric key."; + leaf name { + type string; + description + "An arbitrary name for the asymmetric key."; + } + uses ks:asymmetric-key-pair-with-certs-grouping; + } + } + container symmetric-keys { + description + "A list of symmetric keys."; + list symmetric-key { + key "name"; + description + "A symmetric key."; + leaf name { + type string; + description + "An arbitrary name for the symmetric key."; + } + uses ks:symmetric-key-grouping; + } + } + } + + container keystore { + nacm:default-deny-write; + description + "The keystore contains a list of keys."; + uses keystore-grouping; + } + + rpc generate-symmetric-key { + description + "Requests the device to generate an symmetric key using + the specified key algorithm, optionally encrypted using + a key in the keystore. The output is this RPC can be + used as input to a subsequent configuration request."; + + input { + leaf algorithm { + type ct:encryption-algorithm-t; + mandatory true; + description + "The algorithm to be used when generating the key."; + reference + "RFC CCCC: Common YANG Data Types for Cryptography"; + } + container encrypt-with { + presence "Indicates that the key should be encrypted using + the specified symmetric or asymmetric key. If not + specified, then the private key is not encrypted + when returned."; + description + "A container for the 'key-type' choice."; + uses key-reference-type-grouping; + } + } + output { + uses ks:symmetric-key-grouping; + } + } + rpc generate-asymmetric-key { + description + "Requests the device to generate an asymmetric key using + the specified key algorithm, optionally encrypted using + a key in the keystore. The output is this RPC can be + used as input to a subsequent configuration request."; + + input { + leaf algorithm { + type ct:asymmetric-key-algorithm-t; + mandatory true; + description + "The algorithm to be used when generating the key."; + reference + "RFC CCCC: Common YANG Data Types for Cryptography"; + } + container encrypt-with { + presence "Indicates that the key should be encrypted using + the specified symmetric or asymmetric key. If not + specified, then the private key is not encrypted + when returned."; + description + "A container for the 'key-type' choice."; + uses key-reference-type-grouping; + } + } + output { + uses ks:asymmetric-key-pair-grouping; + } + } +}
\ No newline at end of file |