diff options
Diffstat (limited to 'sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-tls-server@2019-07-02.yang')
-rw-r--r-- | sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-tls-server@2019-07-02.yang | 247 |
1 files changed, 247 insertions, 0 deletions
diff --git a/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-tls-server@2019-07-02.yang b/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-tls-server@2019-07-02.yang new file mode 100644 index 000000000..5d92f57de --- /dev/null +++ b/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-tls-server@2019-07-02.yang @@ -0,0 +1,247 @@ +module ietf-tls-server { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-tls-server"; + prefix tlss; + + import ietf-tls-common { + prefix tlscmn; + revision-date 2019-07-02; + reference + "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; + } + import ietf-truststore { + prefix ts; + reference + "RFC YYYY: A YANG Data Model for a Truststore"; + } + import ietf-keystore { + prefix ks; + reference + "RFC ZZZZ: A YANG Data Model for a Keystore"; + } + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: <http://datatracker.ietf.org/wg/netconf/> + WG List: <mailto:netconf@ietf.org> + Author: Kent Watsen <mailto:kent+ietf@watsen.net> + Author: Gary Wu <mailto:garywu@cisco.com>"; + description + "This module defines reusable groupings for TLS servers that + can be used as a basis for specific TLS server instances. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-07-02 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; + } + + feature tls-server-hello-params-config { + description + "TLS hello message parameters are configurable on a TLS + server."; + } + + feature tls-server-keepalives { + description + "Per socket TLS keepalive parameters are configurable for + TLS servers on the server implementing this feature."; + } + + feature local-client-auth-supported { + description + "Indicates that the TLS server supports local + configuration of client credentials."; + } + + feature external-client-auth-supported { + description + "Indicates that the TLS server supports external + configuration of client credentials."; + } + + grouping tls-server-grouping { + description + "A reusable grouping for configuring a TLS server without + any consideration for how underlying TCP sessions are + established. + + Note that this grouping uses fairly typical descendent + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'tls-server-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models."; + container server-identity { + nacm:default-deny-write; + description + "A locally-defined or referenced end-entity certificate, + including any configured intermediate certificates, the + TLS server will present when establishing a TLS connection + in its Certificate message, as defined in Section 7.4.2 + in RFC 5246."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version 1.2 + RFC ZZZZ: + YANG Data Model for a 'Keystore' Mechanism"; + uses ks:local-or-keystore-end-entity-cert-with-key-grouping; + } + container client-authentication { + nacm:default-deny-write; + presence "Indicates that certificate based client authentication + is supported (i.e., the server will request that the + client send a certificate)."; + description + "Specifies if TLS client authentication is required or + optional, and specifies if the certificates needed to + authenticate the TLS client are configured locally or + externally. If configured locally, the data model + enables both trust anchors and end-entity certificate + to be set."; + choice required-or-optional { + mandatory true; + description + "Indicates if TLS-level client authentication is required + or optional. This is necessary for some protocols (e.g., + RESTCONF) the may optionally authenticate a client via + TLS-level authentication, HTTP-level authentication, or + both simultaneously)."; + leaf required { + type empty; + description + "Indicates that TLS-level client authentication is + required."; + } + leaf optional { + type empty; + description + "Indicates that TLS-level client authentication is + optional."; + } + } + choice local-or-external { + mandatory true; + description + "Indicates if the certificates needed to authenticate + the client are configured locally or externally. The + need to support external configuration for client + authentication stems from the desire to support + consuming data models that prefer to place client + authentication with client definitions, rather then + in a data model principally concerned with configuring + the transport."; + case local { + if-feature "local-client-auth-supported"; + description + "The certificates needed to authenticate the clients + are configured locally."; + leaf ca-certs { + if-feature "ts:x509-certificates"; + type ts:certificates-ref; + description + "A reference to a list of certificate authority (CA) + certificates used by the TLS server to authenticate + TLS client certificates. A client certificate is + authenticated if it has a valid chain of trust to + a configured CA certificate."; + reference + "RFC YYYY: YANG Data Model for Global Trust Anchors"; + } + leaf client-certs { + if-feature "ts:x509-certificates"; + type ts:certificates-ref; + description + "A reference to a list of client certificates + used by the TLS server to authenticate TLS + client certificates. A clients certificate + is authenticated if it is an exact match to + a configured client certificate."; + reference + "RFC YYYY: YANG Data Model for Global Trust Anchors"; + } + } + case external { + if-feature "external-client-auth-supported"; + description + "The certificates needed to authenticate the clients + are configured externally."; + leaf client-auth-defined-elsewhere { + type empty; + description + "Indicates that certificates needed to authenticate + clients are configured elsewhere."; + } + } + } + } + container hello-params { + nacm:default-deny-write; + if-feature "tls-server-hello-params-config"; + description + "Configurable parameters for the TLS hello message."; + uses tlscmn:hello-params-grouping; + } + container keepalives { + nacm:default-deny-write; + if-feature "tls-server-keepalives"; + presence "Indicates that keepalives are enabled."; + description + "Configures the keep-alive policy, to proactively test + the aliveness of the TLS client. An unresponsive + TLS client is dropped after approximately max-wait + * max-attempts seconds."; + leaf max-wait { + type uint16 { + range "1..max"; + } + units "seconds"; + default "30"; + description + "Sets the amount of time in seconds after which if + no data has been received from the TLS client, a + TLS-level message will be sent to test the + aliveness of the TLS client."; + } + leaf max-attempts { + type uint8; + default "3"; + description + "Sets the maximum number of sequential keep-alive + messages that can fail to obtain a response from + the TLS client before assuming the TLS client is + no longer alive."; + } + } + } +}
\ No newline at end of file |