diff options
Diffstat (limited to 'sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-truststore@2019-07-02.yang')
-rw-r--r-- | sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-truststore@2019-07-02.yang | 274 |
1 files changed, 274 insertions, 0 deletions
diff --git a/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-truststore@2019-07-02.yang b/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-truststore@2019-07-02.yang new file mode 100644 index 000000000..103827c9e --- /dev/null +++ b/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-truststore@2019-07-02.yang @@ -0,0 +1,274 @@ +module ietf-truststore { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-truststore"; + prefix ts; + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + import ietf-crypto-types { + prefix ct; + reference + "RFC YYYY: Common YANG Data Types for Cryptography"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: <http://datatracker.ietf.org/wg/netconf/> + WG List: <mailto:netconf@ietf.org> + Author: Kent Watsen <mailto:kent+ietf@watsen.net>"; + description + "This module defines a truststore to centralize management + of trust anchors including both X.509 certificates and + SSH host keys. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-07-02 { + description + "Initial version"; + reference + "RFC XXXX: A YANG Data Model for a Truststore"; + } + + feature truststore-supported { + description + "The 'truststore-supported' feature indicates that the + server supports the truststore."; + } + + feature local-definitions-supported { + description + "The 'local-definitions-supported' feature indicates that + the server supports locally-defined trust anchors."; + } + + feature x509-certificates { + description + "The 'x509-certificates' feature indicates that the server + implements the /truststore/certificates subtree."; + } + + feature ssh-host-keys { + description + "The 'ssh-host-keys' feature indicates that the server + implements the /truststore/host-keys subtree."; + } + + typedef certificates-ref { + type leafref { + path "/ts:truststore/ts:certificates/ts:name"; + } + description + "This typedef enables modules to easily define a reference + to a set of certificates defined in the truststore."; + } + + typedef host-keys-ref { + type leafref { + path "/ts:truststore/ts:host-keys/ts:name"; + } + description + "This typedef enables modules to easily define a reference + to a set of host keys defined in the truststore."; + } + + grouping local-or-truststore-certs-grouping { + description + "A grouping that expands to allow trust anchors to be + either stored locally, within the using data model, or be + a reference to trust anchors stored in the truststore."; + choice local-or-truststore { + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the truststore."; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold the local trust anchor definitions. + A list is defined so as to be symmetric with the + truststore definition."; + uses ct:trust-anchor-certs-grouping; + } + } + case truststore { + if-feature "truststore-supported"; + if-feature "x509-certificates"; + leaf truststore-reference { + type ts:certificates-ref; + description + "A reference to a set of trust anchors that exists + in the truststore."; + } + } + } + } + + grouping local-or-truststore-host-keys-grouping { + description + "A grouping that expands to allow trust anchors to be + either stored locally, within the using data model, or be + a reference to trust anchors stored in the truststore."; + choice local-or-truststore { + mandatory true; + description + "A choice between an inlined definition and a definition + that exists in the truststore."; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold the local trust anchor definitions. + A list is defined so as to be symmetric with the + truststore definition."; + leaf-list host-key { + nacm:default-deny-write; + type ct:ssh-host-key; + description + "The binary data for this host key."; + reference + "RFC YYYY: Common YANG Data Types for Cryptography"; + } + uses ct:trust-anchor-certs-grouping; + } + } + case truststore { + if-feature "truststore-supported"; + if-feature "ssh-host-keys"; + leaf truststore-reference { + type ts:host-keys-ref; + description + "A reference to a set of trust anchors that exists + in the truststore."; + } + } + } + } + + grouping truststore-grouping { + description + "Grouping definition enables use in other contexts. If ever + done, implementations SHOULD augment new 'case' statements + into local-or-keystore 'choice' statements to supply leafrefs + to the new location."; + list certificates { + if-feature "x509-certificates"; + key "name"; + description + "A list of certificates. These certificates can be + used by a server to authenticate clients, or by a client + to authenticate servers. Each list of certificates + SHOULD be specific to a purpose, as the list as a whole + may be referenced by other modules. For instance, a + RESTCONF server's configuration might use a specific list + of certificates for when authenticating RESTCONF + client connections."; + leaf name { + type string; + description + "An arbitrary name for this list of certificates."; + } + leaf description { + type string; + description + "An arbitrary description for this list of + certificates."; + } + list certificate { + key "name"; + description + "A certificate."; + leaf name { + type string; + description + "An arbitrary name for this certificate. The + name must be unique across all lists of + certificates (not just this list) so that leafrefs + from another module can resolve to unique values."; + } + uses ct:trust-anchor-cert-grouping { + refine "cert" { + mandatory true; + } + } + } + } + list host-keys { + if-feature "ssh-host-keys"; + key "name"; + description + "A list of host keys. These host-keys can + be used by clients to authenticate SSH servers. Each + list of host keys SHOULD be specific to a purpose, + so the list as a whole may be referenced by other modules. + For instance, a NETCONF client's configuration might + point to a specific list of host keys for when + authenticating specific SSH servers."; + leaf name { + type string; + description + "An arbitrary name for this list of SSH + host keys."; + } + leaf description { + type string; + description + "An arbitrary description for this list of SSH + host keys."; + } + list host-key { + key "name"; + description + "A host key."; + leaf name { + type string; + description + "An arbitrary name for this host-key. Must be + unique across all lists of host-keys (not just + this list) so that a leafref to it from another module + can resolve to unique values."; + } + leaf host-key { + type ct:ssh-host-key; + mandatory true; + description + "The binary public key data for this host key."; + reference + "RFC YYYY: Common YANG Data Types for Cryptography"; + } + } + } + } + + container truststore { + nacm:default-deny-write; + description + "The truststore contains sets of X.509 certificates and + SSH host keys."; + uses truststore-grouping; + } +}
\ No newline at end of file |