vnfs/TestVNF/netconftemplates/netconftemplates/ietf-tls-server@2016-11-02.yang


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1">
  <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">module ietf-tls-server {
  yang-version 1.1;
  namespace "urn:ietf:params:xml:ns:yang:ietf-tls-server";
  prefix tlss;

  import ietf-inet-types {
    prefix inet;
    reference
      "RFC 6991: Common YANG Data Types";
  }

  import ietf-keystore {
    prefix ks;
    reference
      "RFC YYYY: Keystore Model";
  }

  organization
    "IETF NETCONF (Network Configuration) Working Group";
  contact
    "WG Web:   &lt;http://tools.ietf.org/wg/netconf/&gt;
     WG List:  &lt;mailto:netconf@ietf.org&gt;

     WG Chair: Mehmet Ersue
               &lt;mailto:mehmet.ersue@nsn.com&gt;

     WG Chair: Mahesh Jethanandani
               &lt;mailto:mjethanandani@gmail.com&gt;

     Editor:   Kent Watsen
               &lt;mailto:kwatsen@juniper.net&gt;";
  description
    "This module defines a reusable grouping for a TLS server that
     can be used as a basis for specific TLS server instances.

     Copyright (c) 2014 IETF Trust and the persons identified as
     authors of the code. All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject
     to the license terms contained in, the Simplified BSD
     License set forth in Section 4.c of the IETF Trust's
     Legal Provisions Relating to IETF Documents
     (http://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX; see
     the RFC itself for full legal notices.";

  revision 2016-11-02 {
    description
      "Initial version";
    reference
      "RFC XXXX: TLS Client and Server Models";
  }

  grouping non-listening-tls-server-grouping {
    description
      "A reusable grouping for a TLS server that can be used as a
       basis for specific TLS server instances.";
    container certificates {
      description
        "The list of certificates the TLS server will present when
         establishing a TLS connection in its Certificate message,
         as defined in Section 7.4.2 in RRC 5246.";
      reference
        "RFC 5246:
           The Transport Layer Security (TLS) Protocol Version 1.2";
      list certificate {
        key "name";
        min-elements 1;
        description
          "An unordered list of certificates the TLS server can pick
           from when sending its Server Certificate message.";
        reference
          "RFC 5246: The TLS Protocol, Section 7.4.2";
        leaf name {
          type leafref {
            path "/ks:keystore/ks:private-keys/ks:private-key/ks:certificate-chains/ks:certificate-chain/ks:name";
          }
          description
            "The name of the certificate in the keystore.";
        }
      }
    }

    container client-auth {
      description
        "A reference to a list of trusted certificate authority (CA)
         certificates and a reference to a list of trusted client
         certificates.";
      leaf trusted-ca-certs {
        type leafref {
          path "/ks:keystore/ks:trusted-certificates/ks:name";
        }
        description
          "A reference to a list of certificate authority (CA)
           certificates used by the TLS server to authenticate
           TLS client certificates.";
      }

      leaf trusted-client-certs {
        type leafref {
          path "/ks:keystore/ks:trusted-certificates/ks:name";
        }
        description
          "A reference to a list of client certificates used by
           the TLS server to authenticate TLS client certificates.
           A clients certificate is authenticated if it is an
           exact match to a configured trusted client certificate.";
      }
    }
  }

  grouping listening-tls-server-grouping {
    description
      "A reusable grouping for a TLS server that can be used as a
       basis for specific TLS server instances.";
    leaf address {
      type inet:ip-address;
      description
        "The IP address of the interface to listen on.  The TLS
         server will listen on all interfaces if no value is
         specified. Please note that some addresses have special
         meanings (e.g., '0.0.0.0' and '::').";
    }

    leaf port {
      type inet:port-number;
      description
        "The local port number on this interface the TLS server
         listens on.  When this grouping is used, it is RECOMMENDED
         that refine statement is used to either set a default port
         value or to set mandatory true.";
    }

    uses non-listening-tls-server-grouping;
  }
}
</data>
</rpc-reply>