From: JvD_Ericsson Date: Fri, 25 Apr 2025 12:57:03 +0000 (+0100) Subject: TEIV - add itef models that are temporarily missing X-Git-Tag: 0.2.0~7 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=7a365532b8d13a1c49753fef0fb6aac4c875385b;p=smo%2Fteiv.git TEIV - add itef models that are temporarily missing Issue-ID: SMO-189 Change-Id: If359ecb3408db8005cc702f4068c01acd0dfb1fa Signed-off-by: JvD_Ericsson --- diff --git a/.gitignore b/.gitignore index d2c3d27..12ba031 100644 --- a/.gitignore +++ b/.gitignore @@ -25,7 +25,30 @@ target **/.openapi-generator .openapi-generator-ignore yang-parser/yang-parser-jar/src/main/resources/modules/*.yang +# The following ietf models are temporarily missing and can't be downloaded so are included here +!yang-parser/yang-parser-jar/src/main/resources/modules/ietf-inet-types-2019-11-04.yang +!yang-parser/yang-parser-jar/src/main/resources/modules/ietf-yang-types-2019-11-04.yang +# yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf*.yang +# The following ietf models are temporarily missing and can't be downloaded so are included here +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-inet-types-2019-11-04.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-yang-types-2019-11-04.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-crypto-types-2019-11-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-keystore-2019-11-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-netconf-client-2019-11-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-netconf-server-2018-09-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-client-2019-11-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-common-2019-11-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-server-2019-11-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-client-2019-10-18.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-common-2019-10-18.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-server-2019-10-18.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-client-2019-11-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-common-2019-11-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-server-2019-11-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-truststore-2019-11-20.yang +!yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-yang-push-2019-05-21.yang +# yang-parser/yang-parser-jar/src/test/resources/_orig-modules/_3gpp*.yang yang-parser/yang-parser-jar/src/test/resources/_orig-modules/iana*.yang pgsql-schema-generator/src/test/resources/generate-defaults/import/*.yang diff --git a/yang-parser/yang-parser-jar/src/main/resources/modules/ietf-inet-types-2019-11-04.yang b/yang-parser/yang-parser-jar/src/main/resources/modules/ietf-inet-types-2019-11-04.yang new file mode 100644 index 0000000..dffb111 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/main/resources/modules/ietf-inet-types-2019-11-04.yang @@ -0,0 +1,589 @@ +module ietf-inet-types { + + namespace "urn:ietf:params:xml:ns:yang:ietf-inet-types"; + prefix "inet"; + + organization + "IETF Network Modeling (NETMOD) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Juergen Schoenwaelder + "; + + description + "This module contains a collection of generally useful derived + YANG data types for Internet addresses and related things. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; + see the RFC itself for full legal notices."; + revision 2019-11-04 { + description + "This revision adds the following new data types: + - ip-address-and-prefix + - ipv4-address-and-prefix + - ipv6-address-and-prefix + - email-address"; + reference + "RFC XXXX: Common YANG Data Types"; + } + + revision 2013-07-15 { + description + "This revision adds the following new data types: + - ip-address-no-zone + - ipv4-address-no-zone + - ipv6-address-no-zone"; + reference + "RFC 6991: Common YANG Data Types"; + } + + revision 2010-09-24 { + description + "Initial revision."; + reference + "RFC 6021: Common YANG Data Types"; + } + + /*** collection of types related to protocol fields ***/ + + typedef ip-version { + type enumeration { + enum unknown { + value "0"; + description + "An unknown or unspecified version of the Internet + protocol."; + } + enum ipv4 { + value "1"; + description + "The IPv4 protocol as defined in RFC 791."; + } + enum ipv6 { + value "2"; + description + "The IPv6 protocol as defined in RFC 2460."; + } + } + description + "This value represents the version of the IP protocol. + + In the value set and its semantics, this type is equivalent + to the InetVersion textual convention of the SMIv2."; + reference + "RFC 791: Internet Protocol + RFC 2460: Internet Protocol, Version 6 (IPv6) Specification + RFC 4001: Textual Conventions for Internet Network Addresses"; + } + + typedef dscp { + type uint8 { + range "0..63"; + } + description + "The dscp type represents a Differentiated Services Code Point + that may be used for marking packets in a traffic stream. + + In the value set and its semantics, this type is equivalent + to the Dscp textual convention of the SMIv2."; + reference + "RFC 3289: Management Information Base for the Differentiated + Services Architecture + RFC 2474: Definition of the Differentiated Services Field + (DS Field) in the IPv4 and IPv6 Headers + RFC 2780: IANA Allocation Guidelines For Values In + the Internet Protocol and Related Headers"; + } + + typedef ipv6-flow-label { + type uint32 { + range "0..1048575"; + } + description + "The ipv6-flow-label type represents the flow identifier or + Flow Label in an IPv6 packet header that may be used to + discriminate traffic flows. + + In the value set and its semantics, this type is equivalent + to the IPv6FlowLabel textual convention of the SMIv2."; + reference + "RFC 3595: Textual Conventions for IPv6 Flow Label + RFC 2460: Internet Protocol, Version 6 (IPv6) Specification"; + } + + typedef port-number { + type uint16 { + range "0..65535"; + } + description + "The port-number type represents a 16-bit port number of an + Internet transport-layer protocol such as UDP, TCP, DCCP, or + SCTP. Port numbers are assigned by IANA. A current list of + all assignments is available from . + + Note that the port number value zero is reserved by IANA. In + situations where the value zero does not make sense, it can + be excluded by subtyping the port-number type. + + In the value set and its semantics, this type is equivalent + to the InetPortNumber textual convention of the SMIv2."; + reference + "RFC 768: User Datagram Protocol + RFC 793: Transmission Control Protocol + RFC 4960: Stream Control Transmission Protocol + RFC 4340: Datagram Congestion Control Protocol (DCCP) + RFC 4001: Textual Conventions for Internet Network Addresses"; + } + + /*** collection of types related to autonomous systems ***/ + + typedef as-number { + type uint32; + description + "The as-number type represents autonomous system numbers + which identify an Autonomous System (AS). An AS is a set + of routers under a single technical administration, using + an interior gateway protocol and common metrics to route + packets within the AS, and using an exterior gateway + protocol to route packets to other ASes. IANA maintains + the AS number space and has delegated large parts to the + regional registries. + + Autonomous system numbers were originally limited to 16 + bits. BGP extensions have enlarged the autonomous system + number space to 32 bits. This type therefore uses an uint32 + base type without a range restriction in order to support + a larger autonomous system number space. + + In the value set and its semantics, this type is equivalent + to the InetAutonomousSystemNumber textual convention of + the SMIv2."; + reference + "RFC 1930: Guidelines for creation, selection, and registration + of an Autonomous System (AS) + RFC 4271: A Border Gateway Protocol 4 (BGP-4) + RFC 4001: Textual Conventions for Internet Network Addresses + RFC 6793: BGP Support for Four-Octet Autonomous System (AS) + Number Space"; + } + + /*** collection of types related to IP addresses and hostnames ***/ + + typedef ip-address { + type union { + type inet:ipv4-address; + type inet:ipv6-address; + } + description + "The ip-address type represents an IP address and is IP + version neutral. The format of the textual representation + implies the IP version. This type supports scoped addresses + by allowing zone identifiers in the address format."; + reference + "RFC 4007: IPv6 Scoped Address Architecture"; + } + + typedef ipv4-address { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])' + + '(%[\p{N}\p{L}]+)?'; + } + description + "The ipv4-address type represents an IPv4 address in + dotted-quad notation. The IPv4 address may include a zone + index, separated by a % sign. + + The zone index is used to disambiguate identical address + values. For link-local addresses, the zone index will + typically be the interface index number or the name of an + interface. If the zone index is not present, the default + zone of the device will be used. + + The canonical format for the zone index is the numerical + format"; + } + + typedef ipv6-address { + type string { + pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}' + + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|' + + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}' + + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))' + + '(%[\p{N}\p{L}]+)?'; + pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|' + + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)' + + '(%.+)?'; + } + description + "The ipv6-address type represents an IPv6 address in full, + mixed, shortened, and shortened-mixed notation. The IPv6 + address may include a zone index, separated by a % sign. + + The zone index is used to disambiguate identical address + values. For link-local addresses, the zone index will + typically be the interface index number or the name of an + interface. If the zone index is not present, the default + zone of the device will be used. + + The canonical format of IPv6 addresses uses the textual + representation defined in Section 4 of RFC 5952. The + canonical format for the zone index is the numerical + format as described in Section 11.2 of RFC 4007."; + reference + "RFC 4291: IP Version 6 Addressing Architecture + RFC 4007: IPv6 Scoped Address Architecture + RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + typedef ip-address-no-zone { + type union { + type inet:ipv4-address-no-zone; + type inet:ipv6-address-no-zone; + } + description + "The ip-address-no-zone type represents an IP address and is + IP version neutral. The format of the textual representation + implies the IP version. This type does not support scoped + addresses since it does not allow zone identifiers in the + address format."; + reference + "RFC 4007: IPv6 Scoped Address Architecture"; + } + + typedef ipv4-address-no-zone { + type inet:ipv4-address { + pattern '[0-9\.]*'; + } + description + "An IPv4 address without a zone index. This type, derived from + ipv4-address, may be used in situations where the zone is known + from the context and hence no zone index is needed."; + } + + typedef ipv6-address-no-zone { + type inet:ipv6-address { + pattern '[0-9a-fA-F:\.]*'; + } + description + "An IPv6 address without a zone index. This type, derived from + ipv6-address, may be used in situations where the zone is known + from the context and hence no zone index is needed."; + reference + "RFC 4291: IP Version 6 Addressing Architecture + RFC 4007: IPv6 Scoped Address Architecture + RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + typedef ip-prefix { + type union { + type inet:ipv4-prefix; + type inet:ipv6-prefix; + } + description + "The ip-prefix type represents an IP prefix and is IP + version neutral. The format of the textual representations + implies the IP version."; + } + + typedef ipv4-prefix { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])' + + '/(([0-9])|([1-2][0-9])|(3[0-2]))'; + } + description + "The ipv4-prefix type represents an IPv4 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 32. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0. + The canonical format of an IPv4 prefix has all bits of + the IPv4 address set to zero that are not part of the + IPv4 prefix. + + The definition of ipv4-prefix does not require that bits, + which are not part of the prefix, are set to zero. However, + implementations have to return values in canonical format, + which requires non-prefix bits to be set to zero. This means + that 192.0.2.1/24 must be accepted as a valid value but it + will be converted into the canonical format 192.0.2.0/24."; + } + + typedef ipv6-prefix { + type string { + pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}' + + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|' + + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}' + + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))' + + '(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8])))'; + pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|' + + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)' + + '(/.+)'; + } + description + "The ipv6-prefix type represents an IPv6 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 128. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0. + + The canonical format of an IPv6 prefix has all bits of + the IPv6 address set to zero that are not part of the + IPv6 prefix. Furthermore, the IPv6 address is represented + as defined in Section 4 of RFC 5952. + + The definition of ipv6-prefix does not require that bits, + which are not part of the prefix, are set to zero. However, + implementations have to return values in canonical format, + which requires non-prefix bits to be set to zero. This means + that 2001:db8::1/64 must be accepted as a valid value but it + will be converted into the canonical format 2001:db8::/64."; + reference + "RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + typedef ip-address-and-prefix { + type union { + type inet:ipv4-address-and-prefix; + type inet:ipv6-address-and-prefix; + } + description + "The ip-address-and-prefix type represents an IP address and + prefix and is IP version neutral. The format of the textual + representations implies the IP version."; + } + + typedef ipv4-address-and-prefix { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])' + + '/(([0-9])|([1-2][0-9])|(3[0-2]))'; + } + description + "The ipv4-address-and-prefix type represents an IPv4 + address and an associated ipv4 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 32. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0."; + } + + typedef ipv6-address-and-prefix { + type string { + pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}' + + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|' + + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}' + + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))' + + '(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8])))'; + pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|' + + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)' + + '(/.+)'; + } + description + "The ipv6-address-and-prefix type represents an IPv6 + address and an associated ipv4 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 128. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0. + + The canonical format requires that the IPv6 address is + represented as defined in Section 4 of RFC 5952."; + reference + "RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + /*** collection of domain name and URI types ***/ + + typedef domain-name { + type string { + length "1..253"; + pattern + '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' + + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)' + + '|\.'; + } + description + "The domain-name type represents a DNS domain name. The + name SHOULD be fully qualified whenever possible. This + type does not support wildcards (see RFC 4592) or + classless in-addr.arpa delegations (see RFC 2317). + + Internet domain names are only loosely specified. Section + 3.5 of RFC 1034 recommends a syntax (modified in Section + 2.1 of RFC 1123). The pattern above is intended to allow + for current practice in domain name use, and some possible + future expansion. Note that Internet host names have a + stricter syntax (described in RFC 952) than the DNS + recommendations in RFCs 1034 and 1123, and that systems + that want to store host names in schema node instances + using the domain-name type are recommended to adhere to + this stricter standard to ensure interoperability. + + The encoding of DNS names in the DNS protocol is limited + to 255 characters. Since the encoding consists of labels + prefixed by a length bytes and there is a trailing NULL + byte, only 253 characters can appear in the textual dotted + notation. + + The description clause of schema nodes using the domain-name + type MUST describe when and how these names are resolved to + IP addresses. Note that the resolution of a domain-name value + may require to query multiple DNS records (e.g., A for IPv4 + and AAAA for IPv6). The order of the resolution process and + which DNS record takes precedence can either be defined + explicitly or may depend on the configuration of the + resolver. + + Domain-name values use the US-ASCII encoding. Their canonical + format uses lowercase US-ASCII characters. Internationalized + domain names MUST be A-labels as per RFC 5890."; + reference + "RFC 952: DoD Internet Host Table Specification + RFC 1034: Domain Names - Concepts and Facilities + RFC 1123: Requirements for Internet Hosts -- Application + and Support + RFC 2317: Classless IN-ADDR.ARPA delegation + RFC 2782: A DNS RR for specifying the location of services + (DNS SRV) + RFC 4592: The Role of Wildcards in the Domain Name System + RFC 5890: Internationalized Domain Names in Applications + (IDNA): Definitions and Document Framework"; + } + + typedef host { + type union { + type inet:ip-address; + type inet:domain-name; + } + description + "The host type represents either an IP address or a DNS + domain name."; + } + + /* + * DISCUSS: + * - Lada suggested to replace the inet:domain-name usage in + * the union with a new host-name definition that follows + * the NR-LDH definition in RFC 5890. + */ + + typedef uri { + type string; + description + "The uri type represents a Uniform Resource Identifier + (URI) as defined by STD 66. + + Objects using the uri type MUST be in US-ASCII encoding, + and MUST be normalized as described by RFC 3986 Sections + 6.2.1, 6.2.2.1, and 6.2.2.2. All unnecessary + percent-encoding is removed, and all case-insensitive + characters are set to lowercase except for hexadecimal + digits, which are normalized to uppercase as described in + Section 6.2.2.1. + + The purpose of this normalization is to help provide + unique URIs. Note that this normalization is not + sufficient to provide uniqueness. Two URIs that are + textually distinct after this normalization may still be + equivalent. + + Objects using the uri type may restrict the schemes that + they permit. For example, 'data:' and 'urn:' schemes + might not be appropriate. + + A zero-length URI is not a valid URI. This can be used to + express 'URI absent' where required. + + In the value set and its semantics, this type is equivalent + to the Uri SMIv2 textual convention defined in RFC 5017."; + reference + "RFC 3986: Uniform Resource Identifier (URI): Generic Syntax + RFC 3305: Report from the Joint W3C/IETF URI Planning Interest + Group: Uniform Resource Identifiers (URIs), URLs, + and Uniform Resource Names (URNs): Clarifications + and Recommendations + RFC 5017: MIB Textual Conventions for Uniform Resource + Identifiers (URIs)"; + } + + typedef email-address { + type string { + // dot-atom-text "@" ... + pattern '[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+' + + '(\.[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+)*' + + '@' + + '[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+' + + '(\.[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+)*'; + } + description + "The email-address type represents an email address as + defined as addr-spec in RFC 5322 section 3.4.1."; + reference + "RFC 5322: Internet Message Format"; + } + + /* + * DISCUSS: + * - It was suggested to add email types following RFC 5322 + * email-address (addr-spec, per Section 3.4.1) + * named-email-address (name-addr, per Section 3.4) + * - This sounds useful but the devil is in the details, + * in particular name-addr is a quite complex construct; + * perhaps addr-spec is sufficient, this is also the + * format allowed in mailto: URIs (mailto: seems to use + * only a subset of addr-spec which may be good enough + * here as well). + * - Need to define a pattern that has a meaningful trade-off + * between precision and complexity (there are very tight + * pattern that are very long and complex). The current + * pattern does not take care of quoted-string, obs-local-part, + * domain-literal, obs-domain. + */ + + /* + * DISCUSS: + * - There was a request to add types for URI fields (scheme, + * authority, path, query, fragment) but it is not clear how + * commonly useful these types are, the WG was pretty silent + * about this proposal. On the technical side, it is unclear + * whether data is represented with percent escapes resolved + * or not. (Mahesh's proposal does not spell this out, the + * pattern does not allow the % character, which may be wrong.) + */ +} diff --git a/yang-parser/yang-parser-jar/src/main/resources/modules/ietf-yang-types-2019-11-04.yang b/yang-parser/yang-parser-jar/src/main/resources/modules/ietf-yang-types-2019-11-04.yang new file mode 100644 index 0000000..d33eced --- /dev/null +++ b/yang-parser/yang-parser-jar/src/main/resources/modules/ietf-yang-types-2019-11-04.yang @@ -0,0 +1,767 @@ +module ietf-yang-types { + + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-types"; + prefix "yang"; + + organization + "IETF Network Modeling (NETMOD) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Juergen Schoenwaelder + "; + + description + "This module contains a collection of generally useful derived + YANG data types. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; + see the RFC itself for full legal notices."; + + revision 2019-11-04 { + description + "This revision adds the following new data types: + - date, time + - hours32, minutes32, seconds32, centiseconds32, milliseconds32, + - microseconds32, microseconds64, nanoseconds32, nanoseconds64 + - revision-identifier, node-instance-identifier"; + reference + "RFC XXXX: Common YANG Data Types"; + } + + revision 2013-07-15 { + description + "This revision adds the following new data types: + - yang-identifier + - hex-string + - uuid + - dotted-quad"; + reference + "RFC 6991: Common YANG Data Types"; + } + + revision 2010-09-24 { + description + "Initial revision."; + reference + "RFC 6021: Common YANG Data Types"; + } + + /*** collection of counter and gauge types ***/ + + typedef counter32 { + type uint32; + description + "The counter32 type represents a non-negative integer + that monotonically increases until it reaches a + maximum value of 2^32-1 (4294967295 decimal), when it + wraps around and starts increasing again from zero. + + Counters have no defined 'initial' value, and thus, a + single value of a counter has (in general) no information + content. Discontinuities in the monotonically increasing + value normally occur at re-initialization of the + management system, and at other times as specified in the + description of a schema node using this type. If such + other times can occur, for example, the instantiation of + a schema node of type counter32 at times other than + re-initialization, then a corresponding schema node + should be defined, with an appropriate type, to indicate + the last discontinuity. + The counter32 type should not be used for configuration + schema nodes. A default statement SHOULD NOT be used in + combination with the type counter32. + + In the value set and its semantics, this type is equivalent + to the Counter32 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef zero-based-counter32 { + type yang:counter32; + default "0"; + description + "The zero-based-counter32 type represents a counter32 + that has the defined 'initial' value zero. + + A schema node instance of this type will be set to zero (0) + on creation and will thereafter increase monotonically until + it reaches a maximum value of 2^32-1 (4294967295 decimal), + when it wraps around and starts increasing again from zero. + + Provided that an application discovers a new schema node + instance of this type within the minimum time to wrap, it + can use the 'initial' value as a delta. It is important for + a management station to be aware of this minimum time and the + actual time between polls, and to discard data if the actual + time is too long or there is no defined minimum time. + + In the value set and its semantics, this type is equivalent + to the ZeroBasedCounter32 textual convention of the SMIv2."; + reference + "RFC 4502: Remote Network Monitoring Management Information + Base Version 2"; + } + + typedef counter64 { + type uint64; + description + "The counter64 type represents a non-negative integer + that monotonically increases until it reaches a + maximum value of 2^64-1 (18446744073709551615 decimal), + when it wraps around and starts increasing again from zero. + + Counters have no defined 'initial' value, and thus, a + single value of a counter has (in general) no information + content. Discontinuities in the monotonically increasing + value normally occur at re-initialization of the + management system, and at other times as specified in the + description of a schema node using this type. If such + other times can occur, for example, the instantiation of + a schema node of type counter64 at times other than + re-initialization, then a corresponding schema node + should be defined, with an appropriate type, to indicate + the last discontinuity. + + The counter64 type should not be used for configuration + schema nodes. A default statement SHOULD NOT be used in + combination with the type counter64. + + In the value set and its semantics, this type is equivalent + to the Counter64 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef zero-based-counter64 { + type yang:counter64; + default "0"; + description + "The zero-based-counter64 type represents a counter64 that + has the defined 'initial' value zero. + + A schema node instance of this type will be set to zero (0) + on creation and will thereafter increase monotonically until + it reaches a maximum value of 2^64-1 (18446744073709551615 + decimal), when it wraps around and starts increasing again + from zero. + + Provided that an application discovers a new schema node + instance of this type within the minimum time to wrap, it + can use the 'initial' value as a delta. It is important for + a management station to be aware of this minimum time and the + actual time between polls, and to discard data if the actual + time is too long or there is no defined minimum time. + + In the value set and its semantics, this type is equivalent + to the ZeroBasedCounter64 textual convention of the SMIv2."; + reference + "RFC 2856: Textual Conventions for Additional High Capacity + Data Types"; + } + + typedef gauge32 { + type uint32; + description + "The gauge32 type represents a non-negative integer, which + may increase or decrease, but shall never exceed a maximum + value, nor fall below a minimum value. The maximum value + cannot be greater than 2^32-1 (4294967295 decimal), and + the minimum value cannot be smaller than 0. The value of + a gauge32 has its maximum value whenever the information + being modeled is greater than or equal to its maximum + value, and has its minimum value whenever the information + being modeled is smaller than or equal to its minimum value. + If the information being modeled subsequently decreases + below (increases above) the maximum (minimum) value, the + gauge32 also decreases (increases). + + In the value set and its semantics, this type is equivalent + to the Gauge32 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef gauge64 { + type uint64; + description + "The gauge64 type represents a non-negative integer, which + may increase or decrease, but shall never exceed a maximum + value, nor fall below a minimum value. The maximum value + cannot be greater than 2^64-1 (18446744073709551615), and + the minimum value cannot be smaller than 0. The value of + a gauge64 has its maximum value whenever the information + being modeled is greater than or equal to its maximum + value, and has its minimum value whenever the information + being modeled is smaller than or equal to its minimum value. + If the information being modeled subsequently decreases + below (increases above) the maximum (minimum) value, the + gauge64 also decreases (increases). + + In the value set and its semantics, this type is equivalent + to the CounterBasedGauge64 SMIv2 textual convention defined + in RFC 2856"; + reference + "RFC 2856: Textual Conventions for Additional High Capacity + Data Types"; + } + + /*** collection of identifier-related types ***/ + + typedef object-identifier { + type string { + pattern '(([0-1](\.[1-3]?[0-9]))|(2\.(0|([1-9]\d*))))' + + '(\.(0|([1-9]\d*)))*'; + } + description + "The object-identifier type represents administratively + assigned names in a registration-hierarchical-name tree. + + Values of this type are denoted as a sequence of numerical + non-negative sub-identifier values. Each sub-identifier + value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers + are separated by single dots and without any intermediate + whitespace. + + The ASN.1 standard restricts the value space of the first + sub-identifier to 0, 1, or 2. Furthermore, the value space + of the second sub-identifier is restricted to the range + 0 to 39 if the first sub-identifier is 0 or 1. Finally, + the ASN.1 standard requires that an object identifier + has always at least two sub-identifiers. The pattern + captures these restrictions. + + Although the number of sub-identifiers is not limited, + module designers should realize that there may be + implementations that stick with the SMIv2 limit of 128 + sub-identifiers. + + This type is a superset of the SMIv2 OBJECT IDENTIFIER type + since it is not restricted to 128 sub-identifiers. Hence, + this type SHOULD NOT be used to represent the SMIv2 OBJECT + IDENTIFIER type; the object-identifier-128 type SHOULD be + used instead."; + reference + "ISO9834-1: Information technology -- Open Systems + Interconnection -- Procedures for the operation of OSI + Registration Authorities: General procedures and top + arcs of the ASN.1 Object Identifier tree"; + } + + typedef object-identifier-128 { + type object-identifier { + pattern '\d*(\.\d*){1,127}'; + } + description + "This type represents object-identifiers restricted to 128 + sub-identifiers. + + In the value set and its semantics, this type is equivalent + to the OBJECT IDENTIFIER type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + /*** collection of types related to date and time ***/ + + typedef date-and-time { + type string { + pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "The date-and-time type is a profile of the ISO 8601 + standard for representation of dates and times using the + Gregorian calendar. The profile is defined by the + date-time production in Section 5.6 of RFC 3339. + + The date-and-time type is compatible with the dateTime XML + schema type with the following notable exceptions: + + (a) The date-and-time type does not allow negative years. + + (b) The date-and-time time-offset -00:00 indicates an unknown + time zone (see RFC 3339) while -00:00 and +00:00 and Z + all represent the same time zone in dateTime. + + (c) The canonical format (see below) of date-and-time values + differs from the canonical format used by the dateTime XML + schema type, which requires all times to be in UTC using + the time-offset 'Z'. + + This type is not equivalent to the DateAndTime textual + convention of the SMIv2 since RFC 3339 uses a different + separator between full-date and full-time and provides + higher resolution of time-secfrac. + + The canonical format for date-and-time values with a known time + zone uses a numeric time zone offset that is calculated using + the device's configured known offset to UTC time. A change of + the device's offset to UTC time will cause date-and-time values + to change accordingly. Such changes might happen periodically + in case a server follows automatically daylight saving time + (DST) time zone offset changes. The canonical format for + date-and-time values with an unknown time zone (usually + referring to the notion of local time) uses the time-offset + -00:00."; + reference + "RFC 3339: Date and Time on the Internet: Timestamps + RFC 2579: Textual Conventions for SMIv2 + XSD-TYPES: XML Schema Part 2: Datatypes Second Edition"; + } + + typedef date { + type string { + pattern '\d{4}-\d{2}-\d{2}' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "The date type represents a time-interval of the length + of a day, i.e., 24 hours. + + The date type is compatible with the date XML schema + type with the following notable exceptions: + + (a) The date type does not allow negative years. + + (b) The date time-offset -00:00 indicates an unknown + time zone (see RFC 3339) while -00:00 and +00:00 and Z + all represent the same time zone in date. + + (c) The canonical format (see below) of data values + differs from the canonical format used by the date XML + schema type, which requires all times to be in UTC using + the time-offset 'Z'. + + The canonical format for date values with a known time + zone uses a numeric time zone offset that is calculated using + the device's configured known offset to UTC time. A change of + the device's offset to UTC time will cause date values + to change accordingly. Such changes might happen periodically + in case a server follows automatically daylight saving time + (DST) time zone offset changes. The canonical format for + date values with an unknown time zone (usually referring + to the notion of local time) uses the time-offset -00:00."; + reference + "RFC 3339: Date and Time on the Internet: Timestamps + XSD-TYPES: XML Schema Part 2: Datatypes Second Edition"; + } + + /* + * DISCUSS: + * - XML schema seems to use a different canonical format, we + * need to take a closer look how to define the canonical format + * given that a data really identifies a 24 hour interval and + * what XSD means with 'interval midpoint'. + */ + + typedef time { + type string { + pattern '\d{2}:\d{2}:\d{2}(\.\d+)?' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "The time type represents an instance of time of zero-duration + that recurs every day. + + The time type is compatible with the time XML schema + type with the following notable exceptions: + + (a) The time time-offset -00:00 indicates an unknown + time zone (see RFC 3339) while -00:00 and +00:00 and Z + all represent the same time zone in time. + + (c) The canonical format (see below) of time values + differs from the canonical format used by the time XML + schema type, which requires all times to be in UTC using + the time-offset 'Z'. + + The canonical format for time values with a known time + zone uses a numeric time zone offset that is calculated using + the device's configured known offset to UTC time. A change of + the device's offset to UTC time will cause time values + to change accordingly. Such changes might happen periodically + in case a server follows automatically daylight saving time + (DST) time zone offset changes. The canonical format for + time values with an unknown time zone (usually referring + to the notion of local time) uses the time-offset -00:00."; + reference + "RFC 3339: Date and Time on the Internet: Timestamps + XSD-TYPES: XML Schema Part 2: Datatypes Second Edition"; + } + + typedef hours32 { + type int32; + units "hours"; + description + "A period of time, measured in units of hours. + + The maximum time period that can be expressed is in the + range [89478485 days 08:00:00 to 89478485 days 07:00:00]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef minutes32 { + type int32; + units "minutes"; + description + "A period of time, measured in units of minutes. + + The maximum time period that can be expressed is in the + range [-1491308 days 2:08:00 to 1491308 days 2:07:00]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef seconds32 { + type int32; + units "seconds"; + description + "A period of time, measured in units of seconds. + + The maximum time period that can be expressed is in the + range [-24855 days 03:14:08 to 24855 days 03:14:07]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef centiseconds32 { + type int32; + units "centiseconds"; + description + "A period of time, measured in units of 10^-2 seconds. + + The maximum time period that can be expressed is in the + range [-248 days 13:13:56 to 248 days 13:13:56]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef milliseconds32 { + type int32; + units "milliseconds"; + description + "A period of time, measured in units of 10^-3 seconds. + + The maximum time period that can be expressed is in the + range [-24 days 20:31:23 to 24 days 20:31:23]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef microseconds32 { + type int32; + units "microseconds"; + description + "A period of time, measured in units of 10^-6 seconds. + + The maximum time period that can be expressed is in the + range [-00:35:47 to 00:35:47]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef microseconds64 { + type int64; + units "microseconds"; + description + "A period of time, measured in units of 10^-6 seconds. + + The maximum time period that can be expressed is in the + range [-106751991 days 04:00:54 to 106751991 days 04:00:54]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef nanoseconds32 { + type int32; + units "nanoseconds"; + description + "A period of time, measured in units of 10^-9 seconds. + + The maximum time period that can be expressed is in the + range [-00:00:02 to 00:00:02]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef nanoseconds64 { + type int64; + units "nanoseconds"; + description + "A period of time, measured in units of 10^-9 seconds. + + The maximum time period that can be expressed is in the + range [-106753 days 23:12:44 to 106752 days 0:47:16]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef timeticks { + type uint32; + description + "The timeticks type represents a non-negative integer that + represents the time, modulo 2^32 (4294967296 decimal), in + hundredths of a second between two epochs. When a schema + node is defined that uses this type, the description of + the schema node identifies both of the reference epochs. + + In the value set and its semantics, this type is equivalent + to the TimeTicks type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef timestamp { + type yang:timeticks; + description + "The timestamp type represents the value of an associated + timeticks schema node instance at which a specific occurrence + happened. The specific occurrence must be defined in the + description of any schema node defined using this type. When + the specific occurrence occurred prior to the last time the + associated timeticks schema node instance was zero, then the + timestamp value is zero. + + Note that this requires all timestamp values to be reset to + zero when the value of the associated timeticks schema node + instance reaches 497+ days and wraps around to zero. + + The associated timeticks schema node must be specified + in the description of any schema node using this type. + + In the value set and its semantics, this type is equivalent + to the TimeStamp textual convention of the SMIv2."; + reference + "RFC 2579: Textual Conventions for SMIv2"; + } + + /*** collection of generic address types ***/ + + typedef phys-address { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + } + description + "Represents media- or physical-level addresses represented + as a sequence octets, each octet represented by two hexadecimal + numbers. Octets are separated by colons. The canonical + representation uses lowercase characters. + + In the value set and its semantics, this type is equivalent + to the PhysAddress textual convention of the SMIv2."; + reference + "RFC 2579: Textual Conventions for SMIv2"; + } + + typedef mac-address { + type string { + pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'; + } + description + "The mac-address type represents an IEEE 802 MAC address. + The canonical representation uses lowercase characters. + + In the value set and its semantics, this type is equivalent + to the MacAddress textual convention of the SMIv2."; + reference + "IEEE 802: IEEE Standard for Local and Metropolitan Area + Networks: Overview and Architecture + RFC 2579: Textual Conventions for SMIv2"; + } + + /*** collection of XML-specific types ***/ + typedef xpath1.0 { + type string; + description + "This type represents an XPATH 1.0 expression. + + When a schema node is defined that uses this type, the + description of the schema node MUST specify the XPath + context in which the XPath expression is evaluated."; + reference + "XPATH: XML Path Language (XPath) Version 1.0"; + } + + /* + * DISCUSS: + * - How do we deal with xpath expressions in other encodings + * such as JSON. Do we assume an xpath context populated with + * module names such that module names can be used to qualify + * path expressions. This may need discussion and/or a new + * definition. + * - This interacts with the definition of node-instance-identifier. + */ + + /*** collection of string types ***/ + + typedef hex-string { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + } + description + "A hexadecimal string with octets represented as hex digits + separated by colons. The canonical representation uses + lowercase characters."; + } + + typedef uuid { + type string { + pattern '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-' + + '[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'; + } + description + "A Universally Unique IDentifier in the string representation + defined in RFC 4122. The canonical representation uses + lowercase characters. + + The following is an example of a UUID in string representation: + f81d4fae-7dec-11d0-a765-00a0c91e6bf6 + "; + reference + "RFC 4122: A Universally Unique IDentifier (UUID) URN + Namespace"; + } + + typedef dotted-quad { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'; + } + description + "An unsigned 32-bit number expressed in the dotted-quad + notation, i.e., four octets written as decimal numbers + and separated with the '.' (full stop) character."; + } + + /*** collection of YANG specific types ***/ + + typedef yang-identifier { + type string { + length "1..max"; + pattern '[a-zA-Z_][a-zA-Z0-9\-_.]*'; + pattern '.|..|[^xX].*|.[^mM].*|..[^lL].*'; + } + description + "A YANG identifier string as defined by the 'identifier' + rule in Section 12 of RFC 6020. An identifier must + start with an alphabetic character or an underscore + followed by an arbitrary sequence of alphabetic or + numeric characters, underscores, hyphens, or dots. + + A YANG identifier MUST NOT start with any possible + combination of the lowercase or uppercase character + sequence 'xml'."; + reference + "RFC 6020: YANG - A Data Modeling Language for the Network + Configuration Protocol (NETCONF)"; + } + + typedef revision-identifier { + type date { + pattern '\d{4}-\d{2}-\d{2}'; + } + description + "Represents a specific revision of a YANG module by means of + a date value without a time zone."; + } + + typedef node-instance-identifier { + type xpath1.0; + description + "Path expression used to represent a data node, action, + or notification instance-identifier string. + + A node-instance-identifier value is an unrestricted + YANG instance-identifier expression or the special + value '/', which refers to the entire accessible tree. + + All the rules for instance-identifier apply, except that + predicates for keys are optional. If a key predicate is + missing, then the node-instance-identifier represents all + possible server instances for that key. + + This XML Path Language (XPath) expression is evaluated in the + following context: + + o The set of namespace declarations are those in scope on + the leaf element where this type is used. + + o The set of variable bindings contains one variable, + 'USER', which contains the name of the user of the + current session. + + o The function library is the core function library, but + note that due to the syntax restrictions of an + instance-identifier, no functions are allowed. + + o The context node is the root node in the data tree. + + The accessible tree includes actions and notifications tied + to data nodes."; + } + + /* + * DISCUSS: + * - This is taken from RFC 8341 and the idea is that this definition + * is useful without requiring a dependency on NACM + * - What does the second bullet actually do? Do we keep this? + * - This interacts with the definition of xpath1.0. + */ + + /* DISCUSS: + * - It was suggested to add types for longitude, latitude, + * postal code, country-code. Do we go there or do we leave + * these for other modules to define? It seems such definitions + * should go into draft-ietf-netmod-geo-location. + */ + + /* DISCUSS: + * - It was suggested to add percentage types but they tend to differ + * widely. However, percentages are also widely used. + */ +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-crypto-types-2019-11-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-crypto-types-2019-11-20.yang new file mode 100644 index 0000000..de104d3 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-crypto-types-2019-11-20.yang @@ -0,0 +1,876 @@ +module ietf-crypto-types { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-crypto-types"; + prefix ct; + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + //import iana-hash-algs { + // prefix iha; + // reference + // "RFC XXXX: Common YANG Data Types for Cryptography"; + //} + + import iana-symmetric-algs { + prefix isa; + reference + "RFC XXXX: Common YANG Data Types for Cryptography"; + } + + import iana-asymmetric-algs { + prefix iasa; + reference + "RFC XXXX: Common YANG Data Types for Cryptography"; + } + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + Author: Kent Watsen + Author: Wang Haiguang "; + + description + "This module defines common YANG types for cryptographic + applications. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-11-20 { + description + "Initial version"; + reference + "RFC XXXX: Common YANG Data Types for Cryptography"; + } + + /****************/ + /* Features */ + /****************/ + + feature "one-asymmetric-key-format" { + description + "Indicates that the server supports the + 'one-asymmetric-key-format' identity."; + } + + feature "one-symmetric-key-format" { + description + "Indicates that the server supports the + 'one-symmetric-key-format' identity."; + } + + feature "encrypted-one-symmetric-key-format" { + description + "Indicates that the server supports the + 'encrypted-one-symmetric-key-format' identity."; + } + + feature "encrypted-one-asymmetric-key-format" { + description + "Indicates that the server supports the + 'encrypted-one-asymmetric-key-format' identity."; + } + + /********************************************/ + /* Identities for Key Format Structures */ + /********************************************/ + + /*** base key formats ****/ + + identity key-format-base { + description "Base key-format identity for all keys."; + } + + identity public-key-format { + base "key-format-base"; + description "Base key-format identity for public keys."; + } + + identity private-key-format { + base "key-format-base"; + description "Base key-format identity for private keys."; + } + + identity symmetric-key-format { + base "key-format-base"; + description "Base key-format identity for symmetric keys."; + } + + + /**** for private keys ****/ + identity rsa-private-key-format { + base "private-key-format"; + description + "Indicates that the private key value is encoded + as an RSAPrivateKey (from RFC 3447)."; + reference + "RFC 3447: PKCS #1: RSA Cryptography + Specifications Version 2.2"; + } + + identity ec-private-key-format { + base "private-key-format"; + description + "Indicates that the private key value is encoded + as an ECPrivateKey (from RFC 5915)"; + reference + "RFC 5915: Elliptic Curve Private Key Structure"; + } + + identity one-asymmetric-key-format { + if-feature "one-asymmetric-key-format"; + base "private-key-format"; + description + "Indicates that the private key value is encoded + as a OneAsymmetricKey structure (RFC 6031)."; + // FIXME: DER encoded ASN.1, etc...or flex PEM? + reference + "RFC 5958: Asymmetric Key Packages"; + } + + identity encrypted-one-asymmetric-key-format { + if-feature "encrypted-one-asymmetric-key-format"; + base "private-key-format"; + description + "Indicates that the private key value is encoded + as a OneAsymmetricKey structure (RFC 5958)."; + // FIXME: DER encoded ASN.1, etc...or flex PEM? + reference + "RFC 5652: Cryptographic Message Syntax (CMS) + RFC 5958: Asymmetric Key Packages"; + } + + + /**** for public keys ****/ + + identity ssh-public-key-format { + base "public-key-format"; + description + "Indicates that the public key value is encoded + an SSH public key, as described by RFC 4716."; + reference + "RFC 4716: The Secure Shell (SSH) Public Key + File Format"; + } + + identity subject-public-key-info-format { + base "public-key-format"; + description + "Indicates that the public key value is encoded as + a SubjectPublicKeyInfo structure, as described in + RFC 5280."; + // FIXME: DER encoded ASN.1, etc... + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile"; + } + + + /**** for symmetric keys ****/ + + identity octet-string-key-format { + base "symmetric-key-format"; + description + "Indicates that the key is encoded as a raw octet string."; + // FIXME + // Knowing that it is an "OctetString" isn't really helpful. + // Knowing the length of the octet string would be helpful, + // as it relates to the algorithm's block size. We may want + // to only (for now) use "one-symmetric-key-format" for + // symmetric keys...were the usability issues Juergen + // mentioned before only apply to asymmetric keys? + } + + identity one-symmetric-key-format { + if-feature "one-symmetric-key-format"; + base "symmetric-key-format"; + description + "Indicates that the symmetric key value is encoded + as a OneSymmetricKey (from RFC 6031)."; + // FIXME: DER encoded ASN.1, etc...or flex PEM? + reference + "RFC 6031: Cryptographic Message Syntax (CMS) + Symmetric Key Package Content Type"; + } + + identity encrypted-one-symmetric-key-format { + if-feature "encrypted-one-symmetric-key-format"; + base "symmetric-key-format"; + description + "Indicates that the symmetric key value is encoded + as an EncryptedData structure (RFC 5652) containing + OneSymmetricKey (RFC 6031)."; + // FIXME: DER encoded ASN.1, etc...or flex PEM? + reference + "RFC 5652: Cryptographic Message Syntax (CMS) + RFC 6031: Cryptographic Message Syntax (CMS) + Symmetric Key Package Content Type"; + } + + + + /***************************************************/ + /* Typedefs for ASN.1 structures from RFC 5280 */ + /***************************************************/ + + typedef x509 { + type binary; + description + "A Certificate structure, as specified in RFC 5280, + encoded using ASN.1 distinguished encoding rules (DER), + as specified in ITU-T X.690."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER)."; + } + + typedef crl { + type binary; + description + "A CertificateList structure, as specified in RFC 5280, + encoded using ASN.1 distinguished encoding rules (DER), + as specified in ITU-T X.690."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER)."; + } + + /***********************************************/ + /* Typedefs for ASN.1 structures from 5652 */ + /***********************************************/ + + typedef cms { + type binary; + description + "A ContentInfo structure, as specified in RFC 5652, + encoded using ASN.1 distinguished encoding rules (DER), + as specified in ITU-T X.690."; + reference + "RFC 5652: + Cryptographic Message Syntax (CMS) + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER)."; + } + + typedef data-content-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + data content type, as described by Section 4 in RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + typedef signed-data-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + signed-data content type, as described by Section 5 in + RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + typedef enveloped-data-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + enveloped-data content type, as described by Section 6 + in RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + typedef digested-data-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + digested-data content type, as described by Section 7 + in RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + typedef encrypted-data-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + encrypted-data content type, as described by Section 8 + in RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + typedef authenticated-data-cms { + type cms; + description + "A CMS structure whose top-most content type MUST be the + authenticated-data content type, as described by Section 9 + in RFC 5652."; + reference + "RFC 5652: Cryptographic Message Syntax (CMS)"; + } + + + /***************************************************/ + /* Typedefs for structures related to RFC 4253 */ + /***************************************************/ + + typedef ssh-host-key { + type binary; + description + "The binary public key data for an SSH key, as + specified by RFC 4253, Section 6.6, i.e.: + + string certificate or public key format + identifier + byte[n] key/certificate data."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer + Protocol"; + } + + /*********************************************************/ + /* Typedefs for ASN.1 structures related to RFC 5280 */ + /*********************************************************/ + + typedef trust-anchor-cert-x509 { + type x509; + description + "A Certificate structure that MUST encode a self-signed + root certificate."; + } + + typedef end-entity-cert-x509 { + type x509; + description + "A Certificate structure that MUST encode a certificate + that is neither self-signed nor having Basic constraint + CA true."; + } + + /*********************************************************/ + /* Typedefs for ASN.1 structures related to RFC 5652 */ + /*********************************************************/ + + typedef trust-anchor-cert-cms { + type signed-data-cms; + description + "A CMS SignedData structure that MUST contain the chain of + X.509 certificates needed to authenticate the certificate + presented by a client or end-entity. + + The CMS MUST contain only a single chain of certificates. + The client or end-entity certificate MUST only authenticate + to last intermediate CA certificate listed in the chain. + + In all cases, the chain MUST include a self-signed root + certificate. In the case where the root certificate is + itself the issuer of the client or end-entity certificate, + only one certificate is present. + + This CMS structure MAY (as applicable where this type is + used) also contain suitably fresh (as defined by local + policy) revocation objects with which the device can + verify the revocation status of the certificates. + + This CMS encodes the degenerate form of the SignedData + structure that is commonly used to disseminate X.509 + certificates and revocation objects (RFC 5280)."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile."; + } + + typedef end-entity-cert-cms { + type signed-data-cms; + description + "A CMS SignedData structure that MUST contain the end + entity certificate itself, and MAY contain any number + of intermediate certificates leading up to a trust + anchor certificate. The trust anchor certificate + MAY be included as well. + + The CMS MUST contain a single end entity certificate. + The CMS MUST NOT contain any spurious certificates. + + This CMS structure MAY (as applicable where this type is + used) also contain suitably fresh (as defined by local + policy) revocation objects with which the device can + verify the revocation status of the certificates. + + This CMS encodes the degenerate form of the SignedData + structure that is commonly used to disseminate X.509 + certificates and revocation objects (RFC 5280)."; + reference + "RFC 5280: + Internet X.509 Public Key Infrastructure Certificate + and Certificate Revocation List (CRL) Profile."; + } + + typedef ssh-public-key-type { // DELETE? + type binary; + description + "The binary public key data for this SSH key, as + specified by RFC 4253, Section 6.6, i.e.: + + string certificate or public key format + identifier + byte[n] key/certificate data."; + reference + "RFC 4253: The Secure Shell (SSH) Transport + Layer Protocol"; + } + + /**********************************************/ + /* Groupings for keys and/or certificates */ + /**********************************************/ + + grouping symmetric-key-grouping { + description + "A symmetric key and algorithm."; + leaf algorithm { + type isa:symmetric-algorithm-type; + mandatory true; + description + "The algorithm to be used when generating the key."; + reference + "RFC CCCC: Common YANG Data Types for Cryptography"; + } + leaf key-format { + nacm:default-deny-write; + when "../key or ../encrypted-key"; // FIXME: forward ref?! + type identityref { + base symmetric-key-format; + } + description "Identifies the symmetric key's format."; + } + choice key-type { + mandatory true; + description + "Choice between key types."; + leaf key { + nacm:default-deny-all; + type binary; + must "../key-format"; + description + "The binary value of the key. The interpretation of + the value is defined by 'key-format'. For example, + FIXME."; + reference + "RFC XXXX: FIXME"; + } + leaf hidden-key { + nacm:default-deny-write; + type empty; + description + "A permanently hidden key. How such keys are created + is outside the scope of this module."; + } + } + } + + grouping public-key-grouping { + description + "A public key and its associated algorithm."; + leaf algorithm { + nacm:default-deny-write; + type iasa:asymmetric-algorithm-type; + mandatory true; + description + "Identifies the key's algorithm."; + reference + "RFC CCCC: Common YANG Data Types for Cryptography"; + } + leaf public-key-format { + nacm:default-deny-write; + when "../public-key"; + type identityref { + base public-key-format; + } + description "Identifies the key's format."; + } + leaf public-key { + nacm:default-deny-write; + type binary; + must "../public-key-format"; + mandatory true; + description + "The binary value of the public key. The interpretation + of the value is defined by 'public-key-format' field."; + } + } + + grouping asymmetric-key-pair-grouping { + description + "A private key and its associated public key and algorithm."; + uses public-key-grouping; + leaf private-key-format { + nacm:default-deny-write; + type identityref { + base private-key-format; + } + description "Identifies the key's format."; + } + choice private-key-type { + mandatory true; + description + "Choice between key types."; + leaf private-key { + nacm:default-deny-all; + type binary; + must "../private-key-format"; + description + "The value of the binary key The key's value is + interpreted by the 'private-key-format' field."; + } + leaf hidden-private-key { + nacm:default-deny-write; + type empty; + description + "A permanently hidden key. How such keys are created + is outside the scope of this module."; + } + } + } + + grouping trust-anchor-cert-grouping { + description + "A trust anchor certificate, and a notification for when + it is about to (or already has) expire."; + leaf cert { + nacm:default-deny-write; + type trust-anchor-cert-cms; + description + "The binary certificate data for this certificate."; + reference + "RFC YYYY: Common YANG Data Types for Cryptography"; + } + notification certificate-expiration { + description + "A notification indicating that the configured certificate + is either about to expire or has already expired. When to + send notifications is an implementation specific decision, + but it is RECOMMENDED that a notification be sent once a + month for 3 months, then once a week for four weeks, and + then once a day thereafter until the issue is resolved."; + leaf expiration-date { + type yang:date-and-time; + mandatory true; + description + "Identifies the expiration date on the certificate."; + } + } + } + + grouping trust-anchor-certs-grouping { + description + "A list of trust anchor certificates, and a notification + for when one is about to (or already has) expire."; + leaf-list cert { + nacm:default-deny-write; + type trust-anchor-cert-cms; + description + "The binary certificate data for this certificate."; + reference + "RFC YYYY: Common YANG Data Types for Cryptography"; + } + notification certificate-expiration { + description + "A notification indicating that the configured certificate + is either about to expire or has already expired. When to + send notifications is an implementation specific decision, + but it is RECOMMENDED that a notification be sent once a + month for 3 months, then once a week for four weeks, and + then once a day thereafter until the issue is resolved."; + leaf expiration-date { + type yang:date-and-time; + mandatory true; + description + "Identifies the expiration date on the certificate."; + } + } + } + + grouping end-entity-cert-grouping { + description + "An end entity certificate, and a notification for when + it is about to (or already has) expire. Implementations + SHOULD assert that, where used, the end entity certificate + contains the expected public key."; + leaf cert { + nacm:default-deny-write; + type end-entity-cert-cms; + description + "The binary certificate data for this certificate."; + reference + "RFC YYYY: Common YANG Data Types for Cryptography"; + } + notification certificate-expiration { + description + "A notification indicating that the configured certificate + is either about to expire or has already expired. When to + send notifications is an implementation specific decision, + but it is RECOMMENDED that a notification be sent once a + month for 3 months, then once a week for four weeks, and + then once a day thereafter until the issue is resolved."; + leaf expiration-date { + type yang:date-and-time; + mandatory true; + description + "Identifies the expiration date on the certificate."; + } + } + } + + grouping end-entity-certs-grouping { + description + "A list of end entity certificates, and a notification for + when one is about to (or already has) expire."; + leaf-list cert { + nacm:default-deny-write; + type end-entity-cert-cms; + description + "The binary certificate data for this certificate."; + reference + "RFC YYYY: Common YANG Data Types for Cryptography"; + } + notification certificate-expiration { + description + "A notification indicating that the configured certificate + is either about to expire or has already expired. When to + send notifications is an implementation specific decision, + but it is RECOMMENDED that a notification be sent once a + month for 3 months, then once a week for four weeks, and + then once a day thereafter until the issue is resolved."; + leaf expiration-date { + type yang:date-and-time; + mandatory true; + description + "Identifies the expiration date on the certificate."; + } + } + } + + grouping asymmetric-key-pair-with-cert-grouping { + description + "A private/public key pair and an associated certificate. + Implementations SHOULD assert that certificates contain + the matching public key."; + uses asymmetric-key-pair-grouping; + uses end-entity-cert-grouping; + action generate-certificate-signing-request { + nacm:default-deny-all; + description + "Generates a certificate signing request structure for + the associated asymmetric key using the passed subject + and attribute values. The specified assertions need + to be appropriate for the certificate's use. For + example, an entity certificate for a TLS server + SHOULD have values that enable clients to satisfy + RFC 6125 processing."; + input { + leaf subject { + type binary; + mandatory true; + description + "The 'subject' field per the CertificationRequestInfo + structure as specified by RFC 2986, Section 4.1 + encoded using the ASN.1 distinguished encoding + rules (DER), as specified in ITU-T X.690."; + reference + "RFC 2986: + PKCS #10: Certification Request Syntax + Specification Version 1.7. + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER)."; + } + leaf attributes { + type binary; + description + "The 'attributes' field from the structure + CertificationRequestInfo as specified by RFC 2986, + Section 4.1 encoded using the ASN.1 distinguished + encoding rules (DER), as specified in ITU-T X.690."; + reference + "RFC 2986: + PKCS #10: Certification Request Syntax + Specification Version 1.7. + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER)."; + } + } + output { + leaf certificate-signing-request { + type binary; + mandatory true; + description + "A CertificationRequest structure as specified by + RFC 2986, Section 4.2 encoded using the ASN.1 + distinguished encoding rules (DER), as specified + in ITU-T X.690."; + reference + "RFC 2986: + PKCS #10: Certification Request Syntax + Specification Version 1.7. + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER)."; + } + } + } // generate-certificate-signing-request + } // asymmetric-key-pair-with-cert-grouping + + grouping asymmetric-key-pair-with-certs-grouping { + description + "A private/public key pair and associated certificates. + Implementations SHOULD assert that certificates contain + the matching public key."; + uses asymmetric-key-pair-grouping; + container certificates { + nacm:default-deny-write; + description + "Certificates associated with this asymmetric key. + More than one certificate supports, for instance, + a TPM-protected asymmetric key that has both IDevID + and LDevID certificates associated."; + list certificate { + key "name"; + description + "A certificate for this asymmetric key."; + leaf name { + type string; + description + "An arbitrary name for the certificate. If the name + matches the name of a certificate that exists + independently in (i.e., an IDevID), + then the 'cert' node MUST NOT be configured."; + } + uses end-entity-cert-grouping; + } + } // certificates + action generate-certificate-signing-request { + nacm:default-deny-all; + description + "Generates a certificate signing request structure for + the associated asymmetric key using the passed subject + and attribute values. The specified assertions need + to be appropriate for the certificate's use. For + example, an entity certificate for a TLS server + SHOULD have values that enable clients to satisfy + RFC 6125 processing."; + input { + leaf subject { + type binary; + mandatory true; + description + "The 'subject' field per the CertificationRequestInfo + structure as specified by RFC 2986, Section 4.1 + encoded using the ASN.1 distinguished encoding + rules (DER), as specified in ITU-T X.690."; + reference + "RFC 2986: + PKCS #10: Certification Request Syntax + Specification Version 1.7. + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER)."; + } + leaf attributes { + type binary; + description + "The 'attributes' field from the structure + CertificationRequestInfo as specified by RFC 2986, + Section 4.1 encoded using the ASN.1 distinguished + encoding rules (DER), as specified in ITU-T X.690."; + reference + "RFC 2986: + PKCS #10: Certification Request Syntax + Specification Version 1.7. + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER)."; + } + } + output { + leaf certificate-signing-request { + type binary; + mandatory true; + description + "A CertificationRequest structure as specified by + RFC 2986, Section 4.2 encoded using the ASN.1 + distinguished encoding rules (DER), as specified + in ITU-T X.690."; + reference + "RFC 2986: + PKCS #10: Certification Request Syntax + Specification Version 1.7. + ITU-T X.690: + Information technology - ASN.1 encoding rules: + Specification of Basic Encoding Rules (BER), + Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER)."; + } + } + } // generate-certificate-signing-request + } // asymmetric-key-pair-with-certs-grouping +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-inet-types-2019-11-04.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-inet-types-2019-11-04.yang new file mode 100644 index 0000000..dffb111 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-inet-types-2019-11-04.yang @@ -0,0 +1,589 @@ +module ietf-inet-types { + + namespace "urn:ietf:params:xml:ns:yang:ietf-inet-types"; + prefix "inet"; + + organization + "IETF Network Modeling (NETMOD) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Juergen Schoenwaelder + "; + + description + "This module contains a collection of generally useful derived + YANG data types for Internet addresses and related things. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; + see the RFC itself for full legal notices."; + revision 2019-11-04 { + description + "This revision adds the following new data types: + - ip-address-and-prefix + - ipv4-address-and-prefix + - ipv6-address-and-prefix + - email-address"; + reference + "RFC XXXX: Common YANG Data Types"; + } + + revision 2013-07-15 { + description + "This revision adds the following new data types: + - ip-address-no-zone + - ipv4-address-no-zone + - ipv6-address-no-zone"; + reference + "RFC 6991: Common YANG Data Types"; + } + + revision 2010-09-24 { + description + "Initial revision."; + reference + "RFC 6021: Common YANG Data Types"; + } + + /*** collection of types related to protocol fields ***/ + + typedef ip-version { + type enumeration { + enum unknown { + value "0"; + description + "An unknown or unspecified version of the Internet + protocol."; + } + enum ipv4 { + value "1"; + description + "The IPv4 protocol as defined in RFC 791."; + } + enum ipv6 { + value "2"; + description + "The IPv6 protocol as defined in RFC 2460."; + } + } + description + "This value represents the version of the IP protocol. + + In the value set and its semantics, this type is equivalent + to the InetVersion textual convention of the SMIv2."; + reference + "RFC 791: Internet Protocol + RFC 2460: Internet Protocol, Version 6 (IPv6) Specification + RFC 4001: Textual Conventions for Internet Network Addresses"; + } + + typedef dscp { + type uint8 { + range "0..63"; + } + description + "The dscp type represents a Differentiated Services Code Point + that may be used for marking packets in a traffic stream. + + In the value set and its semantics, this type is equivalent + to the Dscp textual convention of the SMIv2."; + reference + "RFC 3289: Management Information Base for the Differentiated + Services Architecture + RFC 2474: Definition of the Differentiated Services Field + (DS Field) in the IPv4 and IPv6 Headers + RFC 2780: IANA Allocation Guidelines For Values In + the Internet Protocol and Related Headers"; + } + + typedef ipv6-flow-label { + type uint32 { + range "0..1048575"; + } + description + "The ipv6-flow-label type represents the flow identifier or + Flow Label in an IPv6 packet header that may be used to + discriminate traffic flows. + + In the value set and its semantics, this type is equivalent + to the IPv6FlowLabel textual convention of the SMIv2."; + reference + "RFC 3595: Textual Conventions for IPv6 Flow Label + RFC 2460: Internet Protocol, Version 6 (IPv6) Specification"; + } + + typedef port-number { + type uint16 { + range "0..65535"; + } + description + "The port-number type represents a 16-bit port number of an + Internet transport-layer protocol such as UDP, TCP, DCCP, or + SCTP. Port numbers are assigned by IANA. A current list of + all assignments is available from . + + Note that the port number value zero is reserved by IANA. In + situations where the value zero does not make sense, it can + be excluded by subtyping the port-number type. + + In the value set and its semantics, this type is equivalent + to the InetPortNumber textual convention of the SMIv2."; + reference + "RFC 768: User Datagram Protocol + RFC 793: Transmission Control Protocol + RFC 4960: Stream Control Transmission Protocol + RFC 4340: Datagram Congestion Control Protocol (DCCP) + RFC 4001: Textual Conventions for Internet Network Addresses"; + } + + /*** collection of types related to autonomous systems ***/ + + typedef as-number { + type uint32; + description + "The as-number type represents autonomous system numbers + which identify an Autonomous System (AS). An AS is a set + of routers under a single technical administration, using + an interior gateway protocol and common metrics to route + packets within the AS, and using an exterior gateway + protocol to route packets to other ASes. IANA maintains + the AS number space and has delegated large parts to the + regional registries. + + Autonomous system numbers were originally limited to 16 + bits. BGP extensions have enlarged the autonomous system + number space to 32 bits. This type therefore uses an uint32 + base type without a range restriction in order to support + a larger autonomous system number space. + + In the value set and its semantics, this type is equivalent + to the InetAutonomousSystemNumber textual convention of + the SMIv2."; + reference + "RFC 1930: Guidelines for creation, selection, and registration + of an Autonomous System (AS) + RFC 4271: A Border Gateway Protocol 4 (BGP-4) + RFC 4001: Textual Conventions for Internet Network Addresses + RFC 6793: BGP Support for Four-Octet Autonomous System (AS) + Number Space"; + } + + /*** collection of types related to IP addresses and hostnames ***/ + + typedef ip-address { + type union { + type inet:ipv4-address; + type inet:ipv6-address; + } + description + "The ip-address type represents an IP address and is IP + version neutral. The format of the textual representation + implies the IP version. This type supports scoped addresses + by allowing zone identifiers in the address format."; + reference + "RFC 4007: IPv6 Scoped Address Architecture"; + } + + typedef ipv4-address { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])' + + '(%[\p{N}\p{L}]+)?'; + } + description + "The ipv4-address type represents an IPv4 address in + dotted-quad notation. The IPv4 address may include a zone + index, separated by a % sign. + + The zone index is used to disambiguate identical address + values. For link-local addresses, the zone index will + typically be the interface index number or the name of an + interface. If the zone index is not present, the default + zone of the device will be used. + + The canonical format for the zone index is the numerical + format"; + } + + typedef ipv6-address { + type string { + pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}' + + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|' + + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}' + + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))' + + '(%[\p{N}\p{L}]+)?'; + pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|' + + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)' + + '(%.+)?'; + } + description + "The ipv6-address type represents an IPv6 address in full, + mixed, shortened, and shortened-mixed notation. The IPv6 + address may include a zone index, separated by a % sign. + + The zone index is used to disambiguate identical address + values. For link-local addresses, the zone index will + typically be the interface index number or the name of an + interface. If the zone index is not present, the default + zone of the device will be used. + + The canonical format of IPv6 addresses uses the textual + representation defined in Section 4 of RFC 5952. The + canonical format for the zone index is the numerical + format as described in Section 11.2 of RFC 4007."; + reference + "RFC 4291: IP Version 6 Addressing Architecture + RFC 4007: IPv6 Scoped Address Architecture + RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + typedef ip-address-no-zone { + type union { + type inet:ipv4-address-no-zone; + type inet:ipv6-address-no-zone; + } + description + "The ip-address-no-zone type represents an IP address and is + IP version neutral. The format of the textual representation + implies the IP version. This type does not support scoped + addresses since it does not allow zone identifiers in the + address format."; + reference + "RFC 4007: IPv6 Scoped Address Architecture"; + } + + typedef ipv4-address-no-zone { + type inet:ipv4-address { + pattern '[0-9\.]*'; + } + description + "An IPv4 address without a zone index. This type, derived from + ipv4-address, may be used in situations where the zone is known + from the context and hence no zone index is needed."; + } + + typedef ipv6-address-no-zone { + type inet:ipv6-address { + pattern '[0-9a-fA-F:\.]*'; + } + description + "An IPv6 address without a zone index. This type, derived from + ipv6-address, may be used in situations where the zone is known + from the context and hence no zone index is needed."; + reference + "RFC 4291: IP Version 6 Addressing Architecture + RFC 4007: IPv6 Scoped Address Architecture + RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + typedef ip-prefix { + type union { + type inet:ipv4-prefix; + type inet:ipv6-prefix; + } + description + "The ip-prefix type represents an IP prefix and is IP + version neutral. The format of the textual representations + implies the IP version."; + } + + typedef ipv4-prefix { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])' + + '/(([0-9])|([1-2][0-9])|(3[0-2]))'; + } + description + "The ipv4-prefix type represents an IPv4 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 32. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0. + The canonical format of an IPv4 prefix has all bits of + the IPv4 address set to zero that are not part of the + IPv4 prefix. + + The definition of ipv4-prefix does not require that bits, + which are not part of the prefix, are set to zero. However, + implementations have to return values in canonical format, + which requires non-prefix bits to be set to zero. This means + that 192.0.2.1/24 must be accepted as a valid value but it + will be converted into the canonical format 192.0.2.0/24."; + } + + typedef ipv6-prefix { + type string { + pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}' + + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|' + + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}' + + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))' + + '(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8])))'; + pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|' + + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)' + + '(/.+)'; + } + description + "The ipv6-prefix type represents an IPv6 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 128. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0. + + The canonical format of an IPv6 prefix has all bits of + the IPv6 address set to zero that are not part of the + IPv6 prefix. Furthermore, the IPv6 address is represented + as defined in Section 4 of RFC 5952. + + The definition of ipv6-prefix does not require that bits, + which are not part of the prefix, are set to zero. However, + implementations have to return values in canonical format, + which requires non-prefix bits to be set to zero. This means + that 2001:db8::1/64 must be accepted as a valid value but it + will be converted into the canonical format 2001:db8::/64."; + reference + "RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + typedef ip-address-and-prefix { + type union { + type inet:ipv4-address-and-prefix; + type inet:ipv6-address-and-prefix; + } + description + "The ip-address-and-prefix type represents an IP address and + prefix and is IP version neutral. The format of the textual + representations implies the IP version."; + } + + typedef ipv4-address-and-prefix { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])' + + '/(([0-9])|([1-2][0-9])|(3[0-2]))'; + } + description + "The ipv4-address-and-prefix type represents an IPv4 + address and an associated ipv4 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 32. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0."; + } + + typedef ipv6-address-and-prefix { + type string { + pattern '((:|[0-9a-fA-F]{0,4}):)([0-9a-fA-F]{0,4}:){0,5}' + + '((([0-9a-fA-F]{0,4}:)?(:|[0-9a-fA-F]{0,4}))|' + + '(((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}' + + '(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])))' + + '(/(([0-9])|([0-9]{2})|(1[0-1][0-9])|(12[0-8])))'; + pattern '(([^:]+:){6}(([^:]+:[^:]+)|(.*\..*)))|' + + '((([^:]+:)*[^:]+)?::(([^:]+:)*[^:]+)?)' + + '(/.+)'; + } + description + "The ipv6-address-and-prefix type represents an IPv6 + address and an associated ipv4 prefix. + The prefix length is given by the number following the + slash character and must be less than or equal to 128. + + A prefix length value of n corresponds to an IP address + mask that has n contiguous 1-bits from the most + significant bit (MSB) and all other bits set to 0. + + The canonical format requires that the IPv6 address is + represented as defined in Section 4 of RFC 5952."; + reference + "RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + /*** collection of domain name and URI types ***/ + + typedef domain-name { + type string { + length "1..253"; + pattern + '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' + + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)' + + '|\.'; + } + description + "The domain-name type represents a DNS domain name. The + name SHOULD be fully qualified whenever possible. This + type does not support wildcards (see RFC 4592) or + classless in-addr.arpa delegations (see RFC 2317). + + Internet domain names are only loosely specified. Section + 3.5 of RFC 1034 recommends a syntax (modified in Section + 2.1 of RFC 1123). The pattern above is intended to allow + for current practice in domain name use, and some possible + future expansion. Note that Internet host names have a + stricter syntax (described in RFC 952) than the DNS + recommendations in RFCs 1034 and 1123, and that systems + that want to store host names in schema node instances + using the domain-name type are recommended to adhere to + this stricter standard to ensure interoperability. + + The encoding of DNS names in the DNS protocol is limited + to 255 characters. Since the encoding consists of labels + prefixed by a length bytes and there is a trailing NULL + byte, only 253 characters can appear in the textual dotted + notation. + + The description clause of schema nodes using the domain-name + type MUST describe when and how these names are resolved to + IP addresses. Note that the resolution of a domain-name value + may require to query multiple DNS records (e.g., A for IPv4 + and AAAA for IPv6). The order of the resolution process and + which DNS record takes precedence can either be defined + explicitly or may depend on the configuration of the + resolver. + + Domain-name values use the US-ASCII encoding. Their canonical + format uses lowercase US-ASCII characters. Internationalized + domain names MUST be A-labels as per RFC 5890."; + reference + "RFC 952: DoD Internet Host Table Specification + RFC 1034: Domain Names - Concepts and Facilities + RFC 1123: Requirements for Internet Hosts -- Application + and Support + RFC 2317: Classless IN-ADDR.ARPA delegation + RFC 2782: A DNS RR for specifying the location of services + (DNS SRV) + RFC 4592: The Role of Wildcards in the Domain Name System + RFC 5890: Internationalized Domain Names in Applications + (IDNA): Definitions and Document Framework"; + } + + typedef host { + type union { + type inet:ip-address; + type inet:domain-name; + } + description + "The host type represents either an IP address or a DNS + domain name."; + } + + /* + * DISCUSS: + * - Lada suggested to replace the inet:domain-name usage in + * the union with a new host-name definition that follows + * the NR-LDH definition in RFC 5890. + */ + + typedef uri { + type string; + description + "The uri type represents a Uniform Resource Identifier + (URI) as defined by STD 66. + + Objects using the uri type MUST be in US-ASCII encoding, + and MUST be normalized as described by RFC 3986 Sections + 6.2.1, 6.2.2.1, and 6.2.2.2. All unnecessary + percent-encoding is removed, and all case-insensitive + characters are set to lowercase except for hexadecimal + digits, which are normalized to uppercase as described in + Section 6.2.2.1. + + The purpose of this normalization is to help provide + unique URIs. Note that this normalization is not + sufficient to provide uniqueness. Two URIs that are + textually distinct after this normalization may still be + equivalent. + + Objects using the uri type may restrict the schemes that + they permit. For example, 'data:' and 'urn:' schemes + might not be appropriate. + + A zero-length URI is not a valid URI. This can be used to + express 'URI absent' where required. + + In the value set and its semantics, this type is equivalent + to the Uri SMIv2 textual convention defined in RFC 5017."; + reference + "RFC 3986: Uniform Resource Identifier (URI): Generic Syntax + RFC 3305: Report from the Joint W3C/IETF URI Planning Interest + Group: Uniform Resource Identifiers (URIs), URLs, + and Uniform Resource Names (URNs): Clarifications + and Recommendations + RFC 5017: MIB Textual Conventions for Uniform Resource + Identifiers (URIs)"; + } + + typedef email-address { + type string { + // dot-atom-text "@" ... + pattern '[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+' + + '(\.[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+)*' + + '@' + + '[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+' + + '(\.[a-zA-Z0-9!#$%&'+"'"+'*+/=?^_`{|}~-]+)*'; + } + description + "The email-address type represents an email address as + defined as addr-spec in RFC 5322 section 3.4.1."; + reference + "RFC 5322: Internet Message Format"; + } + + /* + * DISCUSS: + * - It was suggested to add email types following RFC 5322 + * email-address (addr-spec, per Section 3.4.1) + * named-email-address (name-addr, per Section 3.4) + * - This sounds useful but the devil is in the details, + * in particular name-addr is a quite complex construct; + * perhaps addr-spec is sufficient, this is also the + * format allowed in mailto: URIs (mailto: seems to use + * only a subset of addr-spec which may be good enough + * here as well). + * - Need to define a pattern that has a meaningful trade-off + * between precision and complexity (there are very tight + * pattern that are very long and complex). The current + * pattern does not take care of quoted-string, obs-local-part, + * domain-literal, obs-domain. + */ + + /* + * DISCUSS: + * - There was a request to add types for URI fields (scheme, + * authority, path, query, fragment) but it is not clear how + * commonly useful these types are, the WG was pretty silent + * about this proposal. On the technical side, it is unclear + * whether data is represented with percent escapes resolved + * or not. (Mahesh's proposal does not spell this out, the + * pattern does not allow the % character, which may be wrong.) + */ +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-keystore-2019-11-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-keystore-2019-11-20.yang new file mode 100644 index 0000000..0d0dda1 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-keystore-2019-11-20.yang @@ -0,0 +1,521 @@ +module ietf-keystore { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-keystore"; + prefix ks; + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + import ietf-crypto-types { + prefix ct; + reference + "RFC AAAA: Common YANG Data Types for Cryptography"; + } + + //import iana-hash-algs { + // prefix iha; + // reference + // "RFC AAAA: Common YANG Data Types for Cryptography"; + //} + + import iana-symmetric-algs { + prefix isa; + reference + "RFC AAAA: Common YANG Data Types for Cryptography"; + } + + import iana-asymmetric-algs { + prefix iasa; + reference + "RFC AAAA: Common YANG Data Types for Cryptography"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + Author: Kent Watsen "; + + description + "This module defines a keystore to centralize management + of security credentials. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-11-20 { + description + "Initial version"; + reference + "RFC XXXX: A YANG Data Model for a Keystore"; + } + + /****************/ + /* Features */ + /****************/ + + feature keystore-supported { + description + "The 'keystore-supported' feature indicates that the server + supports the keystore."; + } + + feature local-definitions-supported { + description + "The 'local-definitions-supported' feature indicates that the + server supports locally-defined keys."; + } + + feature key-generation { + description + "Indicates that the server supports the actions related to + the life cycling keys in . To be used by + configuration, keys in must be copied to + ."; + } + + /****************/ + /* Typedefs */ + /****************/ + + typedef symmetric-key-ref { + type leafref { + path "/ks:keystore/ks:symmetric-keys/ks:symmetric-key" + + "/ks:name"; + } + description + "This typedef enables modules to easily define a reference + to a symmetric key stored in the keystore."; + } + + typedef asymmetric-key-ref { + type leafref { + path "/ks:keystore/ks:asymmetric-keys/ks:asymmetric-key" + + "/ks:name"; + } + description + "This typedef enables modules to easily define a reference + to an asymmetric key stored in the keystore."; + } + + /*****************/ + /* Groupings */ + /*****************/ + + + grouping key-reference-type-grouping { + description + "A reusable grouping for a choice for the type of key + referenced in the keystore."; + choice key-type { + mandatory true; + description + "A choice between a reference to a symmetric or asymmetric + key in the keystore."; + leaf symmetric-key-ref { + if-feature "keystore-supported"; + type leafref { + path "/ks:keystore/ks:symmetric-keys/ks:symmetric-key/" + + "ks:name"; + } + description + "Identifies a symmetric key used to encrypt this key."; + } + leaf asymmetric-key-ref { + if-feature "keystore-supported"; + type leafref { + path "/ks:keystore/ks:asymmetric-keys/ks:asymmetric-key/" + + "ks:name"; + } + description + "Identifies an asymmetric key used to encrypt this key."; + } + } + } + + grouping encrypted-value-grouping { + description + "A reusable grouping for a value that has been encrypted by + a symmetric or asymmetric key in the keystore."; + uses "key-reference-type-grouping"; + leaf value { + type binary; + description + "The private key, encrypted using the specified symmetric + or asymmetric key."; + } + } + + grouping symmetric-key-grouping { + description + "This grouping is identical to the one in ietf-crypto-types + except that it adds a case statement enabling the key + value to be encrypted by a symmetric or an asymmetric + key known to the keystore."; + uses ct:symmetric-key-grouping { + augment "key-type" { + description + "Augments a new 'case' statement into the 'choice' + statement defined by the ietf-crypto-types module."; + container encrypted-key { + must "../key-format"; + description + "A container for the encrypted symmetric key value."; + uses encrypted-value-grouping; + } + } + } + } + + grouping asymmetric-key-pair-grouping { + description + "This grouping is identical to the one in ietf-crypto-types + except that it adds a case statement enabling the key + value to be encrypted by a symmetric or an asymmetric + key known to the keystore."; + uses ct:asymmetric-key-pair-grouping { + augment "private-key-type" { + description + "Augments a new 'case' statement into the 'choice' + statement defined by the ietf-crypto-types module."; + container encrypted-private-key { + must "../private-key-format"; + description + "A container for the encrypted asymmetric private + key value."; + uses encrypted-value-grouping; + } + } + } + } + grouping asymmetric-key-pair-with-cert-grouping { + description + "This grouping is identical to the one in ietf-crypto-types + except that it adds a case statement enabling the key + value to be encrypted by a symmetric or an asymmetric + key known to the keystore."; + uses ct:asymmetric-key-pair-with-cert-grouping { + augment "private-key-type" { + description + "Augments a new 'case' statement into the 'choice' + statement defined by the ietf-crypto-types module."; + container encrypted-private-key { + must "../private-key-format"; + description + "A container for the encrypted asymmetric private + key value."; + uses encrypted-value-grouping; + } + } + } + } + + grouping asymmetric-key-pair-with-certs-grouping { + description + "This grouping is identical to the one in ietf-crypto-types + except that it adds a case statement enabling the key + value to be encrypted by a symmetric or an asymmetric + key known to the keystore."; + uses ct:asymmetric-key-pair-with-certs-grouping { + augment "private-key-type" { + description + "Augments a new 'case' statement into the 'choice' + statement defined by the ietf-crypto-types module."; + container encrypted-private-key { + must "../private-key-format"; + description + "A container for the encrypted asymmetric private + key value."; + uses encrypted-value-grouping; + } + } + } + } + + grouping asymmetric-key-certificate-ref-grouping { + leaf asymmetric-key { + type ks:asymmetric-key-ref; + must '../certificate'; + description + "A reference to an asymmetric key in the keystore."; + } + leaf certificate { + type leafref { + path "/ks:keystore/ks:asymmetric-keys/ks:asymmetric-key[ks:" + + "name = current()/../asymmetric-key]/ks:certificates" + + "/ks:certificate/ks:name"; + } + must '../asymmetric-key'; + description + "A reference to a specific certificate of the + asymmetric key in the keystore."; + } + description + "This grouping defines a reference to a specific certificate + associated with an asymmetric key stored in the keystore."; + } + + + // local-or-keystore-* groupings + + grouping local-or-keystore-symmetric-key-grouping { + description + "A grouping that expands to allow the symmetric key to be + either stored locally, within the using data model, or be + a reference to an symmetric key stored in the keystore."; + choice local-or-keystore { + mandatory true; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold the local key definition."; + uses symmetric-key-grouping; + } + } + case keystore { + if-feature "keystore-supported"; + leaf keystore-reference { + type ks:symmetric-key-ref; + description + "A reference to an symmetric key that exists in + the keystore."; + } + } + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + } + } + + grouping local-or-keystore-asymmetric-key-grouping { + description + "A grouping that expands to allow the asymmetric key to be + either stored locally, within the using data model, or be + a reference to an asymmetric key stored in the keystore."; + choice local-or-keystore { + mandatory true; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold the local key definition."; + uses asymmetric-key-pair-grouping; + } + } + case keystore { + if-feature "keystore-supported"; + leaf keystore-reference { + type ks:asymmetric-key-ref; + description + "A reference to an asymmetric key that exists in + the keystore. The intent is to reference just the + asymmetric key without any regard for any certificates + that may be associated with it."; + } + } + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + } + } + + grouping local-or-keystore-asymmetric-key-with-certs-grouping { + description + "A grouping that expands to allow an asymmetric key and its + associated certificates to be either stored locally, within + the using data model, or be a reference to an asymmetric key + (and its associated certificates) stored in the keystore."; + choice local-or-keystore { + mandatory true; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold the local key definition."; + uses asymmetric-key-pair-with-certs-grouping; + } + } + case keystore { + if-feature "keystore-supported"; + leaf keystore-reference { + type ks:asymmetric-key-ref; + description + "A reference to an asymmetric-key (and all of its + associated certificates) in the keystore."; + } + } + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + } + } + + grouping local-or-keystore-end-entity-cert-with-key-grouping { + description + "A grouping that expands to allow an end-entity certificate + (and its associated private key) to be either stored locally, + within the using data model, or be a reference to a specific + certificate in the keystore."; + choice local-or-keystore { + mandatory true; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold the local key definition."; + uses asymmetric-key-pair-with-cert-grouping; + } + } + case keystore { + if-feature "keystore-supported"; + container keystore-reference { + uses asymmetric-key-certificate-ref-grouping; + description + "A reference to a specific certificate (and its + associated private key) in the keystore."; + } + } + description + "A choice between an inlined definition and a definition + that exists in the keystore."; + } + } + + grouping keystore-grouping { + description + "Grouping definition enables use in other contexts. If ever + done, implementations SHOULD augment new 'case' statements + into local-or-keystore 'choice' statements to supply leafrefs + to the new location."; + container asymmetric-keys { + description + "A list of asymmetric keys."; + list asymmetric-key { + key "name"; + description + "An asymmetric key."; + leaf name { + type string; + description + "An arbitrary name for the asymmetric key."; + } + uses ks:asymmetric-key-pair-with-certs-grouping; + } + action generate-asymmetric-key { + //nacm:default-deny-all; + description + "Requests the device to generate an asymmetric key using + the specified key algorithm, optionally encrypted using + a key in the keystore. The output is this RPC can be + used as input to a subsequent configuration request."; + input { + leaf algorithm { + type iasa:asymmetric-algorithm-type; + mandatory true; + description + "The algorithm to be used when generating the key."; + reference + "RFC AAAA: Common YANG Data Types for Cryptography"; + } + container encrypt-with { + presence + "Indicates that the key should be encrypted using + the specified symmetric or asymmetric key. If not + specified, then the private key is not encrypted + when returned."; + description + "A container for the 'key-type' choice."; + uses key-reference-type-grouping; + } + } + output { + uses ks:asymmetric-key-pair-grouping; + } + } // end generate-asymmetric-key + } + container symmetric-keys { + description + "A list of symmetric keys."; + list symmetric-key { + key "name"; + description + "A symmetric key."; + leaf name { + type string; + description + "An arbitrary name for the symmetric key."; + } + uses ks:symmetric-key-grouping; + } + action generate-symmetric-key { + //nacm:default-deny-all; + description + "Requests the device to generate an symmetric key using + the specified key algorithm, optionally encrypted using + a key in the keystore. The output is this RPC can be + used as input to a subsequent configuration request."; + input { + leaf algorithm { + type isa:symmetric-algorithm-type; + mandatory true; + description + "The algorithm to be used when generating the key."; + reference + "RFC AAAA: Common YANG Data Types for Cryptography"; + } + container encrypt-with { + presence + "Indicates that the key should be encrypted using + the specified symmetric or asymmetric key. If not + specified, then the private key is not encrypted + when returned."; + description + "A container for the 'key-type' choice."; + uses key-reference-type-grouping; + } + } + output { + uses ks:symmetric-key-grouping; + } + } // end generate-symmetric-key + } + } // grouping keystore-grouping + + + /*********************************/ + /* Protocol accessible nodes */ + /*********************************/ + + container keystore { + nacm:default-deny-write; + description + "The keystore contains a list of keys."; + uses keystore-grouping; + } + + +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-netconf-client-2019-11-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-netconf-client-2019-11-20.yang new file mode 100644 index 0000000..4952064 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-netconf-client-2019-11-20.yang @@ -0,0 +1,511 @@ +module ietf-netconf-client { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-client"; + prefix ncc; + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + + import ietf-tcp-client { + prefix tcpc; + reference + "RFC BBBB: YANG Groupings for TCP Clients and TCP Servers"; + } + + import ietf-tcp-server { + prefix tcps; + reference + "RFC BBBB: YANG Groupings for TCP Clients and TCP Servers"; + } + + import ietf-ssh-client { + prefix sshc; + revision-date 2019-11-20; // stable grouping definitions + reference + "RFC CCCC: YANG Groupings for SSH Clients and SSH Servers"; + } + + import ietf-tls-client { + prefix tlsc; + revision-date 2019-11-20; // stable grouping definitions + reference + "RFC DDDD: YANG Groupings for TLS Clients and TLS Servers"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + Author: Kent Watsen + Author: Gary Wu "; + + description + "This module contains a collection of YANG definitions + for configuring NETCONF clients. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-11-20 { + description + "Initial version"; + reference + "RFC XXXX: NETCONF Client and Server Models"; + } + + // Features + + feature ssh-initiate { + description + "The 'ssh-initiate' feature indicates that the NETCONF client + supports initiating SSH connections to NETCONF servers."; + reference + "RFC 6242: + Using the NETCONF Protocol over Secure Shell (SSH)"; + } + + feature tls-initiate { + description + "The 'tls-initiate' feature indicates that the NETCONF client + supports initiating TLS connections to NETCONF servers."; + reference + "RFC 7589: Using the NETCONF Protocol over Transport + Layer Security (TLS) with Mutual X.509 Authentication"; + } + + feature ssh-listen { + description + "The 'ssh-listen' feature indicates that the NETCONF client + supports opening a port to listen for incoming NETCONF + server call-home SSH connections."; + reference + "RFC 8071: NETCONF Call Home and RESTCONF Call Home"; + } + + feature tls-listen { + description + "The 'tls-listen' feature indicates that the NETCONF client + supports opening a port to listen for incoming NETCONF + server call-home TLS connections."; + reference + "RFC 8071: NETCONF Call Home and RESTCONF Call Home"; + } + + // Groupings + + grouping netconf-client-grouping { + description + "A reusable grouping for configuring a NETCONF client + without any consideration for how underlying transport + sessions are established. + + This grouping currently doesn't define any nodes."; + } + + grouping netconf-client-initiate-stack-grouping { + description + "A reusable grouping for configuring a NETCONF client + 'initiate' protocol stack for a single connection."; + choice transport { + mandatory true; + description + "Selects between available transports."; + case ssh { + if-feature "ssh-initiate"; + container ssh { + description + "Specifies IP and SSH specific configuration + for the connection."; + container tcp-client-parameters { + description + "A wrapper around the TCP client parameters + to avoid name collisions."; + uses tcpc:tcp-client-grouping { + refine "remote-port" { + default "830"; + description + "The NETCONF client will attempt to connect + to the IANA-assigned well-known port value + for 'netconf-ssh' (443) if no value is + specified."; + } + } + } + container ssh-client-parameters { + description + "A wrapper around the SSH client parameters to + avoid name collisions."; + uses sshc:ssh-client-grouping; + } + container netconf-client-parameters { + description + "A wrapper around the NETCONF client parameters + to avoid name collisions."; + uses ncc:netconf-client-grouping; + } + } + } + case tls { + if-feature "tls-initiate"; + container tls { + description + "Specifies IP and TLS specific configuration + for the connection."; + container tcp-client-parameters { + description + "A wrapper around the TCP client parameters + to avoid name collisions."; + uses tcpc:tcp-client-grouping { + refine "remote-port" { + default "6513"; + description + "The NETCONF client will attempt to connect + to the IANA-assigned well-known port value + for 'netconf-tls' (6513) if no value is + specified."; + } + } + } + container tls-client-parameters { + must "client-identity" { + description + "NETCONF/TLS clients MUST pass some + authentication credentials."; + } + description + "A wrapper around the TLS client parameters + to avoid name collisions."; + uses tlsc:tls-client-grouping; + } + container netconf-client-parameters { + description + "A wrapper around the NETCONF client parameters + to avoid name collisions."; + uses ncc:netconf-client-grouping; + } + } + } + } + } // netconf-client-initiate-stack-grouping + + grouping netconf-client-listen-stack-grouping { + description + "A reusable grouping for configuring a NETCONF client + 'listen' protocol stack for a single connection."; + choice transport { + mandatory true; + description + "Selects between available transports."; + case ssh { + if-feature "ssh-listen"; + container ssh { + description + "SSH-specific listening configuration for inbound + connections."; + container tcp-server-parameters { + description + "A wrapper around the TCP server parameters + to avoid name collisions."; + uses tcps:tcp-server-grouping { + refine "local-port" { + default "4334"; + description + "The NETCONF client will listen on the IANA- + assigned well-known port for 'netconf-ch-ssh' + (4334) if no value is specified."; + } + } + } + container ssh-client-parameters { + description + "A wrapper around the SSH client parameters + to avoid name collisions."; + uses sshc:ssh-client-grouping; + } + container netconf-client-parameters { + description + "A wrapper around the NETCONF client parameters + to avoid name collisions."; + uses ncc:netconf-client-grouping; + } + } + } + case tls { + if-feature "tls-listen"; + container tls { + description + "TLS-specific listening configuration for inbound + connections."; + container tcp-server-parameters { + description + "A wrapper around the TCP server parameters + to avoid name collisions."; + uses tcps:tcp-server-grouping { + refine "local-port" { + default "4334"; + description + "The NETCONF client will listen on the IANA- + assigned well-known port for 'netconf-ch-ssh' + (4334) if no value is specified."; + } + } + } + container tls-client-parameters { + must "client-identity" { + description + "NETCONF/TLS clients MUST pass some + authentication credentials."; + } + description + "A wrapper around the TLS client parameters + to avoid name collisions."; + uses tlsc:tls-client-grouping; + } + container netconf-client-parameters { + description + "A wrapper around the NETCONF client parameters + to avoid name collisions."; + uses ncc:netconf-client-grouping; + } + } + } + } + } // netconf-client-listen-stack-grouping + + grouping netconf-client-app-grouping { + description + "A reusable grouping for configuring a NETCONF client + application that supports both 'initiate' and 'listen' + protocol stacks for a multiplicity of connections."; + container initiate { + if-feature "ssh-initiate or tls-initiate"; + presence "Enables client to initiate TCP connections"; + description + "Configures client initiating underlying TCP connections."; + list netconf-server { + key "name"; + min-elements 1; + description + "List of NETCONF servers the NETCONF client is to + maintain simultaneous connections with."; + leaf name { + type string; + description + "An arbitrary name for the NETCONF server."; + } + container endpoints { + description + "Container for the list of endpoints."; + list endpoint { + key "name"; + min-elements 1; + ordered-by user; + description + "A user-ordered list of endpoints that the NETCONF + client will attempt to connect to in the specified + sequence. Defining more than one enables + high-availability."; + leaf name { + type string; + description + "An arbitrary name for the endpoint."; + } + uses netconf-client-initiate-stack-grouping; + } // list endpoint + } // container endpoints + + container connection-type { + description + "Indicates the NETCONF client's preference for how the + NETCONF connection is maintained."; + choice connection-type { + mandatory true; + description + "Selects between available connection types."; + case persistent-connection { + container persistent { + presence "Indicates that a persistent connection is + to be maintained."; + description + "Maintain a persistent connection to the NETCONF + server. If the connection goes down, immediately + start trying to reconnect to the NETCONF server, + using the reconnection strategy. + + This connection type minimizes any NETCONF server + to NETCONF client data-transfer delay, albeit at + the expense of holding resources longer."; + } + } + case periodic-connection { + container periodic { + presence "Indicates that a periodic connection is + to be maintained."; + description + "Periodically connect to the NETCONF server. + + This connection type increases resource + utilization, albeit with increased delay in + NETCONF server to NETCONF client interactions. + + The NETCONF client should close the underlying + TCP connection upon completing planned activities. + + In the case that the previous connection is still + active, establishing a new connection is NOT + RECOMMENDED."; + leaf period { + type uint16; + units "minutes"; + default "60"; + description + "Duration of time between periodic connections."; + } + leaf anchor-time { + type yang:date-and-time { + // constrained to minute-level granularity + pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "Designates a timestamp before or after which a + series of periodic connections are determined. + The periodic connections occur at a whole + multiple interval from the anchor time. For + example, for an anchor time is 15 minutes past + midnight and a period interval of 24 hours, then + a periodic connection will occur 15 minutes past + midnight everyday."; + } + leaf idle-timeout { + type uint16; + units "seconds"; + default 120; // two minutes + description + "Specifies the maximum number of seconds that + a NETCONF session may remain idle. A NETCONF + session will be dropped if it is idle for an + interval longer then this number of seconds. + If set to zero, then the NETCONF client will + never drop a session because it is idle."; + } + } + } + } + } + container reconnect-strategy { + description + "The reconnection strategy directs how a NETCONF client + reconnects to a NETCONF server, after discovering its + connection to the server has dropped, even if due to a + reboot. The NETCONF client starts with the specified + endpoint and tries to connect to it max-attempts times + before trying the next endpoint in the list (round + robin)."; + leaf start-with { + type enumeration { + enum first-listed { + description + "Indicates that reconnections should start with + the first endpoint listed."; + } + enum last-connected { + description + "Indicates that reconnections should start with + the endpoint last connected to. If no previous + connection has ever been established, then the + first endpoint configured is used. NETCONF + clients SHOULD be able to remember the last + endpoint connected to across reboots."; + } + enum random-selection { + description + "Indicates that reconnections should start with + a random endpoint."; + } + } + default "first-listed"; + description + "Specifies which of the NETCONF server's endpoints + the NETCONF client should start with when trying + to connect to the NETCONF server."; + } + leaf max-attempts { + type uint8 { + range "1..max"; + } + default "3"; + description + "Specifies the number times the NETCONF client tries + to connect to a specific endpoint before moving on + to the next endpoint in the list (round robin)."; + } + } + } // netconf-server + } // initiate + + container listen { + if-feature "ssh-listen or tls-listen"; + presence "Enables client to accept call-home connections"; + description + "Configures client accepting call-home TCP connections."; + leaf idle-timeout { + type uint16; + units "seconds"; + default "3600"; // one hour + description + "Specifies the maximum number of seconds that a NETCONF + session may remain idle. A NETCONF session will be + dropped if it is idle for an interval longer than this + number of seconds. If set to zero, then the server + will never drop a session because it is idle. Sessions + that have a notification subscription active are never + dropped."; + } + list endpoint { + key "name"; + min-elements 1; + description + "List of endpoints to listen for NETCONF connections."; + leaf name { + type string; + description + "An arbitrary name for the NETCONF listen endpoint."; + } + uses netconf-client-listen-stack-grouping; + } // endpoint + } // listen + } // netconf-client-app-grouping + + // Protocol accessible node, for servers that implement this + // module. + + container netconf-client { + uses netconf-client-app-grouping; + description + "Top-level container for NETCONF client configuration."; + } +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-netconf-server-2018-09-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-netconf-server-2018-09-20.yang new file mode 100644 index 0000000..dbfd0ca --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-netconf-server-2018-09-20.yang @@ -0,0 +1,558 @@ +module ietf-netconf-server { + yang-version 1.1; + + namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-server"; + prefix "ncs"; + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + + import ietf-inet-types { + prefix inet; + reference + "RFC 6991: Common YANG Data Types"; + } + + import ietf-x509-cert-to-name { + prefix x509c2n; + reference + "RFC 7407: A YANG Data Model for SNMP Configuration"; + } + + import ietf-ssh-server { + prefix ss; + revision-date 2018-09-20; // stable grouping definitions + reference + "RFC YYYY: YANG Groupings for SSH Clients and SSH Servers"; + } + + import ietf-tls-server { + prefix ts; + revision-date 2018-09-20; // stable grouping definitions + reference + "RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + + Author: Kent Watsen + + + Author: Gary Wu + + + Author: Juergen Schoenwaelder + "; + + + description + "This module contains a collection of YANG definitions for + configuring NETCONF servers. + + Copyright (c) 2017 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices."; + + revision "2018-09-20" { + description + "Initial version"; + reference + "RFC XXXX: NETCONF Client and Server Models"; + } + + + // Features + + feature listen { + description + "The 'listen' feature indicates that the NETCONF server + supports opening a port to accept NETCONF client connections + using at least one transport (e.g., SSH, TLS, etc.)."; + } + + feature ssh-listen { + description + "The 'ssh-listen' feature indicates that the NETCONF server + supports opening a port to accept NETCONF over SSH + client connections."; + reference + "RFC 6242: + Using the NETCONF Protocol over Secure Shell (SSH)"; + } + + feature tls-listen { + description + "The 'tls-listen' feature indicates that the NETCONF server + supports opening a port to accept NETCONF over TLS + client connections."; + reference + "RFC 7589: Using the NETCONF Protocol over Transport + Layer Security (TLS) with Mutual X.509 + Authentication"; + } + + feature call-home { + description + "The 'call-home' feature indicates that the NETCONF server + supports initiating NETCONF call home connections to + NETCONF clients using at least one transport (e.g., SSH, + TLS, etc.)."; + reference + "RFC 8071: NETCONF Call Home and RESTCONF Call Home"; + } + + feature ssh-call-home { + description + "The 'ssh-call-home' feature indicates that the NETCONF + server supports initiating a NETCONF over SSH call + home connection to NETCONF clients."; + reference + "RFC 8071: NETCONF Call Home and RESTCONF Call Home"; + } + + feature tls-call-home { + description + "The 'tls-call-home' feature indicates that the NETCONF + server supports initiating a NETCONF over TLS call + home connection to NETCONF clients."; + reference + "RFC 8071: NETCONF Call Home and RESTCONF Call Home"; + } + + + // protocol accessible nodes + + container netconf-server { + uses netconf-server-grouping; + description + "Top-level container for NETCONF server configuration."; + } + + // reusable groupings + + grouping netconf-server-grouping { + description + "Top-level grouping for NETCONF server configuration."; + container listen { + if-feature listen; + presence "Enables server to listen for TCP connections"; + description "Configures listen behavior"; + leaf idle-timeout { + type uint16; + units "seconds"; + default 3600; // one hour + description + "Specifies the maximum number of seconds that a NETCONF + session may remain idle. A NETCONF session will be + dropped if it is idle for an interval longer than this + number of seconds. If set to zero, then the server + will never drop a session because it is idle. Sessions + that have a notification subscription active are never + dropped."; + } + list endpoint { + key name; + min-elements 1; + description + "List of endpoints to listen for NETCONF connections."; + leaf name { + type string; + description + "An arbitrary name for the NETCONF listen endpoint."; + } + choice transport { + mandatory true; + description + "Selects between available transports."; + case ssh { + if-feature ssh-listen; + container ssh { + description + "SSH-specific listening configuration for inbound + connections."; + leaf address { + type inet:ip-address; + mandatory true; + description + "The IP address to listen on for incoming + connections. The NETCONF server will listen + on all configured interfaces if no value is + specified. INADDR_ANY (0.0.0.0) or INADDR6_ANY + (0:0:0:0:0:0:0:0 a.k.a. ::) MUST be used when + the server is to listen on all IPv4 or IPv6 + addresses, respectively."; + } + leaf port { + type inet:port-number; + default 830; + description + "The local port number to listen on. If no value + is specified, the IANA-assigned port value for + 'netconf-ssh' (830) is used."; + } + uses ss:ssh-server-grouping; + } + } + case tls { + if-feature tls-listen; + container tls { + description + "TLS-specific listening configuration for inbound + connections."; + leaf address { + type inet:ip-address; + mandatory true; + description + "The IP address to listen on for incoming + connections. The NETCONF server will listen + on all configured interfaces if no value is + specified. INADDR_ANY (0.0.0.0) or INADDR6_ANY + (0:0:0:0:0:0:0:0 a.k.a. ::) MUST be used when + the server is to listen on all IPv4 or IPv6 + addresses, respectively."; + } + leaf port { + type inet:port-number; + default 6513; + description + "The local port number to listen on. If no value + is specified, the IANA-assigned port value for + 'netconf-tls' (6513) is used."; + } + uses ts:tls-server-grouping { + refine "client-auth" { + must 'pinned-ca-certs or pinned-client-certs'; + description + "NETCONF/TLS servers MUST validate client + certiticates."; + } + augment "client-auth" { + description + "Augments in the cert-to-name structure."; + container cert-maps { + uses x509c2n:cert-to-name; + description + "The cert-maps container is used by a TLS- + based NETCONF server to map the NETCONF + client's presented X.509 certificate to a + NETCONF username. If no matching and valid + cert-to-name list entry can be found, then + the NETCONF server MUST close the connection, + and MUST NOT accept NETCONF messages over + it."; + reference + "RFC WWWW: NETCONF over TLS, Section 7"; + } + } + } + } + } + } + } + } + + container call-home { + if-feature call-home; + presence "Enables server to initiate TCP connections"; + description "Configures call-home behavior"; + list netconf-client { + key name; + min-elements 1; + description + "List of NETCONF clients the NETCONF server is to + initiate call-home connections to in parallel."; + leaf name { + type string; + description + "An arbitrary name for the remote NETCONF client."; + } + container endpoints { + description + "Container for the list of endpoints."; + list endpoint { + key name; + min-elements 1; + ordered-by user; + description + "A non-empty user-ordered list of endpoints for this + NETCONF server to try to connect to in sequence. + Defining more than one enables high-availability."; + leaf name { + type string; + description + "An arbitrary name for this endpoint."; + } + choice transport { + mandatory true; + description + "Selects between available transports."; + case ssh { + if-feature ssh-call-home; + container ssh { + description + "Specifies SSH-specific call-home transport + configuration."; + leaf address { + type inet:host; + mandatory true; + description + "The IP address or hostname of the endpoint. + If a domain name is configured, then the + DNS resolution should happen on each usage + attempt. If the the DNS resolution results + in multiple IP addresses, the IP addresses + will be tried according to local preference + order until a connection has been established + or until all IP addresses have failed."; + } + leaf port { + type inet:port-number; + default 4334; + description + "The IP port for this endpoint. The NETCONF + server will use the IANA-assigned well-known + port for 'netconf-ch-ssh' (4334) if no value + is specified."; + } + uses ss:ssh-server-grouping; + } + } + case tls { + if-feature tls-call-home; + container tls { + description + "Specifies TLS-specific call-home transport + configuration."; + leaf address { + type inet:host; + mandatory true; + description + "The IP address or hostname of the endpoint. + If a domain name is configured, then the + DNS resolution should happen on each usage + attempt. If the the DNS resolution results + in multiple IP addresses, the IP addresses + will be tried according to local preference + order until a connection has been established + or until all IP addresses have failed."; + } + leaf port { + type inet:port-number; + default 4335; + description + "The IP port for this endpoint. The NETCONF + server will use the IANA-assigned well-known + port for 'netconf-ch-tls' (4335) if no value + is specified."; + } + uses ts:tls-server-grouping { + refine "client-auth" { + must 'pinned-ca-certs or pinned-client-certs'; + description + "NETCONF/TLS servers MUST validate client + certiticates."; + } + augment "client-auth" { + description + "Augments in the cert-to-name structure."; + container cert-maps { + uses x509c2n:cert-to-name; + description + "The cert-maps container is used by a + TLS-based NETCONF server to map the + NETCONF client's presented X.509 + certificate to a NETCONF username. If + no matching and valid cert-to-name list + entry can be found, then the NETCONF + server MUST close the connection, and + MUST NOT accept NETCONF messages over + it."; + reference + "RFC WWWW: NETCONF over TLS, Section 7"; + } + } + } + } + } // end tls + } // end choice + } // end endpoint + } + container connection-type { + description + "Indicates the kind of connection to use."; + choice connection-type { + mandatory true; + description + "Selects between available connection types."; + case persistent-connection { + container persistent { + presence + "Indicates that a persistent connection is to be + maintained."; + description + "Maintain a persistent connection to the NETCONF + client. If the connection goes down, immediately + start trying to reconnect to it, using the + reconnection strategy. + + This connection type minimizes any NETCONF client + to NETCONF server data-transfer delay, albeit at + the expense of holding resources longer."; + container keep-alives { + description + "Configures the keep-alive policy, to + proactively test the aliveness of the SSH/TLS + client. An unresponsive SSH/TLS client will + be dropped after approximately max-attempts * + max-wait seconds."; + reference + "RFC 8071: NETCONF Call Home and RESTCONF + Call Home, Section 4.1, item S7"; + leaf max-wait { + type uint16 { + range "1..max"; + } + units seconds; + default 30; + description + "Sets the amount of time in seconds after + which if no data has been received from + the SSH/TLS client, a SSH/TLS-level message + will be sent to test the aliveness of the + SSH/TLS client."; + } + leaf max-attempts { + type uint8; + default 3; + description + "Sets the maximum number of sequential keep- + alive messages that can fail to obtain a + response from the SSH/TLS client before + assuming the SSH/TLS client is no longer + alive."; + } + } + } + } + + case periodic-connection { + container periodic { + presence + "Indicates that a periodic connection is to be + maintained."; + description + "Periodically connect to the NETCONF client. The + NETCONF client should close the underlying TLS + connection upon completing planned activities. + + This connection type increases resource + utilization, albeit with increased delay in + NETCONF client to NETCONF client interactions."; + leaf period { + type uint16; + units "minutes"; + default 60; + description + "Duration of time between periodic connections."; + } + leaf anchor-time { + type yang:date-and-time { + // constrained to minute-level granularity + pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "Designates a timestamp before or after which a + series of periodic connections are determined. + The periodic connections occur at a whole + multiple interval from the anchor time. For + example, for an anchor time is 15 minutes past + midnight and a period interval of 24 hours, then + a periodic connection will occur 15 minutes past + midnight everyday."; + } + leaf idle-timeout { + type uint16; + units "seconds"; + default 120; // two minutes + description + "Specifies the maximum number of seconds that + a NETCONF session may remain idle. A NETCONF + session will be dropped if it is idle for an + interval longer than this number of seconds. + If set to zero, then the server will never + drop a session because it is idle."; + } + } + } + } + } + container reconnect-strategy { + description + "The reconnection strategy directs how a NETCONF server + reconnects to a NETCONF client, after discovering its + connection to the client has dropped, even if due to a + reboot. The NETCONF server starts with the specified + endpoint and tries to connect to it max-attempts times + before trying the next endpoint in the list (round + robin)."; + leaf start-with { + type enumeration { + enum first-listed { + description + "Indicates that reconnections should start with + the first endpoint listed."; + } + enum last-connected { + description + "Indicates that reconnections should start with + the endpoint last connected to. If no previous + connection has ever been established, then the + first endpoint configured is used. NETCONF + servers SHOULD be able to remember the last + endpoint connected to across reboots."; + } + enum random-selection { + description + "Indicates that reconnections should start with + a random endpoint."; + } + } + default first-listed; + description + "Specifies which of the NETCONF client's endpoints + the NETCONF server should start with when trying + to connect to the NETCONF client."; + } + leaf max-attempts { + type uint8 { + range "1..max"; + } + default 3; + description + "Specifies the number times the NETCONF server tries + to connect to a specific endpoint before moving on + to the next endpoint in the list (round robin)."; + } + } + } + } + } +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-client-2019-11-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-client-2019-11-20.yang new file mode 100644 index 0000000..87308d0 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-client-2019-11-20.yang @@ -0,0 +1,250 @@ +module ietf-ssh-client { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-client"; + prefix sshc; + + import ietf-ssh-common { + prefix sshcmn; + revision-date 2019-11-20; // stable grouping definitions + reference + "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers"; + } + + import ietf-crypto-types { + prefix ct; + reference + "RFC AAAA: Common YANG Data Types for Cryptography"; + } + + import ietf-truststore { + prefix ts; + reference + "RFC BBBB: A YANG Data Model for a Truststore"; + } + + import ietf-keystore { + prefix ks; + reference + "RFC CCCC: A YANG Data Model for a Keystore"; + } + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + Author: Kent Watsen + Author: Gary Wu "; + + description + "This module defines reusable groupings for SSH clients that + can be used as a basis for specific SSH client instances. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-11-20 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers"; + } + + // Features + + feature ssh-client-transport-params-config { + description + "SSH transport layer parameters are configurable on an SSH + client."; + } + + feature ssh-client-keepalives { + description + "Per socket SSH keepalive parameters are configurable for + SSH clients on the server implementing this feature."; + } + + // Groupings + + grouping ssh-client-grouping { + description + "A reusable grouping for configuring a SSH client without + any consideration for how an underlying TCP session is + established. + + Note that this grouping uses fairly typical descendent + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'ssh-client-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models."; + + container client-identity { + nacm:default-deny-write; + description + "The credentials used by the client to authenticate to + the SSH server."; + leaf username { + type string; + description + "The username of this user. This will be the username + used, for instance, to log into an SSH server."; + } + choice auth-type { + mandatory true; + description + "The authentication type. What happens when more than + one decendent is configured is undefined. FIXME."; + leaf password { + nacm:default-deny-all; + type string; + description + "A password to be used for client authentication."; + } + container public-key { + uses ks:local-or-keystore-asymmetric-key-grouping { + refine "local-or-keystore/local/local-definition" { + must 'public-key-format = "ct:ssh-public-key-format"'; + } + // FIXME: also need a must expression to ensure the + // *referenced* key's public-key-format is + // "ct:ssh-public-key-format" + } + description + "A locally-defined or referenced asymmetric key + pair to be used for client authentication."; + reference + "RFC ZZZZ: YANG Data Model for a Centralized + Keystore Mechanism"; + } + container certificate { + if-feature "sshcmn:ssh-x509-certs"; + uses + ks:local-or-keystore-end-entity-cert-with-key-grouping; + description + "A locally-defined or referenced certificate + to be used for client authentication."; + reference + "RFC ZZZZ: YANG Data Model for a Centralized + Keystore Mechanism"; + } + } + } // container client-identity + + container server-authentication { + nacm:default-deny-write; + must 'ssh-host-keys or ca-certs or server-certs'; + description + "Specifies how the SSH client can authenticate SSH servers. + Any combination of credentials is additive and unordered."; + container ssh-host-keys { + presence + "Indicates that the client can authenticate servers + using the configured SSH host keys."; + description + "A list of SSH host keys used by the SSH client to + authenticate SSH server host keys. A server host key + is authenticated if it is an exact match to a + configured SSH host key."; + reference + "RFC YYYY: YANG Data Model for Global Trust Anchors"; + uses ts:local-or-truststore-host-keys-grouping; + } + container ca-certs { + if-feature "sshcmn:ssh-x509-certs"; + presence + "Indicates that the client can authenticate servers + using the configured trust anchor certificates."; + description + "A set of certificate authority (CA) certificates used by + the SSH client to authenticate SSH servers. A server + is authenticated if its certificate has a valid chain + of trust to a configured CA certificate."; + reference + "RFC YYYY: YANG Data Model for Global Trust Anchors"; + uses ts:local-or-truststore-certs-grouping; + } + container server-certs { + if-feature "sshcmn:ssh-x509-certs"; + presence + "Indicates that the client can authenticate servers + using the configured server certificates."; + description + "A set of end-entity certificates used by the SSH client + to authenticate SSH servers. A server is authenticated + if its certificate is an exact match to a configured + server certificate."; + reference + "RFC YYYY: YANG Data Model for Global Trust Anchors"; + uses ts:local-or-truststore-certs-grouping; + } + } // container server-authentication + + container transport-params { + nacm:default-deny-write; + if-feature "ssh-client-transport-params-config"; + description + "Configurable parameters of the SSH transport layer."; + uses sshcmn:transport-params-grouping; + } // container transport-parameters + + container keepalives { + nacm:default-deny-write; + if-feature "ssh-client-keepalives"; + presence "Indicates that keepalives are enabled."; + description + "Configures the keep-alive policy, to proactively test + the aliveness of the SSH server. An unresponsive TLS + server is dropped after approximately max-wait * + max-attempts seconds."; + leaf max-wait { + type uint16 { + range "1..max"; + } + units "seconds"; + default "30"; + description + "Sets the amount of time in seconds after which if + no data has been received from the SSH server, a + TLS-level message will be sent to test the + aliveness of the SSH server."; + } + leaf max-attempts { + type uint8; + default "3"; + description + "Sets the maximum number of sequential keep-alive + messages that can fail to obtain a response from + the SSH server before assuming the SSH server is + no longer alive."; + } + } // container keepalives + } // grouping ssh-client-grouping +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-common-2019-11-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-common-2019-11-20.yang new file mode 100644 index 0000000..9b90bb4 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-common-2019-11-20.yang @@ -0,0 +1,459 @@ +module ietf-ssh-common { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-common"; + prefix sshcmn; + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + Author: Kent Watsen + Author: Gary Wu "; + + description + "This module defines a common features, identities, and + groupings for Secure Shell (SSH). + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-11-20 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers"; + } + + // Features + + feature ssh-ecc { + description + "Elliptic Curve Cryptography is supported for SSH."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + feature ssh-x509-certs { + description + "X.509v3 certificates are supported for SSH per RFC 6187."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + feature ssh-dh-group-exchange { + description + "Diffie-Hellman Group Exchange is supported for SSH."; + reference + "RFC 4419: Diffie-Hellman Group Exchange for the + Secure Shell (SSH) Transport Layer Protocol"; + } + + feature ssh-ctr { + description + "SDCTR encryption mode is supported for SSH."; + reference + "RFC 4344: The Secure Shell (SSH) Transport Layer + Encryption Modes"; + } + + feature ssh-sha2 { + description + "The SHA2 family of cryptographic hash functions is + supported for SSH."; + reference + "FIPS PUB 180-4: Secure Hash Standard (SHS)"; + } + + // Identities + + identity public-key-alg-base { + description + "Base identity used to identify public key algorithms."; + } + + identity ssh-dss { + base public-key-alg-base; + description + "Digital Signature Algorithm using SHA-1 as the + hashing algorithm."; + reference + "RFC 4253: + The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity ssh-rsa { + base public-key-alg-base; + description + "RSASSA-PKCS1-v1_5 signature scheme using SHA-1 as the + hashing algorithm."; + reference + "RFC 4253: + The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity ecdsa-sha2-nistp256 { + if-feature "ssh-ecc and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) using the + nistp256 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity ecdsa-sha2-nistp384 { + if-feature "ssh-ecc and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) using the + nistp384 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity ecdsa-sha2-nistp521 { + if-feature "ssh-ecc and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) using the + nistp521 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity x509v3-ssh-rsa { + if-feature "ssh-x509-certs"; + base public-key-alg-base; + description + "RSASSA-PKCS1-v1_5 signature scheme using a public key stored + in an X.509v3 certificate and using SHA-1 as the hashing + algorithm."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + identity x509v3-rsa2048-sha256 { + if-feature "ssh-x509-certs and ssh-sha2"; + base public-key-alg-base; + description + "RSASSA-PKCS1-v1_5 signature scheme using a public key stored + in an X.509v3 certificate and using SHA-256 as the hashing + algorithm. RSA keys conveyed using this format MUST have a + modulus of at least 2048 bits."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + identity x509v3-ecdsa-sha2-nistp256 { + if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) + using the nistp256 curve with a public key stored in + an X.509v3 certificate and using the SHA2 family of + hashing algorithms."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + identity x509v3-ecdsa-sha2-nistp384 { + if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) + using the nistp384 curve with a public key stored in + an X.509v3 certificate and using the SHA2 family of + hashing algorithms."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + identity x509v3-ecdsa-sha2-nistp521 { + if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) + using the nistp521 curve with a public key stored in + an X.509v3 certificate and using the SHA2 family of + hashing algorithms."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + identity key-exchange-alg-base { + description + "Base identity used to identify key exchange algorithms."; + } + + identity diffie-hellman-group14-sha1 { + base key-exchange-alg-base; + description + "Diffie-Hellman key exchange with SHA-1 as HASH and + Oakley Group 14 (2048-bit MODP Group)."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity diffie-hellman-group-exchange-sha1 { + if-feature "ssh-dh-group-exchange"; + base key-exchange-alg-base; + description + "Diffie-Hellman Group and Key Exchange with SHA-1 as HASH."; + reference + "RFC 4419: Diffie-Hellman Group Exchange for the + Secure Shell (SSH) Transport Layer Protocol"; + } + + identity diffie-hellman-group-exchange-sha256 { + if-feature "ssh-dh-group-exchange and ssh-sha2"; + base key-exchange-alg-base; + description + "Diffie-Hellman Group and Key Exchange with SHA-256 as HASH."; + reference + "RFC 4419: Diffie-Hellman Group Exchange for the + Secure Shell (SSH) Transport Layer Protocol"; + } + + identity ecdh-sha2-nistp256 { + if-feature "ssh-ecc and ssh-sha2"; + base key-exchange-alg-base; + description + "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the + nistp256 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + identity ecdh-sha2-nistp384 { + if-feature "ssh-ecc and ssh-sha2"; + base key-exchange-alg-base; + description + "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the + nistp384 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity ecdh-sha2-nistp521 { + if-feature "ssh-ecc and ssh-sha2"; + base key-exchange-alg-base; + description + "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the + nistp521 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity encryption-alg-base { + description + "Base identity used to identify encryption algorithms."; + } + + identity triple-des-cbc { + base encryption-alg-base; + description + "Three-key 3DES in CBC mode."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity aes128-cbc { + base encryption-alg-base; + description + "AES in CBC mode, with a 128-bit key."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity aes192-cbc { + base encryption-alg-base; + description + "AES in CBC mode, with a 192-bit key."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity aes256-cbc { + base encryption-alg-base; + description + "AES in CBC mode, with a 256-bit key."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity aes128-ctr { + if-feature "ssh-ctr"; + base encryption-alg-base; + description + "AES in SDCTR mode, with 128-bit key."; + reference + "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption + Modes"; + } + + identity aes192-ctr { + if-feature "ssh-ctr"; + base encryption-alg-base; + description + "AES in SDCTR mode, with 192-bit key."; + reference + "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption + Modes"; + } + + identity aes256-ctr { + if-feature "ssh-ctr"; + base encryption-alg-base; + description + "AES in SDCTR mode, with 256-bit key."; + reference + "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption + Modes"; + } + + identity mac-alg-base { + description + "Base identity used to identify message authentication + code (MAC) algorithms."; + } + + identity hmac-sha1 { + base mac-alg-base; + description + "HMAC-SHA1"; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity hmac-sha2-256 { + if-feature "ssh-sha2"; + base mac-alg-base; + description + "HMAC-SHA2-256"; + reference + "RFC 6668: SHA-2 Data Integrity Verification for the + Secure Shell (SSH) Transport Layer Protocol"; + } + + identity hmac-sha2-512 { + if-feature "ssh-sha2"; + base mac-alg-base; + description + "HMAC-SHA2-512"; + reference + "RFC 6668: SHA-2 Data Integrity Verification for the + Secure Shell (SSH) Transport Layer Protocol"; + } + + // Groupings + + grouping transport-params-grouping { + description + "A reusable grouping for SSH transport parameters."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + container host-key { + description + "Parameters regarding host key."; + leaf-list host-key-alg { + type identityref { + base public-key-alg-base; + } + ordered-by user; + description + "Acceptable host key algorithms in order of descending + preference. The configured host key algorithms should + be compatible with the algorithm used by the configured + private key. Please see Section 5 of RFC XXXX for + valid combinations. + If this leaf-list is not configured (has zero elements) + the acceptable host key algorithms are implementation- + defined."; + reference + "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers"; + } + } + container key-exchange { + description + "Parameters regarding key exchange."; + leaf-list key-exchange-alg { + type identityref { + base key-exchange-alg-base; + } + ordered-by user; + description + "Acceptable key exchange algorithms in order of descending + preference. + + If this leaf-list is not configured (has zero elements) + the acceptable key exchange algorithms are implementation + defined."; + } + } + container encryption { + description + "Parameters regarding encryption."; + leaf-list encryption-alg { + type identityref { + base encryption-alg-base; + } + ordered-by user; + description + "Acceptable encryption algorithms in order of descending + preference. + + If this leaf-list is not configured (has zero elements) + the acceptable encryption algorithms are implementation + defined."; + } + } + container mac { + description + "Parameters regarding message authentication code (MAC)."; + leaf-list mac-alg { + type identityref { + base mac-alg-base; + } + ordered-by user; + description + "Acceptable MAC algorithms in order of descending + preference. + + If this leaf-list is not configured (has zero elements) + the acceptable MAC algorithms are implementation- + defined."; + } + } + } +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-server-2019-11-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-server-2019-11-20.yang new file mode 100644 index 0000000..d89cbec --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-ssh-server-2019-11-20.yang @@ -0,0 +1,357 @@ +module ietf-ssh-server { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server"; + prefix sshs; + + import ietf-ssh-common { + prefix sshcmn; + revision-date 2019-11-20; // stable grouping definitions + reference + "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers"; + } + + import ietf-crypto-types { + prefix ct; + reference + "RFC AAAA: Common YANG Data Types for Cryptography"; + } + + import ietf-truststore { + prefix ts; + reference + "RFC BBBB: A YANG Data Model for a Truststore"; + } + + import ietf-keystore { + prefix ks; + reference + "RFC CCCC: A YANG Data Model for a Keystore"; + } + + import iana-crypt-hash { + prefix ianach; + reference + "RFC 7317: A YANG Data Model for System Management"; + } + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + Author: Kent Watsen + Author: Gary Wu "; + + description + "This module defines reusable groupings for SSH servers that + can be used as a basis for specific SSH server instances. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-11-20 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers"; + } + + // Features + + feature ssh-server-transport-params-config { + description + "SSH transport layer parameters are configurable on an SSH + server."; + } + + feature ssh-server-keepalives { + description + "Per socket SSH keepalive parameters are configurable for + SSH servers on the server implementing this feature."; + } + + feature client-auth-config-supported { + description + "Indicates that the configuration for how to authenticate + clients can be configured herein, as opposed to in an + application specific location. That is, to support the + consuming data models that prefer to place client + authentication with client definitions, rather then + in a data model principally concerned with configuring + the transport."; + } + + feature external-client-auth-supported { + description + "Indicates that the SSH server supports external configuration + of client credentials."; + } + + // Groupings + + grouping ssh-server-grouping { + description + "A reusable grouping for configuring a SSH server without + any consideration for how underlying TCP sessions are + established. + + Note that this grouping uses fairly typical descendent + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'ssh-server-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models."; + + container server-identity { + nacm:default-deny-write; + description + "The list of host-keys the SSH server will present when + establishing a SSH connection."; + list host-key { + key "name"; + min-elements 1; + ordered-by user; + description + "An ordered list of host keys the SSH server will use to + construct its ordered list of algorithms, when sending + its SSH_MSG_KEXINIT message, as defined in Section 7.1 + of RFC 4253."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer + Protocol"; + leaf name { + type string; + description + "An arbitrary name for this host-key"; + } + choice host-key-type { + mandatory true; + description + "The type of host key being specified"; + container public-key { + uses ks:local-or-keystore-asymmetric-key-grouping { + refine "local-or-keystore/local/local-definition" { + must + 'public-key-format = "ct:ssh-public-key-format"'; + } + // FIXME: also need a must expression to ensure the + // *referenced* key's public-key-format is + // "ct:ssh-public-key-format" + } + description + "A locally-defined or referenced asymmetric key pair + to be used for the SSH server's host key."; + reference + "RFC ZZZZ: YANG Data Model for a Centralized + Keystore Mechanism"; + } + container certificate { + if-feature "sshcmn:ssh-x509-certs"; + uses + ks:local-or-keystore-end-entity-cert-with-key-grouping; + must "public-key-format = ct:ssh-public-key-format"; + description + "A locally-defined or referenced end-entity + certificate to be used for the SSH server's + host key."; + reference + "RFC ZZZZ: YANG Data Model for a Centralized + Keystore Mechanism"; + } + } + } + } // container server-identity + + container client-authentication { + nacm:default-deny-write; + description + "Specifies how the SSH server can authenticate SSH clients."; + container supported-authentication-methods { + description + "Indicates which authentication methods the server + supports."; + leaf publickey { + type empty; + description + "Indicates that the 'publickey' method is supported. + Note that RFC 6187 X.509v3 Certificates for SSH uses + the 'publickey' method name."; + reference + "RFC 4252: The Secure Shell (SSH) Authentication + Protocol. + RFC 6187: X.509v3 Certificates for Secure Shell + Authentication."; + } + leaf passsword { + type empty; + description + "Indicates that the 'password' method is supported."; + reference + "RFC 4252: The Secure Shell (SSH) Authentication + Protocol."; + } + leaf hostbased { + type empty; + description + "Indicates that the 'hostbased' method is supported."; + reference + "RFC 4252: The Secure Shell (SSH) Authentication + Protocol."; + } + leaf none { + type empty; + description + "Indicates that the 'none' method is supported."; + reference + "RFC 4252: The Secure Shell (SSH) Authentication + Protocol."; + } + leaf-list other { + type string; + description + "Indicates a supported method name not defined by + RFC 4253."; + reference + "RFC 4252: The Secure Shell (SSH) Authentication + Protocol."; + } + } + + container users { + if-feature "client-auth-config-supported"; + description + "A list of locally configured users."; + list user { + key name; + description + "The list of local users configured on this device."; + + leaf name { + type string; + description + "The user name string identifying this entry."; + } + leaf password { + type ianach:crypt-hash; + description + "The password for this entry."; + } + container host-keys { // FIXME: plural too much? + presence + "Indicates that the server can authenticate this + user using the configured SSH host keys."; + description + "A set of SSH host keys used by the SSH server to + authenticate this user. A user is authenticated + if its host key is an exact match to a configured + host key."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer"; + uses ts:local-or-truststore-host-keys-grouping; + } + } + } + container ca-certs { + if-feature "client-auth-config-supported"; + if-feature "sshcmn:ssh-x509-certs"; + presence + "Indicates that the SSH server can authenticate SSH + clients using configured certificate authority (CA) + certificates."; + description + "A set of certificate authority (CA) certificates used by + the SSH server to authenticate SSH client certificates. + A client certificate is authenticated if it has a valid + chain of trust to a configured CA certificate."; + reference + "RFC YYYY: + YANG Data Model for Global Trust Anchors"; + uses ts:local-or-truststore-certs-grouping; + } + container client-certs { // FIXME: plural too much? + if-feature "client-auth-config-supported"; + if-feature "sshcmn:ssh-x509-certs"; + presence + "Indicates that the SSH server can authenticate SSH + clients using configured client certificates."; + description + "A set of client certificates (i.e., end entity + certificates) used by the SSH server to authenticate + the certificates presented by SSH clients. A client + certificate is authenticated if it is an exact match + to a configured client certificate."; + reference + "RFC YYYY: + YANG Data Model for Global Trust Anchors"; + uses ts:local-or-truststore-certs-grouping; + } + } // container client-authentication + + container transport-params { + nacm:default-deny-write; + if-feature "ssh-server-transport-params-config"; + description + "Configurable parameters of the SSH transport layer."; + uses sshcmn:transport-params-grouping; + } // container transport-params + + container keepalives { + nacm:default-deny-write; + if-feature "ssh-server-keepalives"; + presence "Indicates that keepalives are enabled."; + description + "Configures the keep-alive policy, to proactively test + the aliveness of the SSL client. An unresponsive SSL + client is dropped after approximately max-wait * + max-attempts seconds."; + leaf max-wait { + type uint16 { + range "1..max"; + } + units "seconds"; + default "30"; + description + "Sets the amount of time in seconds after which + if no data has been received from the SSL client, + a SSL-level message will be sent to test the + aliveness of the SSL client."; + } + leaf max-attempts { + type uint8; + default "3"; + description + "Sets the maximum number of sequential keep-alive + messages that can fail to obtain a response from + the SSL client before assuming the SSL client is + no longer alive."; + } + } // container keepalives + } // grouping server-identity-grouping +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-client-2019-10-18.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-client-2019-10-18.yang new file mode 100644 index 0000000..6376c4b --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-client-2019-10-18.yang @@ -0,0 +1,145 @@ +module ietf-tcp-client { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-tcp-client"; + prefix tcpc; + + import ietf-inet-types { + prefix inet; + reference + "RFC 6991: Common YANG Data Types"; + } + + import ietf-tcp-common { + prefix tcpcmn; + reference + "RFC XXXX: YANG Groupings for TCP Clients and TCP Servers"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group and the + IETF TCP Maintenance and Minor Extensions (TCPM) Working Group"; + + contact + "WG Web: + + WG List: + + Authors: Kent Watsen + Michael Scharf + "; + + description + "This module defines reusable groupings for TCP clients that + can be used as a basis for specific TCP client instances. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-10-18 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for TCP Clients and TCP Servers"; + } + + // Features + + feature local-binding-supported { + description + "Indicates that the server supports configuring local + bindings (i.e., the local address and local port) for + TCP clients."; + } + + feature tcp-client-keepalives { + description + "Per socket TCP keepalive parameters are configurable for + TCP clients on the server implementing this feature."; + } + + // Groupings + + grouping tcp-client-grouping { + description + "A reusable grouping for configuring a TCP client. + + Note that this grouping uses fairly typical descendent + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'tcp-client-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models."; + + leaf remote-address { + type inet:host; + mandatory true; + description + "The IP address or hostname of the remote peer to + establish a connection with. If a domain name is + configured, then the DNS resolution should happen on + each connection attempt. If the DNS resolution + results in multiple IP addresses, the IP addresses + are tried according to local preference order until + a connection has been established or until all IP + addresses have failed."; + } + leaf remote-port { + type inet:port-number; + default "0"; + description + "The IP port number for the remote peer to establish a + connection with. An invalid default value (0) is used + (instead of 'mandatory true') so that as application + level data model may 'refine' it with an application + specific default port number value."; + } + leaf local-address { + if-feature "local-binding-supported"; + type inet:ip-address; + description + "The local IP address/interface (VRF?) to bind to for when + connecting to the remote peer. INADDR_ANY ('0.0.0.0') or + INADDR6_ANY ('0:0:0:0:0:0:0:0' a.k.a. '::') MAY be used to + explicitly indicate the implicit default, that the server + can bind to any IPv4 or IPv6 addresses, respectively."; + } + leaf local-port { + if-feature "local-binding-supported"; + type inet:port-number; + default "0"; + description + "The local IP port number to bind to for when connecting + to the remote peer. The port number '0', which is the + default value, indicates that any available local port + number may be used."; + } + uses tcpcmn:tcp-connection-grouping { + augment "keepalives" { + if-feature "tcp-client-keepalives"; + description + "Add an if-feature statement so that implementations + can choose to support TCP client keepalives."; + } + } + } +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-common-2019-10-18.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-common-2019-10-18.yang new file mode 100644 index 0000000..405143e --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-common-2019-10-18.yang @@ -0,0 +1,135 @@ +module ietf-tcp-common { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-tcp-common"; + prefix tcpcmn; + + organization + "IETF NETCONF (Network Configuration) Working Group and the + IETF TCP Maintenance and Minor Extensions (TCPM) Working Group"; + + contact + "WG Web: + + WG List: + + Authors: Kent Watsen + Michael Scharf + "; + + description + "This module defines reusable groupings for TCP commons that + can be used as a basis for specific TCP common instances. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-10-18 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for TCP Clients and TCP Servers"; + } + + // Features + feature keepalives-supported { + description + "Indicates that keepalives are supported."; + } + + // Groupings + + grouping tcp-common-grouping { + description + "A reusable grouping for configuring TCP parameters common + to TCP connections as well as the operating system as a + whole."; + container keepalives { + if-feature "keepalives-supported"; + presence "Indicates that keepalives are enabled."; + description + "Configures the keep-alive policy, to proactively test the + aliveness of the TCP peer. An unresponsive TCP peer is + dropped after approximately (idle-time + max-probes + * probe-interval) seconds."; + leaf idle-time { + type uint16 { + range "1..max"; + } + units "seconds"; + mandatory true; + description + "Sets the amount of time after which if no data has been + received from the TCP peer, a TCP-level probe message + will be sent to test the aliveness of the TCP peer. + Two hours (7200 seconds) is safe value, per RFC 1122."; + reference + "RFC 1122: + Requirements for Internet Hosts -- Communication Layers"; + } + leaf max-probes { + type uint16 { + range "1..max"; + } + mandatory true; + description + "Sets the maximum number of sequential keep-alive probes + that can fail to obtain a response from the TCP peer + before assuming the TCP peer is no longer alive."; + } + leaf probe-interval { + type uint16 { + range "1..max"; + } + units "seconds"; + mandatory true; + description + "Sets the time interval between failed probes. The interval + SHOULD be significantly longer than one second in order to + avoid harm on a congested link."; + } + } // container keepalives + } // grouping tcp-common-grouping + + grouping tcp-connection-grouping { + description + "A reusable grouping for configuring TCP parameters common + to TCP connections."; + uses tcp-common-grouping; + } + +/* + The following is for a future bis... + This comment is here now so as support discussion with TCPM. + This comment will be removed before publication. + + Should future system-level parameters be defined as a + grouping or a container? + + grouping tcp-system-grouping { + description + "A reusable grouping for configuring TCP parameters common + to the operating system as a whole."; + + // currently just a placeholder + } +*/ + +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-server-2019-10-18.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-server-2019-10-18.yang new file mode 100644 index 0000000..2fc73c8 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tcp-server-2019-10-18.yang @@ -0,0 +1,114 @@ +module ietf-tcp-server { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-tcp-server"; + prefix tcps; + + import ietf-inet-types { + prefix inet; + reference + "RFC 6991: Common YANG Data Types"; + } + + import ietf-tcp-common { + prefix tcpcmn; + reference + "RFC XXXX: YANG Groupings for TCP Clients and TCP Servers"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group and the + IETF TCP Maintenance and Minor Extensions (TCPM) Working Group"; + + contact + "WG Web: + + WG List: + + Authors: Kent Watsen + Michael Scharf + "; + + description + "This module defines reusable groupings for TCP servers that + can be used as a basis for specific TCP server instances. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-10-18 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for TCP Clients and TCP Servers"; + } + + // Features + + feature tcp-server-keepalives { + description + "Per socket TCP keepalive parameters are configurable for + TCP servers on the server implementing this feature."; + } + + // Groupings + + grouping tcp-server-grouping { + description + "A reusable grouping for configuring a TCP server. + + Note that this grouping uses fairly typical descendent + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'tcp-server-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models."; + leaf local-address { + type inet:ip-address; + mandatory true; + description + "The local IP address to listen on for incoming + TCP client connections. INADDR_ANY (0.0.0.0) or + INADDR6_ANY (0:0:0:0:0:0:0:0 a.k.a. ::) MUST be + used when the server is to listen on all IPv4 or + IPv6 addresses, respectively."; + } + leaf local-port { + type inet:port-number; + default "0"; + description + "The local port number to listen on for incoming TCP + client connections. An invalid default value (0) + is used (instead of 'mandatory true') so that an + application level data model may 'refine' it with + an application specific default port number value."; + } + uses tcpcmn:tcp-connection-grouping { + augment "keepalives" { + if-feature "tcp-server-keepalives"; + description + "Add an if-feature statement so that implementations + can choose to support TCP server keepalives."; + } + } + } +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-client-2019-11-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-client-2019-11-20.yang new file mode 100644 index 0000000..c19fff9 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-client-2019-11-20.yang @@ -0,0 +1,286 @@ +module ietf-tls-client { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-tls-client"; + prefix tlsc; + + import ietf-tls-common { + prefix tlscmn; + revision-date 2019-11-20; // stable grouping definitions + reference + "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; + } + + import ietf-crypto-types { + prefix ct; + reference + "RFC AAAA: Common YANG Data Types for Cryptography"; + } + + import ietf-truststore { + prefix ts; + reference + "RFC BBBB: A YANG Data Model for a Truststore"; + } + + import ietf-keystore { + prefix ks; + reference + "RFC CCCC: A YANG Data Model for a Keystore"; + } + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + Author: Kent Watsen + Author: Gary Wu "; + + description + "This module defines reusable groupings for TLS clients that + can be used as a basis for specific TLS client instances. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-11-20 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; + } + + // Features + + feature tls-client-hello-params-config { + description + "TLS hello message parameters are configurable on a TLS + client."; + } + + feature tls-client-keepalives { + description + "Per socket TLS keepalive parameters are configurable for + TLS clients on the server implementing this feature."; + } + + feature x509-certificate-auth { + description + "Indicates that the client supports authenticating servers + using X.509 certificates."; + } + + feature raw-public-key-auth { + description + "Indicates that the client supports authenticating servers + using ray public keys."; + } + + feature psk-auth { + description + "Indicates that the client supports authenticating servers + using PSKs (pre-shared or pairwise-symmetric keys)."; + } + + + + // Groupings + + grouping tls-client-grouping { + description + "A reusable grouping for configuring a TLS client without + any consideration for how an underlying TCP session is + established. + + Note that this grouping uses fairly typical descendent + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'tls-client-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models."; + + container client-identity { + nacm:default-deny-write; + description + "A locally-defined or referenced end-entity certificate, + including any configured intermediate certificates, the + TLS client will present when establishing a TLS connection + in its Certificate message, as defined in Section 7.4.2 + in RFC 5246."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version 1.2 + RFC ZZZZ: + YANG Data Model for a 'Keystore' Mechanism"; + + choice auth-type { + mandatory true; + description + "A choice amongst available authentication types."; + container certificate { + if-feature x509-certificate-auth; + description + "Specifies the client identity using a certificate."; + uses ks:local-or-keystore-end-entity-cert-with-key-grouping + { + refine "local-or-keystore/local/local-definition" { + must 'public-key-format = + "ct:subject-public-key-info-format"'; + } + // FIXME: also need a must expression to ensure the + // *referenced* key's public-key-format is + // "ct:subject-public-key-info-format" + } + } + container raw-public-key { + if-feature raw-public-key-auth; + description + "Specifies the client identity using a raw private key."; + uses ks:local-or-keystore-asymmetric-key-grouping; + // FIXME: add a must expression contraining key-formats? + } + container psk { + if-feature psk-auth; + description + "Specifies the client identity using a PSK."; + uses ks:local-or-keystore-symmetric-key-grouping; + // FIXME: add a must expression contraining key-formats? + } + } + } // container client-identity + + container server-authentication { + nacm:default-deny-write; + must 'ca-certs or server-certs'; + description + "Specifies how the TLS client can authenticate TLS servers. + Any combination of credentials is additive and unordered. + + Note that no configuration is required for PSK (pre-shared + or pairwise-symmetric key) based authentication as the key + is necessarily the same as configured in the '../client- + identity' node."; + container ca-certs { + if-feature "x509-certificate-auth"; + presence + "Indicates that the TLS client can authenticate TLS servers + using configured certificate authority certificates."; + description + "A set of certificate authority (CA) certificates used by + the TLS client to authenticate TLS server certificates. + A server certificate is authenticated if it has a valid + chain of trust to a configured CA certificate."; + reference + "RFC YYYY: YANG Data Model for a Truststore"; + uses ts:local-or-truststore-certs-grouping; + } + container server-certs { // FIXME: plural too much? + if-feature "x509-certificate-auth"; + presence + "Indicates that the TLS client can authenticate TLS servers + using configured server certificates."; + description + "A set of server certificates (i.e., end entity + certificates) used by the TLS client to authenticate + certificates presented by TLS servers. A server + certificate is authenticated if it is an exact + match to a configured server certificate."; + reference + "RFC YYYY: YANG Data Model for a Truststore"; + uses ts:local-or-truststore-certs-grouping; + } + container raw-public-keys { + if-feature "raw-public-key-auth"; + presence + "Indicates that the TLS client can authenticate TLS servers + using configured server certificates."; + description + "A set of raw public keys used by the TLS client to + authenticate raw public keys presented by the TLS server. + A raw public key is authenticated if it is an exact match + to a configured raw public key."; + reference + "RFC YYYY: YANG Data Model for a Truststore"; + uses ts:local-or-truststore-raw-pub-keys-grouping; + } + container psks { + if-feature "psk-auth"; + presence + "Indicates that the TLS client can authenticate TLS servers + using a configure PSK (pre-shared or pairwise-symmetric + key)."; + description + "No configuration is required since the PSK value would be + the same as PSK value configured in the 'client-identity' + node."; + } + } // container server-authentication + + container hello-params { + nacm:default-deny-write; + if-feature "tls-client-hello-params-config"; + uses tlscmn:hello-params-grouping; + description + "Configurable parameters for the TLS hello message."; + } // container hello-params + + container keepalives { + nacm:default-deny-write; + if-feature "tls-client-keepalives"; + presence "Indicates that keepalives are enabled."; + description + "Configures the keep-alive policy, to proactively test + the aliveness of the TLS server. An unresponsive + TLS server is dropped after approximately max-wait + * max-attempts seconds."; + leaf max-wait { + type uint16 { + range "1..max"; + } + units "seconds"; + default "30"; + description + "Sets the amount of time in seconds after which if + no data has been received from the TLS server, a + TLS-level message will be sent to test the + aliveness of the TLS server."; + } + leaf max-attempts { + type uint8; + default "3"; + description + "Sets the maximum number of sequential keep-alive + messages that can fail to obtain a response from + the TLS server before assuming the TLS server is + no longer alive."; + } + } // container keepalives + } // grouping tls-client-grouping +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-common-2019-11-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-common-2019-11-20.yang new file mode 100644 index 0000000..932164e --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-common-2019-11-20.yang @@ -0,0 +1,405 @@ +module ietf-tls-common { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-tls-common"; + prefix tlscmn; + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + Author: Kent Watsen + Author: Gary Wu "; + + description + "This module defines a common features, identities, and + groupings for Transport Layer Security (TLS). + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-11-20 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; + } + + // Features + + feature tls-1_0 { + description + "TLS Protocol Version 1.0 is supported."; + reference + "RFC 2246: The TLS Protocol Version 1.0"; + } + feature tls-1_1 { + description + "TLS Protocol Version 1.1 is supported."; + reference + "RFC 4346: The Transport Layer Security (TLS) Protocol + Version 1.1"; + } + + feature tls-1_2 { + description + "TLS Protocol Version 1.2 is supported."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + feature tls-1_3 { + description + "TLS Protocol Version 1.2 is supported."; + reference + "RFC 8446: The Transport Layer Security (TLS) Protocol + Version 1.3"; + } + + feature tls-ecc { + description + "Elliptic Curve Cryptography (ECC) is supported for TLS."; + reference + "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites + for Transport Layer Security (TLS)"; + } + + feature tls-dhe { + description + "Ephemeral Diffie-Hellman key exchange is supported for TLS."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + feature tls-3des { + description + "The Triple-DES block cipher is supported for TLS."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + feature tls-gcm { + description + "The Galois/Counter Mode authenticated encryption mode is + supported for TLS."; + reference + "RFC 5288: AES Galois Counter Mode (GCM) Cipher Suites for + TLS"; + } + + feature tls-sha2 { + description + "The SHA2 family of cryptographic hash functions is supported + for TLS."; + reference + "FIPS PUB 180-4: Secure Hash Standard (SHS)"; + } + + // Identities + + identity tls-version-base { + description + "Base identity used to identify TLS protocol versions."; + } + + identity tls-1.0 { + if-feature "tls-1_0"; + base tls-version-base; + description + "TLS Protocol Version 1.0."; + reference + "RFC 2246: The TLS Protocol Version 1.0"; + } + + identity tls-1.1 { + if-feature "tls-1_1"; + base tls-version-base; + description + "TLS Protocol Version 1.1."; + reference + "RFC 4346: The Transport Layer Security (TLS) Protocol + Version 1.1"; + } + + identity tls-1.2 { + if-feature "tls-1_2"; + base tls-version-base; + description + "TLS Protocol Version 1.2."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity cipher-suite-base { + description + "Base identity used to identify TLS cipher suites."; + } + + identity rsa-with-aes-128-cbc-sha { + base cipher-suite-base; + description + "Cipher suite TLS_RSA_WITH_AES_128_CBC_SHA."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity rsa-with-aes-256-cbc-sha { + base cipher-suite-base; + description + "Cipher suite TLS_RSA_WITH_AES_256_CBC_SHA."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity rsa-with-aes-128-cbc-sha256 { + if-feature "tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity rsa-with-aes-256-cbc-sha256 { + if-feature "tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity dhe-rsa-with-aes-128-cbc-sha { + if-feature "tls-dhe"; + base cipher-suite-base; + description + "Cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity dhe-rsa-with-aes-256-cbc-sha { + if-feature "tls-dhe"; + base cipher-suite-base; + description + "Cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity dhe-rsa-with-aes-128-cbc-sha256 { + if-feature "tls-dhe and tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity dhe-rsa-with-aes-256-cbc-sha256 { + if-feature "tls-dhe and tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity ecdhe-ecdsa-with-aes-128-cbc-sha256 { + if-feature "tls-ecc and tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256."; + reference + "RFC 5289: TLS Elliptic Curve Cipher Suites with + SHA-256/384 and AES Galois Counter Mode (GCM)"; + } + + identity ecdhe-ecdsa-with-aes-256-cbc-sha384 { + if-feature "tls-ecc and tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384."; + reference + "RFC 5289: TLS Elliptic Curve Cipher Suites with + SHA-256/384 and AES Galois Counter Mode (GCM)"; + } + + identity ecdhe-rsa-with-aes-128-cbc-sha256 { + if-feature "tls-ecc and tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256."; + reference + "RFC 5289: TLS Elliptic Curve Cipher Suites with + SHA-256/384 and AES Galois Counter Mode (GCM)"; + } + + identity ecdhe-rsa-with-aes-256-cbc-sha384 { + if-feature "tls-ecc and tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384."; + reference + "RFC 5289: TLS Elliptic Curve Cipher Suites with + SHA-256/384 and AES Galois Counter Mode (GCM)"; + } + + identity ecdhe-ecdsa-with-aes-128-gcm-sha256 { + if-feature "tls-ecc and tls-gcm and tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256."; + reference + "RFC 5289: TLS Elliptic Curve Cipher Suites with + SHA-256/384 and AES Galois Counter Mode (GCM)"; + } + + identity ecdhe-ecdsa-with-aes-256-gcm-sha384 { + if-feature "tls-ecc and tls-gcm and tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384."; + reference + "RFC 5289: TLS Elliptic Curve Cipher Suites with + SHA-256/384 and AES Galois Counter Mode (GCM)"; + } + + identity ecdhe-rsa-with-aes-128-gcm-sha256 { + if-feature "tls-ecc and tls-gcm and tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256."; + reference + "RFC 5289: TLS Elliptic Curve Cipher Suites with + SHA-256/384 and AES Galois Counter Mode (GCM)"; + } + + identity ecdhe-rsa-with-aes-256-gcm-sha384 { + if-feature "tls-ecc and tls-gcm and tls-sha2"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384."; + reference + "RFC 5289: TLS Elliptic Curve Cipher Suites with + SHA-256/384 and AES Galois Counter Mode (GCM)"; + } + + identity rsa-with-3des-ede-cbc-sha { + if-feature "tls-3des"; + base cipher-suite-base; + description + "Cipher suite TLS_RSA_WITH_3DES_EDE_CBC_SHA."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + } + + identity ecdhe-rsa-with-3des-ede-cbc-sha { + if-feature "tls-ecc and tls-3des"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA."; + reference + "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites + for Transport Layer Security (TLS)"; + } + + identity ecdhe-rsa-with-aes-128-cbc-sha { + if-feature "tls-ecc"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA."; + reference + "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites + for Transport Layer Security (TLS)"; + } + + identity ecdhe-rsa-with-aes-256-cbc-sha { + if-feature "tls-ecc"; + base cipher-suite-base; + description + "Cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA."; + reference + "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites + for Transport Layer Security (TLS)"; + } + + // Groupings + + grouping hello-params-grouping { + description + "A reusable grouping for TLS hello message parameters."; + reference + "RFC 5246: The Transport Layer Security (TLS) Protocol + Version 1.2"; + container tls-versions { + description + "Parameters regarding TLS versions."; + leaf-list tls-version { + type identityref { + base tls-version-base; + } + description + "Acceptable TLS protocol versions. + + If this leaf-list is not configured (has zero elements) + the acceptable TLS protocol versions are implementation- + defined."; + } + } + container cipher-suites { + description + "Parameters regarding cipher suites."; + leaf-list cipher-suite { + type identityref { + base cipher-suite-base; + } + ordered-by user; + description + "Acceptable cipher suites in order of descending + preference. The configured host key algorithms should + be compatible with the algorithm used by the configured + private key. Please see Section 5 of RFC XXXX for + valid combinations. + + If this leaf-list is not configured (has zero elements) + the acceptable cipher suites are implementation- + defined."; + reference + "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; + } + } + } +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-server-2019-11-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-server-2019-11-20.yang new file mode 100644 index 0000000..cbd36b1 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-tls-server-2019-11-20.yang @@ -0,0 +1,291 @@ +module ietf-tls-server { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-tls-server"; + prefix tlss; + + import ietf-tls-common { + prefix tlscmn; + revision-date 2019-11-20; // stable grouping definitions + reference + "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; + } + + import ietf-crypto-types { + prefix ct; + reference + "RFC AAAA: Common YANG Data Types for Cryptography"; + } + + import ietf-truststore { + prefix ts; + reference + "RFC BBBB: A YANG Data Model for a Truststore"; + } + + import ietf-keystore { + prefix ks; + reference + "RFC CCCC: A YANG Data Model for a Keystore"; + } + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web: + WG List: + Author: Kent Watsen + Author: Gary Wu "; + + description + "This module defines reusable groupings for TLS servers that + can be used as a basis for specific TLS server instances. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-11-20 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; + } + + // Features + + feature tls-server-hello-params-config { + description + "TLS hello message parameters are configurable on a TLS + server."; + } + + feature tls-server-keepalives { + description + "Per socket TLS keepalive parameters are configurable for + TLS servers on the server implementing this feature."; + } + + feature client-auth-config-supported { + description + "Indicates that the configuration for how to authenticate + clients can be configured herein, as opposed to in an + application specific location. That is, to support the + consuming data models that prefer to place client + authentication with client definitions, rather then + in a data model principally concerned with configuring + the transport."; + } + + feature external-client-auth-supported { + description + "Indicates that the TLS server supports external + configuration of client credentials."; + } + + feature x509-certificate-auth { + description + "Indicates that the server supports authenticating clients + using X.509 certificates."; + } + + feature raw-public-key-auth { + description + "Indicates that the server supports authenticating clients + using ray public keys."; + } + + feature psk-auth { + description + "Indicates that the server supports authenticating clients + using PSKs (pre-shared or pairwise-symmetric keys)."; + } + + // Groupings + + grouping tls-server-grouping { + description + "A reusable grouping for configuring a TLS server without + any consideration for how underlying TCP sessions are + established. + + Note that this grouping uses fairly typical descendent + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'tls-server-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models."; + + container server-identity { + nacm:default-deny-write; + description + "A locally-defined or referenced end-entity certificate, + including any configured intermediate certificates, the + TLS server will present when establishing a TLS connection + in its Certificate message, as defined in Section 7.4.2 + in RFC 5246."; + reference + "RFC 5246: + The Transport Layer Security (TLS) Protocol Version 1.2 + RFC ZZZZ: + YANG Data Model for a 'Keystore' Mechanism"; + choice auth-type { + mandatory true; + description + "A choice amongst authentication types."; + container certificate { + if-feature x509-certificate-auth; + description + "Specifies the server identity using a certificate."; + uses ks:local-or-keystore-end-entity-cert-with-key-grouping + { + refine "local-or-keystore/local/local-definition" { + must 'public-key-format = + "ct:subject-public-key-info-format"'; + } + // FIXME: also need a must expression to ensure the + // *referenced* key's public-key-format is + // "ct:subject-public-key-info-format" + } + } + container raw-private-key { + if-feature raw-public-key-auth; + description + "Specifies the server identity using a raw private key."; + uses ks:local-or-keystore-asymmetric-key-grouping; + // FIXME: add a must expression contraining key-formats? + } + container psk { + if-feature psk-auth; + description + "Specifies the server identity using a PSK."; + uses ks:local-or-keystore-symmetric-key-grouping; + // FIXME: add a must expression contraining key-formats? + } + } + } // container server-identity + + container client-authentication { + if-feature "client-auth-config-supported"; + nacm:default-deny-write; + presence + "Indicates that client authentication is supported (i.e., + that the server will request clients send certificates)."; + description + "Specifies how the TLS server can authenticate TLS clients. + Any combination of credentials is additive and unordered. + + Note that no configuration is required for PSK (pre-shared + or pairwise-symmetric key) based authentication as the key + is necessarily the same as configured in the '../server- + identity' node."; + container ca-certs { + if-feature "x509-certificate-auth"; + presence + "Indicates that the TLS server can authenticate TLS clients + using configured certificate authority certificates."; + description + "A set of certificate authority (CA) certificates used by + the TLS server to authenticate TLS client certificates. A + client certificate is authenticated if it has a valid + chain of trust to a configured CA certificate."; + reference + "RFC YYYY: YANG Data Model for a Truststore"; + uses ts:local-or-truststore-certs-grouping; + } + container client-certs { // FIXME: plural too much? + if-feature "x509-certificate-auth"; + presence + "Indicates that the TLS server can authenticate TLS clients + using configured client certificates."; + description + "A set of client certificates (i.e., end entity + certificates) used by the TLS server to authenticate + certificates presented by TLS clients. A client + certificate is authenticated if it is an exact match + to a configured client certificate."; + reference + "RFC YYYY: YANG Data Model for a Truststore"; + uses ts:local-or-truststore-certs-grouping; + } + container raw-public-keys { + if-feature "raw-public-key-auth"; + presence + "Indicates that the TLS server can authenticate TLS clients + using configured client certificates."; + description + "A set of raw public keys used by the TLS server to + authenticate raw public keys presented by the TLS client. + A raw public key is authenticated if it is an exact match + to a configured raw public key."; + reference + "RFC YYYY: YANG Data Model for a Truststore"; + uses ts:local-or-truststore-raw-pub-keys-grouping; + } + } // container client-authentication + container hello-params { + nacm:default-deny-write; + if-feature "tls-server-hello-params-config"; + uses tlscmn:hello-params-grouping; + description + "Configurable parameters for the TLS hello message."; + } // container hello-params + + container keepalives { + nacm:default-deny-write; + if-feature "tls-server-keepalives"; + presence "Indicates that keepalives are enabled."; + description + "Configures the keep-alive policy, to proactively test + the aliveness of the TLS client. An unresponsive + TLS client is dropped after approximately max-wait + * max-attempts seconds."; + leaf max-wait { + type uint16 { + range "1..max"; + } + units "seconds"; + default "30"; + description + "Sets the amount of time in seconds after which if + no data has been received from the TLS client, a + TLS-level message will be sent to test the + aliveness of the TLS client."; + } + leaf max-attempts { + type uint8; + default "3"; + description + "Sets the maximum number of sequential keep-alive + messages that can fail to obtain a response from + the TLS client before assuming the TLS client is + no longer alive."; + } + } // container keepalives + } // grouping tls-server-grouping +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-truststore-2019-11-20.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-truststore-2019-11-20.yang new file mode 100644 index 0000000..e63d3a8 --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-truststore-2019-11-20.yang @@ -0,0 +1,377 @@ +module ietf-truststore { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-truststore"; + prefix ts; + + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + import ietf-crypto-types { + prefix ct; + reference + "RFC YYYY: Common YANG Data Types for Cryptography"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + + contact + "WG Web : + WG List : + Author : Kent Watsen + Author : Henk Birkholz "; + + description + "This module defines a truststore to centralize management + of trust anchors including X.509 certificates, SSH host + keys, raw public keys, and PSKs (pairwise-symmetric or + pre-shared keys). + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-11-20 { + description + "Initial version"; + reference + "RFC XXXX: A YANG Data Model for a Truststore"; + } + + /****************/ + /* Features */ + /****************/ + + feature truststore-supported { + description + "The 'truststore-supported' feature indicates that the + server supports the truststore (i.e., implements the + 'ietf-truststore' module)."; + } + + feature local-definitions-supported { + description + "The 'local-definitions-supported' feature indicates that + the server supports locally-defined trust anchors."; + } + + feature x509-certificates { + description + "The 'x509-certificates' feature indicates that the server + implements the /truststore/certificates subtree."; + } + + feature ssh-host-keys { + description + "The 'ssh-host-keys' feature indicates that the server + implements the /truststore/host-keys subtree."; + } + + feature raw-public-keys { + description + "The 'raw-public-keys' feature indicates that the server + implements the /truststore/raw-public-keys subtree."; + } + + /****************/ + /* Typedefs */ + /****************/ + + typedef certificates-ref { + type leafref { + path "/ts:truststore/ts:certificates/ts:name"; + } + description + "This typedef enables modules to easily define a reference + to a set of certificates defined in the truststore."; + } + + typedef host-keys-ref { + type leafref { + path "/ts:truststore/ts:host-keys/ts:name"; + } + description + "This typedef enables modules to easily define a reference + to a set of host keys defined in the truststore."; + } + + typedef raw-public-keys-ref { + type leafref { + path "/ts:truststore/ts:raw-public-keys/ts:name"; + } + description + "This typedef enables modules to easily define a reference + to a set of raw public keys defined in the truststore."; + } + + /*****************/ + /* Groupings */ + /*****************/ + + grouping local-or-truststore-certs-grouping { + description + "A grouping that expands to allow trust anchors to be + either stored locally, within the using data model, or be + a reference to trust anchors stored in the truststore."; + choice local-or-truststore { + mandatory true; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold the local trust anchor definitions."; + uses ct:trust-anchor-certs-grouping; + } + } + case truststore { + if-feature "truststore-supported"; + if-feature "x509-certificates"; + leaf truststore-reference { + type ts:certificates-ref; + description + "A reference to a set of trust anchors that exists + in the truststore."; + } + } + description + "A choice between an inlined definition and a definition + that exists in the truststore."; + } + } + + grouping local-or-truststore-host-keys-grouping { + description + "A grouping that expands to allow host keys to be + either stored locally, within the using data model, or be + a reference to host keys stored in the truststore."; + choice local-or-truststore { + mandatory true; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold local host key definitions."; + leaf-list host-key { + nacm:default-deny-write; + type ct:ssh-host-key; + description + "The binary public key data for this host key."; + reference + "RFC YYYY: Common YANG Data Types for Cryptography"; + } + } + } + case truststore { + if-feature "truststore-supported"; + if-feature "ssh-host-keys"; + leaf truststore-reference { + type ts:host-keys-ref; + description + "A reference to a set of host keys that exist in + the truststore."; + } + } + description + "A choice between an inlined definition and a definition + that exists in the truststore."; + } + } + + grouping local-or-truststore-raw-pub-keys-grouping { + description + "A grouping that expands to allow raw public keys to be + available either locally, within the using data model, or + be a reference to raw public keys stored in the truststore."; + choice local-or-truststore { + mandatory true; + case local { + if-feature "local-definitions-supported"; + container local-definition { + description + "Container to hold local raw public key definitions."; + list raw-public-key { + key name; + description + "A raw public key definition."; + leaf name { + type string; + description + "An arbitrary name for this raw public key."; + } + uses ct:public-key-grouping; + } + } + } + case truststore { + if-feature "truststore-supported"; + if-feature "raw-public-keys"; + leaf truststore-reference { + type ts:raw-public-keys-ref; + description + "A reference to a set of raw public keys that exist + in the truststore."; + } + } + description + "A choice between an inlined definition and a definition + that exists in the truststore."; + } + } + + grouping truststore-grouping { + description + "Grouping definition enables use in other contexts. If ever + done, implementations SHOULD augment new 'case' statements + into local-or-keystore 'choice' statements to supply leafrefs + to the new location."; + list certificates { + if-feature "x509-certificates"; + key "name"; + description + "A list of certificates. These certificates can be + used by a server to authenticate clients, or by a client + to authenticate servers. Each list of certificates + SHOULD be specific to a purpose, as the list as a whole + may be referenced by other modules. For instance, a + RESTCONF server's configuration might use a specific list + of certificates for when authenticating RESTCONF + client connections."; + leaf name { + type string; + description + "An arbitrary name for this list of certificates."; + } + leaf description { + type string; + description + "An arbitrary description for this list of + certificates."; + } + list certificate { + key "name"; + description + "A certificate."; + leaf name { + type string; + description + "An arbitrary name for this certificate. The + name must be unique across all lists of + certificates (not just this list) so that leafrefs + from another module can resolve to unique values."; + } + uses ct:trust-anchor-cert-grouping { + refine "cert" { + mandatory true; + } + } + } + } + list host-keys { + if-feature "ssh-host-keys"; + key "name"; + description + "A list of host keys. These host-keys can be used by + clients to authenticate SSH servers. Each list of host + keys SHOULD be specific to a purpose, so the list as a + whole may be referenced by other modules. For instance, + a client's configuration might point to a specific list + of host keys for when authenticating specific SSH servers."; + leaf name { + type string; + description + "An arbitrary name for this list of SSH + host keys."; + } + leaf description { + type string; + description + "An arbitrary description for this list of SSH + host keys."; + } + list host-key { + key "name"; + description + "A host key."; + leaf name { + type string; + description + "An arbitrary name for this host-key."; + } + leaf host-key { + type ct:ssh-host-key; + mandatory true; + description + "The binary public key data for this host key."; + reference + "RFC YYYY: Common YANG Data Types for Cryptography"; + } + } + } + list raw-public-keys { + if-feature "raw-public-keys"; + key "name"; + description + "A list of raw public keys. These raw public keys can be + used by a server to authenticate clients, or by a client + to authenticate servers. Each list of raw public keys + SHOULD be specific to a purpose, so the list as a whole + may be referenced by other modules. For instance, a + client's configuration might point to a specific list + of raw public keys for when authenticating specific TLS + endpoints."; + leaf name { + type string; + description + "An arbitrary name for this list of raw public keys."; + } + leaf description { + type string; + description + "An arbitrary description for this list raw public keys."; + } + list raw-public-key { + key "name"; + description + "A raw public key."; + leaf name { + type string; + description + "An arbitrary name for this raw public key."; + } + uses ct:public-key-grouping; + } + } + } + + /*********************************/ + /* Protocol accessible nodes */ + /*********************************/ + + container truststore { + nacm:default-deny-write; + description + "The truststore contains sets of X.509 certificates and + SSH host keys."; + uses truststore-grouping; + } +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-yang-push-2019-05-21.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-yang-push-2019-05-21.yang new file mode 100644 index 0000000..45ff9fb --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-yang-push-2019-05-21.yang @@ -0,0 +1,811 @@ +module ietf-yang-push { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-push"; + prefix yp; + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991: Common YANG Data Types"; + } + import ietf-subscribed-notifications { + prefix sn; + reference + "draft-ietf-netconf-subscribed-notifications: + Customized Subscriptions to a Publisher's Event Streams + NOTE TO RFC Editor: Please replace above reference to + draft-ietf-netconf-subscribed-notifications with RFC number + when published (i.e. RFC xxxx)."; + } + import ietf-datastores { + prefix ds; + reference + "RFC 8342: Network Management Datastore Architecture (NMDA)"; + } + import ietf-restconf { + prefix rc; + reference + "RFC 8040: RESTCONF Protocol"; + } + import ietf-yang-patch { + prefix ypatch; + reference + "RFC 8072: YANG Patch Media Type"; + } + + organization + "IETF NETCONF Working Group"; + contact + "WG Web: + + WG List: + + Editor: Alexander Clemm + + Editor: Eric Voit + + Editor: Alberto Gonzalez Prieto + + Editor: Ambika Prasad Tripathy + + Editor: Einar Nilsen-Nygaard + + Editor: Andy Bierman + + Editor: Balazs Lengyel + "; + description + "This module contains YANG specifications for YANG push. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject to + the license terms contained in, the Simplified BSD License set + forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; + see the RFC itself for full legal notices."; + + // RFC Ed.: replace XXXX with actual RFC number and remove this + // note. + + revision 2019-05-21 { + description + "Initial revision. + NOTE TO RFC EDITOR: + (1)Please replace the above revision date to + the date of RFC publication when published. + (2) Please replace the date in the file name + (ietf-yang-push@2019-05-21.yang) to the date of RFC + publication. + (3) Please replace the following reference to + draft-ietf-netconf-yang-push-25 with RFC number when + published (i.e. RFC xxxx)."; + reference + "draft-ietf-netconf-yang-push-25"; + } + + /* + * FEATURES + */ + + feature on-change { + description + "This feature indicates that on-change triggered subscriptions + are supported."; + } + + /* + * IDENTITIES + */ + + /* Error type identities for datastore subscription */ + + identity resync-subscription-error { + description + "Problem found while attempting to fulfill an + 'resync-subscription' RPC request."; + } + + identity cant-exclude { + base sn:establish-subscription-error; + description + "Unable to remove the set of 'excluded-changes'. This means + the publisher is unable to restrict 'push-change-update's to + just the change types requested for this subscription."; + } + + identity datastore-not-subscribable { + base sn:establish-subscription-error; + base sn:subscription-terminated-reason; + description + "This is not a subscribable datastore."; + } + + identity no-such-subscription-resync { + base resync-subscription-error; + description + "Referenced subscription doesn't exist. This may be as a result + of a non-existent subscription ID, an ID which belongs to + another subscriber, or an ID for configured subscription."; + } + + identity on-change-unsupported { + base sn:establish-subscription-error; + description + "On-change is not supported for any objects which are + selectable by this filter."; + } + + identity on-change-sync-unsupported { + base sn:establish-subscription-error; + description + "Neither sync on start nor resynchronization are supported for + this subscription. This error will be used for two + reasons. First if an 'establish-subscription' RPC includes + 'sync-on-start', yet the publisher can't support sending a + 'push-update' for this subscription for reasons other than + 'on-change-unsupported' or 'sync-too-big'. And second, if the + 'resync-subscription' RPC is invoked either for an existing + periodic subscription, or for an on-change subscription which + can't support resynchronization."; + } + + identity period-unsupported { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + base sn:subscription-suspended-reason; + description + "Requested time period or dampening-period is too short. This + can be for both periodic and on-change subscriptions (with or + without dampening.) Hints suggesting alternative periods may + be returned as supplemental information."; + } + + identity update-too-big { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + base sn:subscription-suspended-reason; + description + "Periodic or on-change push update datatrees exceed a maximum + size limit. Hints on estimated size of what was too big may + be returned as supplemental information."; + } + + identity sync-too-big { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + base resync-subscription-error; + base sn:subscription-suspended-reason; + description + "Sync-on-start or resynchronization datatree exceeds a maximum + size limit. Hints on estimated size of what was too big may + be returned as supplemental information."; + } + + identity unchanging-selection { + base sn:establish-subscription-error; + base sn:modify-subscription-error; + base sn:subscription-terminated-reason; + description + "Selection filter is unlikely to ever select datatree nodes. + This means that based on the subscriber's current access + rights, the publisher recognizes that the selection filter is + unlikely to ever select datatree nodes which change. Examples + for this might be that node or subtree doesn't exist, read + access is not permitted for a receiver, or static objects that + only change at reboot have been chosen."; + } + + /* + * TYPE DEFINITIONS + */ + + typedef change-type { + type enumeration { + enum create { + description + "A change that refers to the creation of a new datastore + node."; + } + enum delete { + description + "A change that refers to the deletion of a datastore + node."; + } + enum insert { + description + "A change that refers to the insertion of a new + user-ordered datastore node."; + } + enum move { + description + "A change that refers to a reordering of the target + datastore node."; + } + enum replace { + description + "A change that refers to a replacement of the target + datastore node's value."; + } + } + description + "Specifies different types of datastore changes. + + This type is based on the edit operations defined for YANG + Patch, with the difference that it is valid for a receiver to + process an update record which performs a create operation on + a datastore node the receiver believes exists, or to process a + delete on a datastore node the receiver believes is missing."; + reference + "RFC 8072: YANG Patch Media Type, section 2.5"; + } + + typedef selection-filter-ref { + type leafref { + path "/sn:filters/yp:selection-filter/yp:filter-id"; + } + description + "This type is used to reference a selection filter."; + } + + typedef centiseconds { + type uint32; + description + "A period of time, measured in units of 0.01 seconds."; + } + + /* + * GROUP DEFINITIONS + */ + + grouping datastore-criteria { + description + "A grouping to define criteria for which selected objects + from a targeted datastore should be included in push + updates."; + leaf datastore { + type identityref { + base ds:datastore; + } + mandatory true; + description + "Datastore from which to retrieve data."; + } + uses selection-filter-objects; + } + + grouping selection-filter-types { + description + "This grouping defines the types of selectors for objects + from a datastore."; + choice filter-spec { + description + "The content filter specification for this request."; + anydata datastore-subtree-filter { + if-feature "sn:subtree"; + description + "This parameter identifies the portions of the + target datastore to retrieve."; + reference + "RFC 6241: Network Configuration Protocol, Section 6."; + } + leaf datastore-xpath-filter { + if-feature "sn:xpath"; + type yang:xpath1.0; + description + "This parameter contains an XPath expression identifying + the portions of the target datastore to retrieve. + + If the expression returns a node-set, all nodes in the + node-set are selected by the filter. Otherwise, if the + expression does not return a node-set, the filter + doesn't select any nodes. + + The expression is evaluated in the following XPath + context: + + o The set of namespace declarations is the set of prefix + and namespace pairs for all YANG modules implemented + by the server, where the prefix is the YANG module + name and the namespace is as defined by the + 'namespace' statement in the YANG module. + + If the leaf is encoded in XML, all namespace + declarations in scope on the 'stream-xpath-filter' + leaf element are added to the set of namespace + declarations. If a prefix found in the XML is + already present in the set of namespace declarations, + the namespace in the XML is used. + + o The set of variable bindings is empty. + + o The function library is the core function library, and + the XPath functions defined in section 10 in RFC 7950. + + o The context node is the root node of the target + datastore."; + } + } + } + + grouping selection-filter-objects { + description + "This grouping defines a selector for objects from a + datastore."; + choice selection-filter { + description + "The source of the selection filter applied to the + subscription. This will come either referenced from a global + list, or be provided within the subscription itself."; + case by-reference { + description + "Incorporate a filter that has been configured + separately."; + leaf selection-filter-ref { + type selection-filter-ref; + mandatory true; + description + "References an existing selection filter which is to be + applied to the subscription."; + } + } + case within-subscription { + description + "Local definition allows a filter to have the same + lifecycle as the subscription."; + uses selection-filter-types; + } + } + } + + grouping update-policy-modifiable { + description + "This grouping describes the datastore specific subscription + conditions that can be changed during the lifetime of the + subscription."; + choice update-trigger { + description + "Defines necessary conditions for sending an event record to + the subscriber."; + case periodic { + container periodic { + presence "indicates a periodic subscription"; + description + "The publisher is requested to notify periodically the + current values of the datastore as defined by the + selection filter."; + leaf period { + type centiseconds; + mandatory true; + description + "Duration of time which should occur between periodic + push updates, in one hundredths of a second."; + } + leaf anchor-time { + type yang:date-and-time; + description + "Designates a timestamp before or after which a series + of periodic push updates are determined. The next + update will take place at a whole multiple interval + from the anchor time. For example, for an anchor time + is set for the top of a particular minute and a period + interval of a minute, updates will be sent at the top + of every minute this subscription is active."; + } + } + } + case on-change { + if-feature "on-change"; + container on-change { + presence "indicates an on-change subscription"; + description + "The publisher is requested to notify changes in values + in the datastore subset as defined by a selection + filter."; + leaf dampening-period { + type centiseconds; + default "0"; + description + "Specifies the minimum interval between the assembly of + successive update records for a single receiver of a + subscription. Whenever subscribed objects change, and + a dampening period interval (which may be zero) has + elapsed since the previous update record creation for + a receiver, then any subscribed objects and properties + which have changed since the previous update record + will have their current values marshalled and placed + into a new update record."; + } + } + } + } + } + + grouping update-policy { + description + "This grouping describes the datastore-specific subscription + conditions of a subscription."; + uses update-policy-modifiable { + augment "update-trigger/on-change/on-change" { + description + "Includes objects not modifiable once subscription is + established."; + leaf sync-on-start { + type boolean; + default "true"; + description + "When this object is set to false, it restricts an + on-change subscription from sending push-update + notifications. When false, pushing a full selection per + the terms of the selection filter MUST NOT be done for + this subscription. Only updates about changes, + i.e. only push-change-update notifications are sent. + When true (default behavior), in order to facilitate a + receiver's synchronization, a full update is sent when + the subscription starts using a push-update + notification. After that, push-change-update + notifications are exclusively sent unless the publisher + chooses to resync the subscription via a new push-update + notification."; + } + leaf-list excluded-change { + type change-type; + description + "Use to restrict which changes trigger an update. For + example, if modify is excluded, only creation and + deletion of objects is reported."; + } + } + } + } + grouping hints { + description + "Parameters associated with some error for a subscription + made upon a datastore."; + leaf period-hint { + type centiseconds; + description + "Returned when the requested time period is too short. This + hint can assert a viable period for either a periodic push + cadence or an on-change dampening interval."; + } + leaf filter-failure-hint { + type string; + description + "Information describing where and/or why a provided filter + was unsupportable for a subscription."; + } + leaf object-count-estimate { + type uint32; + description + "If there are too many objects which could potentially be + returned by the selection filter, this identifies the + estimate of the number of objects which the filter would + potentially pass."; + } + leaf object-count-limit { + type uint32; + description + "If there are too many objects which could be returned by + the selection filter, this identifies the upper limit of + the publisher's ability to service for this subscription."; + } + leaf kilobytes-estimate { + type uint32; + description + "If the returned information could be beyond the capacity + of the publisher, this would identify the data size which + could result from this selection filter."; + } + leaf kilobytes-limit { + type uint32; + description + "If the returned information would be beyond the capacity + of the publisher, this identifies the upper limit of the + publisher's ability to service for this subscription."; + } + } + + /* + * RPCs + */ + + rpc resync-subscription { + if-feature "on-change"; + description + "This RPC allows a subscriber of an active on-change + subscription to request a full push of objects. + + A successful invocation results in a push-update of all + datastore nodes that the subscriber is permitted to access. + This RPC can only be invoked on the same session on which the + subscription is currently active. In case of an error, a + resync-subscription-error is sent as part of an error + response."; + input { + leaf id { + type sn:subscription-id; + mandatory true; + description + "Identifier of the subscription that is to be resynced."; + } + } + } + + rc:yang-data resync-subscription-error { + container resync-subscription-error { + description + "If a 'resync-subscription' RPC fails, the subscription is + not resynced and the RPC error response MUST indicate the + reason for this failure. This YANG-data MAY be inserted as + structured data within a subscription's RPC error response + to indicate the failure reason."; + leaf reason { + type identityref { + base resync-subscription-error; + } + mandatory true; + description + "Indicates the reason why the publisher has declined a + request for subscription resynchronization."; + } + uses hints; + } + } + + augment "/sn:establish-subscription/sn:input" { + description + "This augmentation adds additional subscription parameters + that apply specifically to datastore updates to RPC input."; + uses update-policy; + } + + augment "/sn:establish-subscription/sn:input/sn:target" { + description + "This augmentation adds the datastore as a valid target + for the subscription to RPC input."; + case datastore { + description + "Information specifying the parameters of an request for a + datastore subscription."; + uses datastore-criteria; + } + } + + rc:yang-data establish-subscription-datastore-error-info { + container establish-subscription-datastore-error-info { + description + "If any 'establish-subscription' RPC parameters are + unsupportable against the datastore, a subscription is not + created and the RPC error response MUST indicate the reason + why the subscription failed to be created. This YANG-data + MAY be inserted as structured data within a subscription's + RPC error response to indicate the failure reason. This + YANG-data MUST be inserted if hints are to be provided back + to the subscriber."; + leaf reason { + type identityref { + base sn:establish-subscription-error; + } + description + "Indicates the reason why the subscription has failed to + be created to a targeted datastore."; + } + uses hints; + } + } + + augment "/sn:modify-subscription/sn:input" { + description + "This augmentation adds additional subscription parameters + specific to datastore updates."; + uses update-policy-modifiable; + } + + augment "/sn:modify-subscription/sn:input/sn:target" { + description + "This augmentation adds the datastore as a valid target + for the subscription to RPC input."; + case datastore { + description + "Information specifying the parameters of an request for a + datastore subscription."; + uses datastore-criteria; + } + } + + rc:yang-data modify-subscription-datastore-error-info { + container modify-subscription-datastore-error-info { + description + "This YANG-data MAY be provided as part of a subscription's + RPC error response when there is a failure of a + 'modify-subscription' RPC which has been made against a + datastore. This YANG-data MUST be used if hints are to be + provides back to the subscriber."; + leaf reason { + type identityref { + base sn:modify-subscription-error; + } + description + "Indicates the reason why the subscription has failed to + be modified."; + } + uses hints; + } + } + + /* + * NOTIFICATIONS + */ + + notification push-update { + description + "This notification contains a push update, containing data + subscribed to via a subscription. This notification is sent + for periodic updates, for a periodic subscription. It can + also be used for synchronization updates of an on-change + subscription. This notification shall only be sent to + receivers of a subscription. It does not constitute a + general-purpose notification that would be subscribable as + part of the NETCONF event stream by any receiver."; + leaf id { + type sn:subscription-id; + description + "This references the subscription which drove the + notification to be sent."; + } + anydata datastore-contents { + description + "This contains the updated data. It constitutes a snapshot + at the time-of-update of the set of data that has been + subscribed to. The snapshot corresponds to the same + snapshot that would be returned in a corresponding get + operation with the same selection filter parameters + applied."; + } + leaf incomplete-update { + type empty; + description + "This is a flag which indicates that not all datastore + nodes subscribed to are included with this update. In + other words, the publisher has failed to fulfill its full + subscription obligations, and despite its best efforts is + providing an incomplete set of objects."; + } + } + + notification push-change-update { + if-feature "on-change"; + description + "This notification contains an on-change push update. This + notification shall only be sent to the receivers of a + subscription. It does not constitute ageneral-purpose + notification that would be subscribable as part of the + NETCONF event stream by any receiver."; + leaf id { + type sn:subscription-id; + description + "This references the subscription which drove the + notification to be sent."; + } + container datastore-changes { + description + "This contains the set of datastore changes of the target + datastore starting at the time of the previous update, per + the terms of the subscription."; + uses ypatch:yang-patch; + } + leaf incomplete-update { + type empty; + description + "The presence of this object indicates not all changes which + have occurred since the last update are included with this + update. In other words, the publisher has failed to + fulfill its full subscription obligations, for example in + cases where it was not able to keep up with a change + burst."; + } + } + + augment "/sn:subscription-started" { + description + "This augmentation adds datastore-specific objects to + the notification that a subscription has started."; + uses update-policy; + } + + augment "/sn:subscription-started/sn:target" { + description + "This augmentation allows the datastore to be included as + part of the notification that a subscription has started."; + case datastore { + uses datastore-criteria { + refine "selection-filter/within-subscription" { + description + "Specifies the selection filter and where it originated + from. If the 'selection-filter-ref' is populated, the + filter within the subscription came from the 'filters' + container. Otherwise it is populated in-line as part of + the subscription itself."; + } + } + } + } + + augment "/sn:subscription-modified" { + description + "This augmentation adds datastore-specific objects to + the notification that a subscription has been modified."; + uses update-policy; + } + + augment "/sn:subscription-modified/sn:target" { + description + "This augmentation allows the datastore to be included as + part of the notification that a subscription has been + modified."; + case datastore { + uses datastore-criteria { + refine "selection-filter/within-subscription" { + description + "Specifies the selection filter and where it originated + from. If the 'selection-filter-ref' is populated, the + filter within the subscription came from the 'filters' + container. Otherwise it is populated in-line as part of + the subscription itself."; + } + } + } + } + + /* + * DATA NODES + */ + + augment "/sn:filters" { + description + "This augmentation allows the datastore to be included as part + of the selection filtering criteria for a subscription."; + list selection-filter { + key "filter-id"; + description + "A list of pre-configured filters that can be applied + to datastore subscriptions."; + leaf filter-id { + type string; + description + "An identifier to differentiate between selection + filters."; + } + uses selection-filter-types; + } + } + + augment "/sn:subscriptions/sn:subscription" { + when 'yp:datastore'; + description + "This augmentation adds many datastore specific objects to a + subscription."; + uses update-policy; + } + + augment "/sn:subscriptions/sn:subscription/sn:target" { + description + "This augmentation allows the datastore to be included as + part of the selection filtering criteria for a subscription."; + case datastore { + uses datastore-criteria; + } + } +} diff --git a/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-yang-types-2019-11-04.yang b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-yang-types-2019-11-04.yang new file mode 100644 index 0000000..d33eced --- /dev/null +++ b/yang-parser/yang-parser-jar/src/test/resources/_orig-modules/ietf-yang-types-2019-11-04.yang @@ -0,0 +1,767 @@ +module ietf-yang-types { + + namespace "urn:ietf:params:xml:ns:yang:ietf-yang-types"; + prefix "yang"; + + organization + "IETF Network Modeling (NETMOD) Working Group"; + + contact + "WG Web: + WG List: + + Editor: Juergen Schoenwaelder + "; + + description + "This module contains a collection of generally useful derived + YANG data types. + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL + NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', + 'MAY', and 'OPTIONAL' in this document are to be interpreted as + described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, + they appear in all capitals, as shown here. + + Copyright (c) 2019 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD License + set forth in Section 4.c of the IETF Trust's Legal Provisions + Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; + see the RFC itself for full legal notices."; + + revision 2019-11-04 { + description + "This revision adds the following new data types: + - date, time + - hours32, minutes32, seconds32, centiseconds32, milliseconds32, + - microseconds32, microseconds64, nanoseconds32, nanoseconds64 + - revision-identifier, node-instance-identifier"; + reference + "RFC XXXX: Common YANG Data Types"; + } + + revision 2013-07-15 { + description + "This revision adds the following new data types: + - yang-identifier + - hex-string + - uuid + - dotted-quad"; + reference + "RFC 6991: Common YANG Data Types"; + } + + revision 2010-09-24 { + description + "Initial revision."; + reference + "RFC 6021: Common YANG Data Types"; + } + + /*** collection of counter and gauge types ***/ + + typedef counter32 { + type uint32; + description + "The counter32 type represents a non-negative integer + that monotonically increases until it reaches a + maximum value of 2^32-1 (4294967295 decimal), when it + wraps around and starts increasing again from zero. + + Counters have no defined 'initial' value, and thus, a + single value of a counter has (in general) no information + content. Discontinuities in the monotonically increasing + value normally occur at re-initialization of the + management system, and at other times as specified in the + description of a schema node using this type. If such + other times can occur, for example, the instantiation of + a schema node of type counter32 at times other than + re-initialization, then a corresponding schema node + should be defined, with an appropriate type, to indicate + the last discontinuity. + The counter32 type should not be used for configuration + schema nodes. A default statement SHOULD NOT be used in + combination with the type counter32. + + In the value set and its semantics, this type is equivalent + to the Counter32 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef zero-based-counter32 { + type yang:counter32; + default "0"; + description + "The zero-based-counter32 type represents a counter32 + that has the defined 'initial' value zero. + + A schema node instance of this type will be set to zero (0) + on creation and will thereafter increase monotonically until + it reaches a maximum value of 2^32-1 (4294967295 decimal), + when it wraps around and starts increasing again from zero. + + Provided that an application discovers a new schema node + instance of this type within the minimum time to wrap, it + can use the 'initial' value as a delta. It is important for + a management station to be aware of this minimum time and the + actual time between polls, and to discard data if the actual + time is too long or there is no defined minimum time. + + In the value set and its semantics, this type is equivalent + to the ZeroBasedCounter32 textual convention of the SMIv2."; + reference + "RFC 4502: Remote Network Monitoring Management Information + Base Version 2"; + } + + typedef counter64 { + type uint64; + description + "The counter64 type represents a non-negative integer + that monotonically increases until it reaches a + maximum value of 2^64-1 (18446744073709551615 decimal), + when it wraps around and starts increasing again from zero. + + Counters have no defined 'initial' value, and thus, a + single value of a counter has (in general) no information + content. Discontinuities in the monotonically increasing + value normally occur at re-initialization of the + management system, and at other times as specified in the + description of a schema node using this type. If such + other times can occur, for example, the instantiation of + a schema node of type counter64 at times other than + re-initialization, then a corresponding schema node + should be defined, with an appropriate type, to indicate + the last discontinuity. + + The counter64 type should not be used for configuration + schema nodes. A default statement SHOULD NOT be used in + combination with the type counter64. + + In the value set and its semantics, this type is equivalent + to the Counter64 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef zero-based-counter64 { + type yang:counter64; + default "0"; + description + "The zero-based-counter64 type represents a counter64 that + has the defined 'initial' value zero. + + A schema node instance of this type will be set to zero (0) + on creation and will thereafter increase monotonically until + it reaches a maximum value of 2^64-1 (18446744073709551615 + decimal), when it wraps around and starts increasing again + from zero. + + Provided that an application discovers a new schema node + instance of this type within the minimum time to wrap, it + can use the 'initial' value as a delta. It is important for + a management station to be aware of this minimum time and the + actual time between polls, and to discard data if the actual + time is too long or there is no defined minimum time. + + In the value set and its semantics, this type is equivalent + to the ZeroBasedCounter64 textual convention of the SMIv2."; + reference + "RFC 2856: Textual Conventions for Additional High Capacity + Data Types"; + } + + typedef gauge32 { + type uint32; + description + "The gauge32 type represents a non-negative integer, which + may increase or decrease, but shall never exceed a maximum + value, nor fall below a minimum value. The maximum value + cannot be greater than 2^32-1 (4294967295 decimal), and + the minimum value cannot be smaller than 0. The value of + a gauge32 has its maximum value whenever the information + being modeled is greater than or equal to its maximum + value, and has its minimum value whenever the information + being modeled is smaller than or equal to its minimum value. + If the information being modeled subsequently decreases + below (increases above) the maximum (minimum) value, the + gauge32 also decreases (increases). + + In the value set and its semantics, this type is equivalent + to the Gauge32 type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef gauge64 { + type uint64; + description + "The gauge64 type represents a non-negative integer, which + may increase or decrease, but shall never exceed a maximum + value, nor fall below a minimum value. The maximum value + cannot be greater than 2^64-1 (18446744073709551615), and + the minimum value cannot be smaller than 0. The value of + a gauge64 has its maximum value whenever the information + being modeled is greater than or equal to its maximum + value, and has its minimum value whenever the information + being modeled is smaller than or equal to its minimum value. + If the information being modeled subsequently decreases + below (increases above) the maximum (minimum) value, the + gauge64 also decreases (increases). + + In the value set and its semantics, this type is equivalent + to the CounterBasedGauge64 SMIv2 textual convention defined + in RFC 2856"; + reference + "RFC 2856: Textual Conventions for Additional High Capacity + Data Types"; + } + + /*** collection of identifier-related types ***/ + + typedef object-identifier { + type string { + pattern '(([0-1](\.[1-3]?[0-9]))|(2\.(0|([1-9]\d*))))' + + '(\.(0|([1-9]\d*)))*'; + } + description + "The object-identifier type represents administratively + assigned names in a registration-hierarchical-name tree. + + Values of this type are denoted as a sequence of numerical + non-negative sub-identifier values. Each sub-identifier + value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers + are separated by single dots and without any intermediate + whitespace. + + The ASN.1 standard restricts the value space of the first + sub-identifier to 0, 1, or 2. Furthermore, the value space + of the second sub-identifier is restricted to the range + 0 to 39 if the first sub-identifier is 0 or 1. Finally, + the ASN.1 standard requires that an object identifier + has always at least two sub-identifiers. The pattern + captures these restrictions. + + Although the number of sub-identifiers is not limited, + module designers should realize that there may be + implementations that stick with the SMIv2 limit of 128 + sub-identifiers. + + This type is a superset of the SMIv2 OBJECT IDENTIFIER type + since it is not restricted to 128 sub-identifiers. Hence, + this type SHOULD NOT be used to represent the SMIv2 OBJECT + IDENTIFIER type; the object-identifier-128 type SHOULD be + used instead."; + reference + "ISO9834-1: Information technology -- Open Systems + Interconnection -- Procedures for the operation of OSI + Registration Authorities: General procedures and top + arcs of the ASN.1 Object Identifier tree"; + } + + typedef object-identifier-128 { + type object-identifier { + pattern '\d*(\.\d*){1,127}'; + } + description + "This type represents object-identifiers restricted to 128 + sub-identifiers. + + In the value set and its semantics, this type is equivalent + to the OBJECT IDENTIFIER type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + /*** collection of types related to date and time ***/ + + typedef date-and-time { + type string { + pattern '\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "The date-and-time type is a profile of the ISO 8601 + standard for representation of dates and times using the + Gregorian calendar. The profile is defined by the + date-time production in Section 5.6 of RFC 3339. + + The date-and-time type is compatible with the dateTime XML + schema type with the following notable exceptions: + + (a) The date-and-time type does not allow negative years. + + (b) The date-and-time time-offset -00:00 indicates an unknown + time zone (see RFC 3339) while -00:00 and +00:00 and Z + all represent the same time zone in dateTime. + + (c) The canonical format (see below) of date-and-time values + differs from the canonical format used by the dateTime XML + schema type, which requires all times to be in UTC using + the time-offset 'Z'. + + This type is not equivalent to the DateAndTime textual + convention of the SMIv2 since RFC 3339 uses a different + separator between full-date and full-time and provides + higher resolution of time-secfrac. + + The canonical format for date-and-time values with a known time + zone uses a numeric time zone offset that is calculated using + the device's configured known offset to UTC time. A change of + the device's offset to UTC time will cause date-and-time values + to change accordingly. Such changes might happen periodically + in case a server follows automatically daylight saving time + (DST) time zone offset changes. The canonical format for + date-and-time values with an unknown time zone (usually + referring to the notion of local time) uses the time-offset + -00:00."; + reference + "RFC 3339: Date and Time on the Internet: Timestamps + RFC 2579: Textual Conventions for SMIv2 + XSD-TYPES: XML Schema Part 2: Datatypes Second Edition"; + } + + typedef date { + type string { + pattern '\d{4}-\d{2}-\d{2}' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "The date type represents a time-interval of the length + of a day, i.e., 24 hours. + + The date type is compatible with the date XML schema + type with the following notable exceptions: + + (a) The date type does not allow negative years. + + (b) The date time-offset -00:00 indicates an unknown + time zone (see RFC 3339) while -00:00 and +00:00 and Z + all represent the same time zone in date. + + (c) The canonical format (see below) of data values + differs from the canonical format used by the date XML + schema type, which requires all times to be in UTC using + the time-offset 'Z'. + + The canonical format for date values with a known time + zone uses a numeric time zone offset that is calculated using + the device's configured known offset to UTC time. A change of + the device's offset to UTC time will cause date values + to change accordingly. Such changes might happen periodically + in case a server follows automatically daylight saving time + (DST) time zone offset changes. The canonical format for + date values with an unknown time zone (usually referring + to the notion of local time) uses the time-offset -00:00."; + reference + "RFC 3339: Date and Time on the Internet: Timestamps + XSD-TYPES: XML Schema Part 2: Datatypes Second Edition"; + } + + /* + * DISCUSS: + * - XML schema seems to use a different canonical format, we + * need to take a closer look how to define the canonical format + * given that a data really identifies a 24 hour interval and + * what XSD means with 'interval midpoint'. + */ + + typedef time { + type string { + pattern '\d{2}:\d{2}:\d{2}(\.\d+)?' + + '(Z|[\+\-]\d{2}:\d{2})'; + } + description + "The time type represents an instance of time of zero-duration + that recurs every day. + + The time type is compatible with the time XML schema + type with the following notable exceptions: + + (a) The time time-offset -00:00 indicates an unknown + time zone (see RFC 3339) while -00:00 and +00:00 and Z + all represent the same time zone in time. + + (c) The canonical format (see below) of time values + differs from the canonical format used by the time XML + schema type, which requires all times to be in UTC using + the time-offset 'Z'. + + The canonical format for time values with a known time + zone uses a numeric time zone offset that is calculated using + the device's configured known offset to UTC time. A change of + the device's offset to UTC time will cause time values + to change accordingly. Such changes might happen periodically + in case a server follows automatically daylight saving time + (DST) time zone offset changes. The canonical format for + time values with an unknown time zone (usually referring + to the notion of local time) uses the time-offset -00:00."; + reference + "RFC 3339: Date and Time on the Internet: Timestamps + XSD-TYPES: XML Schema Part 2: Datatypes Second Edition"; + } + + typedef hours32 { + type int32; + units "hours"; + description + "A period of time, measured in units of hours. + + The maximum time period that can be expressed is in the + range [89478485 days 08:00:00 to 89478485 days 07:00:00]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef minutes32 { + type int32; + units "minutes"; + description + "A period of time, measured in units of minutes. + + The maximum time period that can be expressed is in the + range [-1491308 days 2:08:00 to 1491308 days 2:07:00]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef seconds32 { + type int32; + units "seconds"; + description + "A period of time, measured in units of seconds. + + The maximum time period that can be expressed is in the + range [-24855 days 03:14:08 to 24855 days 03:14:07]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef centiseconds32 { + type int32; + units "centiseconds"; + description + "A period of time, measured in units of 10^-2 seconds. + + The maximum time period that can be expressed is in the + range [-248 days 13:13:56 to 248 days 13:13:56]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef milliseconds32 { + type int32; + units "milliseconds"; + description + "A period of time, measured in units of 10^-3 seconds. + + The maximum time period that can be expressed is in the + range [-24 days 20:31:23 to 24 days 20:31:23]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef microseconds32 { + type int32; + units "microseconds"; + description + "A period of time, measured in units of 10^-6 seconds. + + The maximum time period that can be expressed is in the + range [-00:35:47 to 00:35:47]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef microseconds64 { + type int64; + units "microseconds"; + description + "A period of time, measured in units of 10^-6 seconds. + + The maximum time period that can be expressed is in the + range [-106751991 days 04:00:54 to 106751991 days 04:00:54]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef nanoseconds32 { + type int32; + units "nanoseconds"; + description + "A period of time, measured in units of 10^-9 seconds. + + The maximum time period that can be expressed is in the + range [-00:00:02 to 00:00:02]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef nanoseconds64 { + type int64; + units "nanoseconds"; + description + "A period of time, measured in units of 10^-9 seconds. + + The maximum time period that can be expressed is in the + range [-106753 days 23:12:44 to 106752 days 0:47:16]. + + This type should be range restricted in situations + where only non-negative time periods are desirable, + (i.e., range '0..max')."; + } + + typedef timeticks { + type uint32; + description + "The timeticks type represents a non-negative integer that + represents the time, modulo 2^32 (4294967296 decimal), in + hundredths of a second between two epochs. When a schema + node is defined that uses this type, the description of + the schema node identifies both of the reference epochs. + + In the value set and its semantics, this type is equivalent + to the TimeTicks type of the SMIv2."; + reference + "RFC 2578: Structure of Management Information Version 2 + (SMIv2)"; + } + + typedef timestamp { + type yang:timeticks; + description + "The timestamp type represents the value of an associated + timeticks schema node instance at which a specific occurrence + happened. The specific occurrence must be defined in the + description of any schema node defined using this type. When + the specific occurrence occurred prior to the last time the + associated timeticks schema node instance was zero, then the + timestamp value is zero. + + Note that this requires all timestamp values to be reset to + zero when the value of the associated timeticks schema node + instance reaches 497+ days and wraps around to zero. + + The associated timeticks schema node must be specified + in the description of any schema node using this type. + + In the value set and its semantics, this type is equivalent + to the TimeStamp textual convention of the SMIv2."; + reference + "RFC 2579: Textual Conventions for SMIv2"; + } + + /*** collection of generic address types ***/ + + typedef phys-address { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + } + description + "Represents media- or physical-level addresses represented + as a sequence octets, each octet represented by two hexadecimal + numbers. Octets are separated by colons. The canonical + representation uses lowercase characters. + + In the value set and its semantics, this type is equivalent + to the PhysAddress textual convention of the SMIv2."; + reference + "RFC 2579: Textual Conventions for SMIv2"; + } + + typedef mac-address { + type string { + pattern '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'; + } + description + "The mac-address type represents an IEEE 802 MAC address. + The canonical representation uses lowercase characters. + + In the value set and its semantics, this type is equivalent + to the MacAddress textual convention of the SMIv2."; + reference + "IEEE 802: IEEE Standard for Local and Metropolitan Area + Networks: Overview and Architecture + RFC 2579: Textual Conventions for SMIv2"; + } + + /*** collection of XML-specific types ***/ + typedef xpath1.0 { + type string; + description + "This type represents an XPATH 1.0 expression. + + When a schema node is defined that uses this type, the + description of the schema node MUST specify the XPath + context in which the XPath expression is evaluated."; + reference + "XPATH: XML Path Language (XPath) Version 1.0"; + } + + /* + * DISCUSS: + * - How do we deal with xpath expressions in other encodings + * such as JSON. Do we assume an xpath context populated with + * module names such that module names can be used to qualify + * path expressions. This may need discussion and/or a new + * definition. + * - This interacts with the definition of node-instance-identifier. + */ + + /*** collection of string types ***/ + + typedef hex-string { + type string { + pattern '([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?'; + } + description + "A hexadecimal string with octets represented as hex digits + separated by colons. The canonical representation uses + lowercase characters."; + } + + typedef uuid { + type string { + pattern '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-' + + '[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'; + } + description + "A Universally Unique IDentifier in the string representation + defined in RFC 4122. The canonical representation uses + lowercase characters. + + The following is an example of a UUID in string representation: + f81d4fae-7dec-11d0-a765-00a0c91e6bf6 + "; + reference + "RFC 4122: A Universally Unique IDentifier (UUID) URN + Namespace"; + } + + typedef dotted-quad { + type string { + pattern + '(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}' + + '([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'; + } + description + "An unsigned 32-bit number expressed in the dotted-quad + notation, i.e., four octets written as decimal numbers + and separated with the '.' (full stop) character."; + } + + /*** collection of YANG specific types ***/ + + typedef yang-identifier { + type string { + length "1..max"; + pattern '[a-zA-Z_][a-zA-Z0-9\-_.]*'; + pattern '.|..|[^xX].*|.[^mM].*|..[^lL].*'; + } + description + "A YANG identifier string as defined by the 'identifier' + rule in Section 12 of RFC 6020. An identifier must + start with an alphabetic character or an underscore + followed by an arbitrary sequence of alphabetic or + numeric characters, underscores, hyphens, or dots. + + A YANG identifier MUST NOT start with any possible + combination of the lowercase or uppercase character + sequence 'xml'."; + reference + "RFC 6020: YANG - A Data Modeling Language for the Network + Configuration Protocol (NETCONF)"; + } + + typedef revision-identifier { + type date { + pattern '\d{4}-\d{2}-\d{2}'; + } + description + "Represents a specific revision of a YANG module by means of + a date value without a time zone."; + } + + typedef node-instance-identifier { + type xpath1.0; + description + "Path expression used to represent a data node, action, + or notification instance-identifier string. + + A node-instance-identifier value is an unrestricted + YANG instance-identifier expression or the special + value '/', which refers to the entire accessible tree. + + All the rules for instance-identifier apply, except that + predicates for keys are optional. If a key predicate is + missing, then the node-instance-identifier represents all + possible server instances for that key. + + This XML Path Language (XPath) expression is evaluated in the + following context: + + o The set of namespace declarations are those in scope on + the leaf element where this type is used. + + o The set of variable bindings contains one variable, + 'USER', which contains the name of the user of the + current session. + + o The function library is the core function library, but + note that due to the syntax restrictions of an + instance-identifier, no functions are allowed. + + o The context node is the root node in the data tree. + + The accessible tree includes actions and notifications tied + to data nodes."; + } + + /* + * DISCUSS: + * - This is taken from RFC 8341 and the idea is that this definition + * is useful without requiring a dependency on NACM + * - What does the second bullet actually do? Do we keep this? + * - This interacts with the definition of xpath1.0. + */ + + /* DISCUSS: + * - It was suggested to add types for longitude, latitude, + * postal code, country-code. Do we go there or do we leave + * these for other modules to define? It seems such definitions + * should go into draft-ietf-netmod-geo-location. + */ + + /* DISCUSS: + * - It was suggested to add percentage types but they tend to differ + * widely. However, percentages are also widely used. + */ +}