Initial import of Microsemi Driver
Change-Id: I431d5f2c18e0b66a84c36273c3d9f0b84f223841
Added in BUCK files for building driver
Change-Id: I70681327f5b89f67e904c45d5974ab393652d51f
Corrected some syntax errors
Change-Id: I11150cc499c212005f80619e3900e747f1c23d96
Updated pom file to clean build
Change-Id: I6613ddc9e6802aa882e716cf04df210249870835
Added in utility functions for EA1000 Init
Change-Id: I51ffe0cf0daf9ffcea0e2479ee9982fcd1755440
Added YMS code to Microsemi Driver
Change-Id: I6f2a14e454c6909bf9e9f6025321c74c98c13c72
Updated driver to work with YMS and YCH
Change-Id: If7dbe3cd5bd1b6f902d09d6b2dc3895605d70f70
Implemented IetfSystemManager as a service and call on YMS as a service
Change-Id: If1c5e8482b1f53f578a3b0b770accd50024111cf
Moved YMS calls over in to Yang Service implementation
Change-Id: I044aad06f1ef7452bc48e88987787a683666cd72
improved unit test for IetfSystemManager
Change-Id: I48fbf831e7e5ca0e1ef3de8288e56da1b5ebb7a4
Major changes to IetfSystemManager to work in live system
Change-Id: I6e3aa118ba422151f314b9a666860d90905c9929
Added in retry mechanism for DeviceDescription to wait for YCH
Change-Id: If8e0f2c2f315ffd6db15627a11382a00217dd262
Added in implementation of MseaSaFiltering and unit tests
Change-Id: I34bf888e0e732bd4664d1fb8ef5abb679b1506fe
Updated driver with unit tests for MseaSaFiltering
Change-Id: I7ea2407a546622ff55d1ab21610c45697546d632
Modified removeFlowRules of Ea1000FlowRuleProgrammable
Change-Id: Ibb4a555f61887a8e6e42af588bb42f7b70f58efb
Added in manager for MseaUniEvc service with unit tests
Change-Id: Idc5853f46051548973f52a0659f7f88982ff960c
Implemented getFlowEntries() for EVCs from EA1000
Change-Id: Ie85dadfa7760f0b30a9bdf6ccd09cca9f097fff9
Added in translation of FlowRules in to EVC on EA1000
Change-Id: Icfb65171c3300c96b3ca4e18cbd327f0ed2190be
Added in handling of FlowRule deletion including complex ceVlanMaps
Change-Id: I7fd0bb0ef04d1b40e4b7d6a6db7f7ee662329780
Updated Service entries for new onos-yang-tools
Change-Id: I44e655202f3a45073e1e16f83737caed6e01afa8
Revert "Updated Service entries for new onos-yang-tools"
This reverts commit 642b550ef1de12ed59bad2eaa3a2da414d2e5e59.
Improved timeout mechanism for YANG model loading
Change-Id: If744ecd206372e822edf2b736c83226321a12256
Minor edits of EVC creation
Change-Id: Ib0a4763deaf6dce37625ba77f5095b39cd98272d
Added in CustomEvc and supporting classes
Change-Id: Iad60eb1bcd48d2aec55b894b2d419b51852c3b2f
Created CeVlanUtils to resolve loading problem
Change-Id: I0d63931ad2c5ad2725861ebc7dccc4d5fe7b9298
Modified startup check
Change-Id: I6e6bcfa7e615044cb08fe7ee2f8a6c8b89aabb21
Modified handlin of flow rules
Change-Id: I965a79c23298866122aeb94c6d9d584aafee3bd5
Fixed problem with ceVlanMap
Change-Id: If1458c35d0b95b5b25b6636f098292f9e91c06c6
Minor Pom edits
Change-Id: I5cefb18674aa04b1f50bd7e2306260c1c3ad3814
Commented out extension references in YANG files to avoid onos-yang-tools problems
Change-Id: I32fdb34c4f476f495fe28e75d0f410aaf14e2ec1
Corrected error in removing 0 in CeVlanMapUtils
Change-Id: I8cd1fd02788b81c2613364d5639ef6e090057f80
Changes in YMS to accomodate EA1000 driver
Change-Id: I6ae2b9bd2be49eae8d4ad2f929dfe3214c514550
diff --git a/drivers/microsemi/ea1000yang/src/main/yang/ietf-system-tls-auth.yang b/drivers/microsemi/ea1000yang/src/main/yang/ietf-system-tls-auth.yang
new file mode 100644
index 0000000..c1cbf4c
--- /dev/null
+++ b/drivers/microsemi/ea1000yang/src/main/yang/ietf-system-tls-auth.yang
@@ -0,0 +1,215 @@
+module ietf-system-tls-auth {
+
+ yang-version 1;
+
+ namespace
+ "urn:ietf:params:xml:ns:yang:ietf-system-tls-auth";
+
+ prefix system-tls-auth;
+
+ import ietf-system {
+ prefix sys;
+ }
+ import ietf-netconf-acm {
+ prefix nacm;
+ }
+ import ietf-yang-types {
+ prefix yang;
+ }
+ import ietf-x509-cert-to-name {
+ prefix x509c2n;
+ }
+
+ organization
+ "IETF NETCONF (Network Configuration) Working Group";
+
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netconf/>
+ WG List: <mailto:netconf@ietf.org>
+
+ WG Chair: Mehmet Ersue
+ <mailto:mehmet.ersue@nsn.com>
+
+ WG Chair: Bert Wijnen
+ <mailto:bertietf@bwijnen.net>
+
+ Editor: Kent Watsen
+ <mailto:kwatsen@juniper.net>
+
+ Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+
+ description
+ "This module augments the ietf-system module in order to
+ add TLS authentication configuration nodes to the
+ 'authentication' container.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's
+ Legal Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC XXXX; see
+ the RFC itself for full legal notices.";
+
+ revision "2014-05-24" {
+ description "Initial version";
+ reference
+ "RFC XXXX: NETCONF Server Configuration Model";
+
+ }
+
+
+ feature tls-map-certificates {
+ description
+ "The tls-map-certificates feature indicates that the
+ NETCONF server implements mapping X.509 certificates to NETCONF
+ usernames.";
+ }
+
+ feature tls-map-pre-shared-keys {
+ description
+ "The tls-map-pre-shared-keys feature indicates that the
+ NETCONF server implements mapping TLS pre-shared keys to NETCONF
+ usernames.";
+ }
+
+ grouping tls-global-config {
+ container trusted-ca-certs {
+ description
+ "A list of Certificate Authority (CA) certificates that a
+ NETCONF server can use to authenticate a NETCONF client's
+ certificate. A client's certificate is authenticated if
+ its Issuer matches one of the configured trusted CA
+ certificates.";
+ leaf-list trusted-ca-cert {
+ type binary;
+ description
+ "The binary certificate structure, as
+ specified by RFC 5246, Section 7.4.6, i.e.,:
+
+ opaque ASN.1Cert<1..2^24>;
+
+ ";
+ reference
+ "RFC 5246: The Transport Layer Security (TLS)
+ Protocol Version 1.2";
+
+ }
+ } // container trusted-ca-certs
+
+ container trusted-client-certs {
+ description
+ "A list of client certificates that a NETCONF server can
+ use to authenticate a NETCONF client's certificate. A
+ client's certificate is authenticated if it is an exact
+ match to one of the configured trusted client certificates.";
+ leaf-list trusted-client-cert {
+ type binary;
+ description
+ "The binary certificate structure, as
+ specified by RFC 5246, Section 7.4.6, i.e.,:
+
+ opaque ASN.1Cert<1..2^24>;
+
+ ";
+ reference
+ "RFC 5246: The Transport Layer Security (TLS)
+ Protocol Version 1.2";
+
+ }
+ } // container trusted-client-certs
+
+ container cert-maps {
+ if-feature tls-map-certificates;
+ description
+ "The cert-maps container is used by a NETCONF server to
+ map the NETCONF client's presented X.509 certificate to
+ a NETCONF username.
+
+ If no matching and valid cert-to-name list entry can be
+ found, then the NETCONF server MUST close the connection,
+ and MUST NOT accept NETCONF messages over it.";
+ uses x509c2n:cert-to-name;
+ } // container cert-maps
+
+ container psk-maps {
+ if-feature tls-map-pre-shared-keys;
+ description
+ "During the TLS Handshake, the client indicates which
+ key to use by including a PSK identity in the TLS
+ ClientKeyExchange message. On the NETCONF server side,
+ this PSK identity is used to look up an entry in the psk-map
+ list. If such an entry is found, and the pre-shared keys
+ match, then the client is authenticated. The NETCONF
+ server uses the value from the user-name leaf in the
+ psk-map list as the NETCONF username. If the NETCONF
+ server cannot find an entry in the psk-map list, or if
+ the pre-shared keys do not match, then the NETCONF
+ server terminates the connection.";
+ reference
+ "RFC 4279: Pre-Shared Key Ciphersuites for Transport Layer
+ Security (TLS)";
+
+ list psk-map {
+ key "psk-identity";
+ leaf psk-identity {
+ type string;
+ description
+ "The PSK identity encoded as a UTF-8 string. For
+ details how certain common PSK identity formats can
+ be encoded in UTF-8, see section 5.1. of RFC 4279.";
+ reference
+ "RFC 4279: Pre-Shared Key Ciphersuites for Transport
+ Layer Security (TLS)";
+
+ }
+
+ leaf user-name {
+ type nacm:user-name-type;
+ mandatory true;
+ description
+ "The NETCONF username associated with this PSK
+ identity.";
+ }
+
+ leaf not-valid-before {
+ type yang:date-and-time;
+ description
+ "This PSK identity is not valid before the given date
+ and time.";
+ }
+
+ leaf not-valid-after {
+ type yang:date-and-time;
+ description
+ "This PSK identity is not valid after the given date
+ and time.";
+ }
+
+ leaf key {
+// nacm:default-deny-all;
+ type yang:hex-string;
+ mandatory true;
+ description
+ "The key associated with the PSK identity";
+ reference
+ "RFC 4279: Pre-Shared Key Ciphersuites for Transport
+ Layer Security (TLS)";
+
+ }
+ } // list psk-map
+ } // container psk-maps
+ } // grouping tls-global-config
+
+ augment /sys:system/sys:authentication {
+ container tls {
+ uses tls-global-config;
+ } // container tls
+ }
+ } // module ietf-system-tls-auth