Initial import of Microsemi Driver
Change-Id: I431d5f2c18e0b66a84c36273c3d9f0b84f223841
Added in BUCK files for building driver
Change-Id: I70681327f5b89f67e904c45d5974ab393652d51f
Corrected some syntax errors
Change-Id: I11150cc499c212005f80619e3900e747f1c23d96
Updated pom file to clean build
Change-Id: I6613ddc9e6802aa882e716cf04df210249870835
Added in utility functions for EA1000 Init
Change-Id: I51ffe0cf0daf9ffcea0e2479ee9982fcd1755440
Added YMS code to Microsemi Driver
Change-Id: I6f2a14e454c6909bf9e9f6025321c74c98c13c72
Updated driver to work with YMS and YCH
Change-Id: If7dbe3cd5bd1b6f902d09d6b2dc3895605d70f70
Implemented IetfSystemManager as a service and call on YMS as a service
Change-Id: If1c5e8482b1f53f578a3b0b770accd50024111cf
Moved YMS calls over in to Yang Service implementation
Change-Id: I044aad06f1ef7452bc48e88987787a683666cd72
improved unit test for IetfSystemManager
Change-Id: I48fbf831e7e5ca0e1ef3de8288e56da1b5ebb7a4
Major changes to IetfSystemManager to work in live system
Change-Id: I6e3aa118ba422151f314b9a666860d90905c9929
Added in retry mechanism for DeviceDescription to wait for YCH
Change-Id: If8e0f2c2f315ffd6db15627a11382a00217dd262
Added in implementation of MseaSaFiltering and unit tests
Change-Id: I34bf888e0e732bd4664d1fb8ef5abb679b1506fe
Updated driver with unit tests for MseaSaFiltering
Change-Id: I7ea2407a546622ff55d1ab21610c45697546d632
Modified removeFlowRules of Ea1000FlowRuleProgrammable
Change-Id: Ibb4a555f61887a8e6e42af588bb42f7b70f58efb
Added in manager for MseaUniEvc service with unit tests
Change-Id: Idc5853f46051548973f52a0659f7f88982ff960c
Implemented getFlowEntries() for EVCs from EA1000
Change-Id: Ie85dadfa7760f0b30a9bdf6ccd09cca9f097fff9
Added in translation of FlowRules in to EVC on EA1000
Change-Id: Icfb65171c3300c96b3ca4e18cbd327f0ed2190be
Added in handling of FlowRule deletion including complex ceVlanMaps
Change-Id: I7fd0bb0ef04d1b40e4b7d6a6db7f7ee662329780
Updated Service entries for new onos-yang-tools
Change-Id: I44e655202f3a45073e1e16f83737caed6e01afa8
Revert "Updated Service entries for new onos-yang-tools"
This reverts commit 642b550ef1de12ed59bad2eaa3a2da414d2e5e59.
Improved timeout mechanism for YANG model loading
Change-Id: If744ecd206372e822edf2b736c83226321a12256
Minor edits of EVC creation
Change-Id: Ib0a4763deaf6dce37625ba77f5095b39cd98272d
Added in CustomEvc and supporting classes
Change-Id: Iad60eb1bcd48d2aec55b894b2d419b51852c3b2f
Created CeVlanUtils to resolve loading problem
Change-Id: I0d63931ad2c5ad2725861ebc7dccc4d5fe7b9298
Modified startup check
Change-Id: I6e6bcfa7e615044cb08fe7ee2f8a6c8b89aabb21
Modified handlin of flow rules
Change-Id: I965a79c23298866122aeb94c6d9d584aafee3bd5
Fixed problem with ceVlanMap
Change-Id: If1458c35d0b95b5b25b6636f098292f9e91c06c6
Minor Pom edits
Change-Id: I5cefb18674aa04b1f50bd7e2306260c1c3ad3814
Commented out extension references in YANG files to avoid onos-yang-tools problems
Change-Id: I32fdb34c4f476f495fe28e75d0f410aaf14e2ec1
Corrected error in removing 0 in CeVlanMapUtils
Change-Id: I8cd1fd02788b81c2613364d5639ef6e090057f80
Changes in YMS to accomodate EA1000 driver
Change-Id: I6ae2b9bd2be49eae8d4ad2f929dfe3214c514550
diff --git a/drivers/microsemi/ea1000yang/src/main/yang/ietf-x509-cert-to-name.yang b/drivers/microsemi/ea1000yang/src/main/yang/ietf-x509-cert-to-name.yang
new file mode 100644
index 0000000..2996954
--- /dev/null
+++ b/drivers/microsemi/ea1000yang/src/main/yang/ietf-x509-cert-to-name.yang
@@ -0,0 +1,248 @@
+module ietf-x509-cert-to-name {
+ namespace "urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name";
+ prefix x509c2n;
+
+ import ietf-yang-types {
+ prefix yang;
+ }
+
+ organization "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netmod/>
+ WG List: <mailto:netmod@ietf.org>
+
+ WG Chair: David Kessens
+ <mailto:david.kessens@nsn.com>
+
+ WG Chair: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>
+
+ Editor: Martin Bjorklund
+ <mailto:mbj@tail-f.com>
+
+ Editor: Juergen Schoenwaelder
+ <mailto:j.schoenwaelder@jacobs-university.de>";
+ description
+ "This module contains a collection of YANG definitions for
+ extracting a name from a X.509 certificate.
+
+ The algorithm used to extract a name from a X.509 certificate
+ was first defined in RFC 6353.
+
+ Copyright (c) 2013 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD License
+ set forth in Section 4.c of the IETF Trust's Legal Provisions
+ Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC XXXX; see
+ the RFC itself for full legal notices.";
+ reference
+ "RFC6353: Transport Layer Security (TLS) Transport Model for
+ the Simple Network Management Protocol (SNMP)";
+
+ revision 2013-03-26 {
+ description
+ "Initial revision.";
+ reference "RFC XXXX: A YANG Data Model for SNMP Configuration";
+ }
+
+ typedef tls-fingerprint {
+ type yang:hex-string {
+ pattern "([0-9a-fA-F]){2}(:([0-9a-fA-F]){2}){0,254}";
+ }
+ description
+ "A fingerprint value that can be used to uniquely reference
+ other data of potentially arbitrary length.
+
+ An tls-fingerprint value is composed of a 1-octet hashing
+ algorithm identifier followed by the fingerprint value. The
+ first octet value identifying the hashing algorithm is taken
+ from the IANA TLS HashAlgorithm Registry (RFC 5246). The
+ remaining octets are filled using the results of the hashing
+ algorithm.";
+ reference "SNMP-TLS-TM-MIB.SnmpTLSFingerprint";
+ }
+
+ identity cert-to-name {
+ description
+ "Base identity for algorithms to derive a name from a
+ certificate.";
+ }
+
+ identity specified {
+ base cert-to-name;
+ description
+ "Directly specifies the name to be used for the certificate.
+ The value of the leaf 'name' in 'cert-to-name' list is used.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertSpecified";
+ }
+
+ identity san-rfc822-name {
+ base cert-to-name;
+ description
+ "Maps a subjectAltName's rfc822Name to a name. The local part
+ of the rfc822Name is passed unaltered but the host-part of the
+ name must be passed in lowercase. This mapping results in a
+ 1:1 correspondence between equivalent subjectAltName
+ rfc822Name values and name values except that the host-part
+ of the name MUST be passed in lowercase. For example, the
+ rfc822Name field FooBar@Example.COM is mapped to name
+ FooBar@example.com.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertSANRFC822Name";
+ }
+
+ identity san-dns-name {
+ base cert-to-name;
+ description
+ "Maps a subjectAltName's dNSName to a name after first
+ converting it to all lowercase (RFC 5280 does not specify
+ converting to lowercase so this involves an extra step).
+ This mapping results in a 1:1 correspondence between
+ subjectAltName dNSName values and the name values.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertSANDNSName";
+ }
+
+ identity san-ip-address {
+ base cert-to-name;
+ description
+ "Maps a subjectAltName's iPAddress to a name by
+ transforming the binary encoded address as follows:
+
+ 1) for IPv4, the value is converted into a
+ decimal-dotted quad address (e.g., '192.0.2.1').
+
+ 2) for IPv6 addresses, the value is converted into a
+ 32-character all lowercase hexadecimal string
+ without any colon separators.
+
+ This mapping results in a 1:1 correspondence between
+ subjectAltName iPAddress values and the name values.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertSANIpAddress";
+ }
+
+ identity san-any {
+ base cert-to-name;
+ description
+ "Maps any of the following fields using the corresponding
+ mapping algorithms:
+
+ +------------+-----------------+
+ | Type | Algorithm |
+ |------------+-----------------|
+ | rfc822Name | san-rfc822-name |
+ | dNSName | san-dns-name |
+ | iPAddress | san-ip-address |
+ +------------+-----------------+
+
+ The first matching subjectAltName value found in the
+ certificate of the above types MUST be used when deriving
+ the name. The mapping algorithm specified in the
+ 'Algorithm' column MUST be used to derive the name.
+
+ This mapping results in a 1:1 correspondence between
+ subjectAltName values and name values. The three sub-mapping
+ algorithms produced by this combined algorithm cannot produce
+ conflicting results between themselves.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertSANAny";
+ }
+
+ identity common-name {
+ base cert-to-name;
+ description
+ "Maps a certificate's CommonName to a name after converting
+ it to a UTF-8 encoding. The usage of CommonNames is
+ deprecated and users are encouraged to use subjectAltName
+ mapping methods instead. This mapping results in a 1:1
+ correspondence between certificate CommonName values and name
+ values.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertCommonName";
+ }
+
+ grouping cert-to-name {
+ description
+ "Defines nodes for mapping certificates to names. Modules
+ that uses this grouping should describe how the resulting
+ name is used.";
+ list cert-to-name {
+ key "id";
+ description
+ "This list defines how certificates are mapped to names.
+ The name is derived by considering each cert-to-name
+ list entry in order. The cert-to-name entry's fingerprint
+ determines whether the list entry is a match:
+
+ 1) If the cert-to-name list entry's fingerprint value
+ matches that of the presented certificate, then consider
+ the list entry as a successful match.
+
+ 2) If the cert-to-name list entry's fingerprint value
+ matches that of a locally held copy of a trusted CA
+ certificate, and that CA certificate was part of the CA
+ certificate chain to the presented certificate, then
+ consider the list entry as a successful match.
+
+ Once a matching cert-to-name list entry has been found, the
+ map-type is used to determine how the name associated with
+ the certificate should be determined. See the map-type
+ leaf's description for details on determining the name value.
+ If it is impossible to determine a name from the cert-to-name
+ list entry's data combined with the data presented in the
+ certificate, then additional cert-to-name list entries MUST
+ be searched looking for another potential match.
+
+ Security administrators are encouraged to make use of
+ certificates with subjectAltName fields that can be mapped to
+ names so that a single root CA certificate can allow all
+ child certificate's subjectAltName to map directly to a name
+ via a 1:1 transformation.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertToTSNEntry";
+ leaf id {
+ type uint32;
+ description
+ "The id specifies the order in which the entries in the
+ cert-to-name list are searched. Entries with lower
+ numbers are searched first.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertToTSNID";
+ }
+ leaf fingerprint {
+ type x509c2n:tls-fingerprint;
+ mandatory true;
+ description
+ "Specifies a value with which the fingerprint of the
+ certificate presented by the peer is compared. If the
+ fingerprint of the certificate presented by the peer does
+ not match the fingerprint configured, then the entry is
+ skipped and the search for a match continues.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertToTSNFingerprint";
+ }
+ leaf map-type {
+ type identityref {
+ base cert-to-name;
+ }
+ mandatory true;
+ description
+ "Specifies the algorithm used to map the certificate
+ presented by the peer to a name.
+
+ Mappings that need additional configuration objects should
+ use the 'when' statement to make them conditional based on
+ the 'map-type'.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertToTSNMapType";
+ }
+ leaf name {
+ when "../map-type = 'x509c2n:specified'";
+ type string;
+ mandatory true;
+ description
+ "Directly specifies the NETCONF username when the
+ 'map-type' is 'specified'.";
+ reference "SNMP-TLS-TM-MIB.snmpTlstmCertToTSNData";
+ }
+ }
+ }
+}