--- /dev/null
+**/*.iml
+**/.idea
+**/target
+**/logs
+**/venv
--- /dev/null
+# Change Log
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/)
+and this project adheres to [Semantic Versioning](http://semver.org/).
+
+## [1.0.0] - 10/03/2021
--- /dev/null
+FROM docker.io/sysrepo/sysrepo-netopeer2:latest
+COPY ./models /resources/models
+COPY ./scripts ./scripts
+
+ENV ENABLE_TLS=false
+
+RUN mkdir -p /resources/certs && \
+ ./scripts/generate-certificates.sh /resources/certs
+
+ENTRYPOINT ["./scripts/set-up-netopeer.sh", "/resources/models", "/resources/certs"]
--- /dev/null
+# Netconf Server
+This server uses sysrepo to simulate network configuration.
+It is base od sysrepo-netopeer2 image.
+
+## User guide
+### starting server
+In order to start server use docker-compose located in root catalog:
+```shell
+ docker-compose up -d
+```
+or run image using docker:
+```shell
+ docker run -it -p 830:830 -p 6513:6513 onap/org.onap.integration.simulators.netconf-server:latest
+```
+
+### using server
+Server allows:
+ - installing custom configuration models on start up.
+ - changing configuration of that modules on runtime.
+
+Config can be changed with use of **SSH, be default expose on port 830**
+and **TLS, be default exposed on port 6513**.
+- SSH works "out of the box" with a username and password *netconf*.
+- **TLS is disabled be default**,
+ in order to enable it, set environment variable `ENABLE_TLS=true`.
+ More about TLS in ***TLS*** section.
+
+### custom models
+new models are loaded on the image start up from catalog `/resources/models`.
+Be default this directory contains `pnf-simulator.yang` model.
+In order to load custom models on start up,
+volume with models, should be mounted to `/resources/models` directory.
+It can be done in docker-compose, by putting
+`./path/to/cusom/models:/resources/models` in *volumes* section.
+
+### TLS
+TLS in disabled be default with environment variable `ENABLE_TLS` set to false.
+In order to enable TLS, that environment variable need to be set to `true`
+**on container start up**.
+It can be done in docker-compose,
+by putting `ENABLE_TLS=true` in *environment* section.
+
+#### Custom certificate
+When TLS is enabled server will use auto generated certificates, be default.
+That certificates are generated during image build and
+are located in `/resources/certs` directory.
+Certificates are loaded during image start up.
+**In order to use custom certs**
+volume with certificates needs to be mounted to `/resources/certs` directory.
+In this volume following files are required, **named accordingly**:
+- **ca.crt** - CA/Root certificate
+- **client.crt** - client certificate
+- **server.crt** - server certificate
+- **server.key** - server private key
+- **server_pub.key** - server public key
+
+
+## Development guide
+### building image
+In order to build image mvn command can be run:
+```shell
+ mvn clean install -p docker
+```
+
+### image building process
+To build image, Dockerfile is used.
+During an image building:
+ - catalog `scripts` is copied to image home directory.
+ That catalog contains all scripts needed for
+ installing initial models and configuring TLS.
+ - catalog `models` is copied to image directory `/resources/models`.
+ That catalog contains default models
+ that will be installed on image start up.
+ - default certificates and keys for TLS are generated and
+ stored in `/resources/certs` directory.
+ - set-up-netopeer script is set to be run on image start up.
+
+### change log
+This project contains `Changeloge.md` file.
+Please update this file when change is made,
+according to the guidelines.
--- /dev/null
+version: '3'
+
+services:
+
+ netconf-server:
+ container_name: netconf-server
+ image: onap/org.onap.integration.simulators.netconf-server:latest
+ environment:
+ - ENABLE_TLS=true
+ ports:
+ - "830:830"
+ - "6513:6513"
--- /dev/null
+module pnf-simulator {
+ namespace "http://onap.org/pnf-simulator";
+ prefix config;
+ container config {
+ config true;
+ leaf itemValue1 {type uint32;}
+ leaf itemValue2 {type uint32;}
+ }
+}
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START=======================================================
+ Simulator
+ ================================================================================
+ Copyright (C) 2021 Nokia. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.onap.oparent</groupId>
+ <artifactId>oparent</artifactId>
+ <version>3.2.0</version>
+ </parent>
+
+ <groupId>org.onap.integration.simulators.nf-simulator.netconf-server</groupId>
+ <artifactId>netconfserver</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ <name>netconfserver</name>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format>
+
+ <skipDockerPush>true</skipDockerPush>
+ <docker.registry>nexus3.onap.org:10003</docker.registry>
+ <docker-maven-plugin.version>0.31.0</docker-maven-plugin.version>
+ <docker.image.tag>latest</docker.image.tag>
+ <docker-image.namespace>onap</docker-image.namespace>
+ <docker-image.name.prefix>org.onap.integration.simulators</docker-image.name.prefix>
+ </properties>
+
+ <profiles>
+ <profile>
+ <id>docker</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <os.detected.name>linux</os.detected.name>
+ <os.detected.arch>x86_64</os.detected.arch>
+ <os.detected.classifier>${os.detected.name}-${os.detected.arch}</os.detected.classifier>
+ </properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>io.fabric8</groupId>
+ <artifactId>docker-maven-plugin</artifactId>
+ <version>${docker-maven-plugin.version}</version>
+ <executions>
+ <execution>
+ <id>docker-build-image</id>
+ <phase>package</phase>
+ <goals>
+ <goal>build</goal>
+ </goals>
+ </execution>
+ <execution>
+ <id>docker-push-image</id>
+ <phase>deploy</phase>
+ <goals>
+ <goal>push</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <skipPush>${skipDockerPush}</skipPush>
+ <verbose>true</verbose>
+ <imagePullPolicy>IfNotPresent</imagePullPolicy>
+ <images>
+ <image>
+ <name>${docker-image.namespace}/${docker-image.name.prefix}.${project.artifactId}</name>
+ <registry>${docker.registry}</registry>
+ <build>
+ <contextDir>${project.basedir}</contextDir>
+ <dockerFile>${project.basedir}/Dockerfile</dockerFile>
+ <tags>
+ <tag>${project.version}-STAGE-${maven.build.timestamp}Z</tag>
+ </tags>
+ </build>
+ </image>
+ </images>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
+</project>
--- /dev/null
+#!/bin/sh
+###
+# ============LICENSE_START=======================================================
+# Netconf-server
+# ================================================================================
+# Copyright (C) 2021 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+## Set up certs path
+cert_path="."
+if [ "$#" -eq 1 ]; then
+ cert_path=$1
+fi
+cd $cert_path
+
+## Generate self-signed CA cert and key
+openssl req -nodes -newkey rsa:2048 -keyout ca.key -out ca.csr -subj "/C=US/O=ONAP/OU=OSAAF/CN=CA.NETCONF/"
+openssl x509 -req -in ca.csr -signkey ca.key -days 730 -out ca.crt
+rm ca.csr
+
+## Generate Server cert and key
+openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=US/O=ONAP/OU=OSAAF/CN=CA.NETCONF.SERVER/"
+openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 730 -sha256
+openssl x509 -pubkey -noout -in server.crt > server_pub.key
+rm server.csrsrl
+
+## Generate Client cert and key
+openssl req -nodes -newkey rsa:2048 -keyout client.key -out client.csr -subj "/C=US/O=ONAP/OU=OSAAF/CN=CA.NETCONF.CLIENT/"
+openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 730 -sha256
+rm client.csr
--- /dev/null
+#!/bin/bash
+###
+# ============LICENSE_START=======================================================
+# Netconf-server
+# ================================================================================
+# Copyright (C) 2021 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+if [ "$#" -eq 1 ]; then
+
+ ## Get all files from given directory with extension .yang
+ FILES=$1/*.yang
+
+ ## Install all module from selected yang files
+ for f in $FILES
+ do
+ echo "Installing module $f"
+ sysrepoctl -a -i $f
+ cat $f
+ done
+
+else
+ echo "Missing argument: path to file with YANG models."
+fi
--- /dev/null
+#!/bin/bash
+###
+# ============LICENSE_START=======================================================
+# Netconf-server
+# ================================================================================
+# Copyright (C) 2021 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+if [ "$#" -eq 2 ]; then
+
+ ## Set up custom certificates
+ python $1/set-up-tls-certificates.py $2 \
+ ca.crt server.crt server.key server_pub.key client.crt \
+ $1/tls_keystore.xml $1/tls_truststore.xml $1/tls_listen.xml
+
+ ## Configure and start TLS listener
+ sysrepocfg --edit=$1/tls_keystore.xml --format=xml --datastore=running --module=ietf-keystore
+ sysrepocfg --edit=$1/tls_truststore.xml --format=xml --datastore=running --module=ietf-truststore
+ sysrepocfg --edit=$1/tls_listen.xml --format=xml --datastore=running --module=ietf-netconf-server
+ sysrepocfg --copy-from=running --datastore=startup
+
+else
+ echo "Missing arguments: first argument should be path to file with tls scripts and/ore second argument should be path to file with certificates for TLS."
+fi
--- /dev/null
+#!/bin/bash
+###
+# ============LICENSE_START=======================================================
+# Netconf-server
+# ================================================================================
+# Copyright (C) 2021 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+if [ "$#" -ge 1 ]; then
+
+ ## Set up variable
+ SCRIPTS_DIR=$PWD/"$(dirname $0)"
+ enable_tls=${ENABLE_TLS:-false}
+
+ ## Install all modules from given directory
+ $SCRIPTS_DIR/install-all-module-from-directory.sh $1
+
+ ## If TLS is enabled start initializing certificates
+ if [[ "$enable_tls" == "true" ]]; then
+ if [ "$#" -ge 2 ]; then
+ echo "initializing TLS"
+ $SCRIPTS_DIR/install-tls-with-custom-certificates.sh $SCRIPTS_DIR/tls $2
+ else
+ echo "Missing second argument: path to file with certificates for TLS."
+ fi
+ fi
+
+ ## Run sysrepo supervisor
+ /usr/bin/supervisord -c /etc/supervisord.conf
+
+else
+ echo "Missing first argument: path to file with YANG models."
+fi
--- /dev/null
+#!/usr/bin/env python
+###
+# ============LICENSE_START=======================================================
+# Netconf-server
+# ================================================================================
+# Copyright (C) 2021 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+import os
+import sys
+import logging
+
+logging.basicConfig()
+logger = logging.getLogger()
+logger.setLevel(logging.INFO)
+
+# Placeholders definition - this needs to match placeholders in
+# tls_keystore.xml, tls_truststore.xml and tls_listen.xml
+# Server certification
+SERVER_KEY_NAME = "SERVER_KEY_NAME"
+SERVER_CERT_NAME = "SERVER_CERT_NAME"
+SERVER_CERTIFICATE_HERE = "SERVER_CERTIFICATE_HERE"
+SERVER_KEY_HERE = "SERVER_KEY_HERE"
+SERVER_PUB_KEY_HERE = "SERVER_PUB_KEY_HERE"
+# CA certification
+CA_CERT_NAME = "CA_CERT_NAME"
+CA_CERTIFICATE_HERE = "CA_CERTIFICATE_HERE"
+# Client certification
+CLIENT_CERT_NAME = "CLIENT_CERT_NAME"
+CLIENT_CERTIFICATE_HERE = "CLIENT_CERTIFICATE_HERE"
+CLIENT_FINGERPRINT_HERE = "CLIENT_FINGERPRINT_HERE"
+
+
+class FileHelper(object):
+ @classmethod
+ def get_file_contents(cls, filename):
+ with open(filename, "r") as f:
+ return f.read()
+
+ @classmethod
+ def write_file_contents(cls, filename, data):
+ with open(filename, "w+") as f:
+ f.write(data)
+
+
+class CertHelper(object):
+ @classmethod
+ def get_pem_content_stripped(cls, pem_dir, pem_filename):
+ cmd = "cat {}/{} | grep -v '^-'".format(pem_dir, pem_filename)
+ content = CertHelper.system(cmd)
+ return content
+
+ @classmethod
+ def get_cert_fingerprint(cls, directory, cert_filename):
+ cmd = "openssl x509 -fingerprint -noout -in {}/{} | sed -e " \
+ "'s/SHA1 Fingerprint//; s/=//; s/=//p'" \
+ .format(directory, cert_filename)
+ fingerprint = CertHelper.system(cmd)
+ return fingerprint
+
+ @classmethod
+ def print_keystore_info(cls, server_cert):
+ logger.info("Will use server certificate: " + server_cert)
+
+ @classmethod
+ def print_truststore_info(cls, ca_cert):
+ logger.info("Will use CA certificate: " + ca_cert)
+
+ @classmethod
+ def print_listener_info(cls, ca_fingerprint):
+ logger.info("CA certificate fingerprint: " + ca_fingerprint)
+
+ @classmethod
+ def system(cls, cmd):
+ return os.popen(cmd).read().replace("\n", "")
+
+
+class CertificationData(object):
+
+ def __init__(self,
+ cert_dir, ca_cert_filename,
+ server_cert_filename, server_key_filename, server_pub_key_filename,
+ client_cert_filename,
+ tls_keystore_xml_file, tls_truststore_xml_file, tls_listen_xml_file
+ ):
+ self.cert_dir = cert_dir
+ self.ca_cert_filename = ca_cert_filename
+ self.server_cert_filename = server_cert_filename
+ self.server_key_filename = server_key_filename
+ self.server_pub_key_filename = server_pub_key_filename
+ self.client_cert_filename = client_cert_filename
+ self.tls_keystore_xml_file = tls_keystore_xml_file
+ self.tls_truststore_xml_file = tls_truststore_xml_file
+ self.tls_listen_xml_file = tls_listen_xml_file
+
+
+class TlsConfigurationPatcher(object):
+
+ def __init__(self, certification_data):
+ self.certification_data = certification_data
+
+ def patch_configuration(self):
+ server_cert_name, server_key_name, ca_cert_name, client_cert_name = self.__load_names()
+ server_cert, server_key, server_pub_key = self.__load_server_data()
+ client_cert, client_fingerprint = self.__load_client_data()
+ ca_cert = self.__load_ca_data()
+
+ self.__set_up_keystore(server_cert_name, server_key_name, server_cert, server_key, server_pub_key)
+ self.__set_up_truststore(ca_cert_name, client_cert_name, ca_cert, client_cert)
+ self.__set_up_listener(server_cert_name, server_key_name, ca_cert_name, client_cert_name, client_fingerprint)
+
+ def __load_names(self):
+ server_cert_name = self.certification_data.server_cert_filename.replace(".crt", "")
+ server_key_name = self.certification_data.server_key_filename.replace(".key", "")
+ ca_cert_name = self.certification_data.ca_cert_filename.replace(".crt", "")
+ client_cert_name = self.certification_data.client_cert_filename.replace(".crt", "")
+ return server_cert_name, server_key_name, ca_cert_name, client_cert_name
+
+ def __load_server_data(self):
+ server_cert = CertHelper.get_pem_content_stripped(
+ self.certification_data.cert_dir, self.certification_data.server_cert_filename)
+ server_key = CertHelper.get_pem_content_stripped(
+ self.certification_data.cert_dir, self.certification_data.server_key_filename)
+ server_pub_key = CertHelper.get_pem_content_stripped(
+ self.certification_data.cert_dir, self.certification_data.server_pub_key_filename)
+ return server_cert, server_key, server_pub_key
+
+ def __load_client_data(self):
+ client_cert = CertHelper.get_pem_content_stripped(
+ self.certification_data.cert_dir, self.certification_data.client_cert_filename)
+ client_fingerprint = CertHelper.get_cert_fingerprint(
+ self.certification_data.cert_dir, self.certification_data.client_cert_filename)
+ return client_cert, client_fingerprint
+
+ def __load_ca_data(self):
+ ca_cert = CertHelper.get_pem_content_stripped(
+ self.certification_data.cert_dir, self.certification_data.ca_cert_filename)
+ return ca_cert
+
+ def __set_up_keystore(self,
+ server_cert_name, server_key_name,
+ server_cert, server_key, server_pub_key):
+ CertHelper.print_keystore_info(server_cert)
+
+ # path tls configuration xml file for keystore
+ data_srv = FileHelper.get_file_contents(self.certification_data.tls_keystore_xml_file)
+ patched_srv = self.__patch_keystore_configuration(
+ data_srv, server_key_name, server_cert_name, server_cert, server_key, server_pub_key)
+ FileHelper.write_file_contents(self.certification_data.tls_keystore_xml_file, patched_srv)
+
+ def __set_up_truststore(self,
+ ca_cert_name, client_cert_name,
+ ca_cert, client_cert):
+ CertHelper.print_truststore_info(ca_cert)
+
+ # path tls configuration xml file for truststore
+ data_srv = FileHelper.get_file_contents(self.certification_data.tls_truststore_xml_file)
+ patched_srv = self.__patch_truststore_configuration(
+ data_srv, ca_cert_name, client_cert_name, ca_cert, client_cert)
+ FileHelper.write_file_contents(self.certification_data.tls_truststore_xml_file, patched_srv)
+
+ def __set_up_listener(self,
+ server_cert_name, server_key_name, ca_cert_name, client_cert_name,
+ client_fingerprint):
+ CertHelper.print_listener_info(client_fingerprint)
+
+ # path tls configuration xml file for listener
+ data_srv = FileHelper.get_file_contents(self.certification_data.tls_listen_xml_file)
+ patched_srv = self.__patch_listener_configuration(
+ data_srv, ca_cert_name, client_cert_name, server_key_name, server_cert_name, client_fingerprint)
+ FileHelper.write_file_contents(self.certification_data.tls_listen_xml_file, patched_srv)
+
+ @classmethod
+ def __patch_keystore_configuration(cls, data,
+ server_key_name, server_cert_name,
+ server_cert, server_key, server_pub_key):
+ data = data.replace(SERVER_KEY_NAME, server_key_name)
+ data = data.replace(SERVER_CERT_NAME, server_cert_name)
+ data = data.replace(SERVER_CERTIFICATE_HERE, server_cert)
+ data = data.replace(SERVER_KEY_HERE, server_key)
+ data = data.replace(SERVER_PUB_KEY_HERE, server_pub_key)
+ return data
+
+ @classmethod
+ def __patch_truststore_configuration(cls, data,
+ ca_cert_name, client_cert_name,
+ ca_cert, client_cert):
+ data = data.replace(CA_CERT_NAME, ca_cert_name)
+ data = data.replace(CLIENT_CERT_NAME, client_cert_name)
+ data = data.replace(CLIENT_CERTIFICATE_HERE, client_cert)
+ data = data.replace(CA_CERTIFICATE_HERE, ca_cert)
+ return data
+
+ @classmethod
+ def __patch_listener_configuration(cls, data,
+ ca_cert_name, client_cert_name, server_key_name, server_cert_name,
+ client_fingerprint):
+ data = data.replace(CA_CERT_NAME, ca_cert_name)
+ data = data.replace(CLIENT_CERT_NAME, client_cert_name)
+ data = data.replace(SERVER_KEY_NAME, server_key_name)
+ data = data.replace(SERVER_CERT_NAME, server_cert_name)
+ data = data.replace(CLIENT_FINGERPRINT_HERE, client_fingerprint)
+ return data
+
+
+def main():
+ if len(sys.argv) == 10:
+
+ certification_data = CertificationData(
+ sys.argv[1],
+ sys.argv[2], sys.argv[3], sys.argv[4],
+ sys.argv[5],
+ sys.argv[6],
+ sys.argv[7], sys.argv[8], sys.argv[9],
+ )
+ configuration_loader = TlsConfigurationPatcher(certification_data)
+ configuration_loader.patch_configuration()
+ logger.info("XML files patched successfully")
+
+ else:
+ logger.error("Usage: %s <cert_dir> <ca_cert_filename> <server_cert_filename> "
+ "<server_key_filename> <server_public_key_filename> <client_cert_filename>"
+ "<load_keystore_xml_full_path> <load_truststore_xml_full_path> <tls_listen_full_path>"
+ % sys.argv[0])
+ return 1
+
+
+if __name__ == '__main__':
+ main()
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Netconf-server
+ ================================================================================
+ Copyright (C) 2021 Nokia. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+
+<keystore xmlns="urn:ietf:params:xml:ns:yang:ietf-keystore">
+ <asymmetric-keys>
+ <asymmetric-key>
+ <name>SERVER_KEY_NAME</name>
+ <algorithm>rsa2048</algorithm>
+ <public-key>SERVER_PUB_KEY_HERE</public-key>
+ <private-key>SERVER_KEY_HERE</private-key>
+ <certificates>
+ <certificate>
+ <name>SERVER_CERT_NAME</name>
+ <cert>SERVER_CERTIFICATE_HERE</cert>
+ </certificate>
+ </certificates>
+ </asymmetric-key>
+ </asymmetric-keys>
+</keystore>
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Netconf-server
+ ================================================================================
+ Copyright (C) 2021 Nokia. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+
+<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
+ <listen>
+ <endpoint>
+ <name>default-tls</name>
+ <tls>
+ <tcp-server-parameters>
+ <local-address>0.0.0.0</local-address>
+ <keepalives>
+ <idle-time>1</idle-time>
+ <max-probes>10</max-probes>
+ <probe-interval>5</probe-interval>
+ </keepalives>
+ </tcp-server-parameters>
+ <tls-server-parameters>
+ <server-identity>
+ <keystore-reference>
+ <asymmetric-key>SERVER_KEY_NAME</asymmetric-key>
+ <certificate>SERVER_CERT_NAME</certificate>
+ </keystore-reference>
+ </server-identity>
+ <client-authentication>
+ <required/>
+ <ca-certs>CA_CERT_NAME</ca-certs>
+ <client-certs>CLIENT_CERT_NAME</client-certs>
+ <cert-maps>
+ <cert-to-name>
+ <id>1</id>
+ <fingerprint>02:CLIENT_FINGERPRINT_HERE</fingerprint>
+ <map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type>
+ <name>tls-test</name>
+ </cert-to-name>
+ </cert-maps>
+ </client-authentication>
+ </tls-server-parameters>
+ </tls>
+ </endpoint>
+ </listen>
+</netconf-server>
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Netconf-server
+ ================================================================================
+ Copyright (C) 2021 Nokia. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+
+<truststore xmlns="urn:ietf:params:xml:ns:yang:ietf-truststore">
+ <certificates>
+ <name>CLIENT_CERT_NAME</name>
+ <certificate>
+ <name>client_cert</name>
+ <cert>CLIENT_CERTIFICATE_HERE</cert>
+ </certificate>
+ </certificates>
+ <certificates>
+ <name>CA_CERT_NAME</name>
+ <certificate>
+ <name>ca_cert</name>
+ <cert>CA_CERTIFICATE_HERE</cert>
+ </certificate>
+ </certificates>
+</truststore>
--- /dev/null
+major=1
+minor=0
+patch=0
+base_version=${major}.${minor}.${patch}
+release_version=${base_version}
+snapshot_version=${base_version}-SNAPSHOT
Code Review / integration / simulators / nf-simulator / netconf-server.git / commitdiff