module aaa-encrypt-service-config {
  yang-version 1;
  namespace "config:aaa:authn:encrypt:service:config";
  prefix "aaa-encrypt-service-config";
  organization "OpenDayLight";

  contact "melserngawy@inocybe.ca";

  revision 2016-09-15 {
    description "Initial revision.";
  }

  grouping encrypt-service-preferences {
    leaf encrypt-method {
      description "The encryption method to use";
      type string;
      default PBKDF2WithHmacSHA1;
    }
    leaf encrypt-type {
      description "The encryption type";
      type string;
      default AES;
    }
    leaf encrypt-iteration-count {
      description "Number of iterations that will be used by the key";
      // FIXME: uint32
      type int32;
      default 32768;
    }
    leaf encrypt-key-length {
      description "Key length";
      // FIXME: uint32
      type int32;
      default 128;
    }
    leaf cipher-transforms {
      description "cipher transformation type ex: AES/CBC/PKCS5Padding (128)";
      type string;
      default "AES/CBC/PKCS5Padding";
    }
  }

  grouping encrypt-service-secrets {
    leaf encrypt-key {
      description "Encryption key";
      type string;
      mandatory true;
    }
    leaf encrypt-salt {
      description "Encryption key salt";
      type binary {
        length 1..max;
      }
      mandatory true;
    }
  }

  grouping encrypt-service-config {
    uses encrypt-service-secrets;
    uses encrypt-service-preferences;
  }

  grouping encrypt-service-generator-config {
    leaf password-length {
      description "Encryption key password length";
      // FIXME: uint16, really, with a minimum of .. 8?
      type int32;
      default 12;
    }
    uses encrypt-service-preferences;
  }

  container aaa-encrypt-service-config {
    uses encrypt-service-generator-config;

    leaf encrypt-key {
      description "Encryption key";
      type string;
    }
    leaf encrypt-salt {
      description "Encryption key salt";
      type string;
    }
  }
}