module org-openroadm-key-chain {
  namespace "http://org/openroadm/key-chain";
  prefix org-openroadm-key-chain;

  import ietf-yang-types {
    prefix yang;
    revision-date 2013-07-15;
  }

  organization
    "Open ROADM MSA";
  contact
    "OpenROADM.org";
  description
    "This model defines the Yang model for key chain.

     This model reuses data items defined in the IETF YANG model for
     key-chain as described by RFC 8177.

     Some attributes which are not required in Open ROADM MSA are removed.
     Yang file included are changed to fit into Open ROADM MSA yang structure.

     IETF code is subject to the following copyright and license:
     Copyright (c) IETF Trust and the persons identified as authors of
     the code.
     All rights reserved.

     Redistribution and use in source and binary forms, with or without
     modification, is permitted pursuant to, and subject to the license
     terms contained in, the Simplified BSD License set forth in
     Section 4.c of the IETF Trust's Legal Provisions Relating
     to IETF Documents (http://trustee.ietf.org/license-info).";

  revision 2019-11-29 {
    description
      "Version 6.1.0";
  }
  revision 2019-03-29 {
    description
      "Version 5.0.0";
  }
  revision 2018-03-30 {
    description
      "Initial revision.";
  }

  feature hex-key-string {
    description
      "Support hexadecimal key string.";
  }

  feature independent-send-accept-lifetime {
    description
      "Support for independent send and accept key lifetimes.";
  }

  feature crypto-hmac-sha-1-12 {
    description
      "Support for TCP HMAC-SHA-1 12 byte digest hack.";
  }

  typedef key-chain-ref {
    type leafref {
      path "/org-openroadm-key-chain:key-chains/key-chain-list/org-openroadm-key-chain:name";
    }
    description
      "This type is used by data models that need to reference
       configured key-chains.";
  }

  grouping lifetime {
    description
      "Key lifetime specification.";
    choice lifetime {
      default "always";
      description
        "Options for specifying key accept or send lifetimes";
      case always {
        leaf always {
          type empty;
          description
            "Indicates key lifetime is always valid.";
        }
      }
      case start-end-time {
        leaf start-date-time {
          type yang:date-and-time;
          description
            "Start time.";
        }
        choice end-time {
          default "infinite";
          description
            "End-time setting.";
          case infinite {
            leaf no-end-time {
              type empty;
              description
                "Indicates key lifetime end-time in infinite.";
            }
          }
          case duration {
            leaf duration {
              type uint32 {
                range "1..2147483646";
              }
              units "seconds";
              description
                "Key lifetime duration, in seconds";
            }
          }
          case end-date-time {
            leaf end-date-time {
              type yang:date-and-time;
              description
                "End time.";
            }
          }
        }
      }
    }
  }

  grouping crypto-algorithm-types {
    description
      "Cryptographic algorithm types.";
    choice algorithm {
      description
        "Options for crytographic algorithm specification.";
      case md5 {
        leaf md5 {
          type empty;
          description
            "The MD5 algorithm.";
        }
      }
    }
  }

  grouping key-chain {
    description
      "key-chain specification grouping.";
    leaf name {
      type string;
      description
        "Name of the key-chain.";
    }
    list key-chain-entry {
      key "key-id";
      description
        "One key.";
      leaf key-id {
        type uint64 {
          range "1..255" {
            error-message "Configured value is out of range";
          }
        }
        description
          "Key id.";
      }
      container key-string {
        description
          "The key string.";
        choice key-string-style {
          description
            "Key string styles";
          case keystring {
            leaf keystring {
              type string {
                length "1..16" {
                  error-message "Configured string exceeds the maximum length";
                }
              }
              description
                "Key string in ASCII format.";
            }
          }
          case hexadecimal {
            if-feature "hex-key-string";
          }
        }
      }
      container crypto-algorithm {
        description
          "Cryptographic algorithm associated with key.";
        uses crypto-algorithm-types;
      }
    }
  }

  container key-chains {
    description
      "All configured key-chains for the device.";
    list key-chain-list {
      key "name";
      description
        "List of key-chains.";
      uses key-chain;
    }
  }
  container key-chains-state {
    config false;
    description
      "All configured key-chains state.";
    list key-chain-list-state {
      description
        "One key-chain state.";
      leaf name-state {
        type string;
        description
          "Configured name of the key-chain.";
      }
      list key-chain-entry {
        key "key-id";
        description
          "One key.";
        leaf key-id {
          type uint64;
          description
            "Configurd key id.";
        }
        container crypto-algorithm-state {
          description
            "Configured cryptographic algorithm.";
          uses crypto-algorithm-types;
        }
      }
    }
  }
}