Example 1 with OpenFlowDeviceConfig
use of org.onosproject.openflow.config.OpenFlowDeviceConfig in project onos by opennetworkinglab.
the class Controller method isValidCertificate.
public boolean isValidCertificate(Long dpid, Certificate peerCert) {
if (!tlsParams.isTlsEnabled()) {
return true;
}
if (netCfgService == null) {
// netcfg service not available; accept any cert if not in strict mode
return tlsParams.mode == TlsMode.ENABLED;
}
DeviceId deviceId = DeviceId.deviceId(Dpid.uri(new Dpid(dpid)));
OpenFlowDeviceConfig config = netCfgService.getConfig(deviceId, OpenFlowDeviceConfig.class);
if (config == null) {
// Config not set for device, accept any cert if not in strict mode
return tlsParams.mode == TlsMode.ENABLED;
}
Optional<String> alias = config.keyAlias();
if (!alias.isPresent()) {
// Config for device does not specify a certificate chain, accept any cert if not in strict mode
return tlsParams.mode == TlsMode.ENABLED;
}
try {
Certificate configuredCert = keyStore.getCertificate(alias.get());
// TODO there's probably a better way to compare these
return Objects.deepEquals(peerCert, configuredCert);
} catch (KeyStoreException e) {
log.info("failed to load key", e);
}
return false;
}
Also used :
OpenFlowDeviceConfig(org.onosproject.openflow.config.OpenFlowDeviceConfig)
DeviceId(org.onosproject.net.DeviceId)
Dpid(org.onosproject.openflow.controller.Dpid)
KeyStoreException(java.security.KeyStoreException)
Certificate(java.security.cert.Certificate)
Aggregations
KeyStoreException (java.security.KeyStoreException)1
Certificate (java.security.cert.Certificate)1
DeviceId (org.onosproject.net.DeviceId)1
OpenFlowDeviceConfig (org.onosproject.openflow.config.OpenFlowDeviceConfig)1
Dpid (org.onosproject.openflow.controller.Dpid)1
