Search in sources :

Example 1 with Keystore

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore in project netconf by opendaylight.

the class NetconfKeystoreAdapterTest method testWritePrivateKey.

@SuppressWarnings("unchecked")
@Test
public void testWritePrivateKey() throws Exception {
    DataTreeModification<Keystore> dataTreeModification = mock(DataTreeModification.class);
    DataObjectModification<Keystore> keystoreObjectModification = mock(DataObjectModification.class);
    doReturn(keystoreObjectModification).when(dataTreeModification).getRootNode();
    DataObjectModification<?> childObjectModification = mock(DataObjectModification.class);
    doReturn(Collections.singletonList(childObjectModification)).when(keystoreObjectModification).getModifiedChildren();
    doReturn(PrivateKey.class).when(childObjectModification).getDataType();
    doReturn(DataObjectModification.ModificationType.WRITE).when(childObjectModification).getModificationType();
    PrivateKey privateKey = getPrivateKey();
    doReturn(privateKey).when(childObjectModification).getDataAfter();
    NetconfKeystoreAdapter keystoreAdapter = new NetconfKeystoreAdapter(dataBroker);
    keystoreAdapter.onDataTreeChanged(Collections.singletonList(dataTreeModification));
    java.security.KeyStore keyStore = keystoreAdapter.getJavaKeyStore();
    assertTrue(keyStore.containsAlias(privateKey.getName()));
}
Also used : Keystore(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore) PrivateKey(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey) Test(org.junit.Test)

Example 2 with Keystore

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore in project netconf by opendaylight.

the class NetconfKeystoreAdapter method onDataTreeChanged.

@Override
public void onDataTreeChanged(final Collection<DataTreeModification<Keystore>> changes) {
    LOG.debug("Keystore updated: {}", changes);
    for (final DataTreeModification<Keystore> change : changes) {
        final DataObjectModification<Keystore> rootNode = change.getRootNode();
        for (final DataObjectModification<? extends DataObject> changedChild : rootNode.getModifiedChildren()) {
            if (changedChild.getDataType().equals(KeyCredential.class)) {
                final Keystore dataAfter = rootNode.getDataAfter();
                pairs.clear();
                if (dataAfter != null) {
                    dataAfter.nonnullKeyCredential().values().forEach(pair -> pairs.put(pair.key().getKeyId(), pair));
                }
            } else if (changedChild.getDataType().equals(PrivateKey.class)) {
                onPrivateKeyChanged((DataObjectModification<PrivateKey>) changedChild);
            } else if (changedChild.getDataType().equals(TrustedCertificate.class)) {
                onTrustedCertificateChanged((DataObjectModification<TrustedCertificate>) changedChild);
            }
        }
    }
}
Also used : Keystore(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore) PrivateKey(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey) DataObjectModification(org.opendaylight.mdsal.binding.api.DataObjectModification) TrustedCertificate(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificate)

Example 3 with Keystore

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore in project netconf by opendaylight.

the class NetconfSalKeystoreService method initKeystore.

private void initKeystore() {
    final Keystore keystore = new KeystoreBuilder().build();
    final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
    writeTransaction.merge(LogicalDatastoreType.CONFIGURATION, keystoreIid, keystore);
    try {
        writeTransaction.commit().get();
        LOG.debug("init keystore done");
    } catch (InterruptedException | ExecutionException exception) {
        LOG.error("Unable to initialize Netconf key-pair store.", exception);
    }
}
Also used : Keystore(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore) KeystoreBuilder(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.KeystoreBuilder) WriteTransaction(org.opendaylight.mdsal.binding.api.WriteTransaction) ExecutionException(java.util.concurrent.ExecutionException)

Example 4 with Keystore

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore in project netconf by opendaylight.

the class SslHandlerFactoryImpl method createSslHandler.

@Override
public SslHandler createSslHandler(Set<String> allowedKeys) {
    try {
        final KeyStore keyStore = keystoreAdapter.getJavaKeyStore(allowedKeys);
        final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(keyStore, "".toCharArray());
        final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(keyStore);
        final SSLContext sslCtx = SSLContext.getInstance("TLS");
        sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
        final SSLEngine engine = sslCtx.createSSLEngine();
        engine.setUseClientMode(true);
        final String[] engineProtocols = engine.getSupportedProtocols();
        final String[] enabledProtocols;
        if (specification != null) {
            checkArgument(specification instanceof TlsCase, "Cannot get TLS specification from: %s", specification);
            final Set<String> protocols = Sets.newHashSet(engineProtocols);
            protocols.removeAll(((TlsCase) specification).getTls().getExcludedVersions());
            enabledProtocols = protocols.toArray(new String[0]);
        } else {
            enabledProtocols = engineProtocols;
        }
        engine.setEnabledProtocols(enabledProtocols);
        engine.setEnabledCipherSuites(engine.getSupportedCipherSuites());
        engine.setEnableSessionCreation(true);
        return new SslHandler(engine);
    } catch (GeneralSecurityException | IOException exc) {
        throw new IllegalStateException(exc);
    }
}
Also used : TlsCase(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.protocol.specification.TlsCase) SSLEngine(javax.net.ssl.SSLEngine) GeneralSecurityException(java.security.GeneralSecurityException) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) KeyStore(java.security.KeyStore) SslHandler(io.netty.handler.ssl.SslHandler) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory)

Example 5 with Keystore

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore in project netconf by opendaylight.

the class NetconfKeystoreAdapterTest method testWritePrivateKeyAndTrustedCertificate.

@SuppressWarnings("unchecked")
@Test
public void testWritePrivateKeyAndTrustedCertificate() throws Exception {
    // Prepare PrivateKey configuration
    DataTreeModification<Keystore> dataTreeModification1 = mock(DataTreeModification.class);
    DataObjectModification<Keystore> keystoreObjectModification1 = mock(DataObjectModification.class);
    doReturn(keystoreObjectModification1).when(dataTreeModification1).getRootNode();
    DataObjectModification<?> childObjectModification1 = mock(DataObjectModification.class);
    doReturn(Collections.singletonList(childObjectModification1)).when(keystoreObjectModification1).getModifiedChildren();
    doReturn(PrivateKey.class).when(childObjectModification1).getDataType();
    doReturn(DataObjectModification.ModificationType.WRITE).when(childObjectModification1).getModificationType();
    PrivateKey privateKey = getPrivateKey();
    doReturn(privateKey).when(childObjectModification1).getDataAfter();
    // Prepare TrustedCertificate configuration
    DataTreeModification<Keystore> dataTreeModification2 = mock(DataTreeModification.class);
    DataObjectModification<Keystore> keystoreObjectModification2 = mock(DataObjectModification.class);
    doReturn(keystoreObjectModification2).when(dataTreeModification2).getRootNode();
    DataObjectModification<?> childObjectModification2 = mock(DataObjectModification.class);
    doReturn(Collections.singletonList(childObjectModification2)).when(keystoreObjectModification2).getModifiedChildren();
    doReturn(TrustedCertificate.class).when(childObjectModification2).getDataType();
    doReturn(DataObjectModification.ModificationType.WRITE).when(childObjectModification2).getModificationType();
    TrustedCertificate trustedCertificate = geTrustedCertificate();
    doReturn(trustedCertificate).when(childObjectModification2).getDataAfter();
    // Apply configurations
    NetconfKeystoreAdapter keystoreAdapter = new NetconfKeystoreAdapter(dataBroker);
    keystoreAdapter.onDataTreeChanged(Arrays.asList(dataTreeModification1, dataTreeModification2));
    // Check result
    java.security.KeyStore keyStore = keystoreAdapter.getJavaKeyStore();
    assertTrue(keyStore.containsAlias(privateKey.getName()));
    assertTrue(keyStore.containsAlias(trustedCertificate.getName()));
}
Also used : Keystore(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore) PrivateKey(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey) TrustedCertificate(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificate) Test(org.junit.Test)

Aggregations

Keystore (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore)4 PrivateKey (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey)4 TrustedCertificate (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificate)3 KeyStore (java.security.KeyStore)2 Test (org.junit.Test)2 SslHandler (io.netty.handler.ssl.SslHandler)1 IOException (java.io.IOException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyStoreException (java.security.KeyStoreException)1 Certificate (java.security.cert.Certificate)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 ExecutionException (java.util.concurrent.ExecutionException)1 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1 SSLContext (javax.net.ssl.SSLContext)1 SSLEngine (javax.net.ssl.SSLEngine)1 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)1 DataObjectModification (org.opendaylight.mdsal.binding.api.DataObjectModification)1