use of org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore in project netconf by opendaylight.
the class NetconfKeystoreAdapterTest method testWritePrivateKey.
@SuppressWarnings("unchecked")
@Test
public void testWritePrivateKey() throws Exception {
DataTreeModification<Keystore> dataTreeModification = mock(DataTreeModification.class);
DataObjectModification<Keystore> keystoreObjectModification = mock(DataObjectModification.class);
doReturn(keystoreObjectModification).when(dataTreeModification).getRootNode();
DataObjectModification<?> childObjectModification = mock(DataObjectModification.class);
doReturn(Collections.singletonList(childObjectModification)).when(keystoreObjectModification).getModifiedChildren();
doReturn(PrivateKey.class).when(childObjectModification).getDataType();
doReturn(DataObjectModification.ModificationType.WRITE).when(childObjectModification).getModificationType();
PrivateKey privateKey = getPrivateKey();
doReturn(privateKey).when(childObjectModification).getDataAfter();
NetconfKeystoreAdapter keystoreAdapter = new NetconfKeystoreAdapter(dataBroker);
keystoreAdapter.onDataTreeChanged(Collections.singletonList(dataTreeModification));
java.security.KeyStore keyStore = keystoreAdapter.getJavaKeyStore();
assertTrue(keyStore.containsAlias(privateKey.getName()));
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore in project netconf by opendaylight.
the class NetconfKeystoreAdapter method onDataTreeChanged.
@Override
public void onDataTreeChanged(final Collection<DataTreeModification<Keystore>> changes) {
LOG.debug("Keystore updated: {}", changes);
for (final DataTreeModification<Keystore> change : changes) {
final DataObjectModification<Keystore> rootNode = change.getRootNode();
for (final DataObjectModification<? extends DataObject> changedChild : rootNode.getModifiedChildren()) {
if (changedChild.getDataType().equals(KeyCredential.class)) {
final Keystore dataAfter = rootNode.getDataAfter();
pairs.clear();
if (dataAfter != null) {
dataAfter.nonnullKeyCredential().values().forEach(pair -> pairs.put(pair.key().getKeyId(), pair));
}
} else if (changedChild.getDataType().equals(PrivateKey.class)) {
onPrivateKeyChanged((DataObjectModification<PrivateKey>) changedChild);
} else if (changedChild.getDataType().equals(TrustedCertificate.class)) {
onTrustedCertificateChanged((DataObjectModification<TrustedCertificate>) changedChild);
}
}
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore in project netconf by opendaylight.
the class NetconfSalKeystoreService method initKeystore.
private void initKeystore() {
final Keystore keystore = new KeystoreBuilder().build();
final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
writeTransaction.merge(LogicalDatastoreType.CONFIGURATION, keystoreIid, keystore);
try {
writeTransaction.commit().get();
LOG.debug("init keystore done");
} catch (InterruptedException | ExecutionException exception) {
LOG.error("Unable to initialize Netconf key-pair store.", exception);
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore in project netconf by opendaylight.
the class SslHandlerFactoryImpl method createSslHandler.
@Override
public SslHandler createSslHandler(Set<String> allowedKeys) {
try {
final KeyStore keyStore = keystoreAdapter.getJavaKeyStore(allowedKeys);
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, "".toCharArray());
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
final SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
final SSLEngine engine = sslCtx.createSSLEngine();
engine.setUseClientMode(true);
final String[] engineProtocols = engine.getSupportedProtocols();
final String[] enabledProtocols;
if (specification != null) {
checkArgument(specification instanceof TlsCase, "Cannot get TLS specification from: %s", specification);
final Set<String> protocols = Sets.newHashSet(engineProtocols);
protocols.removeAll(((TlsCase) specification).getTls().getExcludedVersions());
enabledProtocols = protocols.toArray(new String[0]);
} else {
enabledProtocols = engineProtocols;
}
engine.setEnabledProtocols(enabledProtocols);
engine.setEnabledCipherSuites(engine.getSupportedCipherSuites());
engine.setEnableSessionCreation(true);
return new SslHandler(engine);
} catch (GeneralSecurityException | IOException exc) {
throw new IllegalStateException(exc);
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore in project netconf by opendaylight.
the class NetconfKeystoreAdapterTest method testWritePrivateKeyAndTrustedCertificate.
@SuppressWarnings("unchecked")
@Test
public void testWritePrivateKeyAndTrustedCertificate() throws Exception {
// Prepare PrivateKey configuration
DataTreeModification<Keystore> dataTreeModification1 = mock(DataTreeModification.class);
DataObjectModification<Keystore> keystoreObjectModification1 = mock(DataObjectModification.class);
doReturn(keystoreObjectModification1).when(dataTreeModification1).getRootNode();
DataObjectModification<?> childObjectModification1 = mock(DataObjectModification.class);
doReturn(Collections.singletonList(childObjectModification1)).when(keystoreObjectModification1).getModifiedChildren();
doReturn(PrivateKey.class).when(childObjectModification1).getDataType();
doReturn(DataObjectModification.ModificationType.WRITE).when(childObjectModification1).getModificationType();
PrivateKey privateKey = getPrivateKey();
doReturn(privateKey).when(childObjectModification1).getDataAfter();
// Prepare TrustedCertificate configuration
DataTreeModification<Keystore> dataTreeModification2 = mock(DataTreeModification.class);
DataObjectModification<Keystore> keystoreObjectModification2 = mock(DataObjectModification.class);
doReturn(keystoreObjectModification2).when(dataTreeModification2).getRootNode();
DataObjectModification<?> childObjectModification2 = mock(DataObjectModification.class);
doReturn(Collections.singletonList(childObjectModification2)).when(keystoreObjectModification2).getModifiedChildren();
doReturn(TrustedCertificate.class).when(childObjectModification2).getDataType();
doReturn(DataObjectModification.ModificationType.WRITE).when(childObjectModification2).getModificationType();
TrustedCertificate trustedCertificate = geTrustedCertificate();
doReturn(trustedCertificate).when(childObjectModification2).getDataAfter();
// Apply configurations
NetconfKeystoreAdapter keystoreAdapter = new NetconfKeystoreAdapter(dataBroker);
keystoreAdapter.onDataTreeChanged(Arrays.asList(dataTreeModification1, dataTreeModification2));
// Check result
java.security.KeyStore keyStore = keystoreAdapter.getJavaKeyStore();
assertTrue(keyStore.containsAlias(privateKey.getName()));
assertTrue(keyStore.containsAlias(trustedCertificate.getName()));
}
Aggregations