2 * Copyright (c) 2016, 2017 Inocybe Technologies. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.cert.impl;
10 import static java.util.Objects.requireNonNull;
12 import com.google.common.annotations.VisibleForTesting;
13 import com.google.common.base.Strings;
14 import com.google.common.util.concurrent.ListenableFuture;
15 import org.eclipse.jdt.annotation.NonNull;
16 import org.opendaylight.aaa.cert.api.IAaaCertProvider;
17 import org.opendaylight.mdsal.binding.api.RpcProviderService;
18 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetNodeCertificate;
19 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetNodeCertificateInput;
20 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetNodeCertificateOutput;
21 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetNodeCertificateOutputBuilder;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetODLCertificate;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetODLCertificateInput;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetODLCertificateOutput;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetODLCertificateOutputBuilder;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetODLCertificateReq;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetODLCertificateReqInput;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetODLCertificateReqOutput;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetODLCertificateReqOutputBuilder;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetNodeCertificate;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetNodeCertificateInput;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetNodeCertificateOutput;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetNodeCertificateOutputBuilder;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetODLCertificate;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetODLCertificateInput;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetODLCertificateOutput;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetODLCertificateOutputBuilder;
38 import org.opendaylight.yangtools.concepts.Registration;
39 import org.opendaylight.yangtools.yang.common.ErrorTag;
40 import org.opendaylight.yangtools.yang.common.ErrorType;
41 import org.opendaylight.yangtools.yang.common.RpcResult;
42 import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
43 import org.slf4j.Logger;
44 import org.slf4j.LoggerFactory;
47 * AaaCertRpcServiceImpl Implements the basic RPCs operation that add and
48 * retrieve certificates to and from the keystores. These RPCs are accessible
49 * only for by the ODL's user who has the admin role and can be disabled. Check
50 * the shiro.ini file for more info.
54 final class AaaCertRpcServiceImpl {
55 private static final Logger LOG = LoggerFactory.getLogger(AaaCertRpcServiceImpl.class);
57 private final IAaaCertProvider aaaCertProvider;
59 AaaCertRpcServiceImpl(final @NonNull IAaaCertProvider aaaCertProvider) {
60 this.aaaCertProvider = requireNonNull(aaaCertProvider);
63 @NonNull Registration registerWith(final RpcProviderService rpcProviderService) {
64 return rpcProviderService.registerRpcImplementations(
65 (GetNodeCertificate) this::getNodeCertificate,
66 (SetNodeCertificate) this::setNodeCertificate,
67 (GetODLCertificate) this::getODLCertificate,
68 (SetODLCertificate) this::setODLCertificate,
69 (GetODLCertificateReq) this::getODLCertificateReq);
73 ListenableFuture<RpcResult<GetNodeCertificateOutput>> getNodeCertificate(final GetNodeCertificateInput input) {
74 final String cert = aaaCertProvider.getCertificateTrustStore(input.getNodeAlias(), false);
75 if (Strings.isNullOrEmpty(cert)) {
76 return RpcResultBuilder.<GetNodeCertificateOutput>failed()
77 .withRpcError(RpcResultBuilder.newError(ErrorType.APPLICATION, ErrorTag.DATA_MISSING,
78 "getNodeCertificate does not fetch certificate for the alias " + input.getNodeAlias()))
82 return RpcResultBuilder.success(new GetNodeCertificateOutputBuilder().setNodeCert(cert).build()).buildFuture();
86 ListenableFuture<RpcResult<SetODLCertificateOutput>> setODLCertificate(final SetODLCertificateInput input) {
87 if (aaaCertProvider.addCertificateODLKeyStore(input.getOdlCertAlias(), input.getOdlCert())) {
88 return RpcResultBuilder.success(new SetODLCertificateOutputBuilder().build()).buildFuture();
90 LOG.info("Error while adding ODL certificate");
91 return RpcResultBuilder.<SetODLCertificateOutput>failed().buildFuture();
95 ListenableFuture<RpcResult<GetODLCertificateOutput>> getODLCertificate(final GetODLCertificateInput input) {
96 final String cert = aaaCertProvider.getODLKeyStoreCertificate(false);
97 if (Strings.isNullOrEmpty(cert)) {
98 return RpcResultBuilder.<GetODLCertificateOutput>failed().buildFuture();
100 return RpcResultBuilder.success(new GetODLCertificateOutputBuilder().setOdlCert(cert).build()).buildFuture();
104 ListenableFuture<RpcResult<GetODLCertificateReqOutput>> getODLCertificateReq(
105 final GetODLCertificateReqInput input) {
106 final String certReq = aaaCertProvider.genODLKeyStoreCertificateReq(false);
107 if (Strings.isNullOrEmpty(certReq)) {
108 return RpcResultBuilder.<GetODLCertificateReqOutput>failed().buildFuture();
110 return RpcResultBuilder.success(new GetODLCertificateReqOutputBuilder().setOdlCertReq(certReq).build())
115 ListenableFuture<RpcResult<SetNodeCertificateOutput>> setNodeCertificate(final SetNodeCertificateInput input) {
116 if (aaaCertProvider.addCertificateTrustStore(input.getNodeAlias(), input.getNodeCert())) {
117 return RpcResultBuilder.success(new SetNodeCertificateOutputBuilder().build()).buildFuture();
119 LOG.info("Error while adding the Node certificate");
120 return RpcResultBuilder.<SetNodeCertificateOutput>failed().buildFuture();