2 * Copyright (c) 2016, 2017 Inocybe Technologies. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.cert.impl;
10 import static java.util.Objects.requireNonNull;
11 import static java.util.Objects.requireNonNullElse;
13 import java.security.KeyStore;
14 import java.util.ArrayList;
15 import java.util.List;
16 import org.apache.commons.lang3.StringUtils;
17 import org.opendaylight.aaa.cert.api.IAaaCertProvider;
18 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.CtlKeystore;
19 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.TrustKeystore;
20 import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.ctlkeystore.CipherSuites;
21 import org.slf4j.Logger;
22 import org.slf4j.LoggerFactory;
25 * DefaultMdsalSslData Implements the default Mdsal SslData based on the
26 * configuration exist in the aaa-cert-config.xml.
31 public class DefaultMdsalSslData implements IAaaCertProvider {
33 private static final Logger LOG = LoggerFactory.getLogger(DefaultMdsalSslData.class);
34 private static final String ERROR_MESSAGE = "password is not correct or keystore has been corrupted";
36 private final AaaCertMdsalProvider aaaCertMdsalProv;
37 private final CtlKeystore ctlKeyStore;
38 private final TrustKeystore trustKeystore;
39 private final String bundleName;
41 public DefaultMdsalSslData(final AaaCertMdsalProvider aaaCertMdsalProv, final String bundleName,
42 final CtlKeystore ctlKeyStore, final TrustKeystore trustKeystore) {
43 this.bundleName = requireNonNull(bundleName);
44 this.aaaCertMdsalProv = aaaCertMdsalProv;
45 this.ctlKeyStore = ctlKeyStore;
46 this.trustKeystore = trustKeystore;
47 this.aaaCertMdsalProv.initializeKeystoreDataTree();
51 public boolean addCertificateODLKeyStore(String storePasswd, String alias, String certificate) {
52 if (!aaaCertMdsalProv.getSslData(bundleName).getOdlKeystore().getStorePassword().equals(storePasswd)) {
53 LOG.debug(ERROR_MESSAGE);
56 return aaaCertMdsalProv.addODLStoreSignedCertificate(bundleName, alias, certificate);
60 public boolean addCertificateODLKeyStore(String alias, String certificate) {
61 return aaaCertMdsalProv.addODLStoreSignedCertificate(bundleName, alias, certificate);
65 public boolean addCertificateTrustStore(String storePasswd, String alias, String certificate) {
66 if (aaaCertMdsalProv.getSslData(bundleName).getTrustKeystore().getStorePassword().equals(storePasswd)) {
67 LOG.debug(ERROR_MESSAGE);
70 return aaaCertMdsalProv.addTrustNodeCertificate(bundleName, alias, certificate);
74 public boolean addCertificateTrustStore(String alias, String certificate) {
75 return aaaCertMdsalProv.addTrustNodeCertificate(bundleName, alias, certificate);
79 public String genODLKeyStoreCertificateReq(String storePasswd, boolean withTag) {
80 if (!aaaCertMdsalProv.getSslData(bundleName).getOdlKeystore().getStorePassword().equals(storePasswd)) {
81 LOG.debug(ERROR_MESSAGE);
82 return StringUtils.EMPTY;
84 return aaaCertMdsalProv.genODLKeyStoreCertificateReq(bundleName, withTag);
88 public String genODLKeyStoreCertificateReq(boolean withTag) {
89 return aaaCertMdsalProv.genODLKeyStoreCertificateReq(bundleName, withTag);
93 public String getCertificateTrustStore(String storePasswd, String alias, boolean withTag) {
94 if (!aaaCertMdsalProv.getSslData(bundleName).getTrustKeystore().getStorePassword().equals(storePasswd)) {
95 LOG.debug(ERROR_MESSAGE);
96 return StringUtils.EMPTY;
98 return aaaCertMdsalProv.getTrustStoreCertificate(bundleName, alias, withTag);
102 public String getCertificateTrustStore(String alias, boolean withTag) {
103 return requireNonNullElse(aaaCertMdsalProv.getTrustStoreCertificate(bundleName, alias, withTag), "");
107 public String getODLKeyStoreCertificate(String storePasswd, boolean withTag) {
108 if (!aaaCertMdsalProv.getSslData(bundleName).getOdlKeystore().getStorePassword().equals(storePasswd)) {
109 LOG.debug(ERROR_MESSAGE);
110 return StringUtils.EMPTY;
112 return aaaCertMdsalProv.getODLStoreCertificate(bundleName, withTag);
116 public String getODLKeyStoreCertificate(final boolean withTag) {
117 return requireNonNullElse(aaaCertMdsalProv.getODLStoreCertificate(bundleName, withTag), "");
121 public KeyStore getODLKeyStore() {
122 return aaaCertMdsalProv.getODLKeyStore(bundleName);
126 public KeyStore getTrustKeyStore() {
127 return aaaCertMdsalProv.getTrustKeyStore(bundleName);
131 public String[] getCipherSuites() {
132 return aaaCertMdsalProv.getCipherSuites(bundleName);
135 private String[] getCipherSuites(final List<CipherSuites> cipherSuites) {
136 final List<String> suites = new ArrayList<>();
137 if (cipherSuites != null && !cipherSuites.isEmpty()) {
138 cipherSuites.forEach(cs -> suites.add(cs.getSuiteName()));
140 return suites.toArray(new String[suites.size()]);
144 public TrustKeystore getTrustKeyStoreInfo() {
145 return trustKeystore;
149 public CtlKeystore getOdlKeyStoreInfo() {
154 public boolean createKeyStores() {
155 if (aaaCertMdsalProv.getSslData(bundleName) == null) {
156 return aaaCertMdsalProv.addSslDataKeystores(bundleName, ctlKeyStore.getName(),
157 ctlKeyStore.getStorePassword(), ctlKeyStore.getAlias(), ctlKeyStore.getDname(),
158 ctlKeyStore.getKeyAlg(), ctlKeyStore.getSignAlg(), ctlKeyStore.getKeysize(),
159 ctlKeyStore.getValidity(), trustKeystore.getName(), trustKeystore.getStorePassword(),
160 getCipherSuites(ctlKeyStore.getCipherSuites()), ctlKeyStore.getTlsProtocols()) != null;
166 public String[] getTlsProtocols() {
167 return aaaCertMdsalProv.getTlsProtocols(bundleName);
170 public void exportSslDataKeystores() {
171 aaaCertMdsalProv.exportSslDataKeystores(bundleName);
174 public boolean importSslDataKeystores(String odlKeystoreName, String odlKeystorePwd, String odlKeystoreAlias,
175 String trustKeystoreName, String trustKeystorePwd, String[] cipherSuites, String tlsProtocols) {
176 final ODLKeyTool keyTool = new ODLKeyTool();
177 final KeyStore odlKeyStore = keyTool.loadKeyStore(odlKeystoreName, odlKeystorePwd);
178 final KeyStore trustKeyStore = keyTool.loadKeyStore(trustKeystoreName, trustKeystorePwd);
179 return aaaCertMdsalProv.importSslDataKeystores(bundleName, odlKeystoreName, odlKeystorePwd, odlKeystoreAlias,
180 odlKeyStore, trustKeystoreName, trustKeystorePwd, trustKeyStore, cipherSuites, tlsProtocols) != null;