2 * Copyright (c) 2023 PANTHEON.tech, s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.topology.spi;
10 import static java.util.Objects.requireNonNull;
12 import java.util.List;
13 import javax.inject.Inject;
14 import javax.inject.Singleton;
15 import org.eclipse.jdt.annotation.NonNull;
16 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
17 import org.opendaylight.netconf.client.conf.NetconfClientConfiguration.NetconfClientProtocol;
18 import org.opendaylight.netconf.client.conf.NetconfClientConfigurationBuilder;
19 import org.opendaylight.netconf.client.mdsal.DatastoreBackedPublicKeyAuth;
20 import org.opendaylight.netconf.client.mdsal.api.CredentialProvider;
21 import org.opendaylight.netconf.client.mdsal.api.SslHandlerFactoryProvider;
22 import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.AuthenticationHandler;
23 import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.LoginPasswordHandler;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231025.connection.parameters.Protocol.Name;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231025.credentials.Credentials;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231025.credentials.credentials.KeyAuth;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231025.credentials.credentials.LoginPw;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231025.credentials.credentials.LoginPwUnencrypted;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev221225.NetconfNode;
30 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
31 import org.osgi.service.component.annotations.Activate;
32 import org.osgi.service.component.annotations.Component;
33 import org.osgi.service.component.annotations.Reference;
36 * Legacy implementation of NetconfClientConfigurationBuildFactory.
38 * @deprecated as outdated. Should be replaced with {@link NetconfClientConfigurationBuilderFactoryImpl} once
39 * callhome-provider is migrated to transport-api.
41 @Component(service = NetconfClientConfigurationBuilderFactory.class, property = "type=legacy")
43 @Deprecated(forRemoval = true)
44 public final class DefaultNetconfClientConfigurationBuilderFactory implements NetconfClientConfigurationBuilderFactory {
45 private final SslHandlerFactoryProvider sslHandlerFactoryProvider;
46 private final AAAEncryptionService encryptionService;
47 private final CredentialProvider credentialProvider;
51 public DefaultNetconfClientConfigurationBuilderFactory(
52 @Reference final AAAEncryptionService encryptionService,
53 @Reference final CredentialProvider credentialProvider,
54 @Reference final SslHandlerFactoryProvider sslHandlerFactoryProvider) {
55 this.encryptionService = requireNonNull(encryptionService);
56 this.credentialProvider = requireNonNull(credentialProvider);
57 this.sslHandlerFactoryProvider = requireNonNull(sslHandlerFactoryProvider);
61 public NetconfClientConfigurationBuilder createClientConfigurationBuilder(final NodeId nodeId,
62 final NetconfNode node) {
63 final var builder = NetconfClientConfigurationBuilder.create();
64 final var protocol = node.getProtocol();
65 if (node.requireTcpOnly()) {
66 builder.withProtocol(NetconfClientProtocol.TCP)
67 .withAuthHandler(getHandlerFromCredentials(node.getCredentials()));
68 } else if (protocol == null || protocol.getName() == Name.SSH) {
69 builder.withProtocol(NetconfClientProtocol.SSH)
70 .withAuthHandler(getHandlerFromCredentials(node.getCredentials()));
71 } else if (protocol.getName() == Name.TLS) {
72 builder.withProtocol(NetconfClientProtocol.TLS)
73 .withSslHandlerFactory(sslHandlerFactoryProvider.getSslHandlerFactory(protocol.getSpecification()));
75 throw new IllegalArgumentException("Unsupported protocol type: " + protocol.getName());
78 final var helloCapabilities = node.getOdlHelloMessageCapabilities();
79 if (helloCapabilities != null) {
80 builder.withOdlHelloCapabilities(List.copyOf(helloCapabilities.requireCapability()));
84 .withName(nodeId.getValue())
85 .withAddress(NetconfNodeUtils.toInetSocketAddress(node))
86 .withConnectionTimeoutMillis(node.requireConnectionTimeoutMillis().toJava());
89 private @NonNull AuthenticationHandler getHandlerFromCredentials(final Credentials credentials) {
90 if (credentials instanceof LoginPwUnencrypted unencrypted) {
91 final var loginPassword = unencrypted.getLoginPasswordUnencrypted();
92 return new LoginPasswordHandler(loginPassword.getUsername(), loginPassword.getPassword());
93 } else if (credentials instanceof LoginPw loginPw) {
94 final var loginPassword = loginPw.getLoginPassword();
95 return new LoginPasswordHandler(loginPassword.getUsername(),
96 encryptionService.decrypt(loginPassword.getPassword()));
97 } else if (credentials instanceof KeyAuth keyAuth) {
98 final var keyPair = keyAuth.getKeyBased();
99 return new DatastoreBackedPublicKeyAuth(keyPair.getUsername(), keyPair.getKeyId(), credentialProvider,
102 throw new IllegalArgumentException("Unsupported credential type: " + credentials.getClass());