2 * Copyright (c) 2024 PANTHEON.tech, s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.keystore.legacy;
10 import static java.util.Objects.requireNonNull;
12 import java.util.HashMap;
14 import java.util.concurrent.atomic.AtomicReference;
15 import java.util.function.Consumer;
16 import org.eclipse.jdt.annotation.NonNull;
17 import org.eclipse.jdt.annotation.NonNullByDefault;
18 import org.eclipse.jdt.annotation.Nullable;
19 import org.opendaylight.mdsal.binding.api.DataBroker;
20 import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
21 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificate;
25 import org.opendaylight.yangtools.concepts.Immutable;
26 import org.opendaylight.yangtools.concepts.Registration;
27 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
30 * Abstract substrate for implementing security services based on the contents of {@link Keystore}.
32 public abstract class AbstractNetconfKeystore {
34 protected record State(
35 Map<String, PrivateKey> privateKeys,
36 Map<String, TrustedCertificate> trustedCertificates) implements Immutable {
37 public static final State EMPTY = new State(Map.of(), Map.of());
40 privateKeys = Map.copyOf(privateKeys);
41 trustedCertificates = Map.copyOf(trustedCertificates);
46 private record ConfigState(
47 Map<String, PrivateKey> privateKeys,
48 Map<String, TrustedCertificate> trustedCertificates) implements Immutable {
49 static final ConfigState EMPTY = new ConfigState(Map.of(), Map.of());
52 privateKeys = Map.copyOf(privateKeys);
53 trustedCertificates = Map.copyOf(trustedCertificates);
58 record ConfigStateBuilder(
59 HashMap<String, PrivateKey> privateKeys,
60 HashMap<String, TrustedCertificate> trustedCertificates) {
62 requireNonNull(privateKeys);
63 requireNonNull(trustedCertificates);
67 private final AtomicReference<@NonNull ConfigState> state = new AtomicReference<>(ConfigState.EMPTY);
69 private @Nullable Registration configListener;
71 protected final void start(final DataBroker dataBroker) {
72 if (configListener == null) {
73 configListener = dataBroker.registerTreeChangeListener(
74 DataTreeIdentifier.of(LogicalDatastoreType.CONFIGURATION, InstanceIdentifier.create(Keystore.class)),
75 new ConfigListener(this));
79 protected final void stop() {
80 final var listener = configListener;
81 if (listener != null) {
82 configListener = null;
84 state.set(ConfigState.EMPTY);
88 protected abstract void onStateUpdated(@NonNull State newState);
90 final void runUpdate(final Consumer<@NonNull ConfigStateBuilder> task) {
91 final var prevState = state.getAcquire();
93 final var builder = new ConfigStateBuilder(new HashMap<>(prevState.privateKeys),
94 new HashMap<>(prevState.trustedCertificates));
96 final var newState = new ConfigState(builder.privateKeys, builder.trustedCertificates);
98 // Careful application -- check if listener is still up and whether the state was not updated.
99 if (configListener == null || state.compareAndExchangeRelease(prevState, newState) != prevState) {
103 // FIXME: compile to crypto
105 onStateUpdated(new State(newState.privateKeys, newState.trustedCertificates));
107 // FIXME: tickle operational updater (which does not exist yet)