2 * Copyright (c) 2024 PANTHEON.tech, s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.keystore.legacy;
10 import static java.util.Objects.requireNonNull;
12 import com.google.common.util.concurrent.ListenableFuture;
13 import com.google.common.util.concurrent.MoreExecutors;
14 import java.nio.charset.StandardCharsets;
15 import java.security.GeneralSecurityException;
16 import java.util.ArrayList;
17 import java.util.Base64;
18 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
19 import org.opendaylight.mdsal.binding.api.DataBroker;
20 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
21 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntry;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryInput;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryOutput;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryOutputBuilder;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredential;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialBuilder;
28 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
29 import org.opendaylight.yangtools.yang.common.ErrorType;
30 import org.opendaylight.yangtools.yang.common.RpcResult;
31 import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
32 import org.slf4j.Logger;
33 import org.slf4j.LoggerFactory;
35 final class DefaultAddKeystoreEntry extends AbstractRpc implements AddKeystoreEntry {
36 private static final Logger LOG = LoggerFactory.getLogger(DefaultAddKeystoreEntry.class);
38 private final AAAEncryptionService encryptionService;
40 DefaultAddKeystoreEntry(final DataBroker dataBroker, final AAAEncryptionService encryptionService) {
42 this.encryptionService = requireNonNull(encryptionService);
46 public ListenableFuture<RpcResult<AddKeystoreEntryOutput>> invoke(final AddKeystoreEntryInput input) {
47 final var plain = input.getKeyCredential();
48 if (plain == null || plain.isEmpty()) {
49 return RpcResultBuilder.success(new AddKeystoreEntryOutputBuilder().build()).buildFuture();
52 LOG.debug("Adding keypairs: {}", plain);
53 final var encrypted = new ArrayList<KeyCredential>(plain.size());
54 for (var credential : plain.values()) {
55 final var keyId = credential.getKeyId();
57 encrypted.add(new KeyCredentialBuilder(credential)
58 .setPrivateKey(encryptString(credential.getPrivateKey()))
59 .setPassphrase(encryptString(credential.getPassphrase()))
61 } catch (GeneralSecurityException e) {
62 LOG.debug("Cannot decrypt key credential {}}", credential, e);
63 return RpcResultBuilder.<AddKeystoreEntryOutput>failed()
64 .withError(ErrorType.APPLICATION, "Failed to decrypt key " + keyId, e)
69 final var tx = newTransaction();
70 for (var keypair : encrypted) {
71 tx.put(LogicalDatastoreType.CONFIGURATION,
72 InstanceIdentifier.create(Keystore.class).child(KeyCredential.class, keypair.key()), keypair);
75 return tx.commit().transform(commitInfo -> {
76 LOG.debug("Updated keypairs: {}", plain.keySet());
77 return RpcResultBuilder.success(new AddKeystoreEntryOutputBuilder().build()).build();
78 }, MoreExecutors.directExecutor());
81 private String encryptString(final String plain) throws GeneralSecurityException {
82 return Base64.getEncoder().encodeToString(encryptionService.encrypt(plain.getBytes(StandardCharsets.UTF_8)));