2 * Copyright (c) 2024 PANTHEON.tech, s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.keystore.legacy.impl;
10 import static java.util.Objects.requireNonNull;
12 import com.google.common.util.concurrent.ListenableFuture;
13 import com.google.common.util.concurrent.MoreExecutors;
14 import java.nio.charset.StandardCharsets;
15 import java.security.GeneralSecurityException;
16 import java.util.ArrayList;
17 import java.util.Base64;
18 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
19 import org.opendaylight.mdsal.binding.api.DataBroker;
20 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
21 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.AddKeystoreEntry;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.AddKeystoreEntryInput;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.AddKeystoreEntryOutput;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.AddKeystoreEntryOutputBuilder;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.Keystore;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.keystore.entry.KeyCredential;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.keystore.entry.KeyCredentialBuilder;
28 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
29 import org.opendaylight.yangtools.yang.common.ErrorType;
30 import org.opendaylight.yangtools.yang.common.RpcResult;
31 import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
32 import org.slf4j.Logger;
33 import org.slf4j.LoggerFactory;
35 final class DefaultAddKeystoreEntry extends AbstractRpc implements AddKeystoreEntry {
36 private static final Logger LOG = LoggerFactory.getLogger(DefaultAddKeystoreEntry.class);
38 private final AAAEncryptionService encryptionService;
40 DefaultAddKeystoreEntry(final DataBroker dataBroker, final AAAEncryptionService encryptionService) {
42 this.encryptionService = requireNonNull(encryptionService);
46 public ListenableFuture<RpcResult<AddKeystoreEntryOutput>> invoke(final AddKeystoreEntryInput input) {
47 final var plain = input.getKeyCredential();
48 if (plain == null || plain.isEmpty()) {
49 return RpcResultBuilder.success(new AddKeystoreEntryOutputBuilder().build()).buildFuture();
52 LOG.debug("Adding keypairs: {}", plain);
53 final var encrypted = new ArrayList<KeyCredential>(plain.size());
54 for (var credential : plain.values()) {
55 final var keyId = credential.getKeyId();
57 encrypted.add(new KeyCredentialBuilder()
58 .setKeyId(credential.getKeyId())
59 .setPrivateKey(encryptToBytes(credential.getPrivateKey()))
60 .setPassphrase(encryptToBytes(credential.getPassphrase()))
62 } catch (GeneralSecurityException e) {
63 LOG.debug("Cannot decrypt key credential {}}", credential, e);
64 return RpcResultBuilder.<AddKeystoreEntryOutput>failed()
65 .withError(ErrorType.APPLICATION, "Failed to decrypt key " + keyId, e)
70 final var tx = newTransaction();
71 for (var keypair : encrypted) {
72 tx.put(LogicalDatastoreType.CONFIGURATION,
73 InstanceIdentifier.create(Keystore.class).child(KeyCredential.class, keypair.key()), keypair);
76 return tx.commit().transform(commitInfo -> {
77 LOG.debug("Updated keypairs: {}", plain.keySet());
78 return RpcResultBuilder.success(new AddKeystoreEntryOutputBuilder().build()).build();
79 }, MoreExecutors.directExecutor());
82 private byte[] encryptToBytes(final String plain) throws GeneralSecurityException {
83 return Base64.getEncoder().encode(encryptionService.encrypt(plain.getBytes(StandardCharsets.UTF_8)));