2 * Copyright (c) 2016 Brocade Communication Systems and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.netconf.callhome.mount;
11 import com.google.common.base.Optional;
12 import com.google.common.util.concurrent.CheckedFuture;
13 import java.io.IOException;
14 import java.security.NoSuchAlgorithmException;
15 import java.security.NoSuchProviderException;
16 import java.security.PublicKey;
17 import java.security.spec.InvalidKeySpecException;
18 import java.util.ArrayList;
19 import java.util.List;
21 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
22 import org.opendaylight.controller.md.sal.binding.api.DataChangeListener;
23 import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
24 import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
25 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
26 import org.opendaylight.controller.md.sal.common.api.data.AsyncDataBroker;
27 import org.opendaylight.controller.md.sal.common.api.data.AsyncDataChangeEvent;
28 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
29 import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException;
30 import org.opendaylight.netconf.callhome.protocol.AuthorizedKeysDecoder;
31 import org.opendaylight.netconf.callhome.protocol.StatusRecorder;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.callhome.device.status.rev170112.Device1;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.callhome.device.status.rev170112.Device1Builder;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNodeConnectionStatus;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.network.topology.topology.topology.types.TopologyNetconf;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev161109.NetconfCallhomeServer;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev161109.netconf.callhome.server.AllowedDevices;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev161109.netconf.callhome.server.allowed.devices.Device;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev161109.netconf.callhome.server.allowed.devices.DeviceBuilder;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev161109.netconf.callhome.server.allowed.devices.DeviceKey;
42 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NetworkTopology;
43 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
44 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.TopologyId;
45 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.Topology;
46 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.TopologyKey;
47 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
48 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.NodeKey;
49 import org.opendaylight.yangtools.concepts.ListenerRegistration;
50 import org.opendaylight.yangtools.yang.binding.DataObject;
51 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
52 import org.slf4j.Logger;
53 import org.slf4j.LoggerFactory;
56 class CallhomeStatusReporter implements DataChangeListener, StatusRecorder, AutoCloseable {
57 private static final InstanceIdentifier<Topology> NETCONF_TOPO_IID =
58 InstanceIdentifier.create(NetworkTopology.class).child(Topology.class,
59 new TopologyKey(new TopologyId(TopologyNetconf.QNAME.getLocalName())));
61 private static final Logger LOG = LoggerFactory.getLogger(CallhomeStatusReporter.class);
63 private final DataBroker dataBroker;
64 private final ListenerRegistration<DataChangeListener> reg;
66 CallhomeStatusReporter(DataBroker broker) {
67 this.dataBroker = broker;
68 this.reg = dataBroker.registerDataChangeListener(LogicalDatastoreType.OPERATIONAL, NETCONF_TOPO_IID.child(Node.class),
69 this, AsyncDataBroker.DataChangeScope.SUBTREE);
73 public void onDataChanged(AsyncDataChangeEvent<InstanceIdentifier<?>, DataObject> change) {
74 for (InstanceIdentifier<?> removedPath : change.getRemovedPaths()) {
75 if (removedPath.getTargetType() != NetconfNode.class)
78 final NodeId nodeId = getNodeId(removedPath);
80 handleDisconnectedNetconfNode(nodeId);
85 for (Map.Entry<InstanceIdentifier<?>, DataObject> entry : change.getUpdatedData().entrySet()) {
86 if (entry.getKey().getTargetType() == NetconfNode.class) {
87 NodeId nodeId = getNodeId(entry.getKey());
89 NetconfNode nnode = (NetconfNode) entry.getValue();
90 handledNetconfNode(nodeId, nnode);
97 private NodeId getNodeId(final InstanceIdentifier<?> path) {
98 NodeKey key = path.firstKeyOf(Node.class);
99 return key != null ? key.getNodeId() : null;
102 private void handledNetconfNode(NodeId nodeId, NetconfNode nnode) {
103 NetconfNodeConnectionStatus.ConnectionStatus csts = nnode.getConnectionStatus();
107 handleConnectedNetconfNode(nodeId);
111 case UnableToConnect: {
112 handleUnableToConnectNetconfNode(nodeId);
118 private void handleConnectedNetconfNode(NodeId nodeId) {
119 // Fully connected, all services for remote device are
120 // available from the MountPointService.
121 LOG.debug("NETCONF Node: {} is fully connected", nodeId.getValue());
123 Device opDev = readAndGetDevice(nodeId);
125 LOG.warn("No corresponding callhome device found - exiting.");
127 Device modifiedDevice = withConnectedStatus(opDev);
128 if (modifiedDevice == null)
130 LOG.info("Setting successful status for callhome device id:{}.", nodeId);
131 writeDevice(nodeId, modifiedDevice);
135 private void handleDisconnectedNetconfNode(NodeId nodeId) {
136 LOG.debug("NETCONF Node: {} disconnected", nodeId.getValue());
138 Device opDev = readAndGetDevice(nodeId);
140 LOG.warn("No corresponding callhome device found - exiting.");
142 Device modifiedDevice = withDisconnectedStatus(opDev);
143 if (modifiedDevice == null)
145 LOG.info("Setting disconnected status for callhome device id:{}.", nodeId);
146 writeDevice(nodeId, modifiedDevice);
150 private void handleUnableToConnectNetconfNode(NodeId nodeId) {
151 // The maximum configured number of reconnect attempts
152 // have been reached. No more reconnects will be
153 // attempted by the Netconf Connector.
154 LOG.debug("NETCONF Node: {} connection failed", nodeId.getValue());
156 Device opDev = readAndGetDevice(nodeId);
158 LOG.warn("No corresponding callhome device found - exiting.");
160 Device modifiedDevice = withFailedStatus(opDev);
161 if (modifiedDevice == null)
163 LOG.info("Setting failed status for callhome device id:{}.", nodeId);
164 writeDevice(nodeId, modifiedDevice);
168 void asForceListedDevice(String id, PublicKey serverKey) {
169 NodeId nid = new NodeId(id);
170 Device device = newDevice(id, serverKey, Device1.DeviceStatus.DISCONNECTED);
171 writeDevice(nid, device);
174 void asUnlistedDevice(String id, PublicKey serverKey) {
175 NodeId nid = new NodeId(id);
176 Device device = newDevice(id, serverKey, Device1.DeviceStatus.FAILEDNOTALLOWED);
177 writeDevice(nid, device);
180 private Device newDevice(String id, PublicKey serverKey, Device1.DeviceStatus status) {
181 String sshEncodedKey = serverKey.toString();
183 sshEncodedKey = AuthorizedKeysDecoder.encodePublicKey(serverKey);
184 } catch (IOException e) {
186 LOG.warn("Unable to encode public key to ssh format.");
188 Device1 d1 = new Device1Builder().setDeviceStatus(Device1.DeviceStatus.FAILEDNOTALLOWED).build();
189 DeviceBuilder builder = new DeviceBuilder()
191 .setKey(new DeviceKey(id))
192 .setSshHostKey(sshEncodedKey)
193 .addAugmentation(Device1.class, d1);
195 return builder.build();
198 private Device readAndGetDevice(NodeId nodeId) {
199 Optional<Device> opDevGet = readDevice(nodeId);
200 if (opDevGet != null) {
201 if (opDevGet.isPresent()) {
202 return opDevGet.get();
209 private Optional<Device> readDevice(NodeId nodeId) {
210 ReadOnlyTransaction opTx = dataBroker.newReadOnlyTransaction();
212 InstanceIdentifier<Device> deviceIID = buildDeviceInstanceIdentifier(nodeId);
213 CheckedFuture<Optional<Device>, ReadFailedException> devFuture =
214 opTx.read(LogicalDatastoreType.OPERATIONAL, deviceIID);
217 return devFuture.checkedGet();
218 } catch (ReadFailedException e) {
223 private void writeDevice(NodeId nodeId, Device modifiedDevice) {
224 ReadWriteTransaction opTx = dataBroker.newReadWriteTransaction();
225 opTx.merge(LogicalDatastoreType.OPERATIONAL, buildDeviceInstanceIdentifier(nodeId), modifiedDevice);
229 private InstanceIdentifier<Device> buildDeviceInstanceIdentifier(NodeId nodeId) {
230 return InstanceIdentifier.create(NetconfCallhomeServer.class)
231 .child(AllowedDevices.class)
232 .child(Device.class, new DeviceKey(nodeId.getValue()));
235 private Device withConnectedStatus(Device opDev) {
236 Device1 status = new Device1Builder().setDeviceStatus(Device1.DeviceStatus.CONNECTED).build();
237 return new DeviceBuilder().addAugmentation(Device1.class, status).setUniqueId(opDev.getUniqueId())
238 .setSshHostKey(opDev.getSshHostKey()).build();
241 private Device withFailedStatus(Device opDev) {
242 Device1 status = new Device1Builder().setDeviceStatus(Device1.DeviceStatus.FAILED).build();
243 return new DeviceBuilder().addAugmentation(Device1.class, status).setUniqueId(opDev.getUniqueId())
244 .setSshHostKey(opDev.getSshHostKey()).build();
247 private Device withDisconnectedStatus(Device opDev) {
248 Device1 status = new Device1Builder().setDeviceStatus(Device1.DeviceStatus.DISCONNECTED).build();
249 return new DeviceBuilder().addAugmentation(Device1.class, status).setUniqueId(opDev.getUniqueId())
250 .setSshHostKey(opDev.getSshHostKey()).build();
253 private Device withFailedAuthStatus(Device opDev) {
254 Device1 status = new Device1Builder().setDeviceStatus(Device1.DeviceStatus.FAILEDAUTHFAILURE).build();
255 return new DeviceBuilder().addAugmentation(Device1.class, status).setUniqueId(opDev.getUniqueId())
256 .setSshHostKey(opDev.getSshHostKey()).build();
259 private void setDeviceStatus(Device device) {
260 WriteTransaction tx = dataBroker.newWriteOnlyTransaction();
261 InstanceIdentifier<Device> Device_IID =
262 InstanceIdentifier.create(NetconfCallhomeServer.class)
263 .child(AllowedDevices.class)
264 .child(Device.class, device.getKey());
266 tx.merge(LogicalDatastoreType.OPERATIONAL, Device_IID, device);
271 private AllowedDevices getDevices() {
272 ReadOnlyTransaction rxTransaction = dataBroker.newReadOnlyTransaction();
273 CheckedFuture<Optional<AllowedDevices>, ReadFailedException> devicesFuture =
274 rxTransaction.read(LogicalDatastoreType.OPERATIONAL, IetfZeroTouchCallHomeServerProvider.ALL_DEVICES);
277 Optional<AllowedDevices> opt = devicesFuture.checkedGet();
278 if (opt.isPresent()) {
279 AllowedDevices devices = opt.get();
282 } catch (ReadFailedException e) {
283 LOG.error("Error trying to read the whitelist devices: {}", e);
289 private List<Device> getDevicesAsList() {
290 AllowedDevices devices = getDevices();
291 return (devices == null) ? new ArrayList<Device>() : devices.getDevice();
295 public void reportFailedAuth(PublicKey sshKey) {
296 AuthorizedKeysDecoder decoder = new AuthorizedKeysDecoder();
298 for (Device device : getDevicesAsList()) {
299 String keyString = device.getSshHostKey();
302 PublicKey pubKey = decoder.decodePublicKey(keyString);
303 if (sshKey.getAlgorithm().equals(pubKey.getAlgorithm()) && sshKey.equals(pubKey)) {
304 Device failedDevice = withFailedAuthStatus(device);
305 if (failedDevice == null)
307 LOG.info("Setting auth failed status for callhome device id:{}.", failedDevice.getUniqueId());
308 setDeviceStatus(failedDevice);
311 } catch (InvalidKeySpecException | NoSuchAlgorithmException | NoSuchProviderException e) {
312 LOG.error("Failed decoding a device key with host key: {} {}", keyString, e);
317 LOG.error("No match found for the failed auth device (should have been filtered by whitelist). Key: {}",
322 public void close() throws Exception {