2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.protocol.pcep.impl;
10 import com.google.common.annotations.VisibleForTesting;
11 import com.google.common.base.Preconditions;
12 import io.netty.channel.Channel;
13 import io.netty.channel.ChannelFuture;
14 import io.netty.channel.ChannelFutureListener;
15 import io.netty.handler.ssl.SslHandler;
16 import io.netty.util.concurrent.Promise;
17 import java.util.concurrent.Future;
18 import java.util.concurrent.TimeUnit;
19 import java.util.concurrent.TimeoutException;
20 import javax.net.ssl.SSLContext;
21 import javax.net.ssl.SSLEngine;
22 import org.opendaylight.protocol.pcep.impl.spi.Util;
23 import org.opendaylight.protocol.pcep.impl.tls.SslContextFactory;
24 import org.opendaylight.protocol.pcep.spi.PCEPErrors;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.controller.pcep.app.config.rev160707.pcep.dispatcher.config.Tls;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.message.rev131007.Keepalive;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.message.rev131007.KeepaliveBuilder;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.message.rev131007.OpenBuilder;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.message.rev131007.Pcerr;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.message.rev131007.Starttls;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.message.rev131007.StarttlsBuilder;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.types.rev131005.Message;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.types.rev131005.OpenMessage;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.types.rev131005.keepalive.message.KeepaliveMessageBuilder;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.types.rev131005.open.message.OpenMessageBuilder;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.types.rev131005.open.object.Open;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.types.rev131005.pcep.error.object.ErrorObject;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.types.rev131005.pcerr.message.pcerr.message.error.type.SessionCase;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.types.rev131005.start.tls.message.StartTlsMessageBuilder;
40 import org.slf4j.Logger;
41 import org.slf4j.LoggerFactory;
44 * Abstract PCEP session negotiator. Takes care of basic handshake without implementing a specific policy. Policies need
45 * to be provided by a specific subclass.
47 public abstract class AbstractPCEPSessionNegotiator extends AbstractSessionNegotiator {
49 * Unified KeepWait and OpenWait timer expiration, in seconds.
51 public static final int FAIL_TIMER_VALUE = 60;
54 * PCEP session negotiation state transitions are described in RFC5440. Simplification the two timers (KeepWait and
55 * OpenWait) are merged into a FailTimer, as they are mutually exclusive, have the same timeout value and their
56 * action is to terminate negotiation. This timer is restarted between state transitions and runs in all states
57 * except Idle and Finished.
62 * Negotiation has not begun. It will be activated once we are asked to provide our initial proposal, at which
63 * point we move into OpenWait state.
67 * Waiting for the peer's StartTLS message
71 * Waiting for the peer's OPEN message.
75 * Waiting for the peer's KEEPALIVE message.
79 * Negotiation has completed.
84 private static final Logger LOG = LoggerFactory.getLogger(AbstractPCEPSessionNegotiator.class);
85 private static final Keepalive KEEPALIVE = new KeepaliveBuilder().setKeepaliveMessage(new KeepaliveMessageBuilder().build()).build();
87 private volatile boolean localOK, openRetry, remoteOK;
88 private volatile State state = State.IDLE;
89 private Future<?> failTimer;
90 private Open localPrefs;
91 private Open remotePrefs;
92 private Tls tlsConfiguration;
94 protected AbstractPCEPSessionNegotiator(final Promise<PCEPSessionImpl> promise, final Channel channel) {
95 super(promise, channel);
99 * Get the initial session parameters proposal.
101 * @return Session parameters proposal.
103 protected abstract Open getInitialProposal();
106 * Get the revised session parameters proposal based on the feedback the peer has provided to us.
108 * @param suggestion Peer-provided suggested session parameters
109 * @return Session parameters proposal, or null if peers session parameters preclude us from suggesting anything
111 protected abstract Open getRevisedProposal(Open suggestion);
114 * Check whether a peer-provided session parameters proposal is acceptable.
116 * @param proposal peer-proposed session parameters
117 * @return true if the proposal is acceptable, false otherwise
119 protected abstract boolean isProposalAcceptable(Open proposal);
122 * Given a peer-provided session parameters proposal which we found unacceptable, provide a counter-proposal. The
123 * requirement is that the isProposalAcceptable() method has to return true when presented with this proposal.
125 * @param proposal unacceptable peer proposal
126 * @return our counter-proposal, or null if there is no way to negotiate an acceptable proposal
128 protected abstract Open getCounterProposal(Open proposal);
131 * Create the protocol session.
133 * @param channel Underlying channel.
134 * @param localPrefs Session preferences proposed by us and accepted by the peer.
135 * @param remotePrefs Session preferences proposed by the peer and accepted by us.
136 * @return New protocol session.
138 protected abstract PCEPSessionImpl createSession(Channel channel, Open localPrefs, Open remotePrefs);
141 * Sends PCEP Error Message with one PCEPError.
145 private void sendErrorMessage(final PCEPErrors value) {
147 this.sendMessage(Util.createErrorMessage(value, null));
150 private void scheduleFailTimer() {
151 this.failTimer = this.channel.eventLoop().schedule((Runnable) () -> {
152 switch (AbstractPCEPSessionNegotiator.this.state) {
157 sendErrorMessage(PCEPErrors.STARTTLS_TIMER_EXP);
158 negotiationFailed(new TimeoutException("StartTLSWait timer expired"));
159 AbstractPCEPSessionNegotiator.this.state = State.FINISHED;
162 sendErrorMessage(PCEPErrors.NO_MSG_BEFORE_EXP_KEEPWAIT);
163 negotiationFailed(new TimeoutException("KeepWait timer expired"));
164 AbstractPCEPSessionNegotiator.this.state = State.FINISHED;
167 sendErrorMessage(PCEPErrors.NO_OPEN_BEFORE_EXP_OPENWAIT);
168 negotiationFailed(new TimeoutException("OpenWait timer expired"));
169 AbstractPCEPSessionNegotiator.this.state = State.FINISHED;
174 }, FAIL_TIMER_VALUE, TimeUnit.SECONDS);
178 protected final void startNegotiation() {
179 Preconditions.checkState(this.state == State.IDLE);
180 if (this.tlsConfiguration != null) {
181 this.sendMessage(new StarttlsBuilder().setStartTlsMessage(new StartTlsMessageBuilder().build()).build());
182 this.state = State.START_TLS_WAIT;
184 LOG.info("Started TLS connection negotiation with peer {}", this.channel);
186 startNegotiationWithOpen();
188 this.channel.closeFuture().addListener((ChannelFutureListener) f -> cancelTimers());
191 private void cancelTimers() {
192 this.failTimer.cancel(false);
195 private void startNegotiationWithOpen() {
196 this.localPrefs = getInitialProposal();
197 final OpenMessage m = new org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.message.rev131007.OpenBuilder().setOpenMessage(
198 new OpenMessageBuilder().setOpen(this.localPrefs).build()).build();
200 this.state = State.OPEN_WAIT;
203 LOG.info("PCEP session with {} started, sent proposal {}", this.channel, this.localPrefs);
206 private boolean handleMessageKeepWait(final Message msg) {
207 if (msg instanceof Keepalive) {
208 return handleMessageKeepAlive();
209 } else if (msg instanceof Pcerr) {
210 return handleMessagePcerr(msg);
215 private boolean handleMessageKeepAlive() {
218 LOG.info("PCEP peer {} completed negotiation", this.channel);
219 negotiationSuccessful(createSession(this.channel, this.localPrefs, this.remotePrefs));
220 this.state = State.FINISHED;
223 this.state = State.OPEN_WAIT;
224 LOG.debug("Channel {} moved to OpenWait state with localOK=1", this.channel);
229 private boolean handleMessagePcerr(final Message msg) {
230 final org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.types.rev131005.pcerr.message.PcerrMessage err = ((Pcerr) msg).getPcerrMessage();
231 if (err.getErrorType() == null) {
232 final ErrorObject obj = err.getErrors().get(0).getErrorObject();
233 LOG.warn("Unexpected error received from PCC: type {} value {}", obj.getType(), obj.getValue());
234 negotiationFailed(new IllegalStateException("Unexpected error received from PCC."));
235 this.state = State.IDLE;
238 this.localPrefs = getRevisedProposal(((SessionCase) err.getErrorType()).getSession().getOpen());
239 if (this.localPrefs == null) {
240 sendErrorMessage(PCEPErrors.PCERR_NON_ACC_SESSION_CHAR);
241 negotiationFailed(new IllegalStateException("Peer suggested unacceptable retry proposal"));
242 this.state = State.FINISHED;
245 this.sendMessage(new OpenBuilder().setOpenMessage(new OpenMessageBuilder().setOpen(this.localPrefs).build()).build());
246 if (!this.remoteOK) {
247 this.state = State.OPEN_WAIT;
253 private boolean handleMessageOpenWait(final Message msg) {
254 if (!(msg instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.message.rev131007.Open)) {
257 final org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.types.rev131005.open.message.OpenMessage o = ((org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.pcep.message.rev131007.Open) msg).getOpenMessage();
258 final Open open = o.getOpen();
259 if (isProposalAcceptable(open)) {
260 this.sendMessage(KEEPALIVE);
261 this.remotePrefs = open;
262 this.remoteOK = true;
264 negotiationSuccessful(createSession(this.channel, this.localPrefs, this.remotePrefs));
265 LOG.info("PCEP peer {} completed negotiation", this.channel);
266 this.state = State.FINISHED;
269 this.state = State.KEEP_WAIT;
270 LOG.debug("Channel {} moved to KeepWait state with remoteOK=1", this.channel);
274 if (this.openRetry) {
275 sendErrorMessage(PCEPErrors.SECOND_OPEN_MSG);
276 negotiationFailed(new IllegalStateException("OPEN renegotiation failed"));
277 this.state = State.FINISHED;
280 final Open newPrefs = getCounterProposal(open);
281 if (newPrefs == null) {
282 sendErrorMessage(PCEPErrors.NON_ACC_NON_NEG_SESSION_CHAR);
283 negotiationFailed(new IllegalStateException("Peer sent unacceptable session parameters"));
284 this.state = State.FINISHED;
287 this.sendMessage(Util.createErrorMessage(PCEPErrors.NON_ACC_NEG_SESSION_CHAR, newPrefs));
288 this.openRetry = true;
289 this.state = this.localOK ? State.OPEN_WAIT : State.KEEP_WAIT;
294 private boolean handleMessageStartTlsWait(final Message msg) {
295 if (msg instanceof Starttls) {
296 final SslContextFactory sslFactory = new SslContextFactory(this.tlsConfiguration);
297 final SSLContext sslContext = sslFactory.getServerContext();
298 if (sslContext == null) {
299 this.sendErrorMessage(PCEPErrors.NOT_POSSIBLE_WITHOUT_TLS);
300 negotiationFailed(new IllegalStateException("Failed to establish a TLS connection."));
301 this.state = State.FINISHED;
304 final SSLEngine engine = sslContext.createSSLEngine();
305 engine.setNeedClientAuth(true);
306 engine.setUseClientMode(false);
307 this.channel.pipeline().addFirst(new SslHandler(engine));
308 LOG.info("PCEPS TLS connection with peer: {} established succesfully.", this.channel);
309 startNegotiationWithOpen();
311 } else if (!(msg instanceof Pcerr)) {
312 this.sendErrorMessage(PCEPErrors.NON_STARTTLS_MSG_RCVD);
313 negotiationFailed(new IllegalStateException("Unexpected message recieved."));
314 this.state = State.FINISHED;
321 protected final void handleMessage(final Message msg) {
324 LOG.debug("Channel {} handling message {} in state {}", this.channel, msg, this.state);
326 switch (this.state) {
329 throw new IllegalStateException("Unexpected handleMessage in state " + this.state);
331 if (handleMessageStartTlsWait(msg)) {
336 if (handleMessageKeepWait(msg)) {
341 if (handleMessageOpenWait(msg)) {
348 LOG.warn("Channel {} in state {} received unexpected message {}", this.channel, this.state, msg);
349 sendErrorMessage(PCEPErrors.NON_OR_INVALID_OPEN_MSG);
350 negotiationFailed(new Exception("Illegal message encountered"));
351 this.state = State.FINISHED;
359 public void setTlsConfiguration(final Tls tlsConfiguration) {
360 this.tlsConfiguration = tlsConfiguration;
364 protected void negotiationFailed(final Throwable cause) {
365 this.LOG.debug("Negotiation on channel {} failed", this.channel, cause);
366 this.channel.close();
367 this.promise.setFailure(cause);