2 * Copyright (c) 2017 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.client.mdsal.impl;
10 import static java.util.Objects.requireNonNull;
12 import com.google.common.annotations.VisibleForTesting;
13 import com.google.common.collect.ImmutableClassToInstanceMap;
14 import com.google.common.util.concurrent.FutureCallback;
15 import com.google.common.util.concurrent.ListenableFuture;
16 import com.google.common.util.concurrent.MoreExecutors;
17 import com.google.common.util.concurrent.SettableFuture;
18 import java.util.List;
19 import java.util.stream.Collectors;
20 import javax.annotation.PreDestroy;
21 import javax.inject.Inject;
22 import javax.inject.Singleton;
23 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
24 import org.opendaylight.mdsal.binding.api.DataBroker;
25 import org.opendaylight.mdsal.binding.api.RpcProviderService;
26 import org.opendaylight.mdsal.binding.api.WriteTransaction;
27 import org.opendaylight.mdsal.common.api.CommitInfo;
28 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntry;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryInput;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryOutput;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryOutputBuilder;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKey;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKeyInput;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKeyOutput;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKeyOutputBuilder;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificate;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificateInput;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificateOutput;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificateOutputBuilder;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntry;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryInput;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryOutput;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryOutputBuilder;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKey;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKeyInput;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKeyOutput;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKeyOutputBuilder;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificate;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificateInput;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificateOutput;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificateOutputBuilder;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKeyKey;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredential;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialBuilder;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialKey;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificate;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificateKey;
61 import org.opendaylight.yangtools.concepts.Registration;
62 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
63 import org.opendaylight.yangtools.yang.binding.Rpc;
64 import org.opendaylight.yangtools.yang.common.RpcResult;
65 import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
66 import org.osgi.service.component.annotations.Activate;
67 import org.osgi.service.component.annotations.Component;
68 import org.osgi.service.component.annotations.Deactivate;
69 import org.osgi.service.component.annotations.Reference;
70 import org.slf4j.Logger;
71 import org.slf4j.LoggerFactory;
74 @Component(service = { })
75 public final class NetconfSalKeystoreRpcs implements AutoCloseable {
76 private static final Logger LOG = LoggerFactory.getLogger(NetconfSalKeystoreRpcs.class);
77 private static final InstanceIdentifier<Keystore> KEYSTORE_IID = InstanceIdentifier.create(Keystore.class);
79 // FIXME: we are populating config datastore, but there may be risks with concurrent access. We really should be
80 // using cluster singleton service here.
81 private final DataBroker dataBroker;
82 private final AAAEncryptionService encryptionService;
83 private final Registration reg;
87 public NetconfSalKeystoreRpcs(@Reference final DataBroker dataBroker,
88 @Reference final AAAEncryptionService encryptionService, @Reference final RpcProviderService rpcProvider) {
89 this.dataBroker = requireNonNull(dataBroker);
90 this.encryptionService = requireNonNull(encryptionService);
92 reg = rpcProvider.registerRpcImplementations(ImmutableClassToInstanceMap.<Rpc<?, ?>>builder()
93 .put(RemoveKeystoreEntry.class, this::removeKeystoreEntry)
94 .put(AddKeystoreEntry.class, this::addKeystoreEntry)
95 .put(AddTrustedCertificate.class, this::addTrustedCertificate)
96 .put(RemoveTrustedCertificate.class, this::removeTrustedCertificate)
97 .put(AddPrivateKey.class, this::addPrivateKey)
98 .put(RemovePrivateKey.class, this::removePrivateKey)
100 LOG.info("NETCONF keystore service started");
106 public void close() {
108 LOG.info("NETCONF keystore service stopped");
111 private ListenableFuture<RpcResult<RemoveKeystoreEntryOutput>> removeKeystoreEntry(
112 final RemoveKeystoreEntryInput input) {
113 LOG.debug("Removing keypairs: {}", input);
115 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
117 for (final String id : input.getKeyId()) {
118 writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
119 KEYSTORE_IID.child(KeyCredential.class, new KeyCredentialKey(id)));
122 final SettableFuture<RpcResult<RemoveKeystoreEntryOutput>> rpcResult = SettableFuture.create();
124 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
126 public void onSuccess(final CommitInfo result) {
127 LOG.debug("remove-key-pair success. Input: {}", input);
128 rpcResult.set(RpcResultBuilder.success(new RemoveKeystoreEntryOutputBuilder().build()).build());
132 public void onFailure(final Throwable throwable) {
133 LOG.warn("remove-key-pair failed. Input: {}", input, throwable);
134 rpcResult.setException(throwable);
136 }, MoreExecutors.directExecutor());
141 private ListenableFuture<RpcResult<AddKeystoreEntryOutput>> addKeystoreEntry(final AddKeystoreEntryInput input) {
142 LOG.debug("Adding keypairs: {}", input);
144 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
145 final List<KeyCredential> keypairs = input.nonnullKeyCredential().values().stream()
146 .map(keypair -> new KeyCredentialBuilder(keypair)
147 .setPrivateKey(encryptionService.encrypt(keypair.getPrivateKey()))
148 .setPassphrase(encryptionService.encrypt(keypair.getPassphrase()))
150 .collect(Collectors.toList());
152 for (KeyCredential keypair : keypairs) {
153 writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
154 KEYSTORE_IID.child(KeyCredential.class, keypair.key()), keypair);
157 final SettableFuture<RpcResult<AddKeystoreEntryOutput>> rpcResult = SettableFuture.create();
159 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
161 public void onSuccess(final CommitInfo result) {
162 LOG.debug("add-key-pair success. Input: {}", input);
163 rpcResult.set(RpcResultBuilder.success(new AddKeystoreEntryOutputBuilder().build()).build());
167 public void onFailure(final Throwable throwable) {
168 LOG.warn("add-key-pair failed. Input: {}", input, throwable);
169 rpcResult.setException(throwable);
171 }, MoreExecutors.directExecutor());
177 ListenableFuture<RpcResult<AddTrustedCertificateOutput>> addTrustedCertificate(
178 final AddTrustedCertificateInput input) {
179 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
181 for (TrustedCertificate certificate : input.nonnullTrustedCertificate().values()) {
182 writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
183 KEYSTORE_IID.child(TrustedCertificate.class, certificate.key()), certificate);
186 final SettableFuture<RpcResult<AddTrustedCertificateOutput>> rpcResult = SettableFuture.create();
188 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
190 public void onSuccess(final CommitInfo result) {
191 LOG.debug("add-trusted-certificate success. Input: {}", input);
192 rpcResult.set(RpcResultBuilder.success(new AddTrustedCertificateOutputBuilder().build()).build());
196 public void onFailure(final Throwable throwable) {
197 LOG.warn("add-trusted-certificate failed. Input: {}", input, throwable);
198 rpcResult.setException(throwable);
200 }, MoreExecutors.directExecutor());
205 private ListenableFuture<RpcResult<RemoveTrustedCertificateOutput>> removeTrustedCertificate(
206 final RemoveTrustedCertificateInput input) {
207 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
209 for (final String name : input.getName()) {
210 writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
211 KEYSTORE_IID.child(TrustedCertificate.class, new TrustedCertificateKey(name)));
214 final SettableFuture<RpcResult<RemoveTrustedCertificateOutput>> rpcResult = SettableFuture.create();
216 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
218 public void onSuccess(final CommitInfo result) {
219 LOG.debug("remove-trusted-certificate success. Input: {}", input);
220 rpcResult.set(RpcResultBuilder.success(new RemoveTrustedCertificateOutputBuilder().build()).build());
224 public void onFailure(final Throwable throwable) {
225 LOG.warn("remove-trusted-certificate failed. Input: {}", input, throwable);
226 rpcResult.setException(throwable);
228 }, MoreExecutors.directExecutor());
234 ListenableFuture<RpcResult<AddPrivateKeyOutput>> addPrivateKey(final AddPrivateKeyInput input) {
235 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
237 for (PrivateKey key: input.nonnullPrivateKey().values()) {
238 writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
239 KEYSTORE_IID.child(PrivateKey.class, key.key()), key);
242 final SettableFuture<RpcResult<AddPrivateKeyOutput>> rpcResult = SettableFuture.create();
244 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
246 public void onSuccess(final CommitInfo result) {
247 LOG.debug("add-private-key success. Input: {}", input);
248 rpcResult.set(RpcResultBuilder.success(new AddPrivateKeyOutputBuilder().build()).build());
252 public void onFailure(final Throwable throwable) {
253 LOG.warn("add-private-key failed. Input: {}", input, throwable);
254 rpcResult.setException(throwable);
256 }, MoreExecutors.directExecutor());
261 private ListenableFuture<RpcResult<RemovePrivateKeyOutput>> removePrivateKey(final RemovePrivateKeyInput input) {
262 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
264 for (final String name : input.getName()) {
265 writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
266 KEYSTORE_IID.child(PrivateKey.class, new PrivateKeyKey(name)));
269 final SettableFuture<RpcResult<RemovePrivateKeyOutput>> rpcResult = SettableFuture.create();
271 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
273 public void onSuccess(final CommitInfo result) {
274 LOG.debug("remove-private-key success. Input: {}", input);
275 rpcResult.set(RpcResultBuilder.success(new RemovePrivateKeyOutputBuilder().build()).build());
279 public void onFailure(final Throwable throwable) {
280 LOG.warn("remove-private-key failed. Input: {}", input, throwable);
281 rpcResult.setException(throwable);
283 }, MoreExecutors.directExecutor());