2 * Copyright (c) 2017 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.client.mdsal.impl;
10 import static java.util.Objects.requireNonNull;
12 import com.google.common.collect.ClassToInstanceMap;
13 import com.google.common.collect.ImmutableClassToInstanceMap;
14 import com.google.common.util.concurrent.FutureCallback;
15 import com.google.common.util.concurrent.ListenableFuture;
16 import com.google.common.util.concurrent.MoreExecutors;
17 import com.google.common.util.concurrent.SettableFuture;
18 import java.util.List;
19 import java.util.stream.Collectors;
20 import javax.annotation.PreDestroy;
21 import javax.inject.Inject;
22 import javax.inject.Singleton;
23 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
24 import org.opendaylight.mdsal.binding.api.DataBroker;
25 import org.opendaylight.mdsal.binding.api.RpcProviderService;
26 import org.opendaylight.mdsal.binding.api.WriteTransaction;
27 import org.opendaylight.mdsal.common.api.CommitInfo;
28 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntry;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryInput;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryOutput;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryOutputBuilder;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKey;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKeyInput;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKeyOutput;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKeyOutputBuilder;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificate;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificateInput;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificateOutput;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificateOutputBuilder;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntry;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryInput;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryOutput;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryOutputBuilder;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKey;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKeyInput;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKeyOutput;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKeyOutputBuilder;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificate;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificateInput;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificateOutput;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificateOutputBuilder;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKeyKey;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredential;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialBuilder;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialKey;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificate;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificateKey;
61 import org.opendaylight.yangtools.concepts.Registration;
62 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
63 import org.opendaylight.yangtools.yang.binding.Rpc;
64 import org.opendaylight.yangtools.yang.common.RpcResult;
65 import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
66 import org.osgi.service.component.annotations.Activate;
67 import org.osgi.service.component.annotations.Component;
68 import org.osgi.service.component.annotations.Deactivate;
69 import org.osgi.service.component.annotations.Reference;
70 import org.slf4j.Logger;
71 import org.slf4j.LoggerFactory;
74 @Component(service = { })
75 public final class NetconfSalKeystoreRpcs implements AutoCloseable {
76 private static final Logger LOG = LoggerFactory.getLogger(NetconfSalKeystoreRpcs.class);
77 private static final InstanceIdentifier<Keystore> KEYSTORE_IID = InstanceIdentifier.create(Keystore.class);
79 // FIXME: we are populating config datastore, but there may be risks with concurrent access. We really should be
80 // using cluster singleton service here.
81 private final DataBroker dataBroker;
82 private final AAAEncryptionService encryptionService;
83 private final Registration reg;
87 public NetconfSalKeystoreRpcs(@Reference final DataBroker dataBroker,
88 @Reference final AAAEncryptionService encryptionService, @Reference final RpcProviderService rpcProvider) {
89 this.dataBroker = requireNonNull(dataBroker);
90 this.encryptionService = requireNonNull(encryptionService);
92 reg = rpcProvider.registerRpcImplementations(getRpcClassToInstanceMap());
93 LOG.info("NETCONF keystore service started");
101 LOG.info("NETCONF keystore service stopped");
104 private ListenableFuture<RpcResult<RemoveKeystoreEntryOutput>> removeKeystoreEntry(
105 final RemoveKeystoreEntryInput input) {
106 LOG.debug("Removing keypairs: {}", input);
108 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
110 for (final String id : input.getKeyId()) {
111 writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
112 KEYSTORE_IID.child(KeyCredential.class, new KeyCredentialKey(id)));
115 final SettableFuture<RpcResult<RemoveKeystoreEntryOutput>> rpcResult = SettableFuture.create();
117 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
119 public void onSuccess(final CommitInfo result) {
120 LOG.debug("remove-key-pair success. Input: {}", input);
121 rpcResult.set(RpcResultBuilder.success(new RemoveKeystoreEntryOutputBuilder().build()).build());
125 public void onFailure(final Throwable throwable) {
126 LOG.warn("remove-key-pair failed. Input: {}", input, throwable);
127 rpcResult.setException(throwable);
129 }, MoreExecutors.directExecutor());
134 private ListenableFuture<RpcResult<AddKeystoreEntryOutput>> addKeystoreEntry(final AddKeystoreEntryInput input) {
135 LOG.debug("Adding keypairs: {}", input);
137 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
138 final List<KeyCredential> keypairs = input.nonnullKeyCredential().values().stream()
139 .map(keypair -> new KeyCredentialBuilder(keypair)
140 .setPrivateKey(encryptionService.encrypt(keypair.getPrivateKey()))
141 .setPassphrase(encryptionService.encrypt(keypair.getPassphrase()))
143 .collect(Collectors.toList());
145 for (KeyCredential keypair : keypairs) {
146 writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
147 KEYSTORE_IID.child(KeyCredential.class, keypair.key()), keypair);
150 final SettableFuture<RpcResult<AddKeystoreEntryOutput>> rpcResult = SettableFuture.create();
152 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
154 public void onSuccess(final CommitInfo result) {
155 LOG.debug("add-key-pair success. Input: {}", input);
156 rpcResult.set(RpcResultBuilder.success(new AddKeystoreEntryOutputBuilder().build()).build());
160 public void onFailure(final Throwable throwable) {
161 LOG.warn("add-key-pair failed. Input: {}", input, throwable);
162 rpcResult.setException(throwable);
164 }, MoreExecutors.directExecutor());
169 private ListenableFuture<RpcResult<AddTrustedCertificateOutput>> addTrustedCertificate(
170 final AddTrustedCertificateInput input) {
171 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
173 for (TrustedCertificate certificate : input.nonnullTrustedCertificate().values()) {
174 writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
175 KEYSTORE_IID.child(TrustedCertificate.class, certificate.key()), certificate);
178 final SettableFuture<RpcResult<AddTrustedCertificateOutput>> rpcResult = SettableFuture.create();
180 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
182 public void onSuccess(final CommitInfo result) {
183 LOG.debug("add-trusted-certificate success. Input: {}", input);
184 rpcResult.set(RpcResultBuilder.success(new AddTrustedCertificateOutputBuilder().build()).build());
188 public void onFailure(final Throwable throwable) {
189 LOG.warn("add-trusted-certificate failed. Input: {}", input, throwable);
190 rpcResult.setException(throwable);
192 }, MoreExecutors.directExecutor());
197 private ListenableFuture<RpcResult<RemoveTrustedCertificateOutput>> removeTrustedCertificate(
198 final RemoveTrustedCertificateInput input) {
199 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
201 for (final String name : input.getName()) {
202 writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
203 KEYSTORE_IID.child(TrustedCertificate.class, new TrustedCertificateKey(name)));
206 final SettableFuture<RpcResult<RemoveTrustedCertificateOutput>> rpcResult = SettableFuture.create();
208 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
210 public void onSuccess(final CommitInfo result) {
211 LOG.debug("remove-trusted-certificate success. Input: {}", input);
212 rpcResult.set(RpcResultBuilder.success(new RemoveTrustedCertificateOutputBuilder().build()).build());
216 public void onFailure(final Throwable throwable) {
217 LOG.warn("remove-trusted-certificate failed. Input: {}", input, throwable);
218 rpcResult.setException(throwable);
220 }, MoreExecutors.directExecutor());
225 private ListenableFuture<RpcResult<AddPrivateKeyOutput>> addPrivateKey(final AddPrivateKeyInput input) {
226 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
228 for (PrivateKey key: input.nonnullPrivateKey().values()) {
229 writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
230 KEYSTORE_IID.child(PrivateKey.class, key.key()), key);
233 final SettableFuture<RpcResult<AddPrivateKeyOutput>> rpcResult = SettableFuture.create();
235 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
237 public void onSuccess(final CommitInfo result) {
238 LOG.debug("add-private-key success. Input: {}", input);
239 rpcResult.set(RpcResultBuilder.success(new AddPrivateKeyOutputBuilder().build()).build());
243 public void onFailure(final Throwable throwable) {
244 LOG.warn("add-private-key failed. Input: {}", input, throwable);
245 rpcResult.setException(throwable);
247 }, MoreExecutors.directExecutor());
252 private ListenableFuture<RpcResult<RemovePrivateKeyOutput>> removePrivateKey(final RemovePrivateKeyInput input) {
253 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
255 for (final String name : input.getName()) {
256 writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
257 KEYSTORE_IID.child(PrivateKey.class, new PrivateKeyKey(name)));
260 final SettableFuture<RpcResult<RemovePrivateKeyOutput>> rpcResult = SettableFuture.create();
262 writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
264 public void onSuccess(final CommitInfo result) {
265 LOG.debug("remove-private-key success. Input: {}", input);
266 rpcResult.set(RpcResultBuilder.success(new RemovePrivateKeyOutputBuilder().build()).build());
270 public void onFailure(final Throwable throwable) {
271 LOG.warn("remove-private-key failed. Input: {}", input, throwable);
272 rpcResult.setException(throwable);
274 }, MoreExecutors.directExecutor());
279 public ClassToInstanceMap<Rpc<?, ?>> getRpcClassToInstanceMap() {
280 return ImmutableClassToInstanceMap.<Rpc<?, ?>>builder()
281 .put(RemoveKeystoreEntry.class, this::removeKeystoreEntry)
282 .put(AddKeystoreEntry.class, this::addKeystoreEntry)
283 .put(AddTrustedCertificate.class, this::addTrustedCertificate)
284 .put(RemoveTrustedCertificate.class, this::removeTrustedCertificate)
285 .put(AddPrivateKey.class, this::addPrivateKey)
286 .put(RemovePrivateKey.class, this::removePrivateKey)