import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.List;
+
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.SSLEngineResult.HandshakeStatus;
+
import org.opendaylight.controller.protocol_plugin.openflow.core.IMessageReadWrite;
import org.openflow.protocol.OFMessage;
import org.openflow.protocol.factory.BasicFactory;
// switch
private ByteBuffer peerNetData; // encrypted message from the switch
private FileInputStream kfd = null, tfd = null;
+ private final String keyStoreFileDefault = "./configuration/tlsKeyStore";
+ private final String trustStoreFileDefault = "./configuration/tlsTrustStore";
+ private final String keyStorePasswordPropName = "controllerKeyStorePassword";
+ private final String trustStorePasswordPropName = "controllerTrustStorePassword";
+ private static String keyStorePassword = null;
+ private static String trustStorePassword = null;
public SecureMessageReadWriteService(SocketChannel socket, Selector selector)
throws Exception {
createSecureChannel(socket);
createBuffers(sslEngine);
} catch (Exception e) {
+ logger.warn("Failed to setup TLS connection {} {}", socket, e);
stop();
throw e;
}
*/
private void createSecureChannel(SocketChannel socket) throws Exception {
String keyStoreFile = System.getProperty("controllerKeyStore");
- String keyStorePassword = System
- .getProperty("controllerKeyStorePassword");
String trustStoreFile = System.getProperty("controllerTrustStore");
- String trustStorePassword = System
- .getProperty("controllerTrustStorePassword");
+ String keyStorePasswordProp = System.getProperty(keyStorePasswordPropName);
+ String trustStorePasswordProp = System.getProperty(trustStorePasswordPropName);
if (keyStoreFile != null) {
keyStoreFile = keyStoreFile.trim();
+ } else {
+ keyStoreFile = keyStoreFileDefault;
}
if ((keyStoreFile == null) || keyStoreFile.isEmpty()) {
- throw new FileNotFoundException(
- "controllerKeyStore not specified in ./configuration/config.ini");
+ throw new FileNotFoundException("TLS KeyStore file not found.");
+ }
+
+ if ((keyStorePassword == null) || ((keyStorePasswordProp != null) && !keyStorePasswordProp.isEmpty())) {
+ keyStorePassword = keyStorePasswordProp;
}
if (keyStorePassword != null) {
keyStorePassword = keyStorePassword.trim();
+ System.setProperty(keyStorePasswordPropName, "");
}
if ((keyStorePassword == null) || keyStorePassword.isEmpty()) {
- throw new FileNotFoundException(
- "controllerKeyStorePassword not specified in ./configuration/config.ini");
+ throw new FileNotFoundException("TLS KeyStore Password not provided.");
}
if (trustStoreFile != null) {
trustStoreFile = trustStoreFile.trim();
+ } else {
+ trustStoreFile = trustStoreFileDefault;
}
if ((trustStoreFile == null) || trustStoreFile.isEmpty()) {
- throw new FileNotFoundException(
- "controllerTrustStore not specified in ./configuration/config.ini");
+ throw new FileNotFoundException("TLS TrustStore file not found");
+ }
+
+ if ((trustStorePassword == null) || ((trustStorePasswordProp != null) && !trustStorePasswordProp.isEmpty())) {
+ trustStorePassword = trustStorePasswordProp;
}
if (trustStorePassword != null) {
trustStorePassword = trustStorePassword.trim();
+ System.setProperty(trustStorePasswordPropName, "");
}
if ((trustStorePassword == null) || trustStorePassword.isEmpty()) {
- throw new FileNotFoundException(
- "controllerTrustStorePassword not specified in ./configuration/config.ini");
+ throw new FileNotFoundException("TLS TrustStore Password not provided.");
}
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
- KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
- TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kfd = new FileInputStream(keyStoreFile);
tfd = new FileInputStream(trustStoreFile);
ks.load(kfd, keyStorePassword.toCharArray());
peerNetData.position(), peerNetData.limit());
}
- peerAppData.flip();
- msgs = factory.parseMessages(peerAppData);
- if (peerAppData.hasRemaining()) {
- peerAppData.compact();
- } else {
+ try {
+ peerAppData.flip();
+ msgs = factory.parseMessages(peerAppData);
+ if (peerAppData.hasRemaining()) {
+ peerAppData.compact();
+ } else {
+ peerAppData.clear();
+ }
+ } catch (Exception e) {
peerAppData.clear();
+ logger.debug("Caught exception: ", e);
}
this.socket.register(this.selector, SelectionKey.OP_READ, this);
this.myAppData = ByteBuffer
.allocate(session.getApplicationBufferSize());
this.peerAppData = ByteBuffer.allocate(session
- .getApplicationBufferSize());
+ .getApplicationBufferSize() * 20);
this.myNetData = ByteBuffer.allocate(session.getPacketBufferSize());
- this.peerNetData = ByteBuffer.allocate(session.getPacketBufferSize());
+ this.peerNetData = ByteBuffer.allocate(session.getPacketBufferSize() * 20);
}
@Override