import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
+import com.google.common.util.concurrent.MoreExecutors;
import io.netty.util.concurrent.EventExecutor;
import java.math.BigDecimal;
import java.net.InetSocketAddress;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.md.sal.dom.api.DOMMountPointService;
import org.opendaylight.netconf.api.NetconfMessage;
import org.opendaylight.netconf.client.NetconfClientSessionListener;
import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfiguration;
import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfigurationBuilder;
import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.AuthenticationHandler;
-import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.LoginPassword;
+import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.LoginPasswordHandler;
import org.opendaylight.netconf.sal.connect.api.RemoteDevice;
import org.opendaylight.netconf.sal.connect.api.RemoteDeviceHandler;
import org.opendaylight.netconf.sal.connect.netconf.LibraryModulesSchemas;
import org.opendaylight.netconf.sal.connect.netconf.NetconfDevice;
import org.opendaylight.netconf.sal.connect.netconf.NetconfDeviceBuilder;
import org.opendaylight.netconf.sal.connect.netconf.SchemalessNetconfDevice;
+import org.opendaylight.netconf.sal.connect.netconf.auth.DatastoreBackedPublicKeyAuth;
import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfDeviceCapabilities;
import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfDeviceCommunicator;
import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfSessionPreferences;
import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
+import org.opendaylight.netconf.sal.connect.netconf.sal.NetconfKeystoreAdapter;
import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
import org.opendaylight.netconf.topology.singleton.api.RemoteDeviceConnector;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.status.available.capabilities.AvailableCapability.CapabilityOrigin;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.Credentials;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.KeyAuth;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPw;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPwUnencrypted;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.key.auth.KeyBased;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.login.pw.LoginPassword;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.login.pw.unencrypted.LoginPasswordUnencrypted;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
import org.opendaylight.yangtools.yang.model.repo.api.SourceIdentifier;
import org.opendaylight.yangtools.yang.model.repo.api.YangTextSchemaSource;
private final RemoteDeviceId remoteDeviceId;
private final DOMMountPointService mountService;
private final Timeout actorResponseWaitTime;
-
+ private final String privateKeyPath;
+ private final String privateKeyPassphrase;
+ private final AAAEncryptionService encryptionService;
private NetconfConnectorDTO deviceCommunicatorDTO;
+ private final NetconfKeystoreAdapter keystoreAdapter;
public RemoteDeviceConnectorImpl(final NetconfTopologySetup netconfTopologyDeviceSetup,
final RemoteDeviceId remoteDeviceId, final Timeout actorResponseWaitTime,
this.remoteDeviceId = remoteDeviceId;
this.actorResponseWaitTime = actorResponseWaitTime;
this.mountService = mountService;
+ this.privateKeyPath = netconfTopologyDeviceSetup.getPrivateKeyPath();
+ this.privateKeyPassphrase = netconfTopologyDeviceSetup.getPrivateKeyPassphrase();
+ this.encryptionService = netconfTopologyDeviceSetup.getEncryptionService();
+ keystoreAdapter = new NetconfKeystoreAdapter(netconfTopologyDeviceSetup.getDataBroker());
}
@Override
public void onFailure(@Nullable final Throwable throwable) {
LOG.error("{}: Connector failed, {}", remoteDeviceId, throwable);
}
- });
+ }, MoreExecutors.directExecutor());
}
+ @SuppressWarnings("checkstyle:IllegalCatch")
@Override
public void stopRemoteDeviceConnection() {
Preconditions.checkNotNull(deviceCommunicatorDTO, remoteDeviceId + ": Device communicator was not created.");
NetconfConnectorDTO createDeviceCommunicator(final NodeId nodeId, final NetconfNode node,
final ActorRef deviceContextActorRef) {
//setup default values since default value is not supported in mdsal
- final Long defaultRequestTimeoutMillis = node.getDefaultRequestTimeoutMillis() == null
+ final long defaultRequestTimeoutMillis = node.getDefaultRequestTimeoutMillis() == null
? NetconfTopologyUtils.DEFAULT_REQUEST_TIMEOUT_MILLIS : node.getDefaultRequestTimeoutMillis();
- final Long keepaliveDelay = node.getKeepaliveDelay() == null
+ final long keepaliveDelay = node.getKeepaliveDelay() == null
? NetconfTopologyUtils.DEFAULT_KEEPALIVE_DELAY : node.getKeepaliveDelay();
- final Boolean reconnectOnChangedSchema = node.isReconnectOnChangedSchema() == null
+ final boolean reconnectOnChangedSchema = node.isReconnectOnChangedSchema() == null
? NetconfTopologyUtils.DEFAULT_RECONNECT_ON_CHANGED_SCHEMA : node.isReconnectOnChangedSchema();
RemoteDeviceHandler<NetconfSessionPreferences> salFacade = new MasterSalFacade(remoteDeviceId,
//non-module capabilities should not exist in yang module capabilities
final NetconfSessionPreferences netconfSessionPreferences = NetconfSessionPreferences.fromStrings(capabilities);
- Preconditions.checkState(netconfSessionPreferences.getNonModuleCaps().isEmpty(), "List yang-module-capabilities/capability " +
- "should contain only module based capabilities. Non-module capabilities used: " +
- netconfSessionPreferences.getNonModuleCaps());
+ Preconditions.checkState(netconfSessionPreferences.getNonModuleCaps().isEmpty(),
+ "List yang-module-capabilities/capability should contain only module based capabilities. "
+ + "Non-module capabilities used: " + netconfSessionPreferences.getNonModuleCaps());
if (node.getNonModuleCapabilities() != null) {
capabilities.addAll(node.getNonModuleCapabilities().getCapability());
betweenAttemptsTimeoutMillis, sleepFactor);
final ReconnectStrategy strategy = sf.createReconnectStrategy();
- final AuthenticationHandler authHandler;
- final Credentials credentials = node.getCredentials();
- if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) {
- authHandler = new LoginPassword(
- ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getUsername(),
- ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getPassword());
- } else {
- throw new IllegalStateException(remoteDeviceId + ": Only login/password authentication is supported");
- }
+ final AuthenticationHandler authHandler = getHandlerFromCredentials(node.getCredentials());
return NetconfReconnectingClientConfigurationBuilder.create()
.withAddress(socketAddress)
.build();
}
+ private AuthenticationHandler getHandlerFromCredentials(final Credentials credentials) {
+ if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology
+ .rev150114.netconf.node.credentials.credentials.LoginPassword) {
+ final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology
+ .rev150114.netconf.node.credentials.credentials.LoginPassword loginPassword
+ = (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology
+ .rev150114.netconf.node.credentials.credentials.LoginPassword) credentials;
+ return new LoginPasswordHandler(loginPassword.getUsername(), loginPassword.getPassword());
+ }
+ if (credentials instanceof LoginPwUnencrypted) {
+ final LoginPasswordUnencrypted loginPassword =
+ ((LoginPwUnencrypted) credentials).getLoginPasswordUnencrypted();
+ return new LoginPasswordHandler(loginPassword.getUsername(), loginPassword.getPassword());
+ }
+ if (credentials instanceof LoginPw) {
+ final LoginPassword loginPassword = ((LoginPw) credentials).getLoginPassword();
+ return new LoginPasswordHandler(loginPassword.getUsername(),
+ encryptionService.decrypt(loginPassword.getPassword()));
+ }
+ if (credentials instanceof KeyAuth) {
+ final KeyBased keyPair = ((KeyAuth) credentials).getKeyBased();
+ return new DatastoreBackedPublicKeyAuth(keyPair.getUsername(), keyPair.getKeyId(),
+ keystoreAdapter, encryptionService);
+ }
+ throw new IllegalStateException("Unsupported credential type: " + credentials.getClass());
+ }
+
private static final class TimedReconnectStrategyFactory implements ReconnectStrategyFactory {
private final Long connectionAttempts;
private final EventExecutor executor;
@Override
public ReconnectStrategy createReconnectStrategy() {
- final Long maxSleep = null;
- final Long deadline = null;
-
return new TimedReconnectStrategy(executor, minSleep,
- minSleep, sleepFactor, maxSleep, connectionAttempts, deadline);
+ minSleep, sleepFactor, null /*maxSleep*/, connectionAttempts, null /*deadline*/);
}
}
}