X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;f=netconf%2Fnetconf-topology%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fnetconf%2Ftopology%2FAbstractNetconfTopology.java;h=c9ec7bf87facb077e98af782900f0283749e0d6d;hb=e472058ffda7ab483a69d814761cfd6f026ec4ad;hp=836d9bdb10b3524c95a8aa76dd26ad0aef3b571f;hpb=a0b7044b03473655a140b503e103f492b5f0f254;p=netconf.git
diff --git a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java
index 836d9bdb10..c9ec7bf87f 100644
--- a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java
+++ b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java
@@ -12,31 +12,45 @@ import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
+import com.google.common.util.concurrent.MoreExecutors;
+import com.google.common.util.concurrent.Uninterruptibles;
+import io.netty.handler.ssl.SslHandler;
import io.netty.util.concurrent.EventExecutor;
import java.io.File;
+import java.io.IOException;
import java.math.BigDecimal;
import java.net.InetSocketAddress;
import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManagerFactory;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
-import org.opendaylight.controller.sal.binding.api.BindingAwareBroker;
-import org.opendaylight.controller.sal.core.api.Broker;
+import org.opendaylight.controller.md.sal.dom.api.DOMMountPointService;
import org.opendaylight.netconf.api.NetconfMessage;
import org.opendaylight.netconf.client.NetconfClientDispatcher;
import org.opendaylight.netconf.client.NetconfClientSessionListener;
+import org.opendaylight.netconf.client.SslHandlerFactory;
import org.opendaylight.netconf.client.conf.NetconfClientConfiguration;
import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfiguration;
import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfigurationBuilder;
import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.AuthenticationHandler;
-import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.LoginPassword;
+import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.LoginPasswordHandler;
import org.opendaylight.netconf.sal.connect.api.RemoteDevice;
import org.opendaylight.netconf.sal.connect.api.RemoteDeviceHandler;
import org.opendaylight.netconf.sal.connect.netconf.LibraryModulesSchemas;
@@ -44,11 +58,13 @@ import org.opendaylight.netconf.sal.connect.netconf.NetconfDevice;
import org.opendaylight.netconf.sal.connect.netconf.NetconfDeviceBuilder;
import org.opendaylight.netconf.sal.connect.netconf.NetconfStateSchemasResolverImpl;
import org.opendaylight.netconf.sal.connect.netconf.SchemalessNetconfDevice;
+import org.opendaylight.netconf.sal.connect.netconf.auth.DatastoreBackedPublicKeyAuth;
import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfDeviceCapabilities;
import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfDeviceCommunicator;
import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfSessionPreferences;
import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
+import org.opendaylight.netconf.sal.connect.netconf.sal.NetconfKeystoreAdapter;
import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
import org.opendaylight.netconf.topology.api.NetconfTopology;
@@ -59,8 +75,17 @@ import org.opendaylight.protocol.framework.TimedReconnectStrategy;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.Protocol.Name;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.protocol.Specification;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.protocol.specification.TlsCase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.status.available.capabilities.AvailableCapability.CapabilityOrigin;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.Credentials;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.KeyAuth;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPw;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPwUnencrypted;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.key.auth.KeyBased;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.login.pw.LoginPassword;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.login.pw.unencrypted.LoginPasswordUnencrypted;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
import org.opendaylight.yangtools.yang.model.repo.api.SchemaContextFactory;
@@ -72,8 +97,10 @@ import org.opendaylight.yangtools.yang.model.repo.spi.PotentialSchemaSource;
import org.opendaylight.yangtools.yang.model.repo.spi.SchemaSourceRegistration;
import org.opendaylight.yangtools.yang.model.repo.spi.SchemaSourceRegistry;
import org.opendaylight.yangtools.yang.model.repo.util.FilesystemSchemaSourceCache;
+import org.opendaylight.yangtools.yang.model.repo.util.InMemorySchemaSourceCache;
import org.opendaylight.yangtools.yang.parser.repo.SharedSchemaRepository;
-import org.opendaylight.yangtools.yang.parser.util.TextToASTTransformer;
+import org.opendaylight.yangtools.yang.parser.rfc7950.repo.ASTSchemaSource;
+import org.opendaylight.yangtools.yang.parser.rfc7950.repo.TextToASTTransformer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -97,17 +124,18 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
private static final String CACHE_DIRECTORY = "cache";
/**
- * The default cache directory relative to CACHE_DIRECTORY
+ * The default cache directory relative to CACHE_DIRECTORY.
*/
private static final String DEFAULT_CACHE_DIRECTORY = "schema";
/**
- * The qualified schema cache directory cache/schema
+ * The qualified schema cache directory cache/schema.
*/
- private static final String QUALIFIED_DEFAULT_CACHE_DIRECTORY = CACHE_DIRECTORY + File.separator+ DEFAULT_CACHE_DIRECTORY;
+ private static final String QUALIFIED_DEFAULT_CACHE_DIRECTORY =
+ CACHE_DIRECTORY + File.separator + DEFAULT_CACHE_DIRECTORY;
/**
- * The name for the default schema repository
+ * The name for the default schema repository.
*/
private static final String DEFAULT_SCHEMA_REPOSITORY_NAME = "sal-netconf-connector";
@@ -117,12 +145,8 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
private static final SharedSchemaRepository DEFAULT_SCHEMA_REPOSITORY =
new SharedSchemaRepository(DEFAULT_SCHEMA_REPOSITORY_NAME);
- /**
- * The default FilesystemSchemaSourceCache, which stores cached files in cache/schema.
- */
- private static final FilesystemSchemaSourceCache DEFAULT_CACHE =
- new FilesystemSchemaSourceCache<>(DEFAULT_SCHEMA_REPOSITORY, YangTextSchemaSource.class,
- new File(QUALIFIED_DEFAULT_CACHE_DIRECTORY));
+ public static final InMemorySchemaSourceCache DEFAULT_AST_CACHE =
+ InMemorySchemaSourceCache.createSoftCache(DEFAULT_SCHEMA_REPOSITORY, ASTSchemaSource.class);
/**
* The default factory for creating SchemaContext instances.
@@ -135,53 +159,81 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
* of the schema cache directory, and the value is a corresponding SchemaResourcesDTO. The
* SchemaResourcesDTO is essentially a container that allows for the extraction of the
* SchemaRegistry and SchemaContextFactory which should be used for a particular
- * Netconf mount. Access to schemaResourcesDTOs should be surrounded by appropriate
+ * Netconf mount. Access to SCHEMA_RESOURCES_DTO_MAP should be surrounded by appropriate
* synchronization locks.
*/
- private static final Map schemaResourcesDTOs = new HashMap<>();
+ private static final Map SCHEMA_RESOURCES_DTO_MAP = new HashMap<>();
// Initializes default constant instances for the case when the default schema repository
// directory cache/schema is used.
static {
- schemaResourcesDTOs.put(DEFAULT_CACHE_DIRECTORY,
+ SCHEMA_RESOURCES_DTO_MAP.put(DEFAULT_CACHE_DIRECTORY,
new NetconfDevice.SchemaResourcesDTO(DEFAULT_SCHEMA_REPOSITORY, DEFAULT_SCHEMA_REPOSITORY,
DEFAULT_SCHEMA_CONTEXT_FACTORY,
new NetconfStateSchemasResolverImpl()));
- DEFAULT_SCHEMA_REPOSITORY.registerSchemaSourceListener(DEFAULT_CACHE);
+ DEFAULT_SCHEMA_REPOSITORY.registerSchemaSourceListener(DEFAULT_AST_CACHE);
DEFAULT_SCHEMA_REPOSITORY.registerSchemaSourceListener(
TextToASTTransformer.create(DEFAULT_SCHEMA_REPOSITORY, DEFAULT_SCHEMA_REPOSITORY));
+
+ /*
+ * Create the default FilesystemSchemaSourceCache, which stores cached files
+ * in cache/schema. Try up to 3 times - we've seen intermittent failures on jenkins where
+ * FilesystemSchemaSourceCache throws an IAE due to mkdirs failure. The theory is that there's a race
+ * creating the dir and it already exists when mkdirs is called (mkdirs returns false in this case). In this
+ * scenario, a retry should succeed.
+ */
+ int tries = 1;
+ while (true) {
+ try {
+ FilesystemSchemaSourceCache defaultCache =
+ new FilesystemSchemaSourceCache<>(DEFAULT_SCHEMA_REPOSITORY, YangTextSchemaSource.class,
+ new File(QUALIFIED_DEFAULT_CACHE_DIRECTORY));
+ DEFAULT_SCHEMA_REPOSITORY.registerSchemaSourceListener(defaultCache);
+ break;
+ } catch (IllegalArgumentException e) {
+ if (tries++ >= 3) {
+ LOG.error("Error creating default schema cache", e);
+ break;
+ }
+ Uninterruptibles.sleepUninterruptibly(100, TimeUnit.MILLISECONDS);
+ }
+ }
}
protected final String topologyId;
private final NetconfClientDispatcher clientDispatcher;
- protected final BindingAwareBroker bindingAwareBroker;
- protected final Broker domBroker;
private final EventExecutor eventExecutor;
protected final ScheduledThreadPool keepaliveExecutor;
protected final ThreadPool processingExecutor;
protected final SharedSchemaRepository sharedSchemaRepository;
protected final DataBroker dataBroker;
-
+ protected final DOMMountPointService mountPointService;
+ private final NetconfKeystoreAdapter keystoreAdapter;
protected SchemaSourceRegistry schemaRegistry = DEFAULT_SCHEMA_REPOSITORY;
protected SchemaRepository schemaRepository = DEFAULT_SCHEMA_REPOSITORY;
protected SchemaContextFactory schemaContextFactory = DEFAULT_SCHEMA_CONTEXT_FACTORY;
-
+ protected String privateKeyPath;
+ protected String privateKeyPassphrase;
+ protected final AAAEncryptionService encryptionService;
protected final HashMap activeConnectors = new HashMap<>();
protected AbstractNetconfTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher,
- final BindingAwareBroker bindingAwareBroker, final Broker domBroker,
final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
- final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider,
- final DataBroker dataBroker) {
+ final ThreadPool processingExecutor,
+ final SchemaRepositoryProvider schemaRepositoryProvider,
+ final DataBroker dataBroker, final DOMMountPointService mountPointService,
+ final AAAEncryptionService encryptionService) {
this.topologyId = topologyId;
this.clientDispatcher = clientDispatcher;
- this.bindingAwareBroker = bindingAwareBroker;
- this.domBroker = domBroker;
this.eventExecutor = eventExecutor;
this.keepaliveExecutor = keepaliveExecutor;
this.processingExecutor = processingExecutor;
this.sharedSchemaRepository = schemaRepositoryProvider.getSharedSchemaRepository();
this.dataBroker = dataBroker;
+ this.mountPointService = mountPointService;
+ this.encryptionService = encryptionService;
+
+ this.keystoreAdapter = new NetconfKeystoreAdapter(dataBroker);
}
public void setSchemaRegistry(final SchemaSourceRegistry schemaRegistry) {
@@ -202,7 +254,8 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
public ListenableFuture disconnectNode(final NodeId nodeId) {
LOG.debug("Disconnecting RemoteDevice{{}}", nodeId.getValue());
if (!activeConnectors.containsKey(nodeId)) {
- return Futures.immediateFailedFuture(new IllegalStateException("Unable to disconnect device that is not connected"));
+ return Futures.immediateFailedFuture(
+ new IllegalStateException("Unable to disconnect device that is not connected"));
}
// retrieve connection, and disconnect it
@@ -213,8 +266,8 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
}
protected ListenableFuture setupConnection(final NodeId nodeId,
- final Node configNode) {
- final NetconfNode netconfNode = configNode.getAugmentation(NetconfNode.class);
+ final Node configNode) {
+ final NetconfNode netconfNode = configNode.augmentation(NetconfNode.class);
Preconditions.checkNotNull(netconfNode.getHost());
Preconditions.checkNotNull(netconfNode.getPort());
@@ -223,8 +276,10 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
final NetconfConnectorDTO deviceCommunicatorDTO = createDeviceCommunicator(nodeId, netconfNode);
final NetconfDeviceCommunicator deviceCommunicator = deviceCommunicatorDTO.getCommunicator();
final NetconfClientSessionListener netconfClientSessionListener = deviceCommunicatorDTO.getSessionListener();
- final NetconfReconnectingClientConfiguration clientConfig = getClientConfig(netconfClientSessionListener, netconfNode);
- final ListenableFuture future = deviceCommunicator.initializeRemoteConnection(clientDispatcher, clientConfig);
+ final NetconfReconnectingClientConfiguration clientConfig =
+ getClientConfig(netconfClientSessionListener, netconfNode);
+ final ListenableFuture future =
+ deviceCommunicator.initializeRemoteConnection(clientDispatcher, clientConfig);
activeConnectors.put(nodeId, deviceCommunicatorDTO);
@@ -235,34 +290,38 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
}
@Override
- public void onFailure(final Throwable t) {
+ public void onFailure(final Throwable throwable) {
LOG.error("Connector for : " + nodeId.getValue() + " failed");
// remove this node from active connectors?
}
- });
+ }, MoreExecutors.directExecutor());
return future;
}
protected NetconfConnectorDTO createDeviceCommunicator(final NodeId nodeId,
- final NetconfNode node) {
+ final NetconfNode node) {
//setup default values since default value is not supported in mdsal
- final Long defaultRequestTimeoutMillis = node.getDefaultRequestTimeoutMillis() == null ? DEFAULT_REQUEST_TIMEOUT_MILLIS : node.getDefaultRequestTimeoutMillis();
- final Long keepaliveDelay = node.getKeepaliveDelay() == null ? DEFAULT_KEEPALIVE_DELAY : node.getKeepaliveDelay();
- final Boolean reconnectOnChangedSchema = node.isReconnectOnChangedSchema() == null ? DEFAULT_RECONNECT_ON_CHANGED_SCHEMA : node.isReconnectOnChangedSchema();
+ final long defaultRequestTimeoutMillis = node.getDefaultRequestTimeoutMillis() == null
+ ? DEFAULT_REQUEST_TIMEOUT_MILLIS : node.getDefaultRequestTimeoutMillis();
+ final long keepaliveDelay = node.getKeepaliveDelay() == null
+ ? DEFAULT_KEEPALIVE_DELAY : node.getKeepaliveDelay();
+ final boolean reconnectOnChangedSchema = node.isReconnectOnChangedSchema() == null
+ ? DEFAULT_RECONNECT_ON_CHANGED_SCHEMA : node.isReconnectOnChangedSchema();
final IpAddress ipAddress = node.getHost().getIpAddress();
- final InetSocketAddress address = new InetSocketAddress(ipAddress.getIpv4Address() != null ?
- ipAddress.getIpv4Address().getValue() : ipAddress.getIpv6Address().getValue(),
+ final InetSocketAddress address = new InetSocketAddress(ipAddress.getIpv4Address() != null
+ ? ipAddress.getIpv4Address().getValue() : ipAddress.getIpv6Address().getValue(),
node.getPort().getValue());
final RemoteDeviceId remoteDeviceId = new RemoteDeviceId(nodeId.getValue(), address);
RemoteDeviceHandler salFacade =
- createSalFacade(remoteDeviceId, domBroker, bindingAwareBroker);
+ createSalFacade(remoteDeviceId);
if (keepaliveDelay > 0) {
LOG.warn("Adding keepalive facade, for device {}", nodeId);
- salFacade = new KeepaliveSalFacade(remoteDeviceId, salFacade, keepaliveExecutor.getExecutor(), keepaliveDelay, defaultRequestTimeoutMillis);
+ salFacade = new KeepaliveSalFacade(remoteDeviceId, salFacade, keepaliveExecutor.getExecutor(),
+ keepaliveDelay, defaultRequestTimeoutMillis);
}
// pre register yang library sources as fallback schemas to schema registry
@@ -273,20 +332,21 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
final String yangLigPassword = node.getYangLibrary().getPassword();
final LibraryModulesSchemas libraryModulesSchemas;
- if(yangLibURL != null) {
- if(yangLibUsername != null && yangLigPassword != null) {
+ if (yangLibURL != null) {
+ if (yangLibUsername != null && yangLigPassword != null) {
libraryModulesSchemas = LibraryModulesSchemas.create(yangLibURL, yangLibUsername, yangLigPassword);
} else {
libraryModulesSchemas = LibraryModulesSchemas.create(yangLibURL);
}
- for (final Map.Entry sourceIdentifierURLEntry : libraryModulesSchemas.getAvailableModels().entrySet()) {
- registeredYangLibSources.
- add(schemaRegistry.registerSchemaSource(
- new YangLibrarySchemaYangSourceProvider(remoteDeviceId, libraryModulesSchemas.getAvailableModels()),
- PotentialSchemaSource
- .create(sourceIdentifierURLEntry.getKey(), YangTextSchemaSource.class,
- PotentialSchemaSource.Costs.REMOTE_IO.getValue())));
+ for (final Map.Entry sourceIdentifierURLEntry
+ : libraryModulesSchemas.getAvailableModels().entrySet()) {
+ registeredYangLibSources
+ .add(schemaRegistry.registerSchemaSource(
+ new YangLibrarySchemaYangSourceProvider(remoteDeviceId,
+ libraryModulesSchemas.getAvailableModels()),
+ PotentialSchemaSource.create(sourceIdentifierURLEntry.getKey(),
+ YangTextSchemaSource.class, PotentialSchemaSource.Costs.REMOTE_IO.getValue())));
}
}
}
@@ -322,22 +382,25 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
// Setup information related to the SchemaRegistry, SchemaResourceFactory, etc.
NetconfDevice.SchemaResourcesDTO schemaResourcesDTO = null;
final String moduleSchemaCacheDirectory = node.getSchemaCacheDirectory();
- // Only checks to ensure the String is not empty or null; further checks related to directory accessibility and file permissions
- // are handled during the FilesystemSchemaSourceCache initialization.
+ // Only checks to ensure the String is not empty or null; further checks related to directory
+ // accessibility and file permissionsare handled during the FilesystemSchemaSourceCache initialization.
if (!Strings.isNullOrEmpty(moduleSchemaCacheDirectory)) {
- // If a custom schema cache directory is specified, create the backing DTO; otherwise, the SchemaRegistry and
- // SchemaContextFactory remain the default values.
+ // If a custom schema cache directory is specified, create the backing DTO; otherwise,
+ // the SchemaRegistry and SchemaContextFactory remain the default values.
if (!moduleSchemaCacheDirectory.equals(DEFAULT_CACHE_DIRECTORY)) {
- // Multiple modules may be created at once; synchronize to avoid issues with data consistency among threads.
- synchronized(schemaResourcesDTOs) {
- // Look for the cached DTO to reuse SchemaRegistry and SchemaContextFactory variables if they already exist
- schemaResourcesDTO = schemaResourcesDTOs.get(moduleSchemaCacheDirectory);
+ // Multiple modules may be created at once;
+ // synchronize to avoid issues with data consistency among threads.
+ synchronized (SCHEMA_RESOURCES_DTO_MAP) {
+ // Look for the cached DTO to reuse SchemaRegistry and SchemaContextFactory variables
+ // if they already exist
+ schemaResourcesDTO = SCHEMA_RESOURCES_DTO_MAP.get(moduleSchemaCacheDirectory);
if (schemaResourcesDTO == null) {
schemaResourcesDTO = createSchemaResourcesDTO(moduleSchemaCacheDirectory);
schemaResourcesDTO.getSchemaRegistry().registerSchemaSourceListener(
- TextToASTTransformer.create((SchemaRepository) schemaResourcesDTO.getSchemaRegistry(), schemaResourcesDTO.getSchemaRegistry())
+ TextToASTTransformer.create((SchemaRepository) schemaResourcesDTO.getSchemaRegistry(),
+ schemaResourcesDTO.getSchemaRegistry())
);
- schemaResourcesDTOs.put(moduleSchemaCacheDirectory, schemaResourcesDTO);
+ SCHEMA_RESOURCES_DTO_MAP.put(moduleSchemaCacheDirectory, schemaResourcesDTO);
}
}
LOG.info("Netconf connector for device {} will use schema cache directory {} instead of {}",
@@ -349,8 +412,8 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
}
if (schemaResourcesDTO == null) {
- schemaResourcesDTO = new NetconfDevice.SchemaResourcesDTO(schemaRegistry, schemaRepository, schemaContextFactory,
- new NetconfStateSchemasResolverImpl());
+ schemaResourcesDTO = new NetconfDevice.SchemaResourcesDTO(schemaRegistry, schemaRepository,
+ schemaContextFactory, new NetconfStateSchemasResolverImpl());
}
return schemaResourcesDTO;
@@ -364,14 +427,16 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
*/
private NetconfDevice.SchemaResourcesDTO createSchemaResourcesDTO(final String moduleSchemaCacheDirectory) {
final SharedSchemaRepository repository = new SharedSchemaRepository(moduleSchemaCacheDirectory);
- final SchemaContextFactory schemaContextFactory
+ final SchemaContextFactory contextFactory
= repository.createSchemaContextFactory(SchemaSourceFilter.ALWAYS_ACCEPT);
setSchemaRegistry(repository);
- setSchemaContextFactory(schemaContextFactory);
+ setSchemaContextFactory(contextFactory);
final FilesystemSchemaSourceCache deviceCache =
createDeviceFilesystemCache(moduleSchemaCacheDirectory);
repository.registerSchemaSourceListener(deviceCache);
- return new NetconfDevice.SchemaResourcesDTO(repository, repository, schemaContextFactory,
+ repository.registerSchemaSourceListener(
+ InMemorySchemaSourceCache.createSoftCache(repository, ASTSchemaSource.class));
+ return new NetconfDevice.SchemaResourcesDTO(repository, repository, contextFactory,
new NetconfStateSchemasResolverImpl());
}
@@ -381,17 +446,37 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
* @param schemaCacheDirectory The custom cache directory relative to "cache"
* @return A FilesystemSchemaSourceCache for the custom schema cache directory
*/
- private FilesystemSchemaSourceCache createDeviceFilesystemCache(final String schemaCacheDirectory) {
+ private FilesystemSchemaSourceCache createDeviceFilesystemCache(
+ final String schemaCacheDirectory) {
final String relativeSchemaCacheDirectory = CACHE_DIRECTORY + File.separator + schemaCacheDirectory;
- return new FilesystemSchemaSourceCache<>(schemaRegistry, YangTextSchemaSource.class, new File(relativeSchemaCacheDirectory));
+ return new FilesystemSchemaSourceCache<>(schemaRegistry, YangTextSchemaSource.class,
+ new File(relativeSchemaCacheDirectory));
}
- public NetconfReconnectingClientConfiguration getClientConfig(final NetconfClientSessionListener listener, final NetconfNode node) {
+ /**
+ * Sets the private key path from location specified in configuration file using blueprint.
+ */
+ public void setPrivateKeyPath(final String privateKeyPath) {
+ this.privateKeyPath = privateKeyPath;
+ }
+
+ /**
+ * Sets the private key passphrase from location specified in configuration file using blueprint.
+ */
+ public void setPrivateKeyPassphrase(final String privateKeyPassphrase) {
+ this.privateKeyPassphrase = privateKeyPassphrase;
+ }
+
+ public NetconfReconnectingClientConfiguration getClientConfig(final NetconfClientSessionListener listener,
+ final NetconfNode node) {
//setup default values since default value is not supported in mdsal
- final long clientConnectionTimeoutMillis = node.getConnectionTimeoutMillis() == null ? DEFAULT_CONNECTION_TIMEOUT_MILLIS : node.getConnectionTimeoutMillis();
- final long maxConnectionAttempts = node.getMaxConnectionAttempts() == null ? DEFAULT_MAX_CONNECTION_ATTEMPTS : node.getMaxConnectionAttempts();
- final int betweenAttemptsTimeoutMillis = node.getBetweenAttemptsTimeoutMillis() == null ? DEFAULT_BETWEEN_ATTEMPTS_TIMEOUT_MILLIS : node.getBetweenAttemptsTimeoutMillis();
+ final long clientConnectionTimeoutMillis = node.getConnectionTimeoutMillis() == null
+ ? DEFAULT_CONNECTION_TIMEOUT_MILLIS : node.getConnectionTimeoutMillis();
+ final long maxConnectionAttempts = node.getMaxConnectionAttempts() == null
+ ? DEFAULT_MAX_CONNECTION_ATTEMPTS : node.getMaxConnectionAttempts();
+ final int betweenAttemptsTimeoutMillis = node.getBetweenAttemptsTimeoutMillis() == null
+ ? DEFAULT_BETWEEN_ATTEMPTS_TIMEOUT_MILLIS : node.getBetweenAttemptsTimeoutMillis();
final BigDecimal sleepFactor = node.getSleepFactor() == null ? DEFAULT_SLEEP_FACTOR : node.getSleepFactor();
final InetSocketAddress socketAddress = getSocketAddress(node.getHost(), node.getPort().getValue());
@@ -400,42 +485,75 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
maxConnectionAttempts, betweenAttemptsTimeoutMillis, sleepFactor);
final ReconnectStrategy strategy = sf.createReconnectStrategy();
- final AuthenticationHandler authHandler;
- final Credentials credentials = node.getCredentials();
- if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) {
- authHandler = new LoginPassword(
- ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getUsername(),
- ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getPassword());
+ final NetconfReconnectingClientConfigurationBuilder reconnectingClientConfigurationBuilder =
+ NetconfReconnectingClientConfigurationBuilder.create();
+
+ if (node.isTcpOnly() || node.getProtocol() == null || node.getProtocol().getName() == Name.SSH) {
+ final AuthenticationHandler authHandler = getHandlerFromCredentials(node.getCredentials());
+ reconnectingClientConfigurationBuilder
+ .withAuthHandler(authHandler)
+ .withProtocol(node.isTcpOnly() ? NetconfClientConfiguration.NetconfClientProtocol.TCP :
+ NetconfClientConfiguration.NetconfClientProtocol.SSH);
+ } else if (node.getProtocol().getName() == Name.TLS) {
+ final SslHandlerFactory sslHandlerFactory = new SslHandlerFactoryImpl(keystoreAdapter,
+ node.getProtocol().getSpecification());
+ reconnectingClientConfigurationBuilder
+ .withSslHandlerFactory(sslHandlerFactory)
+ .withProtocol(NetconfClientConfiguration.NetconfClientProtocol.TLS);
} else {
- throw new IllegalStateException("Only login/password authentification is supported");
+ throw new IllegalStateException("Unsupported protocol type: " + node.getProtocol().getName().getClass());
}
- return NetconfReconnectingClientConfigurationBuilder.create()
+ return reconnectingClientConfigurationBuilder
.withAddress(socketAddress)
.withConnectionTimeoutMillis(clientConnectionTimeoutMillis)
.withReconnectStrategy(strategy)
- .withAuthHandler(authHandler)
- .withProtocol(node.isTcpOnly() ?
- NetconfClientConfiguration.NetconfClientProtocol.TCP :
- NetconfClientConfiguration.NetconfClientProtocol.SSH)
.withConnectStrategyFactory(sf)
.withSessionListener(listener)
.build();
}
- protected abstract RemoteDeviceHandler createSalFacade(final RemoteDeviceId id, final Broker domBroker, final BindingAwareBroker bindingBroker);
+ private AuthenticationHandler getHandlerFromCredentials(final Credentials credentials) {
+ if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology
+ .rev150114.netconf.node.credentials.credentials.LoginPassword) {
+ final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology
+ .rev150114.netconf.node.credentials.credentials.LoginPassword loginPassword
+ = (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology
+ .rev150114.netconf.node.credentials.credentials.LoginPassword) credentials;
+ return new LoginPasswordHandler(loginPassword.getUsername(), loginPassword.getPassword());
+ }
+ if (credentials instanceof LoginPwUnencrypted) {
+ final LoginPasswordUnencrypted loginPassword =
+ ((LoginPwUnencrypted) credentials).getLoginPasswordUnencrypted();
+ return new LoginPasswordHandler(loginPassword.getUsername(), loginPassword.getPassword());
+ }
+ if (credentials instanceof LoginPw) {
+ final LoginPassword loginPassword = ((LoginPw) credentials).getLoginPassword();
+ return new LoginPasswordHandler(loginPassword.getUsername(),
+ encryptionService.decrypt(loginPassword.getPassword()));
+ }
+ if (credentials instanceof KeyAuth) {
+ final KeyBased keyPair = ((KeyAuth) credentials).getKeyBased();
+ return new DatastoreBackedPublicKeyAuth(keyPair.getUsername(), keyPair.getKeyId(),
+ keystoreAdapter, encryptionService);
+ }
+ throw new IllegalStateException("Unsupported credential type: " + credentials.getClass());
+ }
+
+ protected abstract RemoteDeviceHandler createSalFacade(RemoteDeviceId id);
- private InetSocketAddress getSocketAddress(final Host host, final int port) {
- if(host.getDomainName() != null) {
+ private static InetSocketAddress getSocketAddress(final Host host, final int port) {
+ if (host.getDomainName() != null) {
return new InetSocketAddress(host.getDomainName().getValue(), port);
- } else {
- final IpAddress ipAddress = host.getIpAddress();
- final String ip = ipAddress.getIpv4Address() != null ? ipAddress.getIpv4Address().getValue() : ipAddress.getIpv6Address().getValue();
- return new InetSocketAddress(ip, port);
}
+
+ final IpAddress ipAddress = host.getIpAddress();
+ final String ip = ipAddress.getIpv4Address() != null ? ipAddress.getIpv4Address().getValue()
+ : ipAddress.getIpv6Address().getValue();
+ return new InetSocketAddress(ip, port);
}
- private Optional getUserCapabilities(final NetconfNode node) {
+ private static Optional getUserCapabilities(final NetconfNode node) {
// if none of yang-module-capabilities or non-module-capabilities is specified
// just return absent
if (node.getYangModuleCapabilities() == null && node.getNonModuleCapabilities() == null) {
@@ -452,9 +570,9 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
//non-module capabilities should not exist in yang module capabilities
final NetconfSessionPreferences netconfSessionPreferences = NetconfSessionPreferences.fromStrings(capabilities);
- Preconditions.checkState(netconfSessionPreferences.getNonModuleCaps().isEmpty(), "List yang-module-capabilities/capability " +
- "should contain only module based capabilities. Non-module capabilities used: " +
- netconfSessionPreferences.getNonModuleCaps());
+ Preconditions.checkState(netconfSessionPreferences.getNonModuleCaps().isEmpty(),
+ "List yang-module-capabilities/capability should contain only module based capabilities. "
+ + "Non-module capabilities used: " + netconfSessionPreferences.getNonModuleCaps());
boolean overrideNonModuleCaps = false;
if (node.getNonModuleCapabilities() != null) {
@@ -462,8 +580,8 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
overrideNonModuleCaps = node.getNonModuleCapabilities().isOverride();
}
- return Optional.of(new UserPreferences(NetconfSessionPreferences.fromStrings(capabilities, CapabilityOrigin.UserDefined),
- overrideYangModuleCaps, overrideNonModuleCaps));
+ return Optional.of(new UserPreferences(NetconfSessionPreferences
+ .fromStrings(capabilities, CapabilityOrigin.UserDefined), overrideYangModuleCaps, overrideNonModuleCaps));
}
private static final class TimedReconnectStrategyFactory implements ReconnectStrategyFactory {
@@ -472,7 +590,8 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
private final double sleepFactor;
private final int minSleep;
- TimedReconnectStrategyFactory(final EventExecutor executor, final Long maxConnectionAttempts, final int minSleep, final BigDecimal sleepFactor) {
+ TimedReconnectStrategyFactory(final EventExecutor executor, final Long maxConnectionAttempts,
+ final int minSleep, final BigDecimal sleepFactor) {
if (maxConnectionAttempts != null && maxConnectionAttempts > 0) {
connectionAttempts = maxConnectionAttempts;
} else {
@@ -486,11 +605,8 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
@Override
public ReconnectStrategy createReconnectStrategy() {
- final Long maxSleep = null;
- final Long deadline = null;
-
return new TimedReconnectStrategy(executor, minSleep,
- minSleep, sleepFactor, maxSleep, connectionAttempts, deadline);
+ minSleep, sleepFactor, null /*maxSleep*/, connectionAttempts, null /*deadline*/);
}
}
@@ -499,7 +615,8 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
private final NetconfDeviceCommunicator communicator;
private final RemoteDeviceHandler facade;
- public NetconfConnectorDTO(final NetconfDeviceCommunicator communicator, final RemoteDeviceHandler facade) {
+ public NetconfConnectorDTO(final NetconfDeviceCommunicator communicator,
+ final RemoteDeviceHandler facade) {
this.communicator = communicator;
this.facade = facade;
}
@@ -522,4 +639,50 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
facade.close();
}
}
+
+ private static final class SslHandlerFactoryImpl implements SslHandlerFactory {
+ private final NetconfKeystoreAdapter keystoreAdapter;
+ private final Optional specOptional;
+
+ SslHandlerFactoryImpl(final NetconfKeystoreAdapter keystoreAdapter, final Specification specification) {
+ this.keystoreAdapter = keystoreAdapter;
+ this.specOptional = Optional.fromNullable(specification);
+ }
+
+ @Override
+ public SslHandler createSslHandler() {
+ try {
+ final KeyStore keyStore = keystoreAdapter.getJavaKeyStore();
+
+ final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(keyStore, "".toCharArray());
+
+ final TrustManagerFactory tmf =
+ TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(keyStore);
+
+ final SSLContext sslCtx = SSLContext.getInstance("TLS");
+ sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+ final SSLEngine engine = sslCtx.createSSLEngine();
+ engine.setUseClientMode(true);
+
+ final Set protocols = Sets.newHashSet(engine.getSupportedProtocols());
+ if (specOptional.isPresent()) {
+ final Specification specification = specOptional.get();
+ if (!(specification instanceof TlsCase)) {
+ throw new IllegalArgumentException("Cannot get TLS specification from: " + specification);
+ }
+ protocols.removeAll(((TlsCase)specification).getTls().getExcludedVersions());
+ }
+
+ engine.setEnabledProtocols(protocols.toArray(new String[0]));
+ engine.setEnabledCipherSuites(engine.getSupportedCipherSuites());
+ engine.setEnableSessionCreation(true);
+
+ return new SslHandler(engine);
+ } catch (GeneralSecurityException | IOException exc) {
+ throw new IllegalStateException(exc);
+ }
+ }
+ }
}