Code Review / netconf.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: aad8770)
Make netconf utilize encrypted passwords only 83/58783/3
authorAtul Gosain <agosain@brocade.com>
Tue, 13 Jun 2017 05:48:55 +0000 (22:48 -0700)
committerAtul Gosain <agosain@brocade.com>
Thu, 29 Jun 2017 18:11:00 +0000 (18:11 +0000)
Change-Id: I8df56a761735f1dfc46fa831276367fbabc1a8f3
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Signed-off-by: Atul Gosain <agosain@brocade.com>
Signed-off-by: Colin Dixon <colin@colindixon.com>
(cherry picked from commit 7901b519a09351061e5a1dd061f7f7c0cc738fb8)

22 files changed:
features/netconf-connector/odl-netconf-connector/pom.xml patch | blob | history
features/netconf/features-netconf/pom.xml patch | blob | history
features/netconf/features-netconf/src/main/features/features.xml patch | blob | history
features/netconf/odl-netconf-netty-util/pom.xml patch | blob | history
netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/BaseCallHomeTopology.java patch | blob | history
netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcher.java patch | blob | history
netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeTopology.java patch | blob | history
netconf/callhome-provider/src/main/resources/org/opendaylight/blueprint/callhome-topology.xml patch | blob | history
netconf/callhome-provider/src/test/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcherTest.java patch | blob | history
netconf/netconf-netty-util/pom.xml patch | blob | history
netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/authentication/LoginPassword.java patch | blob | history
netconf/netconf-topology-config/src/main/resources/org/opendaylight/blueprint/netconf-topology.xml patch | blob | history
netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManager.java patch | blob | history
netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImpl.java patch | blob | history
netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/utils/NetconfTopologySetup.java patch | blob | history
netconf/netconf-topology-singleton/src/main/resources/org/opendaylight/blueprint/netconf-topology-singleton.xml patch | blob | history
netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManagerTest.java patch | blob | history
netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImplTest.java patch | blob | history
netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java patch | blob | history
netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImpl.java patch | blob | history
netconf/netconf-topology/src/test/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImplTest.java patch | blob | history
netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/util/AuthEncryptor.java [new file with mode: 0644] patch | blob

diff --git a/features/netconf-connector/odl-netconf-connector/pom.xml b/features/netconf-connector/odl-netconf-connector/pom.xml
index 09ac36461cd5e2c41c1be933aec83a073a3ad809..ec8e0c8babd4816847f53d26012e02dfb9435ea1 100644 (file)
--- a/features/netconf-connector/odl-netconf-connector/pom.xml
+++ b/features/netconf-connector/odl-netconf-connector/pom.xml
@@ -87,5 +87,13 @@
             <groupId>org.opendaylight.netconf</groupId>
             <artifactId>netconf-config</artifactId>
         </dependency>
             <groupId>org.opendaylight.netconf</groupId>
             <artifactId>netconf-config</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.opendaylight.aaa</groupId>
+            <artifactId>odl-aaa-encryption-service</artifactId>
+            <version>0.5.1-SNAPSHOT</version>
+            <type>xml</type>
+            <classifier>features</classifier>
+        </dependency>
+
     </dependencies>
     </dependencies>
-</project>
\ No newline at end of file
+</project>
diff --git a/features/netconf/features-netconf/pom.xml b/features/netconf/features-netconf/pom.xml
index 14f5bf7e62d3f7247dd204a6232852f0915fccf2..a55a22efaa0bbcf12c5f762e9acafb2c35f5794f 100644 (file)
--- a/features/netconf/features-netconf/pom.xml
+++ b/features/netconf/features-netconf/pom.xml
@@ -260,6 +260,18 @@
       <groupId>${project.groupId}</groupId>
       <artifactId>callhome-provider</artifactId>
     </dependency>
       <groupId>${project.groupId}</groupId>
       <artifactId>callhome-provider</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.opendaylight.aaa</groupId>
+      <artifactId>aaa-encrypt-service</artifactId>
+      <version>${aaa.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.opendaylight.aaa</groupId>
+      <artifactId>aaa-encrypt-service</artifactId>
+      <version>${aaa.version}</version>
+      <classifier>config</classifier>
+      <type>xml</type>
+    </dependency>
   </dependencies>
 
   <scm>
   </dependencies>
 
   <scm>
diff --git a/features/netconf/features-netconf/src/main/features/features.xml b/features/netconf/features-netconf/src/main/features/features.xml
index 29e9400108a8790ac7786fbfc6e2d3bbd1fa2ec0..60847c6c18355560a87c0de847791b6bdc83f6e0 100644 (file)
--- a/features/netconf/features-netconf/src/main/features/features.xml
+++ b/features/netconf/features-netconf/src/main/features/features.xml
@@ -80,6 +80,7 @@
     <feature version='${project.version}'>odl-netconf-mapping-api</feature>
     <feature version='${project.version}'>odl-netconf-util</feature>
     <feature version='[4.0.30,5.0.0)'>odl-netty</feature>
     <feature version='${project.version}'>odl-netconf-mapping-api</feature>
     <feature version='${project.version}'>odl-netconf-util</feature>
     <feature version='[4.0.30,5.0.0)'>odl-netty</feature>
+    <feature version='${aaa.version}'>odl-aaa-encryption-service</feature>
     <bundle>mvn:org.opendaylight.netconf/netconf-netty-util/{{VERSION}}</bundle>
     <bundle>mvn:org.bouncycastle/bcpkix-jdk15on/{{VERSION}}</bundle>
     <bundle>mvn:org.bouncycastle/bcprov-jdk15on/{{VERSION}}</bundle>
     <bundle>mvn:org.opendaylight.netconf/netconf-netty-util/{{VERSION}}</bundle>
     <bundle>mvn:org.bouncycastle/bcpkix-jdk15on/{{VERSION}}</bundle>
     <bundle>mvn:org.bouncycastle/bcprov-jdk15on/{{VERSION}}</bundle>
diff --git a/features/netconf/odl-netconf-netty-util/pom.xml b/features/netconf/odl-netconf-netty-util/pom.xml
index 693b27084f87bfb1827ca31edcb00c24c14e3a3f..ffee2eaedbe7d6d03500971766c55482df67219d 100644 (file)
--- a/features/netconf/odl-netconf-netty-util/pom.xml
+++ b/features/netconf/odl-netconf-netty-util/pom.xml
@@ -75,5 +75,12 @@
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
         </dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.opendaylight.aaa</groupId>
+            <artifactId>aaa-encrypt-service</artifactId>
+            <version>0.5.1-SNAPSHOT</version>
+            <classifier>config</classifier>
+            <type>xml</type>
+        </dependency>
     </dependencies>
     </dependencies>
-</project>
\ No newline at end of file
+</project>
diff --git a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/BaseCallHomeTopology.java b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/BaseCallHomeTopology.java
index f2d01b753ef4f3e3aa08f3f39b2d87ee051edbaf..f663445cc8bd13f940b48d24375fcdaa6f64b180 100644 (file)
--- a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/BaseCallHomeTopology.java
+++ b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/BaseCallHomeTopology.java
@@ -9,6 +9,7 @@
 package org.opendaylight.netconf.callhome.mount;
 
 import io.netty.util.concurrent.EventExecutor;
 package org.opendaylight.netconf.callhome.mount;
 
 import io.netty.util.concurrent.EventExecutor;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@@ -27,9 +28,10 @@ abstract class BaseCallHomeTopology extends AbstractNetconfTopology {
                          final ThreadPool processingExecutor,
                          final SchemaRepositoryProvider schemaRepositoryProvider,
                          final DataBroker dataBroker,
                          final ThreadPool processingExecutor,
                          final SchemaRepositoryProvider schemaRepositoryProvider,
                          final DataBroker dataBroker,
-                         final DOMMountPointService mountPointService) {
+                         final DOMMountPointService mountPointService,
+                         final AAAEncryptionService encryptionService) {
         super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor,
         super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor,
-                processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService);
+                processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
         this.mountPointService = mountPointService;
     }
 }
         this.mountPointService = mountPointService;
     }
 }
diff --git a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcher.java b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcher.java
index 2241d6995ae2b93c7fe90df7b13e5a2740b602fe..976466c3851434e72585102036a1508497c85f9c 100644 (file)
--- a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcher.java
+++ b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcher.java
@@ -12,6 +12,7 @@ import io.netty.util.concurrent.EventExecutor;
 import io.netty.util.concurrent.FailedFuture;
 import io.netty.util.concurrent.Future;
 import java.net.InetSocketAddress;
 import io.netty.util.concurrent.FailedFuture;
 import io.netty.util.concurrent.Future;
 import java.net.InetSocketAddress;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@@ -43,6 +44,7 @@ public class CallHomeMountDispatcher implements NetconfClientDispatcher, CallHom
     private final CallHomeMountSessionManager sessionManager;
     private final DataBroker dataBroker;
     private final DOMMountPointService mountService;
     private final CallHomeMountSessionManager sessionManager;
     private final DataBroker dataBroker;
     private final DOMMountPointService mountService;
+    private final AAAEncryptionService encryptionService;
 
     protected CallHomeTopology topology;
 
 
     protected CallHomeTopology topology;
 
@@ -54,13 +56,10 @@ public class CallHomeMountDispatcher implements NetconfClientDispatcher, CallHom
         }
     };
 
         }
     };
 
-    public CallHomeMountDispatcher(final String topologyId,
-                                   final EventExecutor eventExecutor,
-                                   final ScheduledThreadPool keepaliveExecutor,
-                                   final ThreadPool processingExecutor,
-                                   final SchemaRepositoryProvider schemaRepositoryProvider,
-                                   final DataBroker dataBroker,
-                                   final DOMMountPointService mountService) {
+    public CallHomeMountDispatcher(final String topologyId, final EventExecutor eventExecutor,
+            final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor,
+            final SchemaRepositoryProvider schemaRepositoryProvider, final DataBroker dataBroker,
+            final DOMMountPointService mountService, final AAAEncryptionService encryptionService) {
         this.topologyId = topologyId;
         this.eventExecutor = eventExecutor;
         this.keepaliveExecutor = keepaliveExecutor;
         this.topologyId = topologyId;
         this.eventExecutor = eventExecutor;
         this.keepaliveExecutor = keepaliveExecutor;
@@ -69,6 +68,7 @@ public class CallHomeMountDispatcher implements NetconfClientDispatcher, CallHom
         this.sessionManager = new CallHomeMountSessionManager();
         this.dataBroker = dataBroker;
         this.mountService = mountService;
         this.sessionManager = new CallHomeMountSessionManager();
         this.dataBroker = dataBroker;
         this.mountService = mountService;
+        this.encryptionService = encryptionService;
     }
 
     @Override
     }
 
     @Override
@@ -92,14 +92,15 @@ public class CallHomeMountDispatcher implements NetconfClientDispatcher, CallHom
     }
 
     void createTopology() {
     }
 
     void createTopology() {
-        this.topology = new CallHomeTopology(topologyId, this, eventExecutor,
-                keepaliveExecutor, processingExecutor, schemaRepositoryProvider, dataBroker, mountService);
+        this.topology = new CallHomeTopology(topologyId, this, eventExecutor, keepaliveExecutor, processingExecutor,
+                schemaRepositoryProvider, dataBroker, mountService, encryptionService);
     }
 
     @Override
     public void onNetconfSubsystemOpened(final CallHomeProtocolSessionContext session,
     }
 
     @Override
     public void onNetconfSubsystemOpened(final CallHomeProtocolSessionContext session,
-                                         final CallHomeChannelActivator activator) {
-        final CallHomeMountSessionContext deviceContext = getSessionManager().createSession(session, activator, onCloseHandler);
+            final CallHomeChannelActivator activator) {
+        final CallHomeMountSessionContext deviceContext =
+                getSessionManager().createSession(session, activator, onCloseHandler);
         final NodeId nodeId = deviceContext.getId();
         final Node configNode = deviceContext.getConfigNode();
         LOG.info("Provisioning fake config {}", configNode);
         final NodeId nodeId = deviceContext.getId();
         final Node configNode = deviceContext.getConfigNode();
         LOG.info("Provisioning fake config {}", configNode);
diff --git a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeTopology.java b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeTopology.java
index 71a7af1340fe6a82d1f878cfa232543baa60b64a..9753a82d84bc97685be231fbf7af515b4ff1dd7b 100644 (file)
--- a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeTopology.java
+++ b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeTopology.java
@@ -9,6 +9,7 @@
 package org.opendaylight.netconf.callhome.mount;
 
 import io.netty.util.concurrent.EventExecutor;
 package org.opendaylight.netconf.callhome.mount;
 
 import io.netty.util.concurrent.EventExecutor;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@@ -24,13 +25,12 @@ import org.opendaylight.netconf.topology.api.SchemaRepositoryProvider;
 public class CallHomeTopology extends BaseCallHomeTopology {
 
     public CallHomeTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher,
 public class CallHomeTopology extends BaseCallHomeTopology {
 
     public CallHomeTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher,
-                            final EventExecutor eventExecutor,
-                            final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor,
-                            final SchemaRepositoryProvider schemaRepositoryProvider,
-                            final DataBroker dataBroker, final DOMMountPointService mountPointService) {
-        super(topologyId, clientDispatcher, eventExecutor,
-                keepaliveExecutor, processingExecutor, schemaRepositoryProvider,
-                dataBroker, mountPointService);
+            final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
+            final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider,
+            final DataBroker dataBroker, final DOMMountPointService mountPointService,
+            final AAAEncryptionService encryptionService) {
+        super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, processingExecutor,
+                schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
     }
 
     @Override
     }
 
     @Override
diff --git a/netconf/callhome-provider/src/main/resources/org/opendaylight/blueprint/callhome-topology.xml b/netconf/callhome-provider/src/main/resources/org/opendaylight/blueprint/callhome-topology.xml
index d97360476ee12d7dc746e53c2c0b6650699eafa3..cc1bce3296f585a7bfd6d82c7f6aa8594fdb8902 100755 (executable)
--- a/netconf/callhome-provider/src/main/resources/org/opendaylight/blueprint/callhome-topology.xml
+++ b/netconf/callhome-provider/src/main/resources/org/opendaylight/blueprint/callhome-topology.xml
@@ -23,6 +23,9 @@
                interface="org.opendaylight.controller.md.sal.binding.api.DataBroker"/>
     <reference id="domMountPointService"
                interface="org.opendaylight.controller.md.sal.dom.api.DOMMountPointService"/>
                interface="org.opendaylight.controller.md.sal.binding.api.DataBroker"/>
     <reference id="domMountPointService"
                interface="org.opendaylight.controller.md.sal.dom.api.DOMMountPointService"/>
+    <reference id="encryptionService"
+               interface="org.opendaylight.aaa.encrypt.AAAEncryptionService" />
+
 
     <bean id="schemaRepository" class="org.opendaylight.netconf.callhome.mount.SchemaRepositoryProviderImpl">
         <argument value="shared-schema-repository-impl"/>
 
     <bean id="schemaRepository" class="org.opendaylight.netconf.callhome.mount.SchemaRepositoryProviderImpl">
         <argument value="shared-schema-repository-impl"/>
@@ -44,6 +47,7 @@
         <argument ref="schemaRepository"/>
         <argument ref="dataBroker"/>
         <argument ref="domMountPointService"/>
         <argument ref="schemaRepository"/>
         <argument ref="dataBroker"/>
         <argument ref="domMountPointService"/>
+        <argument ref="encryptionService"/>
     </bean>
 
 
     </bean>
 
 
diff --git a/netconf/callhome-provider/src/test/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcherTest.java b/netconf/callhome-provider/src/test/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcherTest.java
index cca8f5de3d56e1352e776333433abacaa518a526..e7523d9c4f52e33f397f33473c05defc57d80605 100644 (file)
--- a/netconf/callhome-provider/src/test/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcherTest.java
+++ b/netconf/callhome-provider/src/test/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcherTest.java
@@ -22,6 +22,7 @@ import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
 import org.junit.Before;
 import org.junit.Test;
 import java.net.UnknownHostException;
 import org.junit.Before;
 import org.junit.Test;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@@ -53,6 +54,7 @@ public class CallHomeMountDispatcherTest {
     private CallHomeMountSessionManager mockSessMgr;
     private CallHomeTopology mockTopology;
     private CallHomeProtocolSessionContext mockProtoSess;
     private CallHomeMountSessionManager mockSessMgr;
     private CallHomeTopology mockTopology;
     private CallHomeProtocolSessionContext mockProtoSess;
+    private AAAEncryptionService mockEncryptionService;
 
     @Before
     public void setup() {
 
     @Before
     public void setup() {
@@ -66,9 +68,10 @@ public class CallHomeMountDispatcherTest {
         mockSessMgr = mock(CallHomeMountSessionManager.class);
         mockTopology = mock(CallHomeTopology.class);
         mockProtoSess = mock(CallHomeProtocolSessionContext.class);
         mockSessMgr = mock(CallHomeMountSessionManager.class);
         mockTopology = mock(CallHomeTopology.class);
         mockProtoSess = mock(CallHomeProtocolSessionContext.class);
+        mockEncryptionService = mock(AAAEncryptionService.class);
 
         instance = new CallHomeMountDispatcher(topologyId, mockExecutor, mockKeepAlive,
 
         instance = new CallHomeMountDispatcher(topologyId, mockExecutor, mockKeepAlive,
-                mockProcessingExecutor, mockSchemaRepoProvider, mockDataBroker, mockMount) {
+                mockProcessingExecutor, mockSchemaRepoProvider, mockDataBroker, mockMount, mockEncryptionService) {
             @Override
             public CallHomeMountSessionManager getSessionManager() {
                 return mockSessMgr;
             @Override
             public CallHomeMountSessionManager getSessionManager() {
                 return mockSessMgr;
diff --git a/netconf/netconf-netty-util/pom.xml b/netconf/netconf-netty-util/pom.xml
index 2207726ba89b545db9728903c5ddba207401f432..9905d8a72aab5b9edd9e61eac93f874483a7dd04 100644 (file)
--- a/netconf/netconf-netty-util/pom.xml
+++ b/netconf/netconf-netty-util/pom.xml
@@ -108,6 +108,11 @@
       <groupId>org.opendaylight.yangtools</groupId>
       <artifactId>mockito-configuration</artifactId>
     </dependency>
       <groupId>org.opendaylight.yangtools</groupId>
       <artifactId>mockito-configuration</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.opendaylight.aaa</groupId>
+      <artifactId>aaa-encrypt-service</artifactId>
+      <version>0.5.1-SNAPSHOT</version>
+    </dependency>
   </dependencies>
 
   <build>
   </dependencies>
 
   <build>
diff --git a/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/authentication/LoginPassword.java b/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/authentication/LoginPassword.java
index 6219f91b2d9998a6c2d2027a457f615f14de69cb..5894004464d681821581d613e346cd6912044dc6 100644 (file)
--- a/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/authentication/LoginPassword.java
+++ b/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/authentication/LoginPassword.java
@@ -11,28 +11,45 @@ package org.opendaylight.netconf.nettyutil.handler.ssh.authentication;
 import java.io.IOException;
 import org.apache.sshd.ClientSession;
 import org.apache.sshd.client.future.AuthFuture;
 import java.io.IOException;
 import org.apache.sshd.ClientSession;
 import org.apache.sshd.client.future.AuthFuture;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 
 /**
  * Class Providing username/password authentication option to
  * {@link org.opendaylight.netconf.nettyutil.handler.ssh.client.AsyncSshHandler}
  */
 public class LoginPassword extends AuthenticationHandler {
 
 /**
  * Class Providing username/password authentication option to
  * {@link org.opendaylight.netconf.nettyutil.handler.ssh.client.AsyncSshHandler}
  */
 public class LoginPassword extends AuthenticationHandler {
+
     private final String username;
     private final String password;
     private final String username;
     private final String password;
+    private final AAAEncryptionService encryptionService;
 
     public LoginPassword(String username, String password) {
 
     public LoginPassword(String username, String password) {
+        this(username, password, null);
+    }
+
+    public LoginPassword(final String username, final String password, final AAAEncryptionService encryptionService) {
         this.username = username;
         this.password = password;
         this.username = username;
         this.password = password;
+        this.encryptionService = encryptionService;
     }
 
     @Override
     public String getUsername() {
     }
 
     @Override
     public String getUsername() {
+        if (encryptionService != null) {
+            return encryptionService.decrypt(username);
+
+        }
         return username;
     }
 
     @Override
     public AuthFuture authenticate(final ClientSession session) throws IOException {
         return username;
     }
 
     @Override
     public AuthFuture authenticate(final ClientSession session) throws IOException {
-        session.addPasswordIdentity(password);
+        if (encryptionService != null) {
+            final String decryptedPassword = encryptionService.decrypt(password);
+            session.addPasswordIdentity(decryptedPassword);
+        } else {
+            session.addPasswordIdentity(password);
+        }
         return session.auth();
     }
 }
         return session.auth();
     }
 }
diff --git a/netconf/netconf-topology-config/src/main/resources/org/opendaylight/blueprint/netconf-topology.xml b/netconf/netconf-topology-config/src/main/resources/org/opendaylight/blueprint/netconf-topology.xml
index 11e922f34d9220a3f153a3bfce9671f7fbd2f52e..94dd257e45b81c28fb37751f1c13fbcaa8e91047 100755 (executable)
--- a/netconf/netconf-topology-config/src/main/resources/org/opendaylight/blueprint/netconf-topology.xml
+++ b/netconf/netconf-topology-config/src/main/resources/org/opendaylight/blueprint/netconf-topology.xml
@@ -28,6 +28,9 @@
                interface="org.opendaylight.controller.md.sal.dom.api.DOMMountPointService"
                odl:type="default"/>
 
                interface="org.opendaylight.controller.md.sal.dom.api.DOMMountPointService"
                odl:type="default"/>
 
+    <reference id="encryptionService"
+               interface="org.opendaylight.aaa.encrypt.AAAEncryptionService" />
+
     <bean id="schemaRepository" class="org.opendaylight.netconf.topology.impl.SchemaRepositoryProviderImpl">
         <argument value="shared-schema-repository-impl"/>
     </bean>
     <bean id="schemaRepository" class="org.opendaylight.netconf.topology.impl.SchemaRepositoryProviderImpl">
         <argument value="shared-schema-repository-impl"/>
     </bean>
@@ -43,10 +46,11 @@
         <argument ref="schemaRepository"/>
         <argument ref="dataBroker"/>
         <argument ref="mountPointService"/>
         <argument ref="schemaRepository"/>
         <argument ref="dataBroker"/>
         <argument ref="mountPointService"/>
+        <argument ref="encryptionService" />
     </bean>
 
     <bean id="netconfConnectorFactory" class="org.opendaylight.netconf.topology.impl.NetconfConnectorFactoryImpl"/>
     <service ref="netconfConnectorFactory" interface="org.opendaylight.netconf.topology.api.NetconfConnectorFactory"
              odl:type="default"/>
 
     </bean>
 
     <bean id="netconfConnectorFactory" class="org.opendaylight.netconf.topology.impl.NetconfConnectorFactoryImpl"/>
     <service ref="netconfConnectorFactory" interface="org.opendaylight.netconf.topology.api.NetconfConnectorFactory"
              odl:type="default"/>
 
-</blueprint>
\ No newline at end of file
+</blueprint>
diff --git a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManager.java b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManager.java
index ebaafcf8866a3082a138981b6d33d85fe9799c71..96c00b17ed1f59f5de2a06da17cf16d60bc3c615 100644 (file)
--- a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManager.java
+++ b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManager.java
@@ -19,6 +19,7 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.Nonnull;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.Nonnull;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.cluster.ActorSystemProvider;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.cluster.ActorSystemProvider;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
@@ -75,15 +76,18 @@ public class NetconfTopologyManager
     private final String topologyId;
     private final Duration writeTxIdleTimeout;
     private final DOMMountPointService mountPointService;
     private final String topologyId;
     private final Duration writeTxIdleTimeout;
     private final DOMMountPointService mountPointService;
-
+    private final AAAEncryptionService encryptionService;
     private ListenerRegistration<NetconfTopologyManager> dataChangeListenerRegistration;
 
     public NetconfTopologyManager(final DataBroker dataBroker, final RpcProviderRegistry rpcProviderRegistry,
                                   final ClusterSingletonServiceProvider clusterSingletonServiceProvider,
                                   final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor,
     private ListenerRegistration<NetconfTopologyManager> dataChangeListenerRegistration;
 
     public NetconfTopologyManager(final DataBroker dataBroker, final RpcProviderRegistry rpcProviderRegistry,
                                   final ClusterSingletonServiceProvider clusterSingletonServiceProvider,
                                   final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor,
-                                  final ActorSystemProvider actorSystemProvider, final EventExecutor eventExecutor,
-                                  final NetconfClientDispatcher clientDispatcher, final String topologyId,
-                                  final Config config, final DOMMountPointService mountPointService) {
+                                  final ActorSystemProvider actorSystemProvider,
+                                  final EventExecutor eventExecutor, final NetconfClientDispatcher clientDispatcher,
+                                  final String topologyId, final Config config,
+                                  final DOMMountPointService mountPointService,
+                                  final AAAEncryptionService encryptionService) {
+
         this.dataBroker = Preconditions.checkNotNull(dataBroker);
         this.rpcProviderRegistry = Preconditions.checkNotNull(rpcProviderRegistry);
         this.clusterSingletonServiceProvider = Preconditions.checkNotNull(clusterSingletonServiceProvider);
         this.dataBroker = Preconditions.checkNotNull(dataBroker);
         this.rpcProviderRegistry = Preconditions.checkNotNull(rpcProviderRegistry);
         this.clusterSingletonServiceProvider = Preconditions.checkNotNull(clusterSingletonServiceProvider);
@@ -95,6 +99,7 @@ public class NetconfTopologyManager
         this.topologyId = Preconditions.checkNotNull(topologyId);
         this.writeTxIdleTimeout = Duration.apply(config.getWriteTransactionIdleTimeout(), TimeUnit.SECONDS);
         this.mountPointService = mountPointService;
         this.topologyId = Preconditions.checkNotNull(topologyId);
         this.writeTxIdleTimeout = Duration.apply(config.getWriteTransactionIdleTimeout(), TimeUnit.SECONDS);
         this.mountPointService = mountPointService;
+        this.encryptionService = Preconditions.checkNotNull(encryptionService);
     }
 
     // Blueprint init method
     }
 
     // Blueprint init method
@@ -243,7 +248,8 @@ public class NetconfTopologyManager
                 .setTopologyId(topologyId)
                 .setNetconfClientDispatcher(clientDispatcher)
                 .setSchemaResourceDTO(NetconfTopologyUtils.setupSchemaCacheDTO(node))
                 .setTopologyId(topologyId)
                 .setNetconfClientDispatcher(clientDispatcher)
                 .setSchemaResourceDTO(NetconfTopologyUtils.setupSchemaCacheDTO(node))
-                .setIdleTimeout(writeTxIdleTimeout);
+                .setIdleTimeout(writeTxIdleTimeout)
+                .setEncryptionService(encryptionService);
 
         return builder.build();
     }
 
         return builder.build();
     }
diff --git a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImpl.java b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImpl.java
index 39e86a9452fcaa83bf334e5f9333d976f5b817c0..dcca5895ea982ffc6e694c45a4ba3f2bd64a47f9 100644 (file)
--- a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImpl.java
+++ b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImpl.java
@@ -26,6 +26,7 @@ import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 import javax.annotation.Nullable;
 import java.util.Objects;
 import java.util.Optional;
 import javax.annotation.Nullable;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.md.sal.dom.api.DOMMountPointService;
 import org.opendaylight.netconf.api.NetconfMessage;
 import org.opendaylight.netconf.client.NetconfClientSessionListener;
 import org.opendaylight.controller.md.sal.dom.api.DOMMountPointService;
 import org.opendaylight.netconf.api.NetconfMessage;
 import org.opendaylight.netconf.client.NetconfClientSessionListener;
@@ -46,6 +47,7 @@ import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfSessionPrefe
 import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
 import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
 import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
 import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
 import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
 import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
+import org.opendaylight.netconf.sal.connect.util.AuthEncryptor;
 import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
 import org.opendaylight.netconf.topology.singleton.api.RemoteDeviceConnector;
 import org.opendaylight.netconf.topology.singleton.impl.utils.NetconfConnectorDTO;
 import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
 import org.opendaylight.netconf.topology.singleton.api.RemoteDeviceConnector;
 import org.opendaylight.netconf.topology.singleton.impl.utils.NetconfConnectorDTO;
@@ -78,6 +80,7 @@ public class RemoteDeviceConnectorImpl implements RemoteDeviceConnector {
     private final RemoteDeviceId remoteDeviceId;
     private final DOMMountPointService mountService;
     private final Timeout actorResponseWaitTime;
     private final RemoteDeviceId remoteDeviceId;
     private final DOMMountPointService mountService;
     private final Timeout actorResponseWaitTime;
+    private final AAAEncryptionService encryptionService;
 
     private NetconfConnectorDTO deviceCommunicatorDTO;
 
 
     private NetconfConnectorDTO deviceCommunicatorDTO;
 
@@ -89,6 +92,8 @@ public class RemoteDeviceConnectorImpl implements RemoteDeviceConnector {
         this.remoteDeviceId = remoteDeviceId;
         this.actorResponseWaitTime = actorResponseWaitTime;
         this.mountService = mountService;
         this.remoteDeviceId = remoteDeviceId;
         this.actorResponseWaitTime = actorResponseWaitTime;
         this.mountService = mountService;
+        this.encryptionService = netconfTopologyDeviceSetup.getEncryptionService();
+
     }
 
     @Override
     }
 
     @Override
@@ -96,6 +101,11 @@ public class RemoteDeviceConnectorImpl implements RemoteDeviceConnector {
 
         final NetconfNode netconfNode = netconfTopologyDeviceSetup.getNode().getAugmentation(NetconfNode.class);
         final NodeId nodeId = netconfTopologyDeviceSetup.getNode().getNodeId();
 
         final NetconfNode netconfNode = netconfTopologyDeviceSetup.getNode().getAugmentation(NetconfNode.class);
         final NodeId nodeId = netconfTopologyDeviceSetup.getNode().getNodeId();
+
+        AuthEncryptor.encryptIfNeeded(nodeId, netconfNode, encryptionService,
+                netconfTopologyDeviceSetup.getTopologyId(),
+                netconfTopologyDeviceSetup.getDataBroker());
+
         Preconditions.checkNotNull(netconfNode.getHost());
         Preconditions.checkNotNull(netconfNode.getPort());
         Preconditions.checkNotNull(netconfNode.isTcpOnly());
         Preconditions.checkNotNull(netconfNode.getHost());
         Preconditions.checkNotNull(netconfNode.getPort());
         Preconditions.checkNotNull(netconfNode.isTcpOnly());
@@ -275,8 +285,11 @@ public class RemoteDeviceConnectorImpl implements RemoteDeviceConnector {
         final Credentials credentials = node.getCredentials();
         if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) {
             authHandler = new LoginPassword(
         final Credentials credentials = node.getCredentials();
         if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) {
             authHandler = new LoginPassword(
-                    ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getUsername(),
-                    ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getPassword());
+                    ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf
+                            .node.credentials.credentials.LoginPassword) credentials).getUsername(),
+                    ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf
+                            .node.credentials.credentials.LoginPassword) credentials).getPassword(),
+                            encryptionService);
         } else {
             throw new IllegalStateException(remoteDeviceId + ": Only login/password authentication is supported");
         }
         } else {
             throw new IllegalStateException(remoteDeviceId + ": Only login/password authentication is supported");
         }
diff --git a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/utils/NetconfTopologySetup.java b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/utils/NetconfTopologySetup.java
index cee8c0d80774b077665c771a27a36142439872b1..23376b64501a1fadee9632c1d53f7d51f2ac4b88 100644 (file)
--- a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/utils/NetconfTopologySetup.java
+++ b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/utils/NetconfTopologySetup.java
@@ -10,6 +10,7 @@ package org.opendaylight.netconf.topology.singleton.impl.utils;
 
 import akka.actor.ActorSystem;
 import io.netty.util.concurrent.EventExecutor;
 
 import akka.actor.ActorSystem;
 import io.netty.util.concurrent.EventExecutor;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@@ -36,6 +37,7 @@ public class NetconfTopologySetup {
     private final String topologyId;
     private final NetconfDevice.SchemaResourcesDTO schemaResourceDTO;
     private final Duration idleTimeout;
     private final String topologyId;
     private final NetconfDevice.SchemaResourcesDTO schemaResourceDTO;
     private final Duration idleTimeout;
+    private final AAAEncryptionService encryptionService;
 
     private NetconfTopologySetup(final NetconfTopologySetupBuilder builder) {
         this.clusterSingletonServiceProvider = builder.getClusterSingletonServiceProvider();
 
     private NetconfTopologySetup(final NetconfTopologySetupBuilder builder) {
         this.clusterSingletonServiceProvider = builder.getClusterSingletonServiceProvider();
@@ -51,6 +53,7 @@ public class NetconfTopologySetup {
         this.topologyId = builder.getTopologyId();
         this.schemaResourceDTO = builder.getSchemaResourceDTO();
         this.idleTimeout = builder.getIdleTimeout();
         this.topologyId = builder.getTopologyId();
         this.schemaResourceDTO = builder.getSchemaResourceDTO();
         this.idleTimeout = builder.getIdleTimeout();
+        this.encryptionService = builder.getEncryptionService();
     }
 
     public ClusterSingletonServiceProvider getClusterSingletonServiceProvider() {
     }
 
     public ClusterSingletonServiceProvider getClusterSingletonServiceProvider() {
@@ -105,6 +108,10 @@ public class NetconfTopologySetup {
         return idleTimeout;
     }
 
         return idleTimeout;
     }
 
+    public AAAEncryptionService getEncryptionService() {
+        return encryptionService;
+    }
+
     public static class NetconfTopologySetupBuilder {
 
         private ClusterSingletonServiceProvider clusterSingletonServiceProvider;
     public static class NetconfTopologySetupBuilder {
 
         private ClusterSingletonServiceProvider clusterSingletonServiceProvider;
@@ -120,6 +127,7 @@ public class NetconfTopologySetup {
         private NetconfClientDispatcher netconfClientDispatcher;
         private NetconfDevice.SchemaResourcesDTO schemaResourceDTO;
         private Duration idleTimeout;
         private NetconfClientDispatcher netconfClientDispatcher;
         private NetconfDevice.SchemaResourcesDTO schemaResourceDTO;
         private Duration idleTimeout;
+        private AAAEncryptionService encryptionService;
 
         public NetconfTopologySetupBuilder(){
         }
 
         public NetconfTopologySetupBuilder(){
         }
@@ -247,6 +255,15 @@ public class NetconfTopologySetup {
             return idleTimeout;
         }
 
             return idleTimeout;
         }
 
+        private AAAEncryptionService getEncryptionService() {
+            return this.encryptionService;
+        }
+
+        public NetconfTopologySetupBuilder setEncryptionService(final AAAEncryptionService encryptionService) {
+            this.encryptionService = encryptionService;
+            return this;
+        }
+
         public static NetconfTopologySetupBuilder create() {
             return new NetconfTopologySetupBuilder();
         }
         public static NetconfTopologySetupBuilder create() {
             return new NetconfTopologySetupBuilder();
         }
diff --git a/netconf/netconf-topology-singleton/src/main/resources/org/opendaylight/blueprint/netconf-topology-singleton.xml b/netconf/netconf-topology-singleton/src/main/resources/org/opendaylight/blueprint/netconf-topology-singleton.xml
index 8c60682605e6f2534db9cc9bbdcb69cd67369368..f173a95a2a757fb0f476fb3475d25ef9b257e2c9 100644 (file)
--- a/netconf/netconf-topology-singleton/src/main/resources/org/opendaylight/blueprint/netconf-topology-singleton.xml
+++ b/netconf/netconf-topology-singleton/src/main/resources/org/opendaylight/blueprint/netconf-topology-singleton.xml
@@ -39,6 +39,9 @@ and is available at http://www.eclipse.org/legal/epl-v10.html
             binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.topology.singleton.config.rev170419.Config"
     />
 
             binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.topology.singleton.config.rev170419.Config"
     />
 
+    <reference id="encryptionService"
+               interface="org.opendaylight.aaa.encrypt.AAAEncryptionService" />
+
     <bean id="netconfTopologyManager"
           class="org.opendaylight.netconf.topology.singleton.impl.NetconfTopologyManager"
           init-method="init" destroy-method="close">
     <bean id="netconfTopologyManager"
           class="org.opendaylight.netconf.topology.singleton.impl.NetconfTopologyManager"
           init-method="init" destroy-method="close">
@@ -53,6 +56,7 @@ and is available at http://www.eclipse.org/legal/epl-v10.html
         <argument value="topology-netconf"/>
         <argument ref="singletonConfig"/>
         <argument ref="mountPointService"/>
         <argument value="topology-netconf"/>
         <argument ref="singletonConfig"/>
         <argument ref="mountPointService"/>
+        <argument ref="encryptionService" />
     </bean>
     <service ref="netconfTopologyManager"
              interface="org.opendaylight.netconf.topology.singleton.api.NetconfTopologySingletonService"/>
     </bean>
     <service ref="netconfTopologyManager"
              interface="org.opendaylight.netconf.topology.singleton.api.NetconfTopologySingletonService"/>
diff --git a/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManagerTest.java b/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManagerTest.java
index ffc52a5f4663184c2d9f01e575f378a9af9b4ba2..d91c24a698aeb711f243ae8fa25cec559cf8256f 100644 (file)
--- a/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManagerTest.java
+++ b/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManagerTest.java
@@ -31,6 +31,7 @@ import javax.annotation.Nonnull;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.cluster.ActorSystemProvider;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.cluster.ActorSystemProvider;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
@@ -83,11 +84,13 @@ public class NetconfTopologyManagerTest {
         final EventExecutor eventExecutor = mock(EventExecutor.class);
         final NetconfClientDispatcher clientDispatcher = mock(NetconfClientDispatcher.class);
         final DOMMountPointService mountPointService = mock(DOMMountPointService.class);
         final EventExecutor eventExecutor = mock(EventExecutor.class);
         final NetconfClientDispatcher clientDispatcher = mock(NetconfClientDispatcher.class);
         final DOMMountPointService mountPointService = mock(DOMMountPointService.class);
+        final AAAEncryptionService encryptionService = mock(AAAEncryptionService.class);
 
         final Config config = new ConfigBuilder().setWriteTransactionIdleTimeout(0).build();
         netconfTopologyManager = new NetconfTopologyManager(dataBroker, rpcProviderRegistry,
                 clusterSingletonServiceProvider, keepaliveExecutor, processingExecutor,
 
         final Config config = new ConfigBuilder().setWriteTransactionIdleTimeout(0).build();
         netconfTopologyManager = new NetconfTopologyManager(dataBroker, rpcProviderRegistry,
                 clusterSingletonServiceProvider, keepaliveExecutor, processingExecutor,
-                actorSystemProvider, eventExecutor, clientDispatcher, topologyId, config, mountPointService);
+                actorSystemProvider, eventExecutor, clientDispatcher, topologyId, config,
+                mountPointService, encryptionService);
     }
 
     @Test
     }
 
     @Test
diff --git a/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImplTest.java b/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImplTest.java
index 74559a0af2e66e6b30ec9a416a3d34ee0904ec3c..c35954c8c9f5d499bd6b58afb3bfa36b85280a23 100644 (file)
--- a/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImplTest.java
+++ b/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImplTest.java
@@ -32,6 +32,7 @@ import java.util.concurrent.ExecutorService;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.BindingTransactionChain;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.BindingTransactionChain;
@@ -105,6 +106,9 @@ public class RemoteDeviceConnectorImplTest {
     @Mock
     private WriteTransaction writeTx;
 
     @Mock
     private WriteTransaction writeTx;
 
+    @Mock
+    private AAAEncryptionService encryptionService;
+
     private NetconfTopologySetup.NetconfTopologySetupBuilder builder;
     private RemoteDeviceId remoteDeviceId;
 
     private NetconfTopologySetup.NetconfTopologySetupBuilder builder;
     private RemoteDeviceId remoteDeviceId;
 
@@ -130,6 +134,7 @@ public class RemoteDeviceConnectorImplTest {
         builder.setEventExecutor(eventExecutor);
         builder.setNetconfClientDispatcher(clientDispatcher);
         builder.setTopologyId(TOPOLOGY_ID);
         builder.setEventExecutor(eventExecutor);
         builder.setNetconfClientDispatcher(clientDispatcher);
         builder.setTopologyId(TOPOLOGY_ID);
+        builder.setEncryptionService(encryptionService);
     }
 
     @Test
     }
 
     @Test
@@ -257,7 +262,7 @@ public class RemoteDeviceConnectorImplTest {
         assertEquals(defaultClientConfig.getConnectionTimeoutMillis().longValue(), 1000L);
         assertEquals(defaultClientConfig.getAddress(), new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 9999));
         assertSame(defaultClientConfig.getSessionListener(), listener);
         assertEquals(defaultClientConfig.getConnectionTimeoutMillis().longValue(), 1000L);
         assertEquals(defaultClientConfig.getAddress(), new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 9999));
         assertSame(defaultClientConfig.getSessionListener(), listener);
-        assertEquals(defaultClientConfig.getAuthHandler().getUsername(), "testuser");
+        assertEquals(defaultClientConfig.getAuthHandler().getUsername(), encryptionService.encrypt("testuser"));
         assertEquals(defaultClientConfig.getProtocol(), NetconfClientConfiguration.NetconfClientProtocol.TCP);
     }
 }
         assertEquals(defaultClientConfig.getProtocol(), NetconfClientConfiguration.NetconfClientProtocol.TCP);
     }
 }
diff --git a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java
index 68a6f11f9fd7319abafd8ece766d76dc5263a173..337b42a5f11d75bb93bdda6beeeb92ed4b3c075d 100644 (file)
--- a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java
+++ b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java
@@ -24,6 +24,7 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@@ -49,6 +50,7 @@ import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfSessionPrefe
 import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
 import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
 import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
 import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
 import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
 import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
+import org.opendaylight.netconf.sal.connect.util.AuthEncryptor;
 import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
 import org.opendaylight.netconf.topology.api.NetconfTopology;
 import org.opendaylight.netconf.topology.api.SchemaRepositoryProvider;
 import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
 import org.opendaylight.netconf.topology.api.NetconfTopology;
 import org.opendaylight.netconf.topology.api.SchemaRepositoryProvider;
@@ -166,10 +168,14 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
 
     protected final HashMap<NodeId, NetconfConnectorDTO> activeConnectors = new HashMap<>();
 
 
     protected final HashMap<NodeId, NetconfConnectorDTO> activeConnectors = new HashMap<>();
 
+    protected final AAAEncryptionService encryptionService;
+
     protected AbstractNetconfTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher,
                                       final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
     protected AbstractNetconfTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher,
                                       final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
-                                      final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider,
-                                      final DataBroker dataBroker, final DOMMountPointService mountPointService) {
+                                      final ThreadPool processingExecutor,
+                                      final SchemaRepositoryProvider schemaRepositoryProvider,
+                                      final DataBroker dataBroker, final DOMMountPointService mountPointService,
+                                      final AAAEncryptionService encryptionService) {
         this.topologyId = topologyId;
         this.clientDispatcher = clientDispatcher;
         this.eventExecutor = eventExecutor;
         this.topologyId = topologyId;
         this.clientDispatcher = clientDispatcher;
         this.eventExecutor = eventExecutor;
@@ -178,6 +184,7 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
         this.sharedSchemaRepository = schemaRepositoryProvider.getSharedSchemaRepository();
         this.dataBroker = dataBroker;
         this.mountPointService = mountPointService;
         this.sharedSchemaRepository = schemaRepositoryProvider.getSharedSchemaRepository();
         this.dataBroker = dataBroker;
         this.mountPointService = mountPointService;
+        this.encryptionService = encryptionService;
     }
 
     public void setSchemaRegistry(final SchemaSourceRegistry schemaRegistry) {
     }
 
     public void setSchemaRegistry(final SchemaSourceRegistry schemaRegistry) {
@@ -212,6 +219,8 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
                                                                         final Node configNode) {
         final NetconfNode netconfNode = configNode.getAugmentation(NetconfNode.class);
 
                                                                         final Node configNode) {
         final NetconfNode netconfNode = configNode.getAugmentation(NetconfNode.class);
 
+        AuthEncryptor.encryptIfNeeded(nodeId, netconfNode, encryptionService, topologyId, dataBroker);
+
         Preconditions.checkNotNull(netconfNode.getHost());
         Preconditions.checkNotNull(netconfNode.getPort());
         Preconditions.checkNotNull(netconfNode.isTcpOnly());
         Preconditions.checkNotNull(netconfNode.getHost());
         Preconditions.checkNotNull(netconfNode.getPort());
         Preconditions.checkNotNull(netconfNode.isTcpOnly());
@@ -400,8 +409,11 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
         final Credentials credentials = node.getCredentials();
         if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) {
             authHandler = new LoginPassword(
         final Credentials credentials = node.getCredentials();
         if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) {
             authHandler = new LoginPassword(
-                    ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getUsername(),
-                    ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getPassword());
+                    ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
+                            .netconf.node.credentials.credentials.LoginPassword) credentials).getUsername(),
+                    ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
+                            .netconf.node.credentials.credentials.LoginPassword) credentials).getPassword(),
+                    encryptionService);
         } else {
             throw new IllegalStateException("Only login/password authentification is supported");
         }
         } else {
             throw new IllegalStateException("Only login/password authentification is supported");
         }
diff --git a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImpl.java b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImpl.java
index 243f09a77f8e1a49837e686d7ce102f27a825096..30bb2f78670cae84425ebcf943d606361eafcfbd 100644 (file)
--- a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImpl.java
+++ b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImpl.java
@@ -13,6 +13,7 @@ import com.google.common.util.concurrent.Futures;
 import io.netty.util.concurrent.EventExecutor;
 import java.util.Collection;
 import javax.annotation.Nonnull;
 import io.netty.util.concurrent.EventExecutor;
 import java.util.Collection;
 import javax.annotation.Nonnull;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@@ -50,10 +51,12 @@ public class NetconfTopologyImpl extends AbstractNetconfTopology implements Data
 
     public NetconfTopologyImpl(final String topologyId, final NetconfClientDispatcher clientDispatcher,
                                final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
 
     public NetconfTopologyImpl(final String topologyId, final NetconfClientDispatcher clientDispatcher,
                                final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
-                               final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider,
-                               final DataBroker dataBroker, final DOMMountPointService mountPointService) {
+                               final ThreadPool processingExecutor,
+                               final SchemaRepositoryProvider schemaRepositoryProvider,
+                               final DataBroker dataBroker, final DOMMountPointService mountPointService,
+                               final AAAEncryptionService encryptionService) {
         super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, processingExecutor,
         super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, processingExecutor,
-                schemaRepositoryProvider, dataBroker, mountPointService);
+                schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
     }
 
     @Override
     }
 
     @Override
diff --git a/netconf/netconf-topology/src/test/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImplTest.java b/netconf/netconf-topology/src/test/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImplTest.java
index 235086f4cf17e5542663048b831cb1daf23f09cc..12eca67a37ca17ac28c30d0cb8929c9b281f6811 100644 (file)
--- a/netconf/netconf-topology/src/test/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImplTest.java
+++ b/netconf/netconf-topology/src/test/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImplTest.java
@@ -29,6 +29,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
 import org.junit.Test;
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@@ -89,6 +90,9 @@ public class NetconfTopologyImplTest {
     @Mock
     private DOMMountPointService mountPointService;
 
     @Mock
     private DOMMountPointService mountPointService;
 
+    @Mock
+    private AAAEncryptionService encryptionService;
+
     private TestingNetconfTopologyImpl topology;
     private TestingNetconfTopologyImpl spyTopology;
 
     private TestingNetconfTopologyImpl topology;
     private TestingNetconfTopologyImpl spyTopology;
 
@@ -103,7 +107,7 @@ public class NetconfTopologyImplTest {
 
         topology = new TestingNetconfTopologyImpl(TOPOLOGY_ID, mockedClientDispatcher,
                 mockedEventExecutor, mockedKeepaliveExecutor, mockedProcessingExecutor, mockedSchemaRepositoryProvider,
 
         topology = new TestingNetconfTopologyImpl(TOPOLOGY_ID, mockedClientDispatcher,
                 mockedEventExecutor, mockedKeepaliveExecutor, mockedProcessingExecutor, mockedSchemaRepositoryProvider,
-                dataBroker, mountPointService);
+                dataBroker, mountPointService, encryptionService);
 
         spyTopology = spy(topology);
     }
 
         spyTopology = spy(topology);
     }
@@ -180,12 +184,14 @@ public class NetconfTopologyImplTest {
 
     public static class TestingNetconfTopologyImpl extends NetconfTopologyImpl {
 
 
     public static class TestingNetconfTopologyImpl extends NetconfTopologyImpl {
 
-        public TestingNetconfTopologyImpl(final String topologyId, final NetconfClientDispatcher clientDispatcher,
-                                          final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
-                                          final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider,
-                                          final DataBroker dataBroker, final DOMMountPointService mountPointService) {
+        public TestingNetconfTopologyImpl(
+                final String topologyId, final NetconfClientDispatcher clientDispatcher,
+                final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
+                final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider,
+                final DataBroker dataBroker, final DOMMountPointService mountPointService,
+                final AAAEncryptionService encryptionService) {
             super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor,
             super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor,
-                    processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService);
+                    processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
         }
 
         @Override
         }
 
         @Override
diff --git a/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/util/AuthEncryptor.java b/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/util/AuthEncryptor.java
new file mode 100644 (file)
index 0000000..28a9171
--- /dev/null
+++ b/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/util/AuthEncryptor.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2016 Brocade Communication Systems and others.  All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.netconf.sal.connect.util;
+
+import com.google.common.util.concurrent.CheckedFuture;
+import com.google.common.util.concurrent.FutureCallback;
+import com.google.common.util.concurrent.Futures;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNodeBuilder;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NetworkTopology;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.TopologyId;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.Topology;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.TopologyKey;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.NodeKey;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ *  Utility to encrypt netconf username and password.
+ */
+public class AuthEncryptor {
+    private static final Logger LOG = LoggerFactory.getLogger(AuthEncryptor.class);
+
+    public static void encryptIfNeeded(final NodeId nodeId, final NetconfNode netconfNode,
+                                 AAAEncryptionService encryptionService,
+                                 final String topologyId, final DataBroker dataBroker) {
+        final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
+                .credentials.credentials.LoginPassword creds =
+                (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
+                        .credentials.credentials.LoginPassword) netconfNode.getCredentials();
+        final String decryptedPassword = encryptionService.decrypt(creds.getPassword());
+        if (decryptedPassword != null && decryptedPassword.equals(creds.getPassword())) {
+            LOG.info("Encrypting the provided credentials");
+            final String username = encryptionService.encrypt(creds.getUsername());
+            final String password = encryptionService.encrypt(creds.getPassword());
+            final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
+                    .credentials.credentials.LoginPasswordBuilder passwordBuilder =
+                    new org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
+                            .netconf.node.credentials.credentials.LoginPasswordBuilder();
+            passwordBuilder.setUsername(username);
+            passwordBuilder.setPassword(password);
+            final NetconfNodeBuilder nnb = new NetconfNodeBuilder();
+            nnb.setCredentials(passwordBuilder.build());
+
+            final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
+            final InstanceIdentifier<NetworkTopology> networkTopologyId =
+                    InstanceIdentifier.builder(NetworkTopology.class).build();
+            final InstanceIdentifier<NetconfNode> niid = networkTopologyId.child(Topology.class,
+                    new TopologyKey(new TopologyId(topologyId))).child(Node.class,
+                    new NodeKey(nodeId)).augmentation(NetconfNode.class);
+            writeTransaction.merge(LogicalDatastoreType.CONFIGURATION, niid, nnb.build());
+            final CheckedFuture<Void, TransactionCommitFailedException> future = writeTransaction.submit();
+            Futures.addCallback(future, new FutureCallback<Void>() {
+
+                @Override
+                public void onSuccess(Void result) {
+                    LOG.info("Encrypted netconf username/password successfully");
+                }
+
+                @Override
+                public void onFailure(Throwable exception) {
+                    LOG.error("Unable to encrypt netconf username/password." + exception.getMessage());
+                }
+            });
+        }
+    }
+}
Netconf