import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryInput;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKeyInput;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificateInput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.KeystoreBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.NetconfKeystoreService;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryInput;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKeyInput;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificateInput;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKeyKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredential;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificate;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificateKey;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.opendaylight.yangtools.yang.common.RpcResult;
import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
return rpcResult;
}
+
+ @Override
+ public Future<RpcResult<Void>> addTrustedCertificate(AddTrustedCertificateInput input) {
+ final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
+
+ for (TrustedCertificate certificate : input.getTrustedCertificate()) {
+ writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
+ keystoreIid.child(TrustedCertificate.class, certificate.getKey()), certificate);
+ }
+
+ final SettableFuture<RpcResult<Void>> rpcResult = SettableFuture.create();
+
+ final CheckedFuture<Void, TransactionCommitFailedException> submit = writeTransaction.submit();
+ Futures.addCallback(submit, new FutureCallback<Void>() {
+ @Override
+ public void onSuccess(@Nullable Void result) {
+ LOG.debug("add-trusted-certificate success. Input: {}", input);
+ final RpcResult<Void> success = RpcResultBuilder.<Void>success().build();
+ rpcResult.set(success);
+ }
+
+ @Override
+ public void onFailure(final Throwable throwable) {
+ LOG.warn("add-trusted-certificate failed. Input: {}", input, throwable);
+ rpcResult.setException(throwable);
+ }
+ }, MoreExecutors.directExecutor());
+
+ return rpcResult;
+ }
+
+ @Override
+ public Future<RpcResult<Void>> removeTrustedCertificate(RemoveTrustedCertificateInput input) {
+ final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
+ final List<String> names = input.getName();
+
+ for (final String name : names) {
+ writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
+ keystoreIid.child(TrustedCertificate.class, new TrustedCertificateKey(name)));
+ }
+
+ final SettableFuture<RpcResult<Void>> rpcResult = SettableFuture.create();
+
+ final CheckedFuture<Void, TransactionCommitFailedException> submit = writeTransaction.submit();
+ Futures.addCallback(submit, new FutureCallback<Void>() {
+ @Override
+ public void onSuccess(@Nullable Void result) {
+ LOG.debug("remove-trusted-certificate success. Input: {}", input);
+ final RpcResult<Void> success = RpcResultBuilder.<Void>success().build();
+ rpcResult.set(success);
+ }
+
+ @Override
+ public void onFailure(final Throwable throwable) {
+ LOG.warn("remove-trusted-certificate failed. Input: {}", input, throwable);
+ rpcResult.setException(throwable);
+ }
+ }, MoreExecutors.directExecutor());
+
+ return rpcResult;
+ }
+
+ @Override
+ public Future<RpcResult<Void>> addPrivateKey(AddPrivateKeyInput input) {
+ final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
+
+ for (PrivateKey key: input.getPrivateKey()) {
+ writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
+ keystoreIid.child(PrivateKey.class, key.getKey()), key);
+ }
+
+ final SettableFuture<RpcResult<Void>> rpcResult = SettableFuture.create();
+
+ final CheckedFuture<Void, TransactionCommitFailedException> submit = writeTransaction.submit();
+ Futures.addCallback(submit, new FutureCallback<Void>() {
+ @Override
+ public void onSuccess(@Nullable Void result) {
+ LOG.debug("add-private-key success. Input: {}", input);
+ final RpcResult<Void> success = RpcResultBuilder.<Void>success().build();
+ rpcResult.set(success);
+ }
+
+ @Override
+ public void onFailure(final Throwable throwable) {
+ LOG.warn("add-private-key failed. Input: {}", input, throwable);
+ rpcResult.setException(throwable);
+ }
+ }, MoreExecutors.directExecutor());
+
+ return rpcResult;
+ }
+
+ @Override
+ public Future<RpcResult<Void>> removePrivateKey(RemovePrivateKeyInput input) {
+ final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
+ final List<String> names = input.getName();
+
+ for (final String name : names) {
+ writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
+ keystoreIid.child(PrivateKey.class, new PrivateKeyKey(name)));
+ }
+
+ final SettableFuture<RpcResult<Void>> rpcResult = SettableFuture.create();
+
+ final CheckedFuture<Void, TransactionCommitFailedException> submit = writeTransaction.submit();
+ Futures.addCallback(submit, new FutureCallback<Void>() {
+ @Override
+ public void onSuccess(@Nullable Void result) {
+ LOG.debug("remove-private-key success. Input: {}", input);
+ final RpcResult<Void> success = RpcResultBuilder.<Void>success().build();
+ rpcResult.set(success);
+ }
+
+ @Override
+ public void onFailure(final Throwable throwable) {
+ LOG.warn("remove-private-key failed. Input: {}", input, throwable);
+ rpcResult.setException(throwable);
+ }
+ }, MoreExecutors.directExecutor());
+
+ return rpcResult;
+ }
}
}
}
+ grouping private-keys {
+ list private-key {
+ key name;
+ description "A private key.";
+ leaf name {
+ type string;
+ }
+ leaf data {
+ description "Base64 encoded private key.";
+ type string;
+ }
+ leaf-list certificate-chain {
+ description "A certificate chain for this public key. Each certificate is an X.509 v3 certificate
+ structure as specified by RFC5280, encoded using the Base64 format.";
+ type string;
+ }
+ }
+ }
+
+ grouping trusted-certificates {
+ list trusted-certificate {
+ key name;
+ description "A list of trusted certificate. These cerfitifcates can be used by a server to
+ authenticate clients, or by clients to authenticate servers.";
+ leaf name {
+ type string;
+ }
+ leaf certificate {
+ description "An X.509 v3 certificate structure as specified by RFC5280, encoded using
+ the Base64 format.";
+ type string;
+ }
+ }
+ }
+
container keystore {
uses keystore-entry;
+ uses private-keys;
+ uses trusted-certificates;
}
rpc add-keystore-entry {
}
}
}
+
+ rpc add-private-key {
+ description "Add a list of private keys into the keystore.";
+ input {
+ uses private-keys;
+ }
+ }
+
+ rpc remove-private-key {
+ description "Remove a list of private keys from the datastore.";
+ input {
+ leaf-list name {
+ type string;
+ }
+ }
+ }
+
+ rpc add-trusted-certificate {
+ description "Add a list of trusted certificates into the keystore.";
+ input {
+ uses trusted-certificates;
+ }
+ }
+
+ rpc remove-trusted-certificate {
+ description "Remove a list of trusted certificates from the datastore.";
+ input {
+ leaf-list name {
+ type string;
+ }
+ }
+ }
}
\ No newline at end of file