<configuration>
<artifacts>
<artifact>
- <file>${project.build.directory}/classes/initial/08-aaa-cert-config.xml</file>
+ <file>${project.build.directory}/classes/initial/aaa-cert-config.xml</file>
<type>xml</type>
<classifier>config</classifier>
</artifact>
package org.opendaylight.aaa.cert.api;
-import java.security.KeyStore;
-
import javax.annotation.Nonnull;
+import java.security.KeyStore;
/**
* IAaaCertProvider defines the basic operation for certificates management
* @author mserngawy
*
*/
-public interface IAaaCertProvider extends java.lang.AutoCloseable {
+public interface IAaaCertProvider {
/**
* Add certificate to ODL keystore, the certificate should be signed by a CA (Certificate Authority) based on a certificate
* @return Trust keystore
*/
KeyStore getTrustKeyStore();
+
+ /**
+ * Get list of of the allowed cipher suites otherwise empty array
+ *
+ * @return Cipher suites
+ */
+ String[] getCipherSuites();
}
\ No newline at end of file
package org.opendaylight.aaa.cert.impl;
-import com.google.common.util.concurrent.SettableFuture;
import java.security.KeyStore;
+import java.util.ArrayList;
+import java.util.List;
import java.util.concurrent.Future;
+
import org.opendaylight.aaa.cert.api.IAaaCertProvider;
-import org.opendaylight.controller.sal.binding.api.BindingAwareBroker.ProviderContext;
-import org.opendaylight.controller.sal.binding.api.BindingAwareProvider;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.CtlKeystore;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.TrustKeystore;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.AaaCertServiceConfig;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.CtlKeystore;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.CtlKeystoreBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.TrustKeystore;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.TrustKeystoreBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.ctlkeystore.CipherSuites;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.AaaCertRpcService;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetNodeCertifcateInput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.GetNodeCertifcateOutput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.SetODLCertifcateInput;
import org.opendaylight.yangtools.yang.common.RpcResult;
import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.FrameworkUtil;
-import org.osgi.framework.ServiceRegistration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.google.common.util.concurrent.SettableFuture;
+
/**
* AaaCertProvider use to manage the certificates manipulation operations add, revoke and update
*
* @author mserngawy
*
*/
-public class AaaCertProvider implements AutoCloseable, IAaaCertProvider, BindingAwareProvider, AaaCertRpcService {
+public class AaaCertProvider implements IAaaCertProvider, AaaCertRpcService {
private final static Logger LOG = LoggerFactory.getLogger(AaaCertProvider.class);
- private ServiceRegistration<AaaCertRpcService> aaaCertRpcServiceRegisteration;
- private ServiceRegistration<IAaaCertProvider> aaaCertServiceRegisteration;
- private final CtlKeystore ctlKeyStore;
+ private CtlKeystore ctlKeyStore;
private final ODLKeyTool odlKeyTool;
- private final TrustKeystore trustKeyStore;
+ private TrustKeystore trustKeyStore;
- public AaaCertProvider(final CtlKeystore ctlKeyStore, final TrustKeystore trustKeyStore) {
- LOG.info("aaa Certificate Service Initalized");
+ public AaaCertProvider(final AaaCertServiceConfig aaaCertServiceConfig) {
odlKeyTool = new ODLKeyTool();
- this.ctlKeyStore = ctlKeyStore;
- this.trustKeyStore = trustKeyStore;
+ this.ctlKeyStore = aaaCertServiceConfig.getCtlKeystore();
+ this.trustKeyStore = aaaCertServiceConfig.getTrustKeystore();
+ if (aaaCertServiceConfig.isUseConfig() && !KeyStoreConstant.checkKeyStoreFile(ctlKeyStore.getName())) {
+ LOG.info("Creating keystore based on given configuration");
+ this.createODLKeyStore();
+ this.createTrustKeyStore();
+ }
+ LOG.info("aaa Certificate Service Initalized");
}
@Override
return odlKeyTool.addCertificate(trustKeyStore.getName(), storePasswd, certificate, alias);
}
- @Override
- public void close() throws Exception {
- LOG.info("aaa Certificate Service Closed");
- aaaCertServiceRegisteration.unregister();
- aaaCertRpcServiceRegisteration.unregister();
- }
-
public void createODLKeyStore() {
createODLKeyStore(ctlKeyStore.getName(),ctlKeyStore.getStorePassword(), ctlKeyStore.getAlias(),
ctlKeyStore.getDname(), ctlKeyStore.getValidity());
@Override
public String createODLKeyStore(final String keyStore, final String storePasswd, final String alias,
final String dName, final int validity) {
- ctlKeyStore.setAlias(alias);
- ctlKeyStore.setDname(dName);
- ctlKeyStore.setName(keyStore);
- ctlKeyStore.setStorePassword(storePasswd);
- ctlKeyStore.setValidity(validity);
+ ctlKeyStore = new CtlKeystoreBuilder().setAlias(alias)
+ .setDname(dName)
+ .setName(keyStore)
+ .setStorePassword(storePasswd)
+ .setValidity(validity)
+ .build();
if(odlKeyTool.createKeyStoreWithSelfSignCert(keyStore, storePasswd, dName, alias, validity)) {
return keyStore + " Keystore created.";
} else {
@Override
public String createTrustKeyStore(final String keyStore, final String storePasswd, final String alias) {
- trustKeyStore.setAlias(alias);
- trustKeyStore.setName(keyStore);
- trustKeyStore.setStorePassword(storePasswd);
+ trustKeyStore = new TrustKeystoreBuilder().setAlias(alias)
+ .setName(keyStore)
+ .setStorePassword(storePasswd)
+ .build();
if(odlKeyTool.createKeyStoreImportCert(keyStore, storePasswd, trustKeyStore.getCertFile(), alias)) {
return keyStore + " Keystore created.";
} else {
}
@Override
- public void onSessionInitiated(final ProviderContext session) {
- LOG.info("aaa Certificate Service Session Initiated");
- final BundleContext context = FrameworkUtil.getBundle(this.getClass()).getBundleContext();
- aaaCertServiceRegisteration = context.registerService(IAaaCertProvider.class, this, null);
- aaaCertRpcServiceRegisteration = context.registerService(AaaCertRpcService.class, this, null);
+ public String[] getCipherSuites() {
+ List<String> suites = new ArrayList<>();
+ if (ctlKeyStore.getCipherSuites() != null && !ctlKeyStore.getCipherSuites().isEmpty()) {
+ for (CipherSuites cipherSuite : ctlKeyStore.getCipherSuites()) {
+ suites.add(cipherSuite.getSuiteName());
+ }
+ }
+ return (String[]) suites.toArray();
}
@Override
final SettableFuture<RpcResult<Void>> futureResult = SettableFuture.create();
//adding ca to the alias of signed certificate by Certificate Authority.
//can not have 2 certifciate under the same alias.
- ctlKeyStore.setAlias("ca" + ctlKeyStore.getAlias());
+ ctlKeyStore = new CtlKeystoreBuilder(ctlKeyStore).setAlias("ca" + ctlKeyStore.getAlias()).build();
if (odlKeyTool.addCertificate(ctlKeyStore.getName(), ctlKeyStore.getStorePassword(),
input.getOdlCert(), ctlKeyStore.getAlias())) {
futureResult.set(RpcResultBuilder.<Void> success().build());
+++ /dev/null
-/*
- * Copyright (c) 2016 Inocybe Technologies. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.mdsal.rev160321;
-
-import org.opendaylight.aaa.cert.impl.AaaCertMdsalProvider;
-
-public class AaaCertMdsalProviderModule extends AbstractAaaCertMdsalProviderModule {
-
- public AaaCertMdsalProviderModule(final org.opendaylight.controller.config.api.ModuleIdentifier identifier, final org.opendaylight.controller.config.api.DependencyResolver dependencyResolver) {
- super(identifier, dependencyResolver);
- }
-
- public AaaCertMdsalProviderModule(final org.opendaylight.controller.config.api.ModuleIdentifier identifier, final org.opendaylight.controller.config.api.DependencyResolver dependencyResolver, final org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.mdsal.rev160321.AaaCertMdsalProviderModule oldModule, final java.lang.AutoCloseable oldInstance) {
- super(identifier, dependencyResolver, oldModule, oldInstance);
- }
-
- @Override
- public java.lang.AutoCloseable createInstance() {
- final AaaCertMdsalProvider aaaCertMdsal = new AaaCertMdsalProvider();
- getAaaBrokerDependency().registerProvider(aaaCertMdsal);
- return aaaCertMdsal;
- }
-
- @Override
- public void customValidation() {
-
- }
-
-}
+++ /dev/null
-/*
-* Generated file
-*
-* Generated from: yang module name: aaa-cert-mdsal yang module local name: aaa-cert-mdsal
-* Generated by: org.opendaylight.controller.config.yangjmxgenerator.plugin.JMXGenerator
-* Generated at: Mon Mar 21 16:18:48 EDT 2016
-*
-* Do not modify this file unless it is present under src/main directory
-*/
-package org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.mdsal.rev160321;
-public class AaaCertMdsalProviderModuleFactory extends org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.mdsal.rev160321.AbstractAaaCertMdsalProviderModuleFactory {
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2015 Inocybe Technologies. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126;
-
-import org.opendaylight.aaa.cert.impl.AaaCertProvider;
-import org.opendaylight.aaa.cert.impl.KeyStoreConstant;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * @author mserngawy
- * AaaCertProviderModule create and intialize the AaaCertProvider services
- */
-public class AaaCertProviderModule extends org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.AbstractAaaCertProviderModule {
-
- private final static Logger LOG = LoggerFactory.getLogger(AaaCertProviderModule.class);
-
- public AaaCertProviderModule(final org.opendaylight.controller.config.api.ModuleIdentifier identifier, final org.opendaylight.controller.config.api.DependencyResolver dependencyResolver) {
- super(identifier, dependencyResolver);
- }
-
- public AaaCertProviderModule(final org.opendaylight.controller.config.api.ModuleIdentifier identifier, final org.opendaylight.controller.config.api.DependencyResolver dependencyResolver, final org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.AaaCertProviderModule oldModule, final java.lang.AutoCloseable oldInstance) {
- super(identifier, dependencyResolver, oldModule, oldInstance);
- }
-
- @Override
- public AutoCloseable createInstance() {
- final CtlKeystore ctlKeyStore = this.getCtlKeystore();
- final TrustKeystore trust = this.getTrustKeystore();
- final AaaCertProvider aaaCertProvider = new AaaCertProvider(ctlKeyStore, trust);
- if (this.getUseConfig() && !KeyStoreConstant.checkKeyStoreFile(ctlKeyStore.getName())) {
- LOG.info("Creating keystore based on given configuration");
- aaaCertProvider.createODLKeyStore();
- aaaCertProvider.createTrustKeyStore();
- }
-
- getBrokerDependency().registerProvider(aaaCertProvider);
- return aaaCertProvider;
- }
-
- @Override
- public void customValidation() {
-
- }
-
-}
+++ /dev/null
-/*
-* Generated file
-*
-* Generated from: yang module name: aaa-cert yang module local name: aaa-cert
-* Generated by: org.opendaylight.controller.config.yangjmxgenerator.plugin.JMXGenerator
-* Generated at: Sun Nov 29 23:46:12 EST 2015
-*
-* Do not modify this file unless it is present under src/main directory
-*/
-package org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126;
-public class AaaCertProviderModuleFactory extends org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.AbstractAaaCertProviderModuleFactory {
-
-}
+++ /dev/null
-<blueprint xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
- xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
-</blueprint>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Copyright (c) 2015 Inocybe Technology. All rights reserved.
-This program and the accompanying materials are made available under the
-terms of the Eclipse Public License v1.0 which accompanies this distribution,
-and is available at http://www.eclipse.org/legal/epl-v10.html INTERNAL
--->
-<snapshot>
- <required-capabilities>
- <capability>urn:opendaylight:yang:aaa:cert?module=aaa-cert&revision=2015-11-26</capability>
- <capability>urn:opendaylight:yang:aaa:cert:mdsal?module=aaa-cert-mdsal&revision=2016-03-21</capability>
- <capability>urn:opendaylight:params:xml:ns:yang:controller:md:sal:binding?module=opendaylight-md-sal-binding&revision=2013-10-28</capability>
- </required-capabilities>
- <configuration>
- <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
- <modules xmlns="urn:opendaylight:params:xml:ns:yang:controller:config">
- <module>
- <type xmlns:prefix="urn:opendaylight:yang:aaa:cert">prefix:aaa-cert</type>
- <name>aaa-cert</name>
- <broker>
- <type xmlns:binding="urn:opendaylight:params:xml:ns:yang:controller:md:sal:binding">binding:binding-broker-osgi-registry</type>
- <name>binding-osgi-broker</name>
- </broker>
- <useConfig>false</useConfig>
- <ctlKeystore>
- <name>ctl.jks</name>
- <alias>controller</alias>
- <storePassword>storePassword</storePassword>
- <dname>CN=ODL, OU=Dev, O=LinuxFoundation, L=QC Montreal, C=CA</dname>
- <validity>365</validity>
- </ctlKeystore>
- <trustKeystore>
- <name>truststore.jks</name>
- <alias>controller</alias>
- <storePassword>storePassword</storePassword>
- <certFile>cacert.pem</certFile>
- </trustKeystore>
- </module>
- <module>
- <type xmlns:prefix="urn:opendaylight:yang:aaa:cert:mdsal">prefix:aaa-cert-mdsal</type>
- <name>aaa-cert-mdsal</name>
- <aaa-broker>
- <type xmlns:binding="urn:opendaylight:params:xml:ns:yang:controller:md:sal:binding">binding:binding-broker-osgi-registry</type>
- <name>binding-osgi-broker</name>
- </aaa-broker>
- </module>
- </modules>
- </data>
- </configuration>
-</snapshot>
--- /dev/null
+<aaa-cert-service-config xmlns="urn:opendaylight:yang:aaa:cert">
+ <useConfig>false</useConfig>
+ <ctlKeystore>
+ <name>ctl.jks</name>
+ <alias>controller</alias>
+ <storePassword>storePassword</storePassword>
+ <dname>CN=ODL, OU=Dev, O=LinuxFoundation, L=QC Montreal, C=CA</dname>
+ <validity>365</validity>
+ <cipher-suites>
+ <suiteName />
+ </cipher-suites>
+ </ctlKeystore>
+ <trustKeystore>
+ <name>truststore.jks</name>
+ <alias>controller</alias>
+ <storePassword>storePassword</storePassword>
+ <certFile>cacert.pem</certFile>
+ </trustKeystore>
+</aaa-cert-service-config>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
+ xmlns:odl="http://opendaylight.org/xmlns/blueprint/v1.0.0">
+
+ <odl:clustered-app-config id="aaaCertDefaultConfig" default-config-file-name="aaa-cert-config.xml"
+ binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.AaaCertServiceConfig"
+ list-key-value="aaa-cert-provider">
+ </odl:clustered-app-config>
+
+ <bean id="aaaCert" class="org.opendaylight.aaa.cert.impl.AaaCertProvider">
+ <argument ref="aaaCertDefaultConfig"/>
+ </bean>
+
+ <service ref="aaaCert" interface="org.opendaylight.aaa.cert.api.IAaaCertProvider"/>
+
+ <bean id="aaaCertMdsal" class="org.opendaylight.aaa.cert.impl.AaaCertMdsalProvider" />
+
+ <service ref="aaaCertMdsal" interface="org.opendaylight.aaa.cert.api.IAaaCertMdsalProvider"/>
+
+</blueprint>
\ No newline at end of file
uses ssl-data;
}
}
-
- identity aaa-cert-mdsal {
- base config:module-type;
- config:java-name-prefix AaaCertMdsalProvider;
- }
-
- augment "/config:modules/config:module/config:configuration" {
- case aaa-cert-mdsal {
- when "/config:modules/config:module/config:type = 'aaa-cert-mdsal'";
- container aaa-broker {
- uses config:service-ref {
- refine type {
- mandatory false;
- config:required-identity md-sal-binding:binding-broker-osgi-registry;
- }
- }
- }
- }
- }
-
}
\ No newline at end of file
namespace "urn:opendaylight:yang:aaa:cert";
prefix aaa-cert;
- import config {
- prefix config;
- revision-date 2013-04-05;
- }
-
- import opendaylight-md-sal-binding {
- prefix md-sal-binding;
- revision-date 2013-10-28;
- }
-
description
"Service definition for aaa certificate";
"Initial revision.";
}
- identity aaa-cert {
- base config:module-type;
- config:java-name-prefix AaaCertProvider;
- }
-
- augment "/config:modules/config:module/config:configuration" {
- case aaa-cert {
- when "/config:modules/config:module/config:type = 'aaa-cert'";
- container broker {
- uses config:service-ref {
- refine type {
- mandatory true;
- config:required-identity md-sal-binding:binding-broker-osgi-registry;
- }
- }
+ container aaa-cert-service-config {
+ leaf useConfig {
+ description "Use the configuration data to create the keystores";
+ type boolean;
+ default false;
+ }
+ container ctlKeystore {
+ leaf name {
+ description "keystore name default is ctl";
+ type string;
+ }
+ leaf alias {
+ description "key alias";
+ type string;
+ }
+ leaf storePassword {
+ description "keystore password";
+ type string;
+ }
+ leaf dname {
+ description "X.500 Distinguished Names should be in the following formate
+ CN=commonName
+ OU=organizationUnit
+ O=organizationName
+ L=localityName
+ S=stateName
+ C=country";
+ type string;
+ }
+ leaf validity {
+ description "validity";
+ type int32;
+ }
+ list cipher-suites {
+ leaf suiteName {
+ type string;
+ }
+ }
+ }
+ container trustKeystore {
+ leaf name {
+ description "keystore name default is truststore";
+ type string;
}
- leaf useConfig {
- description "Use the configuration data to create the keystores";
- type boolean;
- default false;
+ leaf alias {
+ description "key alias";
+ type string;
}
- container ctlKeystore {
- leaf name {
- description "keystore name default is ctl";
- type string;
- }
- leaf alias {
- description "key alias";
- type string;
- }
- leaf storePassword {
- description "keystore password";
- type string;
- }
- leaf dname {
- description "X.500 Distinguished Names should be in the following formate
- CN=commonName
- OU=organizationUnit
- O=organizationName
- L=localityName
- S=stateName
- C=country";
- type string;
- }
- leaf validity {
- description "validity";
- type int32;
- }
+ leaf storePassword {
+ description "keystore password";
+ type string;
}
- container trustKeystore {
- leaf name {
- description "keystore name default is truststore";
- type string;
- }
- leaf alias {
- description "key alias";
- type string;
- }
- leaf storePassword {
- description "keystore password";
- type string;
- }
- leaf certFile {
- description "path to CA certificate pem file";
- type string;
- }
+ leaf certFile {
+ description "path to CA certificate pem file";
+ type string;
}
}
}
<bundle>mvn:org.bouncycastle/bcprov-jdk15on/{{VERSION}}</bundle>
<bundle>mvn:commons-codec/commons-codec/{{VERSION}}</bundle>
- <configfile finalname="etc/opendaylight/karaf/08-aaa-cert-config.xml">mvn:org.opendaylight.aaa/aaa-cert/{{VERSION}}/xml/config</configfile>
+ <configfile finalname="etc/opendaylight/datastore/initial/config/aaa-cert-config.xml">mvn:org.opendaylight.aaa/aaa-cert/{{VERSION}}/xml/config</configfile>
<bundle>mvn:org.opendaylight.aaa/aaa-cert/{{VERSION}}</bundle>
</feature>