Factor out SslHandlerFactoryImpl

SslHandlerFactoryImpl is a separate piece of logic independent
of AbstractNetconfTopology. Move it to its own package-protected
class and cleanup its use of Optional.

Change-Id: I93b1cba1c77185fd79e345e08a7d5be76b15509a
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
(cherry picked from commit 3c6b26a05d26cf69eeb4cf05757873d94c932eaf)

diff --git a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java
index 19ba294b2ce67abbd7014648cfb29677da91fec8..05236a6c6db53d67bd34a33619d12fd11340d243 100644 (file)
--- a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java
+++ b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java
@@ -5,39 +5,28 @@
  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
  * and is available at http://www.eclipse.org/legal/epl-v10.html
  */
-
 package org.opendaylight.netconf.topology;
 
 import com.google.common.base.Optional;
 import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
 import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
 import com.google.common.util.concurrent.FutureCallback;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.ListeningExecutorService;
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.common.util.concurrent.Uninterruptibles;
-import io.netty.handler.ssl.SslHandler;
 import io.netty.util.concurrent.EventExecutor;
 import java.io.File;
-import java.io.IOException;
 import java.math.BigDecimal;
 import java.net.InetSocketAddress;
 import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 import java.util.concurrent.TimeUnit;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.TrustManagerFactory;
 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
 import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
 import org.opendaylight.controller.config.threadpool.ThreadPool;
@@ -78,8 +67,6 @@ import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.Protocol.Name;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.protocol.Specification;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.protocol.specification.TlsCase;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.status.available.capabilities.AvailableCapability.CapabilityOrigin;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.Credentials;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.KeyAuth;
@@ -657,50 +644,4 @@ public abstract class AbstractNetconfTopology implements NetconfTopology {
             facade.close();
         }
     }
-
-    private static final class SslHandlerFactoryImpl implements SslHandlerFactory {
-        private final NetconfKeystoreAdapter keystoreAdapter;
-        private final Optional<Specification> specOptional;
-
-        SslHandlerFactoryImpl(final NetconfKeystoreAdapter keystoreAdapter, final Specification specification) {
-            this.keystoreAdapter = keystoreAdapter;
-            this.specOptional = Optional.fromNullable(specification);
-        }
-
-        @Override
-        public SslHandler createSslHandler() {
-            try {
-                final KeyStore keyStore = keystoreAdapter.getJavaKeyStore();
-
-                final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-                kmf.init(keyStore, "".toCharArray());
-
-                final TrustManagerFactory tmf =
-                        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-                tmf.init(keyStore);
-
-                final SSLContext sslCtx = SSLContext.getInstance("TLS");
-                sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
-                final SSLEngine engine = sslCtx.createSSLEngine();
-                engine.setUseClientMode(true);
-
-                final Set<String> protocols = Sets.newHashSet(engine.getSupportedProtocols());
-                if (specOptional.isPresent()) {
-                    final Specification specification = specOptional.get();
-                    if (!(specification instanceof TlsCase)) {
-                        throw new IllegalArgumentException("Cannot get TLS specification from: " + specification);
-                    }
-                    protocols.removeAll(((TlsCase)specification).getTls().getExcludedVersions());
-                }
-
-                engine.setEnabledProtocols(protocols.toArray(new String[0]));
-                engine.setEnabledCipherSuites(engine.getSupportedCipherSuites());
-                engine.setEnableSessionCreation(true);
-
-                return new SslHandler(engine);
-            } catch (GeneralSecurityException | IOException exc) {
-                throw new IllegalStateException(exc);
-            }
-        }
-    }
 }

diff --git a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/SslHandlerFactoryImpl.java b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/SslHandlerFactoryImpl.java
new file mode 100644 (file)
index 0000000..2f7231e
--- /dev/null
+++ b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/SslHandlerFactoryImpl.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2019 Pantheon Technologies, s.r.o. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.netconf.topology;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static java.util.Objects.requireNonNull;
+
+import com.google.common.collect.Sets;
+import io.netty.handler.ssl.SslHandler;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.util.Set;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManagerFactory;
+import org.eclipse.jdt.annotation.Nullable;
+import org.opendaylight.netconf.client.SslHandlerFactory;
+import org.opendaylight.netconf.sal.connect.netconf.sal.NetconfKeystoreAdapter;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.protocol.Specification;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.protocol.specification.TlsCase;
+
+final class SslHandlerFactoryImpl implements SslHandlerFactory {
+    private final NetconfKeystoreAdapter keystoreAdapter;
+    private final @Nullable Specification specification;
+
+    SslHandlerFactoryImpl(final NetconfKeystoreAdapter keystoreAdapter, final Specification specification) {
+        this.keystoreAdapter = requireNonNull(keystoreAdapter);
+        this.specification = specification;
+    }
+
+    @Override
+    public SslHandler createSslHandler() {
+        try {
+            final KeyStore keyStore = keystoreAdapter.getJavaKeyStore();
+
+            final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+            kmf.init(keyStore, "".toCharArray());
+
+            final TrustManagerFactory tmf =
+                    TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init(keyStore);
+
+            final SSLContext sslCtx = SSLContext.getInstance("TLS");
+            sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+            final SSLEngine engine = sslCtx.createSSLEngine();
+            engine.setUseClientMode(true);
+
+            final String[] engineProtocols = engine.getSupportedProtocols();
+            final String[] enabledProtocols;
+            if (specification != null) {
+                checkArgument(specification instanceof TlsCase, "Cannot get TLS specification from: %s", specification);
+
+                final Set<String> protocols = Sets.newHashSet(engineProtocols);
+                protocols.removeAll(((TlsCase)specification).getTls().getExcludedVersions());
+                enabledProtocols = protocols.toArray(new String[0]);
+            } else {
+                enabledProtocols = engineProtocols;
+            }
+
+            engine.setEnabledProtocols(enabledProtocols);
+            engine.setEnabledCipherSuites(engine.getSupportedCipherSuites());
+            engine.setEnableSessionCreation(true);
+            return new SslHandler(engine);
+        } catch (GeneralSecurityException | IOException exc) {
+            throw new IllegalStateException(exc);
+        }
+    }
+}
\ No newline at end of file