import io.netty.channel.Channel;
import java.net.InetAddress;
import java.util.Collection;
-import javax.net.ssl.SSLContext;
+import org.opendaylight.aaa.cert.api.ICertificateManager;
/**
* OvsDBConnection Interface provides OVSDB connection management APIs which includes
* connection from the controller towards ovsdb-server.
* @param address IP Address of the remote server that hosts the ovsdb server.
* @param port Layer 4 port on which the remote ovsdb server is listening on.
- * @param sslContext Netty sslContext for channel configuration
+ * @param certificateManagerSrv Certificate manager for SSL/TLS
* @return OvsDBClient The primary Client interface for the ovsdb connection.
*/
- OvsdbClient connectWithSsl(InetAddress address, int port, SSLContext sslContext);
+ OvsdbClient connectWithSsl(InetAddress address, int port, ICertificateManager certificateManagerSrv);
/**
* Method to disconnect an existing connection.
* Method to start ovsdb server for passive connection with SSL.
*/
boolean startOvsdbManagerWithSsl(int ovsdbListenPort,
- SSLContext sslContext, String[] protocols, String[] cipherSuites);
+ ICertificateManager certificateManagerSrv,
+ String[] protocols, String[] cipherSuites);
/**
* Method to restart ovsdb server for passive connection with SSL and user
* specifies protocols and cipher suites.
*/
boolean restartOvsdbManagerWithSsl(int ovsdbListenPort,
- SSLContext sslContext,
- String[] protocols,
- String[] cipherSuites);
+ ICertificateManager certificateManagerSrv,
+ String[] protocols,
+ String[] cipherSuites);
/**
* Method to register a Passive Connection Listener with the ConnectionService.
LOG.error("Certificate Manager service is not available cannot establish the SSL communication.");
return null;
}
- return connectWithSsl(address, port, certManagerSrv.getServerContext());
+ return connectWithSsl(address, port, certManagerSrv);
} else {
return connectWithSsl(address, port, null /* SslContext */);
}
@Override
public OvsdbClient connectWithSsl(final InetAddress address, final int port,
- final SSLContext sslContext) {
+ final ICertificateManager certificateManagerSrv) {
try {
Bootstrap bootstrap = new Bootstrap();
bootstrap.group(new NioEventLoopGroup());
bootstrap.handler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(SocketChannel channel) throws Exception {
+ SSLContext sslContext = certificateManagerSrv.getServerContext();
if (sslContext != null) {
/* First add ssl handler if ssl context is given */
SSLEngine engine =
*/
@Override
public synchronized boolean startOvsdbManagerWithSsl(final int ovsdbListenPort,
- final SSLContext sslContext, String[] protocols, String[] cipherSuites) {
+ final ICertificateManager certificateManagerSrv,
+ String[] protocols, String[] cipherSuites) {
if (!singletonCreated.getAndSet(true)) {
- new Thread(() -> ovsdbManagerWithSsl(ovsdbListenPort, sslContext, protocols, cipherSuites)).start();
+ new Thread(() -> ovsdbManagerWithSsl(ovsdbListenPort,
+ certificateManagerSrv, protocols, cipherSuites)).start();
return true;
} else {
return false;
@Override
public synchronized boolean restartOvsdbManagerWithSsl(final int ovsdbListenPort,
- final SSLContext sslContext,
+ final ICertificateManager certificateManagerSrv,
final String[] protocols,
final String[] cipherSuites) {
if (singletonCreated.getAndSet(false) && serverChannel != null) {
LOG.info("Server channel closed");
}
serverChannel = null;
- return startOvsdbManagerWithSsl(ovsdbListenPort, sslContext, protocols, cipherSuites);
+ return startOvsdbManagerWithSsl(ovsdbListenPort, certificateManagerSrv, protocols, cipherSuites);
}
/**
LOG.error("Certificate Manager service is not available cannot establish the SSL communication.");
return;
}
- ovsdbManagerWithSsl(port, certManagerSrv.getServerContext(), certManagerSrv.getTlsProtocols(),
+ ovsdbManagerWithSsl(port, certManagerSrv, certManagerSrv.getTlsProtocols(),
certManagerSrv.getCipherSuites());
} else {
ovsdbManagerWithSsl(port, null /* SslContext */, null, null);
* OVSDB Passive listening thread that uses Netty ServerBootstrap to open
* passive connection with Ssl and handle channel callbacks.
*/
- private static void ovsdbManagerWithSsl(int port, final SSLContext sslContext, final String[] protocols,
- final String[] cipherSuites) {
+ private static void ovsdbManagerWithSsl(int port, final ICertificateManager certificateManagerSrv,
+ final String[] protocols, final String[] cipherSuites) {
EventLoopGroup bossGroup = new NioEventLoopGroup();
EventLoopGroup workerGroup = new NioEventLoopGroup();
try {
@Override
public void initChannel(SocketChannel channel) throws Exception {
LOG.debug("New Passive channel created : {}", channel);
+ SSLContext sslContext = certificateManagerSrv.getServerContext();
if (sslContext != null) {
/* Add SSL handler first if SSL context is provided */
SSLEngine engine = sslContext.createSSLEngine();