import java.net.InetAddress;
import java.util.Collection;
-import io.netty.handler.ssl.SslContext;
+import javax.net.ssl.SSLContext;
/**
* OvsDBConnection Interface provides OVSDB connection management APIs which includes
* @return OvsDBClient The primary Client interface for the ovsdb connection.
*/
public OvsdbClient connectWithSsl(final InetAddress address, final int port,
- final SslContext sslContext);
+ final SSLContext sslContext);
/**
* Method to disconnect an existing connection.
* Method to start ovsdb server for passive connection with SSL
*/
public boolean startOvsdbManagerWithSsl(final int ovsdbListenPort,
- final SslContext sslContext);
+ final SSLContext sslContext);
/**
* Method to register a Passive Connection Listener with the ConnectionService.
package org.opendaylight.ovsdb.lib;
import io.netty.channel.Channel;
+import io.netty.handler.ssl.SslHandler;
import java.net.InetAddress;
import java.net.InetSocketAddress;
+import java.security.cert.Certificate;
+import javax.net.ssl.SSLPeerUnverifiedException;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlTransient;
public ConnectionType getType() {
return type;
}
+ @XmlElement(name="clientCertificate")
+ public Certificate getCertificate() throws SSLPeerUnverifiedException {
+ SslHandler sslHandler = (SslHandler) channel.pipeline().get("ssl");
+ if (sslHandler != null) {
+ return sslHandler.engine().getSession().getPeerCertificates()[0];
+ }
+ return null;
+ }
@Override
public int hashCode() {
import io.netty.handler.logging.LogLevel;
import io.netty.handler.logging.LoggingHandler;
import io.netty.util.CharsetUtil;
-import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslHandler;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
import java.net.InetAddress;
import java.util.Collection;
import org.opendaylight.ovsdb.lib.jsonrpc.JsonRpcEndpoint;
import org.opendaylight.ovsdb.lib.jsonrpc.JsonRpcServiceBinderHandler;
import org.opendaylight.ovsdb.lib.message.OvsdbRPC;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
}
@Override
public OvsdbClient connectWithSsl(final InetAddress address, final int port,
- final SslContext sslContext) {
+ final SSLContext sslContext) {
try {
Bootstrap bootstrap = new Bootstrap();
bootstrap.group(new NioEventLoopGroup());
public void initChannel(SocketChannel channel) throws Exception {
if (sslContext != null) {
/* First add ssl handler if ssl context is given */
- channel.pipeline().addLast(sslContext.newHandler(channel.alloc(),
- address.toString(), port));
+ SSLEngine engine =
+ sslContext.createSSLEngine(address.toString(), port);
+ engine.setUseClientMode(true);
+ channel.pipeline().addLast("ssl", new SslHandler(engine));
}
channel.pipeline().addLast(
//new LoggingHandler(LogLevel.INFO),
@Override
synchronized
public boolean startOvsdbManagerWithSsl(final int ovsdbListenPort,
- final SslContext sslContext) {
+ final SSLContext sslContext) {
if (!singletonCreated) {
new Thread() {
@Override
* OVSDB Passive listening thread that uses Netty ServerBootstrap to open
* passive connection with Ssl and handle channel callbacks.
*/
- private static void ovsdbManagerWithSsl(int port, final SslContext sslContext) {
+ private static void ovsdbManagerWithSsl(int port, final SSLContext sslContext) {
EventLoopGroup bossGroup = new NioEventLoopGroup();
EventLoopGroup workerGroup = new NioEventLoopGroup();
try {
logger.debug("New Passive channel created : "+ channel.toString());
if (sslContext != null) {
/* Add SSL handler first if SSL context is provided */
- channel.pipeline().addLast(sslContext.newHandler(channel.alloc()));
+ SSLEngine engine = sslContext.createSSLEngine();
+ engine.setUseClientMode(false); // work in a server mode
+ engine.setNeedClientAuth(true); // need client authentication
+ channel.pipeline().addLast("ssl", new SslHandler(engine));
}
channel.pipeline().addLast(