import java.math.BigInteger;
import java.net.InetSocketAddress;
import java.security.cert.X509Certificate;
+import java.util.List;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
+import org.eclipse.jdt.annotation.Nullable;
import org.opendaylight.openflowjava.protocol.api.extensibility.AlienMessageListener;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.protocol.rev130731.OpenflowProtocolListener;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.protocol.rev130731.OpenflowProtocolService;
/**
* Notify listener about switch certificate information.
- * @param switchcertificate X509Certificate of switch
+ *
+ * @param certificateChain X509 certificate chain presented by the switch
*/
- void onSwitchCertificateIdentified(X509Certificate switchcertificate);
+ void onSwitchCertificateIdentified(@Nullable List<X509Certificate> certificateChain);
/**
* Set listener for connection became ready-to-use event.
package org.opendaylight.openflowjava.protocol.impl.core;
+import static java.util.Objects.requireNonNull;
+
import java.io.IOException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
+import javax.net.ssl.X509TrustManager;
+import org.eclipse.jdt.annotation.Nullable;
import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
* @author michal.polkorab
*/
public class SslContextFactory {
+ private static final Logger LOG = LoggerFactory.getLogger(SslContextFactory.class);
// "TLS" - supports some version of TLS
// Use "TLSv1", "TLSv1.1", "TLSv1.2" for specific TLS version
private static final String PROTOCOL = "TLS";
+
private final TlsConfiguration tlsConfig;
- private static X509Certificate switchCertificate = null;
- private static boolean isCustomTrustManagerEnabled;
- private static final Logger LOG = LoggerFactory
- .getLogger(SslContextFactory.class);
+ private volatile List<X509Certificate> switchCertificateChain;
/**
* Sets the TlsConfiguration.
* TLS configuration object, contains keystore locations +
* keystore types
*/
- public SslContextFactory(TlsConfiguration tlsConfig) {
- this.tlsConfig = tlsConfig;
- }
-
- public X509Certificate getSwitchCertificate() {
- return switchCertificate;
+ public SslContextFactory(final TlsConfiguration tlsConfig) {
+ this.tlsConfig = requireNonNull(tlsConfig);
}
- public boolean isCustomTrustManagerEnabled() {
- return isCustomTrustManagerEnabled;
+ @Nullable List<X509Certificate> getSwitchCertificateChain() {
+ return switchCertificateChain;
}
- public static void setSwitchCertificate(X509Certificate certificate) {
- switchCertificate = certificate;
- }
-
- public static void setIsCustomTrustManagerEnabled(boolean customTrustManagerEnabled) {
- isCustomTrustManagerEnabled = customTrustManagerEnabled;
+ void setSwitchCertificateChain(final X509Certificate[] chain) {
+ switchCertificateChain = List.of(chain);
}
public SSLContext getServerContext() {
- String algorithm = Security
- .getProperty("ssl.KeyManagerFactory.algorithm");
+ String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
if (algorithm == null) {
algorithm = "SunX509";
}
tmf.init(ts);
serverContext = SSLContext.getInstance(PROTOCOL);
- if (isCustomTrustManagerEnabled) {
- CustomTrustManager[] customTrustManager = new CustomTrustManager[tmf.getTrustManagers().length];
- for (int i = 0; i < tmf.getTrustManagers().length; i++) {
- customTrustManager[i] = new CustomTrustManager((X509ExtendedTrustManager)
- tmf.getTrustManagers()[i]);
+
+ // A bit ugly: intercept trust checks to establish switch certificate
+ final TrustManager[] delegates = tmf.getTrustManagers();
+ final TrustManager[] proxies;
+ if (delegates != null) {
+ proxies = new TrustManager[delegates.length];
+ for (int i = 0; i < delegates.length; i++) {
+ final TrustManager delegate = delegates[i];
+ if (delegate instanceof X509ExtendedTrustManager) {
+ proxies[i] = new ProxyExtendedTrustManager((X509ExtendedTrustManager) delegate);
+ } else if (delegate instanceof X509TrustManager) {
+ proxies[i] = new ProxyTrustManager((X509TrustManager) delegate);
+ } else {
+ LOG.debug("Cannot handle trust manager {}, passing through", delegate);
+ proxies[i] = delegate;
+ }
}
- serverContext.init(kmf.getKeyManagers(), customTrustManager, null);
} else {
- serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+ proxies = null;
}
+ serverContext.init(kmf.getKeyManagers(), proxies, null);
} catch (IOException e) {
LOG.warn("IOException - Failed to load keystore / truststore."
+ " Failed to initialize the server-side SSLContext", e);
return serverContext;
}
+ private final class ProxyTrustManager implements X509TrustManager {
+ private final X509TrustManager delegate;
+
+ ProxyTrustManager(final X509TrustManager delegate) {
+ this.delegate = requireNonNull(delegate);
+ }
+
+ @Override
+ public void checkClientTrusted(final X509Certificate[] chain, final String authType)
+ throws CertificateException {
+ setSwitchCertificateChain(chain);
+ delegate.checkClientTrusted(chain, authType);
+ }
+
+ @Override
+ public void checkServerTrusted(final X509Certificate[] chain, final String authType)
+ throws CertificateException {
+ delegate.checkServerTrusted(chain, authType);
+ }
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return delegate.getAcceptedIssuers();
+ }
+ }
- private static class CustomTrustManager extends X509ExtendedTrustManager {
- private final X509ExtendedTrustManager trustManager;
+ private final class ProxyExtendedTrustManager extends X509ExtendedTrustManager {
+ private final X509ExtendedTrustManager delegate;
- CustomTrustManager(final X509ExtendedTrustManager trustManager) {
- this.trustManager = trustManager;
+ ProxyExtendedTrustManager(final X509ExtendedTrustManager trustManager) {
+ delegate = requireNonNull(trustManager);
}
@Override
- public void checkClientTrusted(final X509Certificate[] x509Certificates, final String authType,
- final Socket socket) throws CertificateException {
- SslContextFactory.setSwitchCertificate(x509Certificates[0]);
- trustManager.checkClientTrusted(x509Certificates, authType, socket);
+ public void checkClientTrusted(final X509Certificate[] chain, final String authType, final Socket socket)
+ throws CertificateException {
+ setSwitchCertificateChain(chain);
+ delegate.checkClientTrusted(chain, authType, socket);
}
@Override
- public void checkClientTrusted(final X509Certificate[] x509Certificates, final String authType)
+ public void checkClientTrusted(final X509Certificate[] chain, final String authType)
throws CertificateException {
- SslContextFactory.setSwitchCertificate(x509Certificates[0]);
- trustManager.checkClientTrusted(x509Certificates, authType);
+ setSwitchCertificateChain(chain);
+ delegate.checkClientTrusted(chain, authType);
}
@Override
- public void checkClientTrusted(final X509Certificate[] x509Certificates, final String authType,
- final SSLEngine sslEngine) throws CertificateException {
- SslContextFactory.setSwitchCertificate(x509Certificates[0]);
- trustManager.checkClientTrusted(x509Certificates, authType, sslEngine);
+ public void checkClientTrusted(final X509Certificate[] chain, final String authType, final SSLEngine sslEngine)
+ throws CertificateException {
+ setSwitchCertificateChain(chain);
+ delegate.checkClientTrusted(chain, authType, sslEngine);
}
@Override
- public void checkServerTrusted(final X509Certificate[] x509Certificates, final String authType,
- final SSLEngine sslEngine) throws CertificateException {
- trustManager.checkServerTrusted(x509Certificates, authType, sslEngine);
+ public void checkServerTrusted(final X509Certificate[] chain, final String authType, final SSLEngine sslEngine)
+ throws CertificateException {
+ delegate.checkServerTrusted(chain, authType, sslEngine);
}
@Override
- public void checkServerTrusted(final X509Certificate[] x509Certificates, final String authType)
+ public void checkServerTrusted(final X509Certificate[] chain, final String authType)
throws CertificateException {
- trustManager.checkServerTrusted(x509Certificates, authType);
+ delegate.checkServerTrusted(chain, authType);
}
@Override
- public void checkServerTrusted(final X509Certificate[] x509Certificates, final String authType,
- final Socket socket) throws CertificateException {
- trustManager.checkServerTrusted(x509Certificates, authType, socket);
+ public void checkServerTrusted(final X509Certificate[] chain, final String authType, final Socket socket)
+ throws CertificateException {
+ delegate.checkServerTrusted(chain, authType, socket);
}
@Override
public X509Certificate[] getAcceptedIssuers() {
- return trustManager.getAcceptedIssuers();
+ return delegate.getAcceptedIssuers();
}
-
}
-
}
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
+import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration;
import org.opendaylight.openflowjava.protocol.impl.core.connection.ConnectionAdapterFactory;
import org.opendaylight.openflowjava.protocol.impl.core.connection.ConnectionAdapterFactoryImpl;
import org.opendaylight.openflowjava.protocol.impl.core.connection.ConnectionFacade;
LOG.debug("Calling OF plugin: {}", getSwitchConnectionHandler());
getSwitchConnectionHandler().onSwitchConnected(connectionFacade);
connectionFacade.checkListeners();
- boolean tlsPresent = false;
// If this channel is configured to support SSL it will only support SSL
- if (getTlsConfiguration() != null) {
- tlsPresent = true;
- final SslContextFactory sslFactory = new SslContextFactory(getTlsConfiguration());
+ final TlsConfiguration tlsConfig = getTlsConfiguration();
+ if (tlsConfig != null) {
+ final SslContextFactory sslFactory = new SslContextFactory(tlsConfig);
final SSLEngine engine = sslFactory.getServerContext().createSSLEngine();
engine.setNeedClientAuth(true);
engine.setUseClientMode(false);
final SslHandler ssl = new SslHandler(engine);
final Future<Channel> handshakeFuture = ssl.handshakeFuture();
final ConnectionFacade finalConnectionFacade = connectionFacade;
- if (sslFactory.isCustomTrustManagerEnabled()) {
- handshakeFuture.addListener(future -> finalConnectionFacade
- .onSwitchCertificateIdentified(sslFactory.getSwitchCertificate()));
- }
+ handshakeFuture.addListener(future -> finalConnectionFacade.onSwitchCertificateIdentified(
+ sslFactory.getSwitchCertificateChain()));
handshakeFuture.addListener(future -> finalConnectionFacade.fireConnectionReadyNotification());
ch.pipeline().addLast(PipelineHandlers.SSL_HANDLER.name(), ssl);
}
ch.pipeline().addLast(PipelineHandlers.OF_FRAME_DECODER.name(),
- new OFFrameDecoder(connectionFacade, tlsPresent));
+ new OFFrameDecoder(connectionFacade, tlsConfig != null));
ch.pipeline().addLast(PipelineHandlers.OF_VERSION_DETECTOR.name(), new OFVersionDetector());
final OFDecoder ofDecoder = new OFDecoder();
ofDecoder.setDeserializationFactory(getDeserializationFactory());
ch.pipeline().addLast(PipelineHandlers.DELEGATING_INBOUND_HANDLER.name(),
new DelegatingInboundHandler(connectionFacade));
- if (!tlsPresent) {
+ if (tlsConfig == null) {
connectionFacade.fireConnectionReadyNotification();
}
} catch (RuntimeException e) {
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
-import java.util.ArrayList;
+import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.TimeZone;
-import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.stream.Collectors;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+import javax.security.auth.x500.X500Principal;
import org.opendaylight.openflowjava.protocol.api.connection.ConnectionReadyListener;
import org.opendaylight.openflowjava.protocol.api.connection.OutboundQueueHandler;
import org.opendaylight.openflowjava.protocol.api.connection.OutboundQueueHandlerRegistration;
* @author michal.polkorab
*/
public class ConnectionAdapterImpl extends AbstractConnectionAdapterStatistics implements ConnectionFacade {
-
private static final Logger LOG = LoggerFactory.getLogger(ConnectionAdapterImpl.class);
private ConnectionReadyListener connectionReadyListener;
private ExecutorService executorService;
private final boolean useBarrier;
private X509Certificate switchCertificate;
+
/**
* Default constructor.
* @param channel the channel to be set - used for communication
* as there is no need to store address over tcp (stable channel))
* @param useBarrier value is configurable by configSubsytem
*/
-
public ConnectionAdapterImpl(final Channel channel, final InetSocketAddress address, final boolean useBarrier,
final int channelOutboundQueueSize) {
super(channel, address, channelOutboundQueueSize);
}
@Override
- public void onSwitchCertificateIdentified(final X509Certificate switchcertificate) {
- this.switchCertificate = switchcertificate;
+ public void onSwitchCertificateIdentified(final List<X509Certificate> certificateChain) {
+ if (certificateChain != null && !certificateChain.isEmpty()) {
+ switchCertificate = certificateChain.get(0);
+ }
}
@Override
}
private SwitchCertificate buildSwitchCertificate() {
- if (switchCertificate != null) {
- SwitchCertificateBuilder switchCertificateBuilder = new SwitchCertificateBuilder();
- SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'-00:00'");
- formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
- try {
- Map<String, String> subjectMap = new ConcurrentHashMap<>();
- Map<String, String> issuerMap = new ConcurrentHashMap<>();
- subjectMap.putAll(new LdapName(switchCertificate.getSubjectX500Principal().getName())
- .getRdns().stream()
- .collect(Collectors.toMap(rdn -> rdn.getType(), rdn -> rdn.getValue().toString())));
- issuerMap.putAll(new LdapName(switchCertificate.getIssuerX500Principal().getName())
- .getRdns().stream()
- .collect(Collectors.toMap(rdn -> rdn.getType(), rdn -> rdn.getValue().toString())));
- SubjectBuilder subjectBuilder = new SubjectBuilder();
- subjectBuilder.setCommonName(subjectMap.get("CN"));
- subjectBuilder.setCountry(subjectMap.get("C"));
- subjectBuilder.setLocality(subjectMap.get("L"));
- subjectBuilder.setOrganization(subjectMap.get("O"));
- subjectBuilder.setOrganizationUnit(subjectMap.get("OU"));
- subjectBuilder.setState(subjectMap.get("ST"));
- IssuerBuilder issuerBuilder = new IssuerBuilder();
- issuerBuilder.setCommonName(issuerMap.get("CN"));
- issuerBuilder.setCountry(issuerMap.get("C"));
- issuerBuilder.setLocality(issuerMap.get("L"));
- issuerBuilder.setOrganization(issuerMap.get("O"));
- issuerBuilder.setOrganizationUnit(issuerMap.get("OU"));
- issuerBuilder.setState(issuerMap.get("ST"));
- switchCertificateBuilder.setSubject(subjectBuilder.build());
- switchCertificateBuilder.setIssuer(issuerBuilder.build());
- } catch (InvalidNameException e) {
- LOG.error("Exception ", e);
- }
- switchCertificateBuilder.setSerialNumber(switchCertificate.getSerialNumber().toString());
- try {
- if (switchCertificate.getSubjectAlternativeNames() != null) {
- List<String> subjectAlternateNames = new ArrayList<>();
- switchCertificate.getSubjectAlternativeNames().forEach(generalName -> {
- final Object value = generalName.get(1);
- if (value instanceof String) {
- subjectAlternateNames.add((String) value);
- }
- });
- switchCertificateBuilder.setSubjectAlternateNames(subjectAlternateNames);
- } else {
- switchCertificateBuilder.setSubjectAlternateNames(null);
- }
- } catch (CertificateParsingException e) {
- LOG.error("Error encountered while parsing certificate ", e);
- }
- switchCertificateBuilder.setValidFrom(new DateAndTime(formatter.format(switchCertificate.getNotBefore())));
- switchCertificateBuilder.setValidTo(new DateAndTime(formatter.format(switchCertificate.getNotAfter())));
- return switchCertificateBuilder.build();
+ if (switchCertificate == null) {
+ return null;
+ }
+
+ final var builder = new SwitchCertificateBuilder();
+ final var subjectMap = indexRds(switchCertificate.getSubjectX500Principal());
+ if (subjectMap != null) {
+ builder.setSubject(new SubjectBuilder()
+ .setCommonName(subjectMap.get("CN"))
+ .setCountry(subjectMap.get("C"))
+ .setLocality(subjectMap.get("L"))
+ .setOrganization(subjectMap.get("O"))
+ .setOrganizationUnit(subjectMap.get("OU"))
+ .setState(subjectMap.get("ST"))
+ .build());
}
- return null;
+
+ final var issuerMap = indexRds(switchCertificate.getIssuerX500Principal());
+ if (issuerMap != null) {
+ builder.setIssuer(new IssuerBuilder()
+ .setCommonName(issuerMap.get("CN"))
+ .setCountry(issuerMap.get("C"))
+ .setLocality(issuerMap.get("L"))
+ .setOrganization(issuerMap.get("O"))
+ .setOrganizationUnit(issuerMap.get("OU"))
+ .setState(issuerMap.get("ST"))
+ .build());
+ }
+
+ Collection<List<?>> altNames = null;
+ try {
+ altNames = switchCertificate.getSubjectAlternativeNames();
+ } catch (CertificateParsingException e) {
+ LOG.error("Cannot parse certificate alternate names", e);
+ }
+ if (altNames != null) {
+ builder.setSubjectAlternateNames(altNames.stream()
+ .filter(list -> list.size() > 1)
+ .map(list -> list.get(1))
+ .filter(String.class::isInstance)
+ .map(String.class::cast)
+ .collect(Collectors.toUnmodifiableList()));
+ }
+
+ // FIXME: do not use SimpleDateFormat
+ SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'-00:00'");
+ formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
+
+ return builder
+ .setSerialNumber(switchCertificate.getSerialNumber().toString())
+ .setValidFrom(new DateAndTime(formatter.format(switchCertificate.getNotBefore())))
+ .setValidTo(new DateAndTime(formatter.format(switchCertificate.getNotAfter())))
+ .build();
}
@Override
public void setExecutorService(final ExecutorService executorService) {
this.executorService = executorService;
}
+
+ private static Map<String, String> indexRds(final X500Principal principal) {
+ final LdapName name;
+ try {
+ name = new LdapName(principal.getName());
+ } catch (InvalidNameException e) {
+ LOG.error("Cannot parse principal {}", principal, e);
+ return null;
+ }
+ return name.getRdns().stream().collect(Collectors.toMap(Rdn::getType, rdn -> rdn.getValue().toString()));
+ }
}
/**
* Delay for Device removal from Operational DataStore.
*/
- DEVICE_DATASTORE_REMOVAL_DELAY,
- /**
- * Enable or disable customtrustmanager which adds switch certificate attributes to TLS
- * failure notification property type.
- */
- ENABLE_CUSTOM_TRUST_MANAGER;
+ DEVICE_DATASTORE_REMOVAL_DELAY;
private static final Map<String, ConfigurationProperty> KEY_VALUE_MAP;
type non-zero-uint32-type;
default 500;
}
-
- leaf enable-custom-trust-manager {
- description "When true would use customtrustmanager to get switch certificate for TLS
- authentication failure notification. ";
- type boolean;
- default "false";
- }
}
}
#
# device-datastore-removal-delay=500
-#
-# When true, uses customtrustmanager to add switch certificate attributes to TLS authentification failure
-# notification
-#
-# enable-custom-trust-manager=false
-
#############################################################################
# #
# Forwarding Rule Manager Application Configuration #
return new NonZeroUint32Type(service.<Uint32>getProperty(
ConfigurationProperty.DEVICE_DATASTORE_REMOVAL_DELAY.toString(), Uint32::valueOf));
}
-
- @Override
- public Boolean getEnableCustomTrustManager() {
- return service.getProperty(ConfigurationProperty.ENABLE_CUSTOM_TRUST_MANAGER.toString(),
- Boolean::valueOf);
- }
}
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.openflowjava.protocol.api.connection.ConnectionAdapter;
import org.opendaylight.openflowjava.protocol.api.connection.ConnectionReadyListener;
-import org.opendaylight.openflowjava.protocol.impl.core.SslContextFactory;
import org.opendaylight.openflowplugin.api.OFConstants;
import org.opendaylight.openflowplugin.api.openflow.connection.ConnectionContext;
import org.opendaylight.openflowplugin.api.openflow.connection.ConnectionManager;
@NonNull final NotificationPublishService notificationPublishService) {
this.config = config;
this.executorService = executorService;
- this.deviceConnectionRateLimiter = new DeviceConnectionRateLimiter(config);
+ deviceConnectionRateLimiter = new DeviceConnectionRateLimiter(config);
this.dataBroker = dataBroker;
- this.deviceConnectionHoldTime = config.getDeviceConnectionHoldTimeInSeconds().toJava();
+ deviceConnectionHoldTime = config.getDeviceConnectionHoldTimeInSeconds().toJava();
deviceConnectionStatusProvider = new DeviceConnectionStatusProviderImpl();
deviceConnectionStatusProvider.init();
this.notificationPublishService = notificationPublishService;
LOG.trace("prepare connection context");
final ConnectionContext connectionContext = new ConnectionContextImpl(connectionAdapter,
deviceConnectionStatusProvider);
- connectionContext.setDeviceDisconnectedHandler(this.deviceDisconnectedHandler);
+ connectionContext.setDeviceDisconnectedHandler(deviceDisconnectedHandler);
HandshakeListener handshakeListener = new HandshakeListenerImpl(connectionContext, deviceConnectedHandler);
final HandshakeManager handshakeManager = createHandshakeManager(connectionAdapter, handshakeListener);
final SystemNotificationsListener systemListener = new SystemNotificationsListenerImpl(connectionContext,
config.getEchoReplyTimeout().getValue().toJava(), executorService, notificationPublishService);
connectionAdapter.setSystemListener(systemListener);
- SslContextFactory.setIsCustomTrustManagerEnabled(config.getEnableCustomTrustManager());
LOG.trace("connection ballet finished");
}
@Override
public void onSslConnectionError(final SslConnectionError notification) {
- IpAddress ip = null;
+ final IpAddress ip;
if (connectionContext.getConnectionAdapter() != null
&& connectionContext.getConnectionAdapter().getRemoteAddress() != null
&& connectionContext.getConnectionAdapter().getRemoteAddress().getAddress() != null) {
ip = IpAddressBuilder.getDefaultInstance(
connectionContext.getConnectionAdapter().getRemoteAddress().getAddress().getHostAddress());
+ } else {
+ ip = null;
}
- SwitchCertificateBuilder switchCertificateBuilder = new SwitchCertificateBuilder();
- if (notification.getSwitchCertificate() != null) {
- switchCertificateBuilder = new SwitchCertificateBuilder(notification.getSwitchCertificate());
- }
+
+ final var switchCert = notification.getSwitchCertificate();
+
notificationPublishService.offerNotification(new SslErrorBuilder()
.setType(SslErrorType.SslConFailed)
.setCode(Uint16.valueOf(SslErrorType.SslConFailed.getIntValue()))
.setNodeIpAddress(ip)
.setData(notification.getInfo())
- .setSwitchCertificate(notification.getSwitchCertificate() != null ? switchCertificateBuilder.build() : null)
+ .setSwitchCertificate(switchCert == null ? null : new SwitchCertificateBuilder(switchCert).build())
.build());
}
}
private static final Uint32 ECHO_REPLY_TIMEOUT = Uint32.valueOf(500);
private static final Uint16 DEVICE_CONNECTION_RATE_LIMIT_PER_MIN = Uint16.ZERO;
private static final Uint16 DEVICE_CONNECTION_HOLD_TIME_IN_SECONDS = Uint16.valueOf(60);
- private static final boolean ENABLE_CUSTOM_TRUST_MANAGER = false;
@Before
public void setUp() {
.setEchoReplyTimeout(new NonZeroUint32Type(ECHO_REPLY_TIMEOUT))
.setDeviceConnectionRateLimitPerMin(DEVICE_CONNECTION_RATE_LIMIT_PER_MIN)
.setDeviceConnectionHoldTimeInSeconds(DEVICE_CONNECTION_HOLD_TIME_IN_SECONDS)
- .setEnableCustomTrustManager(ENABLE_CUSTOM_TRUST_MANAGER)
.build(), threadPool, dataBroker, notificationPublishService);
connectionManagerImpl.setDeviceConnectedHandler(deviceConnectedHandler);