<type>xml</type>
<classifier>features</classifier>
</dependency>
-
</dependencies>
</project>
<artifactId>netconf-netty-util</artifactId>
<version>${project.version}</version>
</dependency>
- <dependency>
- <groupId>org.opendaylight.aaa</groupId>
- <artifactId>aaa-encrypt-service</artifactId>
- <version>0.7.0-SNAPSHOT</version>
- <classifier>config</classifier>
- <type>xml</type>
- </dependency>
</dependencies>
-</project>
+</project>
\ No newline at end of file
package org.opendaylight.netconf.callhome.mount;
import io.netty.util.concurrent.EventExecutor;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
final ThreadPool processingExecutor,
final SchemaRepositoryProvider schemaRepositoryProvider,
final DataBroker dataBroker,
- final DOMMountPointService mountPointService,
- final AAAEncryptionService encryptionService) {
+ final DOMMountPointService mountPointService) {
super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor,
- processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
+ processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService);
this.mountPointService = mountPointService;
}
}
import io.netty.util.concurrent.FailedFuture;
import io.netty.util.concurrent.Future;
import java.net.InetSocketAddress;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
private final CallHomeMountSessionManager sessionManager;
private final DataBroker dataBroker;
private final DOMMountPointService mountService;
- private final AAAEncryptionService encryptionService;
protected CallHomeTopology topology;
};
public CallHomeMountDispatcher(final String topologyId, final EventExecutor eventExecutor,
- final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor,
- final SchemaRepositoryProvider schemaRepositoryProvider, final DataBroker dataBroker,
- final DOMMountPointService mountService, final AAAEncryptionService encryptionService) {
+ final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor,
+ final SchemaRepositoryProvider schemaRepositoryProvider, final DataBroker dataBroker,
+ final DOMMountPointService mountService) {
this.topologyId = topologyId;
this.eventExecutor = eventExecutor;
this.keepaliveExecutor = keepaliveExecutor;
this.sessionManager = new CallHomeMountSessionManager();
this.dataBroker = dataBroker;
this.mountService = mountService;
- this.encryptionService = encryptionService;
}
@Override
void createTopology() {
this.topology = new CallHomeTopology(topologyId, this, eventExecutor, keepaliveExecutor, processingExecutor,
- schemaRepositoryProvider, dataBroker, mountService, encryptionService);
+ schemaRepositoryProvider, dataBroker, mountService);
}
@Override
public void onNetconfSubsystemOpened(final CallHomeProtocolSessionContext session,
- final CallHomeChannelActivator activator) {
+ final CallHomeChannelActivator activator) {
final CallHomeMountSessionContext deviceContext =
getSessionManager().createSession(session, activator, onCloseHandler);
final NodeId nodeId = deviceContext.getId();
package org.opendaylight.netconf.callhome.mount;
import io.netty.util.concurrent.EventExecutor;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
public class CallHomeTopology extends BaseCallHomeTopology {
public CallHomeTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher,
- final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
- final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider,
- final DataBroker dataBroker, final DOMMountPointService mountPointService,
- final AAAEncryptionService encryptionService) {
- super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, processingExecutor,
- schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
+ final EventExecutor eventExecutor,
+ final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor,
+ final SchemaRepositoryProvider schemaRepositoryProvider,
+ final DataBroker dataBroker, final DOMMountPointService mountPointService) {
+ super(topologyId, clientDispatcher, eventExecutor,
+ keepaliveExecutor, processingExecutor, schemaRepositoryProvider,
+ dataBroker, mountPointService);
}
@Override
interface="org.opendaylight.controller.md.sal.binding.api.DataBroker"/>
<reference id="domMountPointService"
interface="org.opendaylight.controller.md.sal.dom.api.DOMMountPointService"/>
- <reference id="encryptionService"
- interface="org.opendaylight.aaa.encrypt.AAAEncryptionService" />
-
<bean id="schemaRepository" class="org.opendaylight.netconf.callhome.mount.SchemaRepositoryProviderImpl">
<argument value="shared-schema-repository-impl"/>
<argument ref="schemaRepository"/>
<argument ref="dataBroker"/>
<argument ref="domMountPointService"/>
- <argument ref="encryptionService"/>
</bean>
</blueprint>
\ No newline at end of file
import java.net.UnknownHostException;
import org.junit.Before;
import org.junit.Test;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
private CallHomeMountSessionManager mockSessMgr;
private CallHomeTopology mockTopology;
private CallHomeProtocolSessionContext mockProtoSess;
- private AAAEncryptionService mockEncryptionService;
@Before
public void setup() {
mockSessMgr = mock(CallHomeMountSessionManager.class);
mockTopology = mock(CallHomeTopology.class);
mockProtoSess = mock(CallHomeProtocolSessionContext.class);
- mockEncryptionService = mock(AAAEncryptionService.class);
instance = new CallHomeMountDispatcher(topologyId, mockExecutor, mockKeepAlive,
- mockProcessingExecutor, mockSchemaRepoProvider, mockDataBroker, mockMount, mockEncryptionService) {
+ mockProcessingExecutor, mockSchemaRepoProvider, mockDataBroker, mockMount) {
@Override
public CallHomeMountSessionManager getSessionManager() {
return mockSessMgr;
import java.io.IOException;
import org.apache.sshd.ClientSession;
import org.apache.sshd.client.future.AuthFuture;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
/**
* Class Providing username/password authentication option to
* {@link org.opendaylight.netconf.nettyutil.handler.ssh.client.AsyncSshHandler}.
*/
public class LoginPassword extends AuthenticationHandler {
-
- private final String username;
- private final String password;
- private final AAAEncryptionService encryptionService;
+ protected final String username;
+ protected final String password;
public LoginPassword(String username, String password) {
- this(username, password, null);
- }
-
- public LoginPassword(final String username, final String password, final AAAEncryptionService encryptionService) {
this.username = username;
this.password = password;
- this.encryptionService = encryptionService;
}
@Override
public String getUsername() {
- if (encryptionService != null) {
- return encryptionService.decrypt(username);
-
- }
return username;
}
@Override
public AuthFuture authenticate(final ClientSession session) throws IOException {
- if (encryptionService != null) {
- final String decryptedPassword = encryptionService.decrypt(password);
- session.addPasswordIdentity(decryptedPassword);
- } else {
- session.addPasswordIdentity(password);
- }
+ session.addPasswordIdentity(password);
return session.auth();
}
}
--- /dev/null
+/*
+ * Copyright (c) 2017 Brocade Communication Systems and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.netconf.nettyutil.handler.ssh.authentication;
+
+import com.google.common.base.Strings;
+import java.io.IOException;
+import java.security.KeyPair;
+import org.apache.sshd.ClientSession;
+import org.apache.sshd.client.future.AuthFuture;
+import org.opendaylight.aaa.encrypt.PKIUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Represents Auth information for the public key based authentication for netconf.
+ */
+public class PublicKeyAuth extends LoginPassword {
+ private KeyPair keyPair = null;
+ private static final Logger LOG = LoggerFactory.getLogger(PublicKeyAuth.class);
+
+ public PublicKeyAuth(String username, String password, String keyPath, String passPhrase) {
+ super(username, password);
+ try {
+ boolean isKeyPathAbsent = Strings.isNullOrEmpty(keyPath);
+ passPhrase = Strings.isNullOrEmpty(passPhrase) ? "" : passPhrase;
+ if (!isKeyPathAbsent) {
+ this.keyPair = new PKIUtil().decodePrivateKey(keyPath, passPhrase);
+ } else {
+ LOG.info("Private key path not specified in the config file.");
+ }
+ } catch (IOException ioEx) {
+ LOG.warn("Not able to read the private key and passphrase for netconf client", ioEx);
+ }
+ }
+
+ @Override
+ public AuthFuture authenticate(final ClientSession session) throws IOException {
+ if (keyPair != null) {
+ session.addPublicKeyIdentity(keyPair);
+ }
+ session.addPasswordIdentity(password);
+ return session.auth();
+ }
+}
</instructions>
</configuration>
</plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>attach-artifacts</id>
+ <goals>
+ <goal>attach-artifact</goal>
+ </goals>
+ <phase>package</phase>
+ <configuration>
+ <artifacts>
+ <artifact>
+ <file>${project.build.directory}/classes/initial/odl-sb-netconf-client-keypair.cfg
+ </file>
+ <type>cfg</type>
+ <classifier>config</classifier>
+ </artifact>
+ </artifacts>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
</project>
--- /dev/null
+# This configuration provides the provision to enable key based authentication for netconf southbound client.
+# The configuration file should be created by name odl-sb-netconf-client-keypair.cfg inside controller/etc directory.
+# Following configurations should be done in this file
+# private-key-path - Path for private key file. (Paths are identified relative to controller directory).
+# eg. If private key file exists in controller/etc/id_rsa, the path can be mentioned as etc/id_rsa
+# private-key-passphrase - Passphrase that was used to encrypt the private key.
+# In case of no passphrase, keep it blank or unassigned.
+
+private-key-path=etc/RSA-PK
+private-key-passphrase=abc
-->
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:odl="http://opendaylight.org/xmlns/blueprint/v1.0.0"
+ xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
odl:use-default-for-reference-types="true">
<reference id="clientDispatcherDependency"
interface="org.opendaylight.controller.md.sal.dom.api.DOMMountPointService"
odl:type="default"/>
- <reference id="encryptionService"
- interface="org.opendaylight.aaa.encrypt.AAAEncryptionService" />
-
<bean id="schemaRepository" class="org.opendaylight.netconf.topology.impl.SchemaRepositoryProviderImpl">
<argument value="shared-schema-repository-impl"/>
</bean>
+ <cm:property-placeholder persistent-id="odl-sb-netconf-client-keypair" update-strategy="none">
+ <cm:default-properties>
+ <cm:property name="private-key-path" value=""/>
+ <cm:property name="private-key-passphrase" value=""/>
+ </cm:default-properties>
+ </cm:property-placeholder>
+
<bean id="netconfTopology" class="org.opendaylight.netconf.topology.impl.NetconfTopologyImpl"
init-method="init"
destroy-method="close">
+ <cm:managed-properties persistent-id="odl-sb-netconf-client-keypair"
+ update-strategy="container-managed"/>
<argument value="topology-netconf"/>
<argument ref="clientDispatcherDependency"/>
<argument ref="eventExecutor"/>
<argument ref="schemaRepository"/>
<argument ref="dataBroker"/>
<argument ref="mountPointService"/>
- <argument ref="encryptionService" />
+ <property name="privateKeyPath" value="${private-key-path}"/>
+ <property name="privateKeyPassphrase" value="${private-key-passphrase}"/>
</bean>
<bean id="netconfConnectorFactory" class="org.opendaylight.netconf.topology.impl.NetconfConnectorFactoryImpl"/>
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.cluster.ActorSystemProvider;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
private final String topologyId;
private final Duration writeTxIdleTimeout;
private final DOMMountPointService mountPointService;
- private final AAAEncryptionService encryptionService;
+
private ListenerRegistration<NetconfTopologyManager> dataChangeListenerRegistration;
+ private String privateKeyPath;
+ private String privateKeyPassphrase;
public NetconfTopologyManager(final DataBroker dataBroker, final RpcProviderRegistry rpcProviderRegistry,
final ClusterSingletonServiceProvider clusterSingletonServiceProvider,
final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor,
- final ActorSystemProvider actorSystemProvider,
- final EventExecutor eventExecutor, final NetconfClientDispatcher clientDispatcher,
- final String topologyId, final Config config,
- final DOMMountPointService mountPointService,
- final AAAEncryptionService encryptionService) {
-
+ final ActorSystemProvider actorSystemProvider, final EventExecutor eventExecutor,
+ final NetconfClientDispatcher clientDispatcher, final String topologyId,
+ final Config config, final DOMMountPointService mountPointService) {
this.dataBroker = Preconditions.checkNotNull(dataBroker);
this.rpcProviderRegistry = Preconditions.checkNotNull(rpcProviderRegistry);
this.clusterSingletonServiceProvider = Preconditions.checkNotNull(clusterSingletonServiceProvider);
this.topologyId = Preconditions.checkNotNull(topologyId);
this.writeTxIdleTimeout = Duration.apply(config.getWriteTransactionIdleTimeout(), TimeUnit.SECONDS);
this.mountPointService = mountPointService;
- this.encryptionService = Preconditions.checkNotNull(encryptionService);
}
// Blueprint init method
clusterRegistrations.clear();
}
+ /**
+ * Sets the private key path from location specified in configuration file using blueprint.
+ */
+ public void setPrivateKeyPath(String privateKeyPath) {
+ this.privateKeyPath = privateKeyPath;
+ }
+
+ /**
+ * Sets the private key passphrase from location specified in configuration file using blueprint.
+ */
+ public void setPrivateKeyPassphrase(String privateKeyPassphrase) {
+ this.privateKeyPassphrase = privateKeyPassphrase;
+ }
+
private ListenerRegistration<NetconfTopologyManager> registerDataTreeChangeListener(final String topologyId) {
final WriteTransaction wtx = dataBroker.newWriteOnlyTransaction();
initTopology(wtx, LogicalDatastoreType.CONFIGURATION, topologyId);
.setNetconfClientDispatcher(clientDispatcher)
.setSchemaResourceDTO(NetconfTopologyUtils.setupSchemaCacheDTO(node))
.setIdleTimeout(writeTxIdleTimeout)
- .setEncryptionService(encryptionService);
+ .setPrivateKeyPath(privateKeyPath)
+ .setPrivateKeyPassphrase(privateKeyPassphrase);
return builder.build();
}
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.md.sal.dom.api.DOMMountPointService;
import org.opendaylight.netconf.api.NetconfMessage;
import org.opendaylight.netconf.client.NetconfClientSessionListener;
import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfiguration;
import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfigurationBuilder;
import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.AuthenticationHandler;
-import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.LoginPassword;
+import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.PublicKeyAuth;
import org.opendaylight.netconf.sal.connect.api.RemoteDevice;
import org.opendaylight.netconf.sal.connect.api.RemoteDeviceHandler;
import org.opendaylight.netconf.sal.connect.netconf.LibraryModulesSchemas;
import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
-import org.opendaylight.netconf.sal.connect.util.AuthEncryptor;
import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
import org.opendaylight.netconf.topology.singleton.api.RemoteDeviceConnector;
import org.opendaylight.netconf.topology.singleton.impl.utils.NetconfConnectorDTO;
private final RemoteDeviceId remoteDeviceId;
private final DOMMountPointService mountService;
private final Timeout actorResponseWaitTime;
- private final AAAEncryptionService encryptionService;
+ private final String privateKeyPath;
+ private final String privateKeyPassphrase;
private NetconfConnectorDTO deviceCommunicatorDTO;
this.remoteDeviceId = remoteDeviceId;
this.actorResponseWaitTime = actorResponseWaitTime;
this.mountService = mountService;
- this.encryptionService = netconfTopologyDeviceSetup.getEncryptionService();
-
+ this.privateKeyPath = netconfTopologyDeviceSetup.getPrivateKeyPath();
+ this.privateKeyPassphrase = netconfTopologyDeviceSetup.getPrivateKeyPassphrase();
}
@Override
final NetconfNode netconfNode = netconfTopologyDeviceSetup.getNode().getAugmentation(NetconfNode.class);
final NodeId nodeId = netconfTopologyDeviceSetup.getNode().getNodeId();
-
- AuthEncryptor.encryptIfNeeded(nodeId, netconfNode, encryptionService,
- netconfTopologyDeviceSetup.getTopologyId(),
- netconfTopologyDeviceSetup.getDataBroker());
-
Preconditions.checkNotNull(netconfNode.getHost());
Preconditions.checkNotNull(netconfNode.getPort());
Preconditions.checkNotNull(netconfNode.isTcpOnly());
final Credentials credentials = node.getCredentials();
if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf
.node.credentials.credentials.LoginPassword) {
- authHandler = new LoginPassword(
+ authHandler = new PublicKeyAuth(
((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf
.node.credentials.credentials.LoginPassword) credentials).getUsername(),
((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf
.node.credentials.credentials.LoginPassword) credentials).getPassword(),
- encryptionService);
+ this.privateKeyPath, this.privateKeyPassphrase);
} else {
throw new IllegalStateException(remoteDeviceId + ": Only login/password authentication is supported");
}
/*
- * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ * Copyright (c) 2017 Cisco Systems, Inc. and others. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
import akka.actor.ActorSystem;
import io.netty.util.concurrent.EventExecutor;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
private final String topologyId;
private final NetconfDevice.SchemaResourcesDTO schemaResourceDTO;
private final Duration idleTimeout;
- private final AAAEncryptionService encryptionService;
+ private final String privateKeyPath;
+ private final String privateKeyPassphrase;
private NetconfTopologySetup(final NetconfTopologySetupBuilder builder) {
this.clusterSingletonServiceProvider = builder.getClusterSingletonServiceProvider();
this.topologyId = builder.getTopologyId();
this.schemaResourceDTO = builder.getSchemaResourceDTO();
this.idleTimeout = builder.getIdleTimeout();
- this.encryptionService = builder.getEncryptionService();
+ this.privateKeyPath = builder.getPrivateKeyPath();
+ this.privateKeyPassphrase = builder.getPrivateKeyPassphrase();
}
public ClusterSingletonServiceProvider getClusterSingletonServiceProvider() {
}
public NetconfDevice.SchemaResourcesDTO getSchemaResourcesDTO() {
- return schemaResourceDTO;
+ return schemaResourceDTO;
}
public Duration getIdleTimeout() {
return idleTimeout;
}
- public AAAEncryptionService getEncryptionService() {
- return encryptionService;
+ public String getPrivateKeyPath() {
+ return privateKeyPath;
+ }
+
+ public String getPrivateKeyPassphrase() {
+ return privateKeyPassphrase;
}
public static class NetconfTopologySetupBuilder {
private NetconfClientDispatcher netconfClientDispatcher;
private NetconfDevice.SchemaResourcesDTO schemaResourceDTO;
private Duration idleTimeout;
- private AAAEncryptionService encryptionService;
+ private String privateKeyPath;
+ private String privateKeyPassphrase;
- public NetconfTopologySetupBuilder(){
+ public NetconfTopologySetupBuilder() {
}
private ClusterSingletonServiceProvider getClusterSingletonServiceProvider() {
return idleTimeout;
}
- private AAAEncryptionService getEncryptionService() {
- return this.encryptionService;
+ public NetconfTopologySetupBuilder setPrivateKeyPath(String privateKeyPath) {
+ this.privateKeyPath = privateKeyPath;
+ return this;
}
- public NetconfTopologySetupBuilder setEncryptionService(final AAAEncryptionService encryptionService) {
- this.encryptionService = encryptionService;
+ public String getPrivateKeyPath() {
+ return this.privateKeyPath;
+ }
+
+ public NetconfTopologySetupBuilder setPrivateKeyPassphrase(String privateKeyPassphrase) {
+ this.privateKeyPassphrase = privateKeyPassphrase;
return this;
}
+ public String getPrivateKeyPassphrase() {
+ return this.privateKeyPassphrase;
+ }
+
public static NetconfTopologySetupBuilder create() {
return new NetconfTopologySetupBuilder();
}
-->
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:odl="http://opendaylight.org/xmlns/blueprint/v1.0.0"
+ xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
odl:use-default-for-reference-types="true">
<reference id="dataBroker"
binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.topology.singleton.config.rev170419.Config"
/>
- <reference id="encryptionService"
- interface="org.opendaylight.aaa.encrypt.AAAEncryptionService" />
+ <cm:property-placeholder persistent-id="odl-sb-netconf-client-keypair" update-strategy="none">
+ <cm:default-properties>
+ <cm:property name="private-key-path" value=""/>
+ <cm:property name="private-key-passphrase" value=""/>
+ </cm:default-properties>
+ </cm:property-placeholder>
<bean id="netconfTopologyManager"
class="org.opendaylight.netconf.topology.singleton.impl.NetconfTopologyManager"
init-method="init" destroy-method="close">
+ <cm:managed-properties persistent-id="odl-sb-netconf-client-keypair"
+ update-strategy="container-managed"/>
<argument ref="dataBroker"/>
<argument ref="rpcRegistry"/>
<argument ref="clusterSingletonService"/>
<argument value="topology-netconf"/>
<argument ref="singletonConfig"/>
<argument ref="mountPointService"/>
- <argument ref="encryptionService" />
+ <property name="privateKeyPath" value="${private-key-path}"/>
+ <property name="privateKeyPassphrase" value="${private-key-passphrase}"/>
</bean>
<service ref="netconfTopologyManager"
interface="org.opendaylight.netconf.topology.singleton.api.NetconfTopologySingletonService"/>
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mock;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.cluster.ActorSystemProvider;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
final EventExecutor eventExecutor = mock(EventExecutor.class);
final NetconfClientDispatcher clientDispatcher = mock(NetconfClientDispatcher.class);
final DOMMountPointService mountPointService = mock(DOMMountPointService.class);
- final AAAEncryptionService encryptionService = mock(AAAEncryptionService.class);
final Config config = new ConfigBuilder().setWriteTransactionIdleTimeout(0).build();
netconfTopologyManager = new NetconfTopologyManager(dataBroker, rpcProviderRegistry,
clusterSingletonServiceProvider, keepaliveExecutor, processingExecutor,
- actorSystemProvider, eventExecutor, clientDispatcher, topologyId, config,
- mountPointService, encryptionService);
+ actorSystemProvider, eventExecutor, clientDispatcher, topologyId, config, mountPointService);
}
@Test
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mock;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.BindingTransactionChain;
@Mock
private WriteTransaction writeTx;
- @Mock
- private AAAEncryptionService encryptionService;
-
private NetconfTopologySetup.NetconfTopologySetupBuilder builder;
private RemoteDeviceId remoteDeviceId;
builder.setEventExecutor(eventExecutor);
builder.setNetconfClientDispatcher(clientDispatcher);
builder.setTopologyId(TOPOLOGY_ID);
- builder.setEncryptionService(encryptionService);
}
@Test
assertEquals(defaultClientConfig.getAddress(), new InetSocketAddress(InetAddresses.forString("127.0.0.1"),
9999));
assertSame(defaultClientConfig.getSessionListener(), listener);
- assertEquals(defaultClientConfig.getAuthHandler().getUsername(), encryptionService.encrypt("testuser"));
+ assertEquals(defaultClientConfig.getAuthHandler().getUsername(), "testuser");
assertEquals(defaultClientConfig.getProtocol(), NetconfClientConfiguration.NetconfClientProtocol.TCP);
}
}
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfiguration;
import org.opendaylight.netconf.client.conf.NetconfReconnectingClientConfigurationBuilder;
import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.AuthenticationHandler;
-import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.LoginPassword;
+import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.PublicKeyAuth;
import org.opendaylight.netconf.sal.connect.api.RemoteDevice;
import org.opendaylight.netconf.sal.connect.api.RemoteDeviceHandler;
import org.opendaylight.netconf.sal.connect.netconf.LibraryModulesSchemas;
import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
-import org.opendaylight.netconf.sal.connect.util.AuthEncryptor;
import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
import org.opendaylight.netconf.topology.api.NetconfTopology;
import org.opendaylight.netconf.topology.api.SchemaRepositoryProvider;
protected SchemaSourceRegistry schemaRegistry = DEFAULT_SCHEMA_REPOSITORY;
protected SchemaRepository schemaRepository = DEFAULT_SCHEMA_REPOSITORY;
protected SchemaContextFactory schemaContextFactory = DEFAULT_SCHEMA_CONTEXT_FACTORY;
+ protected String privateKeyPath;
+ protected String privateKeyPassphrase;
protected final HashMap<NodeId, NetconfConnectorDTO> activeConnectors = new HashMap<>();
- protected final AAAEncryptionService encryptionService;
-
protected AbstractNetconfTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher,
final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
final ThreadPool processingExecutor,
final SchemaRepositoryProvider schemaRepositoryProvider,
- final DataBroker dataBroker, final DOMMountPointService mountPointService,
- final AAAEncryptionService encryptionService) {
+ final DataBroker dataBroker, final DOMMountPointService mountPointService) {
this.topologyId = topologyId;
this.clientDispatcher = clientDispatcher;
this.eventExecutor = eventExecutor;
this.sharedSchemaRepository = schemaRepositoryProvider.getSharedSchemaRepository();
this.dataBroker = dataBroker;
this.mountPointService = mountPointService;
- this.encryptionService = encryptionService;
}
public void setSchemaRegistry(final SchemaSourceRegistry schemaRegistry) {
final Node configNode) {
final NetconfNode netconfNode = configNode.getAugmentation(NetconfNode.class);
- AuthEncryptor.encryptIfNeeded(nodeId, netconfNode, encryptionService, topologyId, dataBroker);
-
Preconditions.checkNotNull(netconfNode.getHost());
Preconditions.checkNotNull(netconfNode.getPort());
Preconditions.checkNotNull(netconfNode.isTcpOnly());
new File(relativeSchemaCacheDirectory));
}
+ /**
+ * Sets the private key path from location specified in configuration file using blueprint.
+ */
+ public void setPrivateKeyPath(String privateKeyPath) {
+ this.privateKeyPath = privateKeyPath;
+ }
+
+ /**
+ * Sets the private key passphrase from location specified in configuration file using blueprint.
+ */
+ public void setPrivateKeyPassphrase(String privateKeyPassphrase) {
+ this.privateKeyPassphrase = privateKeyPassphrase;
+ }
+
public NetconfReconnectingClientConfiguration getClientConfig(final NetconfClientSessionListener listener,
final NetconfNode node) {
final Credentials credentials = node.getCredentials();
if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
.netconf.node.credentials.credentials.LoginPassword) {
- authHandler = new LoginPassword(
+ authHandler = new PublicKeyAuth(
((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
.netconf.node.credentials.credentials.LoginPassword) credentials).getUsername(),
((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
.netconf.node.credentials.credentials.LoginPassword) credentials).getPassword(),
- encryptionService);
+ privateKeyPath, privateKeyPassphrase);
} else {
throw new IllegalStateException("Only login/password authentification is supported");
}
import io.netty.util.concurrent.EventExecutor;
import java.util.Collection;
import javax.annotation.Nonnull;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
public NetconfTopologyImpl(final String topologyId, final NetconfClientDispatcher clientDispatcher,
final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
final ThreadPool processingExecutor,
- final SchemaRepositoryProvider schemaRepositoryProvider,
- final DataBroker dataBroker, final DOMMountPointService mountPointService,
- final AAAEncryptionService encryptionService) {
+ final SchemaRepositoryProvider schemaRepositoryProvider, final DataBroker dataBroker,
+ final DOMMountPointService mountPointService) {
super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, processingExecutor,
- schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
+ schemaRepositoryProvider, dataBroker, mountPointService);
}
@Override
import org.junit.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@Mock
private DOMMountPointService mountPointService;
- @Mock
- private AAAEncryptionService encryptionService;
-
private TestingNetconfTopologyImpl topology;
private TestingNetconfTopologyImpl spyTopology;
topology = new TestingNetconfTopologyImpl(TOPOLOGY_ID, mockedClientDispatcher,
mockedEventExecutor, mockedKeepaliveExecutor, mockedProcessingExecutor, mockedSchemaRepositoryProvider,
- dataBroker, mountPointService, encryptionService);
+ dataBroker, mountPointService);
spyTopology = spy(topology);
}
public static class TestingNetconfTopologyImpl extends NetconfTopologyImpl {
- public TestingNetconfTopologyImpl(
- final String topologyId, final NetconfClientDispatcher clientDispatcher,
- final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
- final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider,
- final DataBroker dataBroker, final DOMMountPointService mountPointService,
- final AAAEncryptionService encryptionService) {
+ public TestingNetconfTopologyImpl(final String topologyId, final NetconfClientDispatcher clientDispatcher,
+ final EventExecutor eventExecutor,
+ final ScheduledThreadPool keepaliveExecutor,
+ final ThreadPool processingExecutor,
+ final SchemaRepositoryProvider schemaRepositoryProvider,
+ final DataBroker dataBroker, final DOMMountPointService mountPointService) {
super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor,
- processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
+ processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService);
}
@Override
+++ /dev/null
-/*
- * Copyright (c) 2016 Brocade Communication Systems and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-package org.opendaylight.netconf.sal.connect.util;
-
-import com.google.common.util.concurrent.CheckedFuture;
-import com.google.common.util.concurrent.FutureCallback;
-import com.google.common.util.concurrent.Futures;
-import org.opendaylight.aaa.encrypt.AAAEncryptionService;
-import org.opendaylight.controller.md.sal.binding.api.DataBroker;
-import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
-import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
-import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNodeBuilder;
-import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NetworkTopology;
-import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
-import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.TopologyId;
-import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.Topology;
-import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.TopologyKey;
-import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
-import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.NodeKey;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Utility to encrypt netconf username and password.
- */
-public class AuthEncryptor {
- private static final Logger LOG = LoggerFactory.getLogger(AuthEncryptor.class);
-
- public static void encryptIfNeeded(final NodeId nodeId, final NetconfNode netconfNode,
- AAAEncryptionService encryptionService,
- final String topologyId, final DataBroker dataBroker) {
- final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
- .credentials.credentials.LoginPassword creds =
- (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
- .credentials.credentials.LoginPassword) netconfNode.getCredentials();
- final String decryptedPassword = encryptionService.decrypt(creds.getPassword());
- if (decryptedPassword != null && decryptedPassword.equals(creds.getPassword())) {
- LOG.info("Encrypting the provided credentials");
- final String username = encryptionService.encrypt(creds.getUsername());
- final String password = encryptionService.encrypt(creds.getPassword());
- final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
- .credentials.credentials.LoginPasswordBuilder passwordBuilder =
- new org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
- .netconf.node.credentials.credentials.LoginPasswordBuilder();
- passwordBuilder.setUsername(username);
- passwordBuilder.setPassword(password);
- final NetconfNodeBuilder nnb = new NetconfNodeBuilder();
- nnb.setCredentials(passwordBuilder.build());
-
- final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
- final InstanceIdentifier<NetworkTopology> networkTopologyId =
- InstanceIdentifier.builder(NetworkTopology.class).build();
- final InstanceIdentifier<NetconfNode> niid = networkTopologyId.child(Topology.class,
- new TopologyKey(new TopologyId(topologyId))).child(Node.class,
- new NodeKey(nodeId)).augmentation(NetconfNode.class);
- writeTransaction.merge(LogicalDatastoreType.CONFIGURATION, niid, nnb.build());
- final CheckedFuture<Void, TransactionCommitFailedException> future = writeTransaction.submit();
- Futures.addCallback(future, new FutureCallback<Void>() {
-
- @Override
- public void onSuccess(Void result) {
- LOG.info("Encrypted netconf username/password successfully");
- }
-
- @Override
- public void onFailure(Throwable exception) {
- LOG.error("Unable to encrypt netconf username/password." + exception.getMessage());
- }
- });
- }
- }
-}