From: Tomas Cere Date: Tue, 11 Jul 2017 14:57:59 +0000 (+0000) Subject: BUG 8839: Revert "Make netconf utilize encrypted passwords only" X-Git-Tag: release/carbon-sr1~1 X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=commitdiff_plain;h=30de8f44b1ff84f562392392e87662c16edca586;p=netconf.git BUG 8839: Revert "Make netconf utilize encrypted passwords only" This reverts commit 1867bf17d781f21473dabcde2ad3f85b9b1defc6. Change-Id: Ia5d97c118d805bdeff9e47f466a9ec64b58c03ca Signed-off-by: Tomas Cere --- diff --git a/features/netconf-connector/odl-netconf-connector/pom.xml b/features/netconf-connector/odl-netconf-connector/pom.xml index ec8e0c8bab..09ac36461c 100644 --- a/features/netconf-connector/odl-netconf-connector/pom.xml +++ b/features/netconf-connector/odl-netconf-connector/pom.xml @@ -87,13 +87,5 @@ org.opendaylight.netconf netconf-config - - org.opendaylight.aaa - odl-aaa-encryption-service - 0.5.1-SNAPSHOT - xml - features - - - + \ No newline at end of file diff --git a/features/netconf/features-netconf/pom.xml b/features/netconf/features-netconf/pom.xml index a55a22efaa..14f5bf7e62 100644 --- a/features/netconf/features-netconf/pom.xml +++ b/features/netconf/features-netconf/pom.xml @@ -260,18 +260,6 @@ ${project.groupId} callhome-provider - - org.opendaylight.aaa - aaa-encrypt-service - ${aaa.version} - - - org.opendaylight.aaa - aaa-encrypt-service - ${aaa.version} - config - xml - diff --git a/features/netconf/features-netconf/src/main/features/features.xml b/features/netconf/features-netconf/src/main/features/features.xml index 60847c6c18..29e9400108 100644 --- a/features/netconf/features-netconf/src/main/features/features.xml +++ b/features/netconf/features-netconf/src/main/features/features.xml @@ -80,7 +80,6 @@ odl-netconf-mapping-api odl-netconf-util odl-netty - odl-aaa-encryption-service mvn:org.opendaylight.netconf/netconf-netty-util/{{VERSION}} mvn:org.bouncycastle/bcpkix-jdk15on/{{VERSION}} mvn:org.bouncycastle/bcprov-jdk15on/{{VERSION}} diff --git a/features/netconf/odl-netconf-netty-util/pom.xml b/features/netconf/odl-netconf-netty-util/pom.xml index ffee2eaedb..693b27084f 100644 --- a/features/netconf/odl-netconf-netty-util/pom.xml +++ b/features/netconf/odl-netconf-netty-util/pom.xml @@ -75,12 +75,5 @@ org.bouncycastle bcprov-jdk15on - - org.opendaylight.aaa - aaa-encrypt-service - 0.5.1-SNAPSHOT - config - xml - - + \ No newline at end of file diff --git a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/BaseCallHomeTopology.java b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/BaseCallHomeTopology.java index f663445cc8..f2d01b753e 100644 --- a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/BaseCallHomeTopology.java +++ b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/BaseCallHomeTopology.java @@ -9,7 +9,6 @@ package org.opendaylight.netconf.callhome.mount; import io.netty.util.concurrent.EventExecutor; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; import org.opendaylight.controller.md.sal.binding.api.DataBroker; @@ -28,10 +27,9 @@ abstract class BaseCallHomeTopology extends AbstractNetconfTopology { final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider, final DataBroker dataBroker, - final DOMMountPointService mountPointService, - final AAAEncryptionService encryptionService) { + final DOMMountPointService mountPointService) { super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, - processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService, encryptionService); + processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService); this.mountPointService = mountPointService; } } diff --git a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcher.java b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcher.java index 976466c385..2241d6995a 100644 --- a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcher.java +++ b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcher.java @@ -12,7 +12,6 @@ import io.netty.util.concurrent.EventExecutor; import io.netty.util.concurrent.FailedFuture; import io.netty.util.concurrent.Future; import java.net.InetSocketAddress; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; import org.opendaylight.controller.md.sal.binding.api.DataBroker; @@ -44,7 +43,6 @@ public class CallHomeMountDispatcher implements NetconfClientDispatcher, CallHom private final CallHomeMountSessionManager sessionManager; private final DataBroker dataBroker; private final DOMMountPointService mountService; - private final AAAEncryptionService encryptionService; protected CallHomeTopology topology; @@ -56,10 +54,13 @@ public class CallHomeMountDispatcher implements NetconfClientDispatcher, CallHom } }; - public CallHomeMountDispatcher(final String topologyId, final EventExecutor eventExecutor, - final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor, - final SchemaRepositoryProvider schemaRepositoryProvider, final DataBroker dataBroker, - final DOMMountPointService mountService, final AAAEncryptionService encryptionService) { + public CallHomeMountDispatcher(final String topologyId, + final EventExecutor eventExecutor, + final ScheduledThreadPool keepaliveExecutor, + final ThreadPool processingExecutor, + final SchemaRepositoryProvider schemaRepositoryProvider, + final DataBroker dataBroker, + final DOMMountPointService mountService) { this.topologyId = topologyId; this.eventExecutor = eventExecutor; this.keepaliveExecutor = keepaliveExecutor; @@ -68,7 +69,6 @@ public class CallHomeMountDispatcher implements NetconfClientDispatcher, CallHom this.sessionManager = new CallHomeMountSessionManager(); this.dataBroker = dataBroker; this.mountService = mountService; - this.encryptionService = encryptionService; } @Override @@ -92,15 +92,14 @@ public class CallHomeMountDispatcher implements NetconfClientDispatcher, CallHom } void createTopology() { - this.topology = new CallHomeTopology(topologyId, this, eventExecutor, keepaliveExecutor, processingExecutor, - schemaRepositoryProvider, dataBroker, mountService, encryptionService); + this.topology = new CallHomeTopology(topologyId, this, eventExecutor, + keepaliveExecutor, processingExecutor, schemaRepositoryProvider, dataBroker, mountService); } @Override public void onNetconfSubsystemOpened(final CallHomeProtocolSessionContext session, - final CallHomeChannelActivator activator) { - final CallHomeMountSessionContext deviceContext = - getSessionManager().createSession(session, activator, onCloseHandler); + final CallHomeChannelActivator activator) { + final CallHomeMountSessionContext deviceContext = getSessionManager().createSession(session, activator, onCloseHandler); final NodeId nodeId = deviceContext.getId(); final Node configNode = deviceContext.getConfigNode(); LOG.info("Provisioning fake config {}", configNode); diff --git a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeTopology.java b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeTopology.java index 9753a82d84..71a7af1340 100644 --- a/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeTopology.java +++ b/netconf/callhome-provider/src/main/java/org/opendaylight/netconf/callhome/mount/CallHomeTopology.java @@ -9,7 +9,6 @@ package org.opendaylight.netconf.callhome.mount; import io.netty.util.concurrent.EventExecutor; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; import org.opendaylight.controller.md.sal.binding.api.DataBroker; @@ -25,12 +24,13 @@ import org.opendaylight.netconf.topology.api.SchemaRepositoryProvider; public class CallHomeTopology extends BaseCallHomeTopology { public CallHomeTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher, - final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor, - final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider, - final DataBroker dataBroker, final DOMMountPointService mountPointService, - final AAAEncryptionService encryptionService) { - super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, processingExecutor, - schemaRepositoryProvider, dataBroker, mountPointService, encryptionService); + final EventExecutor eventExecutor, + final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor, + final SchemaRepositoryProvider schemaRepositoryProvider, + final DataBroker dataBroker, final DOMMountPointService mountPointService) { + super(topologyId, clientDispatcher, eventExecutor, + keepaliveExecutor, processingExecutor, schemaRepositoryProvider, + dataBroker, mountPointService); } @Override diff --git a/netconf/callhome-provider/src/main/resources/org/opendaylight/blueprint/callhome-topology.xml b/netconf/callhome-provider/src/main/resources/org/opendaylight/blueprint/callhome-topology.xml index cc1bce3296..d97360476e 100755 --- a/netconf/callhome-provider/src/main/resources/org/opendaylight/blueprint/callhome-topology.xml +++ b/netconf/callhome-provider/src/main/resources/org/opendaylight/blueprint/callhome-topology.xml @@ -23,9 +23,6 @@ interface="org.opendaylight.controller.md.sal.binding.api.DataBroker"/> - - @@ -47,7 +44,6 @@ - diff --git a/netconf/callhome-provider/src/test/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcherTest.java b/netconf/callhome-provider/src/test/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcherTest.java index e7523d9c4f..cca8f5de3d 100644 --- a/netconf/callhome-provider/src/test/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcherTest.java +++ b/netconf/callhome-provider/src/test/java/org/opendaylight/netconf/callhome/mount/CallHomeMountDispatcherTest.java @@ -22,7 +22,6 @@ import java.net.InetSocketAddress; import java.net.UnknownHostException; import org.junit.Before; import org.junit.Test; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; import org.opendaylight.controller.md.sal.binding.api.DataBroker; @@ -54,7 +53,6 @@ public class CallHomeMountDispatcherTest { private CallHomeMountSessionManager mockSessMgr; private CallHomeTopology mockTopology; private CallHomeProtocolSessionContext mockProtoSess; - private AAAEncryptionService mockEncryptionService; @Before public void setup() { @@ -68,10 +66,9 @@ public class CallHomeMountDispatcherTest { mockSessMgr = mock(CallHomeMountSessionManager.class); mockTopology = mock(CallHomeTopology.class); mockProtoSess = mock(CallHomeProtocolSessionContext.class); - mockEncryptionService = mock(AAAEncryptionService.class); instance = new CallHomeMountDispatcher(topologyId, mockExecutor, mockKeepAlive, - mockProcessingExecutor, mockSchemaRepoProvider, mockDataBroker, mockMount, mockEncryptionService) { + mockProcessingExecutor, mockSchemaRepoProvider, mockDataBroker, mockMount) { @Override public CallHomeMountSessionManager getSessionManager() { return mockSessMgr; diff --git a/netconf/netconf-netty-util/pom.xml b/netconf/netconf-netty-util/pom.xml index 9905d8a72a..2207726ba8 100644 --- a/netconf/netconf-netty-util/pom.xml +++ b/netconf/netconf-netty-util/pom.xml @@ -108,11 +108,6 @@ org.opendaylight.yangtools mockito-configuration - - org.opendaylight.aaa - aaa-encrypt-service - 0.5.1-SNAPSHOT - diff --git a/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/authentication/LoginPassword.java b/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/authentication/LoginPassword.java index 5894004464..6219f91b2d 100644 --- a/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/authentication/LoginPassword.java +++ b/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/authentication/LoginPassword.java @@ -11,45 +11,28 @@ package org.opendaylight.netconf.nettyutil.handler.ssh.authentication; import java.io.IOException; import org.apache.sshd.ClientSession; import org.apache.sshd.client.future.AuthFuture; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; /** * Class Providing username/password authentication option to * {@link org.opendaylight.netconf.nettyutil.handler.ssh.client.AsyncSshHandler} */ public class LoginPassword extends AuthenticationHandler { - private final String username; private final String password; - private final AAAEncryptionService encryptionService; public LoginPassword(String username, String password) { - this(username, password, null); - } - - public LoginPassword(final String username, final String password, final AAAEncryptionService encryptionService) { this.username = username; this.password = password; - this.encryptionService = encryptionService; } @Override public String getUsername() { - if (encryptionService != null) { - return encryptionService.decrypt(username); - - } return username; } @Override public AuthFuture authenticate(final ClientSession session) throws IOException { - if (encryptionService != null) { - final String decryptedPassword = encryptionService.decrypt(password); - session.addPasswordIdentity(decryptedPassword); - } else { - session.addPasswordIdentity(password); - } + session.addPasswordIdentity(password); return session.auth(); } } diff --git a/netconf/netconf-topology-config/src/main/resources/org/opendaylight/blueprint/netconf-topology.xml b/netconf/netconf-topology-config/src/main/resources/org/opendaylight/blueprint/netconf-topology.xml index 94dd257e45..11e922f34d 100755 --- a/netconf/netconf-topology-config/src/main/resources/org/opendaylight/blueprint/netconf-topology.xml +++ b/netconf/netconf-topology-config/src/main/resources/org/opendaylight/blueprint/netconf-topology.xml @@ -28,9 +28,6 @@ interface="org.opendaylight.controller.md.sal.dom.api.DOMMountPointService" odl:type="default"/> - - @@ -46,11 +43,10 @@ - - + \ No newline at end of file diff --git a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManager.java b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManager.java index 96c00b17ed..ebaafcf886 100644 --- a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManager.java +++ b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManager.java @@ -19,7 +19,6 @@ import java.util.HashMap; import java.util.Map; import java.util.concurrent.TimeUnit; import javax.annotation.Nonnull; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.cluster.ActorSystemProvider; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; @@ -76,18 +75,15 @@ public class NetconfTopologyManager private final String topologyId; private final Duration writeTxIdleTimeout; private final DOMMountPointService mountPointService; - private final AAAEncryptionService encryptionService; + private ListenerRegistration dataChangeListenerRegistration; public NetconfTopologyManager(final DataBroker dataBroker, final RpcProviderRegistry rpcProviderRegistry, final ClusterSingletonServiceProvider clusterSingletonServiceProvider, final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor, - final ActorSystemProvider actorSystemProvider, - final EventExecutor eventExecutor, final NetconfClientDispatcher clientDispatcher, - final String topologyId, final Config config, - final DOMMountPointService mountPointService, - final AAAEncryptionService encryptionService) { - + final ActorSystemProvider actorSystemProvider, final EventExecutor eventExecutor, + final NetconfClientDispatcher clientDispatcher, final String topologyId, + final Config config, final DOMMountPointService mountPointService) { this.dataBroker = Preconditions.checkNotNull(dataBroker); this.rpcProviderRegistry = Preconditions.checkNotNull(rpcProviderRegistry); this.clusterSingletonServiceProvider = Preconditions.checkNotNull(clusterSingletonServiceProvider); @@ -99,7 +95,6 @@ public class NetconfTopologyManager this.topologyId = Preconditions.checkNotNull(topologyId); this.writeTxIdleTimeout = Duration.apply(config.getWriteTransactionIdleTimeout(), TimeUnit.SECONDS); this.mountPointService = mountPointService; - this.encryptionService = Preconditions.checkNotNull(encryptionService); } // Blueprint init method @@ -248,8 +243,7 @@ public class NetconfTopologyManager .setTopologyId(topologyId) .setNetconfClientDispatcher(clientDispatcher) .setSchemaResourceDTO(NetconfTopologyUtils.setupSchemaCacheDTO(node)) - .setIdleTimeout(writeTxIdleTimeout) - .setEncryptionService(encryptionService); + .setIdleTimeout(writeTxIdleTimeout); return builder.build(); } diff --git a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImpl.java b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImpl.java index dcca5895ea..39e86a9452 100644 --- a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImpl.java +++ b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImpl.java @@ -26,7 +26,6 @@ import java.util.Map; import java.util.Objects; import java.util.Optional; import javax.annotation.Nullable; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.md.sal.dom.api.DOMMountPointService; import org.opendaylight.netconf.api.NetconfMessage; import org.opendaylight.netconf.client.NetconfClientSessionListener; @@ -47,7 +46,6 @@ import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfSessionPrefe import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences; import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade; import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider; -import org.opendaylight.netconf.sal.connect.util.AuthEncryptor; import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId; import org.opendaylight.netconf.topology.singleton.api.RemoteDeviceConnector; import org.opendaylight.netconf.topology.singleton.impl.utils.NetconfConnectorDTO; @@ -80,7 +78,6 @@ public class RemoteDeviceConnectorImpl implements RemoteDeviceConnector { private final RemoteDeviceId remoteDeviceId; private final DOMMountPointService mountService; private final Timeout actorResponseWaitTime; - private final AAAEncryptionService encryptionService; private NetconfConnectorDTO deviceCommunicatorDTO; @@ -92,8 +89,6 @@ public class RemoteDeviceConnectorImpl implements RemoteDeviceConnector { this.remoteDeviceId = remoteDeviceId; this.actorResponseWaitTime = actorResponseWaitTime; this.mountService = mountService; - this.encryptionService = netconfTopologyDeviceSetup.getEncryptionService(); - } @Override @@ -101,11 +96,6 @@ public class RemoteDeviceConnectorImpl implements RemoteDeviceConnector { final NetconfNode netconfNode = netconfTopologyDeviceSetup.getNode().getAugmentation(NetconfNode.class); final NodeId nodeId = netconfTopologyDeviceSetup.getNode().getNodeId(); - - AuthEncryptor.encryptIfNeeded(nodeId, netconfNode, encryptionService, - netconfTopologyDeviceSetup.getTopologyId(), - netconfTopologyDeviceSetup.getDataBroker()); - Preconditions.checkNotNull(netconfNode.getHost()); Preconditions.checkNotNull(netconfNode.getPort()); Preconditions.checkNotNull(netconfNode.isTcpOnly()); @@ -285,11 +275,8 @@ public class RemoteDeviceConnectorImpl implements RemoteDeviceConnector { final Credentials credentials = node.getCredentials(); if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) { authHandler = new LoginPassword( - ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf - .node.credentials.credentials.LoginPassword) credentials).getUsername(), - ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf - .node.credentials.credentials.LoginPassword) credentials).getPassword(), - encryptionService); + ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getUsername(), + ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getPassword()); } else { throw new IllegalStateException(remoteDeviceId + ": Only login/password authentication is supported"); } diff --git a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/utils/NetconfTopologySetup.java b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/utils/NetconfTopologySetup.java index 23376b6450..cee8c0d807 100644 --- a/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/utils/NetconfTopologySetup.java +++ b/netconf/netconf-topology-singleton/src/main/java/org/opendaylight/netconf/topology/singleton/impl/utils/NetconfTopologySetup.java @@ -10,7 +10,6 @@ package org.opendaylight.netconf.topology.singleton.impl.utils; import akka.actor.ActorSystem; import io.netty.util.concurrent.EventExecutor; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; import org.opendaylight.controller.md.sal.binding.api.DataBroker; @@ -37,7 +36,6 @@ public class NetconfTopologySetup { private final String topologyId; private final NetconfDevice.SchemaResourcesDTO schemaResourceDTO; private final Duration idleTimeout; - private final AAAEncryptionService encryptionService; private NetconfTopologySetup(final NetconfTopologySetupBuilder builder) { this.clusterSingletonServiceProvider = builder.getClusterSingletonServiceProvider(); @@ -53,7 +51,6 @@ public class NetconfTopologySetup { this.topologyId = builder.getTopologyId(); this.schemaResourceDTO = builder.getSchemaResourceDTO(); this.idleTimeout = builder.getIdleTimeout(); - this.encryptionService = builder.getEncryptionService(); } public ClusterSingletonServiceProvider getClusterSingletonServiceProvider() { @@ -108,10 +105,6 @@ public class NetconfTopologySetup { return idleTimeout; } - public AAAEncryptionService getEncryptionService() { - return encryptionService; - } - public static class NetconfTopologySetupBuilder { private ClusterSingletonServiceProvider clusterSingletonServiceProvider; @@ -127,7 +120,6 @@ public class NetconfTopologySetup { private NetconfClientDispatcher netconfClientDispatcher; private NetconfDevice.SchemaResourcesDTO schemaResourceDTO; private Duration idleTimeout; - private AAAEncryptionService encryptionService; public NetconfTopologySetupBuilder(){ } @@ -255,15 +247,6 @@ public class NetconfTopologySetup { return idleTimeout; } - private AAAEncryptionService getEncryptionService() { - return this.encryptionService; - } - - public NetconfTopologySetupBuilder setEncryptionService(final AAAEncryptionService encryptionService) { - this.encryptionService = encryptionService; - return this; - } - public static NetconfTopologySetupBuilder create() { return new NetconfTopologySetupBuilder(); } diff --git a/netconf/netconf-topology-singleton/src/main/resources/org/opendaylight/blueprint/netconf-topology-singleton.xml b/netconf/netconf-topology-singleton/src/main/resources/org/opendaylight/blueprint/netconf-topology-singleton.xml index f173a95a2a..8c60682605 100644 --- a/netconf/netconf-topology-singleton/src/main/resources/org/opendaylight/blueprint/netconf-topology-singleton.xml +++ b/netconf/netconf-topology-singleton/src/main/resources/org/opendaylight/blueprint/netconf-topology-singleton.xml @@ -39,9 +39,6 @@ and is available at http://www.eclipse.org/legal/epl-v10.html binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.topology.singleton.config.rev170419.Config" /> - - @@ -56,7 +53,6 @@ and is available at http://www.eclipse.org/legal/epl-v10.html - diff --git a/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManagerTest.java b/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManagerTest.java index d91c24a698..ffc52a5f46 100644 --- a/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManagerTest.java +++ b/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/NetconfTopologyManagerTest.java @@ -31,7 +31,6 @@ import javax.annotation.Nonnull; import org.junit.Before; import org.junit.Test; import org.mockito.Mock; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.cluster.ActorSystemProvider; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; @@ -84,13 +83,11 @@ public class NetconfTopologyManagerTest { final EventExecutor eventExecutor = mock(EventExecutor.class); final NetconfClientDispatcher clientDispatcher = mock(NetconfClientDispatcher.class); final DOMMountPointService mountPointService = mock(DOMMountPointService.class); - final AAAEncryptionService encryptionService = mock(AAAEncryptionService.class); final Config config = new ConfigBuilder().setWriteTransactionIdleTimeout(0).build(); netconfTopologyManager = new NetconfTopologyManager(dataBroker, rpcProviderRegistry, clusterSingletonServiceProvider, keepaliveExecutor, processingExecutor, - actorSystemProvider, eventExecutor, clientDispatcher, topologyId, config, - mountPointService, encryptionService); + actorSystemProvider, eventExecutor, clientDispatcher, topologyId, config, mountPointService); } @Test diff --git a/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImplTest.java b/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImplTest.java index c35954c8c9..74559a0af2 100644 --- a/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImplTest.java +++ b/netconf/netconf-topology-singleton/src/test/java/org/opendaylight/netconf/topology/singleton/impl/RemoteDeviceConnectorImplTest.java @@ -32,7 +32,6 @@ import java.util.concurrent.ExecutorService; import org.junit.Before; import org.junit.Test; import org.mockito.Mock; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; import org.opendaylight.controller.md.sal.binding.api.BindingTransactionChain; @@ -106,9 +105,6 @@ public class RemoteDeviceConnectorImplTest { @Mock private WriteTransaction writeTx; - @Mock - private AAAEncryptionService encryptionService; - private NetconfTopologySetup.NetconfTopologySetupBuilder builder; private RemoteDeviceId remoteDeviceId; @@ -134,7 +130,6 @@ public class RemoteDeviceConnectorImplTest { builder.setEventExecutor(eventExecutor); builder.setNetconfClientDispatcher(clientDispatcher); builder.setTopologyId(TOPOLOGY_ID); - builder.setEncryptionService(encryptionService); } @Test @@ -262,7 +257,7 @@ public class RemoteDeviceConnectorImplTest { assertEquals(defaultClientConfig.getConnectionTimeoutMillis().longValue(), 1000L); assertEquals(defaultClientConfig.getAddress(), new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 9999)); assertSame(defaultClientConfig.getSessionListener(), listener); - assertEquals(defaultClientConfig.getAuthHandler().getUsername(), encryptionService.encrypt("testuser")); + assertEquals(defaultClientConfig.getAuthHandler().getUsername(), "testuser"); assertEquals(defaultClientConfig.getProtocol(), NetconfClientConfiguration.NetconfClientProtocol.TCP); } } diff --git a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java index 337b42a5f1..68a6f11f9f 100644 --- a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java +++ b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/AbstractNetconfTopology.java @@ -24,7 +24,6 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; import org.opendaylight.controller.md.sal.binding.api.DataBroker; @@ -50,7 +49,6 @@ import org.opendaylight.netconf.sal.connect.netconf.listener.NetconfSessionPrefe import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences; import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade; import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider; -import org.opendaylight.netconf.sal.connect.util.AuthEncryptor; import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId; import org.opendaylight.netconf.topology.api.NetconfTopology; import org.opendaylight.netconf.topology.api.SchemaRepositoryProvider; @@ -168,14 +166,10 @@ public abstract class AbstractNetconfTopology implements NetconfTopology { protected final HashMap activeConnectors = new HashMap<>(); - protected final AAAEncryptionService encryptionService; - protected AbstractNetconfTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher, final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor, - final ThreadPool processingExecutor, - final SchemaRepositoryProvider schemaRepositoryProvider, - final DataBroker dataBroker, final DOMMountPointService mountPointService, - final AAAEncryptionService encryptionService) { + final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider, + final DataBroker dataBroker, final DOMMountPointService mountPointService) { this.topologyId = topologyId; this.clientDispatcher = clientDispatcher; this.eventExecutor = eventExecutor; @@ -184,7 +178,6 @@ public abstract class AbstractNetconfTopology implements NetconfTopology { this.sharedSchemaRepository = schemaRepositoryProvider.getSharedSchemaRepository(); this.dataBroker = dataBroker; this.mountPointService = mountPointService; - this.encryptionService = encryptionService; } public void setSchemaRegistry(final SchemaSourceRegistry schemaRegistry) { @@ -219,8 +212,6 @@ public abstract class AbstractNetconfTopology implements NetconfTopology { final Node configNode) { final NetconfNode netconfNode = configNode.getAugmentation(NetconfNode.class); - AuthEncryptor.encryptIfNeeded(nodeId, netconfNode, encryptionService, topologyId, dataBroker); - Preconditions.checkNotNull(netconfNode.getHost()); Preconditions.checkNotNull(netconfNode.getPort()); Preconditions.checkNotNull(netconfNode.isTcpOnly()); @@ -409,11 +400,8 @@ public abstract class AbstractNetconfTopology implements NetconfTopology { final Credentials credentials = node.getCredentials(); if (credentials instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) { authHandler = new LoginPassword( - ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114 - .netconf.node.credentials.credentials.LoginPassword) credentials).getUsername(), - ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114 - .netconf.node.credentials.credentials.LoginPassword) credentials).getPassword(), - encryptionService); + ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getUsername(), + ((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.credentials.credentials.LoginPassword) credentials).getPassword()); } else { throw new IllegalStateException("Only login/password authentification is supported"); } diff --git a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImpl.java b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImpl.java index 30bb2f7867..243f09a77f 100644 --- a/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImpl.java +++ b/netconf/netconf-topology/src/main/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImpl.java @@ -13,7 +13,6 @@ import com.google.common.util.concurrent.Futures; import io.netty.util.concurrent.EventExecutor; import java.util.Collection; import javax.annotation.Nonnull; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; import org.opendaylight.controller.md.sal.binding.api.DataBroker; @@ -51,12 +50,10 @@ public class NetconfTopologyImpl extends AbstractNetconfTopology implements Data public NetconfTopologyImpl(final String topologyId, final NetconfClientDispatcher clientDispatcher, final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor, - final ThreadPool processingExecutor, - final SchemaRepositoryProvider schemaRepositoryProvider, - final DataBroker dataBroker, final DOMMountPointService mountPointService, - final AAAEncryptionService encryptionService) { + final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider, + final DataBroker dataBroker, final DOMMountPointService mountPointService) { super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, processingExecutor, - schemaRepositoryProvider, dataBroker, mountPointService, encryptionService); + schemaRepositoryProvider, dataBroker, mountPointService); } @Override diff --git a/netconf/netconf-topology/src/test/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImplTest.java b/netconf/netconf-topology/src/test/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImplTest.java index 12eca67a37..235086f4cf 100644 --- a/netconf/netconf-topology/src/test/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImplTest.java +++ b/netconf/netconf-topology/src/test/java/org/opendaylight/netconf/topology/impl/NetconfTopologyImplTest.java @@ -29,7 +29,6 @@ import org.junit.Before; import org.junit.Test; import org.mockito.Mock; import org.mockito.MockitoAnnotations; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; import org.opendaylight.controller.config.threadpool.ScheduledThreadPool; import org.opendaylight.controller.config.threadpool.ThreadPool; import org.opendaylight.controller.md.sal.binding.api.DataBroker; @@ -90,9 +89,6 @@ public class NetconfTopologyImplTest { @Mock private DOMMountPointService mountPointService; - @Mock - private AAAEncryptionService encryptionService; - private TestingNetconfTopologyImpl topology; private TestingNetconfTopologyImpl spyTopology; @@ -107,7 +103,7 @@ public class NetconfTopologyImplTest { topology = new TestingNetconfTopologyImpl(TOPOLOGY_ID, mockedClientDispatcher, mockedEventExecutor, mockedKeepaliveExecutor, mockedProcessingExecutor, mockedSchemaRepositoryProvider, - dataBroker, mountPointService, encryptionService); + dataBroker, mountPointService); spyTopology = spy(topology); } @@ -184,14 +180,12 @@ public class NetconfTopologyImplTest { public static class TestingNetconfTopologyImpl extends NetconfTopologyImpl { - public TestingNetconfTopologyImpl( - final String topologyId, final NetconfClientDispatcher clientDispatcher, - final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor, - final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider, - final DataBroker dataBroker, final DOMMountPointService mountPointService, - final AAAEncryptionService encryptionService) { + public TestingNetconfTopologyImpl(final String topologyId, final NetconfClientDispatcher clientDispatcher, + final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor, + final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider, + final DataBroker dataBroker, final DOMMountPointService mountPointService) { super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, - processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService, encryptionService); + processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService); } @Override diff --git a/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/util/AuthEncryptor.java b/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/util/AuthEncryptor.java deleted file mode 100644 index 28a9171722..0000000000 --- a/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/util/AuthEncryptor.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2016 Brocade Communication Systems and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ -package org.opendaylight.netconf.sal.connect.util; - -import com.google.common.util.concurrent.CheckedFuture; -import com.google.common.util.concurrent.FutureCallback; -import com.google.common.util.concurrent.Futures; -import org.opendaylight.aaa.encrypt.AAAEncryptionService; -import org.opendaylight.controller.md.sal.binding.api.DataBroker; -import org.opendaylight.controller.md.sal.binding.api.WriteTransaction; -import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; -import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException; -import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode; -import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNodeBuilder; -import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NetworkTopology; -import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId; -import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.TopologyId; -import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.Topology; -import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.TopologyKey; -import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node; -import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.NodeKey; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Utility to encrypt netconf username and password. - */ -public class AuthEncryptor { - private static final Logger LOG = LoggerFactory.getLogger(AuthEncryptor.class); - - public static void encryptIfNeeded(final NodeId nodeId, final NetconfNode netconfNode, - AAAEncryptionService encryptionService, - final String topologyId, final DataBroker dataBroker) { - final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node - .credentials.credentials.LoginPassword creds = - (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node - .credentials.credentials.LoginPassword) netconfNode.getCredentials(); - final String decryptedPassword = encryptionService.decrypt(creds.getPassword()); - if (decryptedPassword != null && decryptedPassword.equals(creds.getPassword())) { - LOG.info("Encrypting the provided credentials"); - final String username = encryptionService.encrypt(creds.getUsername()); - final String password = encryptionService.encrypt(creds.getPassword()); - final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node - .credentials.credentials.LoginPasswordBuilder passwordBuilder = - new org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114 - .netconf.node.credentials.credentials.LoginPasswordBuilder(); - passwordBuilder.setUsername(username); - passwordBuilder.setPassword(password); - final NetconfNodeBuilder nnb = new NetconfNodeBuilder(); - nnb.setCredentials(passwordBuilder.build()); - - final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction(); - final InstanceIdentifier networkTopologyId = - InstanceIdentifier.builder(NetworkTopology.class).build(); - final InstanceIdentifier niid = networkTopologyId.child(Topology.class, - new TopologyKey(new TopologyId(topologyId))).child(Node.class, - new NodeKey(nodeId)).augmentation(NetconfNode.class); - writeTransaction.merge(LogicalDatastoreType.CONFIGURATION, niid, nnb.build()); - final CheckedFuture future = writeTransaction.submit(); - Futures.addCallback(future, new FutureCallback() { - - @Override - public void onSuccess(Void result) { - LOG.info("Encrypted netconf username/password successfully"); - } - - @Override - public void onFailure(Throwable exception) { - LOG.error("Unable to encrypt netconf username/password." + exception.getMessage()); - } - }); - } - } -}