From: Thanh Ha Date: Fri, 4 Mar 2016 01:54:51 +0000 (-0500) Subject: Revert "Bug 5377: Support configuring cipher suites to use for SSLEngine" X-Git-Tag: release/lithium-sr4~2 X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=commitdiff_plain;h=6775db5ac2b24551dc59b5560c556d74630a5d05;p=openflowjava.git Revert "Bug 5377: Support configuring cipher suites to use for SSLEngine" This reverts commit eec0e13acce7785038a9f9404aca0dc44fdba334. Change-Id: Ifd392d9055d0b5db46f4015eaf80452eef3363c7 Signed-off-by: Thanh Ha --- diff --git a/openflow-protocol-api/src/main/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfiguration.java b/openflow-protocol-api/src/main/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfiguration.java index f5a71a8c..6676dd02 100644 --- a/openflow-protocol-api/src/main/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfiguration.java +++ b/openflow-protocol-api/src/main/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfiguration.java @@ -8,8 +8,6 @@ package org.opendaylight.openflowjava.protocol.api.connection; -import java.util.List; - import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType; import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType; @@ -64,9 +62,4 @@ public interface TlsConfiguration { * @return password protecting specified truststore */ String getTruststorePassword(); - - /** - * @return list of cipher suites for TLS connection - */ - List getCipherSuites(); } diff --git a/openflow-protocol-api/src/main/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfigurationImpl.java b/openflow-protocol-api/src/main/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfigurationImpl.java index 2a290140..78a6c6b8 100644 --- a/openflow-protocol-api/src/main/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfigurationImpl.java +++ b/openflow-protocol-api/src/main/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfigurationImpl.java @@ -8,8 +8,6 @@ package org.opendaylight.openflowjava.protocol.api.connection; -import java.util.List; - import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType; import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType; @@ -25,7 +23,6 @@ public class TlsConfigurationImpl implements TlsConfiguration { private String keyStore; private PathType keystorePathType; private PathType truststorePathType; - private List cipherSuites; /** * Default constructor @@ -38,15 +35,13 @@ public class TlsConfigurationImpl implements TlsConfiguration { */ public TlsConfigurationImpl(KeystoreType trustStoreType, String trustStore, PathType trustStorePathType, KeystoreType keyStoreType, - String keyStore, PathType keyStorePathType, - List cipherSuites) { + String keyStore, PathType keyStorePathType) { this.trustStoreType = trustStoreType; this.trustStore = trustStore; this.truststorePathType = trustStorePathType; this.keyStoreType = keyStoreType; this.keyStore = keyStore; this.keystorePathType = keyStorePathType; - this.cipherSuites = cipherSuites; } @Override @@ -93,9 +88,4 @@ public class TlsConfigurationImpl implements TlsConfiguration { public String getTruststorePassword() { return "opendaylight"; } - - @Override - public List getCipherSuites() { - return cipherSuites; - } } diff --git a/openflow-protocol-api/src/test/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfigurationImplTest.java b/openflow-protocol-api/src/test/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfigurationImplTest.java index be52a188..f71d2302 100644 --- a/openflow-protocol-api/src/test/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfigurationImplTest.java +++ b/openflow-protocol-api/src/test/java/org/opendaylight/openflowjava/protocol/api/connection/TlsConfigurationImplTest.java @@ -10,14 +10,10 @@ package org.opendaylight.openflowjava.protocol.api.connection; import static org.junit.Assert.*; -import java.util.List; - import org.junit.Test; import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType; import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType; -import com.google.common.collect.Lists; - /** * @author michal.polkorab * @@ -29,9 +25,8 @@ public class TlsConfigurationImplTest { */ @Test public void test() { - List cipherSuites = Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256"); TlsConfigurationImpl config = new TlsConfigurationImpl(KeystoreType.JKS, - "user/dir", PathType.CLASSPATH, KeystoreType.PKCS12, "/var/lib", PathType.PATH, cipherSuites); + "user/dir", PathType.CLASSPATH, KeystoreType.PKCS12, "/var/lib", PathType.PATH); assertEquals("Wrong keystore location", "/var/lib", config.getTlsKeystore()); assertEquals("Wrong truststore location", "user/dir", config.getTlsTruststore()); assertEquals("Wrong keystore type", KeystoreType.PKCS12, config.getTlsKeystoreType()); @@ -41,6 +36,5 @@ public class TlsConfigurationImplTest { assertEquals("Wrong certificate password", "opendaylight", config.getCertificatePassword()); assertEquals("Wrong keystore password", "opendaylight", config.getKeystorePassword()); assertEquals("Wrong truststore password", "opendaylight", config.getTruststorePassword()); - assertEquals("Wrong cipher suites", cipherSuites, config.getCipherSuites()); } } \ No newline at end of file diff --git a/openflow-protocol-impl/src/main/java/org/opendaylight/openflowjava/protocol/impl/core/TcpChannelInitializer.java b/openflow-protocol-impl/src/main/java/org/opendaylight/openflowjava/protocol/impl/core/TcpChannelInitializer.java index 881f697a..18566eb2 100644 --- a/openflow-protocol-impl/src/main/java/org/opendaylight/openflowjava/protocol/impl/core/TcpChannelInitializer.java +++ b/openflow-protocol-impl/src/main/java/org/opendaylight/openflowjava/protocol/impl/core/TcpChannelInitializer.java @@ -16,7 +16,6 @@ import io.netty.util.concurrent.Future; import io.netty.util.concurrent.GenericFutureListener; import java.net.InetAddress; import java.util.Iterator; -import java.util.List; import java.util.concurrent.TimeUnit; import javax.net.ssl.SSLEngine; import org.opendaylight.openflowjava.protocol.impl.core.connection.ConnectionAdapterFactory; @@ -85,13 +84,6 @@ public class TcpChannelInitializer extends ProtocolChannelInitializer suitesList = getTlsConfiguration().getCipherSuites(); - if (suitesList != null && !suitesList.isEmpty()) { - LOGGER.debug("Requested Cipher Suites are: {}", suitesList); - String[] suites = suitesList.toArray(new String[suitesList.size()]); - engine.setEnabledCipherSuites(suites); - LOGGER.debug("Cipher suites enabled in SSLEngine are: {}", engine.getEnabledCipherSuites().toString()); - } final SslHandler ssl = new SslHandler(engine); final Future handshakeFuture = ssl.handshakeFuture(); final ConnectionFacade finalConnectionFacade = connectionFacade; diff --git a/openflow-protocol-impl/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/openflow/_switch/connection/provider/impl/rev140328/SwitchConnectionProviderModule.java b/openflow-protocol-impl/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/openflow/_switch/connection/provider/impl/rev140328/SwitchConnectionProviderModule.java index 6ded9bfb..6077c787 100644 --- a/openflow-protocol-impl/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/openflow/_switch/connection/provider/impl/rev140328/SwitchConnectionProviderModule.java +++ b/openflow-protocol-impl/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/params/xml/ns/yang/openflow/_switch/connection/provider/impl/rev140328/SwitchConnectionProviderModule.java @@ -12,8 +12,6 @@ package org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.openflo import com.google.common.base.MoreObjects; import java.net.InetAddress; import java.net.UnknownHostException; -import java.util.List; - import org.opendaylight.openflowjava.protocol.api.connection.ConnectionConfiguration; import org.opendaylight.openflowjava.protocol.api.connection.ThreadConfiguration; import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration; @@ -138,10 +136,6 @@ public final class SwitchConnectionProviderModule extends org.opendaylight.yang. public String getTruststorePassword() { return MoreObjects.firstNonNull(tlsConfig.getTruststorePassword(), null); } - @Override - public List getCipherSuites() { - return tlsConfig.getCipherSuites(); - } }; } @Override diff --git a/openflow-protocol-impl/src/main/yang/openflow-switch-connection-provider-impl.yang b/openflow-protocol-impl/src/main/yang/openflow-switch-connection-provider-impl.yang index 1610ff1b..aead1758 100644 --- a/openflow-protocol-impl/src/main/yang/openflow-switch-connection-provider-impl.yang +++ b/openflow-protocol-impl/src/main/yang/openflow-switch-connection-provider-impl.yang @@ -97,10 +97,6 @@ module openflow-switch-connection-provider-impl { description "password protecting truststore"; type string; } - leaf-list cipher-suites { - description "combination of cryptographic algorithms used by TLS connection"; - type string; - } } container threads { leaf boss-threads { diff --git a/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/PublishingChannelInitializerFactoryTest.java b/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/PublishingChannelInitializerFactoryTest.java index 48697240..6001e7f8 100644 --- a/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/PublishingChannelInitializerFactoryTest.java +++ b/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/PublishingChannelInitializerFactoryTest.java @@ -22,8 +22,6 @@ import org.opendaylight.openflowjava.protocol.impl.serialization.SerializationFa import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType; import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType; -import com.google.common.collect.Lists; - /** * * @author jameshall @@ -45,8 +43,7 @@ public class PublishingChannelInitializerFactoryTest { MockitoAnnotations.initMocks(this); factory = new ChannelInitializerFactory(); tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/exemplary-ctlTrustStore", - PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH, - Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")); + PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH); factory.setDeserializationFactory(deserializationFactory); factory.setSerializationFactory(serializationFactory); factory.setSwitchConnectionHandler(switchConnectionHandler); diff --git a/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/PublishingChannelInitializerTest.java b/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/PublishingChannelInitializerTest.java index b855cc91..bcd2ebb9 100644 --- a/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/PublishingChannelInitializerTest.java +++ b/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/PublishingChannelInitializerTest.java @@ -39,8 +39,6 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.K import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.openflow._switch.connection.provider.impl.rev140328.Tls; -import com.google.common.collect.Lists; - /** * * @author james.hall @@ -91,8 +89,7 @@ public class PublishingChannelInitializerTest { when(mockSocketCh.pipeline()).thenReturn(mockChPipeline) ; tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/selfSignedSwitch", PathType.CLASSPATH, - KeystoreType.JKS, "/selfSignedController", PathType.CLASSPATH, - Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")); + KeystoreType.JKS, "/selfSignedController", PathType.CLASSPATH); } diff --git a/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/SslContextFactoryTest.java b/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/SslContextFactoryTest.java index c73f6c63..a52f44c6 100644 --- a/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/SslContextFactoryTest.java +++ b/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/SslContextFactoryTest.java @@ -20,8 +20,6 @@ import org.opendaylight.openflowjava.protocol.api.connection.TlsConfigurationImp import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType; import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType; -import com.google.common.collect.Lists; - /** * * @author jameshall @@ -38,8 +36,7 @@ public class SslContextFactoryTest { public void setUp() { MockitoAnnotations.initMocks(this); tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/exemplary-ctlTrustStore", - PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH, - Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")) ; + PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH) ; sslContextFactory = new SslContextFactory(tlsConfiguration); } diff --git a/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/connection/SwitchConnectionProviderImpl02Test.java b/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/connection/SwitchConnectionProviderImpl02Test.java index e9b36307..78b24325 100644 --- a/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/connection/SwitchConnectionProviderImpl02Test.java +++ b/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/connection/SwitchConnectionProviderImpl02Test.java @@ -7,7 +7,6 @@ */ package org.opendaylight.openflowjava.protocol.impl.core.connection; -import com.google.common.collect.Lists; import com.google.common.util.concurrent.ListenableFuture; import java.net.InetAddress; import java.net.UnknownHostException; @@ -94,8 +93,7 @@ public class SwitchConnectionProviderImpl02Test { if (protocol.equals(TransportProtocol.TLS)) { tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/selfSignedSwitch", PathType.CLASSPATH, KeystoreType.JKS, - "/selfSignedController", PathType.CLASSPATH, - Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")) ; + "/selfSignedController", PathType.CLASSPATH) ; } config = new ConnectionConfigurationImpl(startupAddress, 0, tlsConfiguration, SWITCH_IDLE_TIMEOUT, true); config.setTransferProtocol(protocol); diff --git a/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/connection/SwitchConnectionProviderImplTest.java b/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/connection/SwitchConnectionProviderImplTest.java index 491e18de..3b53eed6 100644 --- a/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/connection/SwitchConnectionProviderImplTest.java +++ b/openflow-protocol-impl/src/test/java/org/opendaylight/openflowjava/protocol/impl/core/connection/SwitchConnectionProviderImplTest.java @@ -8,7 +8,6 @@ package org.opendaylight.openflowjava.protocol.impl.core.connection; -import com.google.common.collect.Lists; import com.google.common.util.concurrent.ListenableFuture; import java.net.InetAddress; import java.net.UnknownHostException; @@ -66,8 +65,7 @@ public class SwitchConnectionProviderImplTest { if (protocol.equals(TransportProtocol.TLS)) { tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/selfSignedSwitch", PathType.CLASSPATH, KeystoreType.JKS, - "/selfSignedController", PathType.CLASSPATH, - Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")) ; + "/selfSignedController", PathType.CLASSPATH) ; } config = new ConnectionConfigurationImpl(startupAddress, 0, tlsConfiguration, SWITCH_IDLE_TIMEOUT, true); config.setTransferProtocol(protocol); diff --git a/openflow-protocol-it/src/test/java/org/opendaylight/openflowjava/protocol/it/integration/IntegrationTest.java b/openflow-protocol-it/src/test/java/org/opendaylight/openflowjava/protocol/it/integration/IntegrationTest.java index 77e747a9..e10d12de 100644 --- a/openflow-protocol-it/src/test/java/org/opendaylight/openflowjava/protocol/it/integration/IntegrationTest.java +++ b/openflow-protocol-it/src/test/java/org/opendaylight/openflowjava/protocol/it/integration/IntegrationTest.java @@ -74,8 +74,7 @@ public class IntegrationTest { if (protocol.equals(TransportProtocol.TLS)) { tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/selfSignedSwitch", PathType.CLASSPATH, KeystoreType.JKS, - "/selfSignedController", PathType.CLASSPATH, - new ArrayList()); + "/selfSignedController", PathType.CLASSPATH) ; } connConfig = new ConnectionConfigurationImpl(startupAddress, 0, tlsConfiguration, SWITCH_IDLE_TIMEOUT, true); connConfig.setTransferProtocol(protocol);