From: Lori Jakab Date: Wed, 25 May 2016 14:47:48 +0000 (+0000) Subject: Merge "Authentication to southbound" X-Git-Tag: release/boron~100 X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=commitdiff_plain;h=e2aa5bf871ac8c3be93fd9530371bf9fad0cb6eb;hp=e9c66ab2932e03e21441bc19cfb4164656bdb833;p=lispflowmapping.git Merge "Authentication to southbound" --- diff --git a/features/src/main/features/features.xml b/features/src/main/features/features.xml index 63188d8ac..fe3e7e15e 100644 --- a/features/src/main/features/features.xml +++ b/features/src/main/features/features.xml @@ -56,6 +56,7 @@ odl-restconf odl-mdsal-broker odl-lispflowmapping-models + odl-lispflowmapping-inmemorydb mvn:org.opendaylight.lispflowmapping/mappingservice.mapcache/{{VERSION}} mvn:org.opendaylight.lispflowmapping/mappingservice.southbound/{{VERSION}} diff --git a/integrationtest/src/test/java/org/opendaylight/lispflowmapping/integrationtest/MappingServiceIntegrationTest.java b/integrationtest/src/test/java/org/opendaylight/lispflowmapping/integrationtest/MappingServiceIntegrationTest.java index 63805595f..80e8ed763 100644 --- a/integrationtest/src/test/java/org/opendaylight/lispflowmapping/integrationtest/MappingServiceIntegrationTest.java +++ b/integrationtest/src/test/java/org/opendaylight/lispflowmapping/integrationtest/MappingServiceIntegrationTest.java @@ -341,8 +341,7 @@ public class MappingServiceIntegrationTest extends AbstractMdsalTestBase { mapRegisterWithMapNotifyAndMapRequest(); registerAndQuery__MAC(); mapRequestMapRegisterAndMapRequest(); - //TODO uncomment followign test once authentication check will be moved to LispSouthboundHandler -// mapRegisterWithAuthenticationWithoutConfiguringAKey(); + mapRegisterWithAuthenticationWithoutConfiguringAKey(); mapRegisterWithoutMapNotify(); } diff --git a/mappingservice/api/src/main/java/org/opendaylight/lispflowmapping/interfaces/lisp/IGenericMapServer.java b/mappingservice/api/src/main/java/org/opendaylight/lispflowmapping/interfaces/lisp/IGenericMapServer.java index ae354d0d1..e1aa513c8 100644 --- a/mappingservice/api/src/main/java/org/opendaylight/lispflowmapping/interfaces/lisp/IGenericMapServer.java +++ b/mappingservice/api/src/main/java/org/opendaylight/lispflowmapping/interfaces/lisp/IGenericMapServer.java @@ -12,19 +12,6 @@ package org.opendaylight.lispflowmapping.interfaces.lisp; */ public interface IGenericMapServer { - /** - * @return Should the Map Server use authentication. - */ - boolean shouldAuthenticate(); - - /** - * Configure Map server to use authentication - * - * @param shouldAuthenticate - * Set authentication - */ - void setShouldAuthenticate(boolean shouldAuthenticate); - /** * Configure Map Server to notify mapping subscribers on mapping updates * diff --git a/mappingservice/api/src/main/java/org/opendaylight/lispflowmapping/interfaces/lisp/ILispAuthentication.java b/mappingservice/api/src/main/java/org/opendaylight/lispflowmapping/interfaces/lisp/ILispAuthentication.java index a02e7c727..226341fe6 100644 --- a/mappingservice/api/src/main/java/org/opendaylight/lispflowmapping/interfaces/lisp/ILispAuthentication.java +++ b/mappingservice/api/src/main/java/org/opendaylight/lispflowmapping/interfaces/lisp/ILispAuthentication.java @@ -7,11 +7,12 @@ */ package org.opendaylight.lispflowmapping.interfaces.lisp; +import java.nio.ByteBuffer; import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.MapNotify; -import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.MapRegister; public interface ILispAuthentication { - boolean validate(MapRegister mapRegister, String key); + + boolean validate(ByteBuffer mapRegisterBuffer, byte[] expectedAuthData, String key); byte[] getAuthenticationData(MapNotify mapNotify, String key); diff --git a/mappingservice/implementation/src/main/java/org/opendaylight/lispflowmapping/implementation/LispMappingService.java b/mappingservice/implementation/src/main/java/org/opendaylight/lispflowmapping/implementation/LispMappingService.java index b870dc43c..6fd8489a5 100644 --- a/mappingservice/implementation/src/main/java/org/opendaylight/lispflowmapping/implementation/LispMappingService.java +++ b/mappingservice/implementation/src/main/java/org/opendaylight/lispflowmapping/implementation/LispMappingService.java @@ -62,8 +62,6 @@ public class LispMappingService implements IFlowMapping, BindingAwareProvider, I IMapNotifyHandler, OdlLispProtoListener, AutoCloseable { protected static final Logger LOG = LoggerFactory.getLogger(LispMappingService.class); - private volatile boolean shouldAuthenticate = true; - private volatile boolean smr = ConfigIni.getInstance().smrIsSet(); private volatile String elpPolicy = ConfigIni.getInstance().getElpPolicy(); @@ -122,12 +120,12 @@ public class LispMappingService implements IFlowMapping, BindingAwareProvider, I broker.registerProvider(this); notificationService.registerNotificationListener(this); mapResolver = new MapResolver(mapService, smr, elpPolicy, this); - mapServer = new MapServer(mapService, shouldAuthenticate, smr, this, notificationService); + mapServer = new MapServer(mapService, smr, this, notificationService); } public void basicInit() { mapResolver = new MapResolver(mapService, smr, elpPolicy, this); - mapServer = new MapServer(mapService, shouldAuthenticate, smr, this, notificationService); + mapServer = new MapServer(mapService, smr, this, notificationService); } @Override @@ -172,13 +170,7 @@ public class LispMappingService implements IFlowMapping, BindingAwareProvider, I } public void setShouldAuthenticate(boolean shouldAuthenticate) { - this.shouldAuthenticate = shouldAuthenticate; this.mapResolver.setShouldAuthenticate(shouldAuthenticate); - this.mapServer.setShouldAuthenticate(shouldAuthenticate); - } - - public boolean shouldAuthenticate() { - return shouldAuthenticate; } private void sendMapNotify(MapNotify mapNotify, TransportAddress address) { diff --git a/mappingservice/implementation/src/main/java/org/opendaylight/lispflowmapping/implementation/lisp/MapServer.java b/mappingservice/implementation/src/main/java/org/opendaylight/lispflowmapping/implementation/lisp/MapServer.java index 67614db80..4b2659c92 100644 --- a/mappingservice/implementation/src/main/java/org/opendaylight/lispflowmapping/implementation/lisp/MapServer.java +++ b/mappingservice/implementation/src/main/java/org/opendaylight/lispflowmapping/implementation/lisp/MapServer.java @@ -64,16 +64,14 @@ public class MapServer implements IMapServerAsync, OdlMappingserviceListener { protected static final Logger LOG = LoggerFactory.getLogger(MapServer.class); private IMappingService mapService; - private boolean authenticate; private boolean subscriptionService; private IMapNotifyHandler notifyHandler; private NotificationService notificationService; - public MapServer(IMappingService mapService, boolean authenticate, boolean subscriptionService, + public MapServer(IMappingService mapService, boolean subscriptionService, IMapNotifyHandler notifyHandler, NotificationService notificationService) { Preconditions.checkNotNull(mapService); this.mapService = mapService; - this.authenticate = authenticate; this.subscriptionService = subscriptionService; this.notifyHandler = notifyHandler; this.notificationService = notificationService; @@ -87,16 +85,6 @@ public class MapServer implements IMapServerAsync, OdlMappingserviceListener { this.subscriptionService = subscriptionService; } - @Override - public boolean shouldAuthenticate() { - return authenticate; - } - - @Override - public void setShouldAuthenticate(boolean shouldAuthenticate) { - authenticate = shouldAuthenticate; - } - @SuppressWarnings("unchecked") public void handleMapRegister(MapRegister mapRegister) { boolean authFailed = false; diff --git a/mappingservice/implementation/src/test/java/org/opendaylight/lispflowmapping/implementation/LispMappingServiceTest.java b/mappingservice/implementation/src/test/java/org/opendaylight/lispflowmapping/implementation/LispMappingServiceTest.java index 08d35489f..ea4b215cf 100644 --- a/mappingservice/implementation/src/test/java/org/opendaylight/lispflowmapping/implementation/LispMappingServiceTest.java +++ b/mappingservice/implementation/src/test/java/org/opendaylight/lispflowmapping/implementation/LispMappingServiceTest.java @@ -299,7 +299,6 @@ public class LispMappingServiceTest { lispMappingService.setShouldAuthenticate(value); Mockito.verify(mapResolverMock).setShouldAuthenticate(value); - Mockito.verify(mapServerMock).setShouldAuthenticate(value); } private static Pair> getDefaultMapNotifyPair() { diff --git a/mappingservice/implementation/src/test/java/org/opendaylight/lispflowmapping/implementation/lisp/MapServerTest.java b/mappingservice/implementation/src/test/java/org/opendaylight/lispflowmapping/implementation/lisp/MapServerTest.java index 30303d96c..f1d96489f 100644 --- a/mappingservice/implementation/src/test/java/org/opendaylight/lispflowmapping/implementation/lisp/MapServerTest.java +++ b/mappingservice/implementation/src/test/java/org/opendaylight/lispflowmapping/implementation/lisp/MapServerTest.java @@ -140,7 +140,7 @@ public class MapServerTest { @Before public void init() throws NoSuchFieldException, IllegalAccessException { - mapServer = new MapServer(mapService, true, true, notifyHandler, notificationService); + mapServer = new MapServer(mapService, true, notifyHandler, notificationService); subscriberSetMock_1.add(SUBSCRIBER_RLOC_1); subscriberSetMock_1.add(SUBSCRIBER_RLOC_2); subscriberSetMock_2.add(SUBSCRIBER_RLOC_3); diff --git a/mappingservice/southbound/pom.xml b/mappingservice/southbound/pom.xml index c38c445cb..7530d049f 100644 --- a/mappingservice/southbound/pom.xml +++ b/mappingservice/southbound/pom.xml @@ -17,10 +17,18 @@ ${project.groupId} mappingservice.api + + ${project.groupId} + mappingservice.inmemorydb + ${project.groupId} mappingservice.lisp-proto + + ${project.groupId} + mappingservice.mapcache + io.netty netty-all diff --git a/mappingservice/southbound/src/main/config/default-config.xml b/mappingservice/southbound/src/main/config/default-config.xml index df6e25e0e..83b7778bf 100644 --- a/mappingservice/southbound/src/main/config/default-config.xml +++ b/mappingservice/southbound/src/main/config/default-config.xml @@ -4,6 +4,7 @@ urn:opendaylight:params:xml:ns:yang:controller:md:sal:binding?module=opendaylight-md-sal-binding&revision=2013-10-28 urn:opendaylight:params:xml:ns:yang:controller:md:sal:binding:impl?module=opendaylight-sal-binding-broker-impl&revision=2013-10-28 urn:opendaylight:params:xml:ns:yang:controller:config:lisp-sb:impl?module=odl-lisp-sb-impl&revision=2015-05-17 + urn:opendaylight:params:xml:ns:yang:controller:config:lfm:mappingservice-dao:inmemorydb?module=odl-mappingservice-dao-inmemorydb&revision=2015-10-07 @@ -27,6 +28,12 @@ binding-notification-publish-adapter + + + binding:binding-async-data-broker + pingpong-binding-data-broker + + diff --git a/mappingservice/southbound/src/main/java/org/opendaylight/controller/config/yang/config/lisp_sb/impl/LfmMappingServiceSbModule.java b/mappingservice/southbound/src/main/java/org/opendaylight/controller/config/yang/config/lisp_sb/impl/LfmMappingServiceSbModule.java index 228c68974..4d0abfc54 100644 --- a/mappingservice/southbound/src/main/java/org/opendaylight/controller/config/yang/config/lisp_sb/impl/LfmMappingServiceSbModule.java +++ b/mappingservice/southbound/src/main/java/org/opendaylight/controller/config/yang/config/lisp_sb/impl/LfmMappingServiceSbModule.java @@ -36,6 +36,7 @@ public class LfmMappingServiceSbModule extends org.opendaylight.controller.confi sbPlugin = new LispSouthboundPlugin(); sbPlugin.setNotificationPublishService(getNotificationPublishServiceDependency()); sbPlugin.setRpcRegistryDependency(getRpcRegistryDependency()); + sbPlugin.setDataBroker(getDataBrokerDependency()); sbPlugin.init(); return sbPlugin; diff --git a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/LispSouthboundPlugin.java b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/LispSouthboundPlugin.java index 1818f898f..d278c34bc 100644 --- a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/LispSouthboundPlugin.java +++ b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/LispSouthboundPlugin.java @@ -9,6 +9,8 @@ package org.opendaylight.lispflowmapping.southbound; import static io.netty.buffer.Unpooled.wrappedBuffer; + +import com.google.common.base.Preconditions; import io.netty.bootstrap.Bootstrap; import io.netty.buffer.ByteBuf; import io.netty.buffer.ByteBufUtil; @@ -19,13 +21,12 @@ import io.netty.channel.nio.NioEventLoopGroup; import io.netty.channel.socket.DatagramPacket; import io.netty.channel.socket.nio.NioDatagramChannel; import io.netty.util.concurrent.DefaultThreadFactory; - import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.UnknownHostException; import java.nio.ByteBuffer; import java.util.concurrent.ThreadFactory; - +import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.controller.md.sal.binding.api.NotificationPublishService; import org.opendaylight.controller.sal.binding.api.BindingAwareBroker.RpcRegistration; import org.opendaylight.controller.sal.binding.api.RpcProviderRegistry; @@ -40,8 +41,6 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.sb.rev150904.OdlLi import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.base.Preconditions; - public class LispSouthboundPlugin implements IConfigLispSouthboundPlugin, AutoCloseable { protected static final Logger LOG = LoggerFactory.getLogger(LispSouthboundPlugin.class); @@ -59,6 +58,7 @@ public class LispSouthboundPlugin implements IConfigLispSouthboundPlugin, AutoCl private LispSouthboundStats statistics = new LispSouthboundStats(); private ThreadFactory threadFactory = new DefaultThreadFactory("lisp-sb"); private EventLoopGroup eventLoopGroup = new NioEventLoopGroup(0, threadFactory); + private DataBroker dataBroker; public void init() { @@ -69,8 +69,11 @@ public class LispSouthboundPlugin implements IConfigLispSouthboundPlugin, AutoCl synchronized (startLock) { lispSouthboundHandler = new LispSouthboundHandler(this); - lispXtrSouthboundHandler = new LispXtrSouthboundHandler(); + lispSouthboundHandler.setDataBroker(dataBroker); lispSouthboundHandler.setNotificationProvider(this.notificationPublishService); + lispSouthboundHandler.init(); + + lispXtrSouthboundHandler = new LispXtrSouthboundHandler(); lispXtrSouthboundHandler.setNotificationProvider(this.notificationPublishService); start(); @@ -244,10 +247,15 @@ public class LispSouthboundPlugin implements IConfigLispSouthboundPlugin, AutoCl } } + public void setDataBroker(final DataBroker dataBroker) { + this.dataBroker = dataBroker; + } + @Override public void close() throws Exception { unloadActions(); eventLoopGroup.shutdownGracefully(); sbRpcRegistration.close(); + lispSouthboundHandler.close(); } } diff --git a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispAuthenticationFactory.java b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispAuthenticationFactory.java similarity index 95% rename from mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispAuthenticationFactory.java rename to mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispAuthenticationFactory.java index 295802bd2..dae8f0659 100644 --- a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispAuthenticationFactory.java +++ b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispAuthenticationFactory.java @@ -5,7 +5,7 @@ * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html */ -package org.opendaylight.lispflowmapping.implementation.authentication; +package org.opendaylight.lispflowmapping.southbound.authentication; import java.util.HashMap; import java.util.Map; diff --git a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispAuthenticationUtil.java b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispAuthenticationUtil.java similarity index 72% rename from mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispAuthenticationUtil.java rename to mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispAuthenticationUtil.java index 9d90c1ad7..2732c38e9 100644 --- a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispAuthenticationUtil.java +++ b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispAuthenticationUtil.java @@ -5,8 +5,9 @@ * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html */ -package org.opendaylight.lispflowmapping.implementation.authentication; +package org.opendaylight.lispflowmapping.southbound.authentication; +import java.nio.ByteBuffer; import org.opendaylight.lispflowmapping.interfaces.lisp.ILispAuthentication; import org.opendaylight.lispflowmapping.lisp.util.LispAddressStringifier; import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.MapNotify; @@ -23,10 +24,11 @@ public final class LispAuthenticationUtil { private LispAuthenticationUtil() { } - public static boolean validate(MapRegister mapRegister, Eid eid, MappingAuthkey key) { + private static ILispAuthentication resolveAuthentication(final MapRegister mapRegister, final Eid eid, final + MappingAuthkey key) { if (key == null) { LOG.warn("Authentication failed: mapping authentication key is null"); - return false; + return null; } short keyId = 0; if (mapRegister.getKeyId() != null) { @@ -35,10 +37,16 @@ public final class LispAuthenticationUtil { if (keyId != key.getKeyType().shortValue()) { LOG.warn("Authentication failed: key-ID in Map-Register is different from the one on file for {}", LispAddressStringifier.getString(eid)); - return false; + return null; } - ILispAuthentication authentication = LispAuthenticationFactory.getAuthentication(LispKeyIDEnum.valueOf(keyId)); - return authentication.validate(mapRegister, key.getKeyString()); + return LispAuthenticationFactory.getAuthentication(LispKeyIDEnum.valueOf(keyId)); + } + + + public static boolean validate(MapRegister mapRegister, ByteBuffer byteBuffer, Eid eid, MappingAuthkey key) { + final ILispAuthentication authentication = resolveAuthentication(mapRegister, eid, key); + return authentication == null ? false : authentication.validate(byteBuffer, mapRegister.getAuthenticationData(), + key.getKeyString()); } public static byte[] createAuthenticationData(MapNotify mapNotify, String key) { @@ -47,5 +55,4 @@ public final class LispAuthenticationUtil { LispKeyIDEnum.valueOf(mapNotify.getKeyId())); return authentication.getAuthenticationData(mapNotify, key); } - } diff --git a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispKeyIDEnum.java b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispKeyIDEnum.java similarity index 93% rename from mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispKeyIDEnum.java rename to mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispKeyIDEnum.java index 6590cbd4e..1814b1656 100644 --- a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispKeyIDEnum.java +++ b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispKeyIDEnum.java @@ -5,7 +5,7 @@ * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html */ -package org.opendaylight.lispflowmapping.implementation.authentication; +package org.opendaylight.lispflowmapping.southbound.authentication; public enum LispKeyIDEnum { NONE(0, null), // diff --git a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispMACAuthentication.java b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispMACAuthentication.java similarity index 83% rename from mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispMACAuthentication.java rename to mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispMACAuthentication.java index 5fa3ec87a..89ec2dd33 100644 --- a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispMACAuthentication.java +++ b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispMACAuthentication.java @@ -5,21 +5,17 @@ * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html */ -package org.opendaylight.lispflowmapping.implementation.authentication; +package org.opendaylight.lispflowmapping.southbound.authentication; import java.nio.ByteBuffer; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.util.Arrays; - import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; - import org.opendaylight.lispflowmapping.interfaces.lisp.ILispAuthentication; import org.opendaylight.lispflowmapping.lisp.serializer.MapNotifySerializer; -import org.opendaylight.lispflowmapping.lisp.serializer.MapRegisterSerializer; import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.MapNotify; -import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.MapRegister; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -41,21 +37,20 @@ public class LispMACAuthentication implements ILispAuthentication { } } - public boolean validate(MapRegister mapRegister, String key) { + @Override + public boolean validate(ByteBuffer mapRegisterBuffer, byte[] expectedAuthData, String key) { if (key == null) { LOG.warn("Authentication failed: mapping authentication password is null!"); return false; } - ByteBuffer mapRegisterBuffer = MapRegisterSerializer.getInstance().serialize(mapRegister); if (mapRegisterBuffer == null) { return true; } - mapRegisterBuffer.position(MAP_REGISTER_AND_NOTIFY_AUTHENTICATION_POSITION); + mapRegisterBuffer.position(ILispAuthentication.MAP_REGISTER_AND_NOTIFY_AUTHENTICATION_POSITION); mapRegisterBuffer.put(tempAuthenticationData); mapRegisterBuffer.position(0); - return Arrays.equals(getAuthenticationData(mapRegisterBuffer.array(), key), - mapRegister.getAuthenticationData()); + return Arrays.equals(getAuthenticationData(mapRegisterBuffer.array(), key), expectedAuthData); } protected byte[] getAuthenticationData(byte[] data, String key) { diff --git a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispNoAuthentication.java b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispNoAuthentication.java similarity index 82% rename from mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispNoAuthentication.java rename to mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispNoAuthentication.java index 69757776f..6d5496063 100644 --- a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/implementation/authentication/LispNoAuthentication.java +++ b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/authentication/LispNoAuthentication.java @@ -5,11 +5,11 @@ * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html */ -package org.opendaylight.lispflowmapping.implementation.authentication; +package org.opendaylight.lispflowmapping.southbound.authentication; +import java.nio.ByteBuffer; import org.opendaylight.lispflowmapping.interfaces.lisp.ILispAuthentication; import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.MapNotify; -import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.MapRegister; public final class LispNoAuthentication implements ILispAuthentication { @@ -33,7 +33,8 @@ public final class LispNoAuthentication implements ILispAuthentication { return authenticationData; } - public boolean validate(MapRegister mapRegister, String key) { + @Override + public boolean validate(ByteBuffer mapRegisterBuffer, byte[] expectedAuthData, String key) { return true; } diff --git a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/lisp/AuthenticationKeyDataListener.java b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/lisp/AuthenticationKeyDataListener.java new file mode 100644 index 000000000..79cc6b29d --- /dev/null +++ b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/lisp/AuthenticationKeyDataListener.java @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2016 Cisco Systems, Inc. All rights reserved. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v1.0 which accompanies this distribution, + * and is available at http://www.eclipse.org/legal/epl-v10.html + */ +package org.opendaylight.lispflowmapping.southbound.lisp; + +import java.util.Collection; +import org.opendaylight.controller.md.sal.binding.api.DataBroker; +import org.opendaylight.controller.md.sal.binding.api.DataObjectModification; +import org.opendaylight.controller.md.sal.binding.api.DataObjectModification.ModificationType; +import org.opendaylight.controller.md.sal.binding.api.DataTreeChangeListener; +import org.opendaylight.controller.md.sal.binding.api.DataTreeIdentifier; +import org.opendaylight.controller.md.sal.binding.api.DataTreeModification; +import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; +import org.opendaylight.lispflowmapping.mapcache.SimpleMapCache; +import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.mappingservice.rev150906.MappingDatabase; +import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.mappingservice.rev150906.db.instance.AuthenticationKey; +import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.mappingservice.rev150906.mapping.database.VirtualNetworkIdentifier; +import org.opendaylight.yangtools.concepts.ListenerRegistration; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * DataListener for all AuthenticationKey modification events. + * + */ +public class AuthenticationKeyDataListener implements DataTreeChangeListener { + private static final Logger LOG = LoggerFactory.getLogger(AuthenticationKeyDataListener.class); + + private final SimpleMapCache smc; + private final DataBroker broker; + private final InstanceIdentifier path; + private ListenerRegistration> registration; + + + public AuthenticationKeyDataListener(final DataBroker broker, final SimpleMapCache smc) { + this.broker = broker; + this.smc = smc; + this.path = InstanceIdentifier.create(MappingDatabase.class).child(VirtualNetworkIdentifier.class) + .child(AuthenticationKey.class); + LOG.trace("Registering AuthenticationKey listener."); + final DataTreeIdentifier dataTreeIdentifier = new DataTreeIdentifier<> + (LogicalDatastoreType.CONFIGURATION, path); + registration = broker.registerDataTreeChangeListener(dataTreeIdentifier, this); + } + + public void closeDataChangeListener() { + registration.close(); + } + + @Override + public void onDataTreeChanged(Collection> changes) { + for (DataTreeModification change : changes) { + final DataObjectModification mod = change.getRootNode(); + + if (ModificationType.DELETE == mod.getModificationType()) { + final AuthenticationKey authKey = mod.getDataBefore(); + + LOG.trace("Received deleted data"); + LOG.trace("Key: {}", change.getRootPath().getRootIdentifier()); + LOG.trace("Value: {}", authKey); + + smc.removeAuthenticationKey(authKey.getEid()); + } else if (ModificationType.WRITE == mod.getModificationType() || ModificationType.SUBTREE_MODIFIED == mod + .getModificationType()) { + if (ModificationType.WRITE == mod.getModificationType()) { + LOG.trace("Received created data"); + } else { + LOG.trace("Received updated data"); + } + // Process newly created or updated authentication keys + final AuthenticationKey authKey = mod.getDataAfter(); + + LOG.trace("Key: {}", change.getRootPath().getRootIdentifier()); + LOG.trace("Value: {}", authKey); + + smc.addAuthenticationKey(authKey.getEid(), authKey.getMappingAuthkey()); + } else { + LOG.warn("Ignoring unhandled modification type {}", mod.getModificationType()); + } + } + } + +} diff --git a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/lisp/LispSouthboundHandler.java b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/lisp/LispSouthboundHandler.java index 347a835dd..d89914771 100644 --- a/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/lisp/LispSouthboundHandler.java +++ b/mappingservice/southbound/src/main/java/org/opendaylight/lispflowmapping/southbound/lisp/LispSouthboundHandler.java @@ -8,6 +8,7 @@ package org.opendaylight.lispflowmapping.southbound.lisp; +import com.google.common.base.Preconditions; import io.netty.buffer.ByteBufUtil; import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelHandlerContext; @@ -19,7 +20,10 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.Map; +import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.controller.md.sal.binding.api.NotificationPublishService; +import org.opendaylight.lispflowmapping.inmemorydb.HashMapDb; +import org.opendaylight.lispflowmapping.southbound.authentication.LispAuthenticationUtil; import org.opendaylight.lispflowmapping.lisp.serializer.MapNotifySerializer; import org.opendaylight.lispflowmapping.lisp.serializer.MapRegisterSerializer; import org.opendaylight.lispflowmapping.lisp.serializer.MapReplySerializer; @@ -28,6 +32,7 @@ import org.opendaylight.lispflowmapping.lisp.type.LispMessage; import org.opendaylight.lispflowmapping.lisp.util.ByteUtil; import org.opendaylight.lispflowmapping.lisp.util.LispAddressStringifier; import org.opendaylight.lispflowmapping.lisp.util.MapRequestUtil; +import org.opendaylight.lispflowmapping.mapcache.SimpleMapCache; import org.opendaylight.lispflowmapping.southbound.LispSouthboundPlugin; import org.opendaylight.lispflowmapping.southbound.LispSouthboundStats; import org.opendaylight.lispflowmapping.southbound.lisp.cache.MapRegisterCache; @@ -55,16 +60,18 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.ma import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.map.register.cache.metadata.container.map.register.cache.metadata.EidLispAddressBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.map.register.cache.value.grouping.MapRegisterCacheValue; import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.map.register.cache.value.grouping.MapRegisterCacheValueBuilder; +import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.mapping.record.container.MappingRecord; import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.mapping.record.list.MappingRecordItem; import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.lisp.proto.rev151105.transport.address.TransportAddressBuilder; +import org.opendaylight.yang.gen.v1.urn.opendaylight.lfm.mappingservice.rev150906.mapping.authkey.container.MappingAuthkey; import org.opendaylight.yangtools.yang.binding.Notification; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @ChannelHandler.Sharable public class LispSouthboundHandler extends SimpleChannelInboundHandler - implements ILispSouthboundService { - private final MapRegisterCache mapRegisterCache; + implements ILispSouthboundService, AutoCloseable { + private MapRegisterCache mapRegisterCache; /** * How long is record supposed to be relevant. After this time record isn't valid. @@ -72,27 +79,26 @@ public class LispSouthboundHandler extends SimpleChannelInboundHandler mappingRecords = mapRegister.getMappingRecordItem(); + for (int i = 0; i < mappingRecords.size(); i++) { + final MappingRecordItem recordItem = mappingRecords.get(i); + final MappingRecord mappingRecord = recordItem.getMappingRecord(); + if (i == 0) { + firstAuthKey = smc.getAuthenticationKey(mappingRecord.getEid()); + if (!LispAuthenticationUtil.validate(mapRegister, byteBuffer, mappingRecord.getEid(), firstAuthKey)) { + return false; + } + } else { + final Eid eid = mappingRecord.getEid(); + final MappingAuthkey authKey = smc.getAuthenticationKey(eid); + if (!firstAuthKey.equals(authKey)) { + LOG.debug("Map register packet contained several eids. Authentication keys for first one and for " + + "{} are different.",LispAddressStringifier.getString(eid)); + return false; + } + } + } + return true; + } + private void handleMapNotify(ByteBuffer inBuffer, InetAddress sourceAddress, int port) { try { MapNotify mapNotify = MapNotifySerializer.getInstance().deserialize(inBuffer); @@ -312,6 +366,7 @@ public class LispSouthboundHandler extends SimpleChannelInboundHandler(); @@ -413,6 +445,10 @@ public class LispSouthboundServiceTest extends BaseTestCase { } void mapRegisterInvocationForCacheTest(byte[] eidPrefixAfi, byte[] eidPrefix) { + mapRegisterInvocationForCacheTest(eidPrefixAfi, eidPrefix, MapRegisterCacheTestUtil.authenticationData); + } + + void mapRegisterInvocationForCacheTest(byte[] eidPrefixAfi, byte[] eidPrefix, byte[] authenticationData) { final byte[] mapRegisterMessage = MapRegisterCacheTestUtil.joinArrays(data1, nonce, keyId, authenticationData, data2, eidPrefixAfi, eidPrefix, data3, xTRId, siteId); handlePacket(mapRegisterMessage); @@ -430,7 +466,8 @@ public class LispSouthboundServiceTest extends BaseTestCase { byte[] eidPrefix = new byte[] { 0x0a, 0x0a, 0x0a, 0x0a //ipv4 address }; - cacheTest(eidPrefixAfi, eidPrefix); + + cacheTest(eidPrefixAfi, eidPrefix, MapRegisterCacheTestUtil.authenticationData); } /** @@ -448,7 +485,17 @@ public class LispSouthboundServiceTest extends BaseTestCase { ,0x0f, 0x0f, 0x0f, 0x0f //ipv6 address ,0x0f, 0x0f, 0x0f, 0x0f //ipv6 address }; - cacheTest(eidPrefixAfi, eidPrefix); + + byte[] authenticationData = new byte[]{ + 0x00, 0x14 + ,0x41,(byte)0x83,0x13,0x7C + ,0x48,(byte)0xEE,0x75,(byte)0x9A + ,0x4,(byte)0x8C,0x46,(byte)0xA6 + ,0x1B,0x13,(byte)0xC8,0x4D + ,(byte)0xA1,0x17,0x53,(byte)0xC3 + }; + + cacheTest(eidPrefixAfi, eidPrefix, authenticationData); } /** @@ -464,7 +511,15 @@ public class LispSouthboundServiceTest extends BaseTestCase { 0x0a, 0x0b, 0x0c, 0x0d //mac address ,0x0e, 0x0f //mac address }; - cacheTest(eidPrefixAfi, eidPrefix); + byte[] authenticationData = new byte[]{ + 0x00, 0x14 + ,(byte)0xB2,(byte)0x8E,0x6,(byte)0x9D + ,0x61,(byte)0xD8,0xC,0x24 + ,(byte)0x80,0x61,0x5A,0x20 + ,0xD,0x50,0x5E,(byte)0xAE + ,0x47,(byte)0xF7,(byte)0x86,0x36 + }; + cacheTest(eidPrefixAfi, eidPrefix, authenticationData); } /** @@ -489,7 +544,18 @@ public class LispSouthboundServiceTest extends BaseTestCase { byte[] eidPrefix = joinArrays(lcafRsvd1, lcafFlags, lcafType, lcafIIDMaskLength, lcafLength, lcafInstanceId, lcafAfi, lcafAddress); - cacheTest(eidPrefixAfi, eidPrefix); + + byte[] authenticationData = new byte[]{ + 0x00, 0x14 //authentication data length + ,0x68, 0x1d, (byte) 0x9e, 0x6e //auth data + ,0x5e, 0x32, (byte) 0x88, 0x1a //auth data + ,(byte) 0xae, 0x6b, (byte) 0xe3, 0x40 //auth data + ,0x30, (byte) 0x0b, (byte) 0xb6, (byte) 0xa0 //auth data + ,0x71, (byte) 0xf4, (byte) 0x8c, 0x5f //auth data + }; + + + cacheTest(eidPrefixAfi, eidPrefix, authenticationData); } /** @@ -497,14 +563,15 @@ public class LispSouthboundServiceTest extends BaseTestCase { * @param eidPrefixAfi * @param eidPrefix */ - public void cacheTest(byte[] eidPrefixAfi, byte[] eidPrefix) throws InterruptedException { + public void cacheTest(byte[] eidPrefixAfi, byte[] eidPrefix, byte[] authenticationData) throws + InterruptedException { final MapRegisterCacheKey mapRegisterCacheKey = MapRegisterCacheTestUtil.createMapRegisterCacheKey(eidPrefix); final NotificationPublishService mockedNotificationProvider = mock(NotificationPublishService.class); testedLispService.setNotificationProvider(mockedNotificationProvider); MapRegisterCacheTestUtil.beforeMapRegisterInvocationValidation(mapRegisterCacheKey, mapRegisterCache); - mapRegisterInvocationForCacheTest(eidPrefixAfi, eidPrefix); + mapRegisterInvocationForCacheTest(eidPrefixAfi, eidPrefix, authenticationData); MapRegisterCacheTestUtil.afterMapRegisterInvocationValidation(mockedNotificationProvider, mapRegisterCacheKey, mapRegisterCache, eidPrefixAfi, eidPrefix); } @@ -528,15 +595,14 @@ public class LispSouthboundServiceTest extends BaseTestCase { cacheRecordExpirationTest(false); } - private void cacheRecordExpirationTest(boolean cacheRecordTimeouted) { - mapRegisterCache = mock(MapRegisterCache.class); - testedLispService = new LispSouthboundHandler(mockLispSouthboundPlugin, mapRegisterCache); + private void cacheRecordExpirationTest(boolean cacheRecordTimeouted) throws InterruptedException { + mapRegisterCache = Mockito.mock(MapRegisterCache.class); + testedLispService.setMapRegisterCache(mapRegisterCache); + testedLispService.setNotificationProvider(Mockito.mock(NotificationPublishService.class)); byte[] eidPrefixAfi = new byte[] {0x00, 0x01}; - byte[] eidPrefix = new byte[] {0x0a, 0x0a, 0x0a, 0x0a}; - MapRegisterCacheKeyBuilder cacheKeyBld = new MapRegisterCacheKeyBuilder(); MapRegisterCacheValueBuilder cacheValueBld = new MapRegisterCacheValueBuilder(); cacheKeyBld.setXtrId(xTRId); diff --git a/mappingservice/southbound/src/test/java/org/opendaylight/lispflowmapping/southbound/lisp/MapRegisterCacheTestUtil.java b/mappingservice/southbound/src/test/java/org/opendaylight/lispflowmapping/southbound/lisp/MapRegisterCacheTestUtil.java index bc960c612..228ae6431 100644 --- a/mappingservice/southbound/src/test/java/org/opendaylight/lispflowmapping/southbound/lisp/MapRegisterCacheTestUtil.java +++ b/mappingservice/southbound/src/test/java/org/opendaylight/lispflowmapping/southbound/lisp/MapRegisterCacheTestUtil.java @@ -37,14 +37,16 @@ final class MapRegisterCacheTestUtil { }; final static byte[] keyId = new byte[] { - 0x10, 0x10 //key ID + 0x00, 0x01 //key ID }; final static byte[] authenticationData = new byte[]{ - 0x00, 0x0c //authentication data length - ,0x7f, 0x7f, 0x7f, 0x7f //auth data - ,0x7f, 0x7f, 0x7f, 0x7f //auth data - ,0x7f, 0x7f, 0x7f, 0x7f //auth data + 0x00, 0x14 //authentication data length + ,(byte)0xfa, 0x50, 0x1d, (byte)0xd6 //auth data + ,0x63, 0x53, 0x67, 0x6c //auth data + ,0x00, 0x3c, 0x61, 0x67 //auth data + ,0x35, (byte) 0xb8, (byte) 0xcf, 0x16 //auth data + ,(byte) 0x91, (byte) 0xcd, 0x6b, (byte) 0x95 //auth data }; final static byte[] data2 = new byte[]{