From 9328fafd20f2a093d835f6496d7a652ff71ee008 Mon Sep 17 00:00:00 2001 From: Robert Varga Date: Sun, 5 Feb 2023 16:10:40 +0100 Subject: [PATCH] Further split out encrypt-service-config We have two distinct services being configured -- one is the configurator and the other one is the service. These two are distinct, yet overlap. Model them accordingly. JIRA: AAA-250 Change-Id: I6ec62a0e660ca551389fe3112a71079db9627b01 Signed-off-by: Robert Varga --- .../AAAEncryptionServiceConfigurator.java | 15 ++--- .../impl/AAAEncryptionServiceImpl.java | 2 +- .../main/yang/aaa-encrypt-service-config.yang | 55 ++++++++++++++----- 3 files changed, 47 insertions(+), 25 deletions(-) diff --git a/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/AAAEncryptionServiceConfigurator.java b/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/AAAEncryptionServiceConfigurator.java index cc7471869..31e6f77c4 100644 --- a/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/AAAEncryptionServiceConfigurator.java +++ b/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/AAAEncryptionServiceConfigurator.java @@ -50,7 +50,7 @@ public final class AAAEncryptionServiceConfigurator implements EncryptServiceCon + "aaa-encrypt-service-config.xml"; private static final SecureRandom RANDOM = new SecureRandom(); - private final EncryptServiceConfig delegate; + private final AaaEncryptServiceConfig delegate; public AAAEncryptionServiceConfigurator(final DataBroker dataBroker, final AaaEncryptServiceConfig blueprintConfig) { @@ -68,7 +68,7 @@ public final class AAAEncryptionServiceConfigurator implements EncryptServiceCon } } - private static @NonNull AaaEncryptServiceConfig generateConfig(final EncryptServiceConfig blueprintConfig) { + private static @NonNull AaaEncryptServiceConfig generateConfig(final AaaEncryptServiceConfig blueprintConfig) { LOG.debug("Set the Encryption service password and encrypt salt"); final var salt = new byte[16]; RANDOM.nextBytes(salt); @@ -143,17 +143,12 @@ public final class AAAEncryptionServiceConfigurator implements EncryptServiceCon @Override public String getEncryptKey() { - return delegate.getEncryptKey(); + return delegate.requireEncryptKey(); } @Override - public Integer getPasswordLength() { - return delegate.getPasswordLength(); - } - - @Override - public String getEncryptSalt() { - return delegate.getEncryptSalt(); + public byte[] getEncryptSalt() { + return Base64.getDecoder().decode(delegate.requireEncryptSalt()); } @Override diff --git a/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/AAAEncryptionServiceImpl.java b/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/AAAEncryptionServiceImpl.java index 8ffba0059..2ebe15246 100644 --- a/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/AAAEncryptionServiceImpl.java +++ b/aaa-encrypt-service/impl/src/main/java/org/opendaylight/aaa/encrypt/impl/AAAEncryptionServiceImpl.java @@ -42,7 +42,7 @@ public class AAAEncryptionServiceImpl implements AAAEncryptionService { private final Cipher decryptCipher; public AAAEncryptionServiceImpl(final EncryptServiceConfig encrySrvConfig) { - final byte[] encryptionKeySalt = Base64.getDecoder().decode(encrySrvConfig.requireEncryptSalt()); + final byte[] encryptionKeySalt = encrySrvConfig.requireEncryptSalt(); IvParameterSpec tempIvSpec = null; SecretKey tempKey = null; try { diff --git a/aaa-encrypt-service/impl/src/main/yang/aaa-encrypt-service-config.yang b/aaa-encrypt-service/impl/src/main/yang/aaa-encrypt-service-config.yang index c19a934a3..be3a78dd7 100644 --- a/aaa-encrypt-service/impl/src/main/yang/aaa-encrypt-service-config.yang +++ b/aaa-encrypt-service/impl/src/main/yang/aaa-encrypt-service-config.yang @@ -10,19 +10,7 @@ module aaa-encrypt-service-config { description "Initial revision."; } - grouping encrypt-service-config { - leaf encrypt-key { - description "Encryption key"; - type string; - } - leaf password-length { - description "Encryption key password length"; - type int32; - } - leaf encrypt-salt { - description "Encryption key salt"; - type string; - } + grouping encrypt-service-preferences { leaf encrypt-method { description "The encryption method to use"; type string; @@ -45,7 +33,46 @@ module aaa-encrypt-service-config { } } + grouping encrypt-service-secrets { + leaf encrypt-key { + description "Encryption key"; + type string; + mandatory true; + } + leaf encrypt-salt { + description "Encryption key salt"; + type binary { + length 1..max; + } + mandatory true; + } + } + + grouping encrypt-service-config { + uses encrypt-service-secrets; + uses encrypt-service-preferences; + } + + grouping encrypt-service-generator-config { + leaf password-length { + description "Encryption key password length"; + // FIXME: uint16, really, with a minimum of .. 8? + type int32; + default 12; + } + uses encrypt-service-preferences; + } + container aaa-encrypt-service-config { - uses encrypt-service-config; + uses encrypt-service-generator-config; + + leaf encrypt-key { + description "Encryption key"; + type string; + } + leaf encrypt-salt { + description "Encryption key salt"; + type string; + } } } -- 2.36.6