netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/util/NetconfSalKeystoreService.java

   1 /*
   2  * Copyright (c) 2017 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.netconf.sal.connect.util;
   9
  10 import com.google.common.util.concurrent.FutureCallback;
  11 import com.google.common.util.concurrent.ListenableFuture;
  12 import com.google.common.util.concurrent.MoreExecutors;
  13 import com.google.common.util.concurrent.SettableFuture;
  14 import java.util.List;
  15 import java.util.concurrent.ExecutionException;
  16 import java.util.stream.Collectors;
  17 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
  18 import org.opendaylight.mdsal.binding.api.DataBroker;
  19 import org.opendaylight.mdsal.binding.api.WriteTransaction;
  20 import org.opendaylight.mdsal.common.api.CommitInfo;
  21 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
  22 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryInput;
  23 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryOutput;
  24 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryOutputBuilder;
  25 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKeyInput;
  26 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKeyOutput;
  27 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddPrivateKeyOutputBuilder;
  28 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificateInput;
  29 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificateOutput;
  30 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddTrustedCertificateOutputBuilder;
  31 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore;
  32 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.KeystoreBuilder;
  33 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.NetconfKeystoreService;
  34 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryInput;
  35 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryOutput;
  36 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryOutputBuilder;
  37 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKeyInput;
  38 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKeyOutput;
  39 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemovePrivateKeyOutputBuilder;
  40 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificateInput;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificateOutput;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveTrustedCertificateOutputBuilder;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKeyKey;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredential;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialBuilder;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialKey;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificate;
  49 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificateKey;
  50 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  51 import org.opendaylight.yangtools.yang.common.RpcResult;
  52 import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
  53 import org.slf4j.Logger;
  54 import org.slf4j.LoggerFactory;
  55
  56 public class NetconfSalKeystoreService implements NetconfKeystoreService {
  57
  58     private static final Logger LOG = LoggerFactory.getLogger(NetconfSalKeystoreService.class);
  59
  60     private final DataBroker dataBroker;
  61     private final AAAEncryptionService encryptionService;
  62
  63     private final InstanceIdentifier<Keystore> keystoreIid = InstanceIdentifier.create(Keystore.class);
  64
  65     public NetconfSalKeystoreService(final DataBroker dataBroker,
  66                                      final AAAEncryptionService encryptionService) {
  67         LOG.info("Starting NETCONF keystore service.");
  68
  69         this.dataBroker = dataBroker;
  70         this.encryptionService = encryptionService;
  71
  72         initKeystore();
  73     }
  74
  75     private void initKeystore() {
  76         final Keystore keystore = new KeystoreBuilder().build();
  77
  78         final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
  79         writeTransaction.merge(LogicalDatastoreType.CONFIGURATION, keystoreIid, keystore);
  80
  81         try {
  82             writeTransaction.commit().get();
  83             LOG.debug("init keystore done");
  84         } catch (InterruptedException | ExecutionException exception) {
  85             LOG.error("Unable to initialize Netconf key-pair store.", exception);
  86         }
  87     }
  88
  89     @Override
  90     public ListenableFuture<RpcResult<RemoveKeystoreEntryOutput>> removeKeystoreEntry(
  91             final RemoveKeystoreEntryInput input) {
  92         LOG.debug("Removing keypairs: {}", input);
  93
  94         final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
  95         final List<String> ids = input.getKeyId();
  96
  97         for (final String id : ids) {
  98             writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
  99                     keystoreIid.child(KeyCredential.class, new KeyCredentialKey(id)));
 100         }
 101
 102         final SettableFuture<RpcResult<RemoveKeystoreEntryOutput>> rpcResult = SettableFuture.create();
 103
 104         writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
 105             @Override
 106             public void onSuccess(final CommitInfo result) {
 107                 LOG.debug("remove-key-pair success. Input: {}", input);
 108                 rpcResult.set(RpcResultBuilder.success(new RemoveKeystoreEntryOutputBuilder().build()).build());
 109             }
 110
 111             @Override
 112             public void onFailure(final Throwable throwable) {
 113                 LOG.warn("remove-key-pair failed. Input: {}", input, throwable);
 114                 rpcResult.setException(throwable);
 115             }
 116         }, MoreExecutors.directExecutor());
 117
 118         return rpcResult;
 119     }
 120
 121     @Override
 122     public ListenableFuture<RpcResult<AddKeystoreEntryOutput>> addKeystoreEntry(final AddKeystoreEntryInput input) {
 123         LOG.debug("Adding keypairs: {}", input);
 124
 125         final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
 126         final List<KeyCredential> keypairs = input.getKeyCredential().stream().map(keypair ->
 127                 new KeyCredentialBuilder(keypair)
 128                         .setPrivateKey(encryptionService.encrypt(keypair.getPrivateKey()))
 129                         .setPassphrase(encryptionService.encrypt(keypair.getPassphrase()))
 130                         .build()).collect(Collectors.toList());
 131
 132         for (KeyCredential keypair : keypairs) {
 133             writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
 134                     keystoreIid.child(KeyCredential.class, keypair.key()), keypair);
 135         }
 136
 137         final SettableFuture<RpcResult<AddKeystoreEntryOutput>> rpcResult = SettableFuture.create();
 138
 139         writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
 140             @Override
 141             public void onSuccess(final CommitInfo result) {
 142                 LOG.debug("add-key-pair success. Input: {}", input);
 143                 rpcResult.set(RpcResultBuilder.success(new AddKeystoreEntryOutputBuilder().build()).build());
 144             }
 145
 146             @Override
 147             public void onFailure(final Throwable throwable) {
 148                 LOG.warn("add-key-pair failed. Input: {}", input, throwable);
 149                 rpcResult.setException(throwable);
 150             }
 151         }, MoreExecutors.directExecutor());
 152
 153         return rpcResult;
 154     }
 155
 156     @Override
 157     public ListenableFuture<RpcResult<AddTrustedCertificateOutput>> addTrustedCertificate(
 158             final AddTrustedCertificateInput input) {
 159         final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
 160
 161         for (TrustedCertificate certificate : input.getTrustedCertificate()) {
 162             writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
 163                     keystoreIid.child(TrustedCertificate.class, certificate.key()), certificate);
 164         }
 165
 166         final SettableFuture<RpcResult<AddTrustedCertificateOutput>> rpcResult = SettableFuture.create();
 167
 168         writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
 169             @Override
 170             public void onSuccess(final CommitInfo result) {
 171                 LOG.debug("add-trusted-certificate success. Input: {}", input);
 172                 rpcResult.set(RpcResultBuilder.success(new AddTrustedCertificateOutputBuilder().build()).build());
 173             }
 174
 175             @Override
 176             public void onFailure(final Throwable throwable) {
 177                 LOG.warn("add-trusted-certificate failed. Input: {}", input, throwable);
 178                 rpcResult.setException(throwable);
 179             }
 180         }, MoreExecutors.directExecutor());
 181
 182         return rpcResult;
 183     }
 184
 185     @Override
 186     public ListenableFuture<RpcResult<RemoveTrustedCertificateOutput>> removeTrustedCertificate(
 187             final RemoveTrustedCertificateInput input) {
 188         final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
 189         final List<String> names = input.getName();
 190
 191         for (final String name : names) {
 192             writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
 193                     keystoreIid.child(TrustedCertificate.class, new TrustedCertificateKey(name)));
 194         }
 195
 196         final SettableFuture<RpcResult<RemoveTrustedCertificateOutput>> rpcResult = SettableFuture.create();
 197
 198         writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
 199             @Override
 200             public void onSuccess(final CommitInfo result) {
 201                 LOG.debug("remove-trusted-certificate success. Input: {}", input);
 202                 rpcResult.set(RpcResultBuilder.success(new RemoveTrustedCertificateOutputBuilder().build()).build());
 203             }
 204
 205             @Override
 206             public void onFailure(final Throwable throwable) {
 207                 LOG.warn("remove-trusted-certificate failed. Input: {}", input, throwable);
 208                 rpcResult.setException(throwable);
 209             }
 210         }, MoreExecutors.directExecutor());
 211
 212         return rpcResult;
 213     }
 214
 215     @Override
 216     public ListenableFuture<RpcResult<AddPrivateKeyOutput>> addPrivateKey(final AddPrivateKeyInput input) {
 217         final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
 218
 219         for (PrivateKey key: input.getPrivateKey()) {
 220             writeTransaction.merge(LogicalDatastoreType.CONFIGURATION,
 221                     keystoreIid.child(PrivateKey.class, key.key()), key);
 222         }
 223
 224         final SettableFuture<RpcResult<AddPrivateKeyOutput>> rpcResult = SettableFuture.create();
 225
 226         writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
 227             @Override
 228             public void onSuccess(final CommitInfo result) {
 229                 LOG.debug("add-private-key success. Input: {}", input);
 230                 rpcResult.set(RpcResultBuilder.success(new AddPrivateKeyOutputBuilder().build()).build());
 231             }
 232
 233             @Override
 234             public void onFailure(final Throwable throwable) {
 235                 LOG.warn("add-private-key failed. Input: {}", input, throwable);
 236                 rpcResult.setException(throwable);
 237             }
 238         }, MoreExecutors.directExecutor());
 239
 240         return rpcResult;
 241     }
 242
 243     @Override
 244     public ListenableFuture<RpcResult<RemovePrivateKeyOutput>> removePrivateKey(final RemovePrivateKeyInput input) {
 245         final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
 246         final List<String> names = input.getName();
 247
 248         for (final String name : names) {
 249             writeTransaction.delete(LogicalDatastoreType.CONFIGURATION,
 250                     keystoreIid.child(PrivateKey.class, new PrivateKeyKey(name)));
 251         }
 252
 253         final SettableFuture<RpcResult<RemovePrivateKeyOutput>> rpcResult = SettableFuture.create();
 254
 255         writeTransaction.commit().addCallback(new FutureCallback<CommitInfo>() {
 256             @Override
 257             public void onSuccess(final CommitInfo result) {
 258                 LOG.debug("remove-private-key success. Input: {}", input);
 259                 rpcResult.set(RpcResultBuilder.success(new RemovePrivateKeyOutputBuilder().build()).build());
 260             }
 261
 262             @Override
 263             public void onFailure(final Throwable throwable) {
 264                 LOG.warn("remove-private-key failed. Input: {}", input, throwable);
 265                 rpcResult.setException(throwable);
 266             }
 267         }, MoreExecutors.directExecutor());
 268
 269         return rpcResult;
 270     }
 271 }