2 * Copyright (c) 2017 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.netconf.sal.connect.util;
11 import com.google.common.util.concurrent.CheckedFuture;
12 import com.google.common.util.concurrent.FutureCallback;
13 import com.google.common.util.concurrent.Futures;
14 import com.google.common.util.concurrent.MoreExecutors;
15 import com.google.common.util.concurrent.SettableFuture;
16 import java.util.List;
17 import java.util.concurrent.Future;
18 import java.util.stream.Collectors;
19 import javax.annotation.Nullable;
20 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
21 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
22 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
23 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
24 import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.AddKeystoreEntryInput;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.KeystoreBuilder;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.NetconfKeystoreService;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.RemoveKeystoreEntryInput;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredential;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialBuilder;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.keystore.entry.KeyCredentialKey;
33 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
34 import org.opendaylight.yangtools.yang.common.RpcResult;
35 import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
39 public class NetconfSalKeystoreService implements NetconfKeystoreService {
41 private static final Logger LOG = LoggerFactory.getLogger(NetconfSalKeystoreService.class);
43 private final DataBroker dataBroker;
44 private final AAAEncryptionService encryptionService;
46 private final InstanceIdentifier<Keystore> keystoreIid = InstanceIdentifier.create(Keystore.class);
48 public NetconfSalKeystoreService(final DataBroker dataBroker,
49 final AAAEncryptionService encryptionService) {
50 LOG.info("Starting NETCONF keystore service.");
52 this.dataBroker = dataBroker;
53 this.encryptionService = encryptionService;
58 private void initKeystore() {
59 final Keystore keystore = new KeystoreBuilder().build();
61 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
62 writeTransaction.merge(LogicalDatastoreType.OPERATIONAL, keystoreIid, keystore);
64 final CheckedFuture<Void, TransactionCommitFailedException> submit = writeTransaction.submit();
68 LOG.debug("init keystore done");
69 } catch (TransactionCommitFailedException exception) {
70 LOG.error("Unable to initialize Netconf key-pair store.", exception);
75 public Future<RpcResult<Void>> removeKeystoreEntry(final RemoveKeystoreEntryInput input) {
76 LOG.debug("Removing keypairs: {}", input);
78 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
79 final List<String> ids = input.getKeyId();
81 for (final String id : ids) {
82 writeTransaction.delete(LogicalDatastoreType.OPERATIONAL,
83 keystoreIid.child(KeyCredential.class, new KeyCredentialKey(id)));
86 final SettableFuture<RpcResult<Void>> rpcResult = SettableFuture.create();
88 final CheckedFuture<Void, TransactionCommitFailedException> submit = writeTransaction.submit();
89 Futures.addCallback(submit, new FutureCallback<Void>() {
91 public void onSuccess(@Nullable final Void result) {
92 LOG.debug("remove-key-pair success. Input: {}");
93 final RpcResult<Void> success = RpcResultBuilder.<Void>success().build();
94 rpcResult.set(success);
98 public void onFailure(final Throwable throwable) {
99 LOG.warn("remove-key-pair failed. Input: {}", input, throwable);
100 rpcResult.setException(throwable);
102 }, MoreExecutors.directExecutor());
108 public Future<RpcResult<Void>> addKeystoreEntry(final AddKeystoreEntryInput input) {
109 LOG.debug("Adding keypairs: {}", input);
111 final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
112 final List<KeyCredential> keypairs = input.getKeyCredential().stream().map(keypair ->
113 new KeyCredentialBuilder(keypair)
114 .setPrivateKey(encryptionService.encrypt(keypair.getPrivateKey()))
115 .setPassphrase(encryptionService.encrypt(keypair.getPassphrase()))
116 .build()).collect(Collectors.toList());
118 for (KeyCredential keypair : keypairs) {
119 writeTransaction.merge(LogicalDatastoreType.OPERATIONAL,
120 keystoreIid.child(KeyCredential.class, keypair.getKey()), keypair);
123 final SettableFuture<RpcResult<Void>> rpcResult = SettableFuture.create();
125 final CheckedFuture<Void, TransactionCommitFailedException> submit = writeTransaction.submit();
126 Futures.addCallback(submit, new FutureCallback<Void>() {
128 public void onSuccess(@Nullable final Void result) {
129 LOG.debug("add-key-pair success. Input: {}");
130 final RpcResult<Void> success = RpcResultBuilder.<Void>success().build();
131 rpcResult.set(success);
135 public void onFailure(final Throwable throwable) {
136 LOG.warn("add-key-pair failed. Input: {}", input, throwable);
137 rpcResult.setException(throwable);
139 }, MoreExecutors.directExecutor());