<groupId>org.opendaylight.netconf</groupId>
<artifactId>netconf-config</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.opendaylight.aaa</groupId>
+ <artifactId>odl-aaa-encryption-service</artifactId>
+ <version>0.6.0-SNAPSHOT</version>
+ <type>xml</type>
+ <classifier>features</classifier>
+ </dependency>
+
</dependencies>
-</project>
\ No newline at end of file
+</project>
<type>xml</type>
<classifier>features</classifier>
</dependency>
+ <dependency>
+ <groupId>org.opendaylight.aaa</groupId>
+ <artifactId>aaa-encrypt-service</artifactId>
+ <version>0.6.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.aaa</groupId>
+ <artifactId>aaa-encrypt-service</artifactId>
+ <version>0.6.0-SNAPSHOT</version>
+ <classifier>config</classifier>
+ <type>xml</type>
+ </dependency>
</dependencies>
-</project>
\ No newline at end of file
+</project>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.opendaylight.aaa</groupId>
+ <artifactId>aaa-encrypt-service</artifactId>
+ <version>0.6.0-SNAPSHOT</version>
+ <classifier>config</classifier>
+ <type>xml</type>
+ </dependency>
</dependencies>
-</project>
\ No newline at end of file
+</project>
package org.opendaylight.netconf.callhome.mount;
import io.netty.util.concurrent.EventExecutor;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
final ThreadPool processingExecutor,
final SchemaRepositoryProvider schemaRepositoryProvider,
final DataBroker dataBroker,
- final DOMMountPointService mountPointService) {
+ final DOMMountPointService mountPointService,
+ final AAAEncryptionService encryptionService) {
super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor,
- processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService);
+ processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
this.mountPointService = mountPointService;
}
}
import io.netty.util.concurrent.FailedFuture;
import io.netty.util.concurrent.Future;
import java.net.InetSocketAddress;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
private final CallHomeMountSessionManager sessionManager;
private final DataBroker dataBroker;
private final DOMMountPointService mountService;
+ private final AAAEncryptionService encryptionService;
protected CallHomeTopology topology;
}
};
- public CallHomeMountDispatcher(final String topologyId,
- final EventExecutor eventExecutor,
- final ScheduledThreadPool keepaliveExecutor,
- final ThreadPool processingExecutor,
- final SchemaRepositoryProvider schemaRepositoryProvider,
- final DataBroker dataBroker,
- final DOMMountPointService mountService) {
+ public CallHomeMountDispatcher(final String topologyId, final EventExecutor eventExecutor,
+ final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor,
+ final SchemaRepositoryProvider schemaRepositoryProvider, final DataBroker dataBroker,
+ final DOMMountPointService mountService, final AAAEncryptionService encryptionService) {
this.topologyId = topologyId;
this.eventExecutor = eventExecutor;
this.keepaliveExecutor = keepaliveExecutor;
this.sessionManager = new CallHomeMountSessionManager();
this.dataBroker = dataBroker;
this.mountService = mountService;
+ this.encryptionService = encryptionService;
}
@Override
}
void createTopology() {
- this.topology = new CallHomeTopology(topologyId, this, eventExecutor,
- keepaliveExecutor, processingExecutor, schemaRepositoryProvider, dataBroker, mountService);
+ this.topology = new CallHomeTopology(topologyId, this, eventExecutor, keepaliveExecutor, processingExecutor,
+ schemaRepositoryProvider, dataBroker, mountService, encryptionService);
}
@Override
public void onNetconfSubsystemOpened(final CallHomeProtocolSessionContext session,
- final CallHomeChannelActivator activator) {
- final CallHomeMountSessionContext deviceContext = getSessionManager()
- .createSession(session, activator, onCloseHandler);
+ final CallHomeChannelActivator activator) {
+ final CallHomeMountSessionContext deviceContext =
+ getSessionManager().createSession(session, activator, onCloseHandler);
final NodeId nodeId = deviceContext.getId();
final Node configNode = deviceContext.getConfigNode();
LOG.info("Provisioning fake config {}", configNode);
package org.opendaylight.netconf.callhome.mount;
import io.netty.util.concurrent.EventExecutor;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
public class CallHomeTopology extends BaseCallHomeTopology {
public CallHomeTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher,
- final EventExecutor eventExecutor,
- final ScheduledThreadPool keepaliveExecutor, final ThreadPool processingExecutor,
- final SchemaRepositoryProvider schemaRepositoryProvider,
- final DataBroker dataBroker, final DOMMountPointService mountPointService) {
- super(topologyId, clientDispatcher, eventExecutor,
- keepaliveExecutor, processingExecutor, schemaRepositoryProvider,
- dataBroker, mountPointService);
+ final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
+ final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider,
+ final DataBroker dataBroker, final DOMMountPointService mountPointService,
+ final AAAEncryptionService encryptionService) {
+ super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, processingExecutor,
+ schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
}
@Override
interface="org.opendaylight.controller.md.sal.binding.api.DataBroker"/>
<reference id="domMountPointService"
interface="org.opendaylight.controller.md.sal.dom.api.DOMMountPointService"/>
+ <reference id="encryptionService"
+ interface="org.opendaylight.aaa.encrypt.AAAEncryptionService" />
+
<bean id="schemaRepository" class="org.opendaylight.netconf.callhome.mount.SchemaRepositoryProviderImpl">
<argument value="shared-schema-repository-impl"/>
<argument ref="schemaRepository"/>
<argument ref="dataBroker"/>
<argument ref="domMountPointService"/>
+ <argument ref="encryptionService"/>
</bean>
</blueprint>
\ No newline at end of file
import java.net.UnknownHostException;
import org.junit.Before;
import org.junit.Test;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
private CallHomeMountSessionManager mockSessMgr;
private CallHomeTopology mockTopology;
private CallHomeProtocolSessionContext mockProtoSess;
+ private AAAEncryptionService mockEncryptionService;
@Before
public void setup() {
mockSessMgr = mock(CallHomeMountSessionManager.class);
mockTopology = mock(CallHomeTopology.class);
mockProtoSess = mock(CallHomeProtocolSessionContext.class);
+ mockEncryptionService = mock(AAAEncryptionService.class);
instance = new CallHomeMountDispatcher(topologyId, mockExecutor, mockKeepAlive,
- mockProcessingExecutor, mockSchemaRepoProvider, mockDataBroker, mockMount) {
+ mockProcessingExecutor, mockSchemaRepoProvider, mockDataBroker, mockMount, mockEncryptionService) {
@Override
public CallHomeMountSessionManager getSessionManager() {
return mockSessMgr;
<groupId>org.opendaylight.yangtools</groupId>
<artifactId>mockito-configuration</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.opendaylight.aaa</groupId>
+ <artifactId>aaa-encrypt-service</artifactId>
+ <version>0.6.0-SNAPSHOT</version>
+ </dependency>
</dependencies>
<build>
import java.io.IOException;
import org.apache.sshd.ClientSession;
import org.apache.sshd.client.future.AuthFuture;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
/**
* Class Providing username/password authentication option to
* {@link org.opendaylight.netconf.nettyutil.handler.ssh.client.AsyncSshHandler}.
*/
public class LoginPassword extends AuthenticationHandler {
+
private final String username;
private final String password;
+ private final AAAEncryptionService encryptionService;
public LoginPassword(String username, String password) {
+ this(username, password, null);
+ }
+
+ public LoginPassword(final String username, final String password, final AAAEncryptionService encryptionService) {
this.username = username;
this.password = password;
+ this.encryptionService = encryptionService;
}
@Override
public String getUsername() {
+ if (encryptionService != null) {
+ return encryptionService.decrypt(username);
+
+ }
return username;
}
@Override
public AuthFuture authenticate(final ClientSession session) throws IOException {
- session.addPasswordIdentity(password);
+ if (encryptionService != null) {
+ final String decryptedPassword = encryptionService.decrypt(password);
+ session.addPasswordIdentity(decryptedPassword);
+ } else {
+ session.addPasswordIdentity(password);
+ }
return session.auth();
}
}
interface="org.opendaylight.controller.md.sal.dom.api.DOMMountPointService"
odl:type="default"/>
+ <reference id="encryptionService"
+ interface="org.opendaylight.aaa.encrypt.AAAEncryptionService" />
+
<bean id="schemaRepository" class="org.opendaylight.netconf.topology.impl.SchemaRepositoryProviderImpl">
<argument value="shared-schema-repository-impl"/>
</bean>
<argument ref="schemaRepository"/>
<argument ref="dataBroker"/>
<argument ref="mountPointService"/>
+ <argument ref="encryptionService" />
</bean>
<bean id="netconfConnectorFactory" class="org.opendaylight.netconf.topology.impl.NetconfConnectorFactoryImpl"/>
<service ref="netconfConnectorFactory" interface="org.opendaylight.netconf.topology.api.NetconfConnectorFactory"
odl:type="default"/>
-</blueprint>
\ No newline at end of file
+</blueprint>
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.cluster.ActorSystemProvider;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
private final String topologyId;
private final Duration writeTxIdleTimeout;
private final DOMMountPointService mountPointService;
-
+ private final AAAEncryptionService encryptionService;
private ListenerRegistration<NetconfTopologyManager> dataChangeListenerRegistration;
public NetconfTopologyManager(final DataBroker dataBroker, final RpcProviderRegistry rpcProviderRegistry,
final ActorSystemProvider actorSystemProvider,
final EventExecutor eventExecutor, final NetconfClientDispatcher clientDispatcher,
final String topologyId, final Config config,
- final DOMMountPointService mountPointService) {
+ final DOMMountPointService mountPointService,
+ final AAAEncryptionService encryptionService) {
+
this.dataBroker = Preconditions.checkNotNull(dataBroker);
this.rpcProviderRegistry = Preconditions.checkNotNull(rpcProviderRegistry);
this.clusterSingletonServiceProvider = Preconditions.checkNotNull(clusterSingletonServiceProvider);
this.topologyId = Preconditions.checkNotNull(topologyId);
this.writeTxIdleTimeout = Duration.apply(config.getWriteTransactionIdleTimeout(), TimeUnit.SECONDS);
this.mountPointService = mountPointService;
+ this.encryptionService = Preconditions.checkNotNull(encryptionService);
}
// Blueprint init method
.setTopologyId(topologyId)
.setNetconfClientDispatcher(clientDispatcher)
.setSchemaResourceDTO(NetconfTopologyUtils.setupSchemaCacheDTO(node))
- .setIdleTimeout(writeTxIdleTimeout);
+ .setIdleTimeout(writeTxIdleTimeout)
+ .setEncryptionService(encryptionService);
return builder.build();
}
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.md.sal.dom.api.DOMMountPointService;
import org.opendaylight.netconf.api.NetconfMessage;
import org.opendaylight.netconf.client.NetconfClientSessionListener;
import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
+import org.opendaylight.netconf.sal.connect.util.AuthEncryptor;
import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
import org.opendaylight.netconf.topology.singleton.api.RemoteDeviceConnector;
import org.opendaylight.netconf.topology.singleton.impl.utils.NetconfConnectorDTO;
private final RemoteDeviceId remoteDeviceId;
private final DOMMountPointService mountService;
private final Timeout actorResponseWaitTime;
+ private final AAAEncryptionService encryptionService;
private NetconfConnectorDTO deviceCommunicatorDTO;
this.remoteDeviceId = remoteDeviceId;
this.actorResponseWaitTime = actorResponseWaitTime;
this.mountService = mountService;
+ this.encryptionService = netconfTopologyDeviceSetup.getEncryptionService();
+
}
@Override
final NetconfNode netconfNode = netconfTopologyDeviceSetup.getNode().getAugmentation(NetconfNode.class);
final NodeId nodeId = netconfTopologyDeviceSetup.getNode().getNodeId();
+
+ AuthEncryptor.encryptIfNeeded(nodeId, netconfNode, encryptionService,
+ netconfTopologyDeviceSetup.getTopologyId(),
+ netconfTopologyDeviceSetup.getDataBroker());
+
Preconditions.checkNotNull(netconfNode.getHost());
Preconditions.checkNotNull(netconfNode.getPort());
Preconditions.checkNotNull(netconfNode.isTcpOnly());
((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf
.node.credentials.credentials.LoginPassword) credentials).getUsername(),
((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf
- .node.credentials.credentials.LoginPassword) credentials).getPassword());
+ .node.credentials.credentials.LoginPassword) credentials).getPassword(),
+ encryptionService);
} else {
throw new IllegalStateException(remoteDeviceId + ": Only login/password authentication is supported");
}
import akka.actor.ActorSystem;
import io.netty.util.concurrent.EventExecutor;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
private final String topologyId;
private final NetconfDevice.SchemaResourcesDTO schemaResourceDTO;
private final Duration idleTimeout;
+ private final AAAEncryptionService encryptionService;
private NetconfTopologySetup(final NetconfTopologySetupBuilder builder) {
this.clusterSingletonServiceProvider = builder.getClusterSingletonServiceProvider();
this.topologyId = builder.getTopologyId();
this.schemaResourceDTO = builder.getSchemaResourceDTO();
this.idleTimeout = builder.getIdleTimeout();
+ this.encryptionService = builder.getEncryptionService();
}
public ClusterSingletonServiceProvider getClusterSingletonServiceProvider() {
return idleTimeout;
}
+ public AAAEncryptionService getEncryptionService() {
+ return encryptionService;
+ }
+
public static class NetconfTopologySetupBuilder {
private ClusterSingletonServiceProvider clusterSingletonServiceProvider;
private NetconfClientDispatcher netconfClientDispatcher;
private NetconfDevice.SchemaResourcesDTO schemaResourceDTO;
private Duration idleTimeout;
+ private AAAEncryptionService encryptionService;
public NetconfTopologySetupBuilder(){
}
return idleTimeout;
}
+ private AAAEncryptionService getEncryptionService() {
+ return this.encryptionService;
+ }
+
+ public NetconfTopologySetupBuilder setEncryptionService(final AAAEncryptionService encryptionService) {
+ this.encryptionService = encryptionService;
+ return this;
+ }
+
public static NetconfTopologySetupBuilder create() {
return new NetconfTopologySetupBuilder();
}
binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.topology.singleton.config.rev170419.Config"
/>
+ <reference id="encryptionService"
+ interface="org.opendaylight.aaa.encrypt.AAAEncryptionService" />
+
<bean id="netconfTopologyManager"
class="org.opendaylight.netconf.topology.singleton.impl.NetconfTopologyManager"
init-method="init" destroy-method="close">
<argument value="topology-netconf"/>
<argument ref="singletonConfig"/>
<argument ref="mountPointService"/>
+ <argument ref="encryptionService" />
</bean>
<service ref="netconfTopologyManager"
interface="org.opendaylight.netconf.topology.singleton.api.NetconfTopologySingletonService"/>
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mock;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.cluster.ActorSystemProvider;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
final EventExecutor eventExecutor = mock(EventExecutor.class);
final NetconfClientDispatcher clientDispatcher = mock(NetconfClientDispatcher.class);
final DOMMountPointService mountPointService = mock(DOMMountPointService.class);
+ final AAAEncryptionService encryptionService = mock(AAAEncryptionService.class);
final Config config = new ConfigBuilder().setWriteTransactionIdleTimeout(0).build();
netconfTopologyManager = new NetconfTopologyManager(dataBroker, rpcProviderRegistry,
clusterSingletonServiceProvider, keepaliveExecutor, processingExecutor,
- actorSystemProvider, eventExecutor, clientDispatcher, topologyId, config, mountPointService);
+ actorSystemProvider, eventExecutor, clientDispatcher, topologyId, config,
+ mountPointService, encryptionService);
}
@Test
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mock;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.BindingTransactionChain;
@Mock
private WriteTransaction writeTx;
+ @Mock
+ private AAAEncryptionService encryptionService;
+
private NetconfTopologySetup.NetconfTopologySetupBuilder builder;
private RemoteDeviceId remoteDeviceId;
builder.setEventExecutor(eventExecutor);
builder.setNetconfClientDispatcher(clientDispatcher);
builder.setTopologyId(TOPOLOGY_ID);
+ builder.setEncryptionService(encryptionService);
}
@Test
assertEquals(defaultClientConfig.getAddress(), new InetSocketAddress(InetAddresses.forString("127.0.0.1"),
9999));
assertSame(defaultClientConfig.getSessionListener(), listener);
- assertEquals(defaultClientConfig.getAuthHandler().getUsername(), "testuser");
+ assertEquals(defaultClientConfig.getAuthHandler().getUsername(), encryptionService.encrypt("testuser"));
assertEquals(defaultClientConfig.getProtocol(), NetconfClientConfiguration.NetconfClientProtocol.TCP);
}
}
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.netconf.sal.connect.netconf.listener.UserPreferences;
import org.opendaylight.netconf.sal.connect.netconf.sal.KeepaliveSalFacade;
import org.opendaylight.netconf.sal.connect.netconf.schema.YangLibrarySchemaYangSourceProvider;
+import org.opendaylight.netconf.sal.connect.util.AuthEncryptor;
import org.opendaylight.netconf.sal.connect.util.RemoteDeviceId;
import org.opendaylight.netconf.topology.api.NetconfTopology;
import org.opendaylight.netconf.topology.api.SchemaRepositoryProvider;
protected final HashMap<NodeId, NetconfConnectorDTO> activeConnectors = new HashMap<>();
+ protected final AAAEncryptionService encryptionService;
+
protected AbstractNetconfTopology(final String topologyId, final NetconfClientDispatcher clientDispatcher,
final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
final ThreadPool processingExecutor,
final SchemaRepositoryProvider schemaRepositoryProvider,
- final DataBroker dataBroker, final DOMMountPointService mountPointService) {
+ final DataBroker dataBroker, final DOMMountPointService mountPointService,
+ final AAAEncryptionService encryptionService) {
this.topologyId = topologyId;
this.clientDispatcher = clientDispatcher;
this.eventExecutor = eventExecutor;
this.sharedSchemaRepository = schemaRepositoryProvider.getSharedSchemaRepository();
this.dataBroker = dataBroker;
this.mountPointService = mountPointService;
+ this.encryptionService = encryptionService;
}
public void setSchemaRegistry(final SchemaSourceRegistry schemaRegistry) {
final Node configNode) {
final NetconfNode netconfNode = configNode.getAugmentation(NetconfNode.class);
+ AuthEncryptor.encryptIfNeeded(nodeId, netconfNode, encryptionService, topologyId, dataBroker);
+
Preconditions.checkNotNull(netconfNode.getHost());
Preconditions.checkNotNull(netconfNode.getPort());
Preconditions.checkNotNull(netconfNode.isTcpOnly());
((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
.netconf.node.credentials.credentials.LoginPassword) credentials).getUsername(),
((org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
- .netconf.node.credentials.credentials.LoginPassword) credentials).getPassword());
+ .netconf.node.credentials.credentials.LoginPassword) credentials).getPassword(),
+ encryptionService);
} else {
throw new IllegalStateException("Only login/password authentification is supported");
}
import io.netty.util.concurrent.EventExecutor;
import java.util.Collection;
import javax.annotation.Nonnull;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
final ThreadPool processingExecutor,
final SchemaRepositoryProvider schemaRepositoryProvider,
- final DataBroker dataBroker, final DOMMountPointService mountPointService) {
+ final DataBroker dataBroker, final DOMMountPointService mountPointService,
+ final AAAEncryptionService encryptionService) {
super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor, processingExecutor,
- schemaRepositoryProvider, dataBroker, mountPointService);
+ schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
}
@Override
import org.junit.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.config.threadpool.ScheduledThreadPool;
import org.opendaylight.controller.config.threadpool.ThreadPool;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@Mock
private DOMMountPointService mountPointService;
+ @Mock
+ private AAAEncryptionService encryptionService;
+
private TestingNetconfTopologyImpl topology;
private TestingNetconfTopologyImpl spyTopology;
topology = new TestingNetconfTopologyImpl(TOPOLOGY_ID, mockedClientDispatcher,
mockedEventExecutor, mockedKeepaliveExecutor, mockedProcessingExecutor, mockedSchemaRepositoryProvider,
- dataBroker, mountPointService);
+ dataBroker, mountPointService, encryptionService);
spyTopology = spy(topology);
}
final String topologyId, final NetconfClientDispatcher clientDispatcher,
final EventExecutor eventExecutor, final ScheduledThreadPool keepaliveExecutor,
final ThreadPool processingExecutor, final SchemaRepositoryProvider schemaRepositoryProvider,
- final DataBroker dataBroker, final DOMMountPointService mountPointService) {
+ final DataBroker dataBroker, final DOMMountPointService mountPointService,
+ final AAAEncryptionService encryptionService) {
super(topologyId, clientDispatcher, eventExecutor, keepaliveExecutor,
- processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService);
+ processingExecutor, schemaRepositoryProvider, dataBroker, mountPointService, encryptionService);
}
@Override
--- /dev/null
+/*
+ * Copyright (c) 2016 Brocade Communication Systems and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.netconf.sal.connect.util;
+
+import com.google.common.util.concurrent.CheckedFuture;
+import com.google.common.util.concurrent.FutureCallback;
+import com.google.common.util.concurrent.Futures;
+import org.opendaylight.aaa.encrypt.AAAEncryptionService;
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNodeBuilder;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NetworkTopology;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.TopologyId;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.Topology;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.TopologyKey;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.NodeKey;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Utility to encrypt netconf username and password.
+ */
+public class AuthEncryptor {
+ private static final Logger LOG = LoggerFactory.getLogger(AuthEncryptor.class);
+
+ public static void encryptIfNeeded(final NodeId nodeId, final NetconfNode netconfNode,
+ AAAEncryptionService encryptionService,
+ final String topologyId, final DataBroker dataBroker) {
+ final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
+ .credentials.credentials.LoginPassword creds =
+ (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
+ .credentials.credentials.LoginPassword) netconfNode.getCredentials();
+ final String decryptedPassword = encryptionService.decrypt(creds.getPassword());
+ if (decryptedPassword != null && decryptedPassword.equals(creds.getPassword())) {
+ LOG.info("Encrypting the provided credentials");
+ final String username = encryptionService.encrypt(creds.getUsername());
+ final String password = encryptionService.encrypt(creds.getPassword());
+ final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
+ .credentials.credentials.LoginPasswordBuilder passwordBuilder =
+ new org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
+ .netconf.node.credentials.credentials.LoginPasswordBuilder();
+ passwordBuilder.setUsername(username);
+ passwordBuilder.setPassword(password);
+ final NetconfNodeBuilder nnb = new NetconfNodeBuilder();
+ nnb.setCredentials(passwordBuilder.build());
+
+ final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
+ final InstanceIdentifier<NetworkTopology> networkTopologyId =
+ InstanceIdentifier.builder(NetworkTopology.class).build();
+ final InstanceIdentifier<NetconfNode> niid = networkTopologyId.child(Topology.class,
+ new TopologyKey(new TopologyId(topologyId))).child(Node.class,
+ new NodeKey(nodeId)).augmentation(NetconfNode.class);
+ writeTransaction.merge(LogicalDatastoreType.CONFIGURATION, niid, nnb.build());
+ final CheckedFuture<Void, TransactionCommitFailedException> future = writeTransaction.submit();
+ Futures.addCallback(future, new FutureCallback<Void>() {
+
+ @Override
+ public void onSuccess(Void result) {
+ LOG.info("Encrypted netconf username/password successfully");
+ }
+
+ @Override
+ public void onFailure(Throwable exception) {
+ LOG.error("Unable to encrypt netconf username/password." + exception.getMessage());
+ }
+ });
+ }
+ }
+}