- this change allows usage of arbitrary passwords (for keystore, certificate, truststore) instead of hardcoded "opendaylight" password
Signed-off-by: Michal Polkorab <michal.polkorab@pantheon.sk>
public KeystoreType getTlsTruststoreType();\r
\r
/**\r
- * @return keystore path type (classpath or path)\r
+ * @return keystore path type (CLASSPATH or PATH)\r
*/\r
public PathType getTlsKeystorePathType();\r
\r
/**\r
- * @return truststore path type (classpath or path)\r
+ * @return truststore path type (CLASSPATH or PATH)\r
*/\r
public PathType getTlsTruststorePathType();\r
+\r
+ /**\r
+ * @return password protecting specified keystore\r
+ */\r
+ public String getKeystorePassword();\r
+\r
+ /**\r
+ * @return password protecting certificate\r
+ */\r
+ public String getCertificatePassword();\r
+\r
+ /**\r
+ * @return password protecting specified truststore\r
+ */\r
+ public String getTruststorePassword();\r
}\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;\r
\r
/**\r
+ * Class is used only for testing purposes - passwords are hardcoded\r
* @author michal.polkorab\r
- * \r
*/\r
public class TlsConfigurationImpl implements TlsConfiguration {\r
\r
public PathType getTlsTruststorePathType() {\r
return truststorePathType;\r
}\r
+\r
+ @Override\r
+ public String getKeystorePassword() {\r
+ return "opendaylight";\r
+ }\r
+\r
+ @Override\r
+ public String getCertificatePassword() {\r
+ return "opendaylight";\r
+ }\r
+\r
+ @Override\r
+ public String getTruststorePassword() {\r
+ return "opendaylight";\r
+ }\r
}\r
import javax.net.ssl.TrustManagerFactory;
import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
// "TLS" - supports some version of TLS
// Use "TLSv1", "TLSv1.1", "TLSv1.2" for specific TLS version
private static final String PROTOCOL = "TLS";
- private String keystore;
- private KeystoreType keystoreType;
- private String truststore;
- private KeystoreType truststoreType;
- private PathType keystorePathType;
- private PathType truststorePathType;
+ private TlsConfiguration tlsConfig;
private static final Logger LOGGER = LoggerFactory
.getLogger(SslContextFactory.class);
* keystore types
*/
public SslContextFactory(TlsConfiguration tlsConfig) {
- keystore = tlsConfig.getTlsKeystore();
- keystoreType = tlsConfig.getTlsKeystoreType();
- keystorePathType = tlsConfig.getTlsKeystorePathType();
- truststore = tlsConfig.getTlsTruststore();
- truststoreType = tlsConfig.getTlsTruststoreType();
- truststorePathType = tlsConfig.getTlsTruststorePathType();
+ this.tlsConfig = tlsConfig;
}
/**
}
SSLContext serverContext = null;
try {
- KeyStore ks = KeyStore.getInstance(keystoreType.name());
- ks.load(SslKeyStore.asInputStream(keystore, keystorePathType),
- SslKeyStore.getKeyStorePassword());
+ KeyStore ks = KeyStore.getInstance(tlsConfig.getTlsKeystoreType().name());
+ ks.load(SslKeyStore.asInputStream(tlsConfig.getTlsKeystore(), tlsConfig.getTlsKeystorePathType()),
+ tlsConfig.getKeystorePassword().toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
- kmf.init(ks, SslKeyStore.getCertificatePassword());
+ kmf.init(ks, tlsConfig.getCertificatePassword().toCharArray());
- KeyStore ts = KeyStore.getInstance(truststoreType.name());
- ts.load(SslKeyStore.asInputStream(truststore, truststorePathType),
- SslKeyStore.getKeyStorePassword());
+ KeyStore ts = KeyStore.getInstance(tlsConfig.getTlsTruststoreType().name());
+ ts.load(SslKeyStore.asInputStream(tlsConfig.getTlsTruststore(), tlsConfig.getTlsTruststorePathType()),
+ tlsConfig.getTruststorePassword().toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(ts);
}
return in;
}
-
- /**
- * @return certificate password as char[]
- */
- public static char[] getCertificatePassword() {
- return "opendaylight".toCharArray();
- }
-
- /**
- * @return KeyStore password as char[]
- */
- public static char[] getKeyStorePassword() {
- return "opendaylight".toCharArray();
- }
}
public org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType getTlsTruststorePathType() {
return Objects.firstNonNull(tlsConfig.getTruststorePathType(), null);
}
+ @Override
+ public String getKeystorePassword() {
+ return Objects.firstNonNull(tlsConfig.getKeystorePassword(), null);
+ }
+ @Override
+ public String getCertificatePassword() {
+ return Objects.firstNonNull(tlsConfig.getCertificatePassword(), null);
+ }
+ @Override
+ public String getTruststorePassword() {
+ return Objects.firstNonNull(tlsConfig.getTruststorePassword(), null);
+ }
};
}
@Override
type of-config:keystore-type;
}
leaf keystore-path-type {
- description "keystore path type (classpath or path)";
+ description "keystore path type (CLASSPATH or PATH)";
type of-config:path-type;
}
+ leaf keystore-password {
+ description "password protecting keystore";
+ type string;
+ }
+ leaf certificate-password {
+ description "password protecting certificate";
+ type string;
+ }
leaf truststore {
description "truststore location";
type string;
type of-config:keystore-type;
}
leaf truststore-path-type {
- description "truststore path type (classpath or path)";
+ description "truststore path type (CLASSPATH or PATH)";
type of-config:path-type;
}
+ leaf truststore-password {
+ description "password protecting truststore";
+ type string;
+ }
}
}
}
package org.opendaylight.openflowjava.protocol.impl.core;
import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
import java.io.InputStream;
assertNotNull( inputStream );
inputStream.close();
}
-
- /**
- * Test certificate password retrieval
- */
- @Test
- public void testGetCertificatePassword() {
- char[] password = SslKeyStore.getCertificatePassword();
- assertNotNull(password);
- assertTrue (password.length>0) ;
- }
-
- /**
- * Test keystore password retrieval
- */
- @Test
- public void testGetKeyStorePassword() {
- char[] password = SslKeyStore.getKeyStorePassword() ;
- assertNotNull(password);
- assertTrue (password.length>0) ;
- }
-}
\ No newline at end of file
+}