package org.opendaylight.openflowjava.protocol.api.connection;
+import java.util.List;
+
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
* @return password protecting specified truststore
*/
String getTruststorePassword();
+
+ /**
+ * @return list of cipher suites for TLS connection
+ */
+ List<String> getCipherSuites();
}
package org.opendaylight.openflowjava.protocol.api.connection;
+import java.util.List;
+
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
private String keyStore;
private PathType keystorePathType;
private PathType truststorePathType;
+ private List<String> cipherSuites;
/**
* Default constructor
*/
public TlsConfigurationImpl(KeystoreType trustStoreType, String trustStore,
PathType trustStorePathType, KeystoreType keyStoreType,
- String keyStore, PathType keyStorePathType) {
+ String keyStore, PathType keyStorePathType,
+ List<String> cipherSuites) {
this.trustStoreType = trustStoreType;
this.trustStore = trustStore;
this.truststorePathType = trustStorePathType;
this.keyStoreType = keyStoreType;
this.keyStore = keyStore;
this.keystorePathType = keyStorePathType;
+ this.cipherSuites = cipherSuites;
}
@Override
public String getTruststorePassword() {
return "opendaylight";
}
+
+ @Override
+ public List<String> getCipherSuites() {
+ return cipherSuites;
+ }
}
import static org.junit.Assert.*;
+import java.util.List;
+
import org.junit.Test;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
+import com.google.common.collect.Lists;
+
/**
* @author michal.polkorab
*
*/
@Test
public void test() {
+ List<String> cipherSuites = Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256");
TlsConfigurationImpl config = new TlsConfigurationImpl(KeystoreType.JKS,
- "user/dir", PathType.CLASSPATH, KeystoreType.PKCS12, "/var/lib", PathType.PATH);
+ "user/dir", PathType.CLASSPATH, KeystoreType.PKCS12, "/var/lib", PathType.PATH, cipherSuites);
assertEquals("Wrong keystore location", "/var/lib", config.getTlsKeystore());
assertEquals("Wrong truststore location", "user/dir", config.getTlsTruststore());
assertEquals("Wrong keystore type", KeystoreType.PKCS12, config.getTlsKeystoreType());
assertEquals("Wrong certificate password", "opendaylight", config.getCertificatePassword());
assertEquals("Wrong keystore password", "opendaylight", config.getKeystorePassword());
assertEquals("Wrong truststore password", "opendaylight", config.getTruststorePassword());
+ assertEquals("Wrong cipher suites", cipherSuites, config.getCipherSuites());
}
}
\ No newline at end of file
import io.netty.util.concurrent.GenericFutureListener;
import java.net.InetAddress;
import java.util.Iterator;
+import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import org.opendaylight.openflowjava.protocol.impl.core.connection.ConnectionAdapterFactory;
final SSLEngine engine = sslFactory.getServerContext().createSSLEngine();
engine.setNeedClientAuth(true);
engine.setUseClientMode(false);
+ List<String> suitesList = getTlsConfiguration().getCipherSuites();
+ if (suitesList != null && !suitesList.isEmpty()) {
+ LOGGER.debug("Requested Cipher Suites are: {}", suitesList);
+ String[] suites = suitesList.toArray(new String[suitesList.size()]);
+ engine.setEnabledCipherSuites(suites);
+ LOGGER.debug("Cipher suites enabled in SSLEngine are: {}", engine.getEnabledCipherSuites().toString());
+ }
final SslHandler ssl = new SslHandler(engine);
final Future<Channel> handshakeFuture = ssl.handshakeFuture();
final ConnectionFacade finalConnectionFacade = connectionFacade;
import com.google.common.base.MoreObjects;
import java.net.InetAddress;
import java.net.UnknownHostException;
+import java.util.List;
+
import org.opendaylight.openflowjava.protocol.api.connection.ConnectionConfiguration;
import org.opendaylight.openflowjava.protocol.api.connection.ThreadConfiguration;
import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration;
public String getTruststorePassword() {
return MoreObjects.firstNonNull(tlsConfig.getTruststorePassword(), null);
}
+ @Override
+ public List<String> getCipherSuites() {
+ return tlsConfig.getCipherSuites();
+ }
};
}
@Override
description "password protecting truststore";
type string;
}
+ leaf-list cipher-suites {
+ description "combination of cryptographic algorithms used by TLS connection";
+ type string;
+ }
}
container threads {
leaf boss-threads {
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
+import com.google.common.collect.Lists;
+
/**
*
* @author jameshall
MockitoAnnotations.initMocks(this);
factory = new ChannelInitializerFactory();
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/exemplary-ctlTrustStore",
- PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH);
+ PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH,
+ Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256"));
factory.setDeserializationFactory(deserializationFactory);
factory.setSerializationFactory(serializationFactory);
factory.setSwitchConnectionHandler(switchConnectionHandler);
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.openflow._switch.connection.provider.impl.rev140328.Tls;
+import com.google.common.collect.Lists;
+
/**
*
* @author james.hall
when(mockSocketCh.pipeline()).thenReturn(mockChPipeline) ;
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/selfSignedSwitch", PathType.CLASSPATH,
- KeystoreType.JKS, "/selfSignedController", PathType.CLASSPATH);
+ KeystoreType.JKS, "/selfSignedController", PathType.CLASSPATH,
+ Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256"));
}
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
+import com.google.common.collect.Lists;
+
/**
*
* @author jameshall
public void setUp() {
MockitoAnnotations.initMocks(this);
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/exemplary-ctlTrustStore",
- PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH) ;
+ PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH,
+ Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")) ;
sslContextFactory = new SslContextFactory(tlsConfiguration);
}
*/
package org.opendaylight.openflowjava.protocol.impl.core.connection;
+import com.google.common.collect.Lists;
import com.google.common.util.concurrent.ListenableFuture;
import java.net.InetAddress;
import java.net.UnknownHostException;
if (protocol.equals(TransportProtocol.TLS)) {
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS,
"/selfSignedSwitch", PathType.CLASSPATH, KeystoreType.JKS,
- "/selfSignedController", PathType.CLASSPATH) ;
+ "/selfSignedController", PathType.CLASSPATH,
+ Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")) ;
}
config = new ConnectionConfigurationImpl(startupAddress, 0, tlsConfiguration, SWITCH_IDLE_TIMEOUT, true);
config.setTransferProtocol(protocol);
package org.opendaylight.openflowjava.protocol.impl.core.connection;
+import com.google.common.collect.Lists;
import com.google.common.util.concurrent.ListenableFuture;
import java.net.InetAddress;
import java.net.UnknownHostException;
if (protocol.equals(TransportProtocol.TLS)) {
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS,
"/selfSignedSwitch", PathType.CLASSPATH, KeystoreType.JKS,
- "/selfSignedController", PathType.CLASSPATH) ;
+ "/selfSignedController", PathType.CLASSPATH,
+ Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")) ;
}
config = new ConnectionConfigurationImpl(startupAddress, 0, tlsConfiguration, SWITCH_IDLE_TIMEOUT, true);
config.setTransferProtocol(protocol);
if (protocol.equals(TransportProtocol.TLS)) {
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS,
"/selfSignedSwitch", PathType.CLASSPATH, KeystoreType.JKS,
- "/selfSignedController", PathType.CLASSPATH) ;
+ "/selfSignedController", PathType.CLASSPATH,
+ new ArrayList<String>());
}
connConfig = new ConnectionConfigurationImpl(startupAddress, 0, tlsConfiguration, SWITCH_IDLE_TIMEOUT, true);
connConfig.setTransferProtocol(protocol);