package org.opendaylight.openflowjava.protocol.api.connection;
-import java.util.List;
-
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
* @return password protecting specified truststore
*/
String getTruststorePassword();
-
- /**
- * @return list of cipher suites for TLS connection
- */
- List<String> getCipherSuites();
}
package org.opendaylight.openflowjava.protocol.api.connection;
-import java.util.List;
-
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
private String keyStore;
private PathType keystorePathType;
private PathType truststorePathType;
- private List<String> cipherSuites;
/**
* Default constructor
*/
public TlsConfigurationImpl(KeystoreType trustStoreType, String trustStore,
PathType trustStorePathType, KeystoreType keyStoreType,
- String keyStore, PathType keyStorePathType,
- List<String> cipherSuites) {
+ String keyStore, PathType keyStorePathType) {
this.trustStoreType = trustStoreType;
this.trustStore = trustStore;
this.truststorePathType = trustStorePathType;
this.keyStoreType = keyStoreType;
this.keyStore = keyStore;
this.keystorePathType = keyStorePathType;
- this.cipherSuites = cipherSuites;
}
@Override
public String getTruststorePassword() {
return "opendaylight";
}
-
- @Override
- public List<String> getCipherSuites() {
- return cipherSuites;
- }
}
import static org.junit.Assert.*;
-import java.util.List;
-
import org.junit.Test;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
-import com.google.common.collect.Lists;
-
/**
* @author michal.polkorab
*
*/
@Test
public void test() {
- List<String> cipherSuites = Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256");
TlsConfigurationImpl config = new TlsConfigurationImpl(KeystoreType.JKS,
- "user/dir", PathType.CLASSPATH, KeystoreType.PKCS12, "/var/lib", PathType.PATH, cipherSuites);
+ "user/dir", PathType.CLASSPATH, KeystoreType.PKCS12, "/var/lib", PathType.PATH);
assertEquals("Wrong keystore location", "/var/lib", config.getTlsKeystore());
assertEquals("Wrong truststore location", "user/dir", config.getTlsTruststore());
assertEquals("Wrong keystore type", KeystoreType.PKCS12, config.getTlsKeystoreType());
assertEquals("Wrong certificate password", "opendaylight", config.getCertificatePassword());
assertEquals("Wrong keystore password", "opendaylight", config.getKeystorePassword());
assertEquals("Wrong truststore password", "opendaylight", config.getTruststorePassword());
- assertEquals("Wrong cipher suites", cipherSuites, config.getCipherSuites());
}
}
\ No newline at end of file
import io.netty.util.concurrent.GenericFutureListener;
import java.net.InetAddress;
import java.util.Iterator;
-import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import org.opendaylight.openflowjava.protocol.impl.core.connection.ConnectionAdapterFactory;
final SSLEngine engine = sslFactory.getServerContext().createSSLEngine();
engine.setNeedClientAuth(true);
engine.setUseClientMode(false);
- List<String> suitesList = getTlsConfiguration().getCipherSuites();
- if (suitesList != null && !suitesList.isEmpty()) {
- LOGGER.debug("Requested Cipher Suites are: {}", suitesList);
- String[] suites = suitesList.toArray(new String[suitesList.size()]);
- engine.setEnabledCipherSuites(suites);
- LOGGER.debug("Cipher suites enabled in SSLEngine are: {}", engine.getEnabledCipherSuites().toString());
- }
final SslHandler ssl = new SslHandler(engine);
final Future<Channel> handshakeFuture = ssl.handshakeFuture();
final ConnectionFacade finalConnectionFacade = connectionFacade;
import com.google.common.base.MoreObjects;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.util.List;
-
import org.opendaylight.openflowjava.protocol.api.connection.ConnectionConfiguration;
import org.opendaylight.openflowjava.protocol.api.connection.ThreadConfiguration;
import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration;
public String getTruststorePassword() {
return MoreObjects.firstNonNull(tlsConfig.getTruststorePassword(), null);
}
- @Override
- public List<String> getCipherSuites() {
- return tlsConfig.getCipherSuites();
- }
};
}
@Override
description "password protecting truststore";
type string;
}
- leaf-list cipher-suites {
- description "combination of cryptographic algorithms used by TLS connection";
- type string;
- }
}
container threads {
leaf boss-threads {
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
-import com.google.common.collect.Lists;
-
/**
*
* @author jameshall
MockitoAnnotations.initMocks(this);
factory = new ChannelInitializerFactory();
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/exemplary-ctlTrustStore",
- PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH,
- Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256"));
+ PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH);
factory.setDeserializationFactory(deserializationFactory);
factory.setSerializationFactory(serializationFactory);
factory.setSwitchConnectionHandler(switchConnectionHandler);
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.openflow._switch.connection.provider.impl.rev140328.Tls;
-import com.google.common.collect.Lists;
-
/**
*
* @author james.hall
when(mockSocketCh.pipeline()).thenReturn(mockChPipeline) ;
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/selfSignedSwitch", PathType.CLASSPATH,
- KeystoreType.JKS, "/selfSignedController", PathType.CLASSPATH,
- Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256"));
+ KeystoreType.JKS, "/selfSignedController", PathType.CLASSPATH);
}
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
-import com.google.common.collect.Lists;
-
/**
*
* @author jameshall
public void setUp() {
MockitoAnnotations.initMocks(this);
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS, "/exemplary-ctlTrustStore",
- PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH,
- Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")) ;
+ PathType.CLASSPATH, KeystoreType.JKS, "/exemplary-ctlKeystore", PathType.CLASSPATH) ;
sslContextFactory = new SslContextFactory(tlsConfiguration);
}
*/
package org.opendaylight.openflowjava.protocol.impl.core.connection;
-import com.google.common.collect.Lists;
import com.google.common.util.concurrent.ListenableFuture;
import java.net.InetAddress;
import java.net.UnknownHostException;
if (protocol.equals(TransportProtocol.TLS)) {
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS,
"/selfSignedSwitch", PathType.CLASSPATH, KeystoreType.JKS,
- "/selfSignedController", PathType.CLASSPATH,
- Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")) ;
+ "/selfSignedController", PathType.CLASSPATH) ;
}
config = new ConnectionConfigurationImpl(startupAddress, 0, tlsConfiguration, SWITCH_IDLE_TIMEOUT, true);
config.setTransferProtocol(protocol);
package org.opendaylight.openflowjava.protocol.impl.core.connection;
-import com.google.common.collect.Lists;
import com.google.common.util.concurrent.ListenableFuture;
import java.net.InetAddress;
import java.net.UnknownHostException;
if (protocol.equals(TransportProtocol.TLS)) {
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS,
"/selfSignedSwitch", PathType.CLASSPATH, KeystoreType.JKS,
- "/selfSignedController", PathType.CLASSPATH,
- Lists.newArrayList("TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256")) ;
+ "/selfSignedController", PathType.CLASSPATH) ;
}
config = new ConnectionConfigurationImpl(startupAddress, 0, tlsConfiguration, SWITCH_IDLE_TIMEOUT, true);
config.setTransferProtocol(protocol);
if (protocol.equals(TransportProtocol.TLS)) {
tlsConfiguration = new TlsConfigurationImpl(KeystoreType.JKS,
"/selfSignedSwitch", PathType.CLASSPATH, KeystoreType.JKS,
- "/selfSignedController", PathType.CLASSPATH,
- new ArrayList<String>());
+ "/selfSignedController", PathType.CLASSPATH) ;
}
connConfig = new ConnectionConfigurationImpl(startupAddress, 0, tlsConfiguration, SWITCH_IDLE_TIMEOUT, true);
connConfig.setTransferProtocol(protocol);