ONOS-3810 augmenting Rest southbound protocol and provider for https and password based auth
Change-Id: I3e5f07ba6a751bc8a7637373c037a1910181f9ab
diff --git a/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestDeviceProvider.java b/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestDeviceProvider.java
index 76f5abd..18c376b 100644
--- a/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestDeviceProvider.java
+++ b/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestDeviceProvider.java
@@ -49,9 +49,14 @@
import org.onosproject.protocol.rest.RestSBDevice;
import org.slf4j.Logger;
+import javax.net.ssl.HttpsURLConnection;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
import java.util.HashSet;
import java.util.Set;
@@ -71,6 +76,10 @@
private static final String PROVIDER = "org.onosproject.provider.rest.device";
private static final String IPADDRESS = "ipaddress";
private static final int TEST_CONNECT_TIMEOUT = 1000;
+ private static final String HTTPS = "https";
+ private static final String AUTHORIZATION_PROPERTY = "authorization";
+ private static final String BASIC_AUTH_PREFIX = "Basic ";
+ private static final String URL_SEPARATOR = "://";
private final Logger log = getLogger(getClass());
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
@@ -202,7 +211,7 @@
} catch (ConfigException e) {
log.error("Configuration error {}", e);
}
- log.info("REST Devices {}", controller.getDevices());
+ log.debug("REST Devices {}", controller.getDevices());
controller.getDevices().keySet().forEach(deviceId -> {
DriverHandler h = driverService.createHandler(deviceId);
PortDiscovery portConfig = h.behaviour(PortDiscovery.class);
@@ -216,14 +225,39 @@
private boolean testDeviceConnection(RestSBDevice device) {
try {
- URL url = new URL(device.protocol(), device.ip().toString(), device.port(), "/");
- HttpURLConnection urlConn = (HttpURLConnection) url.openConnection();
+ URL url;
+ if (device.url() == null) {
+ url = new URL(device.protocol(), device.ip().toString(), device.port(), "");
+ } else {
+ url = new URL(device.protocol() + URL_SEPARATOR + device.url());
+ }
+ HttpURLConnection urlConn;
+ if (device.protocol().equals(HTTPS)) {
+ //FIXME this method provides no security accepting all SSL certs.
+ RestDeviceProviderUtilities.enableSslCert();
+
+ urlConn = (HttpsURLConnection) url.openConnection();
+ } else {
+ urlConn = (HttpURLConnection) url.openConnection();
+ }
+ if (device.password() != null) {
+ String userPassword = device.name() + ":" + device.password();
+ String basicAuth = Base64.getEncoder()
+ .encodeToString(userPassword.getBytes(StandardCharsets.UTF_8));
+ urlConn.setRequestProperty(AUTHORIZATION_PROPERTY, BASIC_AUTH_PREFIX + basicAuth);
+ }
urlConn.setConnectTimeout(TEST_CONNECT_TIMEOUT);
- boolean open = urlConn.getResponseCode() == (HttpURLConnection.HTTP_OK);
+ boolean open = urlConn.getResponseCode() == (HttpsURLConnection.HTTP_OK);
+ if (!open) {
+ log.error("Device {} not accessibile, response code {} ", device,
+ urlConn.getResponseCode());
+ }
urlConn.disconnect();
return open;
- } catch (IOException e) {
- log.error("Device {} not reachable, error creating HTTP connection", device, e);
+
+ } catch (IOException | NoSuchAlgorithmException | KeyManagementException e) {
+ log.error("Device {} not reachable, error creating {} connection", device,
+ device.protocol(), e);
}
return false;
}
diff --git a/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestDeviceProviderUtilities.java b/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestDeviceProviderUtilities.java
new file mode 100644
index 0000000..53c97e1
--- /dev/null
+++ b/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestDeviceProviderUtilities.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2016 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.provider.rest.device.impl;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * Utilities class for RestDevice provider.
+ */
+final class RestDeviceProviderUtilities {
+
+ private static final String TLS = "TLS";
+
+ //disable construction.
+ private RestDeviceProviderUtilities(){}
+
+ /**
+ * Method that bypasses every SSL certificate verification and accepts every
+ * connection with any SSL protected device that ONOS has an interaction with.
+ * Needs addressing for secutirty purposes.
+ *
+ * @throws NoSuchAlgorithmException
+ * @throws KeyManagementException
+ */
+ //FIXME redo for security purposes.
+ protected static void enableSslCert() throws NoSuchAlgorithmException, KeyManagementException {
+ SSLContext ctx = SSLContext.getInstance(TLS);
+ ctx.init(new KeyManager[0], new TrustManager[]{new DefaultTrustManager()}, new SecureRandom());
+ SSLContext.setDefault(ctx);
+ HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> {
+ //FIXME better way to do this.
+ return true;
+ });
+ }
+
+ //FIXME this accepts every connection
+ private static class DefaultTrustManager implements X509TrustManager {
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+ }
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+ }
+}
diff --git a/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestProviderConfig.java b/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestProviderConfig.java
index 2056dce..3671922 100644
--- a/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestProviderConfig.java
+++ b/providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestProviderConfig.java
@@ -42,6 +42,7 @@
private static final String NAME = "name";
private static final String PASSWORD = "password";
private static final String PROTOCOL = "protocol";
+ private static final String URL = "url";
public Set<RestSBDevice> getDevicesAddresses() throws ConfigException {
Set<RestSBDevice> devicesAddresses = Sets.newHashSet();
@@ -54,8 +55,10 @@
String name = node.path(NAME).asText();
String password = node.path(PASSWORD).asText();
String protocol = node.path(PROTOCOL).asText();
+ String url = node.path(URL).asText();
devicesAddresses.add(new DefaultRestSBDevice(ipAddr, port, name,
- password, protocol, false));
+ password, protocol,
+ url, false));
}
} catch (IllegalArgumentException e) {