SSL/TLS support for OVSDB Southbound API
Change-Id: Ib76653131bdf4b934a484eb72f91af60ff5861c0
Wiki Link : https://wiki.onosproject.org/pages/viewpage.action?pageId=23333242
diff --git a/protocols/ovsdb/ctl/src/main/java/org/onosproject/ovsdb/controller/impl/TlsParams.java b/protocols/ovsdb/ctl/src/main/java/org/onosproject/ovsdb/controller/impl/TlsParams.java
new file mode 100644
index 0000000..1d09e1d
--- /dev/null
+++ b/protocols/ovsdb/ctl/src/main/java/org/onosproject/ovsdb/controller/impl/TlsParams.java
@@ -0,0 +1,198 @@
+/*
+ * Copyright 2015-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.ovsdb.controller.impl;
+
+import com.google.common.base.MoreObjects;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.DigestInputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.EnumSet;
+import java.util.Objects;
+
+import static org.onosproject.ovsdb.controller.OvsdbConstant.DEFAULT_KS_FILE;
+import static org.onosproject.ovsdb.controller.OvsdbConstant.DEFAULT_KS_PASSWORD;
+
+/**
+ * TlsParams Class for properties required for configuring OVSDB TLS Connection.
+ */
+public class TlsParams {
+
+ private static final Logger log = LoggerFactory
+ .getLogger(Controller.class);
+
+ /**
+ * Options for Activated / Deactivated TLS Mode.
+ */
+ enum TlsMode {
+ /**
+ * Signifies that TLS is enabled.
+ */
+ ENABLED,
+ /**
+ * Signifies that TLS is disabled.
+ */
+ DISABLED
+ }
+
+ protected static final EnumSet<TlsMode> TLS_ENABLED = EnumSet.of(TlsMode.ENABLED);
+
+ final TlsMode mode;
+ final String ksLocation;
+ final String tsLocation;
+ final String ksPwd;
+ final String tsPwd;
+ final byte[] ksSignature;
+ final byte[] tsSignature;
+
+ /**
+ * Default Constructor.
+ */
+ TlsParams() {
+ this.mode = TlsMode.DISABLED;
+ this.ksLocation = DEFAULT_KS_FILE;
+ this.tsLocation = DEFAULT_KS_FILE;
+ this.ksPwd = DEFAULT_KS_PASSWORD;
+ this.tsPwd = DEFAULT_KS_PASSWORD;
+ this.ksSignature = getSha1Checksum(ksLocation);
+ this.tsSignature = getSha1Checksum(tsLocation);
+ }
+
+ /**
+ * Creates new Tls params.
+ *
+ * @param mode TlsMode
+ * @param ksLocation keyStore Location
+ * @param tsLocation trustStore Location
+ * @param ksPwd keyStore Password
+ * @param tsPwd trustStore Password
+ */
+ TlsParams(TlsMode mode, String ksLocation, String tsLocation,
+ String ksPwd, String tsPwd) {
+ this.mode = mode;
+ this.ksLocation = ksLocation;
+ this.tsLocation = tsLocation;
+ this.ksPwd = ksPwd;
+ this.tsPwd = tsPwd;
+ this.ksSignature = getSha1Checksum(ksLocation);
+ this.tsSignature = getSha1Checksum(tsLocation);
+ }
+
+ /**
+ * Exposes the keyStore password in char[] format.
+ *
+ * @return the keyStorePassword as a char array
+ */
+ public char[] ksPwd() {
+ return ksPwd.toCharArray();
+ }
+
+ /**
+ * Exposes the trustStore password in char[] format.
+ *
+ * @return the trustStorePassword as a char array
+ */
+ public char[] tsPwd() {
+ return tsPwd.toCharArray();
+ }
+
+ /**
+ * Returns whether TLS is enabled or not.
+ *
+ * @return true if TLS is enabled otherwise false
+ */
+ public boolean isTlsEnabled() {
+ return TLS_ENABLED.contains(mode);
+ }
+
+ /**
+ * Returns SHA1 Checksum from a JKS.
+ *
+ * @param filepath JKS FilePath
+ * @return byte[] sha1checksum
+ */
+ public byte[] getSha1Checksum(String filepath) {
+ if (filepath == null) {
+ return new byte[0];
+ }
+ try {
+ MessageDigest digest = MessageDigest.getInstance("SHA1");
+ File f = new File(filepath);
+ FileInputStream is = new FileInputStream(f);
+ DigestInputStream dis = new DigestInputStream(is, digest);
+ byte[] buffer = new byte[1024];
+ while (dis.read(buffer) > 0) {
+ // nothing to do :)
+ }
+ return dis.getMessageDigest().digest();
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Algorithm SHA1 Not found");
+ } catch (IOException e) {
+ log.info("Error reading file file: {}", filepath);
+ }
+ return new byte[0];
+ }
+
+ @Override
+ public int hashCode() {
+ if (mode == TlsMode.DISABLED) {
+ return Objects.hash(mode);
+ }
+ return Objects.hash(mode, ksLocation, tsLocation,
+ ksPwd, tsPwd,
+ Arrays.hashCode(ksSignature),
+ Arrays.hashCode(tsSignature));
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj instanceof TlsParams) {
+ final TlsParams that = (TlsParams) obj;
+ if (this.getClass() != that.getClass()) {
+ return false;
+ } else if (this.mode == that.mode && this.mode == TlsMode.DISABLED) {
+ // All disabled objects should be equal regardless of other params
+ return true;
+ }
+ return this.mode == that.mode &&
+ Objects.equals(this.ksLocation, that.ksLocation) &&
+ Objects.equals(this.tsLocation, that.tsLocation) &&
+ Objects.equals(this.ksPwd, that.ksPwd) &&
+ Objects.equals(this.tsPwd, that.tsPwd) &&
+ Arrays.equals(this.ksSignature, that.ksSignature) &&
+ Arrays.equals(this.tsSignature, that.tsSignature);
+ }
+ return false;
+ }
+
+ @Override
+ public String toString() {
+ return MoreObjects.toStringHelper(this)
+ .add("tlsMode", mode.toString().toLowerCase())
+ .add("ksLocation", ksLocation)
+ .add("tsLocation", tsLocation)
+ .toString();
+ }
+}
\ No newline at end of file