fix for OF ssl, which now permits multiple switches
Change-Id: I69b52ba2521b66ba8c3062f94b0cbd0ce1d1f8f9
diff --git a/protocols/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/Controller.java b/protocols/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/Controller.java
index 56b3a99..a4947c3 100644
--- a/protocols/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/Controller.java
+++ b/protocols/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/Controller.java
@@ -23,6 +23,7 @@
import org.jboss.netty.channel.group.ChannelGroup;
import org.jboss.netty.channel.group.DefaultChannelGroup;
import org.jboss.netty.channel.socket.nio.NioServerSocketChannelFactory;
+
import org.onlab.util.ItemNotFoundException;
import org.onosproject.net.DeviceId;
import org.onosproject.net.driver.DefaultDriverData;
@@ -41,7 +42,6 @@
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.lang.management.ManagementFactory;
@@ -94,7 +94,7 @@
protected String tsLocation;
protected char[] ksPwd;
protected char[] tsPwd;
- protected SSLEngine serverSslEngine;
+ protected SSLContext sslContext;
// Perf. related configuration
protected static final int SEND_BUFFER_SIZE = 4 * 1024 * 1024;
@@ -132,7 +132,7 @@
bootstrap.setOption("child.sendBufferSize", Controller.SEND_BUFFER_SIZE);
ChannelPipelineFactory pfact =
- new OpenflowPipelineFactory(this, null, serverSslEngine);
+ new OpenflowPipelineFactory(this, null, sslContext);
bootstrap.setPipelineFactory(pfact);
cg = new DefaultChannelGroup();
openFlowPorts.forEach(port -> {
@@ -239,16 +239,10 @@
ks.load(new FileInputStream(ksLocation), ksPwd);
kmf.init(ks, ksPwd);
- SSLContext serverContext = SSLContext.getInstance("TLS");
- serverContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null);
+ sslContext = SSLContext.getInstance("TLS");
+ sslContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null);
- serverSslEngine = serverContext.createSSLEngine();
- serverSslEngine.setNeedClientAuth(true);
- serverSslEngine.setUseClientMode(false);
- serverSslEngine.setEnabledProtocols(serverSslEngine.getSupportedProtocols());
- serverSslEngine.setEnabledCipherSuites(serverSslEngine.getSupportedCipherSuites());
- serverSslEngine.setEnableSessionCreation(true);
}
// **************
diff --git a/protocols/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/OpenflowPipelineFactory.java b/protocols/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/OpenflowPipelineFactory.java
index 1467520..56f1d3c 100644
--- a/protocols/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/OpenflowPipelineFactory.java
+++ b/protocols/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/OpenflowPipelineFactory.java
@@ -16,12 +16,11 @@
package org.onosproject.openflow.controller.impl;
-import java.util.concurrent.ThreadPoolExecutor;
-
import org.jboss.netty.channel.ChannelPipeline;
import org.jboss.netty.channel.ChannelPipelineFactory;
import org.jboss.netty.channel.Channels;
import org.jboss.netty.handler.execution.ExecutionHandler;
+import org.jboss.netty.handler.ssl.SslHandler;
import org.jboss.netty.handler.timeout.IdleStateHandler;
import org.jboss.netty.handler.timeout.ReadTimeoutHandler;
import org.jboss.netty.util.ExternalResourceReleasable;
@@ -30,7 +29,9 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import java.util.concurrent.ThreadPoolExecutor;
/**
* Creates a ChannelPipeline for a server-side openflow channel.
@@ -40,7 +41,8 @@
private final Logger log = LoggerFactory.getLogger(getClass());
- private final SSLEngine sslEngine;
+
+ private final SSLContext sslContext;
protected Controller controller;
protected ThreadPoolExecutor pipelineExecutor;
protected Timer timer;
@@ -49,14 +51,14 @@
public OpenflowPipelineFactory(Controller controller,
ThreadPoolExecutor pipelineExecutor,
- SSLEngine sslEngine) {
+ SSLContext sslContext) {
super();
this.controller = controller;
this.pipelineExecutor = pipelineExecutor;
this.timer = new HashedWheelTimer();
this.idleHandler = new IdleStateHandler(timer, 20, 25, 0);
this.readTimeoutHandler = new ReadTimeoutHandler(timer, 30);
- this.sslEngine = sslEngine;
+ this.sslContext = sslContext;
}
@Override
@@ -64,10 +66,18 @@
OFChannelHandler handler = new OFChannelHandler(controller);
ChannelPipeline pipeline = Channels.pipeline();
- if (sslEngine != null) {
+ if (sslContext != null) {
log.info("OpenFlow SSL enabled.");
- pipeline.addLast("ssl",
- new org.jboss.netty.handler.ssl.SslHandler(sslEngine));
+ SSLEngine sslEngine = sslContext.createSSLEngine();
+
+ sslEngine.setNeedClientAuth(true);
+ sslEngine.setUseClientMode(false);
+ sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
+ sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
+ sslEngine.setEnableSessionCreation(true);
+
+ SslHandler sslHandler = new SslHandler(sslEngine);
+ pipeline.addLast("ssl", sslHandler);
} else {
log.info("OpenFlow SSL disabled");
}
diff --git a/protocols/openflow/ctl/src/test/java/org/onosproject/openflow/controller/impl/ControllerTest.java b/protocols/openflow/ctl/src/test/java/org/onosproject/openflow/controller/impl/ControllerTest.java
index dddea32..6d7be2d 100644
--- a/protocols/openflow/ctl/src/test/java/org/onosproject/openflow/controller/impl/ControllerTest.java
+++ b/protocols/openflow/ctl/src/test/java/org/onosproject/openflow/controller/impl/ControllerTest.java
@@ -191,7 +191,7 @@
controller.setConfigParams(properties);
controller.start(null, new MockDriverService());
- assertThat(controller.serverSslEngine, notNullValue());
+ assertThat(controller.sslContext, notNullValue());
controller.stop();
boolean removed = keystore.delete();