fix for OF ssl, which now permits multiple switches

Change-Id: I69b52ba2521b66ba8c3062f94b0cbd0ce1d1f8f9

@@ -23,6 +23,7 @@ import org.jboss.netty.channel.ChannelPipelineFactory;
 import org.jboss.netty.channel.group.ChannelGroup;
 import org.jboss.netty.channel.group.DefaultChannelGroup;
 import org.jboss.netty.channel.socket.nio.NioServerSocketChannelFactory;
+
 import org.onlab.util.ItemNotFoundException;
 import org.onosproject.net.DeviceId;
 import org.onosproject.net.driver.DefaultDriverData;
@@ -41,7 +42,6 @@ import org.slf4j.LoggerFactory;
 
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
 import javax.net.ssl.TrustManagerFactory;
 import java.io.FileInputStream;
 import java.lang.management.ManagementFactory;
@@ -94,7 +94,7 @@ public class Controller {
     protected String tsLocation;
     protected char[] ksPwd;
     protected char[] tsPwd;
-    protected SSLEngine serverSslEngine;
+    protected SSLContext sslContext;
 
     // Perf. related configuration
     protected static final int SEND_BUFFER_SIZE = 4 * 1024 * 1024;
@@ -132,7 +132,7 @@ public class Controller {
             bootstrap.setOption("child.sendBufferSize", Controller.SEND_BUFFER_SIZE);
 
             ChannelPipelineFactory pfact =
-                    new OpenflowPipelineFactory(this, null, serverSslEngine);
+                    new OpenflowPipelineFactory(this, null, sslContext);
             bootstrap.setPipelineFactory(pfact);
             cg = new DefaultChannelGroup();
             openFlowPorts.forEach(port -> {
@@ -239,16 +239,10 @@ public class Controller {
         ks.load(new FileInputStream(ksLocation), ksPwd);
         kmf.init(ks, ksPwd);
 
-        SSLContext serverContext = SSLContext.getInstance("TLS");
-        serverContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null);
+        sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null);
 
-        serverSslEngine = serverContext.createSSLEngine();
 
-        serverSslEngine.setNeedClientAuth(true);
-        serverSslEngine.setUseClientMode(false);
-        serverSslEngine.setEnabledProtocols(serverSslEngine.getSupportedProtocols());
-        serverSslEngine.setEnabledCipherSuites(serverSslEngine.getSupportedCipherSuites());
-        serverSslEngine.setEnableSessionCreation(true);
     }
 
     // **************

@@ -16,12 +16,11 @@
 
 package org.onosproject.openflow.controller.impl;
 
-import java.util.concurrent.ThreadPoolExecutor;
-
 import org.jboss.netty.channel.ChannelPipeline;
 import org.jboss.netty.channel.ChannelPipelineFactory;
 import org.jboss.netty.channel.Channels;
 import org.jboss.netty.handler.execution.ExecutionHandler;
+import org.jboss.netty.handler.ssl.SslHandler;
 import org.jboss.netty.handler.timeout.IdleStateHandler;
 import org.jboss.netty.handler.timeout.ReadTimeoutHandler;
 import org.jboss.netty.util.ExternalResourceReleasable;
@@ -30,7 +29,9 @@ import org.jboss.netty.util.Timer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
+import java.util.concurrent.ThreadPoolExecutor;
 
 /**
  * Creates a ChannelPipeline for a server-side openflow channel.
@@ -40,7 +41,8 @@ public class OpenflowPipelineFactory
 
     private final Logger log = LoggerFactory.getLogger(getClass());
 
-    private final SSLEngine sslEngine;
+
+    private final SSLContext sslContext;
     protected Controller controller;
     protected ThreadPoolExecutor pipelineExecutor;
     protected Timer timer;
@@ -49,14 +51,14 @@ public class OpenflowPipelineFactory
 
     public OpenflowPipelineFactory(Controller controller,
                                    ThreadPoolExecutor pipelineExecutor,
-                                   SSLEngine sslEngine) {
+                                   SSLContext sslContext) {
         super();
         this.controller = controller;
         this.pipelineExecutor = pipelineExecutor;
         this.timer = new HashedWheelTimer();
         this.idleHandler = new IdleStateHandler(timer, 20, 25, 0);
         this.readTimeoutHandler = new ReadTimeoutHandler(timer, 30);
-        this.sslEngine = sslEngine;
+        this.sslContext = sslContext;
     }
 
     @Override
@@ -64,10 +66,18 @@ public class OpenflowPipelineFactory
         OFChannelHandler handler = new OFChannelHandler(controller);
 
         ChannelPipeline pipeline = Channels.pipeline();
-        if (sslEngine != null) {
+        if (sslContext != null) {
             log.info("OpenFlow SSL enabled.");
-            pipeline.addLast("ssl",
-                             new org.jboss.netty.handler.ssl.SslHandler(sslEngine));
+            SSLEngine sslEngine = sslContext.createSSLEngine();
+
+            sslEngine.setNeedClientAuth(true);
+            sslEngine.setUseClientMode(false);
+            sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
+            sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
+            sslEngine.setEnableSessionCreation(true);
+
+            SslHandler sslHandler = new SslHandler(sslEngine);
+            pipeline.addLast("ssl", sslHandler);
         } else {
             log.info("OpenFlow SSL disabled");
         }

@@ -191,7 +191,7 @@ public class ControllerTest {
         controller.setConfigParams(properties);
         controller.start(null, new MockDriverService());
 
-        assertThat(controller.serverSslEngine, notNullValue());
+        assertThat(controller.sslContext, notNullValue());
 
         controller.stop();
         boolean removed = keystore.delete();