홍길동 / onos

Go to a project
Toggle navigation Toggle navigation pinning
alshabib
Committed by Gerrit Code Review
5162a9d2 1 parent 260645ba

fix for OF ssl, which now permits multiple switches 

Change-Id: I69b52ba2521b66ba8c3062f94b0cbd0ce1d1f8f9
Inline Side-by-side
Showing 3 changed files with 24 additions and 20 deletions
...@@ -23,6 +23,7 @@ import org.jboss.netty.channel.ChannelPipelineFactory; ...@@ -23,6 +23,7 @@ import org.jboss.netty.channel.ChannelPipelineFactory;
23 import org.jboss.netty.channel.group.ChannelGroup; 23 import org.jboss.netty.channel.group.ChannelGroup;
24 import org.jboss.netty.channel.group.DefaultChannelGroup; 24 import org.jboss.netty.channel.group.DefaultChannelGroup;
25 import org.jboss.netty.channel.socket.nio.NioServerSocketChannelFactory; 25 import org.jboss.netty.channel.socket.nio.NioServerSocketChannelFactory;
26 +
26 import org.onlab.util.ItemNotFoundException; 27 import org.onlab.util.ItemNotFoundException;
27 import org.onosproject.net.DeviceId; 28 import org.onosproject.net.DeviceId;
28 import org.onosproject.net.driver.DefaultDriverData; 29 import org.onosproject.net.driver.DefaultDriverData;
...@@ -41,7 +42,6 @@ import org.slf4j.LoggerFactory; ...@@ -41,7 +42,6 @@ import org.slf4j.LoggerFactory;
41 42
42 import javax.net.ssl.KeyManagerFactory; 43 import javax.net.ssl.KeyManagerFactory;
43 import javax.net.ssl.SSLContext; 44 import javax.net.ssl.SSLContext;
44 -import javax.net.ssl.SSLEngine;
45 import javax.net.ssl.TrustManagerFactory; 45 import javax.net.ssl.TrustManagerFactory;
46 import java.io.FileInputStream; 46 import java.io.FileInputStream;
47 import java.lang.management.ManagementFactory; 47 import java.lang.management.ManagementFactory;
...@@ -94,7 +94,7 @@ public class Controller { ...@@ -94,7 +94,7 @@ public class Controller {
94 protected String tsLocation; 94 protected String tsLocation;
95 protected char[] ksPwd; 95 protected char[] ksPwd;
96 protected char[] tsPwd; 96 protected char[] tsPwd;
97 - protected SSLEngine serverSslEngine; 97 + protected SSLContext sslContext;
98 98
99 // Perf. related configuration 99 // Perf. related configuration
100 protected static final int SEND_BUFFER_SIZE = 4 * 1024 * 1024; 100 protected static final int SEND_BUFFER_SIZE = 4 * 1024 * 1024;
...@@ -132,7 +132,7 @@ public class Controller { ...@@ -132,7 +132,7 @@ public class Controller {
132 bootstrap.setOption("child.sendBufferSize", Controller.SEND_BUFFER_SIZE); 132 bootstrap.setOption("child.sendBufferSize", Controller.SEND_BUFFER_SIZE);
133 133
134 ChannelPipelineFactory pfact = 134 ChannelPipelineFactory pfact =
135 - new OpenflowPipelineFactory(this, null, serverSslEngine); 135 + new OpenflowPipelineFactory(this, null, sslContext);
136 bootstrap.setPipelineFactory(pfact); 136 bootstrap.setPipelineFactory(pfact);
137 cg = new DefaultChannelGroup(); 137 cg = new DefaultChannelGroup();
138 openFlowPorts.forEach(port -> { 138 openFlowPorts.forEach(port -> {
...@@ -239,16 +239,10 @@ public class Controller { ...@@ -239,16 +239,10 @@ public class Controller {
239 ks.load(new FileInputStream(ksLocation), ksPwd); 239 ks.load(new FileInputStream(ksLocation), ksPwd);
240 kmf.init(ks, ksPwd); 240 kmf.init(ks, ksPwd);
241 241
242 - SSLContext serverContext = SSLContext.getInstance("TLS"); 242 + sslContext = SSLContext.getInstance("TLS");
243 - serverContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null); 243 + sslContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null);
244 244
245 - serverSslEngine = serverContext.createSSLEngine();
246 245
247 - serverSslEngine.setNeedClientAuth(true);
248 - serverSslEngine.setUseClientMode(false);
249 - serverSslEngine.setEnabledProtocols(serverSslEngine.getSupportedProtocols());
250 - serverSslEngine.setEnabledCipherSuites(serverSslEngine.getSupportedCipherSuites());
251 - serverSslEngine.setEnableSessionCreation(true);
252 } 246 }
253 247
254 // ************** 248 // **************
......
...@@ -16,12 +16,11 @@ ...@@ -16,12 +16,11 @@
16 16
17 package org.onosproject.openflow.controller.impl; 17 package org.onosproject.openflow.controller.impl;
18 18
19 -import java.util.concurrent.ThreadPoolExecutor;
20 -
21 import org.jboss.netty.channel.ChannelPipeline; 19 import org.jboss.netty.channel.ChannelPipeline;
22 import org.jboss.netty.channel.ChannelPipelineFactory; 20 import org.jboss.netty.channel.ChannelPipelineFactory;
23 import org.jboss.netty.channel.Channels; 21 import org.jboss.netty.channel.Channels;
24 import org.jboss.netty.handler.execution.ExecutionHandler; 22 import org.jboss.netty.handler.execution.ExecutionHandler;
23 +import org.jboss.netty.handler.ssl.SslHandler;
25 import org.jboss.netty.handler.timeout.IdleStateHandler; 24 import org.jboss.netty.handler.timeout.IdleStateHandler;
26 import org.jboss.netty.handler.timeout.ReadTimeoutHandler; 25 import org.jboss.netty.handler.timeout.ReadTimeoutHandler;
27 import org.jboss.netty.util.ExternalResourceReleasable; 26 import org.jboss.netty.util.ExternalResourceReleasable;
...@@ -30,7 +29,9 @@ import org.jboss.netty.util.Timer; ...@@ -30,7 +29,9 @@ import org.jboss.netty.util.Timer;
30 import org.slf4j.Logger; 29 import org.slf4j.Logger;
31 import org.slf4j.LoggerFactory; 30 import org.slf4j.LoggerFactory;
32 31
32 +import javax.net.ssl.SSLContext;
33 import javax.net.ssl.SSLEngine; 33 import javax.net.ssl.SSLEngine;
34 +import java.util.concurrent.ThreadPoolExecutor;
34 35
35 /** 36 /**
36 * Creates a ChannelPipeline for a server-side openflow channel. 37 * Creates a ChannelPipeline for a server-side openflow channel.
...@@ -40,7 +41,8 @@ public class OpenflowPipelineFactory ...@@ -40,7 +41,8 @@ public class OpenflowPipelineFactory
40 41
41 private final Logger log = LoggerFactory.getLogger(getClass()); 42 private final Logger log = LoggerFactory.getLogger(getClass());
42 43
43 - private final SSLEngine sslEngine; 44 +
45 + private final SSLContext sslContext;
44 protected Controller controller; 46 protected Controller controller;
45 protected ThreadPoolExecutor pipelineExecutor; 47 protected ThreadPoolExecutor pipelineExecutor;
46 protected Timer timer; 48 protected Timer timer;
...@@ -49,14 +51,14 @@ public class OpenflowPipelineFactory ...@@ -49,14 +51,14 @@ public class OpenflowPipelineFactory
49 51
50 public OpenflowPipelineFactory(Controller controller, 52 public OpenflowPipelineFactory(Controller controller,
51 ThreadPoolExecutor pipelineExecutor, 53 ThreadPoolExecutor pipelineExecutor,
52 - SSLEngine sslEngine) { 54 + SSLContext sslContext) {
53 super(); 55 super();
54 this.controller = controller; 56 this.controller = controller;
55 this.pipelineExecutor = pipelineExecutor; 57 this.pipelineExecutor = pipelineExecutor;
56 this.timer = new HashedWheelTimer(); 58 this.timer = new HashedWheelTimer();
57 this.idleHandler = new IdleStateHandler(timer, 20, 25, 0); 59 this.idleHandler = new IdleStateHandler(timer, 20, 25, 0);
58 this.readTimeoutHandler = new ReadTimeoutHandler(timer, 30); 60 this.readTimeoutHandler = new ReadTimeoutHandler(timer, 30);
59 - this.sslEngine = sslEngine; 61 + this.sslContext = sslContext;
60 } 62 }
61 63
62 @Override 64 @Override
...@@ -64,10 +66,18 @@ public class OpenflowPipelineFactory ...@@ -64,10 +66,18 @@ public class OpenflowPipelineFactory
64 OFChannelHandler handler = new OFChannelHandler(controller); 66 OFChannelHandler handler = new OFChannelHandler(controller);
65 67
66 ChannelPipeline pipeline = Channels.pipeline(); 68 ChannelPipeline pipeline = Channels.pipeline();
67 - if (sslEngine != null) { 69 + if (sslContext != null) {
68 log.info("OpenFlow SSL enabled."); 70 log.info("OpenFlow SSL enabled.");
69 - pipeline.addLast("ssl", 71 + SSLEngine sslEngine = sslContext.createSSLEngine();
70 - new org.jboss.netty.handler.ssl.SslHandler(sslEngine)); 72 +
73 + sslEngine.setNeedClientAuth(true);
74 + sslEngine.setUseClientMode(false);
75 + sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
76 + sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
77 + sslEngine.setEnableSessionCreation(true);
78 +
79 + SslHandler sslHandler = new SslHandler(sslEngine);
80 + pipeline.addLast("ssl", sslHandler);
71 } else { 81 } else {
72 log.info("OpenFlow SSL disabled"); 82 log.info("OpenFlow SSL disabled");
73 } 83 }
......
...@@ -191,7 +191,7 @@ public class ControllerTest { ...@@ -191,7 +191,7 @@ public class ControllerTest {
191 controller.setConfigParams(properties); 191 controller.setConfigParams(properties);
192 controller.start(null, new MockDriverService()); 192 controller.start(null, new MockDriverService());
193 193
194 - assertThat(controller.serverSslEngine, notNullValue()); 194 + assertThat(controller.sslContext, notNullValue());
195 195
196 controller.stop(); 196 controller.stop();
197 boolean removed = keystore.delete(); 197 boolean removed = keystore.delete();
......