diff options
Diffstat (limited to 'framework/src/onos/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/Controller.java')
-rw-r--r-- | framework/src/onos/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/Controller.java | 117 |
1 files changed, 103 insertions, 14 deletions
diff --git a/framework/src/onos/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/Controller.java b/framework/src/onos/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/Controller.java index 0c28a6fa..9d355156 100644 --- a/framework/src/onos/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/Controller.java +++ b/framework/src/onos/openflow/ctl/src/main/java/org/onosproject/openflow/controller/impl/Controller.java @@ -16,6 +16,8 @@ package org.onosproject.openflow.controller.impl; +import com.google.common.base.Strings; +import com.google.common.collect.ImmutableList; import org.jboss.netty.bootstrap.ServerBootstrap; import org.jboss.netty.channel.ChannelPipelineFactory; import org.jboss.netty.channel.group.ChannelGroup; @@ -37,13 +39,24 @@ import org.projectfloodlight.openflow.protocol.OFVersion; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.TrustManagerFactory; +import java.io.FileInputStream; import java.lang.management.ManagementFactory; import java.lang.management.RuntimeMXBean; import java.net.InetSocketAddress; +import java.security.KeyStore; +import java.util.Dictionary; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.concurrent.Executors; +import java.util.stream.Collectors; +import java.util.stream.Stream; +import static org.onlab.util.Tools.get; import static org.onlab.util.Tools.groupedThreads; import static org.onosproject.net.DeviceId.deviceId; import static org.onosproject.openflow.controller.Dpid.uri; @@ -59,14 +72,16 @@ public class Controller { protected static final OFFactory FACTORY13 = OFFactories.getFactory(OFVersion.OF_13); protected static final OFFactory FACTORY10 = OFFactories.getFactory(OFVersion.OF_10); + private static final boolean TLS_DISABLED = false; + private static final short MIN_KS_LENGTH = 6; protected HashMap<String, String> controllerNodeIPsCache; private ChannelGroup cg; // Configuration options - protected int openFlowPort = 6633; - protected int workerThreads = 0; + protected List<Integer> openFlowPorts = ImmutableList.of(6633, 6653); + protected int workerThreads = 16; // Start time of the controller protected long systemStartTime; @@ -75,9 +90,16 @@ public class Controller { private NioServerSocketChannelFactory execFactory; + protected String ksLocation; + protected String tsLocation; + protected char[] ksPwd; + protected char[] tsPwd; + private SSLEngine serverSSLEngine; + // Perf. related configuration protected static final int SEND_BUFFER_SIZE = 4 * 1024 * 1024; private DriverService driverService; + private boolean enableOFTLS = TLS_DISABLED; // *************** // Getters/Setters @@ -127,13 +149,15 @@ public class Controller { bootstrap.setOption("child.sendBufferSize", Controller.SEND_BUFFER_SIZE); ChannelPipelineFactory pfact = - new OpenflowPipelineFactory(this, null); + new OpenflowPipelineFactory(this, null, serverSSLEngine); bootstrap.setPipelineFactory(pfact); - InetSocketAddress sa = new InetSocketAddress(openFlowPort); cg = new DefaultChannelGroup(); - cg.add(bootstrap.bind(sa)); + openFlowPorts.forEach(port -> { + InetSocketAddress sa = new InetSocketAddress(port); + cg.add(bootstrap.bind(sa)); + log.info("Listening for switch connections on {}", sa); + }); - log.info("Listening for switch connections on {}", sa); } catch (Exception e) { throw new RuntimeException(e); } @@ -155,19 +179,22 @@ public class Controller { } } - public void setConfigParams(Map<String, String> configParams) { - String ofPort = configParams.get("openflowport"); - if (ofPort != null) { - this.openFlowPort = Integer.parseInt(ofPort); + public void setConfigParams(Dictionary<?, ?> properties) { + String ports = get(properties, "openflowPorts"); + if (!Strings.isNullOrEmpty(ports)) { + this.openFlowPorts = Stream.of(ports.split(",")) + .map(s -> Integer.parseInt(s)) + .collect(Collectors.toList()); } + log.debug("OpenFlow ports set to {}", this.openFlowPorts); - log.debug("OpenFlow port set to {}", this.openFlowPort); - String threads = configParams.get("workerthreads"); - this.workerThreads = threads != null ? Integer.parseInt(threads) : 16; + String threads = get(properties, "workerThreads"); + if (!Strings.isNullOrEmpty(threads)) { + this.workerThreads = Integer.parseInt(threads); + } log.debug("Number of worker threads set to {}", this.workerThreads); } - /** * Initialize internal data structures. */ @@ -177,6 +204,68 @@ public class Controller { this.controllerNodeIPsCache = new HashMap<>(); this.systemStartTime = System.currentTimeMillis(); + + try { + getTLSParameters(); + if (enableOFTLS) { + initSSL(); + } + } catch (Exception ex) { + log.error("SSL init failed: {}", ex.getMessage()); + } + + } + + private void getTLSParameters() { + String tempString = System.getProperty("enableOFTLS"); + enableOFTLS = Strings.isNullOrEmpty(tempString) ? TLS_DISABLED : Boolean.parseBoolean(tempString); + log.info("OpenFlow Security is {}", enableOFTLS ? "enabled" : "disabled"); + if (enableOFTLS) { + ksLocation = System.getProperty("javax.net.ssl.keyStore"); + if (Strings.isNullOrEmpty(ksLocation)) { + enableOFTLS = TLS_DISABLED; + return; + } + tsLocation = System.getProperty("javax.net.ssl.trustStore"); + if (Strings.isNullOrEmpty(tsLocation)) { + enableOFTLS = TLS_DISABLED; + return; + } + ksPwd = System.getProperty("javax.net.ssl.keyStorePassword").toCharArray(); + if (MIN_KS_LENGTH > ksPwd.length) { + enableOFTLS = TLS_DISABLED; + return; + } + tsPwd = System.getProperty("javax.net.ssl.trustStorePassword").toCharArray(); + if (MIN_KS_LENGTH > tsPwd.length) { + enableOFTLS = TLS_DISABLED; + return; + } + } + } + + private void initSSL() throws Exception { + + TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + KeyStore ts = KeyStore.getInstance("JKS"); + ts.load(new FileInputStream(tsLocation), tsPwd); + tmFactory.init(ts); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(new FileInputStream(ksLocation), ksPwd); + kmf.init(ks, ksPwd); + + SSLContext serverContext = SSLContext.getInstance("TLS"); + serverContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null); + + serverSSLEngine = serverContext.createSSLEngine(); + + serverSSLEngine.setNeedClientAuth(true); + serverSSLEngine.setUseClientMode(false); + serverSSLEngine.setEnabledProtocols(serverSSLEngine.getSupportedProtocols()); + serverSSLEngine.setEnabledCipherSuites(serverSSLEngine.getSupportedCipherSuites()); + serverSSLEngine.setEnableSessionCreation(true); } // ************** |