[SEBA-593] Splitting aaa app in implementation and api bundles
Change-Id: Ib81650be0695258bdd1f4cd6131f2206760e0da6
diff --git a/api/pom.xml b/api/pom.xml
new file mode 100644
index 0000000..4b0c04a
--- /dev/null
+++ b/api/pom.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright 2015-present Open Networking Foundation
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>aaa</artifactId>
+ <groupId>org.opencord</groupId>
+ <version>1.9.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>aaa-api</artifactId>
+
+ <packaging>bundle</packaging>
+
+ <description>AAA application API</description>
+
+ <properties>
+ <sadis.api.version>3.1.0-SNAPSHOT</sadis.api.version>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.onosproject</groupId>
+ <artifactId>onlab-junit</artifactId>
+ <version>${onos.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.onosproject</groupId>
+ <artifactId>onos-core-serializers</artifactId>
+ <version>${onos.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opencord</groupId>
+ <artifactId>sadis-api</artifactId>
+ <version>${sadis.api.version}</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <extensions>true</extensions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
\ No newline at end of file
diff --git a/api/src/main/java/org/opencord/aaa/AaaConfig.java b/api/src/main/java/org/opencord/aaa/AaaConfig.java
new file mode 100644
index 0000000..3072ff5
--- /dev/null
+++ b/api/src/main/java/org/opencord/aaa/AaaConfig.java
@@ -0,0 +1,301 @@
+/*
+ * Copyright 2015-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.opencord.aaa;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import org.apache.commons.lang3.builder.ToStringBuilder;
+
+import com.google.common.collect.ImmutableSet;
+
+import org.onosproject.core.ApplicationId;
+import org.onosproject.net.ConnectPoint;
+import org.onosproject.net.config.Config;
+import org.onosproject.net.config.basics.BasicElementConfig;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * Network config for the AAA app.
+ */
+public class AaaConfig extends Config<ApplicationId> {
+
+ private static final String RADIUS_HOST = "radiusHost";
+ private static final String RADIUS_IP = "radiusIp";
+ private static final String RADIUS_SERVER_PORT = "radiusServerPort";
+ private static final String RADIUS_MAC = "radiusMac";
+ private static final String NAS_IP = "nasIp";
+ private static final String NAS_MAC = "nasMac";
+ private static final String RADIUS_SECRET = "radiusSecret";
+ private static final String RADIUS_VLAN_ID = "vlanId";
+ private static final String RADIUS_VLAN_PRIORITY_BIT = "radiusPBit";
+ private static final String RADIUS_CONNECTION_TYPE = "radiusConnectionType";
+ private static final String RADIUS_SERVER_CONNECTPOINTS = "radiusServerConnectPoints";
+ // Which packet customizer to use
+ // "packetCustomizer" : "sample" -- Means use SamplePAcketCustomizer
+ // "packetCustomizer" : "default" -- No customization of packets
+ // if param is missing it is treated as default
+ // This class should be a subclass of PacketCustomizer
+ private static final String PACKET_CUSTOMIZER = "packetCustomizer";
+
+ // RADIUS server IP address
+ protected static final String DEFAULT_RADIUS_IP = "10.128.10.4";
+
+ // RADIUS MAC address
+ public static final String DEFAULT_RADIUS_MAC = "00:00:00:00:01:10";
+
+ // NAS IP address
+ public static final String DEFAULT_NAS_IP = "10.128.9.244";
+
+ // NAS MAC address
+ public static final String DEFAULT_NAS_MAC = "00:00:00:00:10:01";
+
+ // RADIUS server shared secret
+ protected static final String DEFAULT_RADIUS_SECRET = "ONOSecret";
+
+ // Radius Server UDP Port Number
+ protected static final String DEFAULT_RADIUS_SERVER_PORT = "1812";
+
+ // Radius Server Vlan ID
+ protected static final String DEFAULT_RADIUS_VLAN_ID = "4093";
+
+ // Radius Sever P-Bit
+ protected static final String DEFAULT_RADIUS_VLAN_PRIORITY_BIT = "3";
+
+ // Whether to use socket or not to communicate with RADIUS Server
+ protected static final String DEFAULT_RADIUS_CONNECTION_TYPE = "socket";
+
+ // Packet Customizer Default value
+ protected static final String DEFAULT_PACKET_CUSTOMIZER = "default";
+
+
+ /**
+ * Gets the value of a string property, protecting for an empty
+ * JSON object.
+ *
+ * @param name name of the property
+ * @param defaultValue default value if none has been specified
+ * @return String value if one os found, default value otherwise
+ */
+ private String getStringProperty(String name, String defaultValue) {
+ if (object == null) {
+ return defaultValue;
+ }
+ return get(name, defaultValue);
+ }
+
+ /**
+ * Returns the NAS ip.
+ *
+ * @return ip address or null if not set
+ */
+ public InetAddress nasIp() {
+ try {
+ return InetAddress.getByName(getStringProperty(NAS_IP, DEFAULT_NAS_IP));
+ } catch (UnknownHostException e) {
+ return null;
+ }
+ }
+
+ /**
+ * Sets the NAS ip.
+ *
+ * @param ip new ip address; null to clear
+ * @return self
+ */
+ public BasicElementConfig nasIp(String ip) {
+ return (BasicElementConfig) setOrClear(NAS_IP, ip);
+ }
+
+ public String radiusHostName() {
+ return getStringProperty(RADIUS_HOST, null);
+ }
+
+ /**
+ * Returns the RADIUS server ip.
+ *
+ * @return ip address or null if not set
+ */
+ public InetAddress radiusIp() {
+ try {
+ return InetAddress.getByName(getStringProperty(RADIUS_IP, DEFAULT_RADIUS_IP));
+ } catch (UnknownHostException e) {
+ return null;
+ }
+ }
+
+ /**
+ * Sets the RADIUS server ip.
+ *
+ * @param ip new ip address; null to clear
+ * @return self
+ */
+ public BasicElementConfig radiusIp(String ip) {
+ return (BasicElementConfig) setOrClear(RADIUS_IP, ip);
+ }
+
+ /**
+ * Returns the RADIUS MAC address.
+ *
+ * @return mac address or null if not set
+ */
+ public String radiusMac() {
+ return getStringProperty(RADIUS_MAC, DEFAULT_RADIUS_MAC);
+ }
+
+ /**
+ * Sets the RADIUS MAC address.
+ *
+ * @param mac new MAC address; null to clear
+ * @return self
+ */
+ public BasicElementConfig radiusMac(String mac) {
+ return (BasicElementConfig) setOrClear(RADIUS_MAC, mac);
+ }
+
+ /**
+ * Returns the RADIUS MAC address.
+ *
+ * @return mac address or null if not set
+ */
+ public String nasMac() {
+ return getStringProperty(NAS_MAC, DEFAULT_NAS_MAC);
+ }
+
+ /**
+ * Sets the RADIUS MAC address.
+ *
+ * @param mac new MAC address; null to clear
+ * @return self
+ */
+ public BasicElementConfig nasMac(String mac) {
+ return (BasicElementConfig) setOrClear(NAS_MAC, mac);
+ }
+
+ /**
+ * Returns the RADIUS secret.
+ *
+ * @return radius secret or null if not set
+ */
+ public String radiusSecret() {
+ return getStringProperty(RADIUS_SECRET, DEFAULT_RADIUS_SECRET);
+ }
+
+ /**
+ * Sets the RADIUS secret.
+ *
+ * @param secret new MAC address; null to clear
+ * @return self
+ */
+ public BasicElementConfig radiusSecret(String secret) {
+ return (BasicElementConfig) setOrClear(RADIUS_SECRET, secret);
+ }
+
+ /**
+ * Returns the RADIUS server UDP port.
+ *
+ * @return radius server UDP port.
+ */
+ public short radiusServerUdpPort() {
+ return Short.parseShort(getStringProperty(RADIUS_SERVER_PORT,
+ DEFAULT_RADIUS_SERVER_PORT));
+ }
+
+ /**
+ * Sets the RADIUS port.
+ *
+ * @param port new RADIUS UDP port; -1 to clear
+ * @return self
+ */
+ public BasicElementConfig radiusServerUdpPort(short port) {
+ return (BasicElementConfig) setOrClear(RADIUS_SERVER_PORT, (long) port);
+ }
+
+ /**
+ * Returns the RADIUS server vlan ID.
+ *
+ * @return Radius Server VLan id or default if not set
+ */
+ public short radiusServerVlanId() {
+ return Short.parseShort(getStringProperty(RADIUS_VLAN_ID, DEFAULT_RADIUS_VLAN_ID));
+ }
+
+ /**
+ * Returns the type of connection to use to communicate with the RADIUS Server.
+ *
+ * @return "socket" or "packet_out"
+ */
+ public String radiusConnectionType() {
+ return getStringProperty(RADIUS_CONNECTION_TYPE, DEFAULT_RADIUS_CONNECTION_TYPE);
+ }
+
+ /**
+ * Returns the RADIUS server p-bit.
+ *
+ * @return Radius Server P-bit to use, default if not set
+ */
+ public byte radiusServerPBit() {
+ return Byte.parseByte(getStringProperty(RADIUS_VLAN_PRIORITY_BIT, DEFAULT_RADIUS_VLAN_PRIORITY_BIT));
+ }
+
+ /**
+ * Returns the PACKET CUSTOMIZER CLASS NAME.
+ *
+ * @return PACKET CUSTOMIZER, default if not set
+ */
+ public String radiusPktCustomizer() {
+ return getStringProperty(PACKET_CUSTOMIZER, DEFAULT_PACKET_CUSTOMIZER);
+ }
+
+ /**
+ * Returns the List of ConnectPoints to reach the Radius Server.
+ *
+ * @return List of ConnectPoints
+ */
+ public Set<ConnectPoint> radiusServerConnectPoints() {
+ if (object == null) {
+ return new HashSet<ConnectPoint>();
+ }
+
+ if (!object.has(RADIUS_SERVER_CONNECTPOINTS)) {
+ return ImmutableSet.of();
+ }
+
+ ImmutableSet.Builder<ConnectPoint> builder = ImmutableSet.builder();
+ ArrayNode arrayNode = (ArrayNode) object.path(RADIUS_SERVER_CONNECTPOINTS);
+ for (JsonNode jsonNode : arrayNode) {
+ String portName = jsonNode.asText(null);
+ if (portName == null) {
+ return null;
+ }
+ try {
+ builder.add(ConnectPoint.deviceConnectPoint(portName));
+ } catch (IllegalArgumentException e) {
+ return null;
+ }
+ }
+ return builder.build();
+ }
+
+ @Override
+ public String toString() {
+ return ToStringBuilder.reflectionToString(this);
+ }
+}
diff --git a/api/src/main/java/org/opencord/aaa/AuthenticationEvent.java b/api/src/main/java/org/opencord/aaa/AuthenticationEvent.java
new file mode 100644
index 0000000..da02ec2
--- /dev/null
+++ b/api/src/main/java/org/opencord/aaa/AuthenticationEvent.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2018-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opencord.aaa;
+
+import org.onosproject.event.AbstractEvent;
+import org.onosproject.net.ConnectPoint;
+
+/**
+ * Event indicating the authentication state of a port has changed.
+ */
+public class AuthenticationEvent extends
+ AbstractEvent<AuthenticationEvent.Type, ConnectPoint> {
+
+ /**
+ * Authentication event type.
+ */
+ public enum Type {
+ /**
+ * Supplicant has started authentication on a port.
+ */
+ STARTED,
+
+ /**
+ * Supplicant has requested authentication on a port.
+ */
+ REQUESTED,
+
+ /**
+ * Authentication request was approved.
+ */
+ APPROVED,
+
+ /**
+ * Authentication request was denied.
+ */
+ DENIED
+ }
+
+ /**
+ * Creates a new authentication event.
+ *
+ * @param type event type
+ * @param connectPoint port
+ */
+ public AuthenticationEvent(Type type, ConnectPoint connectPoint) {
+ super(type, connectPoint);
+ }
+
+}
diff --git a/api/src/main/java/org/opencord/aaa/AuthenticationEventListener.java b/api/src/main/java/org/opencord/aaa/AuthenticationEventListener.java
new file mode 100644
index 0000000..87d2e4a
--- /dev/null
+++ b/api/src/main/java/org/opencord/aaa/AuthenticationEventListener.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2018-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opencord.aaa;
+
+import org.onosproject.event.EventListener;
+
+/**
+ * Listener for authentication events.
+ */
+public interface AuthenticationEventListener extends
+ EventListener<AuthenticationEvent> {
+}
diff --git a/api/src/main/java/org/opencord/aaa/AuthenticationService.java b/api/src/main/java/org/opencord/aaa/AuthenticationService.java
new file mode 100644
index 0000000..82aabbd
--- /dev/null
+++ b/api/src/main/java/org/opencord/aaa/AuthenticationService.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2018-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opencord.aaa;
+
+import org.onosproject.event.ListenerService;
+
+/**
+ * Service for interacting with authentication module.
+ */
+public interface AuthenticationService extends
+ ListenerService<AuthenticationEvent, AuthenticationEventListener> {
+}
diff --git a/api/src/main/java/org/opencord/aaa/RadiusCommunicator.java b/api/src/main/java/org/opencord/aaa/RadiusCommunicator.java
new file mode 100755
index 0000000..4809bca
--- /dev/null
+++ b/api/src/main/java/org/opencord/aaa/RadiusCommunicator.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2017-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.opencord.aaa;
+
+import org.onlab.packet.RADIUS;
+
+import org.onosproject.net.packet.InboundPacket;
+import org.onosproject.net.packet.PacketContext;
+
+/**
+ * Interface to the implementations for RADIUS server side communication.
+ */
+public interface RadiusCommunicator {
+
+ /**
+ * Does initialization required for the implementation to work and applies the
+ * relevant part of the passed configuration.
+ *
+ * @param newCfg : New configuration to be applied
+ */
+ void initializeLocalState(AaaConfig newCfg);
+ /**
+ * Clears up all local state.
+ */
+ void clearLocalState();
+ /**
+ * Shutdown, called when AAA app is deactivated.
+ */
+ void deactivate();
+ /**
+ * Provision intercepts on the switches if needed.
+ */
+ void requestIntercepts();
+ /**
+ * Clear intercepts from the switches if needed.
+ */
+ void withdrawIntercepts();
+ /**
+ * Send RADIUS packet to the RADIUS server.
+ *
+ * @param radiusPacket RADIUS packet to be sent to server.
+ * @param inPkt Incoming EAPOL packet
+ */
+ void sendRadiusPacket(RADIUS radiusPacket, InboundPacket inPkt);
+ /**
+ * Handle packet from RADIUS server.
+ *
+ * @param context Incoming packet context.
+ */
+ void handlePacketFromServer(PacketContext context);
+}
diff --git a/api/src/main/java/org/opencord/aaa/StateMachineDelegate.java b/api/src/main/java/org/opencord/aaa/StateMachineDelegate.java
new file mode 100644
index 0000000..6546d74
--- /dev/null
+++ b/api/src/main/java/org/opencord/aaa/StateMachineDelegate.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2018-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opencord.aaa;
+
+import org.onosproject.store.StoreDelegate;
+
+/**
+ * Delegate for authentication state machine.
+ */
+public interface StateMachineDelegate extends StoreDelegate<AuthenticationEvent> {
+}
diff --git a/api/src/main/java/org/opencord/aaa/package-info.java b/api/src/main/java/org/opencord/aaa/package-info.java
new file mode 100644
index 0000000..2e45162
--- /dev/null
+++ b/api/src/main/java/org/opencord/aaa/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2015-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * AAA implmentation.
+ */
+package org.opencord.aaa;