Preliminary code commit to Secure OF-Agent to ONOS COmmunication
Added Error handling, few more follow-up fixes
PKI File Names Changed voltha.crt, voltha.key, voltha-CA.pem
Change-Id: I366342caf98bfe66e67a02838a68a3d799f774f3
diff --git a/docker/Dockerfile.ofagent b/docker/Dockerfile.ofagent
index 875113e..20d97dc 100644
--- a/docker/Dockerfile.ofagent
+++ b/docker/Dockerfile.ofagent
@@ -39,6 +39,7 @@
ENV PYTHONPATH=/ofagent
COPY common /ofagent/common
COPY ofagent /ofagent/ofagent
+COPY pki /ofagent/pki
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
diff --git a/ofagent/agent.py b/ofagent/agent.py
index 55c8bfb..626e105 100644
--- a/ofagent/agent.py
+++ b/ofagent/agent.py
@@ -19,6 +19,8 @@
import structlog
from twisted.internet import protocol
from twisted.internet import reactor
+from twisted.internet import reactor, ssl
+from twisted.internet import reactor
from twisted.internet.defer import Deferred, inlineCallbacks
import loxi.of13 as of13
@@ -87,7 +89,19 @@
while not self.exiting:
host, port = self.resolve_endpoint(self.controller_endpoint)
log.info('connecting', host=host, port=port)
- self.connector = reactor.connectTCP(host, port, self)
+ try:
+ with open("/ofagent/pki/voltha.key") as keyFile:
+ with open("/ofagent/pki/voltha.crt") as certFile:
+ clientCert = ssl.PrivateCertificate.loadPEM(
+ keyFile.read() + certFile.read())
+
+ ctx = clientCert.options()
+ self.connector = reactor.connectSSL(host, port, self, ctx)
+
+ except Exception as error:
+ log.error(event, reason=reason)
+
+
self.d_disconnected = Deferred()
yield self.d_disconnected
log.debug('reconnect', after_delay=self.retry_interval)
diff --git a/pki/voltha-CA.pem b/pki/voltha-CA.pem
new file mode 100755
index 0000000..020da35
--- /dev/null
+++ b/pki/voltha-CA.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID+zCCAuOgAwIBAgIJAPJ6fEmhoTNbMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD
+VQQGEwJBQTELMAkGA1UECAwCQkIxCzAJBgNVBAcMAkNDMREwDwYDVQQKDAhJQ2Vy
+dGlmeTERMA8GA1UECwwIU2VjdXJpdHkxJDAiBgNVBAMMG0ljZXJ0aWZ5IENyeXB0
+b2dyYXBoeSBHcm91cDEeMBwGCSqGSIb3DQEJARYPY2FAaWNlcnRpZnkuY29tMB4X
+DTE3MDYwMTEwNDg0NloXDTE3MDcwMTEwNDg0NlowgZMxCzAJBgNVBAYTAkFBMQsw
+CQYDVQQIDAJCQjELMAkGA1UEBwwCQ0MxETAPBgNVBAoMCElDZXJ0aWZ5MREwDwYD
+VQQLDAhTZWN1cml0eTEkMCIGA1UEAwwbSWNlcnRpZnkgQ3J5cHRvZ3JhcGh5IEdy
+b3VwMR4wHAYJKoZIhvcNAQkBFg9jYUBpY2VydGlmeS5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDc8MNuk3rMFBZ2LihVoXxVjH5Ac4vj2Z1d1hB9
+ZS/u2x9d3orB3wknjz86m4/xmb8A7JVqrIqE5nBDksx2/Dg6Q9CfcXYGLm1XKJZn
+tC1bNt86/fgQ4hzY37e+ifN2RYroJPhmQYG7+B8PaBXNtnXiVKQnBXep00c8z0V3
+icmcJfjJbibdu5Nz106wnZMXo6r/gm2UZ3EIWaBjiEJeybb3nZgYXyNApi3h5TZC
+YUFRhFfRuiwvUbdt/LNKfD/+KY3SqPA0I8Em+jKw4/DxNv4f0mdAgHdSYAqDsPN5
+W3yagdS2u4sTuthCA2WEt95ky12+p2BYh1rUf2qm+dznXYXfAgMBAAGjUDBOMB0G
+A1UdDgQWBBT4si3SSLYyzr+B4zBWNvnd+D5d+jAfBgNVHSMEGDAWgBT4si3SSLYy
+zr+B4zBWNvnd+D5d+jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBG
+wl6nsMDSHGJg6cytlrda3eXHE4AqPUWNcHxjAwuU47ZUKlIPl0lMYQAluJqKVtLH
+uLp3Kz6ANYPhHajiIDpOn6QnD3j3OBMK34XntxqHqBm97Pziy8a28qrxNmCqykWt
++QpDzTuNyLgTNO9dPXiiYeo4gDpwZtPV7Y7mQDqCLmvYbKl+U5kITdsb+MR+Rpmf
+M9+N8jQosSu2dWW6zG1FLsEsQQzaTQcgNdg5k/zqGG3DgK3sy4qHvN+92FhIY1aM
+1tRU3TqNUkXmnsrt6sd3DFnueq8pCwyfuTh7gqCJdCoIjGCNRjlSLYn7W7bVCZRm
+evIu27IInqmZIvkH7AHY
+-----END CERTIFICATE-----
diff --git a/pki/voltha.crt b/pki/voltha.crt
new file mode 100755
index 0000000..456876c
--- /dev/null
+++ b/pki/voltha.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAocCCQDWGTSrh75/vjANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMC
+QUExCzAJBgNVBAgMAkJCMQswCQYDVQQHDAJDQzERMA8GA1UECgwISUNlcnRpZnkx
+ETAPBgNVBAsMCFNlY3VyaXR5MSQwIgYDVQQDDBtJY2VydGlmeSBDcnlwdG9ncmFw
+aHkgR3JvdXAxHjAcBgkqhkiG9w0BCQEWD2NhQGljZXJ0aWZ5LmNvbTAeFw0xNzA2
+MTQxNTQ2MzJaFw0xNzA3MTQxNTQ2MzJaMIGOMQswCQYDVQQGEwJVUzELMAkGA1UE
+CAwCQ0ExEzARBgNVBAcMCk1lbmxvIFBhcmsxEzARBgNVBAoMCk9wZW5Wb2x0aGEx
+ETAPBgNVBAsMCFNlY3VyaXR5MQ8wDQYDVQQDDAZjb25zdWwxJDAiBgkqhkiG9w0B
+CQEWFWNvbnN1bEBPcGVuVm9sdGhhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANTRjeapGUWe+3dUGAu7YPUmD2+RyspP6DrJU+9qT7dhyjg14qwM
+KrHz/7qKCzQkzvB5uBX4ne9bdCGySbe3GUnUjbSX2dKIdyG/+mNJS8MqL3nUncU5
+6FVyIuZkh3HVyecmlHbh2Rz0ZKLQWQByvuubbUkz4Aa+SpH5dQURzBqTy+RtuQ3D
+Qc1a4+a7DcuM5Kmv1TdmzdRjkwFwYXTYM3wvSK6oi4GgpuLOOGKnQjy0MeATl8zC
+EDfbRF8ZK0xFjzkMh6vtfbjnoVVUPxLCDiPAaxqYTdHYKV6036Q9QOLNQnvedBN/
+NssJy9N/rn0wr7tNJ0l+o3R8fH0LgkNyGLMCAwEAATANBgkqhkiG9w0BAQsFAAOC
+AQEAJSDalFDHxpSS1S7HOzG9H5ZOzQBfIUznRg7PBI2Ys/dQHkPP4HcjbLdCFVHt
+FOzo2tW16P+85hbcZI/1AtuXZWxEClQHWIxpIqAUPh8YxHjgr60krrQOtTKouKi9
+80GW9/NLWdW+b1YxRMYX7fRrkaLv4HO0HECNYC6E4Lb0urDhLBwNPqRolIve+2SY
+vJdy9rI1u6nMdmqdZkRtjxMe3bRUb1TeXg0OmJG/ubco65drxgpvsQqWWK5iCT32
+R+buKMtdpNJDOM55aa64WTgeWdg9IbSchlsoKJTRekUvHX2S3y1mshZxLaee89Mo
+kPudyekeIoMHrOcdltiVarCKdw==
+-----END CERTIFICATE-----
diff --git a/pki/voltha.key b/pki/voltha.key
new file mode 100755
index 0000000..044d805
--- /dev/null
+++ b/pki/voltha.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA1NGN5qkZRZ77d1QYC7tg9SYPb5HKyk/oOslT72pPt2HKODXi
+rAwqsfP/uooLNCTO8Hm4Ffid71t0IbJJt7cZSdSNtJfZ0oh3Ib/6Y0lLwyovedSd
+xTnoVXIi5mSHcdXJ5yaUduHZHPRkotBZAHK+65ttSTPgBr5Kkfl1BRHMGpPL5G25
+DcNBzVrj5rsNy4zkqa/VN2bN1GOTAXBhdNgzfC9IrqiLgaCm4s44YqdCPLQx4BOX
+zMIQN9tEXxkrTEWPOQyHq+19uOehVVQ/EsIOI8BrGphN0dgpXrTfpD1A4s1Ce950
+E382ywnL03+ufTCvu00nSX6jdHx8fQuCQ3IYswIDAQABAoIBAQCNmu3Xd9bH+3QJ
+P1xMmh52oB+PNiwAF9FHJGUEHfHy7E+YvUoY/nN+OwOCxI2V4ZQMcIErpWS5Oln4
+feANLPjXpmWvr4aRTpouS8Y4QDH4J161quJbtB9Ck5JjSKrS9NTGSGZq//XuDTPV
+HdrKsI8WyDGcjrbW5dFKdfkGKYRsfYlYiHQWhBVaUPPa8kRN/NMWADaOCv2pe9dj
+9XRdAy642GmfLYjnUOjDw5ti2nXrutk8WdYpfc9N8Kzt0JW19X3m7hqcWqO36JnN
+3Q1mGvbywTlOw2dz+Hl99c10snhN9APazJXJMSdvLZdsrETqBnpd3OWPSSv0jmXr
+Eg+Gz1FpAoGBAP6MEwB5d+uVCLOtTeRKIKHuphghW5cW2e2mdmJlfRdBqD8/Y/Tc
+Sb/jd1qg0v5jDKTM0p6Lsl5O87zqlVlyyiC5FW84T7UQ6o7qzS8SfV0OSHL65qjw
+4s5is7VS9PqvWq0jWeRLH1uszsdsp1/jTj5HBEKJULJ2MEn9TPR2UJEXAoGBANYI
+gmEW8yGs9ml5pPX7yI1dY2EynOaaijvVC5IxSOy2MPWJIIfYzuo15473AxEiAV2o
+NWNODxvtwO+7ZkyW1nTU774JGrFINSNVH8j6Nq2iMrOSm2knnhqEP4PCYVR7UFXY
+Knq+ZQ26CtzkFCkQCkdlJ5TJNES7wgwPsqgStF7FAoGBAPKQoPruxawlVSmDmJpX
+WUl2laihARq1l+6zllSlydKDqsS6r5IC6fSF2pLudqIb2UyiMoMLNGpSako4cSHQ
+FXWhah+WVb6B5ENU1TpqMDShC8El/vA2vKtXu1CrQPAycgJTkbHPNI6z2kiH7eee
+QE1wd0rAd7nYjqOzUcYTiSr5AoGAZZ3WoNfviP6AYyVg33SyDAPZqg0IlyeqF6wX
+eUoy8EezyO9Y5YZW/rWnAaZe62R0t42kA0jNPZpMrsUPVa+LlB6A0H2sEZ1RtTu2
+AophKWDHp6AkbvFjS/2b1ieUZDLDum4OBQaeHb1FaQhUVgaKiskI2MgKK9Pk1ish
+zFBNGG0CgYBdtdDMUD02UAB0g4AApOR5MOWTSDlGUe/pwYBicZop5TsYad4wcf90
+z+og3nHKdN8MAljoNX9fJJ8Jzqdy1hv/yD5rnFhTq7R50+Vi7FegQogPAioa0nqe
+0ab5aVtCIOGoFnc1/CuGAcdRVrA1FFq+dTKh617nkE9MjJ2ByxcbTw==
+-----END RSA PRIVATE KEY-----