commit f6eeaeac833d24d856162956977ff3493590ad18
author Girish <ggowdru@radisys.com> Mon Nov 13 10:53:57 2017 +0530
committer khenaidoo Nursimulu <knursimu@ciena.com> Tue Nov 21 18:41:26 2017 +0000
tree 14d07f520d3059d46a9665ce1b409c6d52797cfb
parent 9fd844a6c319ee9f660b4f9bf8a0131b921f241a

VOL-539: Provide option to enable/disable TLS security between ofagent and ONOS

Change-Id: I0655a22d39d9b95d7558aea08f4cab719bd6eec0

ofagent/agent.py

diff --git a/ofagent/agent.py b/ofagent/agent.py
index d2ecd0c..cb59d24 100644
--- a/ofagent/agent.py
+++ b/ofagent/agent.py
@@ -17,6 +17,7 @@
 import sys
 
 import structlog
+import os.path
 from twisted.internet import protocol
 from twisted.internet import reactor
 from twisted.internet import reactor, ssl
@@ -42,12 +43,18 @@
                  datapath_id,
                  device_id,
                  rpc_stub,
+                 enable_tls=False,
+                 key_file=None,
+                 cert_file=None,
                  conn_retry_interval=1):
 
         self.controller_endpoint = controller_endpoint
         self.datapath_id = datapath_id
         self.device_id = device_id
         self.rpc_stub = rpc_stub
+        self.enable_tls = enable_tls
+        self.key_file = key_file
+        self.cert_file = cert_file
         self.retry_interval = conn_retry_interval
 
         self.running = False
@@ -89,18 +96,31 @@
         while not self.exiting:
             host, port = self.resolve_endpoint(self.controller_endpoint)
             log.info('connecting', host=host, port=port)
-            try:
-               with open("/ofagent/pki/voltha.key") as keyFile:
-                    with open("/ofagent/pki/voltha.crt") as certFile:
-                         clientCert = ssl.PrivateCertificate.loadPEM(
-                              keyFile.read() + certFile.read())
+            if self.enable_tls:
+                try:
+                    # Check that key_file and cert_file is provided and
+                    # the files exist
+                    if self.key_file is None or             \
+                       self.cert_file is None or            \
+                       not os.path.isfile(self.key_file) or \
+                       not os.path.isfile(self.cert_file):
+                        raise Exception('key_file "{}" or cert_file "{}"'
+                                        ' is not found'.
+                                         format(self.key_file, self.cert_file))
+                    with open(self.key_file) as keyFile:
+                        with open(self.cert_file) as certFile:
+                            clientCert = ssl.PrivateCertificate.loadPEM(
+                                keyFile.read() + certFile.read())
 
-               ctx = clientCert.options()
-               self.connector = reactor.connectSSL(host, port, self, ctx)
+                    ctx = clientCert.options()
+                    self.connector = reactor.connectSSL(host, port, self, ctx)
+                    log.info('tls-enabled')
 
-            except Exception as e:
-                log.exception('failed-to-connect', reason=e)
-
+                except Exception as e:
+                    log.exception('failed-to-connect', reason=e)
+            else:
+                self.connector = reactor.connectTCP(host, port, self)
+                log.info('tls-disabled')
 
             self.d_disconnected = Deferred()
             yield self.d_disconnected