Refactor NETCONF transport layer
(NETCONF-590)
|
|
| Status: | In Review |
| Project: | netconf |
| Component/s: | netconf-client-mdsal, transport |
| Affects Version/s: | None |
| Fix Version/s: | 7.0.0 |
| Type: | Sub-task | Priority: | Medium |
| Reporter: | Robert Varga | Assignee: | Robert Varga |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | pt | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
SslHandlerFactory is currently a @FunctionalInterface, which leads to a lot of code duplication. Looking at the state of affairs we have ended up after the initial conversion, we need to refactor it. SslHandlerFactory should be an abstract class, which provide an internal API to bind SslHandler. The public API is exposed via a protected method which returns an SslContext – and internal take care of creating the actual SslHandler. This leads to friction with SslHandlerFactoryProvider, which operates in terms of an internally-created KeyStore and then instantiates SSLEngine – and then wraps it into a SslHandler. The provider needs to be thoroughly refactored, so that we use a SslContextBuilder and populate it with the trust chains and private keys/certificate chains. We should hold on to this context for as long as allowedKeys do not change and reuse across devices. |
| Comments |
| Comment by Robert Varga [ 04/Feb/24 ] |
|
For netconf-7.0.0 we do not go the whole way and still retain the intermediate KeyStore. This will be addressed separately, as it now is an implementation detail. |
[NETCONF-1237]