2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.controller.netconf.it;
10 import com.google.common.base.Preconditions;
11 import java.io.IOException;
12 import java.io.InputStream;
13 import java.security.KeyManagementException;
14 import java.security.KeyStore;
15 import java.security.KeyStoreException;
16 import java.security.NoSuchAlgorithmException;
17 import java.security.UnrecoverableKeyException;
18 import java.security.cert.CertificateException;
19 import javax.net.ssl.KeyManagerFactory;
20 import javax.net.ssl.SSLContext;
21 import javax.net.ssl.TrustManagerFactory;
23 public final class SSLUtil {
27 public static SSLContext initializeSecureContext(final String pass, final InputStream ksKeysFile, final InputStream ksTrustFile,
28 final String algorithm) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException,
29 UnrecoverableKeyException, KeyManagementException {
31 Preconditions.checkNotNull(ksTrustFile, "ksTrustFile cannot be null");
32 Preconditions.checkNotNull(ksKeysFile, "ksKeysFile cannot be null");
34 final char[] passphrase = pass.toCharArray();
36 // First initialize the key and trust material.
37 final KeyStore ksKeys = KeyStore.getInstance("JKS");
38 ksKeys.load(ksKeysFile, passphrase);
39 final KeyStore ksTrust = KeyStore.getInstance("JKS");
40 ksTrust.load(ksTrustFile, passphrase);
42 // KeyManager's decide which key material to use.
43 final KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
44 kmf.init(ksKeys, passphrase);
46 // TrustManager's decide whether to allow connections.
47 final TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
50 final SSLContext sslContext = SSLContext.getInstance("TLS");
52 // Create/initialize the SSLContext with key material
53 sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);