2 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.controller.netconf.it;
10 import java.io.IOException;
11 import java.io.InputStream;
12 import java.security.KeyManagementException;
13 import java.security.KeyStore;
14 import java.security.KeyStoreException;
15 import java.security.NoSuchAlgorithmException;
16 import java.security.UnrecoverableKeyException;
17 import java.security.cert.CertificateException;
19 import javax.net.ssl.KeyManagerFactory;
20 import javax.net.ssl.SSLContext;
21 import javax.net.ssl.TrustManagerFactory;
23 import com.google.common.base.Preconditions;
25 public final class SSLUtil {
29 public static SSLContext initializeSecureContext(final String pass, final InputStream ksKeysFile, final InputStream ksTrustFile,
30 final String algorithm) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException,
31 UnrecoverableKeyException, KeyManagementException {
33 Preconditions.checkNotNull(ksTrustFile, "ksTrustFile cannot be null");
34 Preconditions.checkNotNull(ksKeysFile, "ksKeysFile cannot be null");
36 final char[] passphrase = pass.toCharArray();
38 // First initialize the key and trust material.
39 final KeyStore ksKeys = KeyStore.getInstance("JKS");
40 ksKeys.load(ksKeysFile, passphrase);
41 final KeyStore ksTrust = KeyStore.getInstance("JKS");
42 ksTrust.load(ksTrustFile, passphrase);
44 // KeyManager's decide which key material to use.
45 final KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
46 kmf.init(ksKeys, passphrase);
48 // TrustManager's decide whether to allow connections.
49 final TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
52 final SSLContext sslContext = SSLContext.getInstance("TLS");
54 // Create/initialize the SSLContext with key material
55 sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);