2 * Copyright (c) 2013 Pantheon Technologies s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.openflowjava.protocol.impl.core;
11 import java.io.IOException;
12 import java.security.KeyStore;
13 import java.security.NoSuchAlgorithmException;
14 import java.security.Security;
15 import java.security.cert.CertificateException;
17 import javax.net.ssl.KeyManagerFactory;
18 import javax.net.ssl.SSLContext;
19 import javax.net.ssl.TrustManagerFactory;
21 import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
24 import org.slf4j.Logger;
25 import org.slf4j.LoggerFactory;
28 * Class for setting up TLS connection.
30 * @author michal.polkorab
32 public class SslContextFactory {
34 // "TLS" - supports some version of TLS
35 // Use "TLSv1", "TLSv1.1", "TLSv1.2" for specific TLS version
36 private static final String PROTOCOL = "TLS";
37 private String keystore;
38 private KeystoreType keystoreType;
39 private String truststore;
40 private KeystoreType truststoreType;
41 private PathType keystorePathType;
42 private PathType truststorePathType;
44 private static final Logger LOGGER = LoggerFactory
45 .getLogger(SslContextFactory.class);
49 * TLS configuration object, contains keystore locations +
52 public SslContextFactory(TlsConfiguration tlsConfig) {
53 keystore = tlsConfig.getTlsKeystore();
54 keystoreType = tlsConfig.getTlsKeystoreType();
55 keystorePathType = tlsConfig.getTlsKeystorePathType();
56 truststore = tlsConfig.getTlsTruststore();
57 truststoreType = tlsConfig.getTlsTruststoreType();
58 truststorePathType = tlsConfig.getTlsTruststorePathType();
62 * @return servercontext
64 public SSLContext getServerContext() {
65 String algorithm = Security
66 .getProperty("ssl.KeyManagerFactory.algorithm");
67 if (algorithm == null) {
68 algorithm = "SunX509";
70 SSLContext serverContext = null;
72 KeyStore ks = KeyStore.getInstance(keystoreType.name());
73 ks.load(SslKeyStore.asInputStream(keystore, keystorePathType),
74 SslKeyStore.getKeyStorePassword());
75 KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
76 kmf.init(ks, SslKeyStore.getCertificatePassword());
78 KeyStore ts = KeyStore.getInstance(truststoreType.name());
79 ts.load(SslKeyStore.asInputStream(truststore, truststorePathType),
80 SslKeyStore.getKeyStorePassword());
81 TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
84 serverContext = SSLContext.getInstance(PROTOCOL);
85 serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
86 } catch (IOException e) {
87 LOGGER.warn("IOException - Failed to load keystore / truststore."
88 + " Failed to initialize the server-side SSLContext", e);
89 } catch (NoSuchAlgorithmException e) {
90 LOGGER.warn("NoSuchAlgorithmException - Unsupported algorithm."
91 + " Failed to initialize the server-side SSLContext", e);
92 } catch (CertificateException e) {
93 LOGGER.warn("CertificateException - Unable to access certificate (check password)."
94 + " Failed to initialize the server-side SSLContext", e);
95 } catch (Exception e) {
96 LOGGER.warn("Exception - Failed to initialize the server-side SSLContext", e);