2 * Copyright (c) 2013 Pantheon Technologies s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.openflowjava.protocol.impl.core;
11 import java.io.IOException;
12 import java.security.KeyStore;
13 import java.security.NoSuchAlgorithmException;
14 import java.security.Security;
15 import java.security.cert.CertificateException;
17 import javax.net.ssl.KeyManagerFactory;
18 import javax.net.ssl.SSLContext;
19 import javax.net.ssl.TrustManagerFactory;
21 import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration;
22 import org.slf4j.Logger;
23 import org.slf4j.LoggerFactory;
26 * Class for setting up TLS connection.
28 * @author michal.polkorab
30 public class SslContextFactory {
32 // "TLS" - supports some version of TLS
33 // Use "TLSv1", "TLSv1.1", "TLSv1.2" for specific TLS version
34 private static final String PROTOCOL = "TLS";
35 private TlsConfiguration tlsConfig;
37 private static final Logger LOG = LoggerFactory
38 .getLogger(SslContextFactory.class);
42 * TLS configuration object, contains keystore locations +
45 public SslContextFactory(TlsConfiguration tlsConfig) {
46 this.tlsConfig = tlsConfig;
50 * @return servercontext
52 public SSLContext getServerContext() {
53 String algorithm = Security
54 .getProperty("ssl.KeyManagerFactory.algorithm");
55 if (algorithm == null) {
56 algorithm = "SunX509";
58 SSLContext serverContext = null;
60 KeyStore ks = KeyStore.getInstance(tlsConfig.getTlsKeystoreType().name());
61 ks.load(SslKeyStore.asInputStream(tlsConfig.getTlsKeystore(), tlsConfig.getTlsKeystorePathType()),
62 tlsConfig.getKeystorePassword().toCharArray());
63 KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
64 kmf.init(ks, tlsConfig.getCertificatePassword().toCharArray());
66 KeyStore ts = KeyStore.getInstance(tlsConfig.getTlsTruststoreType().name());
67 ts.load(SslKeyStore.asInputStream(tlsConfig.getTlsTruststore(), tlsConfig.getTlsTruststorePathType()),
68 tlsConfig.getTruststorePassword().toCharArray());
69 TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
72 serverContext = SSLContext.getInstance(PROTOCOL);
73 serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
74 } catch (IOException e) {
75 LOG.warn("IOException - Failed to load keystore / truststore."
76 + " Failed to initialize the server-side SSLContext", e);
77 } catch (NoSuchAlgorithmException e) {
78 LOG.warn("NoSuchAlgorithmException - Unsupported algorithm."
79 + " Failed to initialize the server-side SSLContext", e);
80 } catch (CertificateException e) {
81 LOG.warn("CertificateException - Unable to access certificate (check password)."
82 + " Failed to initialize the server-side SSLContext", e);
83 } catch (Exception e) {
84 LOG.warn("Exception - Failed to initialize the server-side SSLContext", e);