openflow-protocol-impl/src/main/java/org/opendaylight/openflowjava/protocol/impl/core/SslContextFactory.java

   1 /*
   2  * Copyright (c) 2013 Pantheon Technologies s.r.o. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.openflowjava.protocol.impl.core;
  10
  11 import java.io.IOException;
  12 import java.security.KeyStore;
  13 import java.security.NoSuchAlgorithmException;
  14 import java.security.Security;
  15 import java.security.cert.CertificateException;
  16
  17 import javax.net.ssl.KeyManagerFactory;
  18 import javax.net.ssl.SSLContext;
  19 import javax.net.ssl.TrustManagerFactory;
  20
  21 import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration;
  22 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.KeystoreType;
  23 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflow.config.rev140630.PathType;
  24 import org.slf4j.Logger;
  25 import org.slf4j.LoggerFactory;
  26
  27 /**
  28  * Class for setting up TLS connection.
  29  *
  30  * @author michal.polkorab
  31  */
  32 public class SslContextFactory {
  33
  34     // "TLS" - supports some version of TLS
  35     // Use "TLSv1", "TLSv1.1", "TLSv1.2" for specific TLS version
  36     private static final String PROTOCOL = "TLS";
  37     private String keystore;
  38     private KeystoreType keystoreType;
  39     private String truststore;
  40     private KeystoreType truststoreType;
  41     private PathType keystorePathType;
  42     private PathType truststorePathType;
  43
  44     private static final Logger LOGGER = LoggerFactory
  45             .getLogger(SslContextFactory.class);
  46
  47     /**
  48      * @param tlsConfig
  49      *            TLS configuration object, contains keystore locations +
  50      *            keystore types
  51      */
  52     public SslContextFactory(TlsConfiguration tlsConfig) {
  53         keystore = tlsConfig.getTlsKeystore();
  54         keystoreType = tlsConfig.getTlsKeystoreType();
  55         keystorePathType = tlsConfig.getTlsKeystorePathType();
  56         truststore = tlsConfig.getTlsTruststore();
  57         truststoreType = tlsConfig.getTlsTruststoreType();
  58         truststorePathType = tlsConfig.getTlsTruststorePathType();
  59     }
  60
  61     /**
  62      * @return servercontext
  63      */
  64     public SSLContext getServerContext() {
  65         String algorithm = Security
  66                 .getProperty("ssl.KeyManagerFactory.algorithm");
  67         if (algorithm == null) {
  68             algorithm = "SunX509";
  69         }
  70         SSLContext serverContext = null;
  71         try {
  72             KeyStore ks = KeyStore.getInstance(keystoreType.name());
  73             ks.load(SslKeyStore.asInputStream(keystore, keystorePathType),
  74                     SslKeyStore.getKeyStorePassword());
  75             KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
  76             kmf.init(ks, SslKeyStore.getCertificatePassword());
  77
  78             KeyStore ts = KeyStore.getInstance(truststoreType.name());
  79             ts.load(SslKeyStore.asInputStream(truststore, truststorePathType),
  80                     SslKeyStore.getKeyStorePassword());
  81             TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
  82             tmf.init(ts);
  83
  84             serverContext = SSLContext.getInstance(PROTOCOL);
  85             serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
  86         } catch (IOException e) {
  87             LOGGER.warn("IOException - Failed to load keystore / truststore."
  88                     + " Failed to initialize the server-side SSLContext", e);
  89         } catch (NoSuchAlgorithmException e) {
  90             LOGGER.warn("NoSuchAlgorithmException - Unsupported algorithm."
  91                     + " Failed to initialize the server-side SSLContext", e);
  92         } catch (CertificateException e) {
  93             LOGGER.warn("CertificateException - Unable to access certificate (check password)."
  94                     + " Failed to initialize the server-side SSLContext", e);
  95         } catch (Exception e) {
  96             LOGGER.warn("Exception - Failed to initialize the server-side SSLContext", e);
  97         }
  98         return serverContext;
  99     }
 100 }