2 * Copyright (c) 2015 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.protocol.pcep.impl.tls;
10 import static java.util.Objects.requireNonNull;
12 import java.io.IOException;
13 import java.security.KeyStore;
14 import java.security.NoSuchAlgorithmException;
15 import java.security.cert.CertificateException;
16 import javax.net.ssl.KeyManagerFactory;
17 import javax.net.ssl.SSLContext;
18 import javax.net.ssl.TrustManagerFactory;
19 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.controller.pcep.app.config.rev160707.pcep.dispatcher.config.Tls;
20 import org.slf4j.Logger;
21 import org.slf4j.LoggerFactory;
24 * Class for setting up TLS connection.
26 public class SslContextFactory {
28 private static final String PROTOCOL = "TLS";
29 private final Tls tlsConfig;
31 private static final Logger LOG = LoggerFactory
32 .getLogger(SslContextFactory.class);
35 * SslContextFactory provides information about the TLS context and configuration.
37 * TLS configuration object, contains keystore locations and keystore types
39 public SslContextFactory(final Tls tlsConfig) {
40 this.tlsConfig = requireNonNull(tlsConfig);
43 public SSLContext getServerContext() {
45 final KeyStore ks = KeyStore.getInstance(this.tlsConfig.getKeystoreType().name());
46 ks.load(SslKeyStore.asInputStream(this.tlsConfig.getKeystore(), this.tlsConfig.getKeystorePathType()),
47 this.tlsConfig.getKeystorePassword().toCharArray());
48 final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
49 kmf.init(ks, this.tlsConfig.getCertificatePassword().toCharArray());
51 final KeyStore ts = KeyStore.getInstance(this.tlsConfig.getTruststoreType().name());
52 ts.load(SslKeyStore.asInputStream(this.tlsConfig.getTruststore(), this.tlsConfig.getTruststorePathType()),
53 this.tlsConfig.getTruststorePassword().toCharArray());
54 final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
57 final SSLContext serverContext = SSLContext.getInstance(PROTOCOL);
58 serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
60 } catch (final IOException e) {
62 "IOException - Failed to load keystore / truststore. Failed to initialize the server-side SSLContext",
64 } catch (final NoSuchAlgorithmException e) {
66 "NoSuchAlgorithmException - Unsupported algorithm. Failed to initialize the server-side SSLContext", e);
67 } catch (final CertificateException e) {
68 LOG.warn("CertificateException - Unable to access certificate (check password). Failed to initialize the server-side SSLContext", e);
69 } catch (final Exception e) {
70 LOG.warn("Exception - Failed to initialize the server-side SSLContext", e);
72 //TODO try to use default SSLContext instance?