2 * Copyright (c) 2024 PANTHEON.tech, s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.client.mdsal.impl;
10 import static java.util.Objects.requireNonNull;
12 import io.netty.handler.ssl.ClientAuth;
13 import io.netty.handler.ssl.JdkSslContext;
14 import io.netty.handler.ssl.SslContext;
15 import java.io.IOException;
16 import java.security.GeneralSecurityException;
18 import javax.net.ssl.KeyManagerFactory;
19 import javax.net.ssl.SSLContext;
20 import javax.net.ssl.TrustManagerFactory;
21 import org.eclipse.jdt.annotation.NonNull;
22 import org.opendaylight.netconf.client.SslContextFactory;
24 class DefaultSslContextFactory implements SslContextFactory {
25 private final DefaultSslContextFactoryProvider keyStoreProvider;
27 DefaultSslContextFactory(final DefaultSslContextFactoryProvider keyStoreProvider) {
28 this.keyStoreProvider = requireNonNull(keyStoreProvider);
32 public final SslContext createSslContext(final Set<String> allowedKeys) {
33 final SSLContext sslContext;
35 final var keyStore = keyStoreProvider.getJavaKeyStore(allowedKeys);
37 final var kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
38 kmf.init(keyStore, "".toCharArray());
40 final var tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
43 sslContext = SSLContext.getInstance("TLS");
44 sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
45 } catch (IOException | GeneralSecurityException e) {
46 throw new IllegalStateException("Failed to initialize SSL context", e);
49 return wrapSslContext(new JdkSslContext(sslContext, true, ClientAuth.NONE));
52 @NonNull SslContext wrapSslContext(final @NonNull SslContext sslContext) {