2 * Copyright (c) 2019 Pantheon Technologies, s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.client.mdsal.impl;
10 import static java.util.Objects.requireNonNull;
12 import com.google.common.collect.Sets;
13 import io.netty.handler.ssl.SslHandler;
14 import java.io.IOException;
15 import java.security.GeneralSecurityException;
16 import java.security.KeyStore;
18 import javax.net.ssl.KeyManagerFactory;
19 import javax.net.ssl.SSLContext;
20 import javax.net.ssl.SSLEngine;
21 import javax.net.ssl.TrustManagerFactory;
22 import org.opendaylight.netconf.client.SslHandlerFactory;
24 final class SslHandlerFactoryImpl implements SslHandlerFactory {
25 private final DefaultSslHandlerFactoryProvider keyStoreProvider;
26 private final Set<String> excludedVersions;
28 SslHandlerFactoryImpl(final DefaultSslHandlerFactoryProvider keyStoreProvider, final Set<String> excludedVersions) {
29 this.keyStoreProvider = requireNonNull(keyStoreProvider);
30 this.excludedVersions = requireNonNull(excludedVersions);
34 public SslHandler createSslHandler(final Set<String> allowedKeys) {
36 final KeyStore keyStore = keyStoreProvider.getJavaKeyStore(allowedKeys);
38 final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
39 kmf.init(keyStore, "".toCharArray());
41 final TrustManagerFactory tmf =
42 TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
45 final SSLContext sslCtx = SSLContext.getInstance("TLS");
46 sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
47 final SSLEngine engine = sslCtx.createSSLEngine();
48 engine.setUseClientMode(true);
50 final String[] engineProtocols = engine.getSupportedProtocols();
51 final String[] enabledProtocols;
52 if (!excludedVersions.isEmpty()) {
53 final var protocols = Sets.newHashSet(engineProtocols);
54 protocols.removeAll(excludedVersions);
55 enabledProtocols = protocols.toArray(new String[0]);
57 enabledProtocols = engineProtocols;
60 engine.setEnabledProtocols(enabledProtocols);
61 engine.setEnabledCipherSuites(engine.getSupportedCipherSuites());
62 engine.setEnableSessionCreation(true);
63 return new SslHandler(engine);
64 } catch (GeneralSecurityException | IOException exc) {
65 throw new IllegalStateException(exc);