plugins/netconf-client-mdsal/src/main/java/org/opendaylight/netconf/client/mdsal/impl/SslHandlerFactoryImpl.java

   1 /*
   2  * Copyright (c) 2019 Pantheon Technologies, s.r.o. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.netconf.client.mdsal.impl;
   9
  10 import static java.util.Objects.requireNonNull;
  11
  12 import com.google.common.collect.Sets;
  13 import io.netty.handler.ssl.SslHandler;
  14 import java.io.IOException;
  15 import java.security.GeneralSecurityException;
  16 import java.security.KeyStore;
  17 import java.util.Set;
  18 import javax.net.ssl.KeyManagerFactory;
  19 import javax.net.ssl.SSLContext;
  20 import javax.net.ssl.SSLEngine;
  21 import javax.net.ssl.TrustManagerFactory;
  22 import org.opendaylight.netconf.client.SslHandlerFactory;
  23
  24 final class SslHandlerFactoryImpl implements SslHandlerFactory {
  25     private final DefaultSslHandlerFactoryProvider keyStoreProvider;
  26     private final Set<String> excludedVersions;
  27
  28     SslHandlerFactoryImpl(final DefaultSslHandlerFactoryProvider keyStoreProvider, final Set<String> excludedVersions) {
  29         this.keyStoreProvider = requireNonNull(keyStoreProvider);
  30         this.excludedVersions = requireNonNull(excludedVersions);
  31     }
  32
  33     @Override
  34     public SslHandler createSslHandler(final Set<String> allowedKeys) {
  35         try {
  36             final KeyStore keyStore = keyStoreProvider.getJavaKeyStore(allowedKeys);
  37
  38             final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  39             kmf.init(keyStore, "".toCharArray());
  40
  41             final TrustManagerFactory tmf =
  42                     TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  43             tmf.init(keyStore);
  44
  45             final SSLContext sslCtx = SSLContext.getInstance("TLS");
  46             sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
  47             final SSLEngine engine = sslCtx.createSSLEngine();
  48             engine.setUseClientMode(true);
  49
  50             final String[] engineProtocols = engine.getSupportedProtocols();
  51             final String[] enabledProtocols;
  52             if (!excludedVersions.isEmpty()) {
  53                 final var protocols = Sets.newHashSet(engineProtocols);
  54                 protocols.removeAll(excludedVersions);
  55                 enabledProtocols = protocols.toArray(new String[0]);
  56             } else {
  57                 enabledProtocols = engineProtocols;
  58             }
  59
  60             engine.setEnabledProtocols(enabledProtocols);
  61             engine.setEnabledCipherSuites(engine.getSupportedCipherSuites());
  62             engine.setEnableSessionCreation(true);
  63             return new SslHandler(engine);
  64         } catch (GeneralSecurityException | IOException exc) {
  65             throw new IllegalStateException(exc);
  66         }
  67     }
  68 }