2 * Copyright (c) 2013 Pantheon Technologies s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.openflowjava.protocol.impl.clients;
11 import java.security.KeyStore;
12 import java.security.Security;
14 import javax.net.ssl.KeyManagerFactory;
15 import javax.net.ssl.SSLContext;
16 import javax.net.ssl.TrustManagerFactory;
19 * Class for setting up TLS connection.
21 * @author michal.polkorab
23 public final class ClientSslContextFactory {
26 // "TLS" - supports some version of TLS
27 // Use "TLSv1", "TLSv1.1", "TLSv1.2" for specific TLS version
28 private static final String PROTOCOL = "TLS";
29 private static final SSLContext CLIENT_CONTEXT;
32 String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
33 if (algorithm == null) {
34 algorithm = "SunX509";
37 SSLContext clientContext;
39 KeyStore ks = KeyStore.getInstance("JKS");
40 ks.load(ClientSslKeyStore.asInputStream(),
41 ClientSslKeyStore.getKeyStorePassword());
43 KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
44 kmf.init(ks, ClientSslKeyStore.getCertificatePassword());
46 KeyStore ts = KeyStore.getInstance("JKS");
47 ts.load(ClientSslTrustStore.asInputStream(),
48 ClientSslTrustStore.getKeyStorePassword());
50 TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
53 clientContext = SSLContext.getInstance(PROTOCOL);
54 clientContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
55 } catch (Exception e) {
57 "Failed to initialize the client-side SSLContext", e);
60 CLIENT_CONTEXT = clientContext;
64 * @return cliencontext
66 public static SSLContext getClientContext() {
67 return CLIENT_CONTEXT;