2 * Copyright (c) 2013 Pantheon Technologies s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.openflowjava.protocol.impl.clients;
11 import java.security.KeyStore;
12 import java.security.Security;
14 import javax.net.ssl.KeyManagerFactory;
15 import javax.net.ssl.SSLContext;
16 import javax.net.ssl.TrustManagerFactory;
19 * Class for setting up TLS connection.
21 * @author michal.polkorab
23 public final class ClientSslContextFactory {
25 private ClientSslContextFactory() {
26 throw new UnsupportedOperationException("Utility class shouldn't be instantiated");
29 // "TLS" - supports some version of TLS
30 // Use "TLSv1", "TLSv1.1", "TLSv1.2" for specific TLS version
31 private static final String PROTOCOL = "TLS";
32 private static final SSLContext CLIENT_CONTEXT;
35 String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
36 if (algorithm == null) {
37 algorithm = "SunX509";
40 SSLContext clientContext;
42 KeyStore ks = KeyStore.getInstance("JKS");
43 ks.load(ClientSslKeyStore.asInputStream(),
44 ClientSslKeyStore.getKeyStorePassword());
46 KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
47 kmf.init(ks, ClientSslKeyStore.getCertificatePassword());
49 KeyStore ts = KeyStore.getInstance("JKS");
50 ts.load(ClientSslTrustStore.asInputStream(),
51 ClientSslTrustStore.getKeyStorePassword());
53 TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
56 clientContext = SSLContext.getInstance(PROTOCOL);
57 clientContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
58 } catch (Exception e) {
60 "Failed to initialize the client-side SSLContext", e);
63 CLIENT_CONTEXT = clientContext;
67 * @return client context
69 public static SSLContext getClientContext() {
70 return CLIENT_CONTEXT;