2 * Copyright (c) 2023 PANTHEON.tech s.r.o. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.transport.tls;
10 import java.io.ByteArrayInputStream;
11 import java.io.IOException;
12 import java.security.KeyStore;
13 import java.security.KeyStoreException;
14 import java.security.NoSuchAlgorithmException;
15 import java.security.UnrecoverableKeyException;
16 import java.security.cert.Certificate;
17 import java.security.cert.CertificateException;
18 import java.security.cert.CertificateFactory;
19 import javax.net.ssl.KeyManagerFactory;
20 import javax.net.ssl.TrustManagerFactory;
21 import org.eclipse.jdt.annotation.NonNull;
22 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
24 final class KeyStoreUtils {
25 private static final char[] EMPTY_SECRET = new char[0];
27 private KeyStoreUtils() {
32 * Creates and initializes new key store instance.
34 * @return key store instance
35 * @throws UnsupportedConfigurationException if key store cannot be instantiated
37 static KeyStore newKeyStore() throws UnsupportedConfigurationException {
38 final KeyStore keyStore;
40 keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
41 keyStore.load(null, null);
42 } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException e) {
43 throw new UnsupportedConfigurationException("Cannot instantiate key store", e);
49 * Instantiates key manager factory, initializes it with key store instance provided.
51 * @param keyStore key store instance
52 * @return key manager factory instance
53 * @throws UnsupportedConfigurationException if key manager factory cannot be instantiated
55 static @NonNull KeyManagerFactory buildKeyManagerFactory(final @NonNull KeyStore keyStore)
56 throws UnsupportedConfigurationException {
58 final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
59 kmf.init(keyStore, EMPTY_SECRET);
61 } catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e) {
62 throw new UnsupportedConfigurationException("Cannot instantiate key manager", e);
67 * Instantiates trust manager factory, initializes it with key store instance provided.
69 * @param keyStore key store
70 * @return trust manager factory instance
71 * @throws UnsupportedConfigurationException if trust manager factory cannot be instantiated
73 static @NonNull TrustManagerFactory buildTrustManagerFactory(final @NonNull KeyStore keyStore)
74 throws UnsupportedConfigurationException {
76 final var tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
79 } catch (NoSuchAlgorithmException | KeyStoreException e) {
80 throw new UnsupportedConfigurationException("Cannot instantiate trust manager", e);
85 * Builds X509 Certificate instance.
87 * @param bytes certificate encoded
88 * @return certificate instance
89 * @throws CertificateException if certificate error occurs
90 * @throws IOException if input read error occurs
92 static Certificate buildX509Certificate(final byte[] bytes)
93 throws CertificateException, IOException {
94 try (var in = new ByteArrayInputStream(bytes)) {
95 return CertificateFactory.getInstance("X.509").generateCertificate(in);