2 * Copyright (c) 2022 PANTHEON.tech, s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.transport.tls;
10 import static org.opendaylight.netconf.transport.tls.KeyStoreUtils.newKeyStore;
12 import io.netty.handler.ssl.SslHandler;
13 import java.security.KeyManagementException;
14 import java.security.KeyStore;
15 import java.security.KeyStoreException;
16 import java.security.NoSuchAlgorithmException;
17 import java.security.UnrecoverableKeyException;
18 import javax.net.ssl.KeyManagerFactory;
19 import javax.net.ssl.SSLContext;
20 import javax.net.ssl.TrustManagerFactory;
21 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
22 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.common.rev230417.HelloParamsGrouping;
25 * A pre-configured factory for creating {@link SslHandler}s.
27 final class SSLEngineFactory {
28 private static final char[] EMPTY_CHARS = new char[0];
30 private final SSLContext sslContext;
32 private SSLEngineFactory(final HelloParamsGrouping helloParams) throws UnsupportedConfigurationException {
33 final KeyStore keyStore = newKeyStore();
37 final KeyManagerFactory kmf;
39 kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
40 } catch (NoSuchAlgorithmException e) {
41 throw new UnsupportedConfigurationException("Cannot instantiate key manager", e);
44 kmf.init(keyStore, EMPTY_CHARS);
45 } catch (UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException e) {
46 throw new UnsupportedConfigurationException("Cannot initialize key manager", e);
49 final TrustManagerFactory tmf;
51 tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
52 } catch (NoSuchAlgorithmException e) {
53 throw new UnsupportedConfigurationException("Cannot instantiate trust manager", e);
57 } catch (KeyStoreException e) {
58 throw new UnsupportedConfigurationException("Cannot initialize trust manager", e);
62 sslContext = SSLContext.getInstance("TLS");
63 } catch (NoSuchAlgorithmException e) {
64 throw new UnsupportedConfigurationException("TLS context cannot be allocated", e);
67 sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
68 } catch (KeyManagementException e) {
69 throw new UnsupportedConfigurationException("TLS context cannot be initialized", e);