+ private static final class SslHandlerFactoryImpl implements SslHandlerFactory {
+ private final NetconfKeystoreAdapter keystoreAdapter;
+ private final Optional<Specification> specOptional;
+
+ SslHandlerFactoryImpl(final NetconfKeystoreAdapter keystoreAdapter, final Specification specification) {
+ this.keystoreAdapter = keystoreAdapter;
+ this.specOptional = Optional.fromNullable(specification);
+ }
+
+ @Override
+ public SslHandler createSslHandler() {
+ try {
+ final KeyStore keyStore = keystoreAdapter.getJavaKeyStore();
+
+ final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(keyStore, "".toCharArray());
+
+ final TrustManagerFactory tmf =
+ TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(keyStore);
+
+ final SSLContext sslCtx = SSLContext.getInstance("TLS");
+ sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+ final SSLEngine engine = sslCtx.createSSLEngine();
+ engine.setUseClientMode(true);
+
+ final Set<String> protocols = Sets.newHashSet(engine.getSupportedProtocols());
+ if (specOptional.isPresent()) {
+ final Specification specification = specOptional.get();
+ if (!(specification instanceof TlsCase)) {
+ throw new IllegalArgumentException("Cannot get TLS specification from: " + specification);
+ }
+ protocols.removeAll(((TlsCase)specification).getTls().getExcludedVersions());
+ }
+
+ engine.setEnabledProtocols(protocols.toArray(new String[0]));
+ engine.setEnabledCipherSuites(engine.getSupportedCipherSuites());
+ engine.setEnableSessionCreation(true);
+
+ return new SslHandler(engine);
+ } catch (GeneralSecurityException | IOException exc) {
+ throw new IllegalStateException(exc);
+ }
+ }
+ }