-
- private static final class SslHandlerFactoryImpl implements SslHandlerFactory {
- private final NetconfKeystoreAdapter keystoreAdapter;
- private final Optional<Specification> specOptional;
-
- SslHandlerFactoryImpl(final NetconfKeystoreAdapter keystoreAdapter, final Specification specification) {
- this.keystoreAdapter = keystoreAdapter;
- this.specOptional = Optional.fromNullable(specification);
- }
-
- @Override
- public SslHandler createSslHandler() {
- try {
- final KeyStore keyStore = keystoreAdapter.getJavaKeyStore();
-
- final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
- kmf.init(keyStore, "".toCharArray());
-
- final TrustManagerFactory tmf =
- TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(keyStore);
-
- final SSLContext sslCtx = SSLContext.getInstance("TLS");
- sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
- final SSLEngine engine = sslCtx.createSSLEngine();
- engine.setUseClientMode(true);
-
- final Set<String> protocols = Sets.newHashSet(engine.getSupportedProtocols());
- if (specOptional.isPresent()) {
- final Specification specification = specOptional.get();
- if (!(specification instanceof TlsCase)) {
- throw new IllegalArgumentException("Cannot get TLS specification from: " + specification);
- }
- protocols.removeAll(((TlsCase)specification).getTls().getExcludedVersions());
- }
-
- engine.setEnabledProtocols(protocols.toArray(new String[0]));
- engine.setEnabledCipherSuites(engine.getSupportedCipherSuites());
- engine.setEnableSessionCreation(true);
-
- return new SslHandler(engine);
- } catch (GeneralSecurityException | IOException exc) {
- throw new IllegalStateException(exc);
- }
- }
- }