*/
package org.opendaylight.netconf.sal.connect.util;
-import static com.google.common.base.Preconditions.checkArgument;
import static java.util.Objects.requireNonNull;
import com.google.common.collect.Sets;
import org.eclipse.jdt.annotation.Nullable;
import org.opendaylight.netconf.client.SslHandlerFactory;
import org.opendaylight.netconf.sal.connect.netconf.sal.NetconfKeystoreAdapter;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.protocol.Specification;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node.connection.parameters.protocol.specification.TlsCase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev221225.connection.parameters.protocol.Specification;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev221225.connection.parameters.protocol.specification.TlsCase;
public final class SslHandlerFactoryImpl implements SslHandlerFactory {
private final NetconfKeystoreAdapter keystoreAdapter;
private final @Nullable Specification specification;
+ public SslHandlerFactoryImpl(final NetconfKeystoreAdapter keystoreAdapter) {
+ this(keystoreAdapter, null);
+ }
+
public SslHandlerFactoryImpl(final NetconfKeystoreAdapter keystoreAdapter, final Specification specification) {
this.keystoreAdapter = requireNonNull(keystoreAdapter);
this.specification = specification;
@Override
public SslHandler createSslHandler() {
+ return createSslHandler(Set.of());
+ }
+
+ @Override
+ public SslHandler createSslHandler(final Set<String> allowedKeys) {
try {
- final KeyStore keyStore = keystoreAdapter.getJavaKeyStore();
+ final KeyStore keyStore = keystoreAdapter.getJavaKeyStore(allowedKeys);
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, "".toCharArray());
final String[] engineProtocols = engine.getSupportedProtocols();
final String[] enabledProtocols;
- if (specification != null) {
- checkArgument(specification instanceof TlsCase, "Cannot get TLS specification from: %s", specification);
-
+ if (specification instanceof TlsCase tlsSpecification) {
final Set<String> protocols = Sets.newHashSet(engineProtocols);
- protocols.removeAll(((TlsCase)specification).getTls().getExcludedVersions());
+ protocols.removeAll(tlsSpecification.getTls().getExcludedVersions());
enabledProtocols = protocols.toArray(new String[0]);
- } else {
+ } else if (specification == null) {
enabledProtocols = engineProtocols;
+ } else {
+ throw new IllegalArgumentException("Cannot get TLS specification from: " + specification);
}
engine.setEnabledProtocols(enabledProtocols);