Remove trailing whitespace

[openflowjava.git] / openflow-protocol-impl / src / main / java / org / opendaylight / openflowjava / protocol / impl / core / SslContextFactory.java

diff --git a/openflow-protocol-impl/src/main/java/org/opendaylight/openflowjava/protocol/impl/core/SslContextFactory.java b/openflow-protocol-impl/src/main/java/org/opendaylight/openflowjava/protocol/impl/core/SslContextFactory.java
index ab27204370c24bd4e8b4014c63e56c920742a3fa..b2c5a199f53d9f2da23c873d6fc1a2ede6f6db5c 100644 (file)
--- a/openflow-protocol-impl/src/main/java/org/opendaylight/openflowjava/protocol/impl/core/SslContextFactory.java
+++ b/openflow-protocol-impl/src/main/java/org/opendaylight/openflowjava/protocol/impl/core/SslContextFactory.java
@@ -1,71 +1,88 @@
-/* Copyright (C)2013 Pantheon Technologies, s.r.o. All rights reserved. */
+/*
+ * Copyright (c) 2013 Pantheon Technologies s.r.o. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
 package org.opendaylight.openflowjava.protocol.impl.core;
 
+import java.io.IOException;
 import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
 import java.security.Security;
+import java.security.cert.CertificateException;
 
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Class for setting up TLS connection.
  *
  * @author michal.polkorab
  */
-public final class SslContextFactory {
+public class SslContextFactory {
 
-    
     // "TLS" - supports some version of TLS
     // Use "TLSv1", "TLSv1.1", "TLSv1.2" for specific TLS version
     private static final String PROTOCOL = "TLS";
-    private static final SSLContext SERVER_CONTEXT;
-    private static final SSLContext CLIENT_CONTEXT;
+    private TlsConfiguration tlsConfig;
+
+    private static final Logger LOGGER = LoggerFactory
+            .getLogger(SslContextFactory.class);
+
+    /**
+     * @param tlsConfig
+     *            TLS configuration object, contains keystore locations +
+     *            keystore types
+     */
+    public SslContextFactory(TlsConfiguration tlsConfig) {
+        this.tlsConfig = tlsConfig;
+    }
 
-    static {
-        String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
+    /**
+     * @return servercontext
+     */
+    public SSLContext getServerContext() {
+        String algorithm = Security
+                .getProperty("ssl.KeyManagerFactory.algorithm");
         if (algorithm == null) {
             algorithm = "SunX509";
         }
-
-        SSLContext serverContext;
-        SSLContext clientContext;
+        SSLContext serverContext = null;
         try {
-            KeyStore ks = KeyStore.getInstance("JKS");
-            ks.load(SslKeyStore.asInputStream(),
-                    SslKeyStore.getKeyStorePassword());
-
+            KeyStore ks = KeyStore.getInstance(tlsConfig.getTlsKeystoreType().name());
+            ks.load(SslKeyStore.asInputStream(tlsConfig.getTlsKeystore(), tlsConfig.getTlsKeystorePathType()),
+                    tlsConfig.getKeystorePassword().toCharArray());
             KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
-            kmf.init(ks, SslKeyStore.getCertificatePassword());
+            kmf.init(ks, tlsConfig.getCertificatePassword().toCharArray());
+
+            KeyStore ts = KeyStore.getInstance(tlsConfig.getTlsTruststoreType().name());
+            ts.load(SslKeyStore.asInputStream(tlsConfig.getTlsTruststore(), tlsConfig.getTlsTruststorePathType()),
+                    tlsConfig.getTruststorePassword().toCharArray());
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
+            tmf.init(ts);
 
             serverContext = SSLContext.getInstance(PROTOCOL);
-            serverContext.init(kmf.getKeyManagers(), null, null);
-        } catch (Exception e) {
-            throw new Error(
-                    "Failed to initialize the server-side SSLContext", e);
-        }
-        try {
-            clientContext = SSLContext.getInstance(PROTOCOL);
-            clientContext.init(null, SslTrustManagerFactory.getTrustManagers(), null);
+            serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+        } catch (IOException e) {
+            LOGGER.warn("IOException - Failed to load keystore / truststore."
+                    + " Failed to initialize the server-side SSLContext", e);
+        } catch (NoSuchAlgorithmException e) {
+            LOGGER.warn("NoSuchAlgorithmException - Unsupported algorithm."
+                    + " Failed to initialize the server-side SSLContext", e);
+        } catch (CertificateException e) {
+            LOGGER.warn("CertificateException - Unable to access certificate (check password)."
+                    + " Failed to initialize the server-side SSLContext", e);
         } catch (Exception e) {
-            throw new Error(
-                    "Failed to initialize the client-side SSLContext", e);
+            LOGGER.warn("Exception - Failed to initialize the server-side SSLContext", e);
         }
-
-        SERVER_CONTEXT = serverContext;
-        CLIENT_CONTEXT = clientContext;
-    }
-
-    /**
-     * @return servercontext
-     */
-    public static SSLContext getServerContext() {
-        return SERVER_CONTEXT;
-    }
-
-    /**
-     * @return cliencontext
-     */
-    public static SSLContext getClientContext() {
-        return CLIENT_CONTEXT;
+        return serverContext;
     }
-}
\ No newline at end of file
+}