opendaylight/netconf/netconf-it/src/test/java/org/opendaylight/controller/netconf/it/SSLUtil.java

   1 /*
   2  * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.controller.netconf.it;
   9
  10 import com.google.common.base.Preconditions;
  11 import java.io.IOException;
  12 import java.io.InputStream;
  13 import java.security.KeyManagementException;
  14 import java.security.KeyStore;
  15 import java.security.KeyStoreException;
  16 import java.security.NoSuchAlgorithmException;
  17 import java.security.UnrecoverableKeyException;
  18 import java.security.cert.CertificateException;
  19 import javax.net.ssl.KeyManagerFactory;
  20 import javax.net.ssl.SSLContext;
  21 import javax.net.ssl.TrustManagerFactory;
  22
  23 public final class SSLUtil {
  24
  25     private SSLUtil() {}
  26
  27     public static SSLContext initializeSecureContext(final String pass, final InputStream ksKeysFile, final InputStream ksTrustFile,
  28                                                      final String algorithm) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException,
  29             UnrecoverableKeyException, KeyManagementException {
  30
  31         Preconditions.checkNotNull(ksTrustFile, "ksTrustFile cannot be null");
  32         Preconditions.checkNotNull(ksKeysFile, "ksKeysFile cannot be null");
  33
  34         final char[] passphrase = pass.toCharArray();
  35
  36         // First initialize the key and trust material.
  37         final KeyStore ksKeys = KeyStore.getInstance("JKS");
  38         ksKeys.load(ksKeysFile, passphrase);
  39         final KeyStore ksTrust = KeyStore.getInstance("JKS");
  40         ksTrust.load(ksTrustFile, passphrase);
  41
  42         // KeyManager's decide which key material to use.
  43         final KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
  44         kmf.init(ksKeys, passphrase);
  45
  46         // TrustManager's decide whether to allow connections.
  47         final TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
  48         tmf.init(ksTrust);
  49
  50         final SSLContext sslContext = SSLContext.getInstance("TLS");
  51
  52         // Create/initialize the SSLContext with key material
  53         sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
  54         return sslContext;
  55     }
  56
  57 }