opendaylight/netconf/netconf-it/src/test/java/org/opendaylight/controller/netconf/it/SSLUtil.java

   1 /*
   2  * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.controller.netconf.it;
   9
  10 import java.io.IOException;
  11 import java.io.InputStream;
  12 import java.security.KeyManagementException;
  13 import java.security.KeyStore;
  14 import java.security.KeyStoreException;
  15 import java.security.NoSuchAlgorithmException;
  16 import java.security.UnrecoverableKeyException;
  17 import java.security.cert.CertificateException;
  18
  19 import javax.net.ssl.KeyManagerFactory;
  20 import javax.net.ssl.SSLContext;
  21 import javax.net.ssl.TrustManagerFactory;
  22
  23 import com.google.common.base.Preconditions;
  24
  25 public final class SSLUtil {
  26
  27     private SSLUtil() {}
  28
  29     public static SSLContext initializeSecureContext(final String pass, final InputStream ksKeysFile, final InputStream ksTrustFile,
  30                                                      final String algorithm) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException,
  31             UnrecoverableKeyException, KeyManagementException {
  32
  33         Preconditions.checkNotNull(ksTrustFile, "ksTrustFile cannot be null");
  34         Preconditions.checkNotNull(ksKeysFile, "ksKeysFile cannot be null");
  35
  36         final char[] passphrase = pass.toCharArray();
  37
  38         // First initialize the key and trust material.
  39         final KeyStore ksKeys = KeyStore.getInstance("JKS");
  40         ksKeys.load(ksKeysFile, passphrase);
  41         final KeyStore ksTrust = KeyStore.getInstance("JKS");
  42         ksTrust.load(ksTrustFile, passphrase);
  43
  44         // KeyManager's decide which key material to use.
  45         final KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
  46         kmf.init(ksKeys, passphrase);
  47
  48         // TrustManager's decide whether to allow connections.
  49         final TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
  50         tmf.init(ksTrust);
  51
  52         final SSLContext sslContext = SSLContext.getInstance("TLS");
  53
  54         // Create/initialize the SSLContext with key material
  55         sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
  56         return sslContext;
  57     }
  58
  59 }