openflow-protocol-impl/src/main/java/org/opendaylight/openflowjava/protocol/impl/core/SslContextFactory.java

   1 /*
   2  * Copyright (c) 2013 Pantheon Technologies s.r.o. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.openflowjava.protocol.impl.core;
  10
  11 import java.io.IOException;
  12 import java.security.KeyStore;
  13 import java.security.NoSuchAlgorithmException;
  14 import java.security.Security;
  15 import java.security.cert.CertificateException;
  16
  17 import javax.net.ssl.KeyManagerFactory;
  18 import javax.net.ssl.SSLContext;
  19 import javax.net.ssl.TrustManagerFactory;
  20
  21 import org.opendaylight.openflowjava.protocol.api.connection.TlsConfiguration;
  22 import org.slf4j.Logger;
  23 import org.slf4j.LoggerFactory;
  24
  25 /**
  26  * Class for setting up TLS connection.
  27  *
  28  * @author michal.polkorab
  29  */
  30 public class SslContextFactory {
  31
  32     // "TLS" - supports some version of TLS
  33     // Use "TLSv1", "TLSv1.1", "TLSv1.2" for specific TLS version
  34     private static final String PROTOCOL = "TLS";
  35     private TlsConfiguration tlsConfig;
  36
  37     private static final Logger LOGGER = LoggerFactory
  38             .getLogger(SslContextFactory.class);
  39
  40     /**
  41      * @param tlsConfig
  42      *            TLS configuration object, contains keystore locations +
  43      *            keystore types
  44      */
  45     public SslContextFactory(TlsConfiguration tlsConfig) {
  46         this.tlsConfig = tlsConfig;
  47     }
  48
  49     /**
  50      * @return servercontext
  51      */
  52     public SSLContext getServerContext() {
  53         String algorithm = Security
  54                 .getProperty("ssl.KeyManagerFactory.algorithm");
  55         if (algorithm == null) {
  56             algorithm = "SunX509";
  57         }
  58         SSLContext serverContext = null;
  59         try {
  60             KeyStore ks = KeyStore.getInstance(tlsConfig.getTlsKeystoreType().name());
  61             ks.load(SslKeyStore.asInputStream(tlsConfig.getTlsKeystore(), tlsConfig.getTlsKeystorePathType()),
  62                     tlsConfig.getKeystorePassword().toCharArray());
  63             KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
  64             kmf.init(ks, tlsConfig.getCertificatePassword().toCharArray());
  65
  66             KeyStore ts = KeyStore.getInstance(tlsConfig.getTlsTruststoreType().name());
  67             ts.load(SslKeyStore.asInputStream(tlsConfig.getTlsTruststore(), tlsConfig.getTlsTruststorePathType()),
  68                     tlsConfig.getTruststorePassword().toCharArray());
  69             TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
  70             tmf.init(ts);
  71
  72             serverContext = SSLContext.getInstance(PROTOCOL);
  73             serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
  74         } catch (IOException e) {
  75             LOGGER.warn("IOException - Failed to load keystore / truststore."
  76                     + " Failed to initialize the server-side SSLContext", e);
  77         } catch (NoSuchAlgorithmException e) {
  78             LOGGER.warn("NoSuchAlgorithmException - Unsupported algorithm."
  79                     + " Failed to initialize the server-side SSLContext", e);
  80         } catch (CertificateException e) {
  81             LOGGER.warn("CertificateException - Unable to access certificate (check password)."
  82                     + " Failed to initialize the server-side SSLContext", e);
  83         } catch (Exception e) {
  84             LOGGER.warn("Exception - Failed to initialize the server-side SSLContext", e);
  85         }
  86         return serverContext;
  87     }
  88 }