1 /*============LICENSE_START=======================================================
2 * aaf-certservice-client
3 * ================================================================================
4 * Copyright (C) 2020 Nokia. All rights reserved.
5 * ================================================================================
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 * ============LICENSE_END=========================================================
20 package org.onap.aaf.certservice.client.configuration.factory;
22 import org.apache.http.ssl.SSLContexts;
23 import org.onap.aaf.certservice.client.configuration.EnvsForTls;
24 import org.onap.aaf.certservice.client.configuration.TlsConfigurationEnvs;
25 import org.onap.aaf.certservice.client.configuration.exception.TlsConfigurationException;
27 import javax.net.ssl.SSLContext;
29 import java.io.FileInputStream;
30 import java.io.IOException;
31 import java.security.KeyStore;
32 import java.security.KeyStoreException;
33 import java.security.NoSuchAlgorithmException;
34 import java.security.cert.CertificateException;
36 public class SslContextFactory {
38 private static final String JKS = "jks";
40 private EnvsForTls envsForTls;
42 public SslContextFactory(EnvsForTls envsForTls) {
43 this.envsForTls = envsForTls;
46 public SSLContext create() throws TlsConfigurationException {
47 String keystorePath = envsForTls.getKeystorePath()
48 .orElseThrow(() -> new TlsConfigurationException(createEnvMissingMessage(TlsConfigurationEnvs.KEYSTORE_PATH)));
49 String keystorePassword = envsForTls.getKeystorePassword()
50 .orElseThrow(() -> new TlsConfigurationException(createEnvMissingMessage(TlsConfigurationEnvs.KEYSTORE_PASSWORD)));
51 String truststorePath = envsForTls.getTruststorePath()
52 .orElseThrow(() -> new TlsConfigurationException(createEnvMissingMessage(TlsConfigurationEnvs.TRUSTSTORE_PATH)));
53 String truststorePassword = envsForTls.getTruststorePassword()
54 .orElseThrow(() -> new TlsConfigurationException(createEnvMissingMessage(TlsConfigurationEnvs.TRUSTSTORE_PASSWORD)));
56 return createSslContext(keystorePath, keystorePassword, truststorePath, truststorePassword);
59 private String createEnvMissingMessage(TlsConfigurationEnvs keystorePath) {
60 return String.format("%s env is missing.", keystorePath);
63 private KeyStore setupKeystore(String keystorePath, String certPassword)
64 throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
65 KeyStore keyStore = KeyStore.getInstance(JKS);
66 FileInputStream identityKeyStoreFile = new FileInputStream(new File(
68 keyStore.load(identityKeyStoreFile, certPassword.toCharArray());
72 private SSLContext createSslContext(String keystorePath, String keystorePassword, String truststorePath, String truststorePassword) throws TlsConfigurationException {
74 KeyStore identityKeystore = setupKeystore(keystorePath, keystorePassword);
75 KeyStore trustKeystore = setupKeystore(truststorePath, truststorePassword);
77 return SSLContexts.custom()
78 .loadKeyMaterial(identityKeystore, keystorePassword.toCharArray())
79 .loadTrustMaterial(trustKeystore, null)
81 } catch (Exception e) {
82 throw new TlsConfigurationException("TLS configuration exception: " + e);
Code Review / oom / platform / cert-service.git / blob