Re: [PR] ARIES-2197 Add TLS/MTLS support to TCP Provider [aries-rsa]

via GitHub Wed, 22 Apr 2026 10:43:51 -0700


alien11689 commented on code in PR #60:
URL: https://github.com/apache/aries-rsa/pull/60#discussion_r3125848957



##########
provider/tcp/src/main/java/org/apache/aries/rsa/provider/tcp/TcpProvider.java:
##########
@@ -77,6 +92,50 @@ private static <T> Set<T> union(Collection<T>... 
collections) {
         return union;
     }
 
+    private void initSocketFactories(Config config) {
+        try {
+            mtls = config.isMtls();
+            String keyStore = config.getKeyStore();
+            String trustStore = config.getTrustStore();
+            if (mtls) {
+                // both client and server need the keystore and truststore
+                if (keyStore == null || keyStore.isEmpty() || trustStore == 
null || trustStore.isEmpty())
+                    throw new RuntimeException("MTLS requires keystore and 
truststore");
+                SSLContext context = NetUtil.createSSLContext(
+                        keyStore, config.getKeyStorePassword(),
+                        trustStore, config.getTrustStorePassword(),
+                        config.getKeyAlias());
+                serverSocketFactory = 
NetUtil.createMTLSServerSocketFactory(context);
+                socketFactory = context.getSocketFactory();
+            } else {
+                if (keyStore == null || keyStore.isEmpty()) {
+                    serverSocketFactory = ServerSocketFactory.getDefault(); // 
plain sockets
+                } else {
+                    // server only needs keystore
+                    SSLContext context = NetUtil.createSSLContext(
+                        keyStore, config.getKeyStorePassword(), null, null, 
config.getKeyAlias());
+                    serverSocketFactory = context.getServerSocketFactory();
+                }
+                if (trustStore == null || trustStore.isEmpty()) {
+                    socketFactory = SocketFactory.getDefault(); // plain 
sockets
+                }  else {
+                    // client only needs truststore
+                    SSLContext context = NetUtil.createSSLContext(
+                        null, null, trustStore, 
config.getTrustStorePassword(), null);
+                    socketFactory = context.getSocketFactory();
+                }
+            }
+        } catch (NoSuchAlgorithmException | KeyManagementException | 
UnrecoverableKeyException | IOException |
+                 KeyStoreException | CertificateException e) {
+            throw new RuntimeException("Error initializing SSL Context", e);

Review Comment:
   Instead of RuntimeException we can have exception class 
SSLContextInitializationException so the class describes the problem



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] ARIES-2197 Add TLS/MTLS support to TCP Provider [aries-rsa]

Reply via email to