amichair commented on code in PR #60:
URL: https://github.com/apache/aries-rsa/pull/60#discussion_r3135570492
##########
provider/tcp/src/main/java/org/apache/aries/rsa/provider/tcp/TcpProvider.java:
##########
@@ -77,6 +92,50 @@ private static <T> Set<T> union(Collection<T>...
collections) {
return union;
}
+ private void initSocketFactories(Config config) {
+ try {
+ mtls = config.isMtls();
+ String keyStore = config.getKeyStore();
+ String trustStore = config.getTrustStore();
+ if (mtls) {
+ // both client and server need the keystore and truststore
+ if (keyStore == null || keyStore.isEmpty() || trustStore ==
null || trustStore.isEmpty())
+ throw new RuntimeException("MTLS requires keystore and
truststore");
+ SSLContext context = NetUtil.createSSLContext(
+ keyStore, config.getKeyStorePassword(),
+ trustStore, config.getTrustStorePassword(),
+ config.getKeyAlias());
+ serverSocketFactory =
NetUtil.createMTLSServerSocketFactory(context);
+ socketFactory = context.getSocketFactory();
+ } else {
+ if (keyStore == null || keyStore.isEmpty()) {
+ serverSocketFactory = ServerSocketFactory.getDefault(); //
plain sockets
+ } else {
+ // server only needs keystore
+ SSLContext context = NetUtil.createSSLContext(
+ keyStore, config.getKeyStorePassword(), null, null,
config.getKeyAlias());
+ serverSocketFactory = context.getServerSocketFactory();
+ }
+ if (trustStore == null || trustStore.isEmpty()) {
+ socketFactory = SocketFactory.getDefault(); // plain
sockets
+ } else {
+ // client only needs truststore
+ SSLContext context = NetUtil.createSSLContext(
+ null, null, trustStore,
config.getTrustStorePassword(), null);
+ socketFactory = context.getSocketFactory();
+ }
+ }
+ } catch (NoSuchAlgorithmException | KeyManagementException |
UnrecoverableKeyException | IOException |
+ KeyStoreException | CertificateException e) {
+ throw new RuntimeException("Error initializing SSL Context", e);
Review Comment:
I figured it wasn't worth adding code for a custom exception if it's thrown
in a single place and never caught explicitly. It does wrap the original
exception with the full details and stack trace etc. Would you prefer that it
just threw the original exception without catching+wrapping it in a
RuntimeException? I suppose that's unnecessary and can be simplified.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
