Re: [PR] ARIES-2197 Add TLS/MTLS support to TCP Provider [aries-rsa]

Thu, 23 Apr 2026 22:47:08 -0700 


alien11689 commented on code in PR #60:
URL: https://github.com/apache/aries-rsa/pull/60#discussion_r3135702943


##########
provider/tcp/src/main/java/org/apache/aries/rsa/provider/tcp/TcpProvider.java:
##########
@@ -77,6 +92,50 @@ private static <T> Set<T> union(Collection<T>... 
collections) {
         return union;
     }
 
+    private void initSocketFactories(Config config) {
+        try {
+            mtls = config.isMtls();
+            String keyStore = config.getKeyStore();
+            String trustStore = config.getTrustStore();
+            if (mtls) {
+                // both client and server need the keystore and truststore
+                if (keyStore == null || keyStore.isEmpty() || trustStore == 
null || trustStore.isEmpty())
+                    throw new RuntimeException("MTLS requires keystore and 
truststore");
+                SSLContext context = NetUtil.createSSLContext(
+                        keyStore, config.getKeyStorePassword(),
+                        trustStore, config.getTrustStorePassword(),
+                        config.getKeyAlias());
+                serverSocketFactory = 
NetUtil.createMTLSServerSocketFactory(context);
+                socketFactory = context.getSocketFactory();
+            } else {
+                if (keyStore == null || keyStore.isEmpty()) {
+                    serverSocketFactory = ServerSocketFactory.getDefault(); // 
plain sockets
+                } else {
+                    // server only needs keystore
+                    SSLContext context = NetUtil.createSSLContext(
+                        keyStore, config.getKeyStorePassword(), null, null, 
config.getKeyAlias());
+                    serverSocketFactory = context.getServerSocketFactory();
+                }
+                if (trustStore == null || trustStore.isEmpty()) {
+                    socketFactory = SocketFactory.getDefault(); // plain 
sockets
+                }  else {
+                    // client only needs truststore
+                    SSLContext context = NetUtil.createSSLContext(
+                        null, null, trustStore, 
config.getTrustStorePassword(), null);
+                    socketFactory = context.getSocketFactory();
+                }
+            }
+        } catch (NoSuchAlgorithmException | KeyManagementException | 
UnrecoverableKeyException | IOException |
+                 KeyStoreException | CertificateException e) {
+            throw new RuntimeException("Error initializing SSL Context", e);

Review Comment:
   Checked exceptions may change the code int many places when pushed forward. 
For me having a runtime exception here is fine. If you don't see the need to 
create a new exception class for this place then it's also fine.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to