Search in sources :

Example 1 with SSLConfig

use of org.ballerinalang.net.grpc.ssl.SSLConfig in project ballerina by ballerina-lang.

the class EndpointUtils method getSslConfig.

/**
 * Generate SSL configs.
 *
 * @param sslConfig service endpoint configuration struct.
 * @return SSL beans.
 */
private static SSLConfig getSslConfig(Struct sslConfig) {
    String keyStoreFile = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_KEY_STORE_FILE);
    String keyStorePassword = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_KEY_STORE_PASSWORD);
    String trustStoreFile = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_STRUST_STORE_FILE);
    String trustStorePassword = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_STRUST_STORE_PASSWORD);
    String sslVerifyClient = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_SSL_VERIFY_CLIENT);
    String certPassword = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_CERT_PASSWORD);
    String sslProtocol = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_SSL_PROTOCOL);
    String tlsStoreType = sslConfig.getStringField(EndpointConstants.SSL_TLS_STORE_TYPE);
    sslProtocol = (sslProtocol != null && !EMPTY_STRING.equals(sslProtocol)) ? sslProtocol : "TLS";
    tlsStoreType = (tlsStoreType != null && !EMPTY_STRING.equals(tlsStoreType)) ? tlsStoreType : "PKCS12";
    boolean validateCertificateEnabled = sslConfig.getBooleanField(EndpointConstants.SSL_CONFIG_VALIDATE_CERT_ENABLED);
    long cacheSize = sslConfig.getIntField(EndpointConstants.SSL_CONFIG_CACHE_SIZE);
    long cacheValidationPeriod = sslConfig.getIntField(EndpointConstants.SSL_CONFIG_CACHE_VALIDITY_PERIOD);
    if (keyStoreFile == null) {
        // TODO get from language pack, and add location
        throw new BallerinaConnectorException("Keystore location must be provided for secure connection");
    }
    if (keyStorePassword == null) {
        // TODO get from language pack, and add location
        throw new BallerinaConnectorException("Keystore password value must be provided for secure connection");
    }
    if (certPassword == null) {
        // TODO get from language pack, and add location
        throw new BallerinaConnectorException("Certificate password value must be provided for secure connection");
    }
    if ((trustStoreFile == null) && sslVerifyClient != null) {
        // TODO get from language pack, and add location
        throw new BallerinaException("Truststore location must be provided to enable Mutual SSL");
    }
    if ((trustStorePassword == null) && sslVerifyClient != null) {
        // TODO get from language pack, and add location
        throw new BallerinaException("Truststore password value must be provided to enable Mutual SSL");
    }
    SSLConfig config = new SSLConfig();
    config.setTLSStoreType(EndpointConstants.PKCS_STORE_TYPE);
    config.setKeyStore(new File(substituteVariables(keyStoreFile)));
    config.setKeyStorePass(keyStorePassword);
    config.setCertPass(certPassword);
    config.setTLSStoreType(tlsStoreType);
    config.setSslVerifyClient(sslVerifyClient);
    if (trustStoreFile != null) {
        config.setTrustStore(new File(substituteVariables(trustStoreFile)));
        config.setTrustStorePass(trustStorePassword);
    }
    config.setValidateCertificateEnabled(validateCertificateEnabled);
    if (validateCertificateEnabled) {
        config.setCacheSize(Math.toIntExact(cacheSize));
        config.setCacheValidityPeriod(Math.toIntExact(cacheValidationPeriod));
    }
    config.setSslProtocol(sslProtocol);
    return config;
}
Also used : SSLConfig(org.ballerinalang.net.grpc.ssl.SSLConfig) BallerinaConnectorException(org.ballerinalang.connector.api.BallerinaConnectorException) BallerinaException(org.ballerinalang.util.exceptions.BallerinaException) File(java.io.File)

Aggregations

File (java.io.File)1 BallerinaConnectorException (org.ballerinalang.connector.api.BallerinaConnectorException)1 SSLConfig (org.ballerinalang.net.grpc.ssl.SSLConfig)1 BallerinaException (org.ballerinalang.util.exceptions.BallerinaException)1