use of org.ballerinalang.net.grpc.ssl.SSLConfig in project ballerina by ballerina-lang.
the class EndpointUtils method getSslConfig.
/**
* Generate SSL configs.
*
* @param sslConfig service endpoint configuration struct.
* @return SSL beans.
*/
private static SSLConfig getSslConfig(Struct sslConfig) {
String keyStoreFile = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_KEY_STORE_FILE);
String keyStorePassword = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_KEY_STORE_PASSWORD);
String trustStoreFile = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_STRUST_STORE_FILE);
String trustStorePassword = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_STRUST_STORE_PASSWORD);
String sslVerifyClient = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_SSL_VERIFY_CLIENT);
String certPassword = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_CERT_PASSWORD);
String sslProtocol = sslConfig.getStringField(EndpointConstants.SSL_CONFIG_SSL_PROTOCOL);
String tlsStoreType = sslConfig.getStringField(EndpointConstants.SSL_TLS_STORE_TYPE);
sslProtocol = (sslProtocol != null && !EMPTY_STRING.equals(sslProtocol)) ? sslProtocol : "TLS";
tlsStoreType = (tlsStoreType != null && !EMPTY_STRING.equals(tlsStoreType)) ? tlsStoreType : "PKCS12";
boolean validateCertificateEnabled = sslConfig.getBooleanField(EndpointConstants.SSL_CONFIG_VALIDATE_CERT_ENABLED);
long cacheSize = sslConfig.getIntField(EndpointConstants.SSL_CONFIG_CACHE_SIZE);
long cacheValidationPeriod = sslConfig.getIntField(EndpointConstants.SSL_CONFIG_CACHE_VALIDITY_PERIOD);
if (keyStoreFile == null) {
// TODO get from language pack, and add location
throw new BallerinaConnectorException("Keystore location must be provided for secure connection");
}
if (keyStorePassword == null) {
// TODO get from language pack, and add location
throw new BallerinaConnectorException("Keystore password value must be provided for secure connection");
}
if (certPassword == null) {
// TODO get from language pack, and add location
throw new BallerinaConnectorException("Certificate password value must be provided for secure connection");
}
if ((trustStoreFile == null) && sslVerifyClient != null) {
// TODO get from language pack, and add location
throw new BallerinaException("Truststore location must be provided to enable Mutual SSL");
}
if ((trustStorePassword == null) && sslVerifyClient != null) {
// TODO get from language pack, and add location
throw new BallerinaException("Truststore password value must be provided to enable Mutual SSL");
}
SSLConfig config = new SSLConfig();
config.setTLSStoreType(EndpointConstants.PKCS_STORE_TYPE);
config.setKeyStore(new File(substituteVariables(keyStoreFile)));
config.setKeyStorePass(keyStorePassword);
config.setCertPass(certPassword);
config.setTLSStoreType(tlsStoreType);
config.setSslVerifyClient(sslVerifyClient);
if (trustStoreFile != null) {
config.setTrustStore(new File(substituteVariables(trustStoreFile)));
config.setTrustStorePass(trustStorePassword);
}
config.setValidateCertificateEnabled(validateCertificateEnabled);
if (validateCertificateEnabled) {
config.setCacheSize(Math.toIntExact(cacheSize));
config.setCacheValidityPeriod(Math.toIntExact(cacheValidationPeriod));
}
config.setSslProtocol(sslProtocol);
return config;
}
Aggregations