@Override public void init(GatewayConfig config, Map<String, String> options) throws ServiceLifecycleException { // set any JSSE or security related system properties System.setProperty(EPHEMERAL_DH_KEY_SIZE_PROPERTY, config.getEphemeralDHKeySize()); try { if (!ks.isCredentialStoreForClusterAvailable(GATEWAY_CREDENTIAL_STORE_NAME)) { log.creatingCredentialStoreForGateway(); ks.createCredentialStoreForCluster(GATEWAY_CREDENTIAL_STORE_NAME); // LET'S NOT GENERATE A DIFFERENT KEY PASSPHRASE BY DEFAULT ANYMORE // IF A DEPLOYMENT WANTS TO CHANGE THE KEY PASSPHRASE TO MAKE IT MORE SECURE THEN // THEY CAN ADD THE ALIAS EXPLICITLY WITH THE CLI // as.generateAliasForCluster(GATEWAY_CREDENTIAL_STORE_NAME, GATEWAY_IDENTITY_PASSPHRASE); } else { log.credentialStoreForGatewayFoundNotCreating(); } } catch (KeystoreServiceException e) { throw new ServiceLifecycleException( "Keystore was not loaded properly - the provided (or persisted) master secret may not match the password for the keystore.", e); } try { if (!ks.isKeystoreForGatewayAvailable()) { log.creatingKeyStoreForGateway(); ks.createKeystoreForGateway(); char[] passphrase = null; try { passphrase = as.getGatewayIdentityPassphrase(); } catch (AliasServiceException e) { throw new ServiceLifecycleException( "Error accessing credential store for the gateway.", e); } if (passphrase == null) { passphrase = ms.getMasterSecret(); } ks.addSelfSignedCertForGateway("gateway-identity", passphrase); } else { log.keyStoreForGatewayFoundNotCreating(); } logAndValidateCertificate(); } catch (KeystoreServiceException e) { throw new ServiceLifecycleException( "Keystore was not loaded properly - the provided (or persisted) master secret may not match the password for the keystore.", e); } keystoreType = config.getKeystoreType(); sslExcludeProtocols = config.getExcludedSSLProtocols(); clientAuthNeeded = config.isClientAuthNeeded(); truststorePath = config.getTruststorePath(); trustAllCerts = config.getTrustAllCerts(); trustStoreType = config.getTruststoreType(); }