From b207554bba750766b0cdc7d83ec55680f34874a2 Mon Sep 17 00:00:00 2001 From: harshanl Date: Thu, 11 Aug 2016 12:38:11 +0530 Subject: [PATCH] Refacotered IOT plugins to use own keystore. --- .../config/CertificateKeystoreConfig.java | 108 ++++++++++++++++++ .../config/DeviceManagementConfiguration.java | 10 ++ .../devicetype/util/DeviceTypeConfigUtil.java | 3 + components/iot-plugins/pom.xml | 2 +- .../util/VirtualFirealarmSecurityManager.java | 40 ++++--- .../resources/conf/android-sense-config.xml | 16 +++ .../main/resources/conf/arduino-config.xml | 16 +++ features/iot-plugins-feature/pom.xml | 2 +- .../resources/conf/raspberrypi-config.xml | 16 +++ .../conf/virtual-fire-alarm-config.xml | 16 +++ 10 files changed, 211 insertions(+), 18 deletions(-) create mode 100644 components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/CertificateKeystoreConfig.java diff --git a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/CertificateKeystoreConfig.java b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/CertificateKeystoreConfig.java new file mode 100644 index 0000000000..972975a645 --- /dev/null +++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/CertificateKeystoreConfig.java @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * you may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.device.mgt.iot.devicetype.config; + + +import org.wso2.carbon.device.mgt.iot.devicetype.util.DeviceTypeConfigUtil; + +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +/** + * Class for holding CertificateKeystore data. + */ +@XmlRootElement(name = "CertificateKeystore") +public class CertificateKeystoreConfig { + + private String certificateKeystoreLocation; + private String certificateKeystoreType; + private String certificateKeystorePassword; + private String caCertAlias; + private String caPrivateKeyPassword; + private String raCertAlias; + private String raPrivateKeyPassword; + + @XmlElement(name = "CertificateKeystoreLocation", required = true) + public String getCertificateKeystoreLocation() { + return certificateKeystoreLocation; + } + + public void setCertificateKeystoreLocation(String certificateKeystoreLocation) { + if (certificateKeystoreLocation != null && certificateKeystoreLocation.toLowerCase(). + contains(DeviceTypeConfigUtil.CARBON_HOME_ENTRY)) { + certificateKeystoreLocation = certificateKeystoreLocation.replace(DeviceTypeConfigUtil.CARBON_HOME_ENTRY, + System.getProperty(DeviceTypeConfigUtil.CARBON_HOME)); + } + this.certificateKeystoreLocation = certificateKeystoreLocation; + } + + @XmlElement(name = "CertificateKeystoreType", required = true) + public String getCertificateKeystoreType() { + return certificateKeystoreType; + } + + public void setCertificateKeystoreType(String certificateKeystoreType) { + this.certificateKeystoreType = certificateKeystoreType; + } + + @XmlElement(name = "CertificateKeystorePassword", required = true) + public String getCertificateKeystorePassword() { + return certificateKeystorePassword; + } + + public void setCertificateKeystorePassword(String certificateKeystorePassword) { + this.certificateKeystorePassword = certificateKeystorePassword; + } + + @XmlElement(name = "CACertAlias", required = true) + public String getCACertAlias() { + return caCertAlias; + } + + public void setCACertAlias(String caCertAlias) { + this.caCertAlias = caCertAlias; + } + + @XmlElement(name = "CAPrivateKeyPassword", required = true) + public String getCAPrivateKeyPassword() { + return caPrivateKeyPassword; + } + + public void setCAPrivateKeyPassword(String caPrivateKeyPassword) { + this.caPrivateKeyPassword = caPrivateKeyPassword; + } + + @XmlElement(name = "RACertAlias", required = true) + public String getRACertAlias() { + return raCertAlias; + } + + public void setRACertAlias(String raCertAlias) { + this.raCertAlias = raCertAlias; + } + + @XmlElement(name = "RAPrivateKeyPassword", required = true) + public String getRAPrivateKeyPassword() { + return raPrivateKeyPassword; + } + + public void setRAPrivateKeyPassword(String raPrivateKeyPassword) { + this.raPrivateKeyPassword = raPrivateKeyPassword; + } +} diff --git a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/DeviceManagementConfiguration.java b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/DeviceManagementConfiguration.java index ffda827a69..55b8165661 100644 --- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/DeviceManagementConfiguration.java +++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/DeviceManagementConfiguration.java @@ -30,6 +30,7 @@ public class DeviceManagementConfiguration { private DeviceManagementConfigRepository deviceManagementConfigRepository; private PushNotificationConfig pushNotificationConfig; private String deviceType; + private CertificateKeystoreConfig certificateKeystoreConfig; private static final Log log = LogFactory.getLog(DeviceManagementConfiguration.class); @@ -63,4 +64,13 @@ public class DeviceManagementConfiguration { this.pushNotificationConfig = pushNotificationConfig; } + @XmlElement(name = "CertificateKeystore", required = false) + public CertificateKeystoreConfig getCertificateKeystoreConfig() { + return certificateKeystoreConfig; + } + + public void setCertificateKeystoreConfig( + CertificateKeystoreConfig certificateKeystoreConfig) { + this.certificateKeystoreConfig = certificateKeystoreConfig; + } } diff --git a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java index 4184c1a3e4..a32a88bdfb 100644 --- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java +++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java @@ -31,6 +31,9 @@ import java.io.File; public class DeviceTypeConfigUtil { + public static final String CARBON_HOME = "carbon.home"; + public static final String CARBON_HOME_ENTRY = "${carbon.home}"; + public static Document convertToDocument(File file) throws DeviceTypeConfigurationException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); diff --git a/components/iot-plugins/pom.xml b/components/iot-plugins/pom.xml index f1b5762d3c..283ad011f0 100644 --- a/components/iot-plugins/pom.xml +++ b/components/iot-plugins/pom.xml @@ -36,7 +36,7 @@ androidsense-plugin arduino-plugin raspberrypi-plugin - + virtual-fire-alarm-plugin iot-base-plugin iot-analytics diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmSecurityManager.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmSecurityManager.java index 257ed36c6a..9f318e1656 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmSecurityManager.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmSecurityManager.java @@ -22,8 +22,11 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException; -import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil; +import org.wso2.carbon.device.mgt.iot.devicetype.config.CertificateKeystoreConfig; +import org.wso2.carbon.device.mgt.iot.devicetype.config.DeviceManagementConfiguration; +import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.exception.VirtualFirealarmDeviceMgtPluginException; +import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.internal.VirtualFirealarmManagementDataHolder; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; @@ -46,11 +49,11 @@ import java.security.SignatureException; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; - public class VirtualFirealarmSecurityManager { private static final Log log = LogFactory.getLog(VirtualFirealarmSecurityManager.class); private static PrivateKey serverPrivateKey; + private static CertificateKeystoreConfig certificateKeystoreConfig; private static final String SIGNATURE_ALG = "SHA1withRSA"; private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; @@ -58,26 +61,34 @@ public class VirtualFirealarmSecurityManager { } + private static CertificateKeystoreConfig getCertKeyStoreConfig() { + if (certificateKeystoreConfig == null) { + DeviceManagementConfiguration deviceManagementConfiguration = VirtualFirealarmManagementDataHolder.getInstance(). + getDeviceTypeConfigService().getConfiguration( + VirtualFireAlarmConstants.DEVICE_TYPE, + VirtualFireAlarmConstants.DEVICE_TYPE_PROVIDER_DOMAIN); + certificateKeystoreConfig = deviceManagementConfiguration.getCertificateKeystoreConfig(); + } + return certificateKeystoreConfig; + } + public static void initVerificationManager() { - serverPrivateKey = retrievePrivateKey(ConfigurationUtil.CA_CERT_ALIAS, - ConfigurationUtil.KEYSTORE_CA_CERT_PRIV_PASSWORD); + serverPrivateKey = retrievePrivateKey(); } - public static PrivateKey retrievePrivateKey(String alias, String password){ + public static PrivateKey retrievePrivateKey() { PrivateKey privateKey = null; InputStream inputStream = null; KeyStore keyStore; - + CertificateKeystoreConfig certificateKeystoreConfig = getCertKeyStoreConfig(); try { - keyStore = KeyStore.getInstance(ConfigurationUtil.getConfigEntry(ConfigurationUtil.CERTIFICATE_KEYSTORE)); - inputStream = new FileInputStream(ConfigurationUtil.getConfigEntry( - ConfigurationUtil.PATH_CERTIFICATE_KEYSTORE)); + keyStore = KeyStore.getInstance(certificateKeystoreConfig.getCertificateKeystoreType()); + inputStream = new FileInputStream(certificateKeystoreConfig.getCertificateKeystoreLocation()); - keyStore.load(inputStream, ConfigurationUtil.getConfigEntry(ConfigurationUtil.CERTIFICATE_KEYSTORE_PASSWORD) - .toCharArray()); + keyStore.load(inputStream, certificateKeystoreConfig.getCertificateKeystorePassword().toCharArray()); - privateKey = (PrivateKey) (keyStore.getKey(ConfigurationUtil.getConfigEntry(alias), - ConfigurationUtil.getConfigEntry(password).toCharArray())); + privateKey = (PrivateKey) (keyStore.getKey(certificateKeystoreConfig.getCACertAlias(), + certificateKeystoreConfig.getCAPrivateKeyPassword().toCharArray())); } catch (KeyStoreException e) { String errorMsg = "Could not load KeyStore of given type in [certificate-config.xml] file." ; @@ -94,9 +105,6 @@ public class VirtualFirealarmSecurityManager { } catch (IOException e) { String errorMsg = "Input output issue occurred when loading KeyStore"; log.error(errorMsg, e); - } catch (KeystoreException e) { - String errorMsg = "An error occurred whilst trying load Configs for KeyStoreReader"; - log.error(errorMsg, e); } catch (UnrecoverableKeyException e) { String errorMsg = "Key is unrecoverable when retrieving CA private key"; log.error(errorMsg, e); diff --git a/features/iot-plugins-feature/androidsense-plugin-feature/org.wso2.carbon.device.mgt.iot.androidsense.feature/src/main/resources/conf/android-sense-config.xml b/features/iot-plugins-feature/androidsense-plugin-feature/org.wso2.carbon.device.mgt.iot.androidsense.feature/src/main/resources/conf/android-sense-config.xml index d4863f8f7b..994309e653 100644 --- a/features/iot-plugins-feature/androidsense-plugin-feature/org.wso2.carbon.device.mgt.iot.androidsense.feature/src/main/resources/conf/android-sense-config.xml +++ b/features/iot-plugins-feature/androidsense-plugin-feature/org.wso2.carbon.device.mgt.iot.androidsense.feature/src/main/resources/conf/android-sense-config.xml @@ -43,4 +43,20 @@ true + + + ${carbon.home}/repository/resources/security/wso2certs.jks + + JKS + + wso2carbon + + cacert + + cacert + + racert + + racert + diff --git a/features/iot-plugins-feature/arduino-plugin-feature/org.wso2.carbon.device.mgt.iot.arduino.feature/src/main/resources/conf/arduino-config.xml b/features/iot-plugins-feature/arduino-plugin-feature/org.wso2.carbon.device.mgt.iot.arduino.feature/src/main/resources/conf/arduino-config.xml index 6cb535f801..5c2e2b2902 100644 --- a/features/iot-plugins-feature/arduino-plugin-feature/org.wso2.carbon.device.mgt.iot.arduino.feature/src/main/resources/conf/arduino-config.xml +++ b/features/iot-plugins-feature/arduino-plugin-feature/org.wso2.carbon.device.mgt.iot.arduino.feature/src/main/resources/conf/arduino-config.xml @@ -30,4 +30,20 @@ false + + + ${carbon.home}/repository/resources/security/wso2certs.jks + + JKS + + wso2carbon + + cacert + + cacert + + racert + + racert + diff --git a/features/iot-plugins-feature/pom.xml b/features/iot-plugins-feature/pom.xml index 60e45e2cdc..0e4a641bcf 100644 --- a/features/iot-plugins-feature/pom.xml +++ b/features/iot-plugins-feature/pom.xml @@ -38,7 +38,7 @@ androidsense-plugin-feature arduino-plugin-feature raspberrypi-plugin-feature - + virtual-fire-alarm-plugin-feature iot-base-plugin-feature iot-devicetypes-feature diff --git a/features/iot-plugins-feature/raspberrypi-plugin-feature/org.wso2.carbon.device.mgt.iot.raspberrypi.feature/src/main/resources/conf/raspberrypi-config.xml b/features/iot-plugins-feature/raspberrypi-plugin-feature/org.wso2.carbon.device.mgt.iot.raspberrypi.feature/src/main/resources/conf/raspberrypi-config.xml index a68818a732..5685c06960 100644 --- a/features/iot-plugins-feature/raspberrypi-plugin-feature/org.wso2.carbon.device.mgt.iot.raspberrypi.feature/src/main/resources/conf/raspberrypi-config.xml +++ b/features/iot-plugins-feature/raspberrypi-plugin-feature/org.wso2.carbon.device.mgt.iot.raspberrypi.feature/src/main/resources/conf/raspberrypi-config.xml @@ -43,4 +43,20 @@ true + + + ${carbon.home}/repository/resources/security/wso2certs.jks + + JKS + + wso2carbon + + cacert + + cacert + + racert + + racert + diff --git a/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/conf/virtual-fire-alarm-config.xml b/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/conf/virtual-fire-alarm-config.xml index f2eb16ae57..a88883a88b 100644 --- a/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/conf/virtual-fire-alarm-config.xml +++ b/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/conf/virtual-fire-alarm-config.xml @@ -54,4 +54,20 @@ localhost + + + ${carbon.home}/repository/resources/security/wso2certs.jks + + JKS + + wso2carbon + + cacert + + cacert + + racert + + racert +