|
|
@ -29,6 +29,7 @@ import feign.jaxrs.JAXRSContract;
|
|
|
|
import feign.slf4j.Slf4jLogger;
|
|
|
|
import feign.slf4j.Slf4jLogger;
|
|
|
|
import org.apache.commons.logging.Log;
|
|
|
|
import org.apache.commons.logging.Log;
|
|
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
|
|
|
|
import org.wso2.carbon.base.ServerConfiguration;
|
|
|
|
import org.wso2.carbon.device.mgt.output.adapter.websocket.authentication.AuthenticationInfo;
|
|
|
|
import org.wso2.carbon.device.mgt.output.adapter.websocket.authentication.AuthenticationInfo;
|
|
|
|
import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.OAuthRequestInterceptor;
|
|
|
|
import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.OAuthRequestInterceptor;
|
|
|
|
import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.AuthorizationRequest;
|
|
|
|
import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.AuthorizationRequest;
|
|
|
@ -40,16 +41,13 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils;
|
|
|
|
import org.wso2.carbon.device.mgt.output.adapter.websocket.util.WebSocketSessionRequest;
|
|
|
|
import org.wso2.carbon.device.mgt.output.adapter.websocket.util.WebSocketSessionRequest;
|
|
|
|
import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException;
|
|
|
|
import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException;
|
|
|
|
|
|
|
|
|
|
|
|
import javax.net.ssl.HostnameVerifier;
|
|
|
|
import javax.net.ssl.*;
|
|
|
|
import javax.net.ssl.SSLContext;
|
|
|
|
|
|
|
|
import javax.net.ssl.SSLSession;
|
|
|
|
|
|
|
|
import javax.net.ssl.SSLSocketFactory;
|
|
|
|
|
|
|
|
import javax.net.ssl.TrustManager;
|
|
|
|
|
|
|
|
import javax.net.ssl.X509TrustManager;
|
|
|
|
|
|
|
|
import javax.websocket.Session;
|
|
|
|
import javax.websocket.Session;
|
|
|
|
|
|
|
|
import java.io.FileInputStream;
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.security.KeyManagementException;
|
|
|
|
import java.io.InputStream;
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
import java.security.*;
|
|
|
|
|
|
|
|
import java.security.cert.CertificateException;
|
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.Arrays;
|
|
|
|
import java.util.Arrays;
|
|
|
|
import java.util.List;
|
|
|
|
import java.util.List;
|
|
|
@ -125,16 +123,21 @@ public class DeviceAuthorizer implements Authorizer {
|
|
|
|
return deviceMgtServerUrl;
|
|
|
|
return deviceMgtServerUrl;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private static Client getSSLClient() {
|
|
|
|
public static Client getSSLClient() {
|
|
|
|
return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
|
|
|
|
boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
|
|
|
|
|
|
|
|
if(isIgnoreHostnameVerification) {
|
|
|
|
|
|
|
|
return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public boolean verify(String s, SSLSession sslSession) {
|
|
|
|
public boolean verify(String s, SSLSession sslSession) {
|
|
|
|
return true;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
}else {
|
|
|
|
|
|
|
|
return new Client.Default(getTrustedSSLSocketFactory(), null);
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private static SSLSocketFactory getTrustedSSLSocketFactory() {
|
|
|
|
private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
TrustManager[] trustAllCerts = new TrustManager[]{
|
|
|
|
TrustManager[] trustAllCerts = new TrustManager[]{
|
|
|
|
new X509TrustManager() {
|
|
|
|
new X509TrustManager() {
|
|
|
@ -156,4 +159,63 @@ public class DeviceAuthorizer implements Authorizer {
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//FIXME - I know hard-cording values is a bad practice , this code is repeating in
|
|
|
|
|
|
|
|
// several class, so this hard-coding strings will be removed once this code block is moved into a central location
|
|
|
|
|
|
|
|
// this should be done after the 3.1.0 release.
|
|
|
|
|
|
|
|
private static SSLSocketFactory getTrustedSSLSocketFactory() {
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
|
|
|
|
|
|
|
|
String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
|
|
|
|
|
|
|
|
String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
|
|
|
|
|
|
|
|
"Security.TrustStore.Password");
|
|
|
|
|
|
|
|
String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
|
|
|
|
|
|
|
|
"Security.TrustStore.Location");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS");
|
|
|
|
|
|
|
|
KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword);
|
|
|
|
|
|
|
|
return initSSLConnection(keyStore,keyStorePassword,trustStore);
|
|
|
|
|
|
|
|
} catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
|
|
|
|
|
|
|
|
|CertificateException | IOException | UnrecoverableKeyException e) {
|
|
|
|
|
|
|
|
log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e);
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException,
|
|
|
|
|
|
|
|
KeyStoreException, KeyManagementException {
|
|
|
|
|
|
|
|
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
|
|
|
|
|
|
|
|
keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
|
|
|
|
|
|
|
|
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
|
|
|
|
|
|
|
|
trustManagerFactory.init(trustStore);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Create and initialize SSLContext for HTTPS communication
|
|
|
|
|
|
|
|
SSLContext sslContext = SSLContext.getInstance("SSLv3");
|
|
|
|
|
|
|
|
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
|
|
|
|
|
|
|
|
SSLContext.setDefault(sslContext);
|
|
|
|
|
|
|
|
return sslContext.getSocketFactory();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type)
|
|
|
|
|
|
|
|
throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
|
|
|
|
|
|
|
|
InputStream fileInputStream = null;
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
char[] keypassChar = ksPassword.toCharArray();
|
|
|
|
|
|
|
|
KeyStore keyStore = KeyStore.getInstance(type);
|
|
|
|
|
|
|
|
fileInputStream = new FileInputStream(keyStorePath);
|
|
|
|
|
|
|
|
keyStore.load(fileInputStream, keypassChar);
|
|
|
|
|
|
|
|
return keyStore;
|
|
|
|
|
|
|
|
} finally {
|
|
|
|
|
|
|
|
if (fileInputStream != null) {
|
|
|
|
|
|
|
|
fileInputStream.close();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static KeyStore loadTrustStore(String trustStorePath, String tsPassword)
|
|
|
|
|
|
|
|
throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return loadKeyStore(trustStorePath,tsPassword,"JKS");
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|