Merge pull request #239 from Shabirmean/master

Changes to use keystores provided by default and subsequent modifications to the agent enrolment code
revert-dabc3590
Ruwan 9 years ago
commit 219c8832dc

@ -44,6 +44,7 @@ import org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.core.AgentManager;
import org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.exception.AgentCoreOperationException;
import sun.security.x509.X509CertImpl;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
@ -82,6 +83,7 @@ public class EnrollmentManager {
private static final String KEY_PAIR_ALGORITHM = "RSA";
private static final String PROVIDER = "BC";
private static final String SIGNATURE_ALG = "SHA1withRSA";
private static final String CERT_IS_CA_EXTENSION = "is_ca";
private static final int KEY_SIZE = 2048;
// Seed to our PRNG. Make sure this is initialised randomly, NOT LIKE THIS
@ -376,9 +378,9 @@ public class EnrollmentManager {
log.debug(((X509Certificate) cert).getIssuerDN().getName());
}
//TODO: Need to identify the correct certificate.
// I have chosen the CA cert based on its BasicConstraint criticality being set to "true"
if (((X509CertImpl) cert).getBasicConstraintsExtension().isCritical()) {
// I have chosen the CA cert based on its BasicConstraintExtension "is_ca" being set to "true"
// This is because the returned keystore may contain many certificates including RAs.
if (((Boolean) ((X509CertImpl) cert).getBasicConstraintsExtension().get(CERT_IS_CA_EXTENSION))) {
serverCertPublicKey = cert.getPublicKey();
}
}
@ -396,6 +398,10 @@ public class EnrollmentManager {
String errorMsg = "Could not retrieve [Server-Certificates] from the response message from SCEP-Server.";
log.error(errorMsg);
throw new AgentCoreOperationException(errorMsg, e);
} catch (IOException e) {
String errorMsg = "Error occurred whilst trying to get property ['is_ca'] from the retreived Certificates";
log.error(errorMsg);
throw new AgentCoreOperationException(errorMsg, e);
}
return serverCertPublicKey;

@ -14,6 +14,8 @@ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../featur
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.iot.virtualfirealarm_${feature.version}/datasources/,target:${installFolder}/../../conf/datasources/,overwrite:true);\
org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../database/);\
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.iot.virtualfirealarm_${feature.version}/database/,target:${installFolder}/../../database/,overwrite:true);\
org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../resources/security/);\
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.iot.virtualfirealarm_${feature.version}/certs/,target:${installFolder}/../../resources/security/,overwrite:true);\
instructions.unconfigure = \
org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../conf/device-types/virtual_firealarm.json);\
@ -30,3 +32,4 @@ org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../dep
org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../deployment/server/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.type-view);\
org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../deployment/server/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.policy-edit);\
org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../deployment/server/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.policy-view);\
org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../resources/security/wso2certs.jks);\

Loading…
Cancel
Save