From c1fa49aa2b99575a0eb3955ad59bb77b86d1b6ca Mon Sep 17 00:00:00 2001 From: charitha Date: Tue, 23 Oct 2018 14:18:18 +0530 Subject: [PATCH 1/2] Prevent all nodes using a same app id for oauth --- .../client/OAuthRequestInterceptor.java | 44 ++++++++++++++----- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java index 97219526e..be51858eb 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java @@ -18,15 +18,14 @@ import feign.Client; import feign.Feign; import feign.FeignException; import feign.Logger; -import feign.Request; import feign.RequestInterceptor; import feign.RequestTemplate; -import feign.Response; import feign.auth.BasicAuthRequestInterceptor; import feign.gson.GsonDecoder; import feign.gson.GsonEncoder; import feign.jaxrs.JAXRSContract; import feign.slf4j.Slf4jLogger; +import org.apache.commons.lang.RandomStringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.base.ServerConfiguration; @@ -38,12 +37,24 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client. import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils; import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException; - -import javax.net.ssl.*; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; -import java.security.*; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.util.Map; @@ -68,24 +79,35 @@ public class OAuthRequestInterceptor implements RequestInterceptor { private static final String CONNECTION_USERNAME = "username"; private static final String CONNECTION_PASSWORD = "password"; - private static final String TOKEN_ENDPOINT = "tokenUrl"; private static final String TOKEN_REFRESH_TIME_OFFSET = "tokenRefreshTimeOffset"; - private static final String TOKEN_SCOPES = "scopes"; private static final String DEVICE_MGT_SERVER_URL = "deviceMgtServerUrl"; private static final String TOKEN_ENDPOINT_CONTEXT = "tokenUrl"; private static String username; private static String password; private static String tokenEndpoint; private static String deviceMgtServerUrl; - private static String scopes; - private static Map globalProperties; + private static String clientHash = ""; /** * Creates an interceptor that authenticates all requests. */ public OAuthRequestInterceptor(Map globalProperties) { - this.globalProperties = globalProperties; + try { + InetAddress inetAddress = InetAddress.getLocalHost(); + String ip = inetAddress.getHostAddress(); + if (ip != null && ip.equals("127.0.0.1")) { + clientHash = ip.replace(".", ""); + } else { + clientHash = RandomStringUtils.random(8, true, true); + } + } catch (UnknownHostException e) { + log.warn("Error occurred while generating unique hash for node."); + clientHash = RandomStringUtils.random(8, true, true); + } + if (log.isDebugEnabled()) { + log.debug("Client hash: " + clientHash); + } try { deviceMgtServerUrl = getDeviceMgtServerUrl(globalProperties); refreshTimeOffset = getRefreshTimeOffset(globalProperties) * 1000; @@ -108,7 +130,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { if (tokenInfo == null) { if (apiApplicationKey == null) { ApiRegistrationProfile apiRegistrationProfile = new ApiRegistrationProfile(); - apiRegistrationProfile.setApplicationName(APPLICATION_NAME); + apiRegistrationProfile.setApplicationName(APPLICATION_NAME + "-" + clientHash); apiRegistrationProfile.setIsAllowedToAllDomains(false); apiRegistrationProfile.setIsMappingAnExistingOAuthApp(false); apiRegistrationProfile.setTags(DEVICE_MANAGEMENT_SERVICE_TAG); From 8cdf53b03fd434a49b02c5a6e33ce1e00c54b44a Mon Sep 17 00:00:00 2001 From: charitha Date: Tue, 23 Oct 2018 18:39:23 +0530 Subject: [PATCH 2/2] Enable FCM by default --- .../src/main/resources/devicetypes/android.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/features/mobile-plugins-feature/android-plugin-feature/org.wso2.carbon.device.mgt.mobile.android.feature/src/main/resources/devicetypes/android.xml b/features/mobile-plugins-feature/android-plugin-feature/org.wso2.carbon.device.mgt.mobile.android.feature/src/main/resources/devicetypes/android.xml index b46fd8cec..3fa9709b2 100644 --- a/features/mobile-plugins-feature/android-plugin-feature/org.wso2.carbon.device.mgt.mobile.android.feature/src/main/resources/devicetypes/android.xml +++ b/features/mobile-plugins-feature/android-plugin-feature/org.wso2.carbon.device.mgt.mobile.android.feature/src/main/resources/devicetypes/android.xml @@ -52,13 +52,13 @@ true - - + +