Merge pull request #239 from Shabirmean/master

Changes to use keystores provided by default and subsequent modifications to the agent enrolment code
9 years ago · 219c8832dc
parent 7e4aaed2ee c436a555bc
commit 219c8832dc
3 changed files with 12 additions and 3 deletions
--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/enrollment/EnrollmentManager.java
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/enrollment/EnrollmentManager.java
@ -44,6 +44,7 @@ import org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.core.AgentManager;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.exception.AgentCoreOperationException;
 import sun.security.x509.X509CertImpl;

+import java.io.IOException;
 import java.math.BigInteger;
 import java.net.MalformedURLException;
 import java.net.URL;
@ -82,6 +83,7 @@ public class EnrollmentManager {
    private static final String KEY_PAIR_ALGORITHM = "RSA";
    private static final String PROVIDER = "BC";
    private static final String SIGNATURE_ALG = "SHA1withRSA";
+    private static final String CERT_IS_CA_EXTENSION = "is_ca";
    private static final int KEY_SIZE = 2048;

    // Seed to our PRNG. Make sure this is initialised randomly, NOT LIKE THIS
@ -376,9 +378,9 @@ public class EnrollmentManager {
                        log.debug(((X509Certificate) cert).getIssuerDN().getName());
                    }

-                    //TODO: Need to identify the correct certificate.
-                    // I have chosen the CA cert based on its BasicConstraint criticality being set to "true"
-                    if (((X509CertImpl) cert).getBasicConstraintsExtension().isCritical()) {
+                    // I have chosen the CA cert based on its BasicConstraintExtension "is_ca" being set to "true"
+                    // This is because the returned keystore may contain many certificates including RAs.
+                    if (((Boolean) ((X509CertImpl) cert).getBasicConstraintsExtension().get(CERT_IS_CA_EXTENSION))) {
                        serverCertPublicKey = cert.getPublicKey();
                    }
                }
@ -396,6 +398,10 @@ public class EnrollmentManager {
            String errorMsg = "Could not retrieve [Server-Certificates] from the response message from SCEP-Server.";
            log.error(errorMsg);
            throw new AgentCoreOperationException(errorMsg, e);
+        } catch (IOException e) {
+            String errorMsg = "Error occurred whilst trying to get property ['is_ca'] from the retreived Certificates";
+            log.error(errorMsg);
+            throw new AgentCoreOperationException(errorMsg, e);
        }

        return serverCertPublicKey;
--- a/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/certs/wso2certs.jks
+++ b/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/certs/wso2certs.jks
--- a/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/p2.inf
+++ b/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/p2.inf
@ -14,6 +14,8 @@ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../featur
 org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.iot.virtualfirealarm_${feature.version}/datasources/,target:${installFolder}/../../conf/datasources/,overwrite:true);\
 org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../database/);\
 org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.iot.virtualfirealarm_${feature.version}/database/,target:${installFolder}/../../database/,overwrite:true);\
+org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../resources/security/);\
+org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.iot.virtualfirealarm_${feature.version}/certs/,target:${installFolder}/../../resources/security/,overwrite:true);\

 instructions.unconfigure = \
 org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../conf/device-types/virtual_firealarm.json);\
@ -30,3 +32,4 @@ org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../dep
 org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../deployment/server/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.type-view);\
 org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../deployment/server/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.policy-edit);\
 org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../deployment/server/jaggeryapps/devicemgt/app/units/cdmf.unit.device.type.virtual_firealarm.policy-view);\
+org.eclipse.equinox.p2.touchpoint.natives.remove(path:${installFolder}/../../resources/security/wso2certs.jks);\