From 38c087ebc1d4b299b3a0f977fc907c34cafc1b18 Mon Sep 17 00:00:00 2001 From: Shabirmean Date: Wed, 8 Jun 2016 12:00:32 +0530 Subject: [PATCH] Added necessary changes to store CA_CERT and handle expired refresh-token scenario --- .../agent/core/AgentConstants.java | 2 +- .../agent/core/AgentUtilOperations.java | 6 +++++- .../agent/enrollment/EnrollmentManager.java | 15 ++++++++++----- .../VirtualFirealarmMqttContentTransformer.java | 5 +++-- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentConstants.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentConstants.java index 3c661c6d7..af697504e 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentConstants.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentConstants.java @@ -123,5 +123,5 @@ public class AgentConstants { public static final String DEVICE_KEYSTORE_PASSWORD = "wso2@virtual_firealarm"; public static final String DEVICE_PRIVATE_KEY_ALIAS = "virtual_firealarm_key"; public static final String DEVICE_CERT_ALIAS = "virtual_firealarm_cert"; - public static final String SERVER_PUBLIC_KEY_ALIAS = "iotServer_key"; + public static final String SERVER_CA_CERT_ALIAS = "ca_iotServer"; } diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentUtilOperations.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentUtilOperations.java index 7f407f5ca..84890a52e 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentUtilOperations.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentUtilOperations.java @@ -358,8 +358,12 @@ public class AgentUtilOperations { log.info(AgentConstants.LOG_APPENDER + "Response " + responseMessage + " was received for the token refresh call."); updateExistingTokens(responseMessage.toString()); + } else if (httpConnection.getResponseCode() == HttpStatus.BAD_REQUEST_400) { + log.error(AgentConstants.LOG_APPENDER + + "Token refresh call returned with a [400 Bad Request].\nThe refresh-token has " + + "probably expired.\nPlease contact System-Admin to get a valid refresh-token."); } else { - log.info(AgentConstants.LOG_APPENDER + "There was an issue with refreshing the Access Token."); + log.warn(AgentConstants.LOG_APPENDER + "There was an issue with refreshing the Access Token."); } } catch (TransportHandlerException e) { diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/enrollment/EnrollmentManager.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/enrollment/EnrollmentManager.java index 4132e503f..6059483bc 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/enrollment/EnrollmentManager.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/enrollment/EnrollmentManager.java @@ -136,7 +136,8 @@ public class EnrollmentManager { AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray()); this.isEnrolled = (keyStore.containsAlias(AgentConstants.DEVICE_CERT_ALIAS) && - keyStore.containsAlias(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS)); + keyStore.containsAlias(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS) && + keyStore.containsAlias(AgentConstants.SERVER_CA_CERT_ALIAS)); } catch (KeyStoreException e) { log.error(AgentConstants.LOG_APPENDER + "An error occurred whilst accessing the device KeyStore '" + @@ -165,10 +166,14 @@ public class EnrollmentManager { this.SCEPCertificate = (X509Certificate) keyStore.getCertificate(AgentConstants.DEVICE_CERT_ALIAS); this.privateKey = (PrivateKey) keyStore.getKey(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS, AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray()); - this.serverPublicKey = (PublicKey) keyStore.getKey(AgentConstants.SERVER_PUBLIC_KEY_ALIAS, - AgentConstants.DEVICE_KEYSTORE_PASSWORD - .toCharArray()); this.publicKey = SCEPCertificate.getPublicKey(); + + X509Certificate serverCACert = (X509Certificate) keyStore.getCertificate( + AgentConstants.SERVER_CA_CERT_ALIAS); + this.serverPublicKey = serverCACert.getPublicKey(); + log.info(AgentConstants.LOG_APPENDER + + "Device has already been enrolled. Hence, loaded certificate information from device" + + " trust-store."); } } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) { log.error(AgentConstants.LOG_APPENDER + "An error occurred whilst accessing the device KeyStore '" + @@ -243,7 +248,6 @@ public class EnrollmentManager { storeCertificateToStore(AgentConstants.DEVICE_CERT_ALIAS, SCEPCertificate); storeKeyToKeyStore(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS, this.privateKey, SCEPCertificate); - storeKeyToKeyStore(AgentConstants.SERVER_PUBLIC_KEY_ALIAS, this.serverPublicKey, SCEPCertificate); if (log.isDebugEnabled()) { log.info(AgentConstants.LOG_APPENDER + @@ -495,6 +499,7 @@ public class EnrollmentManager { // This is because the returned keystore may contain many certificates including RAs. if (((Boolean) ((X509CertImpl) cert).getBasicConstraintsExtension().get(CERT_IS_CA_EXTENSION))) { serverCertPublicKey = cert.getPublicKey(); + storeCertificateToStore(AgentConstants.SERVER_CA_CERT_ALIAS, cert); } } } diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmMqttContentTransformer.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmMqttContentTransformer.java index 4a5240835..1be978c16 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmMqttContentTransformer.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmMqttContentTransformer.java @@ -6,6 +6,7 @@ import org.wso2.carbon.device.mgt.iot.input.adapter.extension.ContentTransformer import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.exception.VirtualFirealarmDeviceMgtPluginException; +import java.math.BigInteger; import java.security.PublicKey; import java.util.Map; @@ -22,10 +23,10 @@ public class VirtualFirealarmMqttContentTransformer implements ContentTransforme PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); ctx.setTenantDomain(tenantDomain, true); - Long serialNo = (Long) jsonPayload.get(VirtualFireAlarmConstants.JSON_SERIAL_KEY); + Integer serialNo = (Integer) jsonPayload.get(VirtualFireAlarmConstants.JSON_SERIAL_KEY); // the hash-code of the deviceId is used as the alias for device certificates during SCEP enrollment. // hence, the same is used here to fetch the device-specific-certificate from the key store. - PublicKey clientPublicKey = VirtualFireAlarmUtils.getDevicePublicKey("" + serialNo.hashCode()); + PublicKey clientPublicKey = VirtualFireAlarmUtils.getDevicePublicKey("" + serialNo); // the MQTT-messages from VirtualFireAlarm devices are in the form {"Msg":, "Sig":} String actualMessage = VirtualFireAlarmUtils.extractMessageFromPayload((String) message, clientPublicKey);