Added necessary changes to store CA_CERT and handle expired refresh-token scenario

9 years ago · 38c087ebc1
parent f0206d7ed4
commit 38c087ebc1
4 changed files with 19 additions and 9 deletions
--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentConstants.java
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentConstants.java
@ -123,5 +123,5 @@ public class AgentConstants {
    public static final String DEVICE_KEYSTORE_PASSWORD = "wso2@virtual_firealarm";
    public static final String DEVICE_PRIVATE_KEY_ALIAS = "virtual_firealarm_key";
    public static final String DEVICE_CERT_ALIAS = "virtual_firealarm_cert";
-    public static final String SERVER_PUBLIC_KEY_ALIAS = "iotServer_key";
+    public static final String SERVER_CA_CERT_ALIAS = "ca_iotServer";
 }
--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentUtilOperations.java
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/core/AgentUtilOperations.java
@ -358,8 +358,12 @@ public class AgentUtilOperations {
                log.info(AgentConstants.LOG_APPENDER +
                                 "Response " + responseMessage + " was received for the token refresh call.");
                updateExistingTokens(responseMessage.toString());
+            } else if (httpConnection.getResponseCode() == HttpStatus.BAD_REQUEST_400) {
+                log.error(AgentConstants.LOG_APPENDER +
+                                  "Token refresh call returned with a [400 Bad Request].\nThe refresh-token has " +
+                                  "probably expired.\nPlease contact System-Admin to get a valid refresh-token.");
            } else {
-                log.info(AgentConstants.LOG_APPENDER + "There was an issue with refreshing the Access Token.");
+                log.warn(AgentConstants.LOG_APPENDER + "There was an issue with refreshing the Access Token.");
            }

        } catch (TransportHandlerException e) {
--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/enrollment/EnrollmentManager.java
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/enrollment/EnrollmentManager.java
@ -136,7 +136,8 @@ public class EnrollmentManager {
                          AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray());

            this.isEnrolled = (keyStore.containsAlias(AgentConstants.DEVICE_CERT_ALIAS) &&
-                    keyStore.containsAlias(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS));
+                    keyStore.containsAlias(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS) &&
+                    keyStore.containsAlias(AgentConstants.SERVER_CA_CERT_ALIAS));

        } catch (KeyStoreException e) {
            log.error(AgentConstants.LOG_APPENDER + "An error occurred whilst accessing the device KeyStore '" +
@ -165,10 +166,14 @@ public class EnrollmentManager {
                this.SCEPCertificate = (X509Certificate) keyStore.getCertificate(AgentConstants.DEVICE_CERT_ALIAS);
                this.privateKey = (PrivateKey) keyStore.getKey(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS,
                                                               AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray());
-                this.serverPublicKey = (PublicKey) keyStore.getKey(AgentConstants.SERVER_PUBLIC_KEY_ALIAS,
-                                                                   AgentConstants.DEVICE_KEYSTORE_PASSWORD
-                                                                           .toCharArray());
                this.publicKey = SCEPCertificate.getPublicKey();
+
+                X509Certificate serverCACert = (X509Certificate) keyStore.getCertificate(
+                        AgentConstants.SERVER_CA_CERT_ALIAS);
+                this.serverPublicKey = serverCACert.getPublicKey();
+                log.info(AgentConstants.LOG_APPENDER +
+                                 "Device has already been enrolled. Hence, loaded certificate information from device" +
+                                 " trust-store.");
            }
        } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
            log.error(AgentConstants.LOG_APPENDER + "An error occurred whilst accessing the device KeyStore '" +
@ -243,7 +248,6 @@ public class EnrollmentManager {

        storeCertificateToStore(AgentConstants.DEVICE_CERT_ALIAS, SCEPCertificate);
        storeKeyToKeyStore(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS, this.privateKey, SCEPCertificate);
-        storeKeyToKeyStore(AgentConstants.SERVER_PUBLIC_KEY_ALIAS, this.serverPublicKey, SCEPCertificate);

        if (log.isDebugEnabled()) {
            log.info(AgentConstants.LOG_APPENDER +
@ -495,6 +499,7 @@ public class EnrollmentManager {
                    // This is because the returned keystore may contain many certificates including RAs.
                    if (((Boolean) ((X509CertImpl) cert).getBasicConstraintsExtension().get(CERT_IS_CA_EXTENSION))) {
                        serverCertPublicKey = cert.getPublicKey();
+                        storeCertificateToStore(AgentConstants.SERVER_CA_CERT_ALIAS, cert);
                    }
                }
            }
--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmMqttContentTransformer.java
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmMqttContentTransformer.java
@ -6,6 +6,7 @@ import org.wso2.carbon.device.mgt.iot.input.adapter.extension.ContentTransformer
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.exception.VirtualFirealarmDeviceMgtPluginException;

+import java.math.BigInteger;
 import java.security.PublicKey;
 import java.util.Map;

@ -22,10 +23,10 @@ public class VirtualFirealarmMqttContentTransformer implements ContentTransforme
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            ctx.setTenantDomain(tenantDomain, true);
-            Long serialNo = (Long) jsonPayload.get(VirtualFireAlarmConstants.JSON_SERIAL_KEY);
+            Integer serialNo = (Integer) jsonPayload.get(VirtualFireAlarmConstants.JSON_SERIAL_KEY);
            // the hash-code of the deviceId is used as the alias for device certificates during SCEP enrollment.
            // hence, the same is used here to fetch the device-specific-certificate from the key store.
-            PublicKey clientPublicKey = VirtualFireAlarmUtils.getDevicePublicKey("" + serialNo.hashCode());
+            PublicKey clientPublicKey = VirtualFireAlarmUtils.getDevicePublicKey("" + serialNo);

            // the MQTT-messages from VirtualFireAlarm devices are in the form {"Msg":<MESSAGE>, "Sig":<SIGNATURE>}
            String actualMessage = VirtualFireAlarmUtils.extractMessageFromPayload((String) message, clientPublicKey);