From c7034a61b0f9e04e7a4b4eaeda6bb89223267479 Mon Sep 17 00:00:00 2001 From: Jasintha Date: Tue, 11 Jul 2017 12:15:47 +0530 Subject: [PATCH] fixing weekTrustManager Impel issue --- .../pom.xml | 1 + .../ApplicationOperationsImpl.java | 94 +++++++++++++++---- .../client/OAuthRequestInterceptor.java | 93 ++++++++++++++---- .../pom.xml | 1 + .../http/authorization/DeviceAuthorizer.java | 93 ++++++++++++++---- .../client/OAuthRequestInterceptor.java | 94 +++++++++++++++---- .../authorization/DeviceAuthorizer.java | 94 +++++++++++++++---- .../client/OAuthRequestInterceptor.java | 94 +++++++++++++++---- .../DeviceAccessBasedMQTTAuthorizer.java | 93 ++++++++++++++---- .../client/OAuthRequestInterceptor.java | 93 ++++++++++++++---- 10 files changed, 622 insertions(+), 128 deletions(-) diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/pom.xml b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/pom.xml index c8d3063ab..93decfef4 100644 --- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/pom.xml +++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/pom.xml @@ -67,6 +67,7 @@ feign.gson, org.json.simple.*, org.wso2.carbon.appmgt.mobile.beans, + org.wso2.carbon.base, org.wso2.carbon.context, javax.net.ssl, feign.slf4j diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/ApplicationOperationsImpl.java b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/ApplicationOperationsImpl.java index a049c3fab..1f5399bca 100644 --- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/ApplicationOperationsImpl.java +++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/ApplicationOperationsImpl.java @@ -47,17 +47,15 @@ import org.wso2.carbon.appmgt.mobile.mdm.App; import org.wso2.carbon.appmgt.mobile.mdm.Device; import org.wso2.carbon.appmgt.mobile.utils.MobileApplicationException; import org.wso2.carbon.appmgt.mobile.utils.MobileConfigurations; +import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.context.PrivilegedCarbonContext; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.*; +import java.io.FileInputStream; import java.io.IOException; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; +import java.io.InputStream; +import java.security.*; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -286,16 +284,21 @@ public class ApplicationOperationsImpl implements ApplicationOperations { } } - private static Client getSSLClient() { - return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { - @Override - public boolean verify(String s, SSLSession sslSession) { - return true; - } - }); + public static Client getSSLClient() { + boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification")); + if(isIgnoreHostnameVerification) { + return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + }else { + return new Client.Default(getTrustedSSLSocketFactory(), null); + } } - private static SSLSocketFactory getTrustedSSLSocketFactory() { + private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() { try { TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @@ -318,4 +321,63 @@ public class ApplicationOperationsImpl implements ApplicationOperations { } } + //FIXME - I know hard-cording values is a bad practice , this code is repeating in + // several class, so this hard-coding strings will be removed once this code block is moved into a central location + // this should be done after the 3.1.0 release. + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password"); + String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location"); + String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Password"); + String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Location"); + + KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS"); + KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword); + return initSSLConnection(keyStore,keyStorePassword,trustStore); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException + |CertificateException | IOException | UnrecoverableKeyException e) { + log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e); + return null; + } + } + + private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException, + KeyStoreException, KeyManagementException { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); + trustManagerFactory.init(trustStore); + + // Create and initialize SSLContext for HTTPS communication + SSLContext sslContext = SSLContext.getInstance("SSLv3"); + sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + SSLContext.setDefault(sslContext); + return sslContext.getSocketFactory(); + } + + private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + InputStream fileInputStream = null; + try { + char[] keypassChar = ksPassword.toCharArray(); + KeyStore keyStore = KeyStore.getInstance(type); + fileInputStream = new FileInputStream(keyStorePath); + keyStore.load(fileInputStream, keypassChar); + return keyStore; + } finally { + if (fileInputStream != null) { + fileInputStream.close(); + } + } + } + + private static KeyStore loadTrustStore(String trustStorePath, String tsPassword) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + + return loadKeyStore(trustStorePath,tsPassword,"JKS"); + } + + } \ No newline at end of file diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java index 925f158d5..1ff87e7e6 100755 --- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java @@ -40,16 +40,14 @@ import org.wso2.carbon.appmgt.mdm.restconnector.authorization.client.dto.ApiRegi import org.wso2.carbon.appmgt.mdm.restconnector.authorization.client.dto.TokenIssuerService; import org.wso2.carbon.appmgt.mdm.restconnector.config.AuthorizationConfigurationManager; import org.wso2.carbon.appmgt.mdm.restconnector.internal.AuthorizationDataHolder; +import org.wso2.carbon.base.ServerConfiguration; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.*; +import java.io.FileInputStream; import java.io.IOException; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; +import java.io.InputStream; +import java.security.*; +import java.security.cert.CertificateException; /** * This is a request interceptor to add oauth token header. @@ -131,16 +129,21 @@ public class OAuthRequestInterceptor implements RequestInterceptor { template.header(Constants.RestConstants.AUTHORIZATION, headerValue); } - private static Client getSSLClient() { - return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { - @Override - public boolean verify(String s, SSLSession sslSession) { - return true; - } - }); + public static Client getSSLClient() { + boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification")); + if(isIgnoreHostnameVerification) { + return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + }else { + return new Client.Default(getTrustedSSLSocketFactory(), null); + } } - private static SSLSocketFactory getTrustedSSLSocketFactory() { + private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() { try { TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @@ -163,4 +166,62 @@ public class OAuthRequestInterceptor implements RequestInterceptor { } } + //FIXME - I know hard-cording values is a bad practice , this code is repeating in + // several class, so this hard-coding strings will be removed once this code block is moved into a central location + // this should be done after the 3.1.0 release. + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password"); + String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location"); + String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Password"); + String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Location"); + + KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS"); + KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword); + return initSSLConnection(keyStore,keyStorePassword,trustStore); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException + |CertificateException | IOException | UnrecoverableKeyException e) { + log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e); + return null; + } + } + + private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException, + KeyStoreException, KeyManagementException { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); + trustManagerFactory.init(trustStore); + + // Create and initialize SSLContext for HTTPS communication + SSLContext sslContext = SSLContext.getInstance("SSLv3"); + sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + SSLContext.setDefault(sslContext); + return sslContext.getSocketFactory(); + } + + private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + InputStream fileInputStream = null; + try { + char[] keypassChar = ksPassword.toCharArray(); + KeyStore keyStore = KeyStore.getInstance(type); + fileInputStream = new FileInputStream(keyStorePath); + keyStore.load(fileInputStream, keypassChar); + return keyStore; + } finally { + if (fileInputStream != null) { + fileInputStream.close(); + } + } + } + + private static KeyStore loadTrustStore(String trustStorePath, String tsPassword) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + + return loadKeyStore(trustStorePath,tsPassword,"JKS"); + } + } diff --git a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/pom.xml b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/pom.xml index 2d204e9d9..612a5c3c6 100644 --- a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/pom.xml +++ b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/pom.xml @@ -165,6 +165,7 @@ org.wso2.carbon.identity.oauth2.*, org.wso2.carbon.utils, org.wso2.carbon.utils.multitenancy, + org.wso2.carbon.base, javax.net.ssl, feign.slf4j diff --git a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/DeviceAuthorizer.java b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/DeviceAuthorizer.java index c6e195254..ed6124868 100644 --- a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/DeviceAuthorizer.java +++ b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/DeviceAuthorizer.java @@ -29,6 +29,7 @@ import feign.jaxrs.JAXRSContract; import feign.slf4j.Slf4jLogger; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.OAuthRequestInterceptor; import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.AuthorizationRequest; import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.DeviceAccessAuthorizationAdminService; @@ -38,15 +39,12 @@ import org.wso2.carbon.device.mgt.input.adapter.http.util.AuthenticationInfo; import org.wso2.carbon.device.mgt.input.adapter.http.util.PropertyUtils; import org.wso2.carbon.event.input.adapter.core.exception.InputEventAdapterException; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.*; +import java.io.FileInputStream; import java.io.IOException; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; +import java.io.InputStream; +import java.security.*; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -112,16 +110,21 @@ public class DeviceAuthorizer { return deviceMgtServerUrl; } - private static Client getSSLClient() { - return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { - @Override - public boolean verify(String s, SSLSession sslSession) { - return true; - } - }); + public static Client getSSLClient() { + boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification")); + if(isIgnoreHostnameVerification) { + return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + }else { + return new Client.Default(getTrustedSSLSocketFactory(), null); + } } - private static SSLSocketFactory getTrustedSSLSocketFactory() { + private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() { try { TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @@ -144,4 +147,62 @@ public class DeviceAuthorizer { } } + //FIXME - I know hard-cording values is a bad practice , this code is repeating in + // several class, so this hard-coding strings will be removed once this code block is moved into a central location + // this should be done after the 3.1.0 release. + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password"); + String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location"); + String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Password"); + String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Location"); + + KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS"); + KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword); + return initSSLConnection(keyStore,keyStorePassword,trustStore); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException + |CertificateException | IOException | UnrecoverableKeyException e) { + log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e); + return null; + } + } + + private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException, + KeyStoreException, KeyManagementException { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); + trustManagerFactory.init(trustStore); + + // Create and initialize SSLContext for HTTPS communication + SSLContext sslContext = SSLContext.getInstance("SSLv3"); + sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + SSLContext.setDefault(sslContext); + return sslContext.getSocketFactory(); + } + + private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + InputStream fileInputStream = null; + try { + char[] keypassChar = ksPassword.toCharArray(); + KeyStore keyStore = KeyStore.getInstance(type); + fileInputStream = new FileInputStream(keyStorePath); + keyStore.load(fileInputStream, keypassChar); + return keyStore; + } finally { + if (fileInputStream != null) { + fileInputStream.close(); + } + } + } + + private static KeyStore loadTrustStore(String trustStorePath, String tsPassword) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + + return loadKeyStore(trustStorePath,tsPassword,"JKS"); + } + } \ No newline at end of file diff --git a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java index 35afcd267..e1d87ae14 100755 --- a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java @@ -29,6 +29,7 @@ import feign.jaxrs.JAXRSContract; import feign.slf4j.Slf4jLogger; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.AccessTokenInfo; import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.ApiApplicationKey; import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.ApiApplicationRegistrationService; @@ -37,15 +38,12 @@ import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.To import org.wso2.carbon.device.mgt.input.adapter.http.util.PropertyUtils; import org.wso2.carbon.event.input.adapter.core.exception.InputEventAdapterException; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.*; +import java.io.FileInputStream; import java.io.IOException; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; +import java.io.InputStream; +import java.security.*; +import java.security.cert.CertificateException; import java.util.Map; /** @@ -183,16 +181,21 @@ public class OAuthRequestInterceptor implements RequestInterceptor { return refreshTimeOffset; } - private static Client getSSLClient() { - return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { - @Override - public boolean verify(String s, SSLSession sslSession) { - return true; - } - }); + public static Client getSSLClient() { + boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification")); + if(isIgnoreHostnameVerification) { + return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + }else { + return new Client.Default(getTrustedSSLSocketFactory(), null); + } } - private static SSLSocketFactory getTrustedSSLSocketFactory() { + private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() { try { TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @@ -214,4 +217,63 @@ public class OAuthRequestInterceptor implements RequestInterceptor { return null; } } + + //FIXME - I know hard-cording values is a bad practice , this code is repeating in + // several class, so this hard-coding strings will be removed once this code block is moved into a central location + // this should be done after the 3.1.0 release. + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password"); + String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location"); + String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Password"); + String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Location"); + + KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS"); + KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword); + return initSSLConnection(keyStore,keyStorePassword,trustStore); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException + |CertificateException | IOException | UnrecoverableKeyException e) { + log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e); + return null; + } + } + + private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException, + KeyStoreException, KeyManagementException { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); + trustManagerFactory.init(trustStore); + + // Create and initialize SSLContext for HTTPS communication + SSLContext sslContext = SSLContext.getInstance("SSLv3"); + sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + SSLContext.setDefault(sslContext); + return sslContext.getSocketFactory(); + } + + private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + InputStream fileInputStream = null; + try { + char[] keypassChar = ksPassword.toCharArray(); + KeyStore keyStore = KeyStore.getInstance(type); + fileInputStream = new FileInputStream(keyStorePath); + keyStore.load(fileInputStream, keypassChar); + return keyStore; + } finally { + if (fileInputStream != null) { + fileInputStream.close(); + } + } + } + + private static KeyStore loadTrustStore(String trustStorePath, String tsPassword) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + + return loadKeyStore(trustStorePath,tsPassword,"JKS"); + } + } diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java index 775ea200f..8352e375f 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java @@ -29,6 +29,7 @@ import feign.jaxrs.JAXRSContract; import feign.slf4j.Slf4jLogger; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.device.mgt.output.adapter.websocket.authentication.AuthenticationInfo; import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.OAuthRequestInterceptor; import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.AuthorizationRequest; @@ -40,16 +41,13 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils; import org.wso2.carbon.device.mgt.output.adapter.websocket.util.WebSocketSessionRequest; import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.*; import javax.websocket.Session; +import java.io.FileInputStream; import java.io.IOException; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; +import java.io.InputStream; +import java.security.*; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -125,16 +123,21 @@ public class DeviceAuthorizer implements Authorizer { return deviceMgtServerUrl; } - private static Client getSSLClient() { - return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { - @Override - public boolean verify(String s, SSLSession sslSession) { - return true; - } - }); + public static Client getSSLClient() { + boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification")); + if(isIgnoreHostnameVerification) { + return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + }else { + return new Client.Default(getTrustedSSLSocketFactory(), null); + } } - private static SSLSocketFactory getTrustedSSLSocketFactory() { + private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() { try { TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @@ -156,4 +159,63 @@ public class DeviceAuthorizer implements Authorizer { return null; } } + + //FIXME - I know hard-cording values is a bad practice , this code is repeating in + // several class, so this hard-coding strings will be removed once this code block is moved into a central location + // this should be done after the 3.1.0 release. + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password"); + String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location"); + String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Password"); + String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Location"); + + KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS"); + KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword); + return initSSLConnection(keyStore,keyStorePassword,trustStore); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException + |CertificateException | IOException | UnrecoverableKeyException e) { + log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e); + return null; + } + } + + private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException, + KeyStoreException, KeyManagementException { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); + trustManagerFactory.init(trustStore); + + // Create and initialize SSLContext for HTTPS communication + SSLContext sslContext = SSLContext.getInstance("SSLv3"); + sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + SSLContext.setDefault(sslContext); + return sslContext.getSocketFactory(); + } + + private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + InputStream fileInputStream = null; + try { + char[] keypassChar = ksPassword.toCharArray(); + KeyStore keyStore = KeyStore.getInstance(type); + fileInputStream = new FileInputStream(keyStorePath); + keyStore.load(fileInputStream, keypassChar); + return keyStore; + } finally { + if (fileInputStream != null) { + fileInputStream.close(); + } + } + } + + private static KeyStore loadTrustStore(String trustStorePath, String tsPassword) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + + return loadKeyStore(trustStorePath,tsPassword,"JKS"); + } + } \ No newline at end of file diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java index dedb95371..97219526e 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java @@ -29,6 +29,7 @@ import feign.jaxrs.JAXRSContract; import feign.slf4j.Slf4jLogger; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.AccessTokenInfo; import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.ApiApplicationKey; import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.ApiApplicationRegistrationService; @@ -37,15 +38,13 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client. import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils; import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; + +import javax.net.ssl.*; +import java.io.FileInputStream; import java.io.IOException; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; +import java.io.InputStream; +import java.security.*; +import java.security.cert.CertificateException; import java.util.Map; /** @@ -185,16 +184,21 @@ public class OAuthRequestInterceptor implements RequestInterceptor { return refreshTimeOffset; } - private static Client getSSLClient() { - return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { - @Override - public boolean verify(String s, SSLSession sslSession) { - return true; - } - }); + public static Client getSSLClient() { + boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification")); + if(isIgnoreHostnameVerification) { + return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + }else { + return new Client.Default(getTrustedSSLSocketFactory(), null); + } } - private static SSLSocketFactory getTrustedSSLSocketFactory() { + private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() { try { TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @@ -217,4 +221,62 @@ public class OAuthRequestInterceptor implements RequestInterceptor { } } + //FIXME - (line 223 - 280 block) I know hard-cording values is a bad practice , this code is repeating in + // several class, so this hard-coding strings will be removed once this code block is moved into a central location + // this should be done after the 3.1.0 release. + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password"); + String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location"); + String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Password"); + String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Location"); + + KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS"); + KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword); + return initSSLConnection(keyStore,keyStorePassword,trustStore); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException + |CertificateException | IOException | UnrecoverableKeyException e) { + log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e); + return null; + } + } + + private static SSLSocketFactory initSSLConnection(KeyStore keyStore, String keyStorePassword, KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException, + KeyStoreException, KeyManagementException { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); + trustManagerFactory.init(trustStore); + + // Create and initialize SSLContext for HTTPS communication + SSLContext sslContext = SSLContext.getInstance("SSLv3"); + sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + SSLContext.setDefault(sslContext); + return sslContext.getSocketFactory(); + } + + private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + InputStream fileInputStream = null; + try { + char[] keypassChar = ksPassword.toCharArray(); + KeyStore keyStore = KeyStore.getInstance(type); + fileInputStream = new FileInputStream(keyStorePath); + keyStore.load(fileInputStream, keypassChar); + return keyStore; + } finally { + if (fileInputStream != null) { + fileInputStream.close(); + } + } + } + + private static KeyStore loadTrustStore(String trustStorePath, String tsPassword) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + + return loadKeyStore(trustStorePath,tsPassword,"JKS"); + } + } diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java index ef79add18..c32ee0055 100644 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java @@ -42,6 +42,7 @@ import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.Aut import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal.AuthorizationDataHolder; import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util.AuthorizationCacheKey; import org.wso2.carbon.base.MultitenantConstants; +import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserStoreException; @@ -49,15 +50,12 @@ import org.wso2.carbon.user.api.UserStoreException; import javax.cache.Cache; import javax.cache.CacheConfiguration; import javax.cache.Caching; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.*; +import java.io.FileInputStream; import java.io.IOException; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; +import java.io.InputStream; +import java.security.*; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; import java.util.concurrent.TimeUnit; @@ -258,16 +256,21 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer { } } - private static Client getSSLClient() { - return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { - @Override - public boolean verify(String s, SSLSession sslSession) { - return true; - } - }); + public static Client getSSLClient() { + boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification")); + if(isIgnoreHostnameVerification) { + return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + }else { + return new Client.Default(getTrustedSSLSocketFactory(), null); + } } - private static SSLSocketFactory getTrustedSSLSocketFactory() { + private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() { try { TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @@ -290,4 +293,62 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer { } } + //FIXME - I know hard-cording values is a bad practice , this code is repeating in + // several class, so this hard-coding strings will be removed once this code block is moved into a central location + // this should be done after the 3.1.0 release. + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password"); + String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location"); + String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Password"); + String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Location"); + + KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS"); + KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword); + return initSSLConnection(keyStore,keyStorePassword,trustStore); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException + |CertificateException | IOException | UnrecoverableKeyException e) { + log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e); + return null; + } + } + + private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException, + KeyStoreException, KeyManagementException { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); + trustManagerFactory.init(trustStore); + + // Create and initialize SSLContext for HTTPS communication + SSLContext sslContext = SSLContext.getInstance("SSLv3"); + sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + SSLContext.setDefault(sslContext); + return sslContext.getSocketFactory(); + } + + private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + InputStream fileInputStream = null; + try { + char[] keypassChar = ksPassword.toCharArray(); + KeyStore keyStore = KeyStore.getInstance(type); + fileInputStream = new FileInputStream(keyStorePath); + keyStore.load(fileInputStream, keypassChar); + return keyStore; + } finally { + if (fileInputStream != null) { + fileInputStream.close(); + } + } + } + + private static KeyStore loadTrustStore(String trustStorePath, String tsPassword) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + + return loadKeyStore(trustStorePath,tsPassword,"JKS"); + } + } \ No newline at end of file diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java index 802adb19e..1cde68b66 100755 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java @@ -37,16 +37,14 @@ import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.ApiRegistrationProfile; import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.TokenIssuerService; import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager; +import org.wso2.carbon.base.ServerConfiguration; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.*; +import java.io.FileInputStream; import java.io.IOException; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; +import java.io.InputStream; +import java.security.*; +import java.security.cert.CertificateException; /** * This is a request interceptor to add oauth token header. @@ -129,16 +127,21 @@ public class OAuthRequestInterceptor implements RequestInterceptor { tokenIssuerService = null; } - private static Client getSSLClient() { - return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { - @Override - public boolean verify(String s, SSLSession sslSession) { - return true; - } - }); + public static Client getSSLClient() { + boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification")); + if(isIgnoreHostnameVerification) { + return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + }else { + return new Client.Default(getTrustedSSLSocketFactory(), null); + } } - private static SSLSocketFactory getTrustedSSLSocketFactory() { + private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() { try { TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @@ -161,4 +164,62 @@ public class OAuthRequestInterceptor implements RequestInterceptor { } } + //FIXME - I know hard-cording values is a bad practice , this code is repeating in + // several class, so this hard-coding strings will be removed once this code block is moved into a central location + // this should be done after the 3.1.0 release. + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password"); + String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location"); + String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Password"); + String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Location"); + + KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS"); + KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword); + return initSSLConnection(keyStore,keyStorePassword,trustStore); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException + |CertificateException | IOException | UnrecoverableKeyException e) { + log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e); + return null; + } + } + + private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException, + KeyStoreException, KeyManagementException { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); + trustManagerFactory.init(trustStore); + + // Create and initialize SSLContext for HTTPS communication + SSLContext sslContext = SSLContext.getInstance("SSLv3"); + sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + SSLContext.setDefault(sslContext); + return sslContext.getSocketFactory(); + } + + private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + InputStream fileInputStream = null; + try { + char[] keypassChar = ksPassword.toCharArray(); + KeyStore keyStore = KeyStore.getInstance(type); + fileInputStream = new FileInputStream(keyStorePath); + keyStore.load(fileInputStream, keypassChar); + return keyStore; + } finally { + if (fileInputStream != null) { + fileInputStream.close(); + } + } + } + + private static KeyStore loadTrustStore(String trustStorePath, String tsPassword) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + + return loadKeyStore(trustStorePath,tsPassword,"JKS"); + } + }