From 0fbe062e49781623cb894bc5c144e91005040a98 Mon Sep 17 00:00:00 2001 From: Pahansith Gunathilake Date: Tue, 5 Sep 2023 07:58:13 +0000 Subject: [PATCH] Fix the SSL error when invoking internal API via HttpClient (#215) Co-authored-by: Pahansith Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/215 --- .../pom.xml | 5 ++ .../core/impl/SubscriptionManagerImpl.java | 80 ++++++++++++------- .../application/mgt/core/util/Constants.java | 2 + pom.xml | 2 +- 4 files changed, 60 insertions(+), 29 deletions(-) diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/pom.xml b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/pom.xml index f30bd9137e..5a713e5f5e 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/pom.xml +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/pom.xml @@ -112,6 +112,11 @@ + + + org.apache.httpcomponents + httpclient + org.eclipse.osgi org.eclipse.osgi diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/SubscriptionManagerImpl.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/SubscriptionManagerImpl.java index 61e3961e12..fceb70e072 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/SubscriptionManagerImpl.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/SubscriptionManagerImpl.java @@ -26,18 +26,20 @@ import io.entgra.device.mgt.core.application.mgt.core.dao.VppApplicationDAO; import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException; import io.entgra.device.mgt.core.device.mgt.core.DeviceManagementConstants; import io.entgra.device.mgt.core.application.mgt.core.exception.UnexpectedServerErrorException; -import io.entgra.device.mgt.core.application.mgt.core.util.VppHttpUtil; import io.entgra.device.mgt.core.device.mgt.extensions.logger.spi.EntgraLogger; import io.entgra.device.mgt.core.notification.logger.AppInstallLogContext; import io.entgra.device.mgt.core.notification.logger.impl.EntgraAppInstallLoggerImpl; import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.HttpException; -import org.apache.commons.httpclient.HttpMethodBase; -import org.apache.commons.httpclient.methods.PostMethod; -import org.apache.commons.httpclient.methods.StringRequestEntity; import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; + +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.entity.StringEntity; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; import org.json.JSONArray; import org.json.JSONObject; import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey; @@ -106,6 +108,9 @@ import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URL; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; @@ -1297,38 +1302,37 @@ public class SubscriptionManagerImpl implements SubscriptionManager { } } - private int invokeIOTCoreAPI(HttpMethodBase request) throws UserStoreException, APIManagerException, IOException { - HttpClient httpClient; + private int invokeIOTCoreAPI(HttpPost request) throws UserStoreException, APIManagerException, IOException, + ApplicationManagementException { + CloseableHttpClient httpClient = getHttpClient(); String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); ApiApplicationKey apiApplicationKey = OAuthUtils.getClientCredentials(tenantDomain); String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration() .getAdminUserName() + Constants.ApplicationInstall.AT + tenantDomain; AccessTokenInfo tokenInfo = OAuthUtils.getOAuthCredentials(apiApplicationKey, username); - request.addRequestHeader(Constants.ApplicationInstall.AUTHORIZATION, + request.addHeader(Constants.ApplicationInstall.AUTHORIZATION, Constants.ApplicationInstall.AUTHORIZATION_HEADER_VALUE + tokenInfo.getAccessToken()); - httpClient = new HttpClient(); - httpClient.executeMethod(request); - return request.getStatusCode(); + HttpResponse response = httpClient.execute(request); + return response.getStatusLine().getStatusCode(); } public int installEnrollmentApplications(ApplicationPolicyDTO applicationPolicyDTO) throws ApplicationManagementException { - - PostMethod request; + String requestUrl =null; try { - String requestUrl = Constants.ApplicationInstall.ENROLLMENT_APP_INSTALL_PROTOCOL + System - .getProperty(Constants.ApplicationInstall.IOT_CORE_HOST) + Constants.ApplicationInstall.COLON + requestUrl = Constants.ApplicationInstall.ENROLLMENT_APP_INSTALL_PROTOCOL + System + .getProperty(Constants.ApplicationInstall.IOT_GATEWAY_HOST) + Constants.ApplicationInstall.COLON + System.getProperty(Constants.ApplicationInstall.IOT_CORE_PORT) + Constants.ApplicationInstall.GOOGLE_APP_INSTALL_URL; Gson gson = new Gson(); String payload = gson.toJson(applicationPolicyDTO); + HttpPost httpPost = new HttpPost(requestUrl); - StringRequestEntity requestEntity = new StringRequestEntity(payload, MediaType.APPLICATION_JSON, - Constants.ApplicationInstall.ENCODING); - request = new PostMethod(requestUrl); - request.setRequestEntity(requestEntity); - return invokeIOTCoreAPI(request); + StringEntity stringEntity = new StringEntity(payload, Constants.ApplicationInstall.ENCODING); + httpPost.addHeader("Content-Type",MediaType.APPLICATION_JSON); + httpPost.setEntity(stringEntity); + return invokeIOTCoreAPI(httpPost); } catch (UserStoreException e) { String msg = "Error while accessing user store for user with Android device."; log.error(msg, e); @@ -1337,18 +1341,38 @@ public class SubscriptionManagerImpl implements SubscriptionManager { String msg = "Error while retrieving access token for Android device"; log.error(msg, e); throw new ApplicationManagementException(msg, e); - } catch (HttpException e) { - String msg = "Error while calling the app store to install enrollment app with id: " + applicationPolicyDTO - .getApplicationDTO().getId() + " on device"; - log.error(msg, e); - throw new ApplicationManagementException(msg, e); } catch (IOException e) { String msg = "Error while installing the enrollment with id: " + applicationPolicyDTO.getApplicationDTO().getId() - + " on device"; + + " on device: request URL: " + requestUrl; + log.error(msg + "request url: " + requestUrl, e); + throw new ApplicationManagementException(msg, e); + } + } + + private CloseableHttpClient getHttpClient() throws ApplicationManagementException { + try { + SSLContextBuilder builder = new SSLContextBuilder(); + builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); + SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build()); + return HttpClients.custom().setSSLSocketFactory(sslsf).useSystemProperties().build(); + } catch (NoSuchAlgorithmException e) { + String msg = "Failed while building the http client for EntApp installation. " + + "Used SSL algorithm not available"; + log.error(msg, e); + throw new ApplicationManagementException(msg, e); + } catch (KeyStoreException e) { + String msg = "Failed while building the http client for EntApp installation. " + + "Failed to load required key stores"; + log.error(msg, e); + throw new ApplicationManagementException(msg, e); + } catch (KeyManagementException e) { + String msg = "Failed while building the http client for EntApp installation. " + + "Failed while building SSL context"; log.error(msg, e); throw new ApplicationManagementException(msg, e); } + } private String getIOTCoreBaseUrl() { diff --git a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java index 66976763e8..767b5e2bd2 100644 --- a/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java +++ b/components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java @@ -178,6 +178,8 @@ public class Constants { public static final String DEVICE_TYPE_ANDROID = "android"; public static final String COLON = ":"; public static final String IOT_CORE_HOST = "iot.core.host"; + + public static final String IOT_GATEWAY_HOST = "iot.gateway.host"; public static final String IOT_CORE_PORT = "iot.core.https.port"; public static final String ENROLLMENT_APP_INSTALL_PROTOCOL = "https://"; public static final String GOOGLE_APP_INSTALL_URL = "/api/device-mgt/android/v1.0/enterprise/change-app"; diff --git a/pom.xml b/pom.xml index 026b0bb4d4..07205ca653 100644 --- a/pom.xml +++ b/pom.xml @@ -2145,7 +2145,7 @@ 9.3.1 1.1.1 1.2 - 4.5.6 + 4.5.13 4.4.10 4.5.8