From b82fd2562d4c5406ab9a11626860c671db67035b Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Tue, 3 May 2016 19:28:42 +0530 Subject: [PATCH 1/4] Adding permissions checking for isAuthorized --- ...VirtualFireAlarmControllerServiceImpl.java | 69 ++++++++++--------- 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java index 2ff68416b..b77f4e23e 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java @@ -27,18 +27,19 @@ import org.wso2.carbon.apimgt.annotations.api.Permission; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; import org.wso2.carbon.device.mgt.iot.controlqueue.mqtt.MqttConfig; import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppConfig; import org.wso2.carbon.device.mgt.iot.service.IoTServerStartupListener; import org.wso2.carbon.device.mgt.iot.transport.TransportHandlerException; +import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.dto.DeviceData; -import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.transport.VirtualFireAlarmXMPPConnector; -import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.SecurityManager; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.dto.SensorRecord; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.transport.VirtualFireAlarmMQTTConnector; +import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.transport.VirtualFireAlarmXMPPConnector; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.APIUtil; +import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.SecurityManager; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.VirtualFireAlarmServiceUtils; -import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.Consumes; @@ -72,7 +73,7 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo // holds a mapping of the IP addresses to Device-IDs for HTTP communication private ConcurrentHashMap deviceToIpMap = new ConcurrentHashMap<>(); - @Permission(scope = "virtual_firealarm_user", permissions = {"device-mgt/virtual_firealarm/user"}) + @Permission(scope = "virtual_firealarm_user", permissions = { "device-mgt/virtual_firealarm/user" }) @POST @Path("device/register/{deviceId}/{ip}/{port}") public Response registerDeviceIP(@PathParam("deviceId") String deviceId, @PathParam("ip") String deviceIP, @@ -107,8 +108,9 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo protocolString); } try { - if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - VirtualFireAlarmConstants.DEVICE_TYPE))) { + if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized( + new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE), + DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } switch (protocolString) { @@ -155,8 +157,8 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo return Response.status(Response.Status.CONFLICT).build(); } try { - if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - VirtualFireAlarmConstants.DEVICE_TYPE))) { + if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized( + new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE))) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } if (!VirtualFireAlarmServiceUtils.publishToDAS(dataMsg.deviceId, dataMsg.value)) { @@ -175,33 +177,34 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo @Produces("application/json") public Response getVirtualFirealarmStats(@PathParam("deviceId") String deviceId, @QueryParam("from") long from, @QueryParam("to") long to) { - String fromDate = String.valueOf(from); - String toDate = String.valueOf(to); - String query = "deviceId:" + deviceId + " AND deviceType:" + - VirtualFireAlarmConstants.DEVICE_TYPE + " AND time : [" + fromDate + " TO " + toDate + "]"; - String sensorTableName = VirtualFireAlarmConstants.TEMPERATURE_EVENT_TABLE; - try { - if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - VirtualFireAlarmConstants.DEVICE_TYPE))) { - return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); - } - if (sensorTableName != null) { - List sortByFields = new ArrayList<>(); - SortByField sortByField = new SortByField("time", SORT.ASC, false); - sortByFields.add(sortByField); - List sensorRecords = APIUtil.getAllEventsForDevice(sensorTableName, query, sortByFields); - return Response.status(Response.Status.OK.getStatusCode()).entity(sensorRecords).build(); - } - } catch (AnalyticsException e) { - String errorMsg = "Error on retrieving stats on table " + sensorTableName + " with query " + query; - log.error(errorMsg); - return Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).entity(errorMsg).build(); - } catch (DeviceAccessAuthorizationException e) { - log.error(e.getErrorMessage(), e); - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + String fromDate = String.valueOf(from); + String toDate = String.valueOf(to); + String query = "deviceId:" + deviceId + " AND deviceType:" + + VirtualFireAlarmConstants.DEVICE_TYPE + " AND time : [" + fromDate + " TO " + toDate + "]"; + String sensorTableName = VirtualFireAlarmConstants.TEMPERATURE_EVENT_TABLE; + try { + if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized( + new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE), + DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) { + return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } - return Response.status(Response.Status.BAD_REQUEST).build(); + if (sensorTableName != null) { + List sortByFields = new ArrayList<>(); + SortByField sortByField = new SortByField("time", SORT.ASC, false); + sortByFields.add(sortByField); + List sensorRecords = APIUtil.getAllEventsForDevice(sensorTableName, query, sortByFields); + return Response.status(Response.Status.OK.getStatusCode()).entity(sensorRecords).build(); + } + } catch (AnalyticsException e) { + String errorMsg = "Error on retrieving stats on table " + sensorTableName + " with query " + query; + log.error(errorMsg); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()).entity(errorMsg).build(); + } catch (DeviceAccessAuthorizationException e) { + log.error(e.getErrorMessage(), e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } + return Response.status(Response.Status.BAD_REQUEST).build(); + } private boolean waitForServerStartup() { while (!IoTServerStartupListener.isServerReady()) { From 0914b94dfc33f00376722cf124a720ca4859238e Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Tue, 3 May 2016 20:56:59 +0530 Subject: [PATCH 2/4] Adding policy update --- ...VirtualFireAlarmControllerServiceImpl.java | 39 +++++++++++++++++++ .../constants/VirtualFireAlarmConstants.java | 1 + 2 files changed, 40 insertions(+) diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java index b77f4e23e..e145c9ad6 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java @@ -46,6 +46,7 @@ import javax.ws.rs.Consumes; import javax.ws.rs.FormParam; import javax.ws.rs.GET; import javax.ws.rs.POST; +import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; @@ -140,6 +141,44 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo } } + @PUT + @Path("device/update-policy") + public Response updatePolicy(@PathParam("deviceId") String deviceId, @QueryParam("protocol") String protocol, + @FormParam("policy") String policy) { + String protocolString = protocol.toUpperCase(); + if (log.isDebugEnabled()) { + log.debug("Sending request to update-policy of device [" + deviceId + "] via " + + protocolString); + } + try { + if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized( + new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE), + DeviceGroupConstants.Permissions.DEFAULT_MANAGE_POLICIES_PERMISSIONS)) { + return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); + } + switch (protocolString) { + case HTTP_PROTOCOL: + throw new UnsupportedOperationException( + "Sending request to update-policy via HTTP protocol not supported."); + case XMPP_PROTOCOL: + String xmppResource = VirtualFireAlarmConstants.POLICY_CONTEXT.replace("/", ""); + virtualFireAlarmXMPPConnector.publishDeviceData(deviceId, xmppResource, policy); + break; + default: + String mqttResource = VirtualFireAlarmConstants.POLICY_CONTEXT.replace("/", ""); + virtualFireAlarmMQTTConnector.publishDeviceData(deviceId, mqttResource, policy); + break; + } + return Response.ok().build(); + } catch (TransportHandlerException e) { + log.error("Failed to send update-policy request to device [" + deviceId + "] via " + protocolString); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } catch (DeviceAccessAuthorizationException e) { + log.error(e.getErrorMessage(), e); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); + } + } + @POST @Path("device/temperature") @Consumes(MediaType.APPLICATION_JSON) diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/constants/VirtualFireAlarmConstants.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/constants/VirtualFireAlarmConstants.java index 5c4f03dd0..3c8ef2de5 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/constants/VirtualFireAlarmConstants.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/constants/VirtualFireAlarmConstants.java @@ -27,6 +27,7 @@ public class VirtualFireAlarmConstants { public static final String URL_PREFIX = "http://"; public static final String BULB_CONTEXT = "/BULB/"; + public static final String POLICY_CONTEXT = "/POLICY/"; public static final String HUMIDITY_CONTEXT = "/HUMIDITY/"; public static final String TEMPERATURE_CONTEXT = "/TEMPERATURE/"; From d211f3e3581be28c45b02f7750801f561849581b Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Wed, 4 May 2016 00:37:57 +0530 Subject: [PATCH 3/4] Fixing File not found exception for cet_query.txt --- .../src/main/resources/advanced_agent/cep_query.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/advanced_agent/cep_query.txt diff --git a/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/advanced_agent/cep_query.txt b/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/advanced_agent/cep_query.txt new file mode 100644 index 000000000..17546ece2 --- /dev/null +++ b/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/advanced_agent/cep_query.txt @@ -0,0 +1,11 @@ +define stream fireAlarmEventStream (deviceID string, temp int); +from fireAlarmEventStream#window.time(7886776 sec) +select deviceID, max(temp) as maxValue +group by deviceID +insert into analyzeStream for expired-events; +from analyzeStream[maxValue < 88] +select maxValue +insert into bulbOnStream; +from fireAlarmEventStream[temp > 1093] +select deviceID, temp +insert into bulbOffStream; \ No newline at end of file From 7a5acb6f583610bc45b780e8606b13b3fa271adc Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Wed, 4 May 2016 00:49:07 +0530 Subject: [PATCH 4/4] Adding group permission checking --- .../AndroidSenseControllerServiceImpl.java | 7 +++--- .../impl/AndroidSenseManagerServiceImpl.java | 7 ++++-- .../impl/ArduinoControllerServiceImpl.java | 8 ++++--- .../RaspberryPiControllerServiceImpl.java | 5 ++-- .../enrollment/EnrollmentManager.java | 12 +++++++--- ...VirtualFireAlarmControllerServiceImpl.java | 2 +- .../VirtualFireAlarmManagerServiceImpl.java | 23 +++++++++++-------- 7 files changed, 41 insertions(+), 23 deletions(-) diff --git a/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseControllerServiceImpl.java b/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseControllerServiceImpl.java index 369dc9369..778ee067b 100644 --- a/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseControllerServiceImpl.java +++ b/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseControllerServiceImpl.java @@ -26,6 +26,7 @@ import org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsException import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.transport.AndroidSenseMQTTConnector; import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.APIUtil; import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.SensorRecord; @@ -78,7 +79,7 @@ public class AndroidSenseControllerServiceImpl implements AndroidSenseController public Response sendThreshold(@PathParam("deviceId") String deviceId, @QueryParam("threshold") String threshold) { try { if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - AndroidSenseConstants.DEVICE_TYPE))) { + AndroidSenseConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } androidSenseMQTTConnector.publishDeviceData(deviceId, "threshold", threshold); @@ -96,7 +97,7 @@ public class AndroidSenseControllerServiceImpl implements AndroidSenseController public Response removeKeyWords(@PathParam("deviceId") String deviceId, @QueryParam("words") String words) { try { if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - AndroidSenseConstants.DEVICE_TYPE))) { + AndroidSenseConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } androidSenseMQTTConnector.publishDeviceData(deviceId, "remove", words); @@ -127,7 +128,7 @@ public class AndroidSenseControllerServiceImpl implements AndroidSenseController try { if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - AndroidSenseConstants.DEVICE_TYPE))) { + AndroidSenseConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } List sensorDatas; diff --git a/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseManagerServiceImpl.java b/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseManagerServiceImpl.java index a195a5eae..52bdc9bef 100644 --- a/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseManagerServiceImpl.java +++ b/components/iot-plugins/androidsense-plugin/org.wso2.carbon.device.mgt.iot.androidsense.api/src/main/java/org/wso2/carbon/device/mgt/iot/androidsense/service/impl/AndroidSenseManagerServiceImpl.java @@ -25,6 +25,7 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.APIUtil; import org.wso2.carbon.device.mgt.iot.androidsense.plugin.constants.AndroidSenseConstants; import org.wso2.carbon.device.mgt.iot.androidsense.service.impl.util.AndroidConfiguration; @@ -108,7 +109,8 @@ public class AndroidSenseManagerServiceImpl implements AndroidSenseManagerServic deviceIdentifier.setId(deviceId); deviceIdentifier.setType(AndroidSenseConstants.DEVICE_TYPE); try { - if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) { + if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants. + Permissions.DEFAULT_ADMIN_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } boolean removed = APIUtil.getDeviceManagementService().disenrollDevice(deviceIdentifier); @@ -133,7 +135,8 @@ public class AndroidSenseManagerServiceImpl implements AndroidSenseManagerServic deviceIdentifier.setId(deviceId); deviceIdentifier.setType(AndroidSenseConstants.DEVICE_TYPE); try { - if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) { + if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants. + Permissions.DEFAULT_ADMIN_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } Device device = APIUtil.getDeviceManagementService().getDevice(deviceIdentifier); diff --git a/components/iot-plugins/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoControllerServiceImpl.java b/components/iot-plugins/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoControllerServiceImpl.java index 342f63dd9..795885f4f 100644 --- a/components/iot-plugins/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoControllerServiceImpl.java +++ b/components/iot-plugins/arduino-plugin/org.wso2.carbon.device.mgt.iot.arduino.api/src/main/java/org/wso2/carbon/device/mgt/iot/arduino/service/impl/ArduinoControllerServiceImpl.java @@ -26,6 +26,7 @@ import org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsException import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; import org.wso2.carbon.device.mgt.iot.arduino.service.impl.dto.SensorRecord; import org.wso2.carbon.device.mgt.iot.arduino.service.impl.util.APIUtil; import org.wso2.carbon.device.mgt.iot.arduino.plugin.constants.ArduinoConstants; @@ -54,7 +55,8 @@ public class ArduinoControllerServiceImpl implements ArduinoControllerService { public Response switchBulb(@PathParam("deviceId") String deviceId, @QueryParam("state") String state) { try { if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - ArduinoConstants.DEVICE_TYPE))) { + ArduinoConstants.DEVICE_TYPE), + DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } LinkedList deviceControlList = internalControlsQueue.get(deviceId); @@ -79,7 +81,7 @@ public class ArduinoControllerServiceImpl implements ArduinoControllerService { public Response readControls(@PathParam("deviceId") String deviceId) { try { if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - ArduinoConstants.DEVICE_TYPE))) { + ArduinoConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } String result; @@ -121,7 +123,7 @@ public class ArduinoControllerServiceImpl implements ArduinoControllerService { @QueryParam("to") long to) { try { if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - ArduinoConstants.DEVICE_TYPE))) { + ArduinoConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } String fromDate = String.valueOf(from); diff --git a/components/iot-plugins/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiControllerServiceImpl.java b/components/iot-plugins/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiControllerServiceImpl.java index 490480b01..0756caaac 100644 --- a/components/iot-plugins/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiControllerServiceImpl.java +++ b/components/iot-plugins/raspberrypi-plugin/org.wso2.carbon.device.mgt.iot.raspberrypi.api/src/main/java/org/wso2/carbon/device/mgt/iot/raspberrypi/service/impl/RaspberryPiControllerServiceImpl.java @@ -25,6 +25,7 @@ import org.wso2.carbon.analytics.dataservice.commons.SortByField; import org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsException; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; import org.wso2.carbon.device.mgt.iot.controlqueue.mqtt.MqttConfig; import org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.dto.SensorRecord; import org.wso2.carbon.device.mgt.iot.raspberrypi.service.impl.transport.RaspberryPiMQTTConnector; @@ -56,7 +57,7 @@ public class RaspberryPiControllerServiceImpl implements RaspberryPiControllerSe public Response switchBulb(@PathParam("deviceId") String deviceId, @QueryParam("state") String state) { try { if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - RaspberrypiConstants.DEVICE_TYPE))) { + RaspberrypiConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } String switchToState = state.toUpperCase(); @@ -90,7 +91,7 @@ public class RaspberryPiControllerServiceImpl implements RaspberryPiControllerSe String sensorTableName = RaspberrypiConstants.TEMPERATURE_EVENT_TABLE; try { if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(new DeviceIdentifier(deviceId, - RaspberrypiConstants.DEVICE_TYPE))) { + RaspberrypiConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } List sortByFields = new ArrayList<>(); diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/enrollment/EnrollmentManager.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/enrollment/EnrollmentManager.java index b68a402d7..a60f25f03 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/enrollment/EnrollmentManager.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/enrollment/EnrollmentManager.java @@ -44,6 +44,7 @@ import org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.core.Agent import org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.exception.AgentCoreOperationException; import sun.security.x509.X509CertImpl; +import java.io.IOException; import java.math.BigInteger; import java.net.MalformedURLException; import java.net.URL; @@ -82,6 +83,7 @@ public class EnrollmentManager { private static final String KEY_PAIR_ALGORITHM = "RSA"; private static final String PROVIDER = "BC"; private static final String SIGNATURE_ALG = "SHA1withRSA"; + private static final String CERT_IS_CA_EXTENSION = "is_ca"; private static final int KEY_SIZE = 2048; // Seed to our PRNG. Make sure this is initialised randomly, NOT LIKE THIS @@ -376,9 +378,9 @@ public class EnrollmentManager { log.debug(((X509Certificate) cert).getIssuerDN().getName()); } - //TODO: Need to identify the correct certificate. - // I have chosen the CA cert based on its BasicConstraint criticality being set to "true" - if (((X509CertImpl) cert).getBasicConstraintsExtension().isCritical()) { + // I have chosen the CA cert based on its BasicConstraintExtension "is_ca" being set to "true" + // This is because the returned keystore may contain many certificates including RAs. + if (((Boolean) ((X509CertImpl) cert).getBasicConstraintsExtension().get(CERT_IS_CA_EXTENSION))) { serverCertPublicKey = cert.getPublicKey(); } } @@ -396,6 +398,10 @@ public class EnrollmentManager { String errorMsg = "Could not retrieve [Server-Certificates] from the response message from SCEP-Server."; log.error(errorMsg); throw new AgentCoreOperationException(errorMsg, e); + } catch (IOException e) { + String errorMsg = "Error occurred whilst trying to get property ['is_ca'] from the retreived Certificates"; + log.error(errorMsg); + throw new AgentCoreOperationException(errorMsg, e); } return serverCertPublicKey; diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java index e145c9ad6..e7c6a93dd 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmControllerServiceImpl.java @@ -142,7 +142,7 @@ public class VirtualFireAlarmControllerServiceImpl implements VirtualFireAlarmCo } @PUT - @Path("device/update-policy") + @Path("device/{deviceId}/policy") public Response updatePolicy(@PathParam("deviceId") String deviceId, @QueryParam("protocol") String protocol, @FormParam("policy") String policy) { String protocolString = protocol.toUpperCase(); diff --git a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmManagerServiceImpl.java b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmManagerServiceImpl.java index 43189aaad..d5af4821b 100644 --- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmManagerServiceImpl.java +++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/service/impl/VirtualFireAlarmManagerServiceImpl.java @@ -30,13 +30,14 @@ import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationException; +import org.wso2.carbon.device.mgt.common.group.mgt.DeviceGroupConstants; import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppAccount; import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppConfig; import org.wso2.carbon.device.mgt.iot.controlqueue.xmpp.XmppServerClient; import org.wso2.carbon.device.mgt.iot.exception.DeviceControllerException; import org.wso2.carbon.device.mgt.iot.util.ZipArchive; -import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.APIUtil; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants; +import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.APIUtil; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.service.impl.util.ZipUtil; import org.wso2.carbon.identity.jwt.client.extension.JWTClient; import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo; @@ -75,7 +76,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag DeviceIdentifier deviceIdentifier = new DeviceIdentifier(); deviceIdentifier.setId(deviceId); deviceIdentifier.setType(VirtualFireAlarmConstants.DEVICE_TYPE); - if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) { + if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants. + Permissions.DEFAULT_ADMIN_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } boolean removed = APIUtil.getDeviceManagementService().disenrollDevice( @@ -101,7 +103,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag DeviceIdentifier deviceIdentifier = new DeviceIdentifier(); deviceIdentifier.setId(deviceId); deviceIdentifier.setType(VirtualFireAlarmConstants.DEVICE_TYPE); - if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier)) { + if (!APIUtil.getDeviceAccessAuthorizationService().isUserAuthorized(deviceIdentifier, DeviceGroupConstants. + Permissions.DEFAULT_ADMIN_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } Device device = APIUtil.getDeviceManagementService().getDevice(deviceIdentifier); @@ -158,7 +161,7 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag ArrayList userDevicesforFirealarm = new ArrayList<>(); for (Device device : userDevices) { if (device.getType().equals(VirtualFireAlarmConstants.DEVICE_TYPE) && - device.getEnrolmentInfo().getStatus().equals(EnrolmentInfo.Status.ACTIVE)) { + device.getEnrolmentInfo().getStatus().equals(EnrolmentInfo.Status.ACTIVE)) { userDevicesforFirealarm.add(device); } } @@ -239,8 +242,9 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag //create new device id String deviceId = shortUUID(); if (apiApplicationKey == null) { - String applicationUsername = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration() - .getAdminUserName(); + String applicationUsername = + PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration() + .getAdminUserName(); APIManagementProviderService apiManagementProviderService = APIUtil.getAPIManagementProviderService(); String[] tags = {VirtualFireAlarmConstants.DEVICE_TYPE}; apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys( @@ -249,7 +253,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag JWTClient jwtClient = APIUtil.getJWTClientManagerService().getJWTClient(); String scopes = "device_type_" + VirtualFireAlarmConstants.DEVICE_TYPE + " device_" + deviceId; AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(apiApplicationKey.getConsumerKey(), - apiApplicationKey.getConsumerSecret(), owner, scopes); + apiApplicationKey.getConsumerSecret(), owner, + scopes); String accessToken = accessTokenInfo.getAccessToken(); String refreshToken = accessTokenInfo.getRefreshToken(); //adding registering data @@ -266,8 +271,8 @@ public class VirtualFireAlarmManagerServiceImpl implements VirtualFireAlarmManag if (!status) { String msg = "XMPP Account was not created for device - " + deviceId + " of owner - " + owner + - ".XMPP might have been disabled in org.wso2.carbon.device.mgt.iot" + - ".common.config.server.configs"; + ".XMPP might have been disabled in org.wso2.carbon.device.mgt.iot" + + ".common.config.server.configs"; throw new DeviceManagementException(msg); } }