added ssl context

revert-dabc3590
ayyoob 8 years ago
parent dfc348f043
commit 384ab40f5b

@ -67,7 +67,8 @@
feign.gson, feign.gson,
org.json.simple.*, org.json.simple.*,
org.wso2.carbon.appmgt.mobile.beans, org.wso2.carbon.appmgt.mobile.beans,
org.wso2.carbon.context org.wso2.carbon.context,
javax.net.ssl
</Import-Package> </Import-Package>
<Export-Package> <Export-Package>
!org.wso2.carbon.appmgt.mdm.restconnector.internal, !org.wso2.carbon.appmgt.mdm.restconnector.internal,

@ -17,6 +17,7 @@
*/ */
package org.wso2.carbon.appmgt.mdm.restconnector; package org.wso2.carbon.appmgt.mdm.restconnector;
import feign.Client;
import feign.Feign; import feign.Feign;
import feign.gson.GsonDecoder; import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder; import feign.gson.GsonEncoder;
@ -44,6 +45,14 @@ import org.wso2.carbon.appmgt.mobile.utils.MobileApplicationException;
import org.wso2.carbon.appmgt.mobile.utils.MobileConfigurations; import org.wso2.carbon.appmgt.mobile.utils.MobileConfigurations;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
@ -62,12 +71,12 @@ public class ApplicationOperationsImpl implements ApplicationOperations {
public ApplicationOperationsImpl() { public ApplicationOperationsImpl() {
String authorizationConfigManagerServerURL = AuthorizationConfigurationManager.getInstance().getServerURL(); String authorizationConfigManagerServerURL = AuthorizationConfigurationManager.getInstance().getServerURL();
OAuthRequestInterceptor oAuthRequestInterceptor = new OAuthRequestInterceptor(); OAuthRequestInterceptor oAuthRequestInterceptor = new OAuthRequestInterceptor();
deviceManagementAdminService = Feign.builder() deviceManagementAdminService = Feign.builder().client(getSSLClient())
.requestInterceptor(oAuthRequestInterceptor) .requestInterceptor(oAuthRequestInterceptor)
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(DeviceManagementAdminService.class, .target(DeviceManagementAdminService.class,
authorizationConfigManagerServerURL + CDMF_SERVER_BASE_CONTEXT); authorizationConfigManagerServerURL + CDMF_SERVER_BASE_CONTEXT);
applicationManagementAdminService = Feign.builder() applicationManagementAdminService = Feign.builder().client(getSSLClient())
.requestInterceptor(oAuthRequestInterceptor) .requestInterceptor(oAuthRequestInterceptor)
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(ApplicationManagementAdminService.class, .target(ApplicationManagementAdminService.class,
@ -271,4 +280,37 @@ public class ApplicationOperationsImpl implements ApplicationOperations {
log.error(errorMessage); log.error(errorMessage);
} }
} }
private static Client getSSLClient() {
return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
private static SSLSocketFactory getTrustedSSLSocketFactory() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
return sc.getSocketFactory();
} catch (KeyManagementException | NoSuchAlgorithmException e) {
return null;
}
}
} }

@ -17,6 +17,7 @@
*/ */
package org.wso2.carbon.appmgt.mdm.restconnector.authorization.client; package org.wso2.carbon.appmgt.mdm.restconnector.authorization.client;
import feign.Client;
import feign.Feign; import feign.Feign;
import feign.RequestInterceptor; import feign.RequestInterceptor;
import feign.RequestTemplate; import feign.RequestTemplate;
@ -33,6 +34,15 @@ import org.wso2.carbon.appmgt.mdm.restconnector.authorization.client.dto.TokenIs
import org.wso2.carbon.appmgt.mdm.restconnector.config.AuthorizationConfigurationManager; import org.wso2.carbon.appmgt.mdm.restconnector.config.AuthorizationConfigurationManager;
import org.wso2.carbon.appmgt.mdm.restconnector.internal.AuthorizationDataHolder; import org.wso2.carbon.appmgt.mdm.restconnector.internal.AuthorizationDataHolder;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
/** /**
* This is a request interceptor to add oauth token header. * This is a request interceptor to add oauth token header.
*/ */
@ -54,7 +64,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
refreshTimeOffset = AuthorizationConfigurationManager.getInstance().getTokenRefreshTimeOffset(); refreshTimeOffset = AuthorizationConfigurationManager.getInstance().getTokenRefreshTimeOffset();
String username = AuthorizationConfigurationManager.getInstance().getUserName(); String username = AuthorizationConfigurationManager.getInstance().getUserName();
String password = AuthorizationConfigurationManager.getInstance().getPassword(); String password = AuthorizationConfigurationManager.getInstance().getPassword();
apiApplicationRegistrationService = Feign.builder().requestInterceptor( apiApplicationRegistrationService = Feign.builder().client(getSSLClient()).requestInterceptor(
new BasicAuthRequestInterceptor(username, password)) new BasicAuthRequestInterceptor(username, password))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(ApiApplicationRegistrationService.class, .target(ApiApplicationRegistrationService.class,
@ -82,7 +92,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
String consumerSecret = apiApplicationKey.getConsumerSecret(); String consumerSecret = apiApplicationKey.getConsumerSecret();
String username = AuthorizationConfigurationManager.getInstance().getUserName(); String username = AuthorizationConfigurationManager.getInstance().getUserName();
String password = AuthorizationConfigurationManager.getInstance().getPassword(); String password = AuthorizationConfigurationManager.getInstance().getPassword();
tokenIssuerService = Feign.builder().requestInterceptor( tokenIssuerService = Feign.builder().client(getSSLClient()).requestInterceptor(
new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) new BasicAuthRequestInterceptor(consumerKey, consumerSecret))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(TokenIssuerService.class, AuthorizationConfigurationManager.getInstance().getTokenApiURL()); .target(TokenIssuerService.class, AuthorizationConfigurationManager.getInstance().getTokenApiURL());
@ -98,4 +108,37 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
String headerValue = Constants.RestConstants.BEARER + tokenInfo.getAccess_token(); String headerValue = Constants.RestConstants.BEARER + tokenInfo.getAccess_token();
template.header(Constants.RestConstants.AUTHORIZATION, headerValue); template.header(Constants.RestConstants.AUTHORIZATION, headerValue);
} }
private static Client getSSLClient() {
return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
private static SSLSocketFactory getTrustedSSLSocketFactory() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
return sc.getSocketFactory();
} catch (KeyManagementException | NoSuchAlgorithmException e) {
return null;
}
}
} }

@ -160,7 +160,8 @@
org.wso2.carbon.core.util, org.wso2.carbon.core.util,
org.wso2.carbon.identity.oauth2.*, org.wso2.carbon.identity.oauth2.*,
org.wso2.carbon.utils, org.wso2.carbon.utils,
org.wso2.carbon.utils.multitenancy org.wso2.carbon.utils.multitenancy,
javax.net.ssl
</Import-Package> </Import-Package>
<Embed-Dependency> <Embed-Dependency>
jsr311-api, jsr311-api,

@ -17,6 +17,7 @@
*/ */
package org.wso2.carbon.device.mgt.input.adapter.http.authorization; package org.wso2.carbon.device.mgt.input.adapter.http.authorization;
import feign.Client;
import feign.Feign; import feign.Feign;
import feign.FeignException; import feign.FeignException;
import feign.gson.GsonDecoder; import feign.gson.GsonDecoder;
@ -33,6 +34,14 @@ import org.wso2.carbon.device.mgt.input.adapter.http.util.AuthenticationInfo;
import org.wso2.carbon.device.mgt.input.adapter.http.util.PropertyUtils; import org.wso2.carbon.device.mgt.input.adapter.http.util.PropertyUtils;
import org.wso2.carbon.event.input.adapter.core.exception.InputEventAdapterException; import org.wso2.carbon.event.input.adapter.core.exception.InputEventAdapterException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -50,7 +59,7 @@ public class DeviceAuthorizer {
public DeviceAuthorizer(Map<String, String> globalProperties) { public DeviceAuthorizer(Map<String, String> globalProperties) {
try { try {
deviceAccessAuthorizationAdminService = Feign.builder() deviceAccessAuthorizationAdminService = Feign.builder().client(getSSLClient())
.requestInterceptor(new OAuthRequestInterceptor(globalProperties)) .requestInterceptor(new OAuthRequestInterceptor(globalProperties))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(DeviceAccessAuthorizationAdminService.class, getDeviceMgtServerUrl(globalProperties) .target(DeviceAccessAuthorizationAdminService.class, getDeviceMgtServerUrl(globalProperties)
@ -98,4 +107,37 @@ public class DeviceAuthorizer {
} }
return deviceMgtServerUrl; return deviceMgtServerUrl;
} }
private static Client getSSLClient() {
return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
private static SSLSocketFactory getTrustedSSLSocketFactory() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
return sc.getSocketFactory();
} catch (KeyManagementException | NoSuchAlgorithmException e) {
return null;
}
}
} }

@ -14,6 +14,7 @@
package org.wso2.carbon.device.mgt.input.adapter.http.authorization.client; package org.wso2.carbon.device.mgt.input.adapter.http.authorization.client;
import feign.Client;
import feign.Feign; import feign.Feign;
import feign.RequestInterceptor; import feign.RequestInterceptor;
import feign.RequestTemplate; import feign.RequestTemplate;
@ -31,6 +32,14 @@ import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.To
import org.wso2.carbon.device.mgt.input.adapter.http.util.PropertyUtils; import org.wso2.carbon.device.mgt.input.adapter.http.util.PropertyUtils;
import org.wso2.carbon.event.input.adapter.core.exception.InputEventAdapterException; import org.wso2.carbon.event.input.adapter.core.exception.InputEventAdapterException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Map; import java.util.Map;
/** /**
@ -76,7 +85,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
username = getUsername(globalProperties); username = getUsername(globalProperties);
password = getPassword(globalProperties); password = getPassword(globalProperties);
tokenEndpoint = getTokenEndpoint(globalProperties); tokenEndpoint = getTokenEndpoint(globalProperties);
apiApplicationRegistrationService = Feign.builder().requestInterceptor( apiApplicationRegistrationService = Feign.builder().client(getSSLClient()).requestInterceptor(
new BasicAuthRequestInterceptor(username, password)) new BasicAuthRequestInterceptor(username, password))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(ApiApplicationRegistrationService.class, .target(ApiApplicationRegistrationService.class,
@ -99,7 +108,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile);
String consumerKey = apiApplicationKey.getConsumerKey(); String consumerKey = apiApplicationKey.getConsumerKey();
String consumerSecret = apiApplicationKey.getConsumerSecret(); String consumerSecret = apiApplicationKey.getConsumerSecret();
tokenIssuerService = Feign.builder().requestInterceptor( tokenIssuerService = Feign.builder().client(getSSLClient()).requestInterceptor(
new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) new BasicAuthRequestInterceptor(consumerKey, consumerSecret))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(TokenIssuerService.class, tokenEndpoint); .target(TokenIssuerService.class, tokenEndpoint);
@ -158,4 +167,37 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
return refreshTimeOffset; return refreshTimeOffset;
} }
private static Client getSSLClient() {
return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
private static SSLSocketFactory getTrustedSSLSocketFactory() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
return sc.getSocketFactory();
} catch (KeyManagementException | NoSuchAlgorithmException e) {
return null;
}
}
} }

@ -169,7 +169,8 @@
feign.auth, feign.auth,
feign.codec, feign.codec,
feign.gson, feign.gson,
javax.cache javax.cache,
javax.net.ssl
</Import-Package> </Import-Package>
<DynamicImport-Package>*</DynamicImport-Package> <DynamicImport-Package>*</DynamicImport-Package>
<Embed-Dependency> <Embed-Dependency>

@ -17,6 +17,7 @@
*/ */
package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization; package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization;
import feign.Client;
import feign.Feign; import feign.Feign;
import feign.FeignException; import feign.FeignException;
import feign.gson.GsonDecoder; import feign.gson.GsonDecoder;
@ -35,7 +36,15 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils;
import org.wso2.carbon.device.mgt.output.adapter.websocket.util.WebSocketSessionRequest; import org.wso2.carbon.device.mgt.output.adapter.websocket.util.WebSocketSessionRequest;
import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException; import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.websocket.Session; import javax.websocket.Session;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -67,7 +76,7 @@ public class DeviceAuthorizer implements Authorizer {
} }
} }
try { try {
deviceAccessAuthorizationAdminService = Feign.builder() deviceAccessAuthorizationAdminService = Feign.builder().client(getSSLClient())
.requestInterceptor(new OAuthRequestInterceptor(globalProperties)) .requestInterceptor(new OAuthRequestInterceptor(globalProperties))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(DeviceAccessAuthorizationAdminService.class, getDeviceMgtServerUrl(globalProperties) .target(DeviceAccessAuthorizationAdminService.class, getDeviceMgtServerUrl(globalProperties)
@ -130,4 +139,37 @@ public class DeviceAuthorizer implements Authorizer {
} }
return null; return null;
} }
private static Client getSSLClient() {
return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
private static SSLSocketFactory getTrustedSSLSocketFactory() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
return sc.getSocketFactory();
} catch (KeyManagementException | NoSuchAlgorithmException e) {
return null;
}
}
} }

@ -14,6 +14,7 @@
package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client; package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client;
import feign.Client;
import feign.Feign; import feign.Feign;
import feign.RequestInterceptor; import feign.RequestInterceptor;
import feign.RequestTemplate; import feign.RequestTemplate;
@ -31,6 +32,14 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.
import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils; import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils;
import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException; import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Map; import java.util.Map;
/** /**
@ -77,7 +86,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
username = getUsername(globalProperties); username = getUsername(globalProperties);
password = getPassword(globalProperties); password = getPassword(globalProperties);
tokenEndpoint = getTokenEndpoint(globalProperties); tokenEndpoint = getTokenEndpoint(globalProperties);
apiApplicationRegistrationService = Feign.builder().requestInterceptor( apiApplicationRegistrationService = Feign.builder().client(getSSLClient()).requestInterceptor(
new BasicAuthRequestInterceptor(username, password)) new BasicAuthRequestInterceptor(username, password))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(ApiApplicationRegistrationService.class, .target(ApiApplicationRegistrationService.class,
@ -100,7 +109,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile);
String consumerKey = apiApplicationKey.getConsumerKey(); String consumerKey = apiApplicationKey.getConsumerKey();
String consumerSecret = apiApplicationKey.getConsumerSecret(); String consumerSecret = apiApplicationKey.getConsumerSecret();
tokenIssuerService = Feign.builder().requestInterceptor( tokenIssuerService = Feign.builder().client(getSSLClient()).requestInterceptor(
new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) new BasicAuthRequestInterceptor(consumerKey, consumerSecret))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(TokenIssuerService.class, tokenEndpoint); .target(TokenIssuerService.class, tokenEndpoint);
@ -159,4 +168,37 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
return refreshTimeOffset; return refreshTimeOffset;
} }
private static Client getSSLClient() {
return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
private static SSLSocketFactory getTrustedSSLSocketFactory() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
return sc.getSocketFactory();
} catch (KeyManagementException | NoSuchAlgorithmException e) {
return null;
}
}
} }

@ -123,7 +123,8 @@
javax.xml.namespace, javax.xml.namespace,
javax.xml.stream, javax.xml.stream,
org.wso2.carbon.base, org.wso2.carbon.base,
org.wso2.carbon.utils org.wso2.carbon.utils,
javax.net.ssl
</Import-Package> </Import-Package>
<Embed-Dependency> <Embed-Dependency>
jsr311-api, jsr311-api,

@ -18,6 +18,7 @@
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization; package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization;
import feign.Client;
import feign.Feign; import feign.Feign;
import feign.FeignException; import feign.FeignException;
import feign.gson.GsonDecoder; import feign.gson.GsonDecoder;
@ -45,6 +46,14 @@ import javax.cache.Cache;
import javax.cache.CacheConfiguration; import javax.cache.CacheConfiguration;
import javax.cache.CacheManager; import javax.cache.CacheManager;
import javax.cache.Caching; import javax.cache.Caching;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
@ -68,7 +77,7 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
public DeviceAccessBasedMQTTAuthorizer() { public DeviceAccessBasedMQTTAuthorizer() {
this.MQTTAuthorizationConfiguration = AuthorizationConfigurationManager.getInstance(); this.MQTTAuthorizationConfiguration = AuthorizationConfigurationManager.getInstance();
deviceAccessAuthorizationAdminService = Feign.builder() deviceAccessAuthorizationAdminService = Feign.builder().client(getSSLClient())
.requestInterceptor(new OAuthRequestInterceptor()) .requestInterceptor(new OAuthRequestInterceptor())
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(DeviceAccessAuthorizationAdminService.class, .target(DeviceAccessAuthorizationAdminService.class,
@ -224,4 +233,37 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
} }
} }
private static Client getSSLClient() {
return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
private static SSLSocketFactory getTrustedSSLSocketFactory() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
return sc.getSocketFactory();
} catch (KeyManagementException | NoSuchAlgorithmException e) {
return null;
}
}
} }

@ -14,6 +14,7 @@
package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client; package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client;
import feign.Client;
import feign.Feign; import feign.Feign;
import feign.RequestInterceptor; import feign.RequestInterceptor;
import feign.RequestTemplate; import feign.RequestTemplate;
@ -30,6 +31,15 @@ import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.TokenIssuerService; import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.TokenIssuerService;
import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager; import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
/** /**
* This is a request interceptor to add oauth token header. * This is a request interceptor to add oauth token header.
*/ */
@ -53,7 +63,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
refreshTimeOffset = AuthorizationConfigurationManager.getInstance().getTokenRefreshTimeOffset() * 1000; refreshTimeOffset = AuthorizationConfigurationManager.getInstance().getTokenRefreshTimeOffset() * 1000;
String username = AuthorizationConfigurationManager.getInstance().getUsername(); String username = AuthorizationConfigurationManager.getInstance().getUsername();
String password = AuthorizationConfigurationManager.getInstance().getPassword(); String password = AuthorizationConfigurationManager.getInstance().getPassword();
apiApplicationRegistrationService = Feign.builder().requestInterceptor( apiApplicationRegistrationService = Feign.builder().client(getSSLClient()).requestInterceptor(
new BasicAuthRequestInterceptor(username, password)) new BasicAuthRequestInterceptor(username, password))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(ApiApplicationRegistrationService.class, .target(ApiApplicationRegistrationService.class,
@ -75,7 +85,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
String consumerSecret = apiApplicationKey.getConsumerSecret(); String consumerSecret = apiApplicationKey.getConsumerSecret();
String username = AuthorizationConfigurationManager.getInstance().getUsername(); String username = AuthorizationConfigurationManager.getInstance().getUsername();
String password = AuthorizationConfigurationManager.getInstance().getPassword(); String password = AuthorizationConfigurationManager.getInstance().getPassword();
tokenIssuerService = Feign.builder().requestInterceptor( tokenIssuerService = Feign.builder().client(getSSLClient()).requestInterceptor(
new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) new BasicAuthRequestInterceptor(consumerKey, consumerSecret))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(TokenIssuerService.class, .target(TokenIssuerService.class,
@ -93,4 +103,37 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
template.header("Authorization", headerValue); template.header("Authorization", headerValue);
} }
private static Client getSSLClient() {
return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
private static SSLSocketFactory getTrustedSSLSocketFactory() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
return sc.getSocketFactory();
} catch (KeyManagementException | NoSuchAlgorithmException e) {
return null;
}
}
} }

Loading…
Cancel
Save