Added necessary changes to store CA_CERT and handle expired refresh-token scenario

revert-dabc3590
Shabirmean 9 years ago
parent f0206d7ed4
commit 38c087ebc1

@ -123,5 +123,5 @@ public class AgentConstants {
public static final String DEVICE_KEYSTORE_PASSWORD = "wso2@virtual_firealarm"; public static final String DEVICE_KEYSTORE_PASSWORD = "wso2@virtual_firealarm";
public static final String DEVICE_PRIVATE_KEY_ALIAS = "virtual_firealarm_key"; public static final String DEVICE_PRIVATE_KEY_ALIAS = "virtual_firealarm_key";
public static final String DEVICE_CERT_ALIAS = "virtual_firealarm_cert"; public static final String DEVICE_CERT_ALIAS = "virtual_firealarm_cert";
public static final String SERVER_PUBLIC_KEY_ALIAS = "iotServer_key"; public static final String SERVER_CA_CERT_ALIAS = "ca_iotServer";
} }

@ -358,8 +358,12 @@ public class AgentUtilOperations {
log.info(AgentConstants.LOG_APPENDER + log.info(AgentConstants.LOG_APPENDER +
"Response " + responseMessage + " was received for the token refresh call."); "Response " + responseMessage + " was received for the token refresh call.");
updateExistingTokens(responseMessage.toString()); updateExistingTokens(responseMessage.toString());
} else if (httpConnection.getResponseCode() == HttpStatus.BAD_REQUEST_400) {
log.error(AgentConstants.LOG_APPENDER +
"Token refresh call returned with a [400 Bad Request].\nThe refresh-token has " +
"probably expired.\nPlease contact System-Admin to get a valid refresh-token.");
} else { } else {
log.info(AgentConstants.LOG_APPENDER + "There was an issue with refreshing the Access Token."); log.warn(AgentConstants.LOG_APPENDER + "There was an issue with refreshing the Access Token.");
} }
} catch (TransportHandlerException e) { } catch (TransportHandlerException e) {

@ -136,7 +136,8 @@ public class EnrollmentManager {
AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray()); AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray());
this.isEnrolled = (keyStore.containsAlias(AgentConstants.DEVICE_CERT_ALIAS) && this.isEnrolled = (keyStore.containsAlias(AgentConstants.DEVICE_CERT_ALIAS) &&
keyStore.containsAlias(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS)); keyStore.containsAlias(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS) &&
keyStore.containsAlias(AgentConstants.SERVER_CA_CERT_ALIAS));
} catch (KeyStoreException e) { } catch (KeyStoreException e) {
log.error(AgentConstants.LOG_APPENDER + "An error occurred whilst accessing the device KeyStore '" + log.error(AgentConstants.LOG_APPENDER + "An error occurred whilst accessing the device KeyStore '" +
@ -165,10 +166,14 @@ public class EnrollmentManager {
this.SCEPCertificate = (X509Certificate) keyStore.getCertificate(AgentConstants.DEVICE_CERT_ALIAS); this.SCEPCertificate = (X509Certificate) keyStore.getCertificate(AgentConstants.DEVICE_CERT_ALIAS);
this.privateKey = (PrivateKey) keyStore.getKey(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS, this.privateKey = (PrivateKey) keyStore.getKey(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS,
AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray()); AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray());
this.serverPublicKey = (PublicKey) keyStore.getKey(AgentConstants.SERVER_PUBLIC_KEY_ALIAS,
AgentConstants.DEVICE_KEYSTORE_PASSWORD
.toCharArray());
this.publicKey = SCEPCertificate.getPublicKey(); this.publicKey = SCEPCertificate.getPublicKey();
X509Certificate serverCACert = (X509Certificate) keyStore.getCertificate(
AgentConstants.SERVER_CA_CERT_ALIAS);
this.serverPublicKey = serverCACert.getPublicKey();
log.info(AgentConstants.LOG_APPENDER +
"Device has already been enrolled. Hence, loaded certificate information from device" +
" trust-store.");
} }
} catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) { } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
log.error(AgentConstants.LOG_APPENDER + "An error occurred whilst accessing the device KeyStore '" + log.error(AgentConstants.LOG_APPENDER + "An error occurred whilst accessing the device KeyStore '" +
@ -243,7 +248,6 @@ public class EnrollmentManager {
storeCertificateToStore(AgentConstants.DEVICE_CERT_ALIAS, SCEPCertificate); storeCertificateToStore(AgentConstants.DEVICE_CERT_ALIAS, SCEPCertificate);
storeKeyToKeyStore(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS, this.privateKey, SCEPCertificate); storeKeyToKeyStore(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS, this.privateKey, SCEPCertificate);
storeKeyToKeyStore(AgentConstants.SERVER_PUBLIC_KEY_ALIAS, this.serverPublicKey, SCEPCertificate);
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.info(AgentConstants.LOG_APPENDER + log.info(AgentConstants.LOG_APPENDER +
@ -495,6 +499,7 @@ public class EnrollmentManager {
// This is because the returned keystore may contain many certificates including RAs. // This is because the returned keystore may contain many certificates including RAs.
if (((Boolean) ((X509CertImpl) cert).getBasicConstraintsExtension().get(CERT_IS_CA_EXTENSION))) { if (((Boolean) ((X509CertImpl) cert).getBasicConstraintsExtension().get(CERT_IS_CA_EXTENSION))) {
serverCertPublicKey = cert.getPublicKey(); serverCertPublicKey = cert.getPublicKey();
storeCertificateToStore(AgentConstants.SERVER_CA_CERT_ALIAS, cert);
} }
} }
} }

@ -6,6 +6,7 @@ import org.wso2.carbon.device.mgt.iot.input.adapter.extension.ContentTransformer
import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants;
import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.exception.VirtualFirealarmDeviceMgtPluginException; import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.exception.VirtualFirealarmDeviceMgtPluginException;
import java.math.BigInteger;
import java.security.PublicKey; import java.security.PublicKey;
import java.util.Map; import java.util.Map;
@ -22,10 +23,10 @@ public class VirtualFirealarmMqttContentTransformer implements ContentTransforme
PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
ctx.setTenantDomain(tenantDomain, true); ctx.setTenantDomain(tenantDomain, true);
Long serialNo = (Long) jsonPayload.get(VirtualFireAlarmConstants.JSON_SERIAL_KEY); Integer serialNo = (Integer) jsonPayload.get(VirtualFireAlarmConstants.JSON_SERIAL_KEY);
// the hash-code of the deviceId is used as the alias for device certificates during SCEP enrollment. // the hash-code of the deviceId is used as the alias for device certificates during SCEP enrollment.
// hence, the same is used here to fetch the device-specific-certificate from the key store. // hence, the same is used here to fetch the device-specific-certificate from the key store.
PublicKey clientPublicKey = VirtualFireAlarmUtils.getDevicePublicKey("" + serialNo.hashCode()); PublicKey clientPublicKey = VirtualFireAlarmUtils.getDevicePublicKey("" + serialNo);
// the MQTT-messages from VirtualFireAlarm devices are in the form {"Msg":<MESSAGE>, "Sig":<SIGNATURE>} // the MQTT-messages from VirtualFireAlarm devices are in the form {"Msg":<MESSAGE>, "Sig":<SIGNATURE>}
String actualMessage = VirtualFireAlarmUtils.extractMessageFromPayload((String) message, clientPublicKey); String actualMessage = VirtualFireAlarmUtils.extractMessageFromPayload((String) message, clientPublicKey);

Loading…
Cancel
Save