Refacotered IOT plugins to use own keystore.

8 years ago · b207554bba
parent ca4cb37d58
commit b207554bba
10 changed files with 211 additions and 18 deletions
--- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/CertificateKeystoreConfig.java
+++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/CertificateKeystoreConfig.java
@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * you may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.device.mgt.iot.devicetype.config;
+
+
+import org.wso2.carbon.device.mgt.iot.devicetype.util.DeviceTypeConfigUtil;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * Class for holding CertificateKeystore data.
+ */
+@XmlRootElement(name = "CertificateKeystore")
+public class CertificateKeystoreConfig {
+
+    private String certificateKeystoreLocation;
+    private String certificateKeystoreType;
+    private String certificateKeystorePassword;
+    private String caCertAlias;
+    private String caPrivateKeyPassword;
+    private String raCertAlias;
+    private String raPrivateKeyPassword;
+
+    @XmlElement(name = "CertificateKeystoreLocation", required = true)
+    public String getCertificateKeystoreLocation() {
+        return certificateKeystoreLocation;
+    }
+
+    public void setCertificateKeystoreLocation(String certificateKeystoreLocation) {
+        if (certificateKeystoreLocation != null && certificateKeystoreLocation.toLowerCase().
+                contains(DeviceTypeConfigUtil.CARBON_HOME_ENTRY)) {
+            certificateKeystoreLocation = certificateKeystoreLocation.replace(DeviceTypeConfigUtil.CARBON_HOME_ENTRY,
+                                                                                   System.getProperty(DeviceTypeConfigUtil.CARBON_HOME));
+        }
+        this.certificateKeystoreLocation = certificateKeystoreLocation;
+    }
+
+    @XmlElement(name = "CertificateKeystoreType", required = true)
+    public String getCertificateKeystoreType() {
+        return certificateKeystoreType;
+    }
+
+    public void setCertificateKeystoreType(String certificateKeystoreType) {
+        this.certificateKeystoreType = certificateKeystoreType;
+    }
+
+    @XmlElement(name = "CertificateKeystorePassword", required = true)
+    public String getCertificateKeystorePassword() {
+        return certificateKeystorePassword;
+    }
+
+    public void setCertificateKeystorePassword(String certificateKeystorePassword) {
+        this.certificateKeystorePassword = certificateKeystorePassword;
+    }
+
+    @XmlElement(name = "CACertAlias", required = true)
+    public String getCACertAlias() {
+        return caCertAlias;
+    }
+
+    public void setCACertAlias(String caCertAlias) {
+        this.caCertAlias = caCertAlias;
+    }
+
+    @XmlElement(name = "CAPrivateKeyPassword", required = true)
+    public String getCAPrivateKeyPassword() {
+        return caPrivateKeyPassword;
+    }
+
+    public void setCAPrivateKeyPassword(String caPrivateKeyPassword) {
+        this.caPrivateKeyPassword = caPrivateKeyPassword;
+    }
+
+    @XmlElement(name = "RACertAlias", required = true)
+    public String getRACertAlias() {
+        return raCertAlias;
+    }
+
+    public void setRACertAlias(String raCertAlias) {
+        this.raCertAlias = raCertAlias;
+    }
+
+    @XmlElement(name = "RAPrivateKeyPassword", required = true)
+    public String getRAPrivateKeyPassword() {
+        return raPrivateKeyPassword;
+    }
+
+    public void setRAPrivateKeyPassword(String raPrivateKeyPassword) {
+        this.raPrivateKeyPassword = raPrivateKeyPassword;
+    }
+}
--- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/DeviceManagementConfiguration.java
+++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/config/DeviceManagementConfiguration.java
@ -30,6 +30,7 @@ public class DeviceManagementConfiguration {
    private DeviceManagementConfigRepository deviceManagementConfigRepository;
    private PushNotificationConfig pushNotificationConfig;
    private String deviceType;
+    private CertificateKeystoreConfig certificateKeystoreConfig;

    private static final Log log = LogFactory.getLog(DeviceManagementConfiguration.class);

@ -63,4 +64,13 @@ public class DeviceManagementConfiguration {
        this.pushNotificationConfig = pushNotificationConfig;
    }

+    @XmlElement(name = "CertificateKeystore", required = false)
+    public CertificateKeystoreConfig getCertificateKeystoreConfig() {
+        return certificateKeystoreConfig;
+    }
+
+    public void setCertificateKeystoreConfig(
+            CertificateKeystoreConfig certificateKeystoreConfig) {
+        this.certificateKeystoreConfig = certificateKeystoreConfig;
+    }
 }
--- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java
+++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java
@ -31,6 +31,9 @@ import java.io.File;

 public class DeviceTypeConfigUtil {

+    public static final String CARBON_HOME = "carbon.home";
+    public static final String CARBON_HOME_ENTRY = "${carbon.home}";
+
    public static Document convertToDocument(File file) throws DeviceTypeConfigurationException {
        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        factory.setNamespaceAware(true);
--- a/components/iot-plugins/pom.xml
+++ b/components/iot-plugins/pom.xml
@ -36,7 +36,7 @@
        <module>androidsense-plugin</module>
        <module>arduino-plugin</module>
        <module>raspberrypi-plugin</module>
-        <!--<module>virtual-fire-alarm-plugin</module>-->
+        <module>virtual-fire-alarm-plugin</module>
        <module>iot-base-plugin</module>
        <module>iot-analytics</module>
    </modules>
--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmSecurityManager.java
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/util/VirtualFirealarmSecurityManager.java
@ -22,8 +22,11 @@ import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
-import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil;
+import org.wso2.carbon.device.mgt.iot.devicetype.config.CertificateKeystoreConfig;
+import org.wso2.carbon.device.mgt.iot.devicetype.config.DeviceManagementConfiguration;
+import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.constants.VirtualFireAlarmConstants;
 import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.exception.VirtualFirealarmDeviceMgtPluginException;
+import org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin.internal.VirtualFirealarmManagementDataHolder;

 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@ -46,11 +49,11 @@ import java.security.SignatureException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;

-
 public class VirtualFirealarmSecurityManager {
    private static final Log log = LogFactory.getLog(VirtualFirealarmSecurityManager.class);

    private static PrivateKey serverPrivateKey;
+    private static CertificateKeystoreConfig certificateKeystoreConfig;
    private static final String SIGNATURE_ALG = "SHA1withRSA";
    private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";

@ -58,26 +61,34 @@ public class VirtualFirealarmSecurityManager {

    }

+    private static CertificateKeystoreConfig getCertKeyStoreConfig() {
+        if (certificateKeystoreConfig == null) {
+            DeviceManagementConfiguration deviceManagementConfiguration = VirtualFirealarmManagementDataHolder.getInstance().
+                    getDeviceTypeConfigService().getConfiguration(
+                    VirtualFireAlarmConstants.DEVICE_TYPE,
+                    VirtualFireAlarmConstants.DEVICE_TYPE_PROVIDER_DOMAIN);
+            certificateKeystoreConfig = deviceManagementConfiguration.getCertificateKeystoreConfig();
+        }
+        return certificateKeystoreConfig;
+    }
+
    public static void initVerificationManager() {
-        serverPrivateKey = retrievePrivateKey(ConfigurationUtil.CA_CERT_ALIAS,
-                                              ConfigurationUtil.KEYSTORE_CA_CERT_PRIV_PASSWORD);
+        serverPrivateKey = retrievePrivateKey();
    }

-    public static PrivateKey retrievePrivateKey(String alias, String password){
+    public static PrivateKey retrievePrivateKey() {
        PrivateKey privateKey = null;
        InputStream inputStream = null;
        KeyStore keyStore;
-
+        CertificateKeystoreConfig certificateKeystoreConfig = getCertKeyStoreConfig();
        try {
-            keyStore = KeyStore.getInstance(ConfigurationUtil.getConfigEntry(ConfigurationUtil.CERTIFICATE_KEYSTORE));
-            inputStream = new FileInputStream(ConfigurationUtil.getConfigEntry(
-                    ConfigurationUtil.PATH_CERTIFICATE_KEYSTORE));
+            keyStore = KeyStore.getInstance(certificateKeystoreConfig.getCertificateKeystoreType());
+            inputStream = new FileInputStream(certificateKeystoreConfig.getCertificateKeystoreLocation());

-            keyStore.load(inputStream, ConfigurationUtil.getConfigEntry(ConfigurationUtil.CERTIFICATE_KEYSTORE_PASSWORD)
-                    .toCharArray());
+            keyStore.load(inputStream, certificateKeystoreConfig.getCertificateKeystorePassword().toCharArray());

-            privateKey = (PrivateKey) (keyStore.getKey(ConfigurationUtil.getConfigEntry(alias),
-                                                       ConfigurationUtil.getConfigEntry(password).toCharArray()));
+            privateKey = (PrivateKey) (keyStore.getKey(certificateKeystoreConfig.getCACertAlias(),
+                                                       certificateKeystoreConfig.getCAPrivateKeyPassword().toCharArray()));

        } catch (KeyStoreException e) {
            String errorMsg = "Could not load KeyStore of given type in [certificate-config.xml] file." ;
@ -94,9 +105,6 @@ public class VirtualFirealarmSecurityManager {
        } catch (IOException e) {
            String errorMsg = "Input output issue occurred when loading KeyStore";
            log.error(errorMsg, e);
-        } catch (KeystoreException e) {
-            String errorMsg = "An error occurred whilst trying load Configs for KeyStoreReader";
-            log.error(errorMsg, e);
        } catch (UnrecoverableKeyException e) {
            String errorMsg = "Key is unrecoverable when retrieving CA private key";
            log.error(errorMsg, e);
--- a/features/iot-plugins-feature/androidsense-plugin-feature/org.wso2.carbon.device.mgt.iot.androidsense.feature/src/main/resources/conf/android-sense-config.xml
+++ b/features/iot-plugins-feature/androidsense-plugin-feature/org.wso2.carbon.device.mgt.iot.androidsense.feature/src/main/resources/conf/android-sense-config.xml
@ -43,4 +43,20 @@
            <Property Name="clearSession">true</Property>
        </Properties>
    </PushNotificationConfiguration>
+    <CertificateKeystore>
+        <!-- Certificate Keystore file location-->
+        <CertificateKeystoreLocation>${carbon.home}/repository/resources/security/wso2certs.jks</CertificateKeystoreLocation>
+        <!-- Certificate Keystore type (JKS/PKCS12 etc.)-->
+        <CertificateKeystoreType>JKS</CertificateKeystoreType>
+        <!-- Certificate Keystore password-->
+        <CertificateKeystorePassword>wso2carbon</CertificateKeystorePassword>
+        <!-- Certificate authority certificate alias -->
+        <CACertAlias>cacert</CACertAlias>
+        <!-- Certificate authority private key password -->
+        <CAPrivateKeyPassword>cacert</CAPrivateKeyPassword>
+        <!-- Registration authority certificate alias -->
+        <RACertAlias>racert</RACertAlias>
+        <!-- Registration authority private key password -->
+        <RAPrivateKeyPassword>racert</RAPrivateKeyPassword>
+    </CertificateKeystore>
 </DeviceManagementConfiguration>
--- a/features/iot-plugins-feature/arduino-plugin-feature/org.wso2.carbon.device.mgt.iot.arduino.feature/src/main/resources/conf/arduino-config.xml
+++ b/features/iot-plugins-feature/arduino-plugin-feature/org.wso2.carbon.device.mgt.iot.arduino.feature/src/main/resources/conf/arduino-config.xml
@ -30,4 +30,20 @@
            <SharedWithAllTenants>false</SharedWithAllTenants>
        </ProvisioningConfig>
    </ManagementRepository>
+    <CertificateKeystore>
+        <!-- Certificate Keystore file location-->
+        <CertificateKeystoreLocation>${carbon.home}/repository/resources/security/wso2certs.jks</CertificateKeystoreLocation>
+        <!-- Certificate Keystore type (JKS/PKCS12 etc.)-->
+        <CertificateKeystoreType>JKS</CertificateKeystoreType>
+        <!-- Certificate Keystore password-->
+        <CertificateKeystorePassword>wso2carbon</CertificateKeystorePassword>
+        <!-- Certificate authority certificate alias -->
+        <CACertAlias>cacert</CACertAlias>
+        <!-- Certificate authority private key password -->
+        <CAPrivateKeyPassword>cacert</CAPrivateKeyPassword>
+        <!-- Registration authority certificate alias -->
+        <RACertAlias>racert</RACertAlias>
+        <!-- Registration authority private key password -->
+        <RAPrivateKeyPassword>racert</RAPrivateKeyPassword>
+    </CertificateKeystore>
 </DeviceManagementConfiguration>
--- a/features/iot-plugins-feature/pom.xml
+++ b/features/iot-plugins-feature/pom.xml
@ -38,7 +38,7 @@
        <module>androidsense-plugin-feature</module>
        <module>arduino-plugin-feature</module>
        <module>raspberrypi-plugin-feature</module>
-        <!--<module>virtual-fire-alarm-plugin-feature</module>-->
+        <module>virtual-fire-alarm-plugin-feature</module>
        <module>iot-base-plugin-feature</module>
        <module>iot-devicetypes-feature</module>
    </modules>
--- a/features/iot-plugins-feature/raspberrypi-plugin-feature/org.wso2.carbon.device.mgt.iot.raspberrypi.feature/src/main/resources/conf/raspberrypi-config.xml
+++ b/features/iot-plugins-feature/raspberrypi-plugin-feature/org.wso2.carbon.device.mgt.iot.raspberrypi.feature/src/main/resources/conf/raspberrypi-config.xml
@ -43,4 +43,20 @@
            <Property Name="clearSession">true</Property>
        </Properties>
    </PushNotificationConfiguration>
+    <CertificateKeystore>
+        <!-- Certificate Keystore file location-->
+        <CertificateKeystoreLocation>${carbon.home}/repository/resources/security/wso2certs.jks</CertificateKeystoreLocation>
+        <!-- Certificate Keystore type (JKS/PKCS12 etc.)-->
+        <CertificateKeystoreType>JKS</CertificateKeystoreType>
+        <!-- Certificate Keystore password-->
+        <CertificateKeystorePassword>wso2carbon</CertificateKeystorePassword>
+        <!-- Certificate authority certificate alias -->
+        <CACertAlias>cacert</CACertAlias>
+        <!-- Certificate authority private key password -->
+        <CAPrivateKeyPassword>cacert</CAPrivateKeyPassword>
+        <!-- Registration authority certificate alias -->
+        <RACertAlias>racert</RACertAlias>
+        <!-- Registration authority private key password -->
+        <RAPrivateKeyPassword>racert</RAPrivateKeyPassword>
+    </CertificateKeystore>
 </DeviceManagementConfiguration>
--- a/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/conf/virtual-fire-alarm-config.xml
+++ b/features/iot-plugins-feature/virtual-fire-alarm-plugin-feature/org.wso2.carbon.device.mgt.iot.virtualfirealarm.feature/src/main/resources/conf/virtual-fire-alarm-config.xml
@ -54,4 +54,20 @@
            <Property Name="server.name">localhost</Property>
        </Properties-->
    </PushNotificationConfiguration>
+    <CertificateKeystore>
+        <!-- Certificate Keystore file location-->
+        <CertificateKeystoreLocation>${carbon.home}/repository/resources/security/wso2certs.jks</CertificateKeystoreLocation>
+        <!-- Certificate Keystore type (JKS/PKCS12 etc.)-->
+        <CertificateKeystoreType>JKS</CertificateKeystoreType>
+        <!-- Certificate Keystore password-->
+        <CertificateKeystorePassword>wso2carbon</CertificateKeystorePassword>
+        <!-- Certificate authority certificate alias -->
+        <CACertAlias>cacert</CACertAlias>
+        <!-- Certificate authority private key password -->
+        <CAPrivateKeyPassword>cacert</CAPrivateKeyPassword>
+        <!-- Registration authority certificate alias -->
+        <RACertAlias>racert</RACertAlias>
+        <!-- Registration authority private key password -->
+        <RAPrivateKeyPassword>racert</RAPrivateKeyPassword>
+    </CertificateKeystore>
 </DeviceManagementConfiguration>