From 384ab40f5bfcad9ee0075db9f888aaf9b27d5407 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 27 Feb 2017 16:44:26 +0530 Subject: [PATCH] added ssl context --- .../pom.xml | 3 +- .../ApplicationOperationsImpl.java | 46 +++++++++++++++++- .../client/OAuthRequestInterceptor.java | 47 ++++++++++++++++++- .../pom.xml | 3 +- .../http/authorization/DeviceAuthorizer.java | 44 ++++++++++++++++- .../client/OAuthRequestInterceptor.java | 46 +++++++++++++++++- .../pom.xml | 3 +- .../authorization/DeviceAuthorizer.java | 44 ++++++++++++++++- .../client/OAuthRequestInterceptor.java | 46 +++++++++++++++++- .../pom.xml | 3 +- .../DeviceAccessBasedMQTTAuthorizer.java | 44 ++++++++++++++++- .../client/OAuthRequestInterceptor.java | 47 ++++++++++++++++++- 12 files changed, 359 insertions(+), 17 deletions(-) diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/pom.xml b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/pom.xml index f36fdd337..de5ac8ae8 100644 --- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/pom.xml +++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/pom.xml @@ -67,7 +67,8 @@ feign.gson, org.json.simple.*, org.wso2.carbon.appmgt.mobile.beans, - org.wso2.carbon.context + org.wso2.carbon.context, + javax.net.ssl !org.wso2.carbon.appmgt.mdm.restconnector.internal, diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/ApplicationOperationsImpl.java b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/ApplicationOperationsImpl.java index 949407f02..4d829a738 100644 --- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/ApplicationOperationsImpl.java +++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/ApplicationOperationsImpl.java @@ -17,6 +17,7 @@ */ package org.wso2.carbon.appmgt.mdm.restconnector; +import feign.Client; import feign.Feign; import feign.gson.GsonDecoder; import feign.gson.GsonEncoder; @@ -44,6 +45,14 @@ import org.wso2.carbon.appmgt.mobile.utils.MobileApplicationException; import org.wso2.carbon.appmgt.mobile.utils.MobileConfigurations; import org.wso2.carbon.context.PrivilegedCarbonContext; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -62,12 +71,12 @@ public class ApplicationOperationsImpl implements ApplicationOperations { public ApplicationOperationsImpl() { String authorizationConfigManagerServerURL = AuthorizationConfigurationManager.getInstance().getServerURL(); OAuthRequestInterceptor oAuthRequestInterceptor = new OAuthRequestInterceptor(); - deviceManagementAdminService = Feign.builder() + deviceManagementAdminService = Feign.builder().client(getSSLClient()) .requestInterceptor(oAuthRequestInterceptor) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(DeviceManagementAdminService.class, authorizationConfigManagerServerURL + CDMF_SERVER_BASE_CONTEXT); - applicationManagementAdminService = Feign.builder() + applicationManagementAdminService = Feign.builder().client(getSSLClient()) .requestInterceptor(oAuthRequestInterceptor) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(ApplicationManagementAdminService.class, @@ -271,4 +280,37 @@ public class ApplicationOperationsImpl implements ApplicationOperations { log.error(errorMessage); } } + + private static Client getSSLClient() { + return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + } + + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + public void checkServerTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + return sc.getSocketFactory(); + } catch (KeyManagementException | NoSuchAlgorithmException e) { + return null; + } + + } } \ No newline at end of file diff --git a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java index 48bf79df8..91ed76bce 100755 --- a/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java @@ -17,6 +17,7 @@ */ package org.wso2.carbon.appmgt.mdm.restconnector.authorization.client; +import feign.Client; import feign.Feign; import feign.RequestInterceptor; import feign.RequestTemplate; @@ -33,6 +34,15 @@ import org.wso2.carbon.appmgt.mdm.restconnector.authorization.client.dto.TokenIs import org.wso2.carbon.appmgt.mdm.restconnector.config.AuthorizationConfigurationManager; import org.wso2.carbon.appmgt.mdm.restconnector.internal.AuthorizationDataHolder; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; + /** * This is a request interceptor to add oauth token header. */ @@ -54,7 +64,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { refreshTimeOffset = AuthorizationConfigurationManager.getInstance().getTokenRefreshTimeOffset(); String username = AuthorizationConfigurationManager.getInstance().getUserName(); String password = AuthorizationConfigurationManager.getInstance().getPassword(); - apiApplicationRegistrationService = Feign.builder().requestInterceptor( + apiApplicationRegistrationService = Feign.builder().client(getSSLClient()).requestInterceptor( new BasicAuthRequestInterceptor(username, password)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(ApiApplicationRegistrationService.class, @@ -82,7 +92,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { String consumerSecret = apiApplicationKey.getConsumerSecret(); String username = AuthorizationConfigurationManager.getInstance().getUserName(); String password = AuthorizationConfigurationManager.getInstance().getPassword(); - tokenIssuerService = Feign.builder().requestInterceptor( + tokenIssuerService = Feign.builder().client(getSSLClient()).requestInterceptor( new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(TokenIssuerService.class, AuthorizationConfigurationManager.getInstance().getTokenApiURL()); @@ -98,4 +108,37 @@ public class OAuthRequestInterceptor implements RequestInterceptor { String headerValue = Constants.RestConstants.BEARER + tokenInfo.getAccess_token(); template.header(Constants.RestConstants.AUTHORIZATION, headerValue); } + + private static Client getSSLClient() { + return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + } + + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + public void checkServerTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + return sc.getSocketFactory(); + } catch (KeyManagementException | NoSuchAlgorithmException e) { + return null; + } + + } } diff --git a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/pom.xml b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/pom.xml index 52ecb5acd..6c9e9bf1e 100644 --- a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/pom.xml +++ b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/pom.xml @@ -160,7 +160,8 @@ org.wso2.carbon.core.util, org.wso2.carbon.identity.oauth2.*, org.wso2.carbon.utils, - org.wso2.carbon.utils.multitenancy + org.wso2.carbon.utils.multitenancy, + javax.net.ssl jsr311-api, diff --git a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/DeviceAuthorizer.java b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/DeviceAuthorizer.java index 2eab72cfb..e317199d1 100644 --- a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/DeviceAuthorizer.java +++ b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/DeviceAuthorizer.java @@ -17,6 +17,7 @@ */ package org.wso2.carbon.device.mgt.input.adapter.http.authorization; +import feign.Client; import feign.Feign; import feign.FeignException; import feign.gson.GsonDecoder; @@ -33,6 +34,14 @@ import org.wso2.carbon.device.mgt.input.adapter.http.util.AuthenticationInfo; import org.wso2.carbon.device.mgt.input.adapter.http.util.PropertyUtils; import org.wso2.carbon.event.input.adapter.core.exception.InputEventAdapterException; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -50,7 +59,7 @@ public class DeviceAuthorizer { public DeviceAuthorizer(Map globalProperties) { try { - deviceAccessAuthorizationAdminService = Feign.builder() + deviceAccessAuthorizationAdminService = Feign.builder().client(getSSLClient()) .requestInterceptor(new OAuthRequestInterceptor(globalProperties)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(DeviceAccessAuthorizationAdminService.class, getDeviceMgtServerUrl(globalProperties) @@ -98,4 +107,37 @@ public class DeviceAuthorizer { } return deviceMgtServerUrl; } + + private static Client getSSLClient() { + return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + } + + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + public void checkServerTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + return sc.getSocketFactory(); + } catch (KeyManagementException | NoSuchAlgorithmException e) { + return null; + } + + } } \ No newline at end of file diff --git a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java index 9b2ea93ae..bc8cfd709 100755 --- a/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java @@ -14,6 +14,7 @@ package org.wso2.carbon.device.mgt.input.adapter.http.authorization.client; +import feign.Client; import feign.Feign; import feign.RequestInterceptor; import feign.RequestTemplate; @@ -31,6 +32,14 @@ import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.To import org.wso2.carbon.device.mgt.input.adapter.http.util.PropertyUtils; import org.wso2.carbon.event.input.adapter.core.exception.InputEventAdapterException; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; import java.util.Map; /** @@ -76,7 +85,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { username = getUsername(globalProperties); password = getPassword(globalProperties); tokenEndpoint = getTokenEndpoint(globalProperties); - apiApplicationRegistrationService = Feign.builder().requestInterceptor( + apiApplicationRegistrationService = Feign.builder().client(getSSLClient()).requestInterceptor( new BasicAuthRequestInterceptor(username, password)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(ApiApplicationRegistrationService.class, @@ -99,7 +108,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); String consumerKey = apiApplicationKey.getConsumerKey(); String consumerSecret = apiApplicationKey.getConsumerSecret(); - tokenIssuerService = Feign.builder().requestInterceptor( + tokenIssuerService = Feign.builder().client(getSSLClient()).requestInterceptor( new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(TokenIssuerService.class, tokenEndpoint); @@ -158,4 +167,37 @@ public class OAuthRequestInterceptor implements RequestInterceptor { return refreshTimeOffset; } + private static Client getSSLClient() { + return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + } + + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + public void checkServerTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + return sc.getSocketFactory(); + } catch (KeyManagementException | NoSuchAlgorithmException e) { + return null; + } + + } + } diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/pom.xml b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/pom.xml index b86ab8f08..65d815270 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/pom.xml +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/pom.xml @@ -169,7 +169,8 @@ feign.auth, feign.codec, feign.gson, - javax.cache + javax.cache, + javax.net.ssl * diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java index 0edea4d1e..489c16956 100644 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java @@ -17,6 +17,7 @@ */ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization; +import feign.Client; import feign.Feign; import feign.FeignException; import feign.gson.GsonDecoder; @@ -35,7 +36,15 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils; import org.wso2.carbon.device.mgt.output.adapter.websocket.util.WebSocketSessionRequest; import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; import javax.websocket.Session; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -67,7 +76,7 @@ public class DeviceAuthorizer implements Authorizer { } } try { - deviceAccessAuthorizationAdminService = Feign.builder() + deviceAccessAuthorizationAdminService = Feign.builder().client(getSSLClient()) .requestInterceptor(new OAuthRequestInterceptor(globalProperties)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(DeviceAccessAuthorizationAdminService.class, getDeviceMgtServerUrl(globalProperties) @@ -130,4 +139,37 @@ public class DeviceAuthorizer implements Authorizer { } return null; } + + private static Client getSSLClient() { + return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + } + + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + public void checkServerTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + return sc.getSocketFactory(); + } catch (KeyManagementException | NoSuchAlgorithmException e) { + return null; + } + + } } \ No newline at end of file diff --git a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java index 7688040d9..21ba423c2 100755 --- a/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java @@ -14,6 +14,7 @@ package org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client; +import feign.Client; import feign.Feign; import feign.RequestInterceptor; import feign.RequestTemplate; @@ -31,6 +32,14 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client. import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils; import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; import java.util.Map; /** @@ -77,7 +86,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { username = getUsername(globalProperties); password = getPassword(globalProperties); tokenEndpoint = getTokenEndpoint(globalProperties); - apiApplicationRegistrationService = Feign.builder().requestInterceptor( + apiApplicationRegistrationService = Feign.builder().client(getSSLClient()).requestInterceptor( new BasicAuthRequestInterceptor(username, password)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(ApiApplicationRegistrationService.class, @@ -100,7 +109,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { ApiApplicationKey apiApplicationKey = apiApplicationRegistrationService.register(apiRegistrationProfile); String consumerKey = apiApplicationKey.getConsumerKey(); String consumerSecret = apiApplicationKey.getConsumerSecret(); - tokenIssuerService = Feign.builder().requestInterceptor( + tokenIssuerService = Feign.builder().client(getSSLClient()).requestInterceptor( new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(TokenIssuerService.class, tokenEndpoint); @@ -159,4 +168,37 @@ public class OAuthRequestInterceptor implements RequestInterceptor { return refreshTimeOffset; } + private static Client getSSLClient() { + return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + } + + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + public void checkServerTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + return sc.getSocketFactory(); + } catch (KeyManagementException | NoSuchAlgorithmException e) { + return null; + } + + } + } diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml index 7885a389a..cff7f75a6 100644 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/pom.xml @@ -123,7 +123,8 @@ javax.xml.namespace, javax.xml.stream, org.wso2.carbon.base, - org.wso2.carbon.utils + org.wso2.carbon.utils, + javax.net.ssl jsr311-api, diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java index 0b9806962..b1d075ac5 100644 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java @@ -18,6 +18,7 @@ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization; +import feign.Client; import feign.Feign; import feign.FeignException; import feign.gson.GsonDecoder; @@ -45,6 +46,14 @@ import javax.cache.Cache; import javax.cache.CacheConfiguration; import javax.cache.CacheManager; import javax.cache.Caching; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.List; import java.util.concurrent.TimeUnit; @@ -68,7 +77,7 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer { public DeviceAccessBasedMQTTAuthorizer() { this.MQTTAuthorizationConfiguration = AuthorizationConfigurationManager.getInstance(); - deviceAccessAuthorizationAdminService = Feign.builder() + deviceAccessAuthorizationAdminService = Feign.builder().client(getSSLClient()) .requestInterceptor(new OAuthRequestInterceptor()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(DeviceAccessAuthorizationAdminService.class, @@ -224,4 +233,37 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer { } } + private static Client getSSLClient() { + return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + } + + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + public void checkServerTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + return sc.getSocketFactory(); + } catch (KeyManagementException | NoSuchAlgorithmException e) { + return null; + } + + } + } \ No newline at end of file diff --git a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java index 630fda079..1f1af5a21 100755 --- a/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java +++ b/components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java @@ -14,6 +14,7 @@ package org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client; +import feign.Client; import feign.Feign; import feign.RequestInterceptor; import feign.RequestTemplate; @@ -30,6 +31,15 @@ import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.TokenIssuerService; import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; + /** * This is a request interceptor to add oauth token header. */ @@ -53,7 +63,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { refreshTimeOffset = AuthorizationConfigurationManager.getInstance().getTokenRefreshTimeOffset() * 1000; String username = AuthorizationConfigurationManager.getInstance().getUsername(); String password = AuthorizationConfigurationManager.getInstance().getPassword(); - apiApplicationRegistrationService = Feign.builder().requestInterceptor( + apiApplicationRegistrationService = Feign.builder().client(getSSLClient()).requestInterceptor( new BasicAuthRequestInterceptor(username, password)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(ApiApplicationRegistrationService.class, @@ -75,7 +85,7 @@ public class OAuthRequestInterceptor implements RequestInterceptor { String consumerSecret = apiApplicationKey.getConsumerSecret(); String username = AuthorizationConfigurationManager.getInstance().getUsername(); String password = AuthorizationConfigurationManager.getInstance().getPassword(); - tokenIssuerService = Feign.builder().requestInterceptor( + tokenIssuerService = Feign.builder().client(getSSLClient()).requestInterceptor( new BasicAuthRequestInterceptor(consumerKey, consumerSecret)) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .target(TokenIssuerService.class, @@ -93,4 +103,37 @@ public class OAuthRequestInterceptor implements RequestInterceptor { template.header("Authorization", headerValue); } + private static Client getSSLClient() { + return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }); + } + + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + public void checkServerTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + return sc.getSocketFactory(); + } catch (KeyManagementException | NoSuchAlgorithmException e) { + return null; + } + + } + }