Fix the SSL error when invoking internal API via HttpClient (#215)

Co-authored-by: Pahansith <pahansith@entgra.io>
Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/215

components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/pom.xml

@@ -112,6 +112,11 @@
     </build>
 
     <dependencies>
+
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.eclipse.osgi</groupId>
             <artifactId>org.eclipse.osgi</artifactId>

components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/impl/SubscriptionManagerImpl.java

@@ -26,18 +26,20 @@ import io.entgra.device.mgt.core.application.mgt.core.dao.VppApplicationDAO;
 import io.entgra.device.mgt.core.application.mgt.core.exception.BadRequestException;
 import io.entgra.device.mgt.core.device.mgt.core.DeviceManagementConstants;
 import io.entgra.device.mgt.core.application.mgt.core.exception.UnexpectedServerErrorException;
-import io.entgra.device.mgt.core.application.mgt.core.util.VppHttpUtil;
 import io.entgra.device.mgt.core.device.mgt.extensions.logger.spi.EntgraLogger;
 import io.entgra.device.mgt.core.notification.logger.AppInstallLogContext;
 import io.entgra.device.mgt.core.notification.logger.impl.EntgraAppInstallLoggerImpl;
 import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.HttpException;
-import org.apache.commons.httpclient.HttpMethodBase;
-import org.apache.commons.httpclient.methods.PostMethod;
-import org.apache.commons.httpclient.methods.StringRequestEntity;
 import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
 import org.json.JSONArray;
 import org.json.JSONObject;
 import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey;
@@ -106,6 +108,9 @@ import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -1297,38 +1302,37 @@ public class SubscriptionManagerImpl implements SubscriptionManager {
         }
     }
 
-    private int invokeIOTCoreAPI(HttpMethodBase request) throws UserStoreException, APIManagerException, IOException {
-        HttpClient httpClient;
+    private int invokeIOTCoreAPI(HttpPost request) throws UserStoreException, APIManagerException, IOException,
+            ApplicationManagementException {
+        CloseableHttpClient httpClient = getHttpClient();
         String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
         ApiApplicationKey apiApplicationKey = OAuthUtils.getClientCredentials(tenantDomain);
         String username =
                 PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration()
                         .getAdminUserName() + Constants.ApplicationInstall.AT + tenantDomain;
         AccessTokenInfo tokenInfo = OAuthUtils.getOAuthCredentials(apiApplicationKey, username);
-        request.addRequestHeader(Constants.ApplicationInstall.AUTHORIZATION,
+        request.addHeader(Constants.ApplicationInstall.AUTHORIZATION,
                 Constants.ApplicationInstall.AUTHORIZATION_HEADER_VALUE + tokenInfo.getAccessToken());
-        httpClient = new HttpClient();
-        httpClient.executeMethod(request);
-        return request.getStatusCode();
+        HttpResponse response = httpClient.execute(request);
+        return response.getStatusLine().getStatusCode();
     }
 
     public int installEnrollmentApplications(ApplicationPolicyDTO applicationPolicyDTO)
             throws ApplicationManagementException {
-
-        PostMethod request;
+        String requestUrl =null;
         try {
-            String requestUrl = Constants.ApplicationInstall.ENROLLMENT_APP_INSTALL_PROTOCOL + System
-                    .getProperty(Constants.ApplicationInstall.IOT_CORE_HOST) + Constants.ApplicationInstall.COLON
+            requestUrl = Constants.ApplicationInstall.ENROLLMENT_APP_INSTALL_PROTOCOL + System
+                    .getProperty(Constants.ApplicationInstall.IOT_GATEWAY_HOST) + Constants.ApplicationInstall.COLON
                     + System.getProperty(Constants.ApplicationInstall.IOT_CORE_PORT)
                     + Constants.ApplicationInstall.GOOGLE_APP_INSTALL_URL;
             Gson gson = new Gson();
             String payload = gson.toJson(applicationPolicyDTO);
+            HttpPost httpPost = new HttpPost(requestUrl);
 
-            StringRequestEntity requestEntity = new StringRequestEntity(payload, MediaType.APPLICATION_JSON,
-                    Constants.ApplicationInstall.ENCODING);
-            request = new PostMethod(requestUrl);
-            request.setRequestEntity(requestEntity);
-            return invokeIOTCoreAPI(request);
+            StringEntity stringEntity = new StringEntity(payload, Constants.ApplicationInstall.ENCODING);
+            httpPost.addHeader("Content-Type",MediaType.APPLICATION_JSON);
+            httpPost.setEntity(stringEntity);
+            return invokeIOTCoreAPI(httpPost);
         } catch (UserStoreException e) {
             String msg = "Error while accessing user store for user with Android device.";
             log.error(msg, e);
@@ -1337,18 +1341,38 @@ public class SubscriptionManagerImpl implements SubscriptionManager {
             String msg = "Error while retrieving access token for Android device";
             log.error(msg, e);
             throw new ApplicationManagementException(msg, e);
-        } catch (HttpException e) {
-            String msg = "Error while calling the app store to install enrollment app with id: " + applicationPolicyDTO
-                    .getApplicationDTO().getId() + " on device";
-            log.error(msg, e);
-            throw new ApplicationManagementException(msg, e);
         } catch (IOException e) {
             String msg =
                     "Error while installing the enrollment with id: " + applicationPolicyDTO.getApplicationDTO().getId()
-                            + " on device";
+                            + " on device: request URL: " + requestUrl;
+            log.error(msg + "request url: " + requestUrl, e);
+            throw new ApplicationManagementException(msg, e);
+        }
+    }
+
+    private CloseableHttpClient getHttpClient() throws ApplicationManagementException {
+        try {
+            SSLContextBuilder builder = new SSLContextBuilder();
+            builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
+            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build());
+            return HttpClients.custom().setSSLSocketFactory(sslsf).useSystemProperties().build();
+        }  catch (NoSuchAlgorithmException e) {
+            String msg = "Failed while building the http client for EntApp installation. " +
+                    "Used SSL algorithm not available";
+            log.error(msg, e);
+            throw new ApplicationManagementException(msg, e);
+        } catch (KeyStoreException e) {
+            String msg = "Failed while building the http client for EntApp installation. " +
+                    "Failed to load required key stores";
+            log.error(msg, e);
+            throw new ApplicationManagementException(msg, e);
+        } catch (KeyManagementException e) {
+            String msg = "Failed while building the http client for EntApp installation. " +
+                    "Failed while building SSL context";
             log.error(msg, e);
             throw new ApplicationManagementException(msg, e);
         }
+
     }
 
     private String getIOTCoreBaseUrl() {

components/application-mgt/io.entgra.device.mgt.core.application.mgt.core/src/main/java/io/entgra/device/mgt/core/application/mgt/core/util/Constants.java

@@ -178,6 +178,8 @@ public class Constants {
         public static final String DEVICE_TYPE_ANDROID = "android";
         public static final String COLON = ":";
         public static final String IOT_CORE_HOST = "iot.core.host";
+
+        public static final String IOT_GATEWAY_HOST = "iot.gateway.host";
         public static final String IOT_CORE_PORT = "iot.core.https.port";
         public static final String ENROLLMENT_APP_INSTALL_PROTOCOL = "https://";
         public static final String GOOGLE_APP_INSTALL_URL = "/api/device-mgt/android/v1.0/enterprise/change-app";

pom.xml

@@ -2145,7 +2145,7 @@
         <github.openfeign.version>9.3.1</github.openfeign.version>
         <jsr311.version>1.1.1</jsr311.version>
         <commons.logging.version>1.2</commons.logging.version>
-        <apache.http.client.version>4.5.6</apache.http.client.version>
+        <apache.http.client.version>4.5.13</apache.http.client.version>
         <!-- apache http components core -->
         <apache.http.core.version>4.4.10</apache.http.core.version>
         <apache.http.mime.version>4.5.8</apache.http.mime.version>