make remote control feature mutual ssl compatible

Introduced a new UUID to recognized the authenticated device's call back to establish the websocket connetion. When the UI requested to establish a screen sharing session with the device, a new UUID and will be created and stored in the database with the operation REMOTE_CONNECT's payload. Once the device polls the operation, it receives the UUID. Then device will call back the server with that same UUID to establish the websocket connection.
2025-09-16 23:42:15 +00:00 · 2018-09-13 14:37:05 +05:30 · 2018-09-13 14:37:05 +05:30 · 374c54fa70
commit 374c54fa70
parent d205885a28
3 changed files with 101 additions and 54 deletions
--- a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/RemoteSessionManagementServiceImpl.java
+++ b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/RemoteSessionManagementServiceImpl.java
@ -45,6 +45,7 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.UUID;
 import java.util.Map;
 /**
@ -72,66 +73,89 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme
        sessionQueryParamList.add(session.getQueryString());
        sessionQueryParam.put(RemoteSessionConstants.QUERY_STRING, sessionQueryParamList);
-        // Validate the token
+        if (operationId == null) {
-        OAuthAuthenticator oAuthAuthenticator = RemoteSessionManagementDataHolder.getInstance().getOauthAuthenticator();
+            // Validate the token
-        AuthenticationInfo authenticationInfo = oAuthAuthenticator.isAuthenticated(sessionQueryParam);
+            OAuthAuthenticator oAuthAuthenticator = RemoteSessionManagementDataHolder.getInstance().getOauthAuthenticator();
            AuthenticationInfo authenticationInfo = oAuthAuthenticator.isAuthenticated(sessionQueryParam);
-        if (authenticationInfo != null && authenticationInfo.isAuthenticated()) {
+            if (authenticationInfo != null && authenticationInfo.isAuthenticated()) {
-            try {
+                try {
-                PrivilegedCarbonContext.startTenantFlow();
+                    PrivilegedCarbonContext.startTenantFlow();
-                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(authenticationInfo
+                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(authenticationInfo
-                                .getTenantDomain()
+                                    .getTenantDomain()
-                        , true);
+                            , true);
-                PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(authenticationInfo.getUsername());
+                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(authenticationInfo.getUsername());
-                if (deviceId != null && !deviceId.isEmpty() && deviceType != null && !deviceType.isEmpty()) {
+                    if (deviceId != null && !deviceId.isEmpty() && deviceType != null && !deviceType.isEmpty()) {
-                    DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
+                        DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
-                    deviceIdentifier.setId(deviceId);
+                        deviceIdentifier.setId(deviceId);
-                    deviceIdentifier.setType(deviceType);
+                        deviceIdentifier.setType(deviceType);
-                    // Check authorization of user for given device
+                        // Check authorization of user for given device
-                    boolean userAuthorized = RemoteSessionManagementDataHolder.getInstance()
+                        boolean userAuthorized = RemoteSessionManagementDataHolder.getInstance()
-                            .getDeviceAccessAuthorizationService()
+                                .getDeviceAccessAuthorizationService()
-                            .isUserAuthorized(deviceIdentifier, authenticationInfo.getUsername());
+                                .isUserAuthorized(deviceIdentifier, authenticationInfo.getUsername());
-                    if (userAuthorized) {
+                        if (userAuthorized) {
-                        // set common settings for session
+                            // set common settings for session
-                        session.setMaxBinaryMessageBufferSize(RemoteSessionManagementDataHolder.getInstance()
+                            session.setMaxBinaryMessageBufferSize(RemoteSessionManagementDataHolder.getInstance()
-                                .getMaxMessageBufferSize());
+                                    .getMaxMessageBufferSize());
-                        session.setMaxTextMessageBufferSize(RemoteSessionManagementDataHolder.getInstance()
+                            session.setMaxTextMessageBufferSize(RemoteSessionManagementDataHolder.getInstance()
-                                .getMaxMessageBufferSize());
+                                    .getMaxMessageBufferSize());
-                        session.setMaxIdleTimeout(RemoteSessionManagementDataHolder.getInstance().getMaxIdleTimeout());
+                            session.setMaxIdleTimeout(RemoteSessionManagementDataHolder.getInstance().getMaxIdleTimeout());
                            // if session initiated using operation id means request came from device
 //                            if (operationId != null) {
 //                                // create new device session
 //                                initializeDeviceSession(session, authenticationInfo.getTenantDomain(), deviceType, deviceId,
 //                                        operationId);
 //                            } else {
                                // create new client session
                                initializeClientSession(session, authenticationInfo.getTenantDomain(), deviceType,
                                        deviceId);
 //                            }
                            log.info("Current remote sessions count: " + RemoteSessionManagementDataHolder.getInstance()
                                    .getSessionMap().size());
                        // if session initiated using operation id means request came from device
                        if (operationId != null) {
                            // create new device session
                            initializeDeviceSession(session, authenticationInfo.getTenantDomain(), deviceType, deviceId,
                                    operationId);
                        } else {
-                            // create new client session
+                            throw new RemoteSessionManagementException("Missing device Id or type ");
                            initializeClientSession(session, authenticationInfo.getTenantDomain(), deviceType,
                                    deviceId);
                        }
                        log.info("Current remote sessions count: " + RemoteSessionManagementDataHolder.getInstance()
                                .getSessionMap().size());
                    } else {
-                        throw new RemoteSessionManagementException("Missing device Id or type ");
+                        throw new RemoteSessionManagementException("Unauthorized Access for the device Type : " + deviceType
                                + " , deviceId : " + deviceId);
                    }
-                } else {
+                } catch (OperationManagementException | InvalidDeviceException e) {
-                    throw new RemoteSessionManagementException("Unauthorized Access for the device Type : " + deviceType
+                    throw new RemoteSessionManagementException("Error occurred while adding initial operation for the " +
-                            + " , deviceId : " + deviceId);
+                            "device Type : " + deviceType + " , deviceId : " + deviceId);
                } catch (DeviceAccessAuthorizationException e) {
                    throw new RemoteSessionManagementException("Error occurred while device access authorization for the " +
                            "device Type : " + deviceType + " , " + "deviceId : " + deviceId);
                } finally {
                    PrivilegedCarbonContext.endTenantFlow();
                }
-            } catch (OperationManagementException | InvalidDeviceException e) {
+
-                throw new RemoteSessionManagementException("Error occurred while adding initial operation for the " +
+            } else {
-                        "device Type : " + deviceType + " , deviceId : " + deviceId);
+                throw new RemoteSessionManagementException("Invalid token");
            } catch (DeviceAccessAuthorizationException e) {
                throw new RemoteSessionManagementException("Error occurred while device access authorization for the " +
                        "device Type : " + deviceType + " , " + "deviceId : " + deviceId);
            } finally {
                PrivilegedCarbonContext.endTenantFlow();
            }
        } else {
-            throw new RemoteSessionManagementException("Invalid token");
+            // set common settings for session
            session.setMaxBinaryMessageBufferSize(RemoteSessionManagementDataHolder.getInstance()
                    .getMaxMessageBufferSize());
            session.setMaxTextMessageBufferSize(RemoteSessionManagementDataHolder.getInstance()
                    .getMaxMessageBufferSize());
            session.setMaxIdleTimeout(RemoteSessionManagementDataHolder.getInstance().getMaxIdleTimeout());
            String uuid = session.getQueryString();
            if(uuid != null && uuid.isEmpty()){
                log.error("Could not find a UUID related to the remote session");
            } else {
                String tenantDomain = RemoteSessionManagementDataHolder.getInstance().getUuidToTenantMap().remove(uuid);
                if(tenantDomain == null || tenantDomain.isEmpty()){
                    log.error("Invalid UUID, could not create the remote session");
                } else {
                    // create new device session
                    initializeDeviceSession(session, tenantDomain, deviceType, deviceId, operationId, uuid);
                }
            }
        }
    }
@ -194,6 +218,7 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme
                .getId());
        if (remoteSession != null) {
            //String operationId = remoteSession.getOperationId();
            RemoteSessionManagementDataHolder.getInstance().getUuidToTenantMap().remove(remoteSession.getUuidToValidateDevice());
            String deviceKey = remoteSession.getTenantDomain() + "/" + remoteSession.getDeviceType() + "/" +
                    remoteSession.getDeviceId();
            RemoteSession lastSession = RemoteSessionManagementDataHolder.getInstance()
@ -239,8 +264,9 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme
    private void initializeClientSession(Session session, String tenantDomain, String deviceType, String deviceId) throws RemoteSessionManagementException,
            OperationManagementException, InvalidDeviceException {
        String uuidToValidateDevice = UUID.randomUUID().toString();
        RemoteSession clientRemote = new RemoteSession(session, tenantDomain, deviceType, deviceId, RemoteSessionConstants
-                .CONNECTION_TYPE.CLIENT);
+                .CONNECTION_TYPE.CLIENT, uuidToValidateDevice);
        String deviceKey = tenantDomain + "/" + deviceType + "/" + deviceId;
        // Create new remote control operation to start the session
        RemoteSession activeSession = RemoteSessionManagementDataHolder.getInstance().getActiveDeviceClientSessionMap
@ -277,6 +303,12 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme
                operation.setControl(Operation.Control.NO_REPEAT);
                JSONObject payload = new JSONObject();
                payload.put("serverUrl", RemoteSessionManagementDataHolder.getInstance().getServerUrl());
                payload.put("uuidToValidateDevice", uuidToValidateDevice);
                String uuidToTenantMap = RemoteSessionManagementDataHolder.getInstance().getUuidToTenantMap
                        ().putIfAbsent(uuidToValidateDevice, tenantDomain);
                if (log.isDebugEnabled()) {
                    log.debug("UUID " + uuidToTenantMap + " is generated against the tenant : " + tenantDomain);
                }
                operation.setPayLoad(payload.toString());
                String date = new SimpleDateFormat(RemoteSessionConstants.DATE_FORMAT_NOW).format(new Date());
                operation.setCreatedTimeStamp(date);
@ -287,6 +319,7 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme
                clientRemote.setOperationId(activity.getActivityId().replace(DeviceManagementConstants
                        .OperationAttributes.ACTIVITY, ""));
                RemoteSessionManagementDataHolder.getInstance().getSessionMap().put(session.getId(), clientRemote);
                log.info("Client remote session opened for session id: " + session.getId() + " device Type : " +
                        deviceType + " , " + "deviceId : " + deviceId);
            } else {
@ -307,7 +340,7 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme
     * @throws RemoteSessionManagementException throws when session has errors with accessing device resources
     */
    private void initializeDeviceSession(Session session, String tenantDomain, String deviceType, String deviceId,
-                                         String operationId) throws RemoteSessionManagementException {
+                                         String operationId, String uuidToValidateDevice) throws RemoteSessionManagementException {
        String deviceKey = tenantDomain + "/" + deviceType + "/" + deviceId;
        RemoteSession activeSession = RemoteSessionManagementDataHolder.getInstance()
                .getActiveDeviceClientSessionMap().get(deviceKey);
@ -317,7 +350,7 @@ public class RemoteSessionManagementServiceImpl implements RemoteSessionManageme
            if (clientRemote != null) {
                if (clientRemote.getOperationId().equals(operationId)) {
                    RemoteSession deviceRemote = new RemoteSession(session, tenantDomain, deviceType, deviceId,
-                            RemoteSessionConstants.CONNECTION_TYPE.DEVICE);
+                            RemoteSessionConstants.CONNECTION_TYPE.DEVICE, uuidToValidateDevice);
                    deviceRemote.setOperationId(operationId);
                    deviceRemote.setPeerSession(clientRemote);
                    clientRemote.setPeerSession(deviceRemote);
--- a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/dto/RemoteSession.java
+++ b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/dto/RemoteSession.java
@ -34,7 +34,11 @@ import java.nio.ByteBuffer;
 public class RemoteSession {
    private static final Log log = LogFactory.getLog(RemoteSession.class);
-    private String tenantDomain, operationId, deviceType, deviceId;
+    private String tenantDomain;
    private String operationId;
    private String deviceType;
    private String deviceId;
    private String uuidToValidateDevice;
    private long lastMessageTimeStamp = System.currentTimeMillis();
    private RemoteSession peerSession;
    private Session mySession;
@ -45,12 +49,13 @@ public class RemoteSession {
    private RemoteSessionConstants.CONNECTION_TYPE connectionType;
    public RemoteSession(Session session, String tenantDomain, String deviceType, String deviceId,
-                         RemoteSessionConstants.CONNECTION_TYPE connectionType) {
+                         RemoteSessionConstants.CONNECTION_TYPE connectionType, String uuidToValidateDevice) {
        this.mySession = session;
        this.deviceType = deviceType;
        this.deviceId = deviceId;
        this.tenantDomain = tenantDomain;
        this.connectionType = connectionType;
        this.uuidToValidateDevice = uuidToValidateDevice;
        maxMessagesPerSecond = RemoteSessionManagementDataHolder.getInstance().getMaxMessagesPerSecond();
        messageAllowance = maxMessagesPerSecond;
        messageRatePerSecond = (double) maxMessagesPerSecond / 1000;
@ -109,6 +114,10 @@ public class RemoteSession {
        }
    }
    public String getUuidToValidateDevice() {
        return uuidToValidateDevice;
    }
    public Session getMySession() {
        return mySession;
    }
--- a/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/internal/RemoteSessionManagementDataHolder.java
+++ b/components/extensions/remote-session-extension/org.wso2.carbon.device.mgt.extensions.remote.session/src/main/java/org/wso2/carbon/device/mgt/extensions/remote.session/internal/RemoteSessionManagementDataHolder.java
@ -43,6 +43,11 @@ public class RemoteSessionManagementDataHolder {
    private OAuthAuthenticator oAuthAuthenticator;
    private Map<String, RemoteSession> activeDeviceClientSessionMap = new ConcurrentHashMap<String, RemoteSession>();
    private Map<String, RemoteSession> sessionMap = new ConcurrentHashMap<String, RemoteSession>();
    private Map<String, String> uuidToTenantMap = new ConcurrentHashMap<>();
    public Map<String, String> getUuidToTenantMap() {
        return uuidToTenantMap;
    }
    public static RemoteSessionManagementDataHolder getInstance() {
        return thisInstance;