Merge pull request #752 from Jasintha/weekTrustManager

fixing weekTrustManager Impel issue

components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/pom.xml

@@ -67,6 +67,7 @@
                             feign.gson,
 							org.json.simple.*,
 							org.wso2.carbon.appmgt.mobile.beans,
+                            org.wso2.carbon.base,
 							org.wso2.carbon.context,
 							javax.net.ssl,
 							feign.slf4j

components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/ApplicationOperationsImpl.java

@@ -47,17 +47,15 @@ import org.wso2.carbon.appmgt.mobile.mdm.App;
 import org.wso2.carbon.appmgt.mobile.mdm.Device;
 import org.wso2.carbon.appmgt.mobile.utils.MobileApplicationException;
 import org.wso2.carbon.appmgt.mobile.utils.MobileConfigurations;
+import org.wso2.carbon.base.ServerConfiguration;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 
-import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.*;
-import javax.net.ssl.SSLContext;
+import java.io.FileInputStream;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
-import java.security.KeyManagementException;
+import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
+import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -286,16 +284,21 @@ public class ApplicationOperationsImpl implements ApplicationOperations {
         }
     }
 
-    private static Client getSSLClient() {
+    public static Client getSSLClient() {
-        return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
+        boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
-            @Override
+        if(isIgnoreHostnameVerification) {
-            public boolean verify(String s, SSLSession sslSession) {
+            return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
-                return true;
+                @Override
-            }
+                public boolean verify(String s, SSLSession sslSession) {
-        });
+                    return true;
+                }
+            });
+        }else {
+            return new Client.Default(getTrustedSSLSocketFactory(), null);
+        }
     }
 
-    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+    private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
         try {
             TrustManager[] trustAllCerts = new TrustManager[]{
                     new X509TrustManager() {
@@ -318,4 +321,63 @@ public class ApplicationOperationsImpl implements ApplicationOperations {
         }
     }
 
+    //FIXME - I know hard-cording values is a bad practice , this code is repeating in
+    // several class, so this hard-coding strings will be removed once this code block is moved into a central location
+    // this should be done after the 3.1.0 release.
+    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+        try {
+            String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
+            String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
+            String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Password");
+            String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Location");
+
+            KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS");
+            KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword);
+            return initSSLConnection(keyStore,keyStorePassword,trustStore);
+        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
+                |CertificateException | IOException | UnrecoverableKeyException e) {
+            log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e);
+            return null;
+        }
+    }
+
+    private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException,
+            KeyStoreException, KeyManagementException {
+        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
+        trustManagerFactory.init(trustStore);
+
+        // Create and initialize SSLContext for HTTPS communication
+        SSLContext sslContext = SSLContext.getInstance("SSLv3");
+        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
+        SSLContext.setDefault(sslContext);
+        return  sslContext.getSocketFactory();
+    }
+
+    private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+        InputStream fileInputStream = null;
+        try {
+            char[] keypassChar = ksPassword.toCharArray();
+            KeyStore keyStore = KeyStore.getInstance(type);
+            fileInputStream = new FileInputStream(keyStorePath);
+            keyStore.load(fileInputStream, keypassChar);
+            return keyStore;
+        } finally {
+            if (fileInputStream != null) {
+                fileInputStream.close();
+            }
+        }
+    }
+
+    private static KeyStore loadTrustStore(String trustStorePath, String tsPassword)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+
+        return loadKeyStore(trustStorePath,tsPassword,"JKS");
+    }
+
+
 }

components/extensions/appm-connector/org.wso2.carbon.appmgt.mdm.restconnector/src/main/java/org/wso2/carbon/appmgt/mdm/restconnector/authorization/client/OAuthRequestInterceptor.java

@@ -40,16 +40,14 @@ import org.wso2.carbon.appmgt.mdm.restconnector.authorization.client.dto.ApiRegi
 import org.wso2.carbon.appmgt.mdm.restconnector.authorization.client.dto.TokenIssuerService;
 import org.wso2.carbon.appmgt.mdm.restconnector.config.AuthorizationConfigurationManager;
 import org.wso2.carbon.appmgt.mdm.restconnector.internal.AuthorizationDataHolder;
+import org.wso2.carbon.base.ServerConfiguration;
 
-import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.*;
-import javax.net.ssl.SSLContext;
+import java.io.FileInputStream;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
-import java.security.KeyManagementException;
+import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
+import java.security.cert.CertificateException;
 
 /**
  * This is a request interceptor to add oauth token header.
@@ -131,16 +129,21 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
         template.header(Constants.RestConstants.AUTHORIZATION, headerValue);
     }
 
-    private static Client getSSLClient() {
+    public static Client getSSLClient() {
-        return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
+        boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
-            @Override
+        if(isIgnoreHostnameVerification) {
-            public boolean verify(String s, SSLSession sslSession) {
+            return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
-                return true;
+                @Override
-            }
+                public boolean verify(String s, SSLSession sslSession) {
-        });
+                    return true;
+                }
+            });
+        }else {
+            return new Client.Default(getTrustedSSLSocketFactory(), null);
+        }
     }
 
-    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+    private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
         try {
             TrustManager[] trustAllCerts = new TrustManager[]{
                     new X509TrustManager() {
@@ -163,4 +166,62 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
         }
     }
 
+    //FIXME - I know hard-cording values is a bad practice , this code is repeating in
+    // several class, so this hard-coding strings will be removed once this code block is moved into a central location
+    // this should be done after the 3.1.0 release.
+    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+        try {
+            String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
+            String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
+            String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Password");
+            String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Location");
+
+            KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS");
+            KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword);
+            return initSSLConnection(keyStore,keyStorePassword,trustStore);
+        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
+                |CertificateException | IOException | UnrecoverableKeyException e) {
+            log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e);
+            return null;
+        }
+    }
+
+    private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException,
+            KeyStoreException, KeyManagementException {
+        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
+        trustManagerFactory.init(trustStore);
+
+        // Create and initialize SSLContext for HTTPS communication
+        SSLContext sslContext = SSLContext.getInstance("SSLv3");
+        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
+        SSLContext.setDefault(sslContext);
+        return  sslContext.getSocketFactory();
+    }
+
+    private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+        InputStream fileInputStream = null;
+        try {
+            char[] keypassChar = ksPassword.toCharArray();
+            KeyStore keyStore = KeyStore.getInstance(type);
+            fileInputStream = new FileInputStream(keyStorePath);
+            keyStore.load(fileInputStream, keypassChar);
+            return keyStore;
+        } finally {
+            if (fileInputStream != null) {
+                fileInputStream.close();
+            }
+        }
+    }
+
+    private static KeyStore loadTrustStore(String trustStorePath, String tsPassword)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+
+        return loadKeyStore(trustStorePath,tsPassword,"JKS");
+    }
+
 }

components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/pom.xml

@@ -165,6 +165,7 @@
 							org.wso2.carbon.identity.oauth2.*,
 							org.wso2.carbon.utils,
 							org.wso2.carbon.utils.multitenancy,
+                            org.wso2.carbon.base,
 							javax.net.ssl,
 							feign.slf4j
                         </Import-Package>

components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/DeviceAuthorizer.java

@@ -29,6 +29,7 @@ import feign.jaxrs.JAXRSContract;
 import feign.slf4j.Slf4jLogger;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.ServerConfiguration;
 import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.OAuthRequestInterceptor;
 import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.AuthorizationRequest;
 import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.DeviceAccessAuthorizationAdminService;
@@ -38,15 +39,12 @@ import org.wso2.carbon.device.mgt.input.adapter.http.util.AuthenticationInfo;
 import org.wso2.carbon.device.mgt.input.adapter.http.util.PropertyUtils;
 import org.wso2.carbon.event.input.adapter.core.exception.InputEventAdapterException;
 
-import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.*;
-import javax.net.ssl.SSLContext;
+import java.io.FileInputStream;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
-import java.security.KeyManagementException;
+import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
+import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -112,16 +110,21 @@ public class DeviceAuthorizer {
         return deviceMgtServerUrl;
     }
 
-    private static Client getSSLClient() {
+    public static Client getSSLClient() {
-        return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
+        boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
-            @Override
+        if(isIgnoreHostnameVerification) {
-            public boolean verify(String s, SSLSession sslSession) {
+            return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
-                return true;
+                @Override
-            }
+                public boolean verify(String s, SSLSession sslSession) {
-        });
+                    return true;
+                }
+            });
+        }else {
+            return new Client.Default(getTrustedSSLSocketFactory(), null);
+        }
     }
 
-    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+    private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
         try {
             TrustManager[] trustAllCerts = new TrustManager[]{
                     new X509TrustManager() {
@@ -144,4 +147,62 @@ public class DeviceAuthorizer {
         }
     }
 
+    //FIXME - I know hard-cording values is a bad practice , this code is repeating in
+    // several class, so this hard-coding strings will be removed once this code block is moved into a central location
+    // this should be done after the 3.1.0 release.
+    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+        try {
+            String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
+            String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
+            String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Password");
+            String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Location");
+
+            KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS");
+            KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword);
+            return initSSLConnection(keyStore,keyStorePassword,trustStore);
+        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
+                |CertificateException | IOException | UnrecoverableKeyException e) {
+            log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e);
+            return null;
+        }
+    }
+
+    private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException,
+            KeyStoreException, KeyManagementException {
+        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
+        trustManagerFactory.init(trustStore);
+
+        // Create and initialize SSLContext for HTTPS communication
+        SSLContext sslContext = SSLContext.getInstance("SSLv3");
+        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
+        SSLContext.setDefault(sslContext);
+        return  sslContext.getSocketFactory();
+    }
+
+    private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+        InputStream fileInputStream = null;
+        try {
+            char[] keypassChar = ksPassword.toCharArray();
+            KeyStore keyStore = KeyStore.getInstance(type);
+            fileInputStream = new FileInputStream(keyStorePath);
+            keyStore.load(fileInputStream, keypassChar);
+            return keyStore;
+        } finally {
+            if (fileInputStream != null) {
+                fileInputStream.close();
+            }
+        }
+    }
+
+    private static KeyStore loadTrustStore(String trustStorePath, String tsPassword)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+
+        return loadKeyStore(trustStorePath,tsPassword,"JKS");
+    }
+
 }

components/extensions/cdmf-transport-adapters/input/org.wso2.carbon.device.mgt.input.adapter.http/src/main/java/org/wso2/carbon/device/mgt/input/adapter/http/authorization/client/OAuthRequestInterceptor.java

@@ -29,6 +29,7 @@ import feign.jaxrs.JAXRSContract;
 import feign.slf4j.Slf4jLogger;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.ServerConfiguration;
 import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.AccessTokenInfo;
 import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.ApiApplicationKey;
 import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.ApiApplicationRegistrationService;
@@ -37,15 +38,12 @@ import org.wso2.carbon.device.mgt.input.adapter.http.authorization.client.dto.To
 import org.wso2.carbon.device.mgt.input.adapter.http.util.PropertyUtils;
 import org.wso2.carbon.event.input.adapter.core.exception.InputEventAdapterException;
 
-import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.*;
-import javax.net.ssl.SSLContext;
+import java.io.FileInputStream;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
-import java.security.KeyManagementException;
+import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
+import java.security.cert.CertificateException;
 import java.util.Map;
 
 /**
@@ -183,16 +181,21 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
         return refreshTimeOffset;
     }
 
-    private static Client getSSLClient() {
+    public static Client getSSLClient() {
-        return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
+        boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
-            @Override
+        if(isIgnoreHostnameVerification) {
-            public boolean verify(String s, SSLSession sslSession) {
+            return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
-                return true;
+                @Override
-            }
+                public boolean verify(String s, SSLSession sslSession) {
-        });
+                    return true;
+                }
+            });
+        }else {
+            return new Client.Default(getTrustedSSLSocketFactory(), null);
+        }
     }
 
-    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+    private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
         try {
             TrustManager[] trustAllCerts = new TrustManager[]{
                     new X509TrustManager() {
@@ -214,4 +217,63 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
             return null;
         }
     }
+
+    //FIXME - I know hard-cording values is a bad practice , this code is repeating in
+    // several class, so this hard-coding strings will be removed once this code block is moved into a central location
+    // this should be done after the 3.1.0 release.
+    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+        try {
+            String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
+            String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
+            String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Password");
+            String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Location");
+
+            KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS");
+            KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword);
+            return initSSLConnection(keyStore,keyStorePassword,trustStore);
+        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
+                |CertificateException | IOException | UnrecoverableKeyException e) {
+            log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e);
+            return null;
+        }
+    }
+
+    private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException,
+            KeyStoreException, KeyManagementException {
+        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
+        trustManagerFactory.init(trustStore);
+
+        // Create and initialize SSLContext for HTTPS communication
+        SSLContext sslContext = SSLContext.getInstance("SSLv3");
+        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
+        SSLContext.setDefault(sslContext);
+        return  sslContext.getSocketFactory();
+    }
+
+    private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+        InputStream fileInputStream = null;
+        try {
+            char[] keypassChar = ksPassword.toCharArray();
+            KeyStore keyStore = KeyStore.getInstance(type);
+            fileInputStream = new FileInputStream(keyStorePath);
+            keyStore.load(fileInputStream, keypassChar);
+            return keyStore;
+        } finally {
+            if (fileInputStream != null) {
+                fileInputStream.close();
+            }
+        }
+    }
+
+    private static KeyStore loadTrustStore(String trustStorePath, String tsPassword)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+
+        return loadKeyStore(trustStorePath,tsPassword,"JKS");
+    }
+
 }

components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/DeviceAuthorizer.java

@@ -29,6 +29,7 @@ import feign.jaxrs.JAXRSContract;
 import feign.slf4j.Slf4jLogger;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.ServerConfiguration;
 import org.wso2.carbon.device.mgt.output.adapter.websocket.authentication.AuthenticationInfo;
 import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.OAuthRequestInterceptor;
 import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.AuthorizationRequest;
@@ -40,16 +41,13 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils;
 import org.wso2.carbon.device.mgt.output.adapter.websocket.util.WebSocketSessionRequest;
 import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException;
 
-import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.*;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import javax.websocket.Session;
+import java.io.FileInputStream;
 import java.io.IOException;
-import java.security.KeyManagementException;
+import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
+import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -125,16 +123,21 @@ public class DeviceAuthorizer implements Authorizer {
         return deviceMgtServerUrl;
     }
 
-    private static Client getSSLClient() {
+    public static Client getSSLClient() {
-        return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
+        boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
-            @Override
+        if(isIgnoreHostnameVerification) {
-            public boolean verify(String s, SSLSession sslSession) {
+            return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
-                return true;
+                @Override
-            }
+                public boolean verify(String s, SSLSession sslSession) {
-        });
+                    return true;
+                }
+            });
+        }else {
+            return new Client.Default(getTrustedSSLSocketFactory(), null);
+        }
     }
 
-    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+    private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
         try {
             TrustManager[] trustAllCerts = new TrustManager[]{
                     new X509TrustManager() {
@@ -156,4 +159,63 @@ public class DeviceAuthorizer implements Authorizer {
             return null;
         }
     }
+
+    //FIXME - I know hard-cording values is a bad practice , this code is repeating in
+    // several class, so this hard-coding strings will be removed once this code block is moved into a central location
+    // this should be done after the 3.1.0 release.
+    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+        try {
+            String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
+            String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
+            String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Password");
+            String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Location");
+
+            KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS");
+            KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword);
+            return initSSLConnection(keyStore,keyStorePassword,trustStore);
+        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
+                |CertificateException | IOException | UnrecoverableKeyException e) {
+            log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e);
+            return null;
+        }
+    }
+
+    private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException,
+            KeyStoreException, KeyManagementException {
+        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
+        trustManagerFactory.init(trustStore);
+
+        // Create and initialize SSLContext for HTTPS communication
+        SSLContext sslContext = SSLContext.getInstance("SSLv3");
+        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
+        SSLContext.setDefault(sslContext);
+        return  sslContext.getSocketFactory();
+    }
+
+    private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+        InputStream fileInputStream = null;
+        try {
+            char[] keypassChar = ksPassword.toCharArray();
+            KeyStore keyStore = KeyStore.getInstance(type);
+            fileInputStream = new FileInputStream(keyStorePath);
+            keyStore.load(fileInputStream, keypassChar);
+            return keyStore;
+        } finally {
+            if (fileInputStream != null) {
+                fileInputStream.close();
+            }
+        }
+    }
+
+    private static KeyStore loadTrustStore(String trustStorePath, String tsPassword)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+
+        return loadKeyStore(trustStorePath,tsPassword,"JKS");
+    }
+
 }

components/extensions/cdmf-transport-adapters/output/org.wso2.carbon.device.mgt.output.adapter.websocket/src/main/java/org/wso2/carbon/device/mgt/output/adapter/websocket/authorization/client/OAuthRequestInterceptor.java

@@ -29,6 +29,7 @@ import feign.jaxrs.JAXRSContract;
 import feign.slf4j.Slf4jLogger;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.ServerConfiguration;
 import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.AccessTokenInfo;
 import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.ApiApplicationKey;
 import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.dto.ApiApplicationRegistrationService;
@@ -37,15 +38,13 @@ import org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.client.
 import org.wso2.carbon.device.mgt.output.adapter.websocket.util.PropertyUtils;
 import org.wso2.carbon.event.output.adapter.core.exception.OutputEventAdapterException;
 
-import javax.net.ssl.HostnameVerifier;
+
-import javax.net.ssl.SSLContext;
+import javax.net.ssl.*;
-import javax.net.ssl.SSLSession;
+import java.io.FileInputStream;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
-import java.security.KeyManagementException;
+import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
+import java.security.cert.CertificateException;
 import java.util.Map;
 
 /**
@@ -185,16 +184,21 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
         return refreshTimeOffset;
     }
 
-    private static Client getSSLClient() {
+    public static Client getSSLClient() {
-        return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
+        boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
-            @Override
+        if(isIgnoreHostnameVerification) {
-            public boolean verify(String s, SSLSession sslSession) {
+            return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
-                return true;
+                @Override
-            }
+                public boolean verify(String s, SSLSession sslSession) {
-        });
+                    return true;
+                }
+            });
+        }else {
+            return new Client.Default(getTrustedSSLSocketFactory(), null);
+        }
     }
 
-    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+    private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
         try {
             TrustManager[] trustAllCerts = new TrustManager[]{
                     new X509TrustManager() {
@@ -217,4 +221,62 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
         }
     }
 
+    //FIXME - (line 223 - 280 block) I know hard-cording values is a bad practice , this code is repeating in
+    // several class, so this hard-coding strings will be removed once this code block is moved into a central location
+    // this should be done after the 3.1.0 release.
+    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+        try {
+            String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
+            String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
+            String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Password");
+            String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Location");
+
+            KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS");
+            KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword);
+            return initSSLConnection(keyStore,keyStorePassword,trustStore);
+        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
+                |CertificateException | IOException | UnrecoverableKeyException e) {
+            log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e);
+            return null;
+        }
+    }
+
+    private static SSLSocketFactory initSSLConnection(KeyStore keyStore, String keyStorePassword, KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException,
+            KeyStoreException, KeyManagementException {
+        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
+        trustManagerFactory.init(trustStore);
+
+        // Create and initialize SSLContext for HTTPS communication
+        SSLContext sslContext = SSLContext.getInstance("SSLv3");
+        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
+        SSLContext.setDefault(sslContext);
+        return  sslContext.getSocketFactory();
+    }
+
+    private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+        InputStream fileInputStream = null;
+        try {
+            char[] keypassChar = ksPassword.toCharArray();
+            KeyStore keyStore = KeyStore.getInstance(type);
+            fileInputStream = new FileInputStream(keyStorePath);
+            keyStore.load(fileInputStream, keypassChar);
+            return keyStore;
+        } finally {
+            if (fileInputStream != null) {
+                fileInputStream.close();
+            }
+        }
+    }
+
+    private static KeyStore loadTrustStore(String trustStorePath, String tsPassword)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+
+        return loadKeyStore(trustStorePath,tsPassword,"JKS");
+    }
+
 }

components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/DeviceAccessBasedMQTTAuthorizer.java

@@ -42,6 +42,7 @@ import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.Aut
 import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.internal.AuthorizationDataHolder;
 import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.util.AuthorizationCacheKey;
 import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.base.ServerConfiguration;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.user.api.UserRealm;
 import org.wso2.carbon.user.api.UserStoreException;
@@ -49,15 +50,12 @@ import org.wso2.carbon.user.api.UserStoreException;
 import javax.cache.Cache;
 import javax.cache.CacheConfiguration;
 import javax.cache.Caching;
-import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.*;
-import javax.net.ssl.SSLContext;
+import java.io.FileInputStream;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
-import java.security.KeyManagementException;
+import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
+import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
@@ -258,16 +256,21 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
         }
     }
 
-    private static Client getSSLClient() {
+    public static Client getSSLClient() {
-        return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
+        boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
-            @Override
+        if(isIgnoreHostnameVerification) {
-            public boolean verify(String s, SSLSession sslSession) {
+            return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
-                return true;
+                @Override
-            }
+                public boolean verify(String s, SSLSession sslSession) {
-        });
+                    return true;
+                }
+            });
+        }else {
+            return new Client.Default(getTrustedSSLSocketFactory(), null);
+        }
     }
 
-    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+    private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
         try {
             TrustManager[] trustAllCerts = new TrustManager[]{
                     new X509TrustManager() {
@@ -290,4 +293,62 @@ public class DeviceAccessBasedMQTTAuthorizer implements IAuthorizer {
         }
     }
 
+    //FIXME - I know hard-cording values is a bad practice , this code is repeating in
+    // several class, so this hard-coding strings will be removed once this code block is moved into a central location
+    // this should be done after the 3.1.0 release.
+    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+        try {
+            String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
+            String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
+            String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Password");
+            String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Location");
+
+            KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS");
+            KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword);
+            return initSSLConnection(keyStore,keyStorePassword,trustStore);
+        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
+                |CertificateException | IOException | UnrecoverableKeyException e) {
+            log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e);
+            return null;
+        }
+    }
+
+    private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException,
+            KeyStoreException, KeyManagementException {
+        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
+        trustManagerFactory.init(trustStore);
+
+        // Create and initialize SSLContext for HTTPS communication
+        SSLContext sslContext = SSLContext.getInstance("SSLv3");
+        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
+        SSLContext.setDefault(sslContext);
+        return  sslContext.getSocketFactory();
+    }
+
+    private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+        InputStream fileInputStream = null;
+        try {
+            char[] keypassChar = ksPassword.toCharArray();
+            KeyStore keyStore = KeyStore.getInstance(type);
+            fileInputStream = new FileInputStream(keyStorePath);
+            keyStore.load(fileInputStream, keypassChar);
+            return keyStore;
+        } finally {
+            if (fileInputStream != null) {
+                fileInputStream.close();
+            }
+        }
+    }
+
+    private static KeyStore loadTrustStore(String trustStorePath, String tsPassword)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+
+        return loadKeyStore(trustStorePath,tsPassword,"JKS");
+    }
+
 }

components/extensions/mb-extensions/org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization/src/main/java/org/wso2/carbon/andes/extensions/device/mgt/mqtt/authorization/client/OAuthRequestInterceptor.java

@@ -37,16 +37,14 @@ import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto
 import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.ApiRegistrationProfile;
 import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.client.dto.TokenIssuerService;
 import org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.config.AuthorizationConfigurationManager;
+import org.wso2.carbon.base.ServerConfiguration;
 
-import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.*;
-import javax.net.ssl.SSLContext;
+import java.io.FileInputStream;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
-import java.security.KeyManagementException;
+import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
+import java.security.cert.CertificateException;
 
 /**
  * This is a request interceptor to add oauth token header.
@@ -129,16 +127,21 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
         tokenIssuerService = null;
     }
 
-    private static Client getSSLClient() {
+    public static Client getSSLClient() {
-        return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
+        boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
-            @Override
+        if(isIgnoreHostnameVerification) {
-            public boolean verify(String s, SSLSession sslSession) {
+            return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
-                return true;
+                @Override
-            }
+                public boolean verify(String s, SSLSession sslSession) {
-        });
+                    return true;
+                }
+            });
+        }else {
+            return new Client.Default(getTrustedSSLSocketFactory(), null);
+        }
     }
 
-    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+    private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
         try {
             TrustManager[] trustAllCerts = new TrustManager[]{
                     new X509TrustManager() {
@@ -161,4 +164,62 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
         }
     }
 
+    //FIXME - I know hard-cording values is a bad practice , this code is repeating in
+    // several class, so this hard-coding strings will be removed once this code block is moved into a central location
+    // this should be done after the 3.1.0 release.
+    private static SSLSocketFactory getTrustedSSLSocketFactory() {
+        try {
+            String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
+            String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
+            String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Password");
+            String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
+                    "Security.TrustStore.Location");
+
+            KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,"JKS");
+            KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword);
+            return initSSLConnection(keyStore,keyStorePassword,trustStore);
+        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
+                |CertificateException | IOException | UnrecoverableKeyException e) {
+            log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e);
+            return null;
+        }
+    }
+
+    private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException,
+            KeyStoreException, KeyManagementException {
+        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
+        trustManagerFactory.init(trustStore);
+
+        // Create and initialize SSLContext for HTTPS communication
+        SSLContext sslContext = SSLContext.getInstance("SSLv3");
+        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
+        SSLContext.setDefault(sslContext);
+        return  sslContext.getSocketFactory();
+    }
+
+    private static KeyStore loadKeyStore(String keyStorePath, String ksPassword, String type)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+        InputStream fileInputStream = null;
+        try {
+            char[] keypassChar = ksPassword.toCharArray();
+            KeyStore keyStore = KeyStore.getInstance(type);
+            fileInputStream = new FileInputStream(keyStorePath);
+            keyStore.load(fileInputStream, keypassChar);
+            return keyStore;
+        } finally {
+            if (fileInputStream != null) {
+                fileInputStream.close();
+            }
+        }
+    }
+
+    private static KeyStore loadTrustStore(String trustStorePath, String tsPassword)
+            throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
+
+        return loadKeyStore(trustStorePath,tsPassword,"JKS");
+    }
+
 }