Details
diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml
index 976f688..f74d30d 100644
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@@ -77,13 +77,13 @@ mqtt:
timeout: "${MQTT_TIMEOUT:10000}"
# Uncomment the following lines to enable ssl for MQTT
# ssl:
-# key-store: keystore/mqttserver.jks
-# key-store-password: password
-# keyStoreType: JKS
+# key_store: keystore/mqttserver.jks
+# key_store_password: password
+# key_store_type: JKS
# TrustStore can be the same as KeyStore
-# trust-store: keystore/mqttserver.jks
-# trust-store-password: password
-# trustStoreType: JKS
+# trust_store: keystore/mqttserver.jks
+# trust_store_password: password
+# trust_store_type: JKS
# CoAP server parameters
coap:
diff --git a/dao/src/main/java/org/thingsboard/server/dao/device/DeviceCredentialsServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/device/DeviceCredentialsServiceImpl.java
index 2a52b5c..10e329a 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/device/DeviceCredentialsServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/device/DeviceCredentialsServiceImpl.java
@@ -29,8 +29,6 @@ import org.thingsboard.server.dao.exception.DataValidationException;
import org.thingsboard.server.dao.model.DeviceCredentialsEntity;
import org.thingsboard.server.dao.service.DataValidator;
-import java.util.Optional;
-
import static org.thingsboard.server.dao.DaoUtil.getData;
import static org.thingsboard.server.dao.service.Validator.validateId;
import static org.thingsboard.server.dao.service.Validator.validateString;
@@ -73,16 +71,18 @@ public class DeviceCredentialsServiceImpl implements DeviceCredentialsService {
private DeviceCredentials saveOrUpdare(DeviceCredentials deviceCredentials) {
if (deviceCredentials.getCredentialsType() == DeviceCredentialsType.X509_CERTIFICATE) {
- encryptDeviceId(deviceCredentials);
+ formatCertData(deviceCredentials);
}
log.trace("Executing updateDeviceCredentials [{}]", deviceCredentials);
credentialsValidator.validate(deviceCredentials);
return getData(deviceCredentialsDao.save(deviceCredentials));
}
- private void encryptDeviceId(DeviceCredentials deviceCredentials) {
- String sha3Hash = EncryptionUtil.getSha3Hash(deviceCredentials.getCredentialsId());
+ private void formatCertData(DeviceCredentials deviceCredentials) {
+ String cert = EncryptionUtil.trimNewLines(deviceCredentials.getCredentialsValue());
+ String sha3Hash = EncryptionUtil.getSha3Hash(cert);
deviceCredentials.setCredentialsId(sha3Hash);
+ deviceCredentials.setCredentialsValue(cert);
}
@Override
diff --git a/dao/src/main/java/org/thingsboard/server/dao/EncryptionUtil.java b/dao/src/main/java/org/thingsboard/server/dao/EncryptionUtil.java
index 71541cc..0ce5ac2 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/EncryptionUtil.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/EncryptionUtil.java
@@ -27,8 +27,12 @@ public class EncryptionUtil {
private EncryptionUtil() {
}
+ public static String trimNewLines(String input) {
+ return input.replaceAll("\n","").replaceAll("\r","");
+ }
+
public static String getSha3Hash(String data) {
- String trimmedData = data.replaceAll("\n","").replaceAll("\r","");
+ String trimmedData = trimNewLines(data);
byte[] dataBytes = trimmedData.getBytes();
SHA3Digest md = new SHA3Digest(256);
md.reset();
diff --git a/tools/src/main/shell/onewaysslmqttclient.py b/tools/src/main/shell/onewaysslmqttclient.py
index 63d129e..b0824e6 100644
--- a/tools/src/main/shell/onewaysslmqttclient.py
+++ b/tools/src/main/shell/onewaysslmqttclient.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
#
# Copyright © 2016-2017 The Thingsboard Authors
#
diff --git a/tools/src/main/shell/simplemqttclient.py b/tools/src/main/shell/simplemqttclient.py
index 91b3e34..9ec3250 100644
--- a/tools/src/main/shell/simplemqttclient.py
+++ b/tools/src/main/shell/simplemqttclient.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
#
# Copyright © 2016-2017 The Thingsboard Authors
#
diff --git a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
index 70b748d..6b29338 100644
--- a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
+++ b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
@@ -1,12 +1,12 @@
/**
* Copyright © 2016-2017 The Thingsboard Authors
- *
+ * <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -45,18 +45,18 @@ import java.security.cert.X509Certificate;
public class MqttSslHandlerProvider {
public static final String TLS = "TLS";
- @Value("${mqtt.ssl.key-store}")
+ @Value("${mqtt.ssl.key_store}")
private String keyStoreFile;
- @Value("${mqtt.ssl.key-store-password}")
+ @Value("${mqtt.ssl.key_store_password}")
private String keyStorePassword;
- @Value("${mqtt.ssl.keyStoreType}")
+ @Value("${mqtt.ssl.key_store_type}")
private String keyStoreType;
- @Value("${mqtt.ssl.trust-store}")
+ @Value("${mqtt.ssl.trust_store}")
private String trustStoreFile;
- @Value("${mqtt.ssl.trust-store-password}")
+ @Value("${mqtt.ssl.trust_store_password}")
private String trustStorePassword;
- @Value("${mqtt.ssl.trustStoreType}")
+ @Value("${mqtt.ssl.trust_store_type}")
private String trustStoreType;
@Autowired
@@ -108,8 +108,7 @@ public class MqttSslHandlerProvider {
break;
}
}
- X509TrustManager x509TmWrapper = new ThingsboardMqttX509TrustManager(x509Tm, deviceCredentialsService);
- return x509TmWrapper;
+ return new ThingsboardMqttX509TrustManager(x509Tm, deviceCredentialsService);
}
static class ThingsboardMqttX509TrustManager implements X509TrustManager {
@@ -136,18 +135,22 @@ public class MqttSslHandlerProvider {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
+ DeviceCredentials deviceCredentials = null;
for (X509Certificate cert : chain) {
try {
String strCert = SslUtil.getX509CertificateString(cert);
String sha3Hash = EncryptionUtil.getSha3Hash(strCert);
- DeviceCredentials deviceCredentials = deviceCredentialsService.findDeviceCredentialsByCredentialsId(sha3Hash);
- if (deviceCredentials == null) {
- throw new CertificateException("Invalid Device Certificate");
+ deviceCredentials = deviceCredentialsService.findDeviceCredentialsByCredentialsId(sha3Hash);
+ if (deviceCredentials != null && strCert.equals(deviceCredentials.getCredentialsValue())) {
+ break;
}
} catch (IOException e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
}
}
+ if (deviceCredentials == null) {
+ throw new CertificateException("Invalid Device Certificate");
+ }
}
}
}
diff --git a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/util/SslUtil.java b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/util/SslUtil.java
index 8fdf721..d1ea59b 100644
--- a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/util/SslUtil.java
+++ b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/util/SslUtil.java
@@ -16,6 +16,7 @@
package org.thingsboard.server.transport.mqtt.util;
import lombok.extern.slf4j.Slf4j;
+import org.thingsboard.server.dao.EncryptionUtil;
import sun.misc.BASE64Encoder;
import java.io.ByteArrayOutputStream;
@@ -32,11 +33,12 @@ public class SslUtil {
private SslUtil() {
}
- public static String getX509CertificateString(X509Certificate cert) throws CertificateEncodingException, IOException {
+ public static String getX509CertificateString(X509Certificate cert)
+ throws CertificateEncodingException, IOException {
ByteArrayOutputStream out = new ByteArrayOutputStream();
BASE64Encoder encoder = new BASE64Encoder();
encoder.encodeBuffer(cert.getEncoded(), out);
- return new String(out.toByteArray(), "UTF-8").trim();
+ return EncryptionUtil.trimNewLines(new String(out.toByteArray(), "UTF-8"));
}
public static String getX509CertificateString(javax.security.cert.X509Certificate cert)
@@ -44,6 +46,6 @@ public class SslUtil {
ByteArrayOutputStream out = new ByteArrayOutputStream();
BASE64Encoder encoder = new BASE64Encoder();
encoder.encodeBuffer(cert.getEncoded(), out);
- return new String(out.toByteArray(), "UTF-8").trim();
+ return EncryptionUtil.trimNewLines(new String(out.toByteArray(), "UTF-8"));
}
}
diff --git a/ui/src/app/device/device-credentials.controller.js b/ui/src/app/device/device-credentials.controller.js
index 315bc08..537df5d 100644
--- a/ui/src/app/device/device-credentials.controller.js
+++ b/ui/src/app/device/device-credentials.controller.js
@@ -52,13 +52,16 @@ export default function ManageDeviceCredentialsController(deviceService, $scope,
function valid() {
return vm.deviceCredentials &&
(vm.deviceCredentials.credentialsType === 'ACCESS_TOKEN'
- || vm.deviceCredentials.credentialsType === 'X509_CERTIFICATE')
- &&
- vm.deviceCredentials.credentialsId && vm.deviceCredentials.credentialsId.length > 0;
+ && vm.deviceCredentials.credentialsId
+ && vm.deviceCredentials.credentialsId.length > 0
+ || vm.deviceCredentials.credentialsType === 'X509_CERTIFICATE'
+ && vm.deviceCredentials.credentialsValue
+ && vm.deviceCredentials.credentialsValue.length > 0);
}
function clear() {
vm.deviceCredentials.credentialsId = null;
+ vm.deviceCredentials.credentialsValue = null;
}
function save() {
diff --git a/ui/src/app/device/device-credentials.tpl.html b/ui/src/app/device/device-credentials.tpl.html
index f74f71f..9dd4553 100644
--- a/ui/src/app/device/device-credentials.tpl.html
+++ b/ui/src/app/device/device-credentials.tpl.html
@@ -51,7 +51,7 @@
</md-input-container>
<md-input-container class="md-block" ng-if="vm.deviceCredentials.credentialsType === 'X509_CERTIFICATE'">
<label translate>device.rsa-key</label>
- <textarea required name="rsaKey" ng-model="vm.deviceCredentials.credentialsId"
+ <textarea required name="rsaKey" ng-model="vm.deviceCredentials.credentialsValue"
cols="15" rows="5" />
<div ng-messages="theForm.rsaKey.$error">
<div translate ng-message="required">device.rsa-key-required</div>
