Add default SSL context for all credentials types

5 years ago · 6d99d4cafb
6 changed files with 15 additions and 34 deletions
--- a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/AnonymousCredentials.java
+++ b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/AnonymousCredentials.java
@ -16,7 +16,6 @@
 package org.thingsboard.rule.engine.credentials;

 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import io.netty.handler.ssl.SslContext;

@JsonIgnoreProperties(ignoreUnknown = true)
 public class AnonymousCredentials implements ClientCredentials {
@ -24,9 +23,4 @@ public class AnonymousCredentials implements ClientCredentials {
    public CredentialsType getType() {
        return CredentialsType.ANONYMOUS;
    }
-
-    @Override
-    public SslContext initSslContext() {
-        return null;
-    }
 }
--- a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/BasicCredentials.java
+++ b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/BasicCredentials.java
@ -16,7 +16,6 @@
 package org.thingsboard.rule.engine.credentials;

 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import io.netty.handler.ssl.SslContext;
 import lombok.Data;

@Data
@ -29,9 +28,4 @@ public class BasicCredentials implements ClientCredentials {
    public CredentialsType getType() {
        return CredentialsType.BASIC;
    }
-
-    @Override
-    public SslContext initSslContext() {
-        return null;
-    }
 }
--- a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/ClientCredentials.java
+++ b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/ClientCredentials.java
@ -19,8 +19,11 @@ import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonSubTypes;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
 import org.thingsboard.rule.engine.mqtt.azure.AzureIotHubSasCredentials;

+import javax.net.ssl.SSLException;
+
@JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "type")
@JsonSubTypes({
        @JsonSubTypes.Type(value = AnonymousCredentials.class, name = "anonymous"),
@ -32,5 +35,7 @@ public interface ClientCredentials {
    CredentialsType getType();

    @JsonIgnore
-    SslContext initSslContext();
+    default SslContext initSslContext() throws SSLException{
+        return SslContextBuilder.forClient().build();
+    }
 }
--- a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/mqtt/TbMqttNode.java
+++ b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/mqtt/TbMqttNode.java
@ -18,7 +18,6 @@ package org.thingsboard.rule.engine.mqtt;
 import io.netty.buffer.Unpooled;
 import io.netty.handler.codec.mqtt.MqttQoS;
 import io.netty.handler.ssl.SslContext;
-import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.util.concurrent.Future;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.util.StringUtils;
@ -137,9 +136,11 @@ public class TbMqttNode implements TbNode {
    }

    private SslContext getSslContext() throws SSLException {
-        SslContext sslContext = this.mqttNodeConfiguration.getCredentials().initSslContext();
-        if (this.mqttNodeConfiguration.isSsl() && sslContext == null) {
-            sslContext = SslContextBuilder.forClient().build();
+        ClientCredentials credentials = this.mqttNodeConfiguration.getCredentials();
+        SslContext sslContext = credentials.initSslContext();
+        if (!this.mqttNodeConfiguration.isSsl() &&
+                (credentials.getType() == CredentialsType.ANONYMOUS || credentials.getType() == CredentialsType.BASIC)) {
+            sslContext = null;
        }
        return sslContext;
    }
--- a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/mqtt/azure/TbAzureIotHubNode.java
+++ b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/mqtt/azure/TbAzureIotHubNode.java
@ -30,6 +30,8 @@ import org.thingsboard.rule.engine.mqtt.TbMqttNode;
 import org.thingsboard.rule.engine.mqtt.TbMqttNodeConfiguration;
 import org.thingsboard.server.common.data.plugin.ComponentType;

+import javax.net.ssl.SSLException;
+
@Slf4j
@RuleNode(
        type = ComponentType.EXTERNAL,
@ -55,7 +57,7 @@ public class TbAzureIotHubNode extends TbMqttNode {
                }

                @Override
-                public SslContext initSslContext() {
+                public SslContext initSslContext() throws SSLException {
                    if (credentials instanceof AzureIotHubSasCredentials) {
                        AzureIotHubSasCredentials sasCredentials = (AzureIotHubSasCredentials) credentials;
                        if (sasCredentials.getCaCert() == null || sasCredentials.getCaCert().isEmpty()) {
--- a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/rest/TbHttpClient.java
+++ b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/rest/TbHttpClient.java
@ -17,8 +17,6 @@ package org.thingsboard.rule.engine.rest;

 import io.netty.channel.EventLoopGroup;
 import io.netty.channel.nio.NioEventLoopGroup;
-import io.netty.handler.ssl.SslContext;
-import io.netty.handler.ssl.SslContextBuilder;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.codec.binary.Base64;
@ -47,7 +45,6 @@ import org.thingsboard.rule.engine.api.TbNodeException;
 import org.thingsboard.rule.engine.api.TbRelationTypes;
 import org.thingsboard.rule.engine.api.util.TbNodeUtils;
 import org.thingsboard.rule.engine.credentials.BasicCredentials;
-import org.thingsboard.rule.engine.credentials.CertPemCredentials;
 import org.thingsboard.rule.engine.credentials.ClientCredentials;
 import org.thingsboard.rule.engine.credentials.CredentialsType;
 import org.thingsboard.server.common.msg.TbMsg;
@ -141,7 +138,7 @@ public class TbHttpClient {
            } else {
                this.eventLoopGroup = new NioEventLoopGroup();
                Netty4ClientHttpRequestFactory nettyFactory = new Netty4ClientHttpRequestFactory(this.eventLoopGroup);
-                nettyFactory.setSslContext(getSslContext(config.getCredentials()));
+                nettyFactory.setSslContext(config.getCredentials().initSslContext());
                nettyFactory.setReadTimeout(config.getReadTimeoutMs());
                httpClient = new AsyncRestTemplate(nettyFactory);
            }
@ -150,18 +147,6 @@ public class TbHttpClient {
        }
    }

-    private SslContext getSslContext(ClientCredentials credentials) throws SSLException {
-        switch (credentials.getType()) {
-            case ANONYMOUS:
-            case BASIC:
-                return SslContextBuilder.forClient().build();
-            case CERT_PEM:
-                return credentials.initSslContext();
-            default:
-                throw new IllegalArgumentException("[" + credentials.getType() + "] is not supported!");
-        }
-    }
-
    private void checkSystemProxyProperties() throws TbNodeException {
        boolean useHttpProxy = !StringUtils.isEmpty(System.getProperty("http.proxyHost")) && !StringUtils.isEmpty(System.getProperty("http.proxyPort"));
        boolean useHttpsProxy = !StringUtils.isEmpty(System.getProperty("https.proxyHost")) && !StringUtils.isEmpty(System.getProperty("https.proxyPort"));