|
|
|
@ -357,37 +357,37 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement |
|
|
|
log.info("[{}] Processing connect msg for client: {}!", sessionId, msg.payload().clientIdentifier()); |
|
|
|
X509Certificate cert; |
|
|
|
if (sslHandler != null && (cert = getX509Certificate()) != null) { |
|
|
|
processX509CertConnect(ctx, cert); |
|
|
|
processX509CertConnect(ctx, cert, msg); |
|
|
|
} else { |
|
|
|
processAuthTokenConnect(ctx, msg); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
private void processAuthTokenConnect(ChannelHandlerContext ctx, MqttConnectMessage msg) { |
|
|
|
String userName = msg.payload().userName(); |
|
|
|
private void processAuthTokenConnect(ChannelHandlerContext ctx, MqttConnectMessage connectMessage) { |
|
|
|
String userName = connectMessage.payload().userName(); |
|
|
|
log.info("[{}] Processing connect msg for client with user name: {}!", sessionId, userName); |
|
|
|
if (StringUtils.isEmpty(userName)) { |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(CONNECTION_REFUSED_BAD_USER_NAME_OR_PASSWORD)); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(CONNECTION_REFUSED_BAD_USER_NAME_OR_PASSWORD, connectMessage)); |
|
|
|
ctx.close(); |
|
|
|
} else { |
|
|
|
transportService.process(ValidateDeviceTokenRequestMsg.newBuilder().setToken(userName).build(), |
|
|
|
new TransportServiceCallback<ValidateDeviceCredentialsResponseMsg>() { |
|
|
|
@Override |
|
|
|
public void onSuccess(ValidateDeviceCredentialsResponseMsg msg) { |
|
|
|
onValidateDeviceResponse(msg, ctx); |
|
|
|
onValidateDeviceResponse(msg, ctx, connectMessage); |
|
|
|
} |
|
|
|
|
|
|
|
@Override |
|
|
|
public void onError(Throwable e) { |
|
|
|
log.trace("[{}] Failed to process credentials: {}", address, userName, e); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(MqttConnectReturnCode.CONNECTION_REFUSED_SERVER_UNAVAILABLE)); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(MqttConnectReturnCode.CONNECTION_REFUSED_SERVER_UNAVAILABLE, connectMessage)); |
|
|
|
ctx.close(); |
|
|
|
} |
|
|
|
}); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
private void processX509CertConnect(ChannelHandlerContext ctx, X509Certificate cert) { |
|
|
|
private void processX509CertConnect(ChannelHandlerContext ctx, X509Certificate cert, MqttConnectMessage connectMessage) { |
|
|
|
try { |
|
|
|
if(!context.isSkipValidityCheckForClientCert()){ |
|
|
|
cert.checkValidity(); |
|
|
|
@ -398,18 +398,18 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement |
|
|
|
new TransportServiceCallback<ValidateDeviceCredentialsResponseMsg>() { |
|
|
|
@Override |
|
|
|
public void onSuccess(ValidateDeviceCredentialsResponseMsg msg) { |
|
|
|
onValidateDeviceResponse(msg, ctx); |
|
|
|
onValidateDeviceResponse(msg, ctx, connectMessage); |
|
|
|
} |
|
|
|
|
|
|
|
@Override |
|
|
|
public void onError(Throwable e) { |
|
|
|
log.trace("[{}] Failed to process credentials: {}", address, sha3Hash, e); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(MqttConnectReturnCode.CONNECTION_REFUSED_SERVER_UNAVAILABLE)); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(MqttConnectReturnCode.CONNECTION_REFUSED_SERVER_UNAVAILABLE, connectMessage)); |
|
|
|
ctx.close(); |
|
|
|
} |
|
|
|
}); |
|
|
|
} catch (Exception e) { |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(CONNECTION_REFUSED_NOT_AUTHORIZED)); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(CONNECTION_REFUSED_NOT_AUTHORIZED, connectMessage)); |
|
|
|
ctx.close(); |
|
|
|
} |
|
|
|
} |
|
|
|
@ -433,11 +433,11 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement |
|
|
|
doDisconnect(); |
|
|
|
} |
|
|
|
|
|
|
|
private MqttConnAckMessage createMqttConnAckMsg(MqttConnectReturnCode returnCode) { |
|
|
|
private MqttConnAckMessage createMqttConnAckMsg(MqttConnectReturnCode returnCode, MqttConnectMessage msg) { |
|
|
|
MqttFixedHeader mqttFixedHeader = |
|
|
|
new MqttFixedHeader(CONNACK, false, AT_MOST_ONCE, false, 0); |
|
|
|
MqttConnAckVariableHeader mqttConnAckVariableHeader = |
|
|
|
new MqttConnAckVariableHeader(returnCode, true); |
|
|
|
new MqttConnAckVariableHeader(returnCode, !msg.variableHeader().isCleanSession()); |
|
|
|
return new MqttConnAckMessage(mqttFixedHeader, mqttConnAckVariableHeader); |
|
|
|
} |
|
|
|
|
|
|
|
@ -513,9 +513,9 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
private void onValidateDeviceResponse(ValidateDeviceCredentialsResponseMsg msg, ChannelHandlerContext ctx) { |
|
|
|
private void onValidateDeviceResponse(ValidateDeviceCredentialsResponseMsg msg, ChannelHandlerContext ctx, MqttConnectMessage connectMessage) { |
|
|
|
if (!msg.hasDeviceInfo()) { |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(CONNECTION_REFUSED_NOT_AUTHORIZED)); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(CONNECTION_REFUSED_NOT_AUTHORIZED, connectMessage)); |
|
|
|
ctx.close(); |
|
|
|
} else { |
|
|
|
deviceSessionCtx.setDeviceInfo(msg.getDeviceInfo()); |
|
|
|
@ -532,17 +532,17 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement |
|
|
|
.build(); |
|
|
|
transportService.process(sessionInfo, DefaultTransportService.getSessionEventMsg(SessionEvent.OPEN), new TransportServiceCallback<Void>() { |
|
|
|
@Override |
|
|
|
public void onSuccess(Void msg) { |
|
|
|
public void onSuccess(Void response) { |
|
|
|
transportService.registerAsyncSession(sessionInfo, MqttTransportHandler.this); |
|
|
|
checkGatewaySession(); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(CONNECTION_ACCEPTED)); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(CONNECTION_ACCEPTED, connectMessage)); |
|
|
|
log.info("[{}] Client connected!", sessionId); |
|
|
|
} |
|
|
|
|
|
|
|
@Override |
|
|
|
public void onError(Throwable e) { |
|
|
|
log.warn("[{}] Failed to submit session event", sessionId, e); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(MqttConnectReturnCode.CONNECTION_REFUSED_SERVER_UNAVAILABLE)); |
|
|
|
ctx.writeAndFlush(createMqttConnAckMsg(MqttConnectReturnCode.CONNECTION_REFUSED_SERVER_UNAVAILABLE, connectMessage)); |
|
|
|
ctx.close(); |
|
|
|
} |
|
|
|
}); |
|
|
|
|
Igor Kulikov
6 years ago
GitHub