Example 1 with MqttConnection
use of org.openremote.manager.mqtt.MqttConnection in project openremote by openremote.
the class UserAssetProvisioningMQTTHandler method getMatchingX509ProvisioningConfig.
protected X509ProvisioningConfig getMatchingX509ProvisioningConfig(MqttConnection connection, X509Certificate clientCertificate) {
return provisioningService.getProvisioningConfigs().stream().filter(config -> config instanceof X509ProvisioningConfig).map(config -> (X509ProvisioningConfig) config).filter(config -> {
try {
X509Certificate caCertificate = config.getCertificate();
if (caCertificate != null) {
if (caCertificate.getSubjectX500Principal().getName().equals(clientCertificate.getIssuerX500Principal().getName())) {
LOG.fine("Client certificate issuer matches provisioning config CA certificate subject: connection=" + connection + ", config=" + config);
Date now = Date.from(timerService.getNow());
try {
clientCertificate.verify(caCertificate.getPublicKey());
LOG.fine("Client certificate verified against CA certificate: connection=" + connection + ", config=" + config);
if (!config.getData().isIgnoreExpiryDate()) {
LOG.fine("Validating client certificate validity: connection=" + connection + ", timestamp=" + now);
clientCertificate.checkValidity(now);
}
return true;
} catch (CertificateExpiredException | CertificateNotYetValidException e) {
LOG.log(Level.INFO, "Client certificate failed validity check: connection=" + connection + ", timestamp=" + now, e);
} catch (Exception e) {
LOG.log(Level.INFO, "Client certificate failed verification against CA certificate: connection=" + connection + ", config=" + config, e);
}
}
}
} catch (Exception e) {
LOG.log(Level.WARNING, "Failed to extract certificate from provisioning config: config=" + config, e);
}
return false;
}).findFirst().orElse(null);
}
Also used :
AssetStorageService(org.openremote.manager.asset.AssetStorageService)
X509Certificate(java.security.cert.X509Certificate)
Topic(io.moquette.broker.subscriptions.Topic)
MqttQoS(io.netty.handler.codec.mqtt.MqttQoS)
ManagerKeycloakIdentityProvider(org.openremote.manager.security.ManagerKeycloakIdentityProvider)
UserAssetLink(org.openremote.model.asset.UserAssetLink)
java.util(java.util)
ClientRole(org.openremote.model.security.ClientRole)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
InterceptPublishMessage(io.moquette.interception.messages.InterceptPublishMessage)
MQTTHandler(org.openremote.manager.mqtt.MQTTHandler)
ValueUtil(org.openremote.model.util.ValueUtil)
RESTRICTED_USER_REALM_ROLE(org.openremote.model.Constants.RESTRICTED_USER_REALM_ROLE)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
Level(java.util.logging.Level)
UniqueIdentifierGenerator(org.openremote.container.util.UniqueIdentifierGenerator)
InterceptConnectionLostMessage(io.moquette.interception.messages.InterceptConnectionLostMessage)
SyslogCategory(org.openremote.model.syslog.SyslogCategory)
TextUtil(org.openremote.model.util.TextUtil)
PersistenceEvent(org.openremote.model.PersistenceEvent)
MessageBrokerService(org.openremote.container.message.MessageBrokerService)
User(org.openremote.model.security.User)
InterceptUnsubscribeMessage(io.moquette.interception.messages.InterceptUnsubscribeMessage)
ManagerIdentityService(org.openremote.manager.security.ManagerIdentityService)
InterceptSubscribeMessage(io.moquette.interception.messages.InterceptSubscribeMessage)
Asset(org.openremote.model.asset.Asset)
API(org.openremote.model.syslog.SyslogCategory.API)
org.openremote.model.provisioning(org.openremote.model.provisioning)
MqttConnection(org.openremote.manager.mqtt.MqttConnection)
CertificateException(java.security.cert.CertificateException)
Logger(java.util.logging.Logger)
StandardCharsets(java.nio.charset.StandardCharsets)
Container(org.openremote.model.Container)
MqttBrokerService(org.openremote.manager.mqtt.MqttBrokerService)
RouteBuilder(org.apache.camel.builder.RouteBuilder)
TimerService(org.openremote.container.timer.TimerService)
PERSISTENCE_TOPIC(org.openremote.container.persistence.PersistenceService.PERSISTENCE_TOPIC)
PersistenceService.isPersistenceEventForEntityType(org.openremote.container.persistence.PersistenceService.isPersistenceEventForEntityType)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
X509Certificate(java.security.cert.X509Certificate)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
CertificateException(java.security.cert.CertificateException)
Aggregations
Topic (io.moquette.broker.subscriptions.Topic)1
InterceptConnectionLostMessage (io.moquette.interception.messages.InterceptConnectionLostMessage)1
InterceptPublishMessage (io.moquette.interception.messages.InterceptPublishMessage)1
InterceptSubscribeMessage (io.moquette.interception.messages.InterceptSubscribeMessage)1
InterceptUnsubscribeMessage (io.moquette.interception.messages.InterceptUnsubscribeMessage)1
MqttQoS (io.netty.handler.codec.mqtt.MqttQoS)1
StandardCharsets (java.nio.charset.StandardCharsets)1
CertificateException (java.security.cert.CertificateException)1
CertificateExpiredException (java.security.cert.CertificateExpiredException)1
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)1
X509Certificate (java.security.cert.X509Certificate)1
java.util (java.util)1
Level (java.util.logging.Level)1
Logger (java.util.logging.Logger)1
RouteBuilder (org.apache.camel.builder.RouteBuilder)1
MessageBrokerService (org.openremote.container.message.MessageBrokerService)1
PERSISTENCE_TOPIC (org.openremote.container.persistence.PersistenceService.PERSISTENCE_TOPIC)1
PersistenceService.isPersistenceEventForEntityType (org.openremote.container.persistence.PersistenceService.isPersistenceEventForEntityType)1
TimerService (org.openremote.container.timer.TimerService)1
UniqueIdentifierGenerator (org.openremote.container.util.UniqueIdentifierGenerator)1
