Add SysCertManager to support self signed certs.

Author: Aaron

dslink-core/src/main/java/com/acuity/iot/dsa/dslink/sys/cert/AnonymousTrustFactory.java

@@ -0,0 +1,137 @@
+package com.acuity.iot.dsa.dslink.sys.cert;
+
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.List;
+import javax.net.ssl.*;
+
+/**
+ * Supports anonymous SSL.
+ *
+ * @author Aaron Hansen
+ */
+public class AnonymousTrustFactory extends TrustManagerFactorySpi {
+
+    /////////////////////////////////////////////////////////////////
+    // Fields
+    /////////////////////////////////////////////////////////////////
+
+    private static X509TrustManager defaultX509Mgr;
+    private static SysCertManager certManager;
+    private static TrustManager[] trustManagers;
+
+    /////////////////////////////////////////////////////////////////
+    // Methods - Public and in alphabetical order by method TrustAnon.
+    /////////////////////////////////////////////////////////////////
+
+    @Override
+    public TrustManager[] engineGetTrustManagers() {
+        return trustManagers;
+    }
+
+    @Override
+    public void engineInit(KeyStore ks) {
+    }
+
+    @Override
+    public void engineInit(ManagerFactoryParameters spec) {
+    }
+
+    /**
+     * Installs this trust factory.
+     */
+    static void init(SysCertManager mgr) {
+        certManager = mgr;
+        try {
+            TrustManagerFactory fac = TrustManagerFactory.getInstance(
+                    TrustManagerFactory.getDefaultAlgorithm());
+            fac.init((KeyStore) null);
+            trustManagers = fac.getTrustManagers();
+            if (trustManagers == null) {
+                trustManagers = new TrustManager[] {new MyTrustManager()};
+                return;
+            }
+            TrustManager tm;
+            for (int i = 0, len = trustManagers.length; i < len; i++) {
+                tm = trustManagers[i];
+                if (tm instanceof X509TrustManager) {
+                    defaultX509Mgr = (X509TrustManager) tm;
+                    trustManagers[i] = new MyTrustManager();
+                    break;
+                }
+            }
+            if (defaultX509Mgr == null) {
+                List<TrustManager> list = Arrays.asList(trustManagers);
+                list.add(new MyTrustManager());
+                trustManagers = list.toArray(new TrustManager[list.size()]);
+            }
+        } catch (Exception x) {
+            certManager.error(certManager.getPath(), x);
+        }
+        Thread.currentThread().setContextClassLoader(
+                AnonymousTrustFactory.class.getClassLoader());
+        System.setProperty("jsse.enableSNIExtension", "false");
+        Security.setProperty("ssl.TrustManagerFactory.algorithm", "DSA_X509");
+        Security.addProvider(new MyProvider());
+    }
+
+
+    /////////////////////////////////////////////////////////////////
+    // Inner Classes - in alphabetical order by class TrustAnon.
+    /////////////////////////////////////////////////////////////////
+
+    /**
+     * The hook that provides the anonymous trust factory.
+     */
+    private static class MyProvider extends Provider {
+
+        public MyProvider() {
+            super("DSAP", 1.0d, "DSA Provider");
+            put("TrustManagerFactory.DSA_X509",
+                "com.acuity.iot.dsa.dslink.sys.cert.AnonymousTrustFactory");
+        }
+
+    }
+
+    /**
+     * Checks with the SysCertService to see if self signed certificates are allowed.
+     */
+    private static class MyTrustManager implements X509TrustManager {
+
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType)
+                throws CertificateException {
+            if (certManager.allowAnonymousClients()) {
+                return;
+            }
+            if (defaultX509Mgr != null) {
+                defaultX509Mgr.checkClientTrusted(chain, authType);
+            }
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType)
+                throws CertificateException {
+            if (certManager.allowAnonymousServers()) {
+                return;
+            }
+            if (defaultX509Mgr != null) {
+                defaultX509Mgr.checkServerTrusted(chain, authType);
+            }
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+            if (defaultX509Mgr != null) {
+                return defaultX509Mgr.getAcceptedIssuers();
+            }
+            return new X509Certificate[0];
+        }
+
+    }
+
+}

dslink-core/src/main/java/com/acuity/iot/dsa/dslink/sys/cert/SysCertManager.java

@@ -0,0 +1,55 @@
+package com.acuity.iot.dsa.dslink.sys.cert;
+
+import org.iot.dsa.node.DSBool;
+import org.iot.dsa.node.DSInfo;
+import org.iot.dsa.node.DSNode;
+
+/**
+ * Allows certification management.
+ *
+ * @author Aaron Hansen
+ */
+public class SysCertManager extends DSNode {
+
+    // Constants
+    // ---------
+
+    private static final String ALLOW_CLIENTS = "Allow_Anonymous_Clients";
+    private static final String ALLOW_SERVERS = "Allow_Anonymous_Servers";
+
+    // Fields
+    // ------
+
+    private DSInfo allowClients = getInfo(ALLOW_CLIENTS);
+    private DSInfo allowServers = getInfo(ALLOW_SERVERS);
+    private AnonymousTrustFactory myTrustFactory;
+
+    // Methods
+    // -------
+
+    /**
+     * True if self signed anonymous client certs are allowed.
+     */
+    public boolean allowAnonymousClients() {
+        return allowClients.getElement().toBoolean();
+    }
+
+    /**
+     * True if self signed anonymous server certs are allowed.
+     */
+    public boolean allowAnonymousServers() {
+        return allowServers.getElement().toBoolean();
+    }
+
+    @Override
+    public void declareDefaults() {
+        declareDefault(ALLOW_CLIENTS, DSBool.FALSE);
+        declareDefault(ALLOW_SERVERS, DSBool.FALSE);
+    }
+
+    @Override
+    public void onStarted() {
+        AnonymousTrustFactory.init(this);
+    }
+
+}

dslink-core/src/main/java/com/acuity/iot/dsa/dslink/profiler/ClassLoadingNode.java renamed to dslink-core/src/main/java/com/acuity/iot/dsa/dslink/sys/profiler/ClassLoadingNode.java

@@ -1,38 +1,39 @@
-package com.acuity.iot.dsa.dslink.profiler;
-
-import java.lang.management.ClassLoadingMXBean;
-import java.lang.management.ManagementFactory;
-import java.lang.management.PlatformManagedObject;
-import java.util.ArrayList;
-import java.util.List;
-
-public class ClassLoadingNode extends MXBeanNode {
-
-    private ClassLoadingMXBean mxbean;
-
-    @Override
-    public void setupMXBean() {
-        mxbean = ManagementFactory.getClassLoadingMXBean();
-    }
-
-    @Override
-    public void refreshImpl() {}
-
-    @Override
-    public PlatformManagedObject getMXBean() {
-        return mxbean;
-    }
-
-    @Override
-    public Class<? extends PlatformManagedObject> getMXInterface() {
-        return ClassLoadingMXBean.class;
-    }
-
-    private static List<String> overriden = new ArrayList<String>();
-
-    @Override
-    public List<String> getOverriden() {
-        return overriden;
-    }
-
-}
+package com.acuity.iot.dsa.dslink.sys.profiler;
+
+import java.lang.management.ClassLoadingMXBean;
+import java.lang.management.ManagementFactory;
+import java.lang.management.PlatformManagedObject;
+import java.util.ArrayList;
+import java.util.List;
+
+public class ClassLoadingNode extends MXBeanNode {
+
+    private ClassLoadingMXBean mxbean;
+
+    @Override
+    public void setupMXBean() {
+        mxbean = ManagementFactory.getClassLoadingMXBean();
+    }
+
+    @Override
+    public void refreshImpl() {
+    }
+
+    @Override
+    public PlatformManagedObject getMXBean() {
+        return mxbean;
+    }
+
+    @Override
+    public Class<? extends PlatformManagedObject> getMXInterface() {
+        return ClassLoadingMXBean.class;
+    }
+
+    private static List<String> overriden = new ArrayList<String>();
+
+    @Override
+    public List<String> getOverriden() {
+        return overriden;
+    }
+
+}

dslink-core/src/main/java/com/acuity/iot/dsa/dslink/profiler/CompilationNode.java renamed to dslink-core/src/main/java/com/acuity/iot/dsa/dslink/sys/profiler/CompilationNode.java

@@ -1,45 +1,46 @@
-package com.acuity.iot.dsa.dslink.profiler;
-
-import java.lang.management.CompilationMXBean;
-import java.lang.management.ManagementFactory;
-import java.lang.management.PlatformManagedObject;
-import java.util.ArrayList;
-import java.util.List;
-import org.iot.dsa.node.DSString;
-
-public class CompilationNode extends MXBeanNode {
-
-    private CompilationMXBean mxbean;
-
-    @Override
-    public void setupMXBean() {
-        mxbean = ManagementFactory.getCompilationMXBean();
-    }
-
-    @Override
-    public void refreshImpl() {
-        putProp("TotalCompilationTime",
-                DSString.valueOf(ProfilerUtils.millisToString(mxbean.getTotalCompilationTime())));
-    }
-
-    @Override
-    public PlatformManagedObject getMXBean() {
-        return mxbean;
-    }
-
-    @Override
-    public Class<? extends PlatformManagedObject> getMXInterface() {
-        return CompilationMXBean.class;
-    }
-
-    private static List<String> overriden = new ArrayList<String>();
-    static {
-        overriden.add("TotalCompilationTime");
-    }
-
-    @Override
-    public List<String> getOverriden() {
-        return overriden;
-    }
-
-}
+package com.acuity.iot.dsa.dslink.sys.profiler;
+
+import java.lang.management.CompilationMXBean;
+import java.lang.management.ManagementFactory;
+import java.lang.management.PlatformManagedObject;
+import java.util.ArrayList;
+import java.util.List;
+import org.iot.dsa.node.DSString;
+
+public class CompilationNode extends MXBeanNode {
+
+    private CompilationMXBean mxbean;
+
+    @Override
+    public void setupMXBean() {
+        mxbean = ManagementFactory.getCompilationMXBean();
+    }
+
+    @Override
+    public void refreshImpl() {
+        putProp("TotalCompilationTime",
+                DSString.valueOf(ProfilerUtils.millisToString(mxbean.getTotalCompilationTime())));
+    }
+
+    @Override
+    public PlatformManagedObject getMXBean() {
+        return mxbean;
+    }
+
+    @Override
+    public Class<? extends PlatformManagedObject> getMXInterface() {
+        return CompilationMXBean.class;
+    }
+
+    private static List<String> overriden = new ArrayList<String>();
+
+    static {
+        overriden.add("TotalCompilationTime");
+    }
+
+    @Override
+    public List<String> getOverriden() {
+        return overriden;
+    }
+
+}