From 23d204e4d693e507c96b7c4d6e64b1b9bc60b64d Mon Sep 17 00:00:00 2001
From: YevhenBondarenko <ybondarenko@thingsboard.io>
Date: Thu, 8 Jun 2023 11:53:00 +0200
Subject: [PATCH] added new default root cert for azure iot

---
 .../azure/BaltimoreCyberTrustRoot.crt.pem     | 22 -------------
 .../certs/azure/DigiCertGlobalRootG2.crt.pem  | 22 +++++++++++++
 .../common/util/AzureIotHubUtil.java          | 31 +++++++++++++++----
 3 files changed, 47 insertions(+), 28 deletions(-)
 delete mode 100644 application/src/main/data/certs/azure/BaltimoreCyberTrustRoot.crt.pem
 create mode 100644 application/src/main/data/certs/azure/DigiCertGlobalRootG2.crt.pem

diff --git a/application/src/main/data/certs/azure/BaltimoreCyberTrustRoot.crt.pem b/application/src/main/data/certs/azure/BaltimoreCyberTrustRoot.crt.pem
deleted file mode 100644
index 2bd16ebd47..0000000000
--- a/application/src/main/data/certs/azure/BaltimoreCyberTrustRoot.crt.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
-RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
-VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
-DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
-ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
-VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
-mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
-IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
-mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
-XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
-dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
-jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
-BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
-DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
-9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
-jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
-Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
-ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
-R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
------END CERTIFICATE-----
-
diff --git a/application/src/main/data/certs/azure/DigiCertGlobalRootG2.crt.pem b/application/src/main/data/certs/azure/DigiCertGlobalRootG2.crt.pem
new file mode 100644
index 0000000000..798e002751
--- /dev/null
+++ b/application/src/main/data/certs/azure/DigiCertGlobalRootG2.crt.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
+2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
+1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
+q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
+tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
+vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
+5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
+1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
+NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
+Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
+8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
+pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
+-----END CERTIFICATE-----
diff --git a/common/util/src/main/java/org/thingsboard/common/util/AzureIotHubUtil.java b/common/util/src/main/java/org/thingsboard/common/util/AzureIotHubUtil.java
index ca9cc2660f..5beed77baf 100644
--- a/common/util/src/main/java/org/thingsboard/common/util/AzureIotHubUtil.java
+++ b/common/util/src/main/java/org/thingsboard/common/util/AzureIotHubUtil.java
@@ -22,6 +22,7 @@ import javax.crypto.spec.SecretKeySpec;
 import java.io.IOException;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.DirectoryStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -36,7 +37,7 @@ public final class AzureIotHubUtil {
     private static final String DATA_DIR = "data";
     private static final String CERTS_DIR = "certs";
     private static final String AZURE_DIR = "azure";
-    private static final String FILE_NAME = "BaltimoreCyberTrustRoot.crt.pem";
+    private static final String FILE_NAME = "DigiCertGlobalRootG2.crt.pem";
 
     private static final Path FULL_FILE_PATH;
 
@@ -88,12 +89,30 @@ public final class AzureIotHubUtil {
     }
 
     public static String getDefaultCaCert() {
-        try {
-            return new String(Files.readAllBytes(FULL_FILE_PATH));
-        } catch (IOException e) {
-            log.error("Failed to load Default CaCert file!!! [{}]", FULL_FILE_PATH.toString());
-            throw new RuntimeException("Failed to load Default CaCert file!!!");
+        byte[] fileBytes;
+        if (Files.exists(FULL_FILE_PATH)) {
+            try {
+                fileBytes = Files.readAllBytes(FULL_FILE_PATH);
+            } catch (IOException e) {
+                log.error("Failed to load Default CaCert file!!! [{}]", FULL_FILE_PATH, e);
+                throw new RuntimeException("Failed to load Default CaCert file!!!");
+            }
+        } else {
+            Path azureDirectory = FULL_FILE_PATH.getParent();
+            try (DirectoryStream<Path> stream = Files.newDirectoryStream(azureDirectory)) {
+                if (stream.iterator().hasNext()) {
+                    Path firstFile = stream.iterator().next();
+                    fileBytes = Files.readAllBytes(firstFile);
+                } else {
+                    log.error("Default CaCert file not found in the directory [{}]!!!", azureDirectory);
+                    throw new RuntimeException("Default CaCert file not found in the directory!!!");
+                }
+            } catch (IOException e) {
+                log.error("Failed to load Default CaCert file from the directory [{}]!!!", azureDirectory, e);
+                throw new RuntimeException("Failed to load Default CaCert file from the directory!!!");
+            }
         }
+        return new String(fileBytes);
     }
 
 }