add validity on device X.509 certificate over MQTT transport connection

2020-09-18 20:31:28 +08:00 · 2020-09-18 20:31:28 +08:00 · a6d69cc7a8
commit a6d69cc7a8
parent 907ed5ad83
1 changed files with 2 additions and 0 deletions
--- a/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportHandler.java
+++ b/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportHandler.java
@ -68,6 +68,7 @@ import java.util.List;
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
+import java.util.Date;

 import static io.netty.handler.codec.mqtt.MqttConnectReturnCode.CONNECTION_ACCEPTED;
 import static io.netty.handler.codec.mqtt.MqttConnectReturnCode.CONNECTION_REFUSED_NOT_AUTHORIZED;
@ -386,6 +387,7 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement

    private void processX509CertConnect(ChannelHandlerContext ctx, X509Certificate cert) {
        try {
+            cert.checkValidity(new Date());
            String strCert = SslUtil.getX509CertificateString(cert);
            String sha3Hash = EncryptionUtil.getSha3Hash(strCert);
            transportService.process(DeviceTransportType.MQTT, ValidateDeviceX509CertRequestMsg.newBuilder().setHash(sha3Hash).build(),