From 5cb1aa12eac023126b13684e4964aecbf44cdac4 Mon Sep 17 00:00:00 2001
From: Volodymyr Babak <volodymyr.babak@gmail.com>
Date: Fri, 27 Aug 2021 15:37:07 +0300
Subject: [PATCH] Improved SSL context init - trust manager can be build
 without custom cert file

---
 .../org/thingsboard/edge/rpc/EdgeGrpcClient.java   | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/common/edge-api/src/main/java/org/thingsboard/edge/rpc/EdgeGrpcClient.java b/common/edge-api/src/main/java/org/thingsboard/edge/rpc/EdgeGrpcClient.java
index b65706a5a2..4be3324411 100644
--- a/common/edge-api/src/main/java/org/thingsboard/edge/rpc/EdgeGrpcClient.java
+++ b/common/edge-api/src/main/java/org/thingsboard/edge/rpc/EdgeGrpcClient.java
@@ -15,16 +15,17 @@
  */
 package org.thingsboard.edge.rpc;
 
-import com.google.common.io.Resources;
 import io.grpc.ManagedChannel;
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.netty.NettyChannelBuilder;
 import io.grpc.stub.StreamObserver;
+import io.netty.handler.ssl.SslContextBuilder;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.thingsboard.edge.exception.EdgeConnectionException;
 import org.thingsboard.server.common.data.ResourceUtils;
+import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.gen.edge.v1.ConnectRequestMsg;
 import org.thingsboard.server.gen.edge.v1.ConnectResponseCode;
 import org.thingsboard.server.gen.edge.v1.ConnectResponseMsg;
@@ -40,9 +41,6 @@ import org.thingsboard.server.gen.edge.v1.UplinkMsg;
 import org.thingsboard.server.gen.edge.v1.UplinkResponseMsg;
 
 import javax.net.ssl.SSLException;
-import java.io.File;
-import java.net.URISyntaxException;
-import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.function.Consumer;
@@ -61,7 +59,7 @@ public class EdgeGrpcClient implements EdgeRpcClient {
     private int keepAliveTimeSec;
     @Value("${cloud.rpc.ssl.enabled}")
     private boolean sslEnabled;
-    @Value("${cloud.rpc.ssl.cert}")
+    @Value("${cloud.rpc.ssl.cert:}")
     private String certResource;
 
     private ManagedChannel channel;
@@ -81,7 +79,11 @@ public class EdgeGrpcClient implements EdgeRpcClient {
                 .keepAliveTime(keepAliveTimeSec, TimeUnit.SECONDS);
         if (sslEnabled) {
             try {
-                builder.sslContext(GrpcSslContexts.forClient().trustManager(ResourceUtils.getInputStream(this, certResource)).build());
+                SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
+                if (StringUtils.isNotEmpty(certResource)) {
+                    sslContextBuilder.trustManager(ResourceUtils.getInputStream(this, certResource));
+                }
+                builder.sslContext(sslContextBuilder.build());
             } catch (SSLException e) {
                 log.error("Failed to initialize channel!", e);
                 throw new RuntimeException(e);