dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #5158 from volodymyr-babak/edge-ssl-update

Browse Source 
Improved SSL context init - trust manager can be build without custom…
This commit is contained in:
Andrew Shvayka 2021-08-27 17:10:39 +03:00 committed by GitHub
commit baf230e56e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
common/edge-api/src/main/java/org/thingsboard/edge/rpc/EdgeGrpcClient.java
View File

@ -15,16 +15,17 @@
*/ */
package org.thingsboard.edge.rpc; package org.thingsboard.edge.rpc;
import com.google.common.io.Resources;
import io.grpc.ManagedChannel; import io.grpc.ManagedChannel;
import io.grpc.netty.GrpcSslContexts; import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyChannelBuilder; import io.grpc.netty.NettyChannelBuilder;
import io.grpc.stub.StreamObserver; import io.grpc.stub.StreamObserver;
import io.netty.handler.ssl.SslContextBuilder;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import org.thingsboard.edge.exception.EdgeConnectionException; import org.thingsboard.edge.exception.EdgeConnectionException;
import org.thingsboard.server.common.data.ResourceUtils; import org.thingsboard.server.common.data.ResourceUtils;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.gen.edge.v1.ConnectRequestMsg; import org.thingsboard.server.gen.edge.v1.ConnectRequestMsg;
import org.thingsboard.server.gen.edge.v1.ConnectResponseCode; import org.thingsboard.server.gen.edge.v1.ConnectResponseCode;
import org.thingsboard.server.gen.edge.v1.ConnectResponseMsg; import org.thingsboard.server.gen.edge.v1.ConnectResponseMsg;
@ -40,9 +41,6 @@ import org.thingsboard.server.gen.edge.v1.UplinkMsg;
import org.thingsboard.server.gen.edge.v1.UplinkResponseMsg; import org.thingsboard.server.gen.edge.v1.UplinkResponseMsg;
import javax.net.ssl.SSLException; import javax.net.ssl.SSLException;
import java.io.File;
import java.net.URISyntaxException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock; import java.util.concurrent.locks.ReentrantLock;
import java.util.function.Consumer; import java.util.function.Consumer;
@ -61,7 +59,7 @@ public class EdgeGrpcClient implements EdgeRpcClient {
private int keepAliveTimeSec; private int keepAliveTimeSec;
@Value("${cloud.rpc.ssl.enabled}") @Value("${cloud.rpc.ssl.enabled}")
private boolean sslEnabled; private boolean sslEnabled;
@Value("${cloud.rpc.ssl.cert}") @Value("${cloud.rpc.ssl.cert:}")
private String certResource; private String certResource;
private ManagedChannel channel; private ManagedChannel channel;
@ -81,7 +79,11 @@ public class EdgeGrpcClient implements EdgeRpcClient {
.keepAliveTime(keepAliveTimeSec, TimeUnit.SECONDS); .keepAliveTime(keepAliveTimeSec, TimeUnit.SECONDS);
if (sslEnabled) { if (sslEnabled) {
try { try {
builder.sslContext(GrpcSslContexts.forClient().trustManager(ResourceUtils.getInputStream(this, certResource)).build()); SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
if (StringUtils.isNotEmpty(certResource)) {
sslContextBuilder.trustManager(ResourceUtils.getInputStream(this, certResource));
}
builder.sslContext(sslContextBuilder.build());
} catch (SSLException e) { } catch (SSLException e) {
log.error("Failed to initialize channel!", e); log.error("Failed to initialize channel!", e);
throw new RuntimeException(e); throw new RuntimeException(e);