From de7e25f7316308ab3d3d0219970b68b12df7097a Mon Sep 17 00:00:00 2001 From: Viacheslav Kukhtyn Date: Sat, 9 Jan 2021 17:52:27 +0200 Subject: [PATCH] CA cert or client cert-key pair could be optional --- .../engine/credentials/CertPemCredentials.java | 14 ++++++++------ .../thingsboard/rule/engine/rest/TbHttpClient.java | 8 +------- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/CertPemCredentials.java b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/CertPemCredentials.java index 055741584c..5a7b3139f0 100644 --- a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/CertPemCredentials.java +++ b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/CertPemCredentials.java @@ -16,7 +16,6 @@ package org.thingsboard.rule.engine.credentials; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import io.netty.handler.ssl.ClientAuth; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import lombok.Data; @@ -66,11 +65,14 @@ public class CertPemCredentials { public Optional initSslContext() { try { Security.addProvider(new BouncyCastleProvider()); - return Optional.of(SslContextBuilder.forClient() - .keyManager(createAndInitKeyManagerFactory()) - .trustManager(createAndInitTrustManagerFactory()) - .clientAuth(ClientAuth.REQUIRE) - .build()); + SslContextBuilder builder = SslContextBuilder.forClient(); + if (StringUtils.hasLength(caCert)) { + builder.trustManager(createAndInitTrustManagerFactory()); + } + if (StringUtils.hasLength(cert) && StringUtils.hasLength(privateKey)) { + builder.keyManager(createAndInitKeyManagerFactory()); + } + return Optional.of(builder.build()); } catch (Exception e) { log.error("[{}:{}] Creating TLS factory failed!", caCert, cert, e); throw new RuntimeException("Creating TLS factory failed!", e); diff --git a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/rest/TbHttpClient.java b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/rest/TbHttpClient.java index 08cda8e322..226c74f39f 100644 --- a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/rest/TbHttpClient.java +++ b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/rest/TbHttpClient.java @@ -17,7 +17,6 @@ package org.thingsboard.rule.engine.rest; import io.netty.channel.EventLoopGroup; import io.netty.channel.nio.NioEventLoopGroup; -import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import lombok.Data; import lombok.extern.slf4j.Slf4j; @@ -134,7 +133,7 @@ public class TbHttpClient { } else { this.eventLoopGroup = new NioEventLoopGroup(); Netty4ClientHttpRequestFactory nettyFactory = new Netty4ClientHttpRequestFactory(this.eventLoopGroup); - nettyFactory.setSslContext(initSslContext()); + nettyFactory.setSslContext(config.getCredentials().initSslContext().orElse(SslContextBuilder.forClient().build())); nettyFactory.setReadTimeout(config.getReadTimeoutMs()); httpClient = new AsyncRestTemplate(nettyFactory); } @@ -143,11 +142,6 @@ public class TbHttpClient { } } - private SslContext initSslContext() throws SSLException { - return this.config.getCredentials().initSslContext() - .orElse(SslContextBuilder.forClient().build()); - } - private void checkSystemProxyProperties() throws TbNodeException { boolean useHttpProxy = !StringUtils.isEmpty(System.getProperty("http.proxyHost")) && !StringUtils.isEmpty(System.getProperty("http.proxyPort")); boolean useHttpsProxy = !StringUtils.isEmpty(System.getProperty("https.proxyHost")) && !StringUtils.isEmpty(System.getProperty("https.proxyPort"));