CA cert or client cert-key pair could be optional

2021-01-09 17:52:27 +02:00 · 2021-01-09 17:52:27 +02:00 · de7e25f731
commit de7e25f731
parent 9c3fae2f8e
2 changed files with 9 additions and 13 deletions
--- a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/CertPemCredentials.java
+++ b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/credentials/CertPemCredentials.java
@ -16,7 +16,6 @@
 package org.thingsboard.rule.engine.credentials;

 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import io.netty.handler.ssl.ClientAuth;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import lombok.Data;
@ -66,11 +65,14 @@ public class CertPemCredentials {
    public Optional<SslContext> initSslContext() {
        try {
            Security.addProvider(new BouncyCastleProvider());
-            return Optional.of(SslContextBuilder.forClient()
-                    .keyManager(createAndInitKeyManagerFactory())
-                    .trustManager(createAndInitTrustManagerFactory())
-                    .clientAuth(ClientAuth.REQUIRE)
-                    .build());
+            SslContextBuilder builder = SslContextBuilder.forClient();
+            if (StringUtils.hasLength(caCert)) {
+                builder.trustManager(createAndInitTrustManagerFactory());
+            }
+            if (StringUtils.hasLength(cert) && StringUtils.hasLength(privateKey)) {
+                builder.keyManager(createAndInitKeyManagerFactory());
+            }
+            return Optional.of(builder.build());
        } catch (Exception e) {
            log.error("[{}:{}] Creating TLS factory failed!", caCert, cert, e);
            throw new RuntimeException("Creating TLS factory failed!", e);
--- a/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/rest/TbHttpClient.java
+++ b/rule-engine/rule-engine-components/src/main/java/org/thingsboard/rule/engine/rest/TbHttpClient.java
@ -17,7 +17,6 @@ package org.thingsboard.rule.engine.rest;

 import io.netty.channel.EventLoopGroup;
 import io.netty.channel.nio.NioEventLoopGroup;
-import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
@ -134,7 +133,7 @@ public class TbHttpClient {
            } else {
                this.eventLoopGroup = new NioEventLoopGroup();
                Netty4ClientHttpRequestFactory nettyFactory = new Netty4ClientHttpRequestFactory(this.eventLoopGroup);
-                nettyFactory.setSslContext(initSslContext());
+                nettyFactory.setSslContext(config.getCredentials().initSslContext().orElse(SslContextBuilder.forClient().build()));
                nettyFactory.setReadTimeout(config.getReadTimeoutMs());
                httpClient = new AsyncRestTemplate(nettyFactory);
            }
@ -143,11 +142,6 @@ public class TbHttpClient {
        }
    }

-    private SslContext initSslContext() throws SSLException {
-        return this.config.getCredentials().initSslContext()
-                .orElse(SslContextBuilder.forClient().build());
-    }
-
    private void checkSystemProxyProperties() throws TbNodeException {
        boolean useHttpProxy = !StringUtils.isEmpty(System.getProperty("http.proxyHost")) && !StringUtils.isEmpty(System.getProperty("http.proxyPort"));
        boolean useHttpsProxy = !StringUtils.isEmpty(System.getProperty("https.proxyHost")) && !StringUtils.isEmpty(System.getProperty("https.proxyPort"));