From c72263a7cd1b9a49b9e24923e1e35209048f8b9f Mon Sep 17 00:00:00 2001 From: Alvaro Vega Date: Wed, 19 Jun 2024 08:21:42 +0200 Subject: [PATCH] init SSLContext with a keystore based on a file --- .../backends/mongo/MongoBackendImpl.java | 19 +++++++++++++++++-- .../backends/mongo/MongoBackendImplTest.java | 14 +++++++------- .../iot/cygnus/sinks/NGSIMongoBaseSink.java | 6 +++++- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/cygnus-common/src/main/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImpl.java b/cygnus-common/src/main/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImpl.java index 9c8a0c8bc..f846a05b9 100644 --- a/cygnus-common/src/main/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImpl.java +++ b/cygnus-common/src/main/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImpl.java @@ -42,6 +42,11 @@ import java.util.concurrent.TimeUnit; import javax.net.ssl.SSLContext; import java.security.NoSuchAlgorithmException; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; +import java.security.KeyStore; +import java.io.FileInputStream; +import java.io.InputStream; import org.bson.Document; /** @@ -64,6 +69,7 @@ public enum Resolution { SECOND, MINUTE, HOUR, DAY, MONTH } private final String mongoReplicaSet; private final Boolean sslEnabled; private final Boolean sslInvalidHostNameAllowed; + private final String sslKeystorePathFile; private final DataModel dataModel; private static final CygnusLogger LOGGER = new CygnusLogger(MongoBackendImpl.class); @@ -78,7 +84,7 @@ public enum Resolution { SECOND, MINUTE, HOUR, DAY, MONTH } */ public MongoBackendImpl(String mongoHosts, String mongoUsername, String mongoPassword, String mongoAuthSource, String mongoReplicaSet, DataModel dataModel, - Boolean sslEnabled, Boolean sslInvalidHostNameAllowed) { + Boolean sslEnabled, Boolean sslInvalidHostNameAllowed, String sslKeystorePathFile) { client = null; this.mongoHosts = mongoHosts; this.mongoUsername = mongoUsername; @@ -87,6 +93,7 @@ public MongoBackendImpl(String mongoHosts, String mongoUsername, String mongoPas this.mongoReplicaSet = mongoReplicaSet; this.sslEnabled = sslEnabled; this.sslInvalidHostNameAllowed = sslInvalidHostNameAllowed; + this.sslKeystorePathFile = sslKeystorePathFile; this.dataModel = dataModel; } // MongoBackendImpl @@ -590,11 +597,19 @@ private MongoDatabase getDatabase(String dbName) { // create a Mongo client if (client == null) { + SSLContext sslContext = null; if (sslEnabled) { try { + // Init TrustManager to init SSL Context + KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + try (InputStream keyStoreStream = new FileInputStream(sslKeystorePathFile)) { + keyStore.load(keyStoreStream, "keystore-password".toCharArray()); + } + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init(keyStore); sslContext = SSLContext.getInstance("TLS"); - } catch (NoSuchAlgorithmException e) { + } catch (Exception e) { LOGGER.warn("Error with TLS algorithm " + e.getMessage()); } } diff --git a/cygnus-common/src/test/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImplTest.java b/cygnus-common/src/test/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImplTest.java index 435c9a761..eb057ea39 100644 --- a/cygnus-common/src/test/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImplTest.java +++ b/cygnus-common/src/test/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImplTest.java @@ -53,7 +53,7 @@ public MongoBackendImplTest() { public void testGetRange() { System.out.println(getTestTraceHead("[MongoBackendImpl.getRange]") + "-------- Given a resolution, its related range is correctly returned"); - MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false); + MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null); try { @@ -115,7 +115,7 @@ public void testGetRange() { public void testGetOrigin() { System.out.println(getTestTraceHead("[MongoBackendImpl.getOrigin]") + "-------- Given a calendar and a resolution, its related origin is correctly returned"); - MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false); + MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null); GregorianCalendar calendar = new GregorianCalendar(2017, 4, 5, 11, 46, 13); try { @@ -198,7 +198,7 @@ public void testGetOrigin() { public void testGetOffset() { System.out.println(getTestTraceHead("[MongoBackendImpl.getOffset]") + "-------- Given a calendar and a resolution, its related offset is correctly returned"); - MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false); + MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null); GregorianCalendar calendar = new GregorianCalendar(2017, 3, 5, 11, 46, 13); // month 3 is April try { @@ -266,7 +266,7 @@ public void testBuildQueryForInsertAggregated() { String entityType = "someType"; String attrName = "someName"; GregorianCalendar calendar = new GregorianCalendar(2017, 3, 5, 11, 46, 13); // month 3 is April - MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, DataModel.DMBYSERVICEPATH, false, false); + MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, DataModel.DMBYSERVICEPATH, false, false, null); String queryForInsertAggregated = "{\"_id\": {\"entityId\": \"someId\", \"entityType\": \"someType\", " + "\"attrName\": \"someName\", \"origin\": {\"$date\": 1491392760000}, " + "\"resolution\": \"second\", \"range\": \"minute\"}, \"points.offset\": 13}"; @@ -353,7 +353,7 @@ public void testBuildQueryForInsertAggregated() { throw e; } // try catch - backend = new MongoBackendImpl(null, null, null, null, null, DataModel.DMBYENTITY, false, false); + backend = new MongoBackendImpl(null, null, null, null, null, DataModel.DMBYENTITY, false, false, null); queryForInsertAggregated = "{\"_id\": {\"attrName\": \"someName\", " + "\"origin\": {\"$date\": 1491392760000}, \"resolution\": \"second\", " @@ -457,7 +457,7 @@ public void testBuildUpdateForUpdateNumerical() { double sum2 = 200; int numSamples = 2; GregorianCalendar calendar = new GregorianCalendar(2017, 3, 5, 11, 46, 13); // month 3 is April - MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false); + MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null); String updateForUpdate = "{\"$set\": {\"attrType\": \"someType\"}, " + "\"$inc\": {\"points.$.samples\": 2, \"points.$.sum\": 20.0, \"points.$.sum2\": 200.0}, " + "\"$min\": {\"points.$.min\": 0.0}, \"$max\": {\"points.$.max\": 10.0}}"; @@ -489,7 +489,7 @@ public void testBuildUpdateForUpdateString() { String value = "someString"; int count = 2; GregorianCalendar calendar = new GregorianCalendar(2017, 3, 5, 11, 46, 13); // month 3 is April - MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false); + MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null); String updateForUpdate = "{\"$set\": {\"attrType\": \"someType\"}, " + "\"$inc\": {\"points.13.samples\": 2, \"points.13.occur.someString\": 2}}"; diff --git a/cygnus-ngsi/src/main/java/com/telefonica/iot/cygnus/sinks/NGSIMongoBaseSink.java b/cygnus-ngsi/src/main/java/com/telefonica/iot/cygnus/sinks/NGSIMongoBaseSink.java index 0bf9045e3..f8f87da46 100644 --- a/cygnus-ngsi/src/main/java/com/telefonica/iot/cygnus/sinks/NGSIMongoBaseSink.java +++ b/cygnus-ngsi/src/main/java/com/telefonica/iot/cygnus/sinks/NGSIMongoBaseSink.java @@ -41,6 +41,7 @@ public abstract class NGSIMongoBaseSink extends NGSISink { protected String mongoReplicaSet; protected Boolean sslEnabled; protected Boolean sslInvalidHostNameAllowed; + protected String sslKeystorePathFile; protected String dbPrefix; protected String collectionPrefix; protected MongoBackendImpl backend; @@ -194,6 +195,9 @@ public void configure(Context context) { + sslInvalidHostNameAllowedStr + ") -- Must be 'true' or 'false'"); } // if else + sslKeystorePathFile = context.getString("mongo_ssl_keystone_path_file", ""); + LOGGER.debug("[" + this.getName() + "] Reading configuration (mongo_ssl_keystone_path_file=" + sslKeystorePathFile + ")"); + } // configure @Override @@ -201,7 +205,7 @@ public void start() { try { backend = new MongoBackendImpl(mongoHosts, mongoUsername, mongoPassword, mongoAuthSource, mongoReplicaSet, dataModel, - sslEnabled, sslInvalidHostNameAllowed); + sslEnabled, sslInvalidHostNameAllowed, sslKeystorePathFile); LOGGER.debug("[" + this.getName() + "] MongoDB persistence backend created"); } catch (Exception e) { LOGGER.error("Error while creating the MongoDB persistence backend. Details="