telefonicaid · AlvaroVega · Jun 27, 2024 · Jun 27, 2024
diff --git a/cygnus-common/src/main/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImpl.java b/cygnus-common/src/main/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImpl.java
@@ -40,7 +40,6 @@
 import java.util.List;
 import java.util.TimeZone;
 import java.util.concurrent.TimeUnit;
-import javax.net.ssl.SSLContext;
 import java.security.NoSuchAlgorithmException;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
@@ -73,8 +72,7 @@ public enum Resolution { SECOND, MINUTE, HOUR, DAY, MONTH }
     private final Boolean sslInvalidHostNameAllowed;
     private final String sslKeystorePathFile;
     private final String sslKeystorePassword;
-    private final String sslTruststorePathFile;
-    private final String sslTruststorePassword;
+    private final String sslCAPathFile;
     private final DataModel dataModel;
     private static final CygnusLogger LOGGER = new CygnusLogger(MongoBackendImpl.class);
 
@@ -91,7 +89,7 @@ public MongoBackendImpl(String mongoHosts, String mongoUsername, String mongoPas
                             String mongoAuthSource, String mongoReplicaSet, DataModel dataModel,
                             Boolean sslEnabled, Boolean sslInvalidHostNameAllowed,
                             String sslKeystorePathFile, String sslKeystorePassword,
-                            String sslTruststorePathFile, String sslTruststorePassword) {
+                            String sslCAPathFile) {
         client = null;
         this.mongoHosts = mongoHosts;
         this.mongoUsername = mongoUsername;
@@ -102,8 +100,7 @@ public MongoBackendImpl(String mongoHosts, String mongoUsername, String mongoPas
         this.sslInvalidHostNameAllowed = sslInvalidHostNameAllowed;
         this.sslKeystorePathFile = sslKeystorePathFile;
         this.sslKeystorePassword = sslKeystorePassword;
-        this.sslTruststorePathFile = sslTruststorePathFile;
-        this.sslTruststorePassword = sslTruststorePassword;
+        this.sslCAPathFile = sslCAPathFile;
         this.dataModel = dataModel;
     } // MongoBackendImpl
 
@@ -613,26 +610,23 @@ private MongoDatabase getDatabase(String dbName) {
             if (sslEnabled) {
                 try {
                     KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-                    KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                     if ((sslKeystorePathFile != null) && !sslKeystorePathFile.isEmpty()) {
-                        try (InputStream keyStoreStream = new FileInputStream(sslKeystorePathFile)) {
+                        InputStream keyStoreStream = new FileInputStream(sslKeystorePathFile);
                         keyStore.load(keyStoreStream, sslKeystorePassword.toCharArray());
-                        }
                     } else {
                         keyStore.load(null);
                     }
-                    if ((sslTruststorePathFile != null) && !sslTruststorePathFile.isEmpty()) {
-                        try (InputStream trustStoreStream = new FileInputStream(sslTruststorePathFile)) {
-                            trustStore.load(trustStoreStream, sslTruststorePassword.toCharArray());
-                            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-                            X509Certificate caCert = (X509Certificate) cf.generateCertificate(trustStoreStream);
-                            keyStore.setCertificateEntry("caCert", caCert);
-                        }
+                    if ((sslCAPathFile != null) && !sslCAPathFile.isEmpty()) {
+                        InputStream caStream = new FileInputStream(sslCAPathFile);
+                        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+                        X509Certificate caCert = (X509Certificate) cf.generateCertificate(caStream);
+                        LOGGER.debug("CA subjectDN: " + caCert.getSubjectDN());
+                        keyStore.setCertificateEntry("caCert", caCert);
                     }
                     TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                     trustManagerFactory.init(keyStore);
                     sslContext = SSLContext.getInstance("TLS");
-                    sslContext.init(null, trustManagerFactory.getTrustManagers(), new java.security.SecureRandom());
+                    sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
                 } catch (Exception e) {
                     LOGGER.warn("Error when init SSL Context: " + e.getMessage());
                 }

diff --git a/...s-common/src/test/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImplTest.java b/...s-common/src/test/java/com/telefonica/iot/cygnus/backends/mongo/MongoBackendImplTest.java
@@ -53,7 +53,7 @@ public MongoBackendImplTest() {
     public void testGetRange() {
         System.out.println(getTestTraceHead("[MongoBackendImpl.getRange]")
                 + "-------- Given a resolution, its related range is correctly returned");
-        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null, null, null, null);
+        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null, null, null);
 
 
         try {
@@ -115,7 +115,7 @@ public void testGetRange() {
     public void testGetOrigin() {
         System.out.println(getTestTraceHead("[MongoBackendImpl.getOrigin]")
                 + "-------- Given a calendar and a resolution, its related origin is correctly returned");
-        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null, null, null, null);
+        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null, null, null);
         GregorianCalendar calendar = new GregorianCalendar(2017, 4, 5, 11, 46, 13);
 
         try {
@@ -198,7 +198,7 @@ public void testGetOrigin() {
     public void testGetOffset() {
         System.out.println(getTestTraceHead("[MongoBackendImpl.getOffset]")
                 + "-------- Given a calendar and a resolution, its related offset is correctly returned");
-        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null, null, null, null);
+        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null, null, null);
         GregorianCalendar calendar = new GregorianCalendar(2017, 3, 5, 11, 46, 13); // month 3 is April
 
         try {
@@ -266,7 +266,7 @@ public void testBuildQueryForInsertAggregated() {
         String entityType = "someType";
         String attrName = "someName";
         GregorianCalendar calendar = new GregorianCalendar(2017, 3, 5, 11, 46, 13); // month 3 is April
-        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, DataModel.DMBYSERVICEPATH, false, false, null, null, null, null);
+        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, DataModel.DMBYSERVICEPATH, false, false, null, null, null);
         String queryForInsertAggregated = "{\"_id\": {\"entityId\": \"someId\", \"entityType\": \"someType\", "
                 + "\"attrName\": \"someName\", \"origin\": {\"$date\": 1491392760000}, "
                 + "\"resolution\": \"second\", \"range\": \"minute\"}, \"points.offset\": 13}";
@@ -353,7 +353,7 @@ public void testBuildQueryForInsertAggregated() {
             throw e;
         } // try catch
 
-        backend = new MongoBackendImpl(null, null, null, null, null, DataModel.DMBYENTITY, false, false, null, null, null, null);
+        backend = new MongoBackendImpl(null, null, null, null, null, DataModel.DMBYENTITY, false, false, null, null, null);
 
         queryForInsertAggregated = "{\"_id\": {\"attrName\": \"someName\", "
                 + "\"origin\": {\"$date\": 1491392760000}, \"resolution\": \"second\", "
@@ -457,7 +457,7 @@ public void testBuildUpdateForUpdateNumerical() {
         double sum2 = 200;
         int numSamples = 2;
         GregorianCalendar calendar = new GregorianCalendar(2017, 3, 5, 11, 46, 13); // month 3 is April
-        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null, null, null, null);
+        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null, null, null);
         String updateForUpdate = "{\"$set\": {\"attrType\": \"someType\"}, "
                 + "\"$inc\": {\"points.$.samples\": 2, \"points.$.sum\": 20.0, \"points.$.sum2\": 200.0}, "
                 + "\"$min\": {\"points.$.min\": 0.0}, \"$max\": {\"points.$.max\": 10.0}}";
@@ -489,7 +489,7 @@ public void testBuildUpdateForUpdateString() {
         String value = "someString";
         int count = 2;
         GregorianCalendar calendar = new GregorianCalendar(2017, 3, 5, 11, 46, 13); // month 3 is April
-        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null, null, null, null);
+        MongoBackendImpl backend = new MongoBackendImpl(null, null, null, null, null, null, false, false, null, null, null);
         String updateForUpdate = "{\"$set\": {\"attrType\": \"someType\"}, "
                 + "\"$inc\": {\"points.13.samples\": 2, \"points.13.occur.someString\": 2}}";
 

diff --git a/cygnus-ngsi/src/main/java/com/telefonica/iot/cygnus/sinks/NGSIMongoBaseSink.java b/cygnus-ngsi/src/main/java/com/telefonica/iot/cygnus/sinks/NGSIMongoBaseSink.java
@@ -43,8 +43,7 @@ public abstract class NGSIMongoBaseSink extends NGSISink {
     protected Boolean sslInvalidHostNameAllowed;
     protected String sslKeystorePathFile;
     protected String sslKeystorePassword;
-    protected String sslTruststorePathFile;
-    protected String sslTruststorePassword;
+    protected String sslCAPathFile;
     protected String dbPrefix;
     protected String collectionPrefix;
     protected MongoBackendImpl backend;
@@ -204,11 +203,9 @@ public void configure(Context context) {
         sslKeystorePassword = context.getString("mongo_ssl_keystore_password", "");
         LOGGER.debug("[" + this.getName() + "] Reading configuration (mongo_ssl_keystore_password=" + sslKeystorePassword + ")");
 
-        sslTruststorePathFile = context.getString("mongo_ssl_truststore_path_file", "");
-        LOGGER.debug("[" + this.getName() + "] Reading configuration (mongo_ssl_truststore_path_file=" + sslTruststorePathFile + ")");
+        sslCAPathFile = context.getString("mongo_ssl_ca_path_file", "");
+        LOGGER.debug("[" + this.getName() + "] Reading configuration (mongo_ssl_ca_path_file=" + sslCAPathFile + ")");
 
-        sslTruststorePassword = context.getString("mongo_ssl_truststore_password", "");
-        LOGGER.debug("[" + this.getName() + "] Reading configuration (mongo_ssl_truststore_password=" + sslTruststorePassword + ")");
 
     } // configure
 
@@ -219,7 +216,7 @@ public void start() {
                                            mongoAuthSource, mongoReplicaSet, dataModel,
                                            sslEnabled, sslInvalidHostNameAllowed,
                                            sslKeystorePathFile, sslKeystorePassword,
-                                           sslTruststorePathFile, sslTruststorePassword);
+                                           sslCAPathFile);
             LOGGER.debug("[" + this.getName() + "] MongoDB persistence backend created");
         } catch (Exception e) {
             LOGGER.error("Error while creating the MongoDB persistence backend. Details="

diff --git a/doc/cygnus-ngsi/flume_extensions_catalogue/ngsi_mongo_sink.md b/doc/cygnus-ngsi/flume_extensions_catalogue/ngsi_mongo_sink.md
@@ -324,8 +324,7 @@ When datamodel changes Cygnus tries to recreate index (delete current and create
 | mongo\_ssl\_invalid\_host\_allowed | no | false | Allow invalid host name in mongo SSL connections |
 | mongo\_ssl\_keystore\_path\_file | no | <i>empty</i> | Java SSL KeyStore path file (JKS file). A JKS file could be create from a certificate file using keytool: ```keytool -importkeystore -srckeystore certificate.p12 -srcstoretype pkcs12 -destkeystore mongo_ssl_keystore.jks```  |
 | mongo\_ssl\_keystore\_password | no | <i>empty</i> | Java SSL KeyStore password for keystore file (JKS file).  |
-| mongo\_ssl\_truststore\_path\_file | no | <i>empty</i> | Java SSL TrustStore for CAs path file (JKS file).  |
-| mongo\_ssl\_truststore\_password | no | <i>empty</i> | Java SSL TrustStore password for keystore file (JKS file).  |
+| mongo\_ssl\_ca\_path\_file | no | <i>empty</i> |  Certificate Authority (CA)  path file (PEM file).  |
 | collection\_prefix | no | sth_ | `system.` is not accepted. |
 | batch\_size | no | 1 | Number of events accumulated before persistence. |
 | batch\_timeout | no | 30 | Number of seconds the batch will be building before it is persisted as it is. |