简柏林 / thingskit · Commits

Commit 97acafa3d518c48776d9b286c79de112a7a12ea1

Authored by Andrew Shvayka
1 parent 4528e223

TLSv1.2 support

Inline Side-by-side
Showing 2 changed files with 14 additions and 7 deletions
@@ -89,6 +89,8 @@ mqtt: @@ -89,6 +89,8 @@ mqtt:
89 ssl: 89 ssl:
90 # Enable/disable SSL support 90 # Enable/disable SSL support
91 enabled: "${MQTT_SSL_ENABLED:false}" 91 enabled: "${MQTT_SSL_ENABLED:false}"
  92 + # SSL protocol: See http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext
  93 + protocol: "${MQTT_SSL_PROTOCOL:TLSv1.2}"
92 # Path to the key store that holds the SSL certificate 94 # Path to the key store that holds the SSL certificate
93 key_store: "${MQTT_SSL_KEY_STORE:mqttserver.jks}" 95 key_store: "${MQTT_SSL_KEY_STORE:mqttserver.jks}"
94 # Password used to access the key store 96 # Password used to access the key store
1 /** 1 /**
2 * Copyright © 2016-2017 The Thingsboard Authors 2 * Copyright © 2016-2017 The Thingsboard Authors
3 - * 3 + * <p>
4 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License. 5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at 6 * You may obtain a copy of the License at
7 - *  
8 - * http://www.apache.org/licenses/LICENSE-2.0  
9 - * 7 + * <p>
  8 + * http://www.apache.org/licenses/LICENSE-2.0
  9 + * <p>
10 * Unless required by applicable law or agreed to in writing, software 10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS, 11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -22,6 +22,7 @@ import org.springframework.beans.factory.annotation.Autowired; @@ -22,6 +22,7 @@ import org.springframework.beans.factory.annotation.Autowired;
22 import org.springframework.beans.factory.annotation.Value; 22 import org.springframework.beans.factory.annotation.Value;
23 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; 23 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
24 import org.springframework.stereotype.Component; 24 import org.springframework.stereotype.Component;
  25 +import org.springframework.util.StringUtils;
25 import org.thingsboard.server.common.data.security.DeviceCredentials; 26 import org.thingsboard.server.common.data.security.DeviceCredentials;
26 import org.thingsboard.server.dao.EncryptionUtil; 27 import org.thingsboard.server.dao.EncryptionUtil;
27 import org.thingsboard.server.dao.device.DeviceCredentialsService; 28 import org.thingsboard.server.dao.device.DeviceCredentialsService;
@@ -44,7 +45,8 @@ import java.security.cert.X509Certificate; @@ -44,7 +45,8 @@ import java.security.cert.X509Certificate;
44 @ConditionalOnProperty(prefix = "mqtt.ssl", value = "enabled", havingValue = "true", matchIfMissing = false) 45 @ConditionalOnProperty(prefix = "mqtt.ssl", value = "enabled", havingValue = "true", matchIfMissing = false)
45 public class MqttSslHandlerProvider { 46 public class MqttSslHandlerProvider {
46 47
47 - public static final String TLS = "TLS"; 48 + @Value("${mqtt.ssl.protocol}")
  49 + private String sslProtocol;
48 @Value("${mqtt.ssl.key_store}") 50 @Value("${mqtt.ssl.key_store}")
49 private String keyStoreFile; 51 private String keyStoreFile;
50 @Value("${mqtt.ssl.key_store_password}") 52 @Value("${mqtt.ssl.key_store_password}")
@@ -53,7 +55,7 @@ public class MqttSslHandlerProvider { @@ -53,7 +55,7 @@ public class MqttSslHandlerProvider {
53 private String keyPassword; 55 private String keyPassword;
54 @Value("${mqtt.ssl.key_store_type}") 56 @Value("${mqtt.ssl.key_store_type}")
55 private String keyStoreType; 57 private String keyStoreType;
56 - 58 +
57 @Autowired 59 @Autowired
58 private DeviceCredentialsService deviceCredentialsService; 60 private DeviceCredentialsService deviceCredentialsService;
59 61
@@ -79,7 +81,10 @@ public class MqttSslHandlerProvider { @@ -79,7 +81,10 @@ public class MqttSslHandlerProvider {
79 KeyManager[] km = kmf.getKeyManagers(); 81 KeyManager[] km = kmf.getKeyManagers();
80 TrustManager x509wrapped = getX509TrustManager(tmFactory); 82 TrustManager x509wrapped = getX509TrustManager(tmFactory);
81 TrustManager[] tm = {x509wrapped}; 83 TrustManager[] tm = {x509wrapped};
82 - SSLContext sslContext = SSLContext.getInstance(TLS); 84 + if (StringUtils.isEmpty(sslProtocol)) {
  85 + sslProtocol = "TLS";
  86 + }
  87 + SSLContext sslContext = SSLContext.getInstance(sslProtocol);
83 sslContext.init(km, tm, null); 88 sslContext.init(km, tm, null);
84 SSLEngine sslEngine = sslContext.createSSLEngine(); 89 SSLEngine sslEngine = sslContext.createSSLEngine();
85 sslEngine.setUseClientMode(false); 90 sslEngine.setUseClientMode(false);