Commit a6d69cc7a8fc305b35edb30d4e166d3672bb63a8
Committed by
Andrew Shvayka
Andrew Shvayka
1 parent
907ed5ad
add validity on device X.509 certificate over MQTT transport connection
Showing
1 changed file
with
2 additions
and
0 deletions
| ... | ... | @@ -68,6 +68,7 @@ import java.util.List; |
| 68 | 68 | import java.util.UUID; |
| 69 | 69 | import java.util.concurrent.ConcurrentHashMap; |
| 70 | 70 | import java.util.concurrent.ConcurrentMap; |
| 71 | +import java.util.Date; | |
| 71 | 72 | |
| 72 | 73 | import static io.netty.handler.codec.mqtt.MqttConnectReturnCode.CONNECTION_ACCEPTED; |
| 73 | 74 | import static io.netty.handler.codec.mqtt.MqttConnectReturnCode.CONNECTION_REFUSED_NOT_AUTHORIZED; |
| ... | ... | @@ -386,6 +387,7 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement |
| 386 | 387 | |
| 387 | 388 | private void processX509CertConnect(ChannelHandlerContext ctx, X509Certificate cert) { |
| 388 | 389 | try { |
| 390 | + cert.checkValidity(new Date()); | |
| 389 | 391 | String strCert = SslUtil.getX509CertificateString(cert); |
| 390 | 392 | String sha3Hash = EncryptionUtil.getSha3Hash(strCert); |
| 391 | 393 | transportService.process(DeviceTransportType.MQTT, ValidateDeviceX509CertRequestMsg.newBuilder().setHash(sha3Hash).build(), | ... | ... |