简柏林 / thingskit · Commits

Commit de9cd8939e12511d4e9e14470813a4d47a3379e2

Authored by Andrii Shvaika
1 parent 67f8327c

Fix for client certificate check

Inline Side-by-side
Showing 4 changed files with 11 additions and 0 deletions
@@ -569,6 +569,8 @@ transport: @@ -569,6 +569,8 @@ transport:
569 key_password: "${MQTT_SSL_KEY_PASSWORD:server_key_password}" 569 key_password: "${MQTT_SSL_KEY_PASSWORD:server_key_password}"
570 # Type of the key store 570 # Type of the key store
571 key_store_type: "${MQTT_SSL_KEY_STORE_TYPE:JKS}" 571 key_store_type: "${MQTT_SSL_KEY_STORE_TYPE:JKS}"
  572 + # Skip certificate validity check for client certificates.
  573 + skip_validity_check_for_client_cert: "${MQTT_SSL_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"
572 # Local CoAP transport parameters 574 # Local CoAP transport parameters
573 coap: 575 coap:
574 # Enable/disable coap transport protocol. 576 # Enable/disable coap transport protocol.
@@ -47,6 +47,10 @@ public class MqttTransportContext extends TransportContext { @@ -47,6 +47,10 @@ public class MqttTransportContext extends TransportContext {
47 private Integer maxPayloadSize; 47 private Integer maxPayloadSize;
48 48
49 @Getter 49 @Getter
  50 + @Value("${transport.mqtt.netty.skip_validity_check_for_client_cert:false}")
  51 + private boolean skipValidityCheckForClientCert;
  52 +
  53 + @Getter
50 @Setter 54 @Setter
51 private SslHandler sslHandler; 55 private SslHandler sslHandler;
52 56
@@ -383,6 +383,9 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement @@ -383,6 +383,9 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement
383 383
384 private void processX509CertConnect(ChannelHandlerContext ctx, X509Certificate cert) { 384 private void processX509CertConnect(ChannelHandlerContext ctx, X509Certificate cert) {
385 try { 385 try {
  386 + if(!context.isSkipValidityCheckForClientCert()){
  387 + cert.checkValidity();
  388 + }
386 String strCert = SslUtil.getX509CertificateString(cert); 389 String strCert = SslUtil.getX509CertificateString(cert);
387 String sha3Hash = EncryptionUtil.getSha3Hash(strCert); 390 String sha3Hash = EncryptionUtil.getSha3Hash(strCert);
388 transportService.process(ValidateDeviceX509CertRequestMsg.newBuilder().setHash(sha3Hash).build(), 391 transportService.process(ValidateDeviceX509CertRequestMsg.newBuilder().setHash(sha3Hash).build(),
@@ -67,6 +67,8 @@ transport: @@ -67,6 +67,8 @@ transport:
67 key_password: "${MQTT_SSL_KEY_PASSWORD:server_key_password}" 67 key_password: "${MQTT_SSL_KEY_PASSWORD:server_key_password}"
68 # Type of the key store 68 # Type of the key store
69 key_store_type: "${MQTT_SSL_KEY_STORE_TYPE:JKS}" 69 key_store_type: "${MQTT_SSL_KEY_STORE_TYPE:JKS}"
  70 + # Skip certificate validity check for client certificates.
  71 + skip_validity_check_for_client_cert: "${MQTT_SSL_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"
70 sessions: 72 sessions:
71 inactivity_timeout: "${TB_TRANSPORT_SESSIONS_INACTIVITY_TIMEOUT:300000}" 73 inactivity_timeout: "${TB_TRANSPORT_SESSIONS_INACTIVITY_TIMEOUT:300000}"
72 report_timeout: "${TB_TRANSPORT_SESSIONS_REPORT_TIMEOUT:30000}" 74 report_timeout: "${TB_TRANSPORT_SESSIONS_REPORT_TIMEOUT:30000}"