[hue] Check HTTPS connection (download of PEM certificate) (#13617)
* [hue] Check HTTPS connection (download of PEM certificate) Fix #13586 Signed-off-by: Laurent Garnier <lg.hc@free.fr>pull/13624/head
parent
99e309e991
commit
b9591222f5
|
@ -44,6 +44,8 @@ public class HueTlsTrustManagerProvider implements TlsTrustManagerProvider {
|
||||||
|
|
||||||
private final Logger logger = LoggerFactory.getLogger(HueTlsTrustManagerProvider.class);
|
private final Logger logger = LoggerFactory.getLogger(HueTlsTrustManagerProvider.class);
|
||||||
|
|
||||||
|
private @Nullable PEMTrustManager trustManager;
|
||||||
|
|
||||||
public HueTlsTrustManagerProvider(String hostname, boolean useSelfSignedCertificate) {
|
public HueTlsTrustManagerProvider(String hostname, boolean useSelfSignedCertificate) {
|
||||||
this.hostname = hostname;
|
this.hostname = hostname;
|
||||||
this.useSelfSignedCertificate = useSelfSignedCertificate;
|
this.useSelfSignedCertificate = useSelfSignedCertificate;
|
||||||
|
@ -56,20 +58,33 @@ public class HueTlsTrustManagerProvider implements TlsTrustManagerProvider {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public X509ExtendedTrustManager getTrustManager() {
|
public X509ExtendedTrustManager getTrustManager() {
|
||||||
|
PEMTrustManager localTrustManager = getPEMTrustManager();
|
||||||
|
if (localTrustManager == null) {
|
||||||
|
logger.error("Cannot get the PEM certificate - returning a TrustAllTrustManager");
|
||||||
|
}
|
||||||
|
return localTrustManager != null ? localTrustManager : TrustAllTrustManager.getInstance();
|
||||||
|
}
|
||||||
|
|
||||||
|
public @Nullable PEMTrustManager getPEMTrustManager() {
|
||||||
|
PEMTrustManager localTrustManager = trustManager;
|
||||||
|
if (localTrustManager != null) {
|
||||||
|
return localTrustManager;
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
if (useSelfSignedCertificate) {
|
if (useSelfSignedCertificate) {
|
||||||
logger.trace("Use self-signed certificate downloaded from Hue Bridge.");
|
logger.trace("Use self-signed certificate downloaded from Hue Bridge.");
|
||||||
// use self-signed certificate downloaded from Hue Bridge
|
// use self-signed certificate downloaded from Hue Bridge
|
||||||
return PEMTrustManager.getInstanceFromServer("https://" + getHostName());
|
localTrustManager = PEMTrustManager.getInstanceFromServer("https://" + getHostName());
|
||||||
} else {
|
} else {
|
||||||
logger.trace("Use Signify private CA Certificate for Hue Bridges from resources.");
|
logger.trace("Use Signify private CA Certificate for Hue Bridges from resources.");
|
||||||
// use Signify private CA Certificate for Hue Bridges from resources
|
// use Signify private CA Certificate for Hue Bridges from resources
|
||||||
return getInstanceFromResource(PEM_FILENAME);
|
localTrustManager = getInstanceFromResource(PEM_FILENAME);
|
||||||
}
|
}
|
||||||
|
this.trustManager = localTrustManager;
|
||||||
} catch (CertificateException | MalformedURLException e) {
|
} catch (CertificateException | MalformedURLException e) {
|
||||||
logger.error("An unexpected exception occurred - returning a TrustAllTrustManager: {}", e.getMessage(), e);
|
logger.debug("An unexpected exception occurred: {}", e.getMessage(), e);
|
||||||
}
|
}
|
||||||
return TrustAllTrustManager.getInstance();
|
return localTrustManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -706,20 +706,35 @@ public class HueBridgeHandler extends ConfigStatusBridgeHandler implements HueCl
|
||||||
"@text/offline.conf-error-no-ip-address");
|
"@text/offline.conf-error-no-ip-address");
|
||||||
} else {
|
} else {
|
||||||
if (hueBridge == null) {
|
if (hueBridge == null) {
|
||||||
if (HueBridgeConfig.HTTPS.equals(hueBridgeConfig.protocol)) {
|
|
||||||
// register trustmanager service
|
|
||||||
HueTlsTrustManagerProvider tlsTrustManagerProvider = new HueTlsTrustManagerProvider(
|
|
||||||
ip + ":" + hueBridgeConfig.getPort(), hueBridgeConfig.useSelfSignedCertificate);
|
|
||||||
serviceRegistration = FrameworkUtil.getBundle(getClass()).getBundleContext()
|
|
||||||
.registerService(TlsTrustManagerProvider.class.getName(), tlsTrustManagerProvider, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
hueBridge = new HueBridge(httpClient, ip, hueBridgeConfig.getPort(), hueBridgeConfig.protocol,
|
hueBridge = new HueBridge(httpClient, ip, hueBridgeConfig.getPort(), hueBridgeConfig.protocol,
|
||||||
scheduler);
|
scheduler);
|
||||||
|
|
||||||
updateStatus(ThingStatus.UNKNOWN);
|
updateStatus(ThingStatus.UNKNOWN);
|
||||||
|
|
||||||
|
if (HueBridgeConfig.HTTPS.equals(hueBridgeConfig.protocol)) {
|
||||||
|
scheduler.submit(() -> {
|
||||||
|
// register trustmanager service
|
||||||
|
HueTlsTrustManagerProvider tlsTrustManagerProvider = new HueTlsTrustManagerProvider(
|
||||||
|
ip + ":" + hueBridgeConfig.getPort(), hueBridgeConfig.useSelfSignedCertificate);
|
||||||
|
|
||||||
|
// Check before registering that the PEM certificate can be downloaded
|
||||||
|
if (tlsTrustManagerProvider.getPEMTrustManager() == null) {
|
||||||
|
updateStatus(ThingStatus.OFFLINE, ThingStatusDetail.CONFIGURATION_ERROR,
|
||||||
|
"@text/offline.conf-error-https-connection");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
serviceRegistration = FrameworkUtil.getBundle(getClass()).getBundleContext().registerService(
|
||||||
|
TlsTrustManagerProvider.class.getName(), tlsTrustManagerProvider, null);
|
||||||
|
|
||||||
|
onUpdate();
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
onUpdate();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
onUpdate();
|
||||||
}
|
}
|
||||||
onUpdate();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -148,6 +148,7 @@ config-status.error.missing-ip-address-configuration = No IP address for the Hue
|
||||||
# thing status descriptions
|
# thing status descriptions
|
||||||
|
|
||||||
offline.communication-error = An unexpected exception occurred during execution.
|
offline.communication-error = An unexpected exception occurred during execution.
|
||||||
|
offline.conf-error-https-connection = HTTPS secure connection failed. Please check your configuration settings (network address, protocol, port, type of certificate) and change protocol to http when using a V1 bridge.
|
||||||
offline.conf-error-invalid-ssl-certificate = Invalid certificate for secured connection. You might want to enable the "Use Self-Signed Certificate" configuration.
|
offline.conf-error-invalid-ssl-certificate = Invalid certificate for secured connection. You might want to enable the "Use Self-Signed Certificate" configuration.
|
||||||
offline.conf-error-no-ip-address = Cannot connect to Hue Bridge. IP address not available in configuration.
|
offline.conf-error-no-ip-address = Cannot connect to Hue Bridge. IP address not available in configuration.
|
||||||
offline.conf-error-no-username = Cannot connect to Hue Bridge. User name for authentication not available in configuration.
|
offline.conf-error-no-username = Cannot connect to Hue Bridge. User name for authentication not available in configuration.
|
||||||
|
|
Loading…
Reference in New Issue