2 * Copyright (c) 2010-2023 Contributors to the openHAB project
4 * See the NOTICE file(s) distributed with this work for additional
7 * This program and the accompanying materials are made available under the
8 * terms of the Eclipse Public License 2.0 which is available at
9 * http://www.eclipse.org/legal/epl-2.0
11 * SPDX-License-Identifier: EPL-2.0
13 package org.openhab.binding.digitalstrom.internal.lib.serverconnection.impl;
15 import java.io.ByteArrayInputStream;
17 import java.io.FileInputStream;
18 import java.io.FileNotFoundException;
19 import java.io.FileWriter;
20 import java.io.IOException;
21 import java.io.InputStream;
22 import java.net.HttpURLConnection;
23 import java.net.MalformedURLException;
24 import java.net.SocketTimeoutException;
26 import java.nio.charset.StandardCharsets;
27 import java.security.KeyManagementException;
28 import java.security.NoSuchAlgorithmException;
29 import java.security.SecureRandom;
30 import java.security.Security;
31 import java.security.cert.CertificateEncodingException;
32 import java.security.cert.CertificateException;
33 import java.security.cert.CertificateFactory;
34 import java.security.cert.X509Certificate;
35 import java.util.Base64;
37 import javax.net.ssl.HostnameVerifier;
38 import javax.net.ssl.HttpsURLConnection;
39 import javax.net.ssl.SSLContext;
40 import javax.net.ssl.SSLHandshakeException;
41 import javax.net.ssl.SSLSession;
42 import javax.net.ssl.SSLSocketFactory;
43 import javax.net.ssl.TrustManager;
44 import javax.net.ssl.X509TrustManager;
46 import org.apache.commons.lang3.StringUtils;
47 import org.openhab.binding.digitalstrom.internal.lib.config.Config;
48 import org.openhab.binding.digitalstrom.internal.lib.manager.ConnectionManager;
49 import org.openhab.binding.digitalstrom.internal.lib.serverconnection.HttpTransport;
50 import org.openhab.binding.digitalstrom.internal.lib.serverconnection.simpledsrequestbuilder.constants.ParameterKeys;
51 import org.slf4j.Logger;
52 import org.slf4j.LoggerFactory;
55 * The {@link HttpTransportImpl} executes a request to the digitalSTROM-Server.
57 * If a {@link Config} is given at the constructor. It sets the SSL-Certificate what is set in
58 * {@link Config#getCert()}. If there is no SSL-Certificate, but a path to an external SSL-Certificate file what is set
59 * in {@link Config#getTrustCertPath()} this will be set. If no SSL-Certificate is set in the {@link Config} it will be
60 * red out from the server and set in {@link Config#setCert(String)}.
63 * If no {@link Config} is given the SSL-Certificate will be stored locally.
66 * The method {@link #writePEMCertFile(String)} saves the SSL-Certificate in a file at the given path. If all
67 * SSL-Certificates shout be ignored the flag <i>exeptAllCerts</i> have to be true at the constructor
70 * If a {@link ConnectionManager} is given at the constructor, the session-token is not needed by requests and the
71 * {@link ConnectionListener}, which is registered at the {@link ConnectionManager}, will be automatically informed
73 * connection state changes through the {@link #execute(String, int, int)} method.
76 * @author Michael Ochel - Initial contribution
77 * @author Matthias Siegele - Initial contribution
79 public class HttpTransportImpl implements HttpTransport {
81 private static final String LINE_SEPERATOR = System.getProperty("line.separator");
82 private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----" + LINE_SEPERATOR;
83 private static final String END_CERT = LINE_SEPERATOR + "-----END CERTIFICATE-----" + LINE_SEPERATOR;
85 private final Logger logger = LoggerFactory.getLogger(HttpTransportImpl.class);
86 private static final short MAY_A_NEW_SESSION_TOKEN_IS_NEEDED = 1;
90 private int connectTimeout;
91 private int readTimeout;
93 private Config config;
95 private ConnectionManager connectionManager;
98 private SSLSocketFactory sslSocketFactory;
99 private final HostnameVerifier hostnameVerifier = new HostnameVerifier() {
102 public boolean verify(String arg0, SSLSession arg1) {
103 return arg0.equals(arg1.getPeerHost()) || arg0.contains("dss.local.");
108 * Creates a new {@link HttpTransportImpl} with registration of the given {@link ConnectionManager} and set ignore
109 * all SSL-Certificates. The {@link Config} will be automatically added from the configurations of the given
110 * {@link ConnectionManager}.
112 * @param connectionManager to check connection, can be null
113 * @param exeptAllCerts (true = all will ignore)
115 public HttpTransportImpl(ConnectionManager connectionManager, boolean exeptAllCerts) {
116 this.connectionManager = connectionManager;
117 this.config = connectionManager.getConfig();
118 init(config.getHost(), config.getConnectionTimeout(), config.getReadTimeout(), exeptAllCerts);
122 * Creates a new {@link HttpTransportImpl} with configurations of the given {@link Config} and set ignore all
125 * @param config to get configurations, must not be null
126 * @param exeptAllCerts (true = all will ignore)
128 public HttpTransportImpl(Config config, boolean exeptAllCerts) {
129 this.config = config;
130 init(config.getHost(), config.getConnectionTimeout(), config.getReadTimeout(), exeptAllCerts);
134 * Creates a new {@link HttpTransportImpl} with configurations of the given {@link Config}.
136 * @param config to get configurations, must not be null
138 public HttpTransportImpl(Config config) {
139 this.config = config;
140 init(config.getHost(), config.getConnectionTimeout(), config.getReadTimeout(), false);
144 * Creates a new {@link HttpTransportImpl}.
146 * @param uri of the server, must not be null
148 public HttpTransportImpl(String uri) {
149 init(uri, Config.DEFAULT_CONNECTION_TIMEOUT, Config.DEFAULT_READ_TIMEOUT, false);
153 * Creates a new {@link HttpTransportImpl} and set ignore all SSL-Certificates.
155 * @param uri of the server, must not be null
156 * @param exeptAllCerts (true = all will ignore)
158 public HttpTransportImpl(String uri, boolean exeptAllCerts) {
159 init(uri, Config.DEFAULT_CONNECTION_TIMEOUT, Config.DEFAULT_READ_TIMEOUT, exeptAllCerts);
163 * Creates a new {@link HttpTransportImpl}.
165 * @param uri of the server, must not be null
166 * @param connectTimeout to set
167 * @param readTimeout to set
169 public HttpTransportImpl(String uri, int connectTimeout, int readTimeout) {
170 init(uri, connectTimeout, readTimeout, false);
174 * Creates a new {@link HttpTransportImpl} and set ignore all SSL-Certificates..
176 * @param uri of the server, must not be null
177 * @param connectTimeout to set
178 * @param readTimeout to set
179 * @param exeptAllCerts (true = all will ignore)
181 public HttpTransportImpl(String uri, int connectTimeout, int readTimeout, boolean exeptAllCerts) {
182 init(uri, connectTimeout, readTimeout, exeptAllCerts);
185 private void init(String uri, int connectTimeout, int readTimeout, boolean exeptAllCerts) {
186 logger.debug("init HttpTransportImpl");
187 this.uri = fixURI(uri);
188 this.connectTimeout = connectTimeout;
189 this.readTimeout = readTimeout;
190 // Check SSL Certificate
192 sslSocketFactory = generateSSLContextWhichAcceptAllSSLCertificats();
194 if (config != null) {
195 cert = config.getCert();
196 logger.debug("generate SSLcontext from config cert");
197 if (cert != null && !cert.isBlank()) {
198 sslSocketFactory = generateSSLContextFromPEMCertString(cert);
200 String trustCertPath = config.getTrustCertPath();
201 if (trustCertPath != null && !trustCertPath.isBlank()) {
202 logger.debug("generate SSLcontext from config cert path");
203 cert = readPEMCertificateStringFromFile(trustCertPath);
204 if (cert != null && !cert.isBlank()) {
205 sslSocketFactory = generateSSLContextFromPEMCertString(cert);
208 logger.debug("generate SSLcontext from server");
209 cert = getPEMCertificateFromServer(this.uri);
210 sslSocketFactory = generateSSLContextFromPEMCertString(cert);
211 if (sslSocketFactory != null) {
212 config.setCert(cert);
217 logger.debug("generate SSLcontext from server");
218 cert = getPEMCertificateFromServer(this.uri);
219 sslSocketFactory = generateSSLContextFromPEMCertString(cert);
224 private String fixURI(String uri) {
225 String fixedURI = uri;
226 if (!fixedURI.startsWith("https://")) {
227 fixedURI = "https://" + fixedURI;
229 if (fixedURI.split(":").length != 3) {
230 fixedURI = fixedURI + ":8080";
235 private String fixRequest(String request) {
236 return request.replace(" ", "");
240 public String execute(String request) {
241 return execute(request, this.connectTimeout, this.readTimeout);
244 private short loginCounter = 0;
247 public String execute(String request, int connectTimeout, int readTimeout) {
248 // NOTE: We will only show exceptions in the debug level, because they will be handled in the checkConnection()
249 // method and this changes the bridge state. If a command was send it fails than and a sensorJob will be
250 // execute the next time, by TimeOutExceptions. By other exceptions the checkConnection() method handles it in
252 String response = null;
253 HttpsURLConnection connection = null;
255 String correctedRequest = checkSessionToken(request);
256 connection = getConnection(correctedRequest, connectTimeout, readTimeout);
257 if (connection != null) {
258 connection.connect();
259 final int responseCode = connection.getResponseCode();
260 if (responseCode != HttpURLConnection.HTTP_FORBIDDEN) {
261 if (responseCode == HttpURLConnection.HTTP_INTERNAL_ERROR) {
262 response = new String(connection.getErrorStream().readAllBytes(), StandardCharsets.UTF_8);
264 response = new String(connection.getInputStream().readAllBytes(), StandardCharsets.UTF_8);
266 if (response != null) {
267 if (!response.contains("Authentication failed")) {
268 if (loginCounter > 0) {
269 connectionManager.checkConnection(responseCode);
273 connectionManager.checkConnection(ConnectionManager.AUTHENTIFICATION_PROBLEM);
279 connection.disconnect();
280 if (response == null && connectionManager != null
281 && loginCounter <= MAY_A_NEW_SESSION_TOKEN_IS_NEEDED) {
282 if (responseCode == HttpURLConnection.HTTP_FORBIDDEN) {
283 execute(addSessionToken(correctedRequest, connectionManager.getNewSessionToken()),
284 connectTimeout, readTimeout);
287 connectionManager.checkConnection(responseCode);
294 } catch (SocketTimeoutException e) {
295 informConnectionManager(ConnectionManager.SOCKET_TIMEOUT_EXCEPTION);
296 } catch (java.net.ConnectException e) {
297 informConnectionManager(ConnectionManager.CONNECTION_EXCEPTION);
298 } catch (MalformedURLException e) {
299 informConnectionManager(ConnectionManager.MALFORMED_URL_EXCEPTION);
300 } catch (java.net.UnknownHostException e) {
301 informConnectionManager(ConnectionManager.UNKNOWN_HOST_EXCEPTION);
302 } catch (SSLHandshakeException e) {
303 informConnectionManager(ConnectionManager.SSL_HANDSHAKE_EXCEPTION);
304 } catch (IOException e) {
305 logger.error("An IOException occurred: ", e);
306 informConnectionManager(ConnectionManager.GENERAL_EXCEPTION);
308 if (connection != null) {
309 connection.disconnect();
315 private boolean informConnectionManager(int code) {
316 if (connectionManager != null && loginCounter < MAY_A_NEW_SESSION_TOKEN_IS_NEEDED) {
317 connectionManager.checkConnection(code);
323 private String checkSessionToken(String request) {
324 if (checkNeededSessionToken(request)) {
325 if (connectionManager != null) {
326 String sessionToken = connectionManager.getSessionToken();
327 if (sessionToken == null) {
328 return addSessionToken(request, connectionManager.getNewSessionToken());
330 return addSessionToken(request, sessionToken);
336 private boolean checkNeededSessionToken(String request) {
337 String functionName = StringUtils.substringAfterLast(StringUtils.substringBefore(request, "?"), "/");
338 return !DsAPIImpl.METHODS_MUST_NOT_BE_LOGGED_IN.contains(functionName);
341 private String addSessionToken(String request, String sessionToken) {
342 String correctedRequest = request;
343 if (!correctedRequest.contains(ParameterKeys.TOKEN)) {
344 if (correctedRequest.contains("?")) {
345 correctedRequest = correctedRequest + "&" + ParameterKeys.TOKEN + "=" + sessionToken;
347 correctedRequest = correctedRequest + "?" + ParameterKeys.TOKEN + "=" + sessionToken;
350 correctedRequest = StringUtils.replaceOnce(correctedRequest, StringUtils.substringBefore(
351 StringUtils.substringAfter(correctedRequest, ParameterKeys.TOKEN + "="), "&"), sessionToken);
353 return correctedRequest;
356 private HttpsURLConnection getConnection(String request, int connectTimeout, int readTimeout) throws IOException {
357 String correctedRequest = request;
358 if (correctedRequest != null && !correctedRequest.isBlank()) {
359 correctedRequest = fixRequest(correctedRequest);
360 URL url = new URL(this.uri + correctedRequest);
361 HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
362 if (connection != null) {
363 connection.setConnectTimeout(connectTimeout);
364 connection.setReadTimeout(readTimeout);
365 if (sslSocketFactory != null) {
366 connection.setSSLSocketFactory(sslSocketFactory);
368 if (hostnameVerifier != null) {
369 connection.setHostnameVerifier(hostnameVerifier);
378 public int checkConnection(String testRequest) {
380 HttpsURLConnection connection = getConnection(testRequest, connectTimeout, readTimeout);
381 if (connection != null) {
382 connection.connect();
383 if (connection.getResponseCode() == HttpURLConnection.HTTP_OK) {
384 if (new String(connection.getInputStream().readAllBytes(), StandardCharsets.UTF_8)
385 .contains("Authentication failed")) {
386 return ConnectionManager.AUTHENTIFICATION_PROBLEM;
389 connection.disconnect();
390 return connection.getResponseCode();
392 return ConnectionManager.GENERAL_EXCEPTION;
394 } catch (SocketTimeoutException e) {
395 return ConnectionManager.SOCKET_TIMEOUT_EXCEPTION;
396 } catch (java.net.ConnectException e) {
397 return ConnectionManager.CONNECTION_EXCEPTION;
398 } catch (MalformedURLException e) {
399 return ConnectionManager.MALFORMED_URL_EXCEPTION;
400 } catch (java.net.UnknownHostException e) {
401 return ConnectionManager.UNKNOWN_HOST_EXCEPTION;
402 } catch (IOException e) {
403 return ConnectionManager.GENERAL_EXCEPTION;
408 public int getSensordataConnectionTimeout() {
409 return config != null ? config.getSensordataConnectionTimeout() : Config.DEFAULT_SENSORDATA_CONNECTION_TIMEOUT;
413 public int getSensordataReadTimeout() {
414 return config != null ? config.getSensordataReadTimeout() : Config.DEFAULT_SENSORDATA_READ_TIMEOUT;
417 private String readPEMCertificateStringFromFile(String path) {
418 if (path == null || path.isBlank()) {
419 logger.error("Path is empty.");
421 File dssCert = new File(path);
422 if (dssCert.exists()) {
423 if (path.endsWith(".crt")) {
424 try (InputStream certInputStream = new FileInputStream(dssCert)) {
425 String cert = new String(certInputStream.readAllBytes(), StandardCharsets.UTF_8);
426 if (cert.startsWith(BEGIN_CERT)) {
429 logger.error("File is not a PEM certificate file. PEM-Certificates starts with: {}",
432 } catch (FileNotFoundException e) {
433 logger.error("Can't find a certificate file at the path: {}\nPlease check the path!", path);
434 } catch (IOException e) {
435 logger.error("An IOException occurred: ", e);
438 logger.error("File is not a certificate (.crt) file.");
441 logger.error("File not found");
448 public String writePEMCertFile(String path) {
449 String correctedPath = path == null ? "" : path.trim();
451 if (!correctedPath.isBlank()) {
452 certFilePath = new File(correctedPath);
453 boolean pathExists = certFilePath.exists();
455 pathExists = certFilePath.mkdirs();
457 if (pathExists && !correctedPath.endsWith("/")) {
458 correctedPath = correctedPath + "/";
461 InputStream certInputStream = new ByteArrayInputStream(cert.getBytes(StandardCharsets.UTF_8));
462 X509Certificate trustedCert;
464 trustedCert = (X509Certificate) CertificateFactory.getInstance("X.509")
465 .generateCertificate(certInputStream);
467 certFilePath = new File(
468 correctedPath + trustedCert.getSubjectDN().getName().split(",")[0].substring(2) + ".crt");
469 if (!certFilePath.exists()) {
470 certFilePath.createNewFile();
471 FileWriter writer = new FileWriter(certFilePath, true);
475 return certFilePath.getAbsolutePath();
477 logger.error("File allready exists!");
479 } catch (IOException e) {
480 logger.error("An IOException occurred: ", e);
481 } catch (CertificateException e1) {
482 logger.error("A CertificateException occurred: ", e1);
487 private SSLSocketFactory generateSSLContextFromPEMCertString(String pemCert) {
488 if (pemCert != null && !pemCert.isBlank() && pemCert.startsWith(BEGIN_CERT)) {
490 InputStream certInputStream = new ByteArrayInputStream(pemCert.getBytes(StandardCharsets.UTF_8));
491 final X509Certificate trustedCert = (X509Certificate) CertificateFactory.getInstance("X.509")
492 .generateCertificate(certInputStream);
494 final TrustManager[] trustManager = new TrustManager[] { new X509TrustManager() {
497 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
502 public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
503 throws CertificateException {
504 if (!certs[0].equals(trustedCert)) {
505 throw new CertificateException();
510 public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
511 throws CertificateException {
512 if (!certs[0].equals(trustedCert)) {
513 throw new CertificateException();
518 SSLContext sslContext = SSLContext.getInstance("SSL");
519 sslContext.init(null, trustManager, new java.security.SecureRandom());
520 return sslContext.getSocketFactory();
521 } catch (NoSuchAlgorithmException e) {
522 logger.error("A NoSuchAlgorithmException occurred: ", e);
523 } catch (KeyManagementException e) {
524 logger.error("A KeyManagementException occurred: ", e);
525 } catch (CertificateException e) {
526 logger.error("A CertificateException occurred: ", e);
529 logger.error("Cert is empty");
534 private String getPEMCertificateFromServer(String host) {
535 HttpsURLConnection connection = null;
537 URL url = new URL(host);
539 connection = (HttpsURLConnection) url.openConnection();
540 connection.setHostnameVerifier(hostnameVerifier);
541 connection.setSSLSocketFactory(generateSSLContextWhichAcceptAllSSLCertificats());
542 connection.connect();
544 java.security.cert.Certificate[] cert = connection.getServerCertificates();
545 connection.disconnect();
547 byte[] by = ((X509Certificate) cert[0]).getEncoded();
548 if (by.length != 0) {
549 return BEGIN_CERT + Base64.getEncoder().encodeToString(by) + END_CERT;
551 } catch (MalformedURLException e) {
552 if (!informConnectionManager(ConnectionManager.MALFORMED_URL_EXCEPTION)) {
553 logger.error("A MalformedURLException occurred: ", e);
555 } catch (IOException e) {
556 short code = ConnectionManager.GENERAL_EXCEPTION;
557 if (e instanceof java.net.ConnectException) {
558 code = ConnectionManager.CONNECTION_EXCEPTION;
559 } else if (e instanceof java.net.UnknownHostException) {
560 code = ConnectionManager.UNKNOWN_HOST_EXCEPTION;
562 if (!informConnectionManager(code) || code == -1) {
563 logger.error("An IOException occurred: ", e);
565 } catch (CertificateEncodingException e) {
566 logger.error("A CertificateEncodingException occurred: ", e);
568 if (connection != null) {
569 connection.disconnect();
575 private SSLSocketFactory generateSSLContextWhichAcceptAllSSLCertificats() {
576 Security.addProvider(Security.getProvider("SunJCE"));
577 TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
580 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
585 public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
589 public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
594 SSLContext sslContext = SSLContext.getInstance("SSL");
596 sslContext.init(null, trustAllCerts, new SecureRandom());
598 return sslContext.getSocketFactory();
599 } catch (KeyManagementException e) {
600 logger.error("A KeyManagementException occurred", e);
601 } catch (NoSuchAlgorithmException e) {
602 logger.error("A NoSuchAlgorithmException occurred", e);
projects / openhab-addons.git / blob