diff --git a/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/ExtensibleTrustManager.java b/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/ExtensibleTrustManager.java index bd83b293d..f1f1c19da 100644 --- a/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/ExtensibleTrustManager.java +++ b/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/ExtensibleTrustManager.java @@ -14,6 +14,8 @@ package org.openhab.core.io.net.http; import javax.net.ssl.TrustManager; +import org.eclipse.jdt.annotation.NonNullByDefault; + /** * Provides an extensible composite TrustManager * @@ -24,6 +26,7 @@ import javax.net.ssl.TrustManager; * * @author Martin van Wingerden - Initial contribution */ +@NonNullByDefault public interface ExtensibleTrustManager extends TrustManager { /** diff --git a/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/HttpClientInitializationException.java b/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/HttpClientInitializationException.java index a7abfb12d..f184e6f24 100644 --- a/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/HttpClientInitializationException.java +++ b/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/HttpClientInitializationException.java @@ -12,16 +12,20 @@ */ package org.openhab.core.io.net.http; +import org.eclipse.jdt.annotation.NonNullByDefault; +import org.eclipse.jdt.annotation.Nullable; + /** * This exception is thrown, if an unexpected error occurs during initialization of the Jetty client * * @author Michael Bock - Initial contribution */ +@NonNullByDefault public class HttpClientInitializationException extends RuntimeException { private static final long serialVersionUID = -3187938868560212413L; - public HttpClientInitializationException(String message, Throwable cause) { + public HttpClientInitializationException(String message, @Nullable Throwable cause) { super(message, cause); } } diff --git a/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/TrustAllTrustManager.java b/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/TrustAllTrustManager.java index 222121da2..2d7617e7c 100644 --- a/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/TrustAllTrustManager.java +++ b/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/TrustAllTrustManager.java @@ -19,11 +19,15 @@ import java.security.cert.X509Certificate; import javax.net.ssl.SSLEngine; import javax.net.ssl.X509ExtendedTrustManager; +import org.eclipse.jdt.annotation.NonNullByDefault; +import org.eclipse.jdt.annotation.Nullable; + /** * The {@link TrustAllTrustManager} is a "trust all" implementation of {@link X509ExtendedTrustManager}. * * @author Matthew Bowman - Initial contribution */ +@NonNullByDefault public final class TrustAllTrustManager extends X509ExtendedTrustManager { private static TrustAllTrustManager instance = new TrustAllTrustManager(); @@ -39,35 +43,37 @@ public final class TrustAllTrustManager extends X509ExtendedTrustManager { } @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { + public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) + throws CertificateException { } @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { + public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) + throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { - return null; + return new X509Certificate[0]; } @Override - public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) - throws CertificateException { + public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, + @Nullable Socket socket) throws CertificateException { } @Override - public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) - throws CertificateException { + public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, + @Nullable SSLEngine engine) throws CertificateException { } @Override - public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) - throws CertificateException { + public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, + @Nullable Socket socket) throws CertificateException { } @Override - public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) - throws CertificateException { + public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, + @Nullable SSLEngine engine) throws CertificateException { } } diff --git a/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/internal/ExtensibleTrustManagerImpl.java b/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/internal/ExtensibleTrustManagerImpl.java index 54e84a868..9a63d6f32 100644 --- a/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/internal/ExtensibleTrustManagerImpl.java +++ b/bundles/org.openhab.core.io.net/src/main/java/org/openhab/core/io/net/http/internal/ExtensibleTrustManagerImpl.java @@ -29,6 +29,8 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.X509ExtendedTrustManager; import javax.security.auth.x500.X500Principal; +import org.eclipse.jdt.annotation.NonNullByDefault; +import org.eclipse.jdt.annotation.Nullable; import org.openhab.core.io.net.http.ExtensibleTrustManager; import org.openhab.core.io.net.http.TlsCertificateProvider; import org.openhab.core.io.net.http.TlsTrustManagerProvider; @@ -50,6 +52,7 @@ import org.slf4j.LoggerFactory; * @author Martin van Wingerden - Initial contribution */ @Component(service = ExtensibleTrustManager.class, immediate = true) +@NonNullByDefault public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager implements ExtensibleTrustManager { private final Logger logger = LoggerFactory.getLogger(ExtensibleTrustManagerImpl.class); @@ -60,12 +63,14 @@ public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager impleme private final Map mappingFromTlsCertificateProvider = new ConcurrentHashMap<>(); @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { + public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) + throws CertificateException { checkClientTrusted(chain, authType, (Socket) null); } @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { + public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType) + throws CertificateException { checkServerTrusted(chain, authType, (Socket) null); } @@ -75,8 +80,8 @@ public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager impleme } @Override - public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) - throws CertificateException { + public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, + @Nullable Socket socket) throws CertificateException { X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain); if (linkedTrustManager == null) { logger.trace("No specific trust manager found, falling back to default"); @@ -87,8 +92,8 @@ public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager impleme } @Override - public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) - throws CertificateException { + public void checkClientTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, + @Nullable SSLEngine sslEngine) throws CertificateException { X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine); if (linkedTrustManager == null) { logger.trace("No specific trust manager found, falling back to default"); @@ -99,8 +104,8 @@ public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager impleme } @Override - public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) - throws CertificateException { + public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, + @Nullable Socket socket) throws CertificateException { X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain); if (linkedTrustManager == null) { logger.trace("No specific trust manager found, falling back to default"); @@ -111,8 +116,8 @@ public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager impleme } @Override - public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) - throws CertificateException { + public void checkServerTrusted(X509Certificate @Nullable [] chain, @Nullable String authType, + @Nullable SSLEngine sslEngine) throws CertificateException { X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine); if (linkedTrustManager == null) { logger.trace("No specific trust manager found, falling back to default"); @@ -122,7 +127,8 @@ public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager impleme } } - private X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate[] chain, SSLEngine sslEngine) { + private @Nullable X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate @Nullable [] chain, + @Nullable SSLEngine sslEngine) { if (sslEngine != null) { X509ExtendedTrustManager trustManager = null; String peer = null; @@ -141,20 +147,21 @@ public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager impleme return getLinkedTrustMananger(chain); } - private X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate[] chain) { - try { - String commonName = getCommonName(chain[0]); + private @Nullable X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate @Nullable [] chain) { + if (chain != null) { + try { + String commonName = getCommonName(chain[0]); - X509ExtendedTrustManager trustManager = linkedTrustManager.getOrDefault(commonName, EMPTY_QUEUE).peek(); + X509ExtendedTrustManager trustManager = linkedTrustManager.getOrDefault(commonName, EMPTY_QUEUE).peek(); - if (trustManager != null) { - logger.trace("Found trustManager by common name: {}", commonName); - return trustManager; - } + if (trustManager != null) { + logger.trace("Found trustManager by common name: {}", commonName); + return trustManager; + } - Collection> subjectAlternatives = getSubjectAlternatives(chain); + Collection> subjectAlternatives = getSubjectAlternatives(chain); - logger.trace("Searching trustManager by Subject Alternative Names: {}", subjectAlternatives); + logger.trace("Searching trustManager by Subject Alternative Names: {}", subjectAlternatives); // @formatter:off return subjectAlternatives.stream() @@ -166,13 +173,13 @@ public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager impleme .findFirst() .orElse(null); // @formatter:on - } catch (CommonNameNotFoundException e) { - logger.debug("CN not found", e); - return null; - } catch (CertificateParsingException e) { - logger.debug("Problem while parsing certificate", e); - return null; + } catch (CommonNameNotFoundException e) { + logger.debug("CN not found", e); + } catch (CertificateParsingException e) { + logger.debug("Problem while parsing certificate", e); + } } + return null; } private Collection> getSubjectAlternatives(X509Certificate[] chain) throws CertificateParsingException { @@ -202,8 +209,10 @@ public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager impleme @Override public void removeTlsCertificateProvider(TlsCertificateProvider tlsCertificateProvider) { - removeLinkedTrustManager(tlsCertificateProvider.getHostName(), - mappingFromTlsCertificateProvider.remove(tlsCertificateProvider)); + X509ExtendedTrustManager trustManager = mappingFromTlsCertificateProvider.remove(tlsCertificateProvider); + if (trustManager != null) { + removeLinkedTrustManager(tlsCertificateProvider.getHostName(), trustManager); + } } @Override @@ -217,10 +226,12 @@ public class ExtensibleTrustManagerImpl extends X509ExtendedTrustManager impleme removeLinkedTrustManager(tlsTrustManagerProvider.getHostName(), tlsTrustManagerProvider.getTrustManager()); } + @SuppressWarnings("null") private void addLinkedTrustManager(String hostName, X509ExtendedTrustManager trustManager) { linkedTrustManager.computeIfAbsent(hostName, h -> new ConcurrentLinkedQueue<>()).add(trustManager); } + @SuppressWarnings("null") private void removeLinkedTrustManager(String hostName, X509ExtendedTrustManager trustManager) { linkedTrustManager.computeIfAbsent(hostName, h -> new ConcurrentLinkedQueue<>()).remove(trustManager); }