Bugfix: Fix keystore path being always empty (#296)

DC2-DanielKrueger · web-flow · commit 9e17256dc6d2 · 2024-02-28T11:25:53.000+01:00
* start to reproduce and add tests for bug
* add debug log
diff --git a/hivemq-edge/src/main/java/com/hivemq/edge/modules/ModuleLoader.java b/hivemq-edge/src/main/java/com/hivemq/edge/modules/ModuleLoader.java
@@ -131,11 +131,16 @@ protected void loadFromModulesDirectory(final ClassLoader parentClassloader) {
 
     public <T> @NotNull List<Class<? extends T>> findImplementations(final @NotNull Class<T> serviceClazz) {
         final ArrayList<Class<? extends T>> classes = new ArrayList<>();
-        for (EdgeModule module : modules) {
+        for (final EdgeModule module : modules) {
+            log.trace("Looking for implementations of class '{}' in module '{}'", serviceClazz, module.root);
             try {
                 final Iterable<Class<? extends T>> loaded = classServiceLoader.load(serviceClazz, module.classloader);
-                for (Class<? extends T> foundClass : loaded) {
+                for (final Class<? extends T> foundClass : loaded) {
                     classes.add(foundClass);
+                    log.trace("Found implementation '{}' of class '{}' in module '{}'",
+                            foundClass,
+                            serviceClazz,
+                            module.root);
                 }
             } catch (IOException | ClassNotFoundException e) {
                 throw new RuntimeException(e);
diff --git a/modules/hivemq-edge-module-opcua/src/main/java/com/hivemq/edge/adapters/opcua/client/OpcUaClientConfigurator.java b/modules/hivemq-edge-module-opcua/src/main/java/com/hivemq/edge/adapters/opcua/client/OpcUaClientConfigurator.java
@@ -32,6 +32,7 @@
 import org.eclipse.milo.opcua.stack.core.util.validation.ValidationCheck;
 
 import java.io.File;
+import java.security.KeyPair;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.List;
@@ -65,6 +66,11 @@ public OpcUaClientConfigurator(final @NotNull OpcUaAdapterConfig adapterConfig)
             configureIdentityProvider(opcUaClientConfigBuilder, tlsEnabled, keyPairWithChain);
         }
 
+        if (keyPairWithChain != null) {
+            opcUaClientConfigBuilder.setKeyPair(new KeyPair(keyPairWithChain.getPublicKey().getPublicKey(),
+                    keyPairWithChain.getPrivateKey()));
+        }
+
         return opcUaClientConfigBuilder.build();
     }
 
@@ -136,7 +142,10 @@ private DefaultClientCertificateValidator createServerCertificateValidator(@NotN
         final boolean truststoreAvailable = checkTruststoreAvailable(tlsConfig);
         if (truststoreAvailable) {
             //if custom truststore is set
-            trustedCerts = KeystoreUtil.getCertificatesFromTruststore("JKS", "", "");
+            //noinspection DataFlowIssue nullability is checked in checkTruststoreAvailable()
+            final String trustStorePath = tlsConfig.getTruststore().getPath();
+            final String trustStorePassword = tlsConfig.getTruststore().getPassword();
+            trustedCerts = KeystoreUtil.getCertificatesFromTruststore("JKS", trustStorePath, trustStorePassword);
         } else {
             trustedCerts = KeystoreUtil.getCertificatesFromDefaultTruststore();
         }
diff --git a/modules/hivemq-edge-module-opcua/src/main/java/com/hivemq/edge/adapters/opcua/client/OpcUaEndpointFilter.java b/modules/hivemq-edge-module-opcua/src/main/java/com/hivemq/edge/adapters/opcua/client/OpcUaEndpointFilter.java
@@ -56,7 +56,6 @@ public OpcUaEndpointFilter(@NotNull String configPolicyUri, @NotNull OpcUaAdapte
                     policyUri,
                     adapterConfig.getId());
             return false;
-
         }).min((o1, o2) -> {
             final OpcUaAdapterConfig.SecPolicy policy1 = OpcUaAdapterConfig.SecPolicy.forUri(o1.getSecurityPolicyUri());
             final OpcUaAdapterConfig.SecPolicy policy2 = OpcUaAdapterConfig.SecPolicy.forUri(o2.getSecurityPolicyUri());
diff --git a/modules/hivemq-edge-module-opcua/src/main/java/com/hivemq/edge/adapters/opcua/util/KeystoreUtil.java b/modules/hivemq-edge-module-opcua/src/main/java/com/hivemq/edge/adapters/opcua/util/KeystoreUtil.java
@@ -103,9 +103,14 @@ public class KeystoreUtil {
             final PrivateKey privateKey = (PrivateKey) keyStore.getKey(firstAlias, privateKeyPassword.toCharArray());
             final Certificate certificate = keyStore.getCertificate(firstAlias);
             final Certificate[] certificateChain = keyStore.getCertificateChain(firstAlias);
-            return new KeyPairWithChain(privateKey,
-                    (X509Certificate) certificate,
-                    (X509Certificate[]) certificateChain);
+
+            final X509Certificate certificateX509 = (X509Certificate) certificate;
+            final X509Certificate[] certificateChainX509 = new X509Certificate[certificateChain.length];
+            for (int i = 0; i < certificateChain.length; i++) {
+                certificateChainX509[i] = (X509Certificate) certificateChain[i];
+            }
+
+            return new KeyPairWithChain(privateKey, certificateX509, certificateChainX509);
         } catch (final UnrecoverableKeyException e1) {
             throw new SslException(
                     "Not able to recover key from KeyStore, please check your private-key-password and your keyStorePassword",
