|
|
|
|
|
Setting the system property below to true enables the ONVIF Driver to use the provided custom TrustManager:
By default, the ONVIF Driver supports registering Untrusted devices while reading only the basic information about the Device. This includes the GetDeviceInformation and GetNetworkInterfaces requests. To use the provided TrustManager service for validating those initial requests, the following system property must be set to true:
If the device is not trusted by the provided TrustManager and the onvif.trustDeviceInfo is set to true, then the device will not be registered.
The example below registers X509TrustManager service using OSGi Declarative services:
X509TrustManagerImpl.java:
import org.osgi.framework.Constants;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@Component(service = X509TrustManager.class, property = Constants.SERVICE_PID + "="
+ com.prosyst.mbs.services.onvif.Constants.ONVIF_TRUST_MANAGER_PID)
public class X509TrustManagerImpl implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// do the verification and throw CertificateException if device is not trusted
throw new CertificateException("Not trusted by provided TrustManager");
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@Activate
public void start(ComponentContext context) throws IOException {}
@Deactivate
public void stop(ComponentContext context) throws IOException {}
}