From aefdb624b8f87f0bc4da3950583f43cd005c7d28 Mon Sep 17 00:00:00 2001
From: hazmiarifin <hazmiarifin@gmail.com>
Date: Sat, 20 Jan 2024 21:14:58 +0700
Subject: [PATCH 1/2] + Add support to connect Web Socket Secured for HTTPS
 Server

---
 config/application-sonic-agent.yml            |  4 ++
 .../docker/config/application-sonic-agent.yml |  4 ++
 src/main/docker/docker-compose-zh.yml         |  4 +-
 src/main/docker/docker-compose.yml            |  4 +-
 .../transport/TransportConnectionThread.java  | 42 ++++++++++++++++++-
 5 files changed, 54 insertions(+), 4 deletions(-)

diff --git a/config/application-sonic-agent.yml b/config/application-sonic-agent.yml
index 8fadd29d..205a3042 100755
--- a/config/application-sonic-agent.yml
+++ b/config/application-sonic-agent.yml
@@ -11,6 +11,10 @@ sonic:
     host: 192.168.1.1
     # Change to SONIC_SERVER_PORT of server | 改成server的SONIC_SERVER_PORT
     port: 3000
+    # Change to true if HTTPS Server
+    https: false
+    # Change to CA Certificate of HTTPS Server
+    ca: /usr/local/share/ca-certificates/ca-cert.crt
 
 # The following will be migrated to the server configuration in the future | 以下未来会迁移到server配置
 modules:
diff --git a/src/main/docker/config/application-sonic-agent.yml b/src/main/docker/config/application-sonic-agent.yml
index d49803db..a51af3af 100755
--- a/src/main/docker/config/application-sonic-agent.yml
+++ b/src/main/docker/config/application-sonic-agent.yml
@@ -11,6 +11,10 @@ sonic:
     host: ${SONIC_SERVER_HOST:192.168.1.1}
     # Change to SONIC_SERVER_PORT of server | 改成server的SONIC_SERVER_PORT
     port: ${SONIC_SERVER_PORT:3000}
+    # Change to true if HTTPS Server
+    https: ${SONIC_SERVER_HTTPS:false}
+    # Change to CA Certificate of HTTPS Server
+    ca: ${SONIC_SERVER_CA:/usr/local/share/ca-certificates/ca-cert.crt}
 
 # The following will be migrated to the server configuration in the future | 以下未来会迁移到server配置
 modules:
diff --git a/src/main/docker/docker-compose-zh.yml b/src/main/docker/docker-compose-zh.yml
index 6e5a2d6e..193e6be3 100755
--- a/src/main/docker/docker-compose-zh.yml
+++ b/src/main/docker/docker-compose-zh.yml
@@ -6,13 +6,15 @@ services:
       # Change to SONIC_SERVER_HOST and SONIC_SERVER_PORT of server | 改成server的SONIC_SERVER_HOST和SONIC_SERVER_PORT
       - SONIC_SERVER_HOST=192.168.1.1
       - SONIC_SERVER_PORT=3000
+      - SONIC_SERVER_HTTPS=false
+      - SONIC_SERVER_CA=/usr/local/share/ca-certificates/ca-cert.crt
       # Replace with ipv4 of the agent machine | 替换为部署Agent机器的ipv4
       - AGENT_HOST=192.168.1.1
       # Replace with the port of the agent service, which can be changed by yourself | 替换为Agent服务的端口，可以自行更改
       - AGENT_PORT=7777
       # Replace with the key of agent generated by the new front-end | 替换为前端新增Agent生成的key
       - AGENT_KEY=29002272-4659-4808-a804-08ce3388b136
-      # Replace with the bundleId of wda. If there is no. xcrunner suffix, it will be automatically completed. | 替换为wda的bundleId，如果没有.xctrunner后缀会自动补全
+      # Replace with the bundleId of wda. If there is no. xctrunner suffix, it will be automatically completed. | 替换为wda的bundleId，如果没有.xctrunner后缀会自动补全
       - WDA_BUNDLE_ID=com.facebook.WebDriverAgentRunner.xctrunner
     network_mode: "host"
     privileged: true
diff --git a/src/main/docker/docker-compose.yml b/src/main/docker/docker-compose.yml
index 9f4f70c1..80bebcc3 100755
--- a/src/main/docker/docker-compose.yml
+++ b/src/main/docker/docker-compose.yml
@@ -6,13 +6,15 @@ services:
       # Change to SONIC_SERVER_HOST and SONIC_SERVER_PORT of server | 改成server的SONIC_SERVER_HOST和SONIC_SERVER_PORT
       - SONIC_SERVER_HOST=192.168.1.1
       - SONIC_SERVER_PORT=3000
+      - SONIC_SERVER_HTTPS=false
+      - SONIC_SERVER_CA=/usr/local/share/ca-certificates/ca-cert.crt
       # Replace with ipv4 of the agent machine | 替换为部署Agent机器的ipv4
       - AGENT_HOST=192.168.1.1
       # Replace with the port of the agent service, which can be changed by yourself | 替换为Agent服务的端口，可以自行更改
       - AGENT_PORT=7777
       # Replace with the key of agent generated by the new front-end | 替换为前端新增Agent生成的key
       - AGENT_KEY=29002272-4659-4808-a804-08ce3388b136
-      # Replace with the bundleId of wda. If there is no. xcrunner suffix, it will be automatically completed. | 替换为wda的bundleId，如果没有.xctrunner后缀会自动补全
+      # Replace with the bundleId of wda. If there is no. xctrunner suffix, it will be automatically completed. | 替换为wda的bundleId，如果没有.xctrunner后缀会自动补全
       - WDA_BUNDLE_ID=com.facebook.WebDriverAgentRunner.xctrunner
     network_mode: "host"
     privileged: true
diff --git a/src/main/java/org/cloud/sonic/agent/transport/TransportConnectionThread.java b/src/main/java/org/cloud/sonic/agent/transport/TransportConnectionThread.java
index 47851938..6c7f1325 100755
--- a/src/main/java/org/cloud/sonic/agent/transport/TransportConnectionThread.java
+++ b/src/main/java/org/cloud/sonic/agent/transport/TransportConnectionThread.java
@@ -21,9 +21,19 @@
 import lombok.extern.slf4j.Slf4j;
 import org.cloud.sonic.agent.tools.SpringTool;
 
+import java.io.InputStream;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.io.FileInputStream;
 import java.net.URI;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
 /**
  * @author Eason
  * @date 2022/6/12 02:45
@@ -41,6 +51,8 @@ public class TransportConnectionThread implements Runnable {
 
     String serverHost = String.valueOf(SpringTool.getPropertiesValue("sonic.server.host"));
     Integer serverPort = Integer.valueOf(SpringTool.getPropertiesValue("sonic.server.port"));
+    String serverCaPath = String.valueOf(SpringTool.getPropertiesValue("sonic.server.ca"));
+    Boolean serverHttps = Boolean.valueOf(SpringTool.getPropertiesValue("sonic.server.https"));
     String key = String.valueOf(SpringTool.getPropertiesValue("sonic.agent.key"));
 
     @Override
@@ -50,10 +62,36 @@ public void run() {
             if (!TransportWorker.isKeyAuth) {
                 return;
             }
-            String url = String.format("ws://%s:%d/server/websockets/agent/%s",
-                    serverHost, serverPort, key).replace(":80/", "/");
+            String url = String.format("ws://%s:%d/server/websockets/agent/%s", serverHost, serverPort, key)
+                            .replace(":80/", "/")
+                            .replace("ws://", serverHttps ? "wss://" : "ws://");
+
             URI uri = URI.create(url);
             TransportClient transportClient = new TransportClient(uri);
+
+            if (serverHttps) {
+                try {
+                    log.info("Server Websocket: " + url);
+                    log.info("Server Ca: " + serverCaPath);
+                    InputStream is = new FileInputStream(serverCaPath);
+                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
+                    X509Certificate caCert = (X509Certificate)cf.generateCertificate(is);
+                    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+                    ks.load(null); // You don't need the KeyStore instance to come from a file.
+                    ks.setCertificateEntry("caCert", caCert);
+                    tmf.init(ks);
+
+                    SSLContext sslContext = SSLContext.getInstance("TLS");
+                    sslContext.init(null, tmf.getTrustManagers(), null);
+                    transportClient.setSocketFactory(sslContext.getSocketFactory());
+                }
+                catch (Exception ex) {
+                    StringWriter sw = new StringWriter();
+                    ex.printStackTrace(new PrintWriter(sw));
+                    log.error(sw.toString());
+                }
+            }
             transportClient.connect();
         } else {
             JSONObject ping = new JSONObject();

From 1fd0ce59d73948998b3c4b75768f0d0c4eaaa328 Mon Sep 17 00:00:00 2001
From: hazmiarifin <hazmiarifin@gmail.com>
Date: Mon, 22 Jan 2024 11:50:19 +0700
Subject: [PATCH 2/2] + add ca certificate directory

---
 src/main/docker/docker-compose-zh.yml | 3 ++-
 src/main/docker/docker-compose.yml    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/docker/docker-compose-zh.yml b/src/main/docker/docker-compose-zh.yml
index 193e6be3..8ed224e8 100755
--- a/src/main/docker/docker-compose-zh.yml
+++ b/src/main/docker/docker-compose-zh.yml
@@ -20,4 +20,5 @@ services:
     privileged: true
     volumes:
       - /dev/bus/usb:/dev/bus/usb
-      - /var/run/usbmuxd:/var/run/usbmuxd
\ No newline at end of file
+      - /var/run/usbmuxd:/var/run/usbmuxd
+      - /usr/local/share/ca-certificates:/usr/local/share/ca-certificates
\ No newline at end of file
diff --git a/src/main/docker/docker-compose.yml b/src/main/docker/docker-compose.yml
index 80bebcc3..49f11652 100755
--- a/src/main/docker/docker-compose.yml
+++ b/src/main/docker/docker-compose.yml
@@ -20,4 +20,5 @@ services:
     privileged: true
     volumes:
       - /dev/bus/usb:/dev/bus/usb
-      - /var/run/usbmuxd:/var/run/usbmuxd
\ No newline at end of file
+      - /var/run/usbmuxd:/var/run/usbmuxd
+      - /usr/local/share/ca-certificates:/usr/local/share/ca-certificates
\ No newline at end of file