fea: Add support to connect HTTPS server with providing CA Certificate

config/application-sonic-agent.yml

@@ -11,6 +11,10 @@ sonic:
     host: 192.168.1.1
     # Change to SONIC_SERVER_PORT of server | 改成server的SONIC_SERVER_PORT
     port: 3000
+    # Change to true if HTTPS Server
+    https: false
+    # Change to CA Certificate of HTTPS Server
+    ca: /usr/local/share/ca-certificates/ca-cert.crt
 
 # The following will be migrated to the server configuration in the future | 以下未来会迁移到server配置
 modules:

src/main/docker/config/application-sonic-agent.yml

@@ -11,6 +11,10 @@ sonic:
     host: ${SONIC_SERVER_HOST:192.168.1.1}
     # Change to SONIC_SERVER_PORT of server | 改成server的SONIC_SERVER_PORT
     port: ${SONIC_SERVER_PORT:3000}
+    # Change to true if HTTPS Server
+    https: ${SONIC_SERVER_HTTPS:false}
+    # Change to CA Certificate of HTTPS Server
+    ca: ${SONIC_SERVER_CA:/usr/local/share/ca-certificates/ca-cert.crt}
 
 # The following will be migrated to the server configuration in the future | 以下未来会迁移到server配置
 modules:

src/main/docker/docker-compose-zh.yml

@@ -6,16 +6,19 @@ services:
       # Change to SONIC_SERVER_HOST and SONIC_SERVER_PORT of server | 改成server的SONIC_SERVER_HOST和SONIC_SERVER_PORT
       - SONIC_SERVER_HOST=192.168.1.1
       - SONIC_SERVER_PORT=3000
+      - SONIC_SERVER_HTTPS=false
+      - SONIC_SERVER_CA=/usr/local/share/ca-certificates/ca-cert.crt
       # Replace with ipv4 of the agent machine | 替换为部署Agent机器的ipv4
       - AGENT_HOST=192.168.1.1
       # Replace with the port of the agent service, which can be changed by yourself | 替换为Agent服务的端口，可以自行更改
       - AGENT_PORT=7777
       # Replace with the key of agent generated by the new front-end | 替换为前端新增Agent生成的key
       - AGENT_KEY=29002272-4659-4808-a804-08ce3388b136
-      # Replace with the bundleId of wda. If there is no. xcrunner suffix, it will be automatically completed. | 替换为wda的bundleId，如果没有.xctrunner后缀会自动补全
+      # Replace with the bundleId of wda. If there is no. xctrunner suffix, it will be automatically completed. | 替换为wda的bundleId，如果没有.xctrunner后缀会自动补全
       - WDA_BUNDLE_ID=com.facebook.WebDriverAgentRunner.xctrunner
     network_mode: "host"
     privileged: true
     volumes:
       - /dev/bus/usb:/dev/bus/usb
-      - /var/run/usbmuxd:/var/run/usbmuxd
+      - /var/run/usbmuxd:/var/run/usbmuxd
+      - /usr/local/share/ca-certificates:/usr/local/share/ca-certificates

src/main/docker/docker-compose.yml

@@ -6,16 +6,19 @@ services:
       # Change to SONIC_SERVER_HOST and SONIC_SERVER_PORT of server | 改成server的SONIC_SERVER_HOST和SONIC_SERVER_PORT
       - SONIC_SERVER_HOST=192.168.1.1
       - SONIC_SERVER_PORT=3000
+      - SONIC_SERVER_HTTPS=false
+      - SONIC_SERVER_CA=/usr/local/share/ca-certificates/ca-cert.crt
       # Replace with ipv4 of the agent machine | 替换为部署Agent机器的ipv4
       - AGENT_HOST=192.168.1.1
       # Replace with the port of the agent service, which can be changed by yourself | 替换为Agent服务的端口，可以自行更改
       - AGENT_PORT=7777
       # Replace with the key of agent generated by the new front-end | 替换为前端新增Agent生成的key
       - AGENT_KEY=29002272-4659-4808-a804-08ce3388b136
-      # Replace with the bundleId of wda. If there is no. xcrunner suffix, it will be automatically completed. | 替换为wda的bundleId，如果没有.xctrunner后缀会自动补全
+      # Replace with the bundleId of wda. If there is no. xctrunner suffix, it will be automatically completed. | 替换为wda的bundleId，如果没有.xctrunner后缀会自动补全
       - WDA_BUNDLE_ID=com.facebook.WebDriverAgentRunner.xctrunner
     network_mode: "host"
     privileged: true
     volumes:
       - /dev/bus/usb:/dev/bus/usb
-      - /var/run/usbmuxd:/var/run/usbmuxd
+      - /var/run/usbmuxd:/var/run/usbmuxd
+      - /usr/local/share/ca-certificates:/usr/local/share/ca-certificates

src/main/java/org/cloud/sonic/agent/transport/TransportConnectionThread.java

@@ -21,9 +21,19 @@
 import lombok.extern.slf4j.Slf4j;
 import org.cloud.sonic.agent.tools.SpringTool;
 
+import java.io.InputStream;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.io.FileInputStream;
 import java.net.URI;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
 /**
  * @author Eason
  * @date 2022/6/12 02:45
@@ -41,6 +51,8 @@ public class TransportConnectionThread implements Runnable {
 
     String serverHost = String.valueOf(SpringTool.getPropertiesValue("sonic.server.host"));
     Integer serverPort = Integer.valueOf(SpringTool.getPropertiesValue("sonic.server.port"));
+    String serverCaPath = String.valueOf(SpringTool.getPropertiesValue("sonic.server.ca"));
+    Boolean serverHttps = Boolean.valueOf(SpringTool.getPropertiesValue("sonic.server.https"));
     String key = String.valueOf(SpringTool.getPropertiesValue("sonic.agent.key"));
 
     @Override
@@ -50,10 +62,36 @@ public void run() {
             if (!TransportWorker.isKeyAuth) {
                 return;
             }
-            String url = String.format("ws://%s:%d/server/websockets/agent/%s",
-                    serverHost, serverPort, key).replace(":80/", "/");
+            String url = String.format("ws://%s:%d/server/websockets/agent/%s", serverHost, serverPort, key)
+                            .replace(":80/", "/")
+                            .replace("ws://", serverHttps ? "wss://" : "ws://");
+
             URI uri = URI.create(url);
             TransportClient transportClient = new TransportClient(uri);
+
+            if (serverHttps) {
+                try {
+                    log.info("Server Websocket: " + url);
+                    log.info("Server Ca: " + serverCaPath);
+                    InputStream is = new FileInputStream(serverCaPath);
+                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
+                    X509Certificate caCert = (X509Certificate)cf.generateCertificate(is);
+                    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+                    ks.load(null); // You don't need the KeyStore instance to come from a file.
+                    ks.setCertificateEntry("caCert", caCert);
+                    tmf.init(ks);
+
+                    SSLContext sslContext = SSLContext.getInstance("TLS");
+                    sslContext.init(null, tmf.getTrustManagers(), null);
+                    transportClient.setSocketFactory(sslContext.getSocketFactory());
+                }
+                catch (Exception ex) {
+                    StringWriter sw = new StringWriter();
+                    ex.printStackTrace(new PrintWriter(sw));
+                    log.error(sw.toString());
+                }
+            }
             transportClient.connect();
         } else {
             JSONObject ping = new JSONObject();