diff --git a/bundles/org.openhab.binding.hue/src/main/java/org/openhab/binding/hue/internal/connection/HueTlsTrustManagerProvider.java b/bundles/org.openhab.binding.hue/src/main/java/org/openhab/binding/hue/internal/connection/HueTlsTrustManagerProvider.java index 5fa2820edee70..414de92f40af4 100644 --- a/bundles/org.openhab.binding.hue/src/main/java/org/openhab/binding/hue/internal/connection/HueTlsTrustManagerProvider.java +++ b/bundles/org.openhab.binding.hue/src/main/java/org/openhab/binding/hue/internal/connection/HueTlsTrustManagerProvider.java @@ -44,6 +44,8 @@ public class HueTlsTrustManagerProvider implements TlsTrustManagerProvider { private final Logger logger = LoggerFactory.getLogger(HueTlsTrustManagerProvider.class); + private @Nullable PEMTrustManager trustManager; + public HueTlsTrustManagerProvider(String hostname, boolean useSelfSignedCertificate) { this.hostname = hostname; this.useSelfSignedCertificate = useSelfSignedCertificate; @@ -56,20 +58,33 @@ public String getHostName() { @Override public X509ExtendedTrustManager getTrustManager() { + PEMTrustManager localTrustManager = getPEMTrustManager(); + if (localTrustManager == null) { + logger.error("Cannot get the PEM certificate - returning a TrustAllTrustManager"); + } + return localTrustManager != null ? localTrustManager : TrustAllTrustManager.getInstance(); + } + + public @Nullable PEMTrustManager getPEMTrustManager() { + PEMTrustManager localTrustManager = trustManager; + if (localTrustManager != null) { + return localTrustManager; + } try { if (useSelfSignedCertificate) { logger.trace("Use self-signed certificate downloaded from Hue Bridge."); // use self-signed certificate downloaded from Hue Bridge - return PEMTrustManager.getInstanceFromServer("https://" + getHostName()); + localTrustManager = PEMTrustManager.getInstanceFromServer("https://" + getHostName()); } else { logger.trace("Use Signify private CA Certificate for Hue Bridges from resources."); // use Signify private CA Certificate for Hue Bridges from resources - return getInstanceFromResource(PEM_FILENAME); + localTrustManager = getInstanceFromResource(PEM_FILENAME); } + this.trustManager = localTrustManager; } catch (CertificateException | MalformedURLException e) { - logger.error("An unexpected exception occurred - returning a TrustAllTrustManager: {}", e.getMessage(), e); + logger.debug("An unexpected exception occurred: {}", e.getMessage(), e); } - return TrustAllTrustManager.getInstance(); + return localTrustManager; } /** diff --git a/bundles/org.openhab.binding.hue/src/main/java/org/openhab/binding/hue/internal/handler/HueBridgeHandler.java b/bundles/org.openhab.binding.hue/src/main/java/org/openhab/binding/hue/internal/handler/HueBridgeHandler.java index 1afcef5180d51..22686f89c527f 100644 --- a/bundles/org.openhab.binding.hue/src/main/java/org/openhab/binding/hue/internal/handler/HueBridgeHandler.java +++ b/bundles/org.openhab.binding.hue/src/main/java/org/openhab/binding/hue/internal/handler/HueBridgeHandler.java @@ -706,20 +706,35 @@ public void initialize() { "@text/offline.conf-error-no-ip-address"); } else { if (hueBridge == null) { - if (HueBridgeConfig.HTTPS.equals(hueBridgeConfig.protocol)) { - // register trustmanager service - HueTlsTrustManagerProvider tlsTrustManagerProvider = new HueTlsTrustManagerProvider( - ip + ":" + hueBridgeConfig.getPort(), hueBridgeConfig.useSelfSignedCertificate); - serviceRegistration = FrameworkUtil.getBundle(getClass()).getBundleContext() - .registerService(TlsTrustManagerProvider.class.getName(), tlsTrustManagerProvider, null); - } - hueBridge = new HueBridge(httpClient, ip, hueBridgeConfig.getPort(), hueBridgeConfig.protocol, scheduler); updateStatus(ThingStatus.UNKNOWN); + + if (HueBridgeConfig.HTTPS.equals(hueBridgeConfig.protocol)) { + scheduler.submit(() -> { + // register trustmanager service + HueTlsTrustManagerProvider tlsTrustManagerProvider = new HueTlsTrustManagerProvider( + ip + ":" + hueBridgeConfig.getPort(), hueBridgeConfig.useSelfSignedCertificate); + + // Check before registering that the PEM certificate can be downloaded + if (tlsTrustManagerProvider.getPEMTrustManager() == null) { + updateStatus(ThingStatus.OFFLINE, ThingStatusDetail.CONFIGURATION_ERROR, + "@text/offline.conf-error-https-connection"); + return; + } + + serviceRegistration = FrameworkUtil.getBundle(getClass()).getBundleContext().registerService( + TlsTrustManagerProvider.class.getName(), tlsTrustManagerProvider, null); + + onUpdate(); + }); + } else { + onUpdate(); + } + } else { + onUpdate(); } - onUpdate(); } } diff --git a/bundles/org.openhab.binding.hue/src/main/resources/OH-INF/i18n/hue.properties b/bundles/org.openhab.binding.hue/src/main/resources/OH-INF/i18n/hue.properties index 2b2af1df10a66..9f376076c6e65 100644 --- a/bundles/org.openhab.binding.hue/src/main/resources/OH-INF/i18n/hue.properties +++ b/bundles/org.openhab.binding.hue/src/main/resources/OH-INF/i18n/hue.properties @@ -148,6 +148,7 @@ config-status.error.missing-ip-address-configuration = No IP address for the Hue # thing status descriptions offline.communication-error = An unexpected exception occurred during execution. +offline.conf-error-https-connection = HTTPS secure connection failed. Please check your configuration settings (network address, protocol, port, type of certificate) and change protocol to http when using a V1 bridge. offline.conf-error-invalid-ssl-certificate = Invalid certificate for secured connection. You might want to enable the "Use Self-Signed Certificate" configuration. offline.conf-error-no-ip-address = Cannot connect to Hue Bridge. IP address not available in configuration. offline.conf-error-no-username = Cannot connect to Hue Bridge. User name for authentication not available in configuration.