Example 1 with PrincipalEndpointContextMatcher
use of org.eclipse.californium.elements.PrincipalEndpointContextMatcher in project californium by eclipse.
the class SecureObserveTest method createSecureServer.
private void createSecureServer(MatcherMode mode, ConnectionIdGenerator cidGenerator) {
serverPskStore = new TestUtilPskStore();
Configuration config = network.createTestConfig().set(CoapConfig.ACK_TIMEOUT, 200, TimeUnit.MILLISECONDS).set(CoapConfig.ACK_INIT_RANDOM, 1f).set(CoapConfig.ACK_TIMEOUT_SCALE, 1f).set(CoapConfig.EXCHANGE_LIFETIME, 10, TimeUnit.SECONDS).set(CoapConfig.RESPONSE_MATCHING, mode).set(DtlsConfig.DTLS_RECEIVER_THREAD_COUNT, 2).set(DtlsConfig.DTLS_CONNECTOR_THREAD_COUNT, 2);
DtlsConnectorConfig dtlsConfig = DtlsConnectorConfig.builder(config).setAddress(TestTools.LOCALHOST_EPHEMERAL).setLoggingTag("server").setConnectionIdGenerator(cidGenerator).setAdvancedPskStore(serverPskStore).build();
serverConnector = new DTLSConnector(dtlsConfig);
CoapEndpoint.Builder builder = CoapEndpoint.builder();
builder.setConnector(serverConnector);
if (mode == MatcherMode.PRINCIPAL) {
builder.setEndpointContextMatcher(new PrincipalEndpointContextMatcher(true));
}
builder.setConfiguration(config);
serverEndpoint = builder.build();
CoapServer server = new CoapServer();
server.addEndpoint(serverEndpoint);
resource = new MyResource(TARGET);
server.add(resource);
server.start();
cleanup.add(server);
uri = TestTools.getUri(serverEndpoint, TARGET);
// prepare secure client endpoint
clientPskStore = new TestUtilPskStore();
DtlsConnectorConfig clientdtlsConfig = DtlsConnectorConfig.builder(config).setAddress(TestTools.LOCALHOST_EPHEMERAL).setLoggingTag("client").setConnectionIdGenerator(cidGenerator).setAdvancedPskStore(clientPskStore).build();
clientConnector = new DTLSConnector(clientdtlsConfig);
builder = new CoapEndpoint.Builder();
builder.setConnector(clientConnector);
builder.setConfiguration(config);
clientEndpoint = builder.build();
EndpointManager.getEndpointManager().setDefaultEndpoint(clientEndpoint);
setPskCredentials(IDENITITY, KEY);
System.out.println("coap-server " + uri);
System.out.println("coap-client " + clientEndpoint.getUri());
}
Also used :
PrincipalEndpointContextMatcher(org.eclipse.californium.elements.PrincipalEndpointContextMatcher)
Configuration(org.eclipse.californium.elements.config.Configuration)
CoapServer(org.eclipse.californium.core.CoapServer)
CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint)
DtlsConnectorConfig(org.eclipse.californium.scandium.config.DtlsConnectorConfig)
DTLSConnector(org.eclipse.californium.scandium.DTLSConnector)
Example 2 with PrincipalEndpointContextMatcher
use of org.eclipse.californium.elements.PrincipalEndpointContextMatcher in project californium by eclipse.
the class AbstractTestServer method addEndpoints.
/**
* Add endpoints.
*
* @param selectAddress list of regular expression to filter the endpoints by
* {@link InetAddress#getHostAddress()}. May be
* {@code null} or {@code empty}, if endpoints should not
* be filtered by their host address.
* @param interfaceTypes list of type to filter the endpoints. Maybe
* {@code null} or empty, if endpoints should not be
* filtered by type.
* @param protocols list of protocols to create endpoints for.
* @param cliConfig client cli-config.
*/
public void addEndpoints(List<String> selectAddress, List<InterfaceType> interfaceTypes, List<Protocol> protocols, BaseConfig cliConfig) {
int coapPort = config.get(CoapConfig.COAP_PORT);
int coapsPort = config.get(CoapConfig.COAP_SECURE_PORT);
if (protocols.contains(Protocol.DTLS) || protocols.contains(Protocol.TLS)) {
initCredentials();
serverSslContext = getServerSslContext(cliConfig.trustall, SslContextUtil.DEFAULT_SSL_PROTOCOL);
if (serverSslContext == null && protocols.contains(Protocol.TLS)) {
throw new IllegalArgumentException("TLS not supported, credentials missing!");
}
}
List<InetAddress> used = new ArrayList<>();
for (InetAddress addr : NetworkInterfacesUtil.getNetworkInterfaces()) {
if (used.contains(addr)) {
continue;
}
if (interfaceTypes != null && !interfaceTypes.isEmpty()) {
if (addr.isLoopbackAddress() || addr.isLinkLocalAddress()) {
if (!interfaceTypes.contains(InterfaceType.LOCAL)) {
String scope = "???";
if (addr.isLoopbackAddress()) {
scope = "lo";
} else if (addr.isLinkLocalAddress()) {
scope = "link";
}
LOGGER.info("{}skip local {} ({})", getTag(), addr, scope);
continue;
}
} else {
if (!interfaceTypes.contains(InterfaceType.EXTERNAL)) {
LOGGER.info("{}skip external {}", getTag(), addr);
continue;
}
}
if (addr instanceof Inet4Address) {
if (!interfaceTypes.contains(InterfaceType.IPV4)) {
LOGGER.info("{}skip ipv4 {}", getTag(), addr);
continue;
}
} else if (addr instanceof Inet6Address) {
if (!interfaceTypes.contains(InterfaceType.IPV6)) {
LOGGER.info("{}skip ipv6 {}", getTag(), addr);
continue;
}
}
}
if (selectAddress != null && !selectAddress.isEmpty()) {
boolean found = false;
String name = addr.getHostAddress();
for (String filter : selectAddress) {
if (name.matches(filter)) {
found = true;
break;
}
}
if (!found && addr instanceof Inet6Address) {
Matcher matcher = IPV6_SCOPE.matcher(name);
if (matcher.matches()) {
// apply filter also on interface name
name = matcher.group(1) + "%" + ((Inet6Address) addr).getScopedInterface().getName();
for (String filter : selectAddress) {
if (name.matches(filter)) {
found = true;
break;
}
}
}
}
if (!found) {
continue;
}
}
used.add(addr);
InterfaceType interfaceType = addr.isLoopbackAddress() ? InterfaceType.LOCAL : InterfaceType.EXTERNAL;
if (protocols.contains(Protocol.UDP) || protocols.contains(Protocol.TCP)) {
InetSocketAddress bindToAddress = new InetSocketAddress(addr, coapPort);
if (protocols.contains(Protocol.UDP)) {
Configuration udpConfig = getConfig(Protocol.UDP, interfaceType);
CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
builder.setInetSocketAddress(bindToAddress);
builder.setConfiguration(udpConfig);
CoapEndpoint endpoint = builder.build();
addEndpoint(endpoint);
print(endpoint, interfaceType);
}
if (protocols.contains(Protocol.TCP)) {
Configuration tcpConfig = getConfig(Protocol.TCP, interfaceType);
TcpServerConnector connector = new TcpServerConnector(bindToAddress, tcpConfig);
CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
builder.setConnector(connector);
builder.setConfiguration(tcpConfig);
CoapEndpoint endpoint = builder.build();
addEndpoint(endpoint);
print(endpoint, interfaceType);
}
}
if (protocols.contains(Protocol.DTLS) || protocols.contains(Protocol.TLS)) {
InetSocketAddress bindToAddress = new InetSocketAddress(addr, coapsPort);
if (protocols.contains(Protocol.DTLS)) {
Configuration dtlsConfig = getConfig(Protocol.DTLS, interfaceType);
int handshakeResultDelayMillis = dtlsConfig.getTimeAsInt(DTLS_HANDSHAKE_RESULT_DELAY, TimeUnit.MILLISECONDS);
DtlsConnectorConfig.Builder dtlsConfigBuilder = DtlsConnectorConfig.builder(dtlsConfig);
if (cliConfig.clientAuth != null) {
dtlsConfigBuilder.set(DtlsConfig.DTLS_CLIENT_AUTHENTICATION_MODE, cliConfig.clientAuth);
}
String tag = "dtls:" + StringUtil.toString(bindToAddress);
dtlsConfigBuilder.setLoggingTag(tag);
AsyncAdvancedPskStore asyncPskStore = new AsyncAdvancedPskStore(new PlugPskStore());
asyncPskStore.setDelay(handshakeResultDelayMillis);
dtlsConfigBuilder.setAdvancedPskStore(asyncPskStore);
dtlsConfigBuilder.setAddress(bindToAddress);
X509KeyManager keyManager = SslContextUtil.getX509KeyManager(serverCredentials);
AsyncKeyManagerCertificateProvider certificateProvider = new AsyncKeyManagerCertificateProvider(keyManager, CertificateType.RAW_PUBLIC_KEY, CertificateType.X_509);
certificateProvider.setDelay(handshakeResultDelayMillis);
dtlsConfigBuilder.setCertificateIdentityProvider(certificateProvider);
AsyncNewAdvancedCertificateVerifier.Builder verifierBuilder = AsyncNewAdvancedCertificateVerifier.builder();
if (cliConfig.trustall) {
verifierBuilder.setTrustAllCertificates();
} else {
verifierBuilder.setTrustedCertificates(trustedCertificates);
}
verifierBuilder.setTrustAllRPKs();
AsyncNewAdvancedCertificateVerifier verifier = verifierBuilder.build();
verifier.setDelay(handshakeResultDelayMillis);
dtlsConfigBuilder.setAdvancedCertificateVerifier(verifier);
AsyncResumptionVerifier resumptionVerifier = new AsyncResumptionVerifier();
resumptionVerifier.setDelay(handshakeResultDelayMillis);
dtlsConfigBuilder.setResumptionVerifier(resumptionVerifier);
dtlsConfigBuilder.setConnectionListener(new MdcConnectionListener());
if (dtlsConfig.get(SystemConfig.HEALTH_STATUS_INTERVAL, TimeUnit.MILLISECONDS) > 0) {
DtlsHealthLogger health = new DtlsHealthLogger(tag);
dtlsConfigBuilder.setHealthHandler(health);
add(health);
// reset to prevent active logger
dtlsConfigBuilder.set(SystemConfig.HEALTH_STATUS_INTERVAL, 0, TimeUnit.MILLISECONDS);
}
DTLSConnector connector = new DTLSConnector(dtlsConfigBuilder.build());
CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
builder.setConnector(connector);
if (MatcherMode.PRINCIPAL == dtlsConfig.get(CoapConfig.RESPONSE_MATCHING)) {
builder.setEndpointContextMatcher(new PrincipalEndpointContextMatcher(true));
}
builder.setConfiguration(dtlsConfig);
CoapEndpoint endpoint = builder.build();
addEndpoint(endpoint);
print(endpoint, interfaceType);
}
if (protocols.contains(Protocol.TLS) && serverSslContext != null) {
Configuration tlsConfig = getConfig(Protocol.TLS, interfaceType);
if (cliConfig.clientAuth != null) {
tlsConfig.set(TcpConfig.TLS_CLIENT_AUTHENTICATION_MODE, cliConfig.clientAuth);
}
int maxPeers = tlsConfig.get(CoapConfig.MAX_ACTIVE_PEERS);
int sessionTimeout = tlsConfig.getTimeAsInt(TcpConfig.TLS_SESSION_TIMEOUT, TimeUnit.SECONDS);
SSLSessionContext serverSessionContext = serverSslContext.getServerSessionContext();
if (serverSessionContext != null) {
serverSessionContext.setSessionTimeout(sessionTimeout);
serverSessionContext.setSessionCacheSize(maxPeers);
}
TlsServerConnector connector = new TlsServerConnector(serverSslContext, bindToAddress, tlsConfig);
CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
builder.setConnector(connector);
builder.setConfiguration(tlsConfig);
CoapEndpoint endpoint = builder.build();
addEndpoint(endpoint);
print(endpoint, interfaceType);
}
}
}
}
Also used :
PrincipalEndpointContextMatcher(org.eclipse.californium.elements.PrincipalEndpointContextMatcher)
AsyncAdvancedPskStore(org.eclipse.californium.scandium.dtls.pskstore.AsyncAdvancedPskStore)
AsyncKeyManagerCertificateProvider(org.eclipse.californium.scandium.dtls.x509.AsyncKeyManagerCertificateProvider)
Configuration(org.eclipse.californium.elements.config.Configuration)
AsyncResumptionVerifier(org.eclipse.californium.scandium.dtls.resumption.AsyncResumptionVerifier)
Matcher(java.util.regex.Matcher)
PrincipalEndpointContextMatcher(org.eclipse.californium.elements.PrincipalEndpointContextMatcher)
InetSocketAddress(java.net.InetSocketAddress)
ArrayList(java.util.ArrayList)
DtlsConnectorConfig(org.eclipse.californium.scandium.config.DtlsConnectorConfig)
DTLSConnector(org.eclipse.californium.scandium.DTLSConnector)
TcpServerConnector(org.eclipse.californium.elements.tcp.netty.TcpServerConnector)
X509KeyManager(javax.net.ssl.X509KeyManager)
AsyncNewAdvancedCertificateVerifier(org.eclipse.californium.scandium.dtls.x509.AsyncNewAdvancedCertificateVerifier)
Inet4Address(java.net.Inet4Address)
SSLSessionContext(javax.net.ssl.SSLSessionContext)
TlsServerConnector(org.eclipse.californium.elements.tcp.netty.TlsServerConnector)
MdcConnectionListener(org.eclipse.californium.scandium.MdcConnectionListener)
Inet6Address(java.net.Inet6Address)
DtlsHealthLogger(org.eclipse.californium.scandium.DtlsHealthLogger)
Endpoint(org.eclipse.californium.core.network.Endpoint)
CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint)
InetAddress(java.net.InetAddress)
CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint)
Example 3 with PrincipalEndpointContextMatcher
use of org.eclipse.californium.elements.PrincipalEndpointContextMatcher in project californium by eclipse.
the class EndpointContextMatcherFactory method create.
/**
* Create endpoint context matcher related to connector according the
* configuration.
*
* If connector supports "coaps:", RESPONSE_MATCHING is used to determine,
* if {@link StrictDtlsEndpointContextMatcher},
* {@link RelaxedDtlsEndpointContextMatcher}, or
* {@link PrincipalEndpointContextMatcher} is used.
*
* If connector supports "coap:", RESPONSE_MATCHING is used to determine, if
* {@link UdpEndpointContextMatcher} is used with disabled
* ({@link MatcherMode#RELAXED}) or enabled address check (otherwise).
*
* For other protocol flavors the corresponding matcher is used.
*
* @param connector connector to create related endpoint context matcher.
* @param config configuration.
* @return endpoint context matcher
* @since 3.0 (changed parameter to Configuration)
*/
public static EndpointContextMatcher create(Connector connector, Configuration config) {
String protocol = null;
if (null != connector) {
protocol = connector.getProtocol();
if (CoAP.PROTOCOL_TCP.equalsIgnoreCase(protocol)) {
return new TcpEndpointContextMatcher();
} else if (CoAP.PROTOCOL_TLS.equalsIgnoreCase(protocol)) {
return new TlsEndpointContextMatcher();
}
}
MatcherMode mode = config.get(CoapConfig.RESPONSE_MATCHING);
switch(mode) {
case RELAXED:
if (CoAP.PROTOCOL_UDP.equalsIgnoreCase(protocol)) {
return new UdpEndpointContextMatcher(false);
} else {
return new RelaxedDtlsEndpointContextMatcher();
}
case PRINCIPAL:
if (CoAP.PROTOCOL_UDP.equalsIgnoreCase(protocol)) {
return new UdpEndpointContextMatcher(true);
} else {
return new PrincipalEndpointContextMatcher();
}
case PRINCIPAL_IDENTITY:
if (CoAP.PROTOCOL_UDP.equalsIgnoreCase(protocol)) {
return new UdpEndpointContextMatcher(true);
} else {
return new PrincipalEndpointContextMatcher(true);
}
case STRICT:
default:
if (CoAP.PROTOCOL_UDP.equalsIgnoreCase(protocol)) {
return new UdpEndpointContextMatcher(true);
} else {
return new StrictDtlsEndpointContextMatcher();
}
}
}
Also used :
PrincipalEndpointContextMatcher(org.eclipse.californium.elements.PrincipalEndpointContextMatcher)
TlsEndpointContextMatcher(org.eclipse.californium.elements.TlsEndpointContextMatcher)
MatcherMode(org.eclipse.californium.core.config.CoapConfig.MatcherMode)
TcpEndpointContextMatcher(org.eclipse.californium.elements.TcpEndpointContextMatcher)
RelaxedDtlsEndpointContextMatcher(org.eclipse.californium.elements.RelaxedDtlsEndpointContextMatcher)
StrictDtlsEndpointContextMatcher(org.eclipse.californium.elements.StrictDtlsEndpointContextMatcher)
UdpEndpointContextMatcher(org.eclipse.californium.elements.UdpEndpointContextMatcher)
Aggregations
PrincipalEndpointContextMatcher (org.eclipse.californium.elements.PrincipalEndpointContextMatcher)3
CoapEndpoint (org.eclipse.californium.core.network.CoapEndpoint)2
Configuration (org.eclipse.californium.elements.config.Configuration)2
DTLSConnector (org.eclipse.californium.scandium.DTLSConnector)2
DtlsConnectorConfig (org.eclipse.californium.scandium.config.DtlsConnectorConfig)2
Inet4Address (java.net.Inet4Address)1
Inet6Address (java.net.Inet6Address)1
InetAddress (java.net.InetAddress)1
InetSocketAddress (java.net.InetSocketAddress)1
ArrayList (java.util.ArrayList)1
Matcher (java.util.regex.Matcher)1
SSLSessionContext (javax.net.ssl.SSLSessionContext)1
X509KeyManager (javax.net.ssl.X509KeyManager)1
CoapServer (org.eclipse.californium.core.CoapServer)1
MatcherMode (org.eclipse.californium.core.config.CoapConfig.MatcherMode)1
Endpoint (org.eclipse.californium.core.network.Endpoint)1
RelaxedDtlsEndpointContextMatcher (org.eclipse.californium.elements.RelaxedDtlsEndpointContextMatcher)1
StrictDtlsEndpointContextMatcher (org.eclipse.californium.elements.StrictDtlsEndpointContextMatcher)1
TcpEndpointContextMatcher (org.eclipse.californium.elements.TcpEndpointContextMatcher)1
TlsEndpointContextMatcher (org.eclipse.californium.elements.TlsEndpointContextMatcher)1
