Search in sources :

Example 6 with DTLSConnector

use of org.eclipse.californium.scandium.DTLSConnector in project leshan by eclipse.

the class SecurityTest method dont_sent_request_if_identity_change.

@Test
public void dont_sent_request_if_identity_change() throws NonUniqueSecurityInfoException, InterruptedException, IOException {
    // Create PSK server & start it
    // default server support PSK
    helper.createServer();
    helper.server.start();
    // Create PSK Client
    helper.createPSKClient();
    // Add client credentials to the server
    helper.getSecurityStore().add(SecurityInfo.newPreSharedKeyInfo(helper.getCurrentEndpoint(), GOOD_PSK_ID, GOOD_PSK_KEY));
    // Check client is not registered
    helper.assertClientNotRegisterered();
    // Start it and wait for registration
    helper.client.start();
    helper.waitForRegistration(1);
    // Check client is well registered
    helper.assertClientRegisterered();
    // Ensure we can send a read request
    helper.server.send(helper.getCurrentRegistration(), new ReadRequest(3, 0, 1));
    // Pause the client
    // helper.client.stop(false);
    // Add new credential to the server
    helper.getSecurityStore().add(SecurityInfo.newPreSharedKeyInfo(GOOD_ENDPOINT, "anotherPSK", GOOD_PSK_KEY));
    // Get connector
    Endpoint endpoint = helper.client.getCoapServer().getEndpoint(helper.client.getSecuredAddress());
    DTLSConnector connector = (DTLSConnector) ((CoapEndpoint) endpoint).getConnector();
    // Clear DTLS session to force new handshake
    connector.clearConnectionState();
    // Change PSK idea
    helper.setNewPsk(helper.client, "anotherPSK");
    // restart connector
    connector.start();
    // send and empty message to force a new handshake with new credentials
    SimpleMessageCallback callback = new SimpleMessageCallback();
    connector.send(RawData.outbound(new byte[0], new AddressEndpointContext(helper.server.getSecuredAddress()), callback, false));
    // Wait until new handshake DTLS is done
    EndpointContext endpointContext = callback.getEndpointContext(1000);
    assertEquals(endpointContext.getPeerIdentity().getName(), "anotherPSK");
    // Try to send a read request this should failed with an SendFailedException.
    try {
        helper.server.send(helper.getCurrentRegistration(), new ReadRequest(3, 0, 1), 1000);
        fail("send must failed");
    } catch (SendFailedException e) {
        assertTrue("must be caused by an EndpointMismatchException", e.getCause() instanceof EndpointMismatchException);
    } finally {
        connector.stop();
        helper.client.destroy(false);
        helper.client = null;
    }
}
Also used : SendFailedException(org.eclipse.leshan.core.request.exception.SendFailedException) EndpointMismatchException(org.eclipse.californium.elements.EndpointMismatchException) CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint) Endpoint(org.eclipse.californium.core.network.Endpoint) AddressEndpointContext(org.eclipse.californium.elements.AddressEndpointContext) EndpointContext(org.eclipse.californium.elements.EndpointContext) AddressEndpointContext(org.eclipse.californium.elements.AddressEndpointContext) SimpleMessageCallback(org.eclipse.californium.elements.util.SimpleMessageCallback) DTLSConnector(org.eclipse.californium.scandium.DTLSConnector) ReadRequest(org.eclipse.leshan.core.request.ReadRequest) Test(org.junit.Test)

Example 7 with DTLSConnector

use of org.eclipse.californium.scandium.DTLSConnector in project leshan by eclipse.

the class SecureIntegrationTestHelper method createX509CertClient.

// TODO implement X509 support for client
public void createX509CertClient(PrivateKey privatekey, Certificate[] trustedCertificates) {
    ObjectsInitializer initializer = new ObjectsInitializer();
    // TODO security instance with certificate info
    initializer.setInstancesForObject(LwM2mId.SECURITY, Security.noSec("coaps://" + server.getSecuredAddress().getHostString() + ":" + server.getSecuredAddress().getPort(), 12345));
    initializer.setInstancesForObject(LwM2mId.SERVER, new Server(12345, LIFETIME, BindingMode.U, false));
    initializer.setInstancesForObject(LwM2mId.DEVICE, new Device("Eclipse Leshan", MODEL_NUMBER, "12345", "U"));
    List<LwM2mObjectEnabler> objects = initializer.createMandatory();
    objects.add(initializer.create(2));
    InetSocketAddress clientAddress = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
    DtlsConnectorConfig.Builder config = new DtlsConnectorConfig.Builder().setAddress(clientAddress);
    // TODO we should read the config from the security object
    config.setIdentity(privatekey, clientX509CertChain, false);
    config.setTrustStore(trustedCertificates);
    CoapServer coapServer = new CoapServer();
    CoapEndpoint.CoapEndpointBuilder coapBuilder = new CoapEndpoint.CoapEndpointBuilder();
    coapBuilder.setConnector(new DTLSConnector(config.build()));
    coapBuilder.setNetworkConfig(new NetworkConfig());
    coapServer.addEndpoint(coapBuilder.build());
    LeshanClientBuilder builder = new LeshanClientBuilder(getCurrentEndpoint());
    builder.setLocalAddress(clientAddress.getHostString(), clientAddress.getPort());
    builder.setObjects(objects);
    client = builder.build();
}
Also used : LwM2mObjectEnabler(org.eclipse.leshan.client.resource.LwM2mObjectEnabler) CoapServer(org.eclipse.californium.core.CoapServer) Server(org.eclipse.leshan.client.object.Server) ObjectsInitializer(org.eclipse.leshan.client.resource.ObjectsInitializer) Device(org.eclipse.leshan.client.object.Device) InetSocketAddress(java.net.InetSocketAddress) LeshanClientBuilder(org.eclipse.leshan.client.californium.LeshanClientBuilder) NetworkConfig(org.eclipse.californium.core.network.config.NetworkConfig) CoapServer(org.eclipse.californium.core.CoapServer) DtlsConnectorConfig(org.eclipse.californium.scandium.config.DtlsConnectorConfig) DTLSConnector(org.eclipse.californium.scandium.DTLSConnector) CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint)

Example 8 with DTLSConnector

use of org.eclipse.californium.scandium.DTLSConnector in project leshan by eclipse.

the class SecureIntegrationTestHelper method createRPKClient.

// TODO implement RPK support for client
public void createRPKClient() {
    ObjectsInitializer initializer = new ObjectsInitializer();
    initializer.setInstancesForObject(LwM2mId.SECURITY, Security.rpk("coaps://" + server.getSecuredAddress().getHostString() + ":" + server.getSecuredAddress().getPort(), 12345, clientPublicKey.getEncoded(), clientPrivateKey.getEncoded(), serverPublicKey.getEncoded()));
    initializer.setInstancesForObject(LwM2mId.SERVER, new Server(12345, LIFETIME, BindingMode.U, false));
    initializer.setInstancesForObject(LwM2mId.DEVICE, new Device("Eclipse Leshan", MODEL_NUMBER, "12345", "U"));
    List<LwM2mObjectEnabler> objects = initializer.createMandatory();
    objects.add(initializer.create(2));
    InetSocketAddress clientAddress = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
    DtlsConnectorConfig.Builder config = new DtlsConnectorConfig.Builder().setAddress(clientAddress);
    // TODO we should read the config from the security object
    // TODO no way to provide a dynamic config with the current scandium API
    config.setIdentity(clientPrivateKey, clientPublicKey);
    CoapServer coapServer = new CoapServer();
    CoapEndpoint.CoapEndpointBuilder coapBuilder = new CoapEndpoint.CoapEndpointBuilder();
    coapBuilder.setConnector(new DTLSConnector(config.build()));
    coapBuilder.setNetworkConfig(new NetworkConfig());
    coapServer.addEndpoint(coapBuilder.build());
    LeshanClientBuilder builder = new LeshanClientBuilder(getCurrentEndpoint());
    builder.setLocalAddress(clientAddress.getHostString(), clientAddress.getPort());
    builder.setObjects(objects);
    client = builder.build();
}
Also used : LwM2mObjectEnabler(org.eclipse.leshan.client.resource.LwM2mObjectEnabler) CoapServer(org.eclipse.californium.core.CoapServer) Server(org.eclipse.leshan.client.object.Server) ObjectsInitializer(org.eclipse.leshan.client.resource.ObjectsInitializer) Device(org.eclipse.leshan.client.object.Device) InetSocketAddress(java.net.InetSocketAddress) LeshanClientBuilder(org.eclipse.leshan.client.californium.LeshanClientBuilder) NetworkConfig(org.eclipse.californium.core.network.config.NetworkConfig) CoapServer(org.eclipse.californium.core.CoapServer) DtlsConnectorConfig(org.eclipse.californium.scandium.config.DtlsConnectorConfig) DTLSConnector(org.eclipse.californium.scandium.DTLSConnector) CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint)

Aggregations

DTLSConnector (org.eclipse.californium.scandium.DTLSConnector)8 InetSocketAddress (java.net.InetSocketAddress)7 CoapEndpoint (org.eclipse.californium.core.network.CoapEndpoint)7 DtlsConnectorConfig (org.eclipse.californium.scandium.config.DtlsConnectorConfig)7 Device (org.eclipse.leshan.client.object.Device)3 Server (org.eclipse.leshan.client.object.Server)3 LwM2mObjectEnabler (org.eclipse.leshan.client.resource.LwM2mObjectEnabler)3 ObjectsInitializer (org.eclipse.leshan.client.resource.ObjectsInitializer)3 URI (java.net.URI)2 URISyntaxException (java.net.URISyntaxException)2 CoapServer (org.eclipse.californium.core.CoapServer)2 NetworkConfig (org.eclipse.californium.core.network.config.NetworkConfig)2 Builder (org.eclipse.californium.scandium.config.DtlsConnectorConfig.Builder)2 StaticPskStore (org.eclipse.californium.scandium.dtls.pskstore.StaticPskStore)2 LeshanClientBuilder (org.eclipse.leshan.client.californium.LeshanClientBuilder)2 Lwm2mEndpointContextMatcher (org.eclipse.leshan.core.californium.Lwm2mEndpointContextMatcher)2 TradfriCoapClient (org.eclipse.smarthome.binding.tradfri.internal.TradfriCoapClient)2 TradfriCoapEndpoint (org.eclipse.smarthome.binding.tradfri.internal.TradfriCoapEndpoint)2 TradfriGatewayConfig (org.eclipse.smarthome.binding.tradfri.internal.config.TradfriGatewayConfig)2 JsonObject (com.google.gson.JsonObject)1