use of org.eclipse.californium.scandium.DTLSConnector in project californium by eclipse.
the class ExampleSecureProxy2 method main.
public static void main(String[] args) throws IOException, GeneralSecurityException {
Configuration proxyConfig = Configuration.createWithFile(CONFIG_FILE, CONFIG_HEADER, DEFAULTS);
ExampleSecureProxy2 proxy = new ExampleSecureProxy2(proxyConfig);
Configuration config = ExampleCoapServer.init();
for (int index = 0; index < args.length; ++index) {
Integer port = parse(args[index], "coaps", ExampleCoapServer.DEFAULT_COAP_SECURE_PORT, config, CoapConfig.COAP_SECURE_PORT);
if (port != null) {
DtlsConnectorConfig.Builder builder = SecureEndpointPool.setupServer(config);
builder.setAddress(new InetSocketAddress(port));
DTLSConnector connector = new DTLSConnector(builder.build());
CoapEndpoint endpoint = CoapEndpoint.builder().setConfiguration(config).setConnector(connector).build();
new ExampleCoapServer(endpoint);
// reverse proxy: add a proxy resource with a translator
// returning a fixed destination URI
// don't add this to the ProxyMessageDeliverer
URI destination = URI.create("coaps://localhost:" + port + "/coap-target");
CoapResource reverseProxy = ProxyCoapResource.createReverseProxy("destination1", true, true, true, destination, proxy.pool);
proxy.coapProxyServer.getRoot().getChild("targets").add(reverseProxy);
System.out.println("CoAP Proxy at: coap://localhost:" + proxy.coapPort + "/coap2coap and demo-server at coaps://localhost:" + port + ExampleCoapServer.RESOURCE);
}
}
startManagamentStatistic();
Runtime runtime = Runtime.getRuntime();
long max = runtime.maxMemory();
System.out.println(ExampleSecureProxy2.class.getSimpleName() + " started (" + max / (1024 * 1024) + "MB heap) ...");
long lastGcCount = 0;
NetStatLogger netstat = new NetStatLogger("udp", false);
for (; ; ) {
try {
Thread.sleep(15000);
} catch (InterruptedException e) {
break;
}
long used = runtime.totalMemory() - runtime.freeMemory();
int fill = (int) ((used * 100L) / max);
if (fill > 80) {
System.out.println("Maxium heap size: " + max / (1024 * 1024) + "M " + fill + "% used.");
System.out.println("Heap may exceed! Enlarge the maxium heap size.");
System.out.println("Or consider to reduce the value of " + CoapConfig.EXCHANGE_LIFETIME);
System.out.println("in \"" + CONFIG_FILE + "\" or set");
System.out.println(CoapConfig.DEDUPLICATOR + " to " + CoapConfig.NO_DEDUPLICATOR + " there.");
}
long gcCount = 0;
for (GarbageCollectorMXBean gcMXBean : ManagementFactory.getGarbageCollectorMXBeans()) {
long count = gcMXBean.getCollectionCount();
if (0 < count) {
gcCount += count;
}
}
if (lastGcCount < gcCount) {
printManagamentStatistic();
lastGcCount = gcCount;
netstat.dump();
}
}
}
use of org.eclipse.californium.scandium.DTLSConnector in project californium by eclipse.
the class AbstractTestServer method addEndpoints.
/**
* Add endpoints.
*
* @param selectAddress list of regular expression to filter the endpoints by
* {@link InetAddress#getHostAddress()}. May be
* {@code null} or {@code empty}, if endpoints should not
* be filtered by their host address.
* @param interfaceTypes list of type to filter the endpoints. Maybe
* {@code null} or empty, if endpoints should not be
* filtered by type.
* @param protocols list of protocols to create endpoints for.
* @param cliConfig client cli-config.
*/
public void addEndpoints(List<String> selectAddress, List<InterfaceType> interfaceTypes, List<Protocol> protocols, BaseConfig cliConfig) {
int coapPort = config.get(CoapConfig.COAP_PORT);
int coapsPort = config.get(CoapConfig.COAP_SECURE_PORT);
if (protocols.contains(Protocol.DTLS) || protocols.contains(Protocol.TLS)) {
initCredentials();
serverSslContext = getServerSslContext(cliConfig.trustall, SslContextUtil.DEFAULT_SSL_PROTOCOL);
if (serverSslContext == null && protocols.contains(Protocol.TLS)) {
throw new IllegalArgumentException("TLS not supported, credentials missing!");
}
}
List<InetAddress> used = new ArrayList<>();
for (InetAddress addr : NetworkInterfacesUtil.getNetworkInterfaces()) {
if (used.contains(addr)) {
continue;
}
if (interfaceTypes != null && !interfaceTypes.isEmpty()) {
if (addr.isLoopbackAddress() || addr.isLinkLocalAddress()) {
if (!interfaceTypes.contains(InterfaceType.LOCAL)) {
String scope = "???";
if (addr.isLoopbackAddress()) {
scope = "lo";
} else if (addr.isLinkLocalAddress()) {
scope = "link";
}
LOGGER.info("{}skip local {} ({})", getTag(), addr, scope);
continue;
}
} else {
if (!interfaceTypes.contains(InterfaceType.EXTERNAL)) {
LOGGER.info("{}skip external {}", getTag(), addr);
continue;
}
}
if (addr instanceof Inet4Address) {
if (!interfaceTypes.contains(InterfaceType.IPV4)) {
LOGGER.info("{}skip ipv4 {}", getTag(), addr);
continue;
}
} else if (addr instanceof Inet6Address) {
if (!interfaceTypes.contains(InterfaceType.IPV6)) {
LOGGER.info("{}skip ipv6 {}", getTag(), addr);
continue;
}
}
}
if (selectAddress != null && !selectAddress.isEmpty()) {
boolean found = false;
String name = addr.getHostAddress();
for (String filter : selectAddress) {
if (name.matches(filter)) {
found = true;
break;
}
}
if (!found && addr instanceof Inet6Address) {
Matcher matcher = IPV6_SCOPE.matcher(name);
if (matcher.matches()) {
// apply filter also on interface name
name = matcher.group(1) + "%" + ((Inet6Address) addr).getScopedInterface().getName();
for (String filter : selectAddress) {
if (name.matches(filter)) {
found = true;
break;
}
}
}
}
if (!found) {
continue;
}
}
used.add(addr);
InterfaceType interfaceType = addr.isLoopbackAddress() ? InterfaceType.LOCAL : InterfaceType.EXTERNAL;
if (protocols.contains(Protocol.UDP) || protocols.contains(Protocol.TCP)) {
InetSocketAddress bindToAddress = new InetSocketAddress(addr, coapPort);
if (protocols.contains(Protocol.UDP)) {
Configuration udpConfig = getConfig(Protocol.UDP, interfaceType);
CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
builder.setInetSocketAddress(bindToAddress);
builder.setConfiguration(udpConfig);
CoapEndpoint endpoint = builder.build();
addEndpoint(endpoint);
print(endpoint, interfaceType);
}
if (protocols.contains(Protocol.TCP)) {
Configuration tcpConfig = getConfig(Protocol.TCP, interfaceType);
TcpServerConnector connector = new TcpServerConnector(bindToAddress, tcpConfig);
CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
builder.setConnector(connector);
builder.setConfiguration(tcpConfig);
CoapEndpoint endpoint = builder.build();
addEndpoint(endpoint);
print(endpoint, interfaceType);
}
}
if (protocols.contains(Protocol.DTLS) || protocols.contains(Protocol.TLS)) {
InetSocketAddress bindToAddress = new InetSocketAddress(addr, coapsPort);
if (protocols.contains(Protocol.DTLS)) {
Configuration dtlsConfig = getConfig(Protocol.DTLS, interfaceType);
int handshakeResultDelayMillis = dtlsConfig.getTimeAsInt(DTLS_HANDSHAKE_RESULT_DELAY, TimeUnit.MILLISECONDS);
DtlsConnectorConfig.Builder dtlsConfigBuilder = DtlsConnectorConfig.builder(dtlsConfig);
if (cliConfig.clientAuth != null) {
dtlsConfigBuilder.set(DtlsConfig.DTLS_CLIENT_AUTHENTICATION_MODE, cliConfig.clientAuth);
}
String tag = "dtls:" + StringUtil.toString(bindToAddress);
dtlsConfigBuilder.setLoggingTag(tag);
AsyncAdvancedPskStore asyncPskStore = new AsyncAdvancedPskStore(new PlugPskStore());
asyncPskStore.setDelay(handshakeResultDelayMillis);
dtlsConfigBuilder.setAdvancedPskStore(asyncPskStore);
dtlsConfigBuilder.setAddress(bindToAddress);
X509KeyManager keyManager = SslContextUtil.getX509KeyManager(serverCredentials);
AsyncKeyManagerCertificateProvider certificateProvider = new AsyncKeyManagerCertificateProvider(keyManager, CertificateType.RAW_PUBLIC_KEY, CertificateType.X_509);
certificateProvider.setDelay(handshakeResultDelayMillis);
dtlsConfigBuilder.setCertificateIdentityProvider(certificateProvider);
AsyncNewAdvancedCertificateVerifier.Builder verifierBuilder = AsyncNewAdvancedCertificateVerifier.builder();
if (cliConfig.trustall) {
verifierBuilder.setTrustAllCertificates();
} else {
verifierBuilder.setTrustedCertificates(trustedCertificates);
}
verifierBuilder.setTrustAllRPKs();
AsyncNewAdvancedCertificateVerifier verifier = verifierBuilder.build();
verifier.setDelay(handshakeResultDelayMillis);
dtlsConfigBuilder.setAdvancedCertificateVerifier(verifier);
AsyncResumptionVerifier resumptionVerifier = new AsyncResumptionVerifier();
resumptionVerifier.setDelay(handshakeResultDelayMillis);
dtlsConfigBuilder.setResumptionVerifier(resumptionVerifier);
dtlsConfigBuilder.setConnectionListener(new MdcConnectionListener());
if (dtlsConfig.get(SystemConfig.HEALTH_STATUS_INTERVAL, TimeUnit.MILLISECONDS) > 0) {
DtlsHealthLogger health = new DtlsHealthLogger(tag);
dtlsConfigBuilder.setHealthHandler(health);
add(health);
// reset to prevent active logger
dtlsConfigBuilder.set(SystemConfig.HEALTH_STATUS_INTERVAL, 0, TimeUnit.MILLISECONDS);
}
DTLSConnector connector = new DTLSConnector(dtlsConfigBuilder.build());
CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
builder.setConnector(connector);
if (MatcherMode.PRINCIPAL == dtlsConfig.get(CoapConfig.RESPONSE_MATCHING)) {
builder.setEndpointContextMatcher(new PrincipalEndpointContextMatcher(true));
}
builder.setConfiguration(dtlsConfig);
CoapEndpoint endpoint = builder.build();
addEndpoint(endpoint);
print(endpoint, interfaceType);
}
if (protocols.contains(Protocol.TLS) && serverSslContext != null) {
Configuration tlsConfig = getConfig(Protocol.TLS, interfaceType);
if (cliConfig.clientAuth != null) {
tlsConfig.set(TcpConfig.TLS_CLIENT_AUTHENTICATION_MODE, cliConfig.clientAuth);
}
int maxPeers = tlsConfig.get(CoapConfig.MAX_ACTIVE_PEERS);
int sessionTimeout = tlsConfig.getTimeAsInt(TcpConfig.TLS_SESSION_TIMEOUT, TimeUnit.SECONDS);
SSLSessionContext serverSessionContext = serverSslContext.getServerSessionContext();
if (serverSessionContext != null) {
serverSessionContext.setSessionTimeout(sessionTimeout);
serverSessionContext.setSessionCacheSize(maxPeers);
}
TlsServerConnector connector = new TlsServerConnector(serverSslContext, bindToAddress, tlsConfig);
CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
builder.setConnector(connector);
builder.setConfiguration(tlsConfig);
CoapEndpoint endpoint = builder.build();
addEndpoint(endpoint);
print(endpoint, interfaceType);
}
}
}
}
use of org.eclipse.californium.scandium.DTLSConnector in project californium by eclipse.
the class SecureClient method main.
public static void main(String[] args) throws InterruptedException {
System.out.println("Usage: java -cp ... org.eclipse.californium.examples.SecureClient [PSK|ECDHE_PSK] [RPK|RPK_TRUST] [X509|X509_TRUST]");
System.out.println("Default: [PSK] [RPK] [X509]");
Configuration configuration = Configuration.createWithFile(CONFIG_FILE, CONFIG_HEADER, DEFAULTS);
Configuration.setStandard(configuration);
DtlsConnectorConfig.Builder builder = DtlsConnectorConfig.builder(configuration);
CredentialsUtil.setupCid(args, builder);
List<Mode> modes = CredentialsUtil.parse(args, CredentialsUtil.DEFAULT_CLIENT_MODES, SUPPORTED_MODES);
if (modes.contains(CredentialsUtil.Mode.PSK) || modes.contains(CredentialsUtil.Mode.ECDHE_PSK)) {
builder.setAdvancedPskStore(new AdvancedSinglePskStore(CredentialsUtil.OPEN_PSK_IDENTITY, CredentialsUtil.OPEN_PSK_SECRET));
}
CredentialsUtil.setupCredentials(builder, CredentialsUtil.CLIENT_NAME, modes);
// uncomment next line to load pem file for the example
// CredentialsUtil.loadCredentials(builder, "client.pem");
DTLSConnector dtlsConnector = new DTLSConnector(builder.build());
SecureClient client = new SecureClient(dtlsConnector, configuration);
client.test();
}
use of org.eclipse.californium.scandium.DTLSConnector in project californium by eclipse.
the class SecureServer method main.
public static void main(String[] args) {
System.out.println("Usage: java -jar ... [PSK] [ECDHE_PSK] [RPK] [X509] [WANT_AUTH|NO_AUTH]");
System.out.println("Default : [PSK] [ECDHE_PSK] [RPK] [X509]");
Configuration configuration = Configuration.createWithFile(CONFIG_FILE, CONFIG_HEADER, DEFAULTS);
Configuration.setStandard(configuration);
int dtlsPort = configuration.get(CoapConfig.COAP_SECURE_PORT);
CoapServer server = new CoapServer();
server.add(new CoapResource("secure") {
@Override
public void handleGET(CoapExchange exchange) {
exchange.respond(ResponseCode.CONTENT, "hello security");
}
});
// ETSI Plugtest environment
// server.addEndpoint(new CoAPEndpoint(new DTLSConnector(new InetSocketAddress("::1", DTLS_PORT)), NetworkConfig.getStandard()));
// server.addEndpoint(new CoAPEndpoint(new DTLSConnector(new InetSocketAddress("127.0.0.1", DTLS_PORT)), NetworkConfig.getStandard()));
// server.addEndpoint(new CoAPEndpoint(new DTLSConnector(new InetSocketAddress("2a01:c911:0:2010::10", DTLS_PORT)), NetworkConfig.getStandard()));
// server.addEndpoint(new CoAPEndpoint(new DTLSConnector(new InetSocketAddress("10.200.1.2", DTLS_PORT)), NetworkConfig.getStandard()));
DtlsConnectorConfig.Builder builder = DtlsConnectorConfig.builder(configuration).setAddress(new InetSocketAddress(dtlsPort));
CredentialsUtil.setupCid(args, builder);
List<Mode> modes = CredentialsUtil.parse(args, CredentialsUtil.DEFAULT_SERVER_MODES, SUPPORTED_MODES);
CredentialsUtil.setupCredentials(builder, CredentialsUtil.SERVER_NAME, modes);
builder.setConnectionListener(new MdcConnectionListener());
DTLSConnector connector = new DTLSConnector(builder.build());
CoapEndpoint.Builder coapBuilder = new CoapEndpoint.Builder().setConfiguration(configuration).setConnector(connector);
server.addEndpoint(coapBuilder.build());
server.start();
// add special interceptor for message traces
for (Endpoint ep : server.getEndpoints()) {
ep.addInterceptor(new MessageTracer());
}
System.out.println("Secure CoAP server powered by Scandium (Sc) is listening on port " + dtlsPort);
}
use of org.eclipse.californium.scandium.DTLSConnector in project hono by eclipse.
the class ConfigBasedCoapEndpointFactory method createSecureEndpoint.
private Future<Endpoint> createSecureEndpoint(final int port, final NetworkConfig networkConfig) {
if (deviceResolver == null) {
return Future.failedFuture(new IllegalStateException("infoSupplier property must be set for secure endpoint"));
}
if (pskStore == null) {
return Future.failedFuture(new IllegalStateException("pskStore property must be set for secure endpoint"));
}
LOG.info("creating secure endpoint");
final DtlsConnectorConfig.Builder dtlsConfig = new DtlsConnectorConfig.Builder();
// prevent session resumption
dtlsConfig.setNoServerSessionId(true);
dtlsConfig.setServerOnly(true);
dtlsConfig.setRecommendedCipherSuitesOnly(true);
dtlsConfig.setClientAuthenticationRequired(true);
dtlsConfig.setAddress(new InetSocketAddress(config.getBindAddress(), port));
dtlsConfig.setApplicationLevelInfoSupplier(deviceResolver);
dtlsConfig.setAdvancedPskStore(pskStore);
dtlsConfig.setRetransmissionTimeout(config.getDtlsRetransmissionTimeout());
dtlsConfig.setMaxConnections(networkConfig.getInt(Keys.MAX_ACTIVE_PEERS));
dtlsConfig.setSniEnabled(true);
addIdentity(dtlsConfig);
try {
final DtlsConnectorConfig dtlsConnectorConfig = dtlsConfig.build();
if (LOG.isInfoEnabled()) {
final String ciphers = dtlsConnectorConfig.getSupportedCipherSuites().stream().map(cipher -> cipher.name()).collect(Collectors.joining(", "));
LOG.info("creating secure endpoint supporting ciphers: {}", ciphers);
}
final DTLSConnector dtlsConnector = new DTLSConnector(dtlsConnectorConfig);
final CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
builder.setNetworkConfig(networkConfig);
builder.setConnector(dtlsConnector);
builder.setObservationStore(observationStore);
return Future.succeededFuture(builder.build());
} catch (final IllegalStateException ex) {
LOG.warn("failed to create secure endpoint", ex);
return Future.failedFuture(ex);
}
}
Aggregations