Examples with AsyncKeyManagerCertificateProvider - org.eclipse.californium.scandium.dtls.x509.AsyncKeyManagerCertificateProvider

Example 1 with AsyncKeyManagerCertificateProvider

use of org.eclipse.californium.scandium.dtls.x509.AsyncKeyManagerCertificateProvider in project californium by eclipse.

the class ExtendedTestServer method addEndpoint.

private void addEndpoint(InetSocketAddress dtlsInterface, BaseConfig cliConfig) {
    InterfaceType interfaceType = dtlsInterface.getAddress().isLoopbackAddress() ? InterfaceType.LOCAL : InterfaceType.EXTERNAL;
    Configuration configuration = getConfig(Protocol.DTLS, interfaceType);
    String tag = "dtls:" + StringUtil.toString(dtlsInterface);
    int handshakeResultDelayMillis = configuration.getTimeAsInt(DTLS_HANDSHAKE_RESULT_DELAY, TimeUnit.MILLISECONDS);
    long healthStatusIntervalMillis = configuration.get(SystemConfig.HEALTH_STATUS_INTERVAL, TimeUnit.MILLISECONDS);
    Integer cidLength = configuration.get(DtlsConfig.DTLS_CONNECTION_ID_LENGTH);
    if (cidLength == null || cidLength < 6) {
        throw new IllegalArgumentException("cid length must be at least 6 for cluster!");
    }
    initCredentials();
    DtlsConnectorConfig.Builder dtlsConfigBuilder = DtlsConnectorConfig.builder(configuration);
    if (cliConfig.clientAuth != null) {
        dtlsConfigBuilder.set(DtlsConfig.DTLS_CLIENT_AUTHENTICATION_MODE, cliConfig.clientAuth);
    }
    AsyncAdvancedPskStore asyncPskStore = new AsyncAdvancedPskStore(new PlugPskStore());
    asyncPskStore.setDelay(handshakeResultDelayMillis);
    dtlsConfigBuilder.setAdvancedPskStore(asyncPskStore);
    dtlsConfigBuilder.setAddress(dtlsInterface);
    X509KeyManager keyManager = SslContextUtil.getX509KeyManager(serverCredentials);
    AsyncKeyManagerCertificateProvider certificateProvider = new AsyncKeyManagerCertificateProvider(keyManager, CertificateType.RAW_PUBLIC_KEY, CertificateType.X_509);
    certificateProvider.setDelay(handshakeResultDelayMillis);
    dtlsConfigBuilder.setCertificateIdentityProvider(certificateProvider);
    AsyncNewAdvancedCertificateVerifier.Builder verifierBuilder = AsyncNewAdvancedCertificateVerifier.builder();
    if (cliConfig.trustall) {
        verifierBuilder.setTrustAllCertificates();
    } else {
        verifierBuilder.setTrustedCertificates(trustedCertificates);
    }
    verifierBuilder.setTrustAllRPKs();
    AsyncNewAdvancedCertificateVerifier verifier = verifierBuilder.build();
    verifier.setDelay(handshakeResultDelayMillis);
    dtlsConfigBuilder.setAdvancedCertificateVerifier(verifier);
    dtlsConfigBuilder.setConnectionListener(new MdcConnectionListener());
    dtlsConfigBuilder.setLoggingTag(tag);
    if (healthStatusIntervalMillis > 0) {
        DtlsHealthLogger health = new DtlsHealthLogger(tag);
        dtlsConfigBuilder.setHealthHandler(health);
        add(health);
        // reset to prevent active logger
        dtlsConfigBuilder.set(SystemConfig.HEALTH_STATUS_INTERVAL, 0, TimeUnit.MILLISECONDS);
    }
    DtlsConnectorConfig dtlsConnectorConfig = dtlsConfigBuilder.build();
    CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
    builder.setConnector(new DTLSConnector(dtlsConnectorConfig));
    builder.setConfiguration(dtlsConnectorConfig.getConfiguration());
    CoapEndpoint endpoint = builder.build();
    addEndpoint(endpoint);
    print(endpoint, interfaceType);
}

Example 2 with AsyncKeyManagerCertificateProvider

use of org.eclipse.californium.scandium.dtls.x509.AsyncKeyManagerCertificateProvider in project californium by eclipse.

the class AbstractTestServer method addEndpoints.

/**
 * Add endpoints.
 *
 * @param selectAddress  list of regular expression to filter the endpoints by
 *                       {@link InetAddress#getHostAddress()}. May be
 *                       {@code null} or {@code empty}, if endpoints should not
 *                       be filtered by their host address.
 * @param interfaceTypes list of type to filter the endpoints. Maybe
 *                       {@code null} or empty, if endpoints should not be
 *                       filtered by type.
 * @param protocols      list of protocols to create endpoints for.
 * @param cliConfig      client cli-config.
 */
public void addEndpoints(List<String> selectAddress, List<InterfaceType> interfaceTypes, List<Protocol> protocols, BaseConfig cliConfig) {
    int coapPort = config.get(CoapConfig.COAP_PORT);
    int coapsPort = config.get(CoapConfig.COAP_SECURE_PORT);
    if (protocols.contains(Protocol.DTLS) || protocols.contains(Protocol.TLS)) {
        initCredentials();
        serverSslContext = getServerSslContext(cliConfig.trustall, SslContextUtil.DEFAULT_SSL_PROTOCOL);
        if (serverSslContext == null && protocols.contains(Protocol.TLS)) {
            throw new IllegalArgumentException("TLS not supported, credentials missing!");
        }
    }
    List<InetAddress> used = new ArrayList<>();
    for (InetAddress addr : NetworkInterfacesUtil.getNetworkInterfaces()) {
        if (used.contains(addr)) {
            continue;
        }
        if (interfaceTypes != null && !interfaceTypes.isEmpty()) {
            if (addr.isLoopbackAddress() || addr.isLinkLocalAddress()) {
                if (!interfaceTypes.contains(InterfaceType.LOCAL)) {
                    String scope = "???";
                    if (addr.isLoopbackAddress()) {
                        scope = "lo";
                    } else if (addr.isLinkLocalAddress()) {
                        scope = "link";
                    }
                    LOGGER.info("{}skip local {} ({})", getTag(), addr, scope);
                    continue;
                }
            } else {
                if (!interfaceTypes.contains(InterfaceType.EXTERNAL)) {
                    LOGGER.info("{}skip external {}", getTag(), addr);
                    continue;
                }
            }
            if (addr instanceof Inet4Address) {
                if (!interfaceTypes.contains(InterfaceType.IPV4)) {
                    LOGGER.info("{}skip ipv4 {}", getTag(), addr);
                    continue;
                }
            } else if (addr instanceof Inet6Address) {
                if (!interfaceTypes.contains(InterfaceType.IPV6)) {
                    LOGGER.info("{}skip ipv6 {}", getTag(), addr);
                    continue;
                }
            }
        }
        if (selectAddress != null && !selectAddress.isEmpty()) {
            boolean found = false;
            String name = addr.getHostAddress();
            for (String filter : selectAddress) {
                if (name.matches(filter)) {
                    found = true;
                    break;
                }
            }
            if (!found && addr instanceof Inet6Address) {
                Matcher matcher = IPV6_SCOPE.matcher(name);
                if (matcher.matches()) {
                    // apply filter also on interface name
                    name = matcher.group(1) + "%" + ((Inet6Address) addr).getScopedInterface().getName();
                    for (String filter : selectAddress) {
                        if (name.matches(filter)) {
                            found = true;
                            break;
                        }
                    }
                }
            }
            if (!found) {
                continue;
            }
        }
        used.add(addr);
        InterfaceType interfaceType = addr.isLoopbackAddress() ? InterfaceType.LOCAL : InterfaceType.EXTERNAL;
        if (protocols.contains(Protocol.UDP) || protocols.contains(Protocol.TCP)) {
            InetSocketAddress bindToAddress = new InetSocketAddress(addr, coapPort);
            if (protocols.contains(Protocol.UDP)) {
                Configuration udpConfig = getConfig(Protocol.UDP, interfaceType);
                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                builder.setInetSocketAddress(bindToAddress);
                builder.setConfiguration(udpConfig);
                CoapEndpoint endpoint = builder.build();
                addEndpoint(endpoint);
                print(endpoint, interfaceType);
            }
            if (protocols.contains(Protocol.TCP)) {
                Configuration tcpConfig = getConfig(Protocol.TCP, interfaceType);
                TcpServerConnector connector = new TcpServerConnector(bindToAddress, tcpConfig);
                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                builder.setConnector(connector);
                builder.setConfiguration(tcpConfig);
                CoapEndpoint endpoint = builder.build();
                addEndpoint(endpoint);
                print(endpoint, interfaceType);
            }
        }
        if (protocols.contains(Protocol.DTLS) || protocols.contains(Protocol.TLS)) {
            InetSocketAddress bindToAddress = new InetSocketAddress(addr, coapsPort);
            if (protocols.contains(Protocol.DTLS)) {
                Configuration dtlsConfig = getConfig(Protocol.DTLS, interfaceType);
                int handshakeResultDelayMillis = dtlsConfig.getTimeAsInt(DTLS_HANDSHAKE_RESULT_DELAY, TimeUnit.MILLISECONDS);
                DtlsConnectorConfig.Builder dtlsConfigBuilder = DtlsConnectorConfig.builder(dtlsConfig);
                if (cliConfig.clientAuth != null) {
                    dtlsConfigBuilder.set(DtlsConfig.DTLS_CLIENT_AUTHENTICATION_MODE, cliConfig.clientAuth);
                }
                String tag = "dtls:" + StringUtil.toString(bindToAddress);
                dtlsConfigBuilder.setLoggingTag(tag);
                AsyncAdvancedPskStore asyncPskStore = new AsyncAdvancedPskStore(new PlugPskStore());
                asyncPskStore.setDelay(handshakeResultDelayMillis);
                dtlsConfigBuilder.setAdvancedPskStore(asyncPskStore);
                dtlsConfigBuilder.setAddress(bindToAddress);
                X509KeyManager keyManager = SslContextUtil.getX509KeyManager(serverCredentials);
                AsyncKeyManagerCertificateProvider certificateProvider = new AsyncKeyManagerCertificateProvider(keyManager, CertificateType.RAW_PUBLIC_KEY, CertificateType.X_509);
                certificateProvider.setDelay(handshakeResultDelayMillis);
                dtlsConfigBuilder.setCertificateIdentityProvider(certificateProvider);
                AsyncNewAdvancedCertificateVerifier.Builder verifierBuilder = AsyncNewAdvancedCertificateVerifier.builder();
                if (cliConfig.trustall) {
                    verifierBuilder.setTrustAllCertificates();
                } else {
                    verifierBuilder.setTrustedCertificates(trustedCertificates);
                }
                verifierBuilder.setTrustAllRPKs();
                AsyncNewAdvancedCertificateVerifier verifier = verifierBuilder.build();
                verifier.setDelay(handshakeResultDelayMillis);
                dtlsConfigBuilder.setAdvancedCertificateVerifier(verifier);
                AsyncResumptionVerifier resumptionVerifier = new AsyncResumptionVerifier();
                resumptionVerifier.setDelay(handshakeResultDelayMillis);
                dtlsConfigBuilder.setResumptionVerifier(resumptionVerifier);
                dtlsConfigBuilder.setConnectionListener(new MdcConnectionListener());
                if (dtlsConfig.get(SystemConfig.HEALTH_STATUS_INTERVAL, TimeUnit.MILLISECONDS) > 0) {
                    DtlsHealthLogger health = new DtlsHealthLogger(tag);
                    dtlsConfigBuilder.setHealthHandler(health);
                    add(health);
                    // reset to prevent active logger
                    dtlsConfigBuilder.set(SystemConfig.HEALTH_STATUS_INTERVAL, 0, TimeUnit.MILLISECONDS);
                }
                DTLSConnector connector = new DTLSConnector(dtlsConfigBuilder.build());
                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                builder.setConnector(connector);
                if (MatcherMode.PRINCIPAL == dtlsConfig.get(CoapConfig.RESPONSE_MATCHING)) {
                    builder.setEndpointContextMatcher(new PrincipalEndpointContextMatcher(true));
                }
                builder.setConfiguration(dtlsConfig);
                CoapEndpoint endpoint = builder.build();
                addEndpoint(endpoint);
                print(endpoint, interfaceType);
            }
            if (protocols.contains(Protocol.TLS) && serverSslContext != null) {
                Configuration tlsConfig = getConfig(Protocol.TLS, interfaceType);
                if (cliConfig.clientAuth != null) {
                    tlsConfig.set(TcpConfig.TLS_CLIENT_AUTHENTICATION_MODE, cliConfig.clientAuth);
                }
                int maxPeers = tlsConfig.get(CoapConfig.MAX_ACTIVE_PEERS);
                int sessionTimeout = tlsConfig.getTimeAsInt(TcpConfig.TLS_SESSION_TIMEOUT, TimeUnit.SECONDS);
                SSLSessionContext serverSessionContext = serverSslContext.getServerSessionContext();
                if (serverSessionContext != null) {
                    serverSessionContext.setSessionTimeout(sessionTimeout);
                    serverSessionContext.setSessionCacheSize(maxPeers);
                }
                TlsServerConnector connector = new TlsServerConnector(serverSslContext, bindToAddress, tlsConfig);
                CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
                builder.setConnector(connector);
                builder.setConfiguration(tlsConfig);
                CoapEndpoint endpoint = builder.build();
                addEndpoint(endpoint);
                print(endpoint, interfaceType);
            }
        }
    }
}

Also used : PrincipalEndpointContextMatcher(org.eclipse.californium.elements.PrincipalEndpointContextMatcher) AsyncAdvancedPskStore(org.eclipse.californium.scandium.dtls.pskstore.AsyncAdvancedPskStore) AsyncKeyManagerCertificateProvider(org.eclipse.californium.scandium.dtls.x509.AsyncKeyManagerCertificateProvider) Configuration(org.eclipse.californium.elements.config.Configuration) AsyncResumptionVerifier(org.eclipse.californium.scandium.dtls.resumption.AsyncResumptionVerifier) Matcher(java.util.regex.Matcher) PrincipalEndpointContextMatcher(org.eclipse.californium.elements.PrincipalEndpointContextMatcher) InetSocketAddress(java.net.InetSocketAddress) ArrayList(java.util.ArrayList) DtlsConnectorConfig(org.eclipse.californium.scandium.config.DtlsConnectorConfig) DTLSConnector(org.eclipse.californium.scandium.DTLSConnector) TcpServerConnector(org.eclipse.californium.elements.tcp.netty.TcpServerConnector) X509KeyManager(javax.net.ssl.X509KeyManager) AsyncNewAdvancedCertificateVerifier(org.eclipse.californium.scandium.dtls.x509.AsyncNewAdvancedCertificateVerifier) Inet4Address(java.net.Inet4Address) SSLSessionContext(javax.net.ssl.SSLSessionContext) TlsServerConnector(org.eclipse.californium.elements.tcp.netty.TlsServerConnector) MdcConnectionListener(org.eclipse.californium.scandium.MdcConnectionListener) Inet6Address(java.net.Inet6Address) DtlsHealthLogger(org.eclipse.californium.scandium.DtlsHealthLogger) Endpoint(org.eclipse.californium.core.network.Endpoint) CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint) InetAddress(java.net.InetAddress) CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint)

Example 3 with AsyncKeyManagerCertificateProvider

use of org.eclipse.californium.scandium.dtls.x509.AsyncKeyManagerCertificateProvider in project californium by eclipse.

the class ExtendedTestServer method addClusterEndpoint.

private void addClusterEndpoint(ScheduledExecutorService secondaryExecutor, InetSocketAddress dtlsInterface, int nodeId, DtlsClusterConnectorConfig clusterConfiguration, ClusterNodesProvider nodesProvider, ClusterNodesDiscover nodesDiscoverer, BaseConfig cliConfig) {
    if (nodesDiscoverer == null ^ nodesProvider != null) {
        throw new IllegalArgumentException("either nodes-provider or -dicoverer is required!");
    }
    InterfaceType interfaceType = dtlsInterface.getAddress().isLoopbackAddress() ? InterfaceType.LOCAL : InterfaceType.EXTERNAL;
    Configuration configuration = getConfig(Protocol.DTLS, interfaceType);
    String tag = "dtls:node-" + nodeId + ":" + StringUtil.toString(dtlsInterface);
    int handshakeResultDelayMillis = configuration.getTimeAsInt(DTLS_HANDSHAKE_RESULT_DELAY, TimeUnit.MILLISECONDS);
    long healthStatusIntervalMillis = configuration.get(SystemConfig.HEALTH_STATUS_INTERVAL, TimeUnit.MILLISECONDS);
    Integer cidLength = configuration.get(DtlsConfig.DTLS_CONNECTION_ID_LENGTH);
    if (cidLength == null || cidLength < 6) {
        throw new IllegalArgumentException("cid length must be at least 6 for cluster!");
    }
    initCredentials();
    DtlsConnectorConfig.Builder dtlsConfigBuilder = DtlsConnectorConfig.builder(configuration);
    if (cliConfig.clientAuth != null) {
        dtlsConfigBuilder.set(DtlsConfig.DTLS_CLIENT_AUTHENTICATION_MODE, cliConfig.clientAuth);
    }
    // set node-id in dtls-config-builder's Configuration clone
    dtlsConfigBuilder.set(DtlsConfig.DTLS_CONNECTION_ID_NODE_ID, nodeId);
    AsyncAdvancedPskStore asyncPskStore = new AsyncAdvancedPskStore(new PlugPskStore());
    asyncPskStore.setDelay(handshakeResultDelayMillis);
    dtlsConfigBuilder.setAdvancedPskStore(asyncPskStore);
    dtlsConfigBuilder.setAddress(dtlsInterface);
    X509KeyManager keyManager = SslContextUtil.getX509KeyManager(serverCredentials);
    AsyncKeyManagerCertificateProvider certificateProvider = new AsyncKeyManagerCertificateProvider(keyManager, CertificateType.RAW_PUBLIC_KEY, CertificateType.X_509);
    certificateProvider.setDelay(handshakeResultDelayMillis);
    dtlsConfigBuilder.setCertificateIdentityProvider(certificateProvider);
    AsyncNewAdvancedCertificateVerifier.Builder verifierBuilder = AsyncNewAdvancedCertificateVerifier.builder();
    if (cliConfig.trustall) {
        verifierBuilder.setTrustAllCertificates();
    } else {
        verifierBuilder.setTrustedCertificates(trustedCertificates);
    }
    verifierBuilder.setTrustAllRPKs();
    AsyncNewAdvancedCertificateVerifier verifier = verifierBuilder.build();
    verifier.setDelay(handshakeResultDelayMillis);
    dtlsConfigBuilder.setAdvancedCertificateVerifier(verifier);
    dtlsConfigBuilder.setConnectionListener(new MdcConnectionListener());
    dtlsConfigBuilder.setLoggingTag(tag);
    if (healthStatusIntervalMillis > 0) {
        DtlsClusterHealthLogger health = new DtlsClusterHealthLogger(tag);
        dtlsConfigBuilder.setHealthHandler(health);
        add(health);
        // reset to prevent active logger
        dtlsConfigBuilder.set(SystemConfig.HEALTH_STATUS_INTERVAL, 0, TimeUnit.MILLISECONDS);
    }
    DtlsConnectorConfig dtlsConnectorConfig = dtlsConfigBuilder.build();
    CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
    EndpointObserver endpointObserver = null;
    if (nodesDiscoverer != null) {
        DtlsManagedClusterConnector connector = new DtlsManagedClusterConnector(dtlsConnectorConfig, clusterConfiguration);
        final DtlsClusterManager manager = new DtlsClusterManager(connector, dtlsConnectorConfig.getConfiguration(), nodesDiscoverer, secondaryExecutor);
        builder.setConnector(connector);
        endpointObserver = new EndpointObserver() {

            @Override
            public void stopped(Endpoint endpoint) {
                manager.stop();
            }

            @Override
            public void started(Endpoint endpoint) {
                manager.start();
            }

            @Override
            public void destroyed(Endpoint endpoint) {
                manager.stop();
            }
        };
        components.add(manager);
    } else if (nodesProvider != null) {
        builder.setConnector(new DtlsClusterConnector(dtlsConnectorConfig, clusterConfiguration, nodesProvider));
    }
    // use dtls-config-builder's Configuration clone with the set node-id
    builder.setConfiguration(dtlsConnectorConfig.getConfiguration());
    CoapEndpoint endpoint = builder.build();
    if (healthStatusIntervalMillis > 0) {
        HealthStatisticLogger healthLogger = new HealthStatisticLogger(CoAP.COAP_SECURE_URI_SCHEME + "-" + nodeId, true);
        if (healthLogger.isEnabled()) {
            endpoint.addPostProcessInterceptor(healthLogger);
            add(healthLogger);
        }
    }
    if (endpointObserver != null) {
        endpoint.addObserver(endpointObserver);
    }
    addEndpoint(endpoint);
    print(endpoint, interfaceType);
}

Also used : AsyncAdvancedPskStore(org.eclipse.californium.scandium.dtls.pskstore.AsyncAdvancedPskStore) AsyncKeyManagerCertificateProvider(org.eclipse.californium.scandium.dtls.x509.AsyncKeyManagerCertificateProvider) Configuration(org.eclipse.californium.elements.config.Configuration) DtlsManagedClusterConnector(org.eclipse.californium.scandium.DtlsManagedClusterConnector) DtlsClusterManager(org.eclipse.californium.cluster.DtlsClusterManager) HealthStatisticLogger(org.eclipse.californium.core.network.interceptors.HealthStatisticLogger) DtlsConnectorConfig(org.eclipse.californium.scandium.config.DtlsConnectorConfig) Endpoint(org.eclipse.californium.core.network.Endpoint) CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint) DtlsClusterConnector(org.eclipse.californium.scandium.DtlsClusterConnector) X509KeyManager(javax.net.ssl.X509KeyManager) AsyncNewAdvancedCertificateVerifier(org.eclipse.californium.scandium.dtls.x509.AsyncNewAdvancedCertificateVerifier) MdcConnectionListener(org.eclipse.californium.scandium.MdcConnectionListener) DtlsClusterHealthLogger(org.eclipse.californium.scandium.DtlsClusterHealthLogger) Endpoint(org.eclipse.californium.core.network.Endpoint) CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint) CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint) EndpointObserver(org.eclipse.californium.core.network.EndpointObserver)

Aggregations

X509KeyManager (javax.net.ssl.X509KeyManager)3 CoapEndpoint (org.eclipse.californium.core.network.CoapEndpoint)3 Endpoint (org.eclipse.californium.core.network.Endpoint)3 Configuration (org.eclipse.californium.elements.config.Configuration)3 MdcConnectionListener (org.eclipse.californium.scandium.MdcConnectionListener)3 DtlsConnectorConfig (org.eclipse.californium.scandium.config.DtlsConnectorConfig)3 AsyncAdvancedPskStore (org.eclipse.californium.scandium.dtls.pskstore.AsyncAdvancedPskStore)3 AsyncKeyManagerCertificateProvider (org.eclipse.californium.scandium.dtls.x509.AsyncKeyManagerCertificateProvider)3 AsyncNewAdvancedCertificateVerifier (org.eclipse.californium.scandium.dtls.x509.AsyncNewAdvancedCertificateVerifier)3 DTLSConnector (org.eclipse.californium.scandium.DTLSConnector)2 DtlsHealthLogger (org.eclipse.californium.scandium.DtlsHealthLogger)2 Inet4Address (java.net.Inet4Address)1 Inet6Address (java.net.Inet6Address)1 InetAddress (java.net.InetAddress)1 InetSocketAddress (java.net.InetSocketAddress)1 ArrayList (java.util.ArrayList)1 Matcher (java.util.regex.Matcher)1 SSLSessionContext (javax.net.ssl.SSLSessionContext)1 DtlsClusterManager (org.eclipse.californium.cluster.DtlsClusterManager)1 EndpointObserver (org.eclipse.californium.core.network.EndpointObserver)1