Example 1 with KeyLoader
use of org.eclipse.hono.config.KeyLoader in project hono by eclipse.
the class ConfigBasedCoapEndpointFactory method addIdentity.
private void addIdentity(final DtlsConnectorConfig.Builder dtlsConfig) {
final KeyLoader keyLoader = KeyLoader.fromFiles(vertx, config.getKeyPath(), config.getCertPath());
final PrivateKey pk = keyLoader.getPrivateKey();
final Certificate[] certChain = keyLoader.getCertificateChain();
if (pk == null) {
LOG.warn("no private private key configured");
} else if (certChain == null) {
LOG.warn("no server certificate configured");
} else {
if (pk.getAlgorithm().equals("EC")) {
// Californium's cipher suites support ECC based keys only
LOG.info("using private key [{}] and certificate [{}] as server identity", config.getKeyPath(), config.getCertPath());
dtlsConfig.setIdentity(pk, certChain);
Optional.ofNullable(certificateVerifier).ifPresent(dtlsConfig::setAdvancedCertificateVerifier);
} else {
LOG.warn("configured key is not ECC based, certificate based cipher suites will be disabled");
}
}
}
Also used :
PrivateKey(java.security.PrivateKey)
KeyLoader(org.eclipse.hono.config.KeyLoader)
Certificate(java.security.cert.Certificate)
Example 2 with KeyLoader
use of org.eclipse.hono.config.KeyLoader in project hono by eclipse.
the class CoapTestBase method testUploadFailsForNonMatchingTrustAnchor.
/**
* Verifies that the adapter fails to authenticate a device if the device's client certificate's signature cannot be
* validated using the trust anchor that is registered for the tenant that the device belongs to.
*
* @param ctx The vert.x test context.
* @throws GeneralSecurityException if the tenant's trust anchor cannot be generated
*/
@Test
@Timeout(timeUnit = TimeUnit.SECONDS, value = 20)
public void testUploadFailsForNonMatchingTrustAnchor(final VertxTestContext ctx) throws GeneralSecurityException {
final var keyLoader = KeyLoader.fromFiles(vertx, PATH_DEVICE_KEY, PATH_DEVICE_CERT);
// GIVEN a tenant configured with a trust anchor
final KeyPair keyPair = helper.newEcKeyPair();
final var clientCert = (X509Certificate) keyLoader.getCertificateChain()[0];
final Tenant tenant = Tenants.createTenantForTrustAnchor(clientCert.getIssuerX500Principal().getName(X500Principal.RFC2253), keyPair.getPublic().getEncoded(), keyPair.getPublic().getAlgorithm());
helper.registry.addDeviceForTenant(tenantId, tenant, deviceId, clientCert).compose(ok -> {
final CoapClient client = getCoapsClient(keyLoader);
final Promise<OptionSet> result = Promise.promise();
client.advanced(getHandler(result), createCoapsRequest(Code.POST, getPostResource(), 0));
return result.future();
}).onComplete(ctx.failing(t -> {
// THEN the request fails because the DTLS handshake cannot be completed
assertStatus(ctx, HttpURLConnection.HTTP_UNAVAILABLE, t);
ctx.completeNow();
}));
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
X509Certificate(java.security.cert.X509Certificate)
ResponseCode(org.eclipse.californium.core.coap.CoAP.ResponseCode)
KeyPair(java.security.KeyPair)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Arrays(java.util.Arrays)
DownstreamMessage(org.eclipse.hono.application.client.DownstreamMessage)
AdvancedPskStore(org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore)
URISyntaxException(java.net.URISyntaxException)
LoggerFactory(org.slf4j.LoggerFactory)
CertificateType(org.eclipse.californium.scandium.dtls.CertificateType)
Tenant(org.eclipse.hono.service.management.tenant.Tenant)
Timeout(io.vertx.junit5.Timeout)
CoapResponse(org.eclipse.californium.core.CoapResponse)
NetworkConfig(org.eclipse.californium.core.network.config.NetworkConfig)
GeneralSecurityException(java.security.GeneralSecurityException)
DTLSConnector(org.eclipse.californium.scandium.DTLSConnector)
IntegrationTestSupport(org.eclipse.hono.tests.IntegrationTestSupport)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
Utils(org.eclipse.californium.core.Utils)
JsonObject(io.vertx.core.json.JsonObject)
URI(java.net.URI)
Tenants(org.eclipse.hono.tests.Tenants)
MethodSource(org.junit.jupiter.params.provider.MethodSource)
Device(org.eclipse.hono.service.management.device.Device)
DtlsConnectorConfig(org.eclipse.californium.scandium.config.DtlsConnectorConfig)
MessageContext(org.eclipse.hono.application.client.MessageContext)
SubscriberRole(org.eclipse.hono.tests.CommandEndpointConfiguration.SubscriberRole)
Truth.assertWithMessage(com.google.common.truth.Truth.assertWithMessage)
DownstreamMessageAssertions(org.eclipse.hono.tests.DownstreamMessageAssertions)
InetSocketAddress(java.net.InetSocketAddress)
Future(io.vertx.core.Future)
StandardCharsets(java.nio.charset.StandardCharsets)
TestInfo(org.junit.jupiter.api.TestInfo)
Test(org.junit.jupiter.api.Test)
CountDownLatch(java.util.concurrent.CountDownLatch)
List(java.util.List)
Stream(java.util.stream.Stream)
Request(org.eclipse.californium.core.coap.Request)
Buffer(io.vertx.core.buffer.Buffer)
Optional(java.util.Optional)
QoS(org.eclipse.hono.util.QoS)
VertxTestContext(io.vertx.junit5.VertxTestContext)
CoapClient(org.eclipse.californium.core.CoapClient)
X500Principal(javax.security.auth.x500.X500Principal)
KeyLoader(org.eclipse.hono.config.KeyLoader)
ServiceInvocationException(org.eclipse.hono.client.ServiceInvocationException)
Function(java.util.function.Function)
Supplier(java.util.function.Supplier)
Constants(org.eclipse.hono.util.Constants)
CoapEndpoint(org.eclipse.californium.core.network.CoapEndpoint)
MediaTypeRegistry(org.eclipse.californium.core.coap.MediaTypeRegistry)
StaticNewAdvancedCertificateVerifier(org.eclipse.californium.scandium.dtls.x509.StaticNewAdvancedCertificateVerifier)
AsyncResult(io.vertx.core.AsyncResult)
CommandConstants(org.eclipse.hono.util.CommandConstants)
RegistryManagementConstants(org.eclipse.hono.util.RegistryManagementConstants)
Type(org.eclipse.californium.core.coap.CoAP.Type)
Logger(org.slf4j.Logger)
AdvancedSinglePskStore(org.eclipse.californium.scandium.dtls.pskstore.AdvancedSinglePskStore)
Promise(io.vertx.core.Promise)
Vertx(io.vertx.core.Vertx)
Truth.assertThat(com.google.common.truth.Truth.assertThat)
Inet4Address(java.net.Inet4Address)
UnknownHostException(java.net.UnknownHostException)
TimeUnit(java.util.concurrent.TimeUnit)
Consumer(java.util.function.Consumer)
Code(org.eclipse.californium.core.coap.CoAP.Code)
Adapter(org.eclipse.hono.util.Adapter)
AfterEach(org.junit.jupiter.api.AfterEach)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
CoapHandler(org.eclipse.californium.core.CoapHandler)
MessageConsumer(org.eclipse.hono.application.client.MessageConsumer)
OptionSet(org.eclipse.californium.core.coap.OptionSet)
Handler(io.vertx.core.Handler)
Collections(java.util.Collections)
Promise(io.vertx.core.Promise)
KeyPair(java.security.KeyPair)
Tenant(org.eclipse.hono.service.management.tenant.Tenant)
X509Certificate(java.security.cert.X509Certificate)
CoapClient(org.eclipse.californium.core.CoapClient)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Timeout(io.vertx.junit5.Timeout)
Aggregations
KeyLoader (org.eclipse.hono.config.KeyLoader)2
Truth.assertThat (com.google.common.truth.Truth.assertThat)1
Truth.assertWithMessage (com.google.common.truth.Truth.assertWithMessage)1
AsyncResult (io.vertx.core.AsyncResult)1
Future (io.vertx.core.Future)1
Handler (io.vertx.core.Handler)1
Promise (io.vertx.core.Promise)1
Vertx (io.vertx.core.Vertx)1
Buffer (io.vertx.core.buffer.Buffer)1
JsonObject (io.vertx.core.json.JsonObject)1
Timeout (io.vertx.junit5.Timeout)1
VertxTestContext (io.vertx.junit5.VertxTestContext)1
HttpURLConnection (java.net.HttpURLConnection)1
Inet4Address (java.net.Inet4Address)1
InetSocketAddress (java.net.InetSocketAddress)1
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
UnknownHostException (java.net.UnknownHostException)1
StandardCharsets (java.nio.charset.StandardCharsets)1
GeneralSecurityException (java.security.GeneralSecurityException)1
