Example 1 with DefaultClientCertificateValidator
use of org.eclipse.milo.opcua.stack.client.security.DefaultClientCertificateValidator in project tech-pdai-spring-demos by realpdai.
the class OpcUaClientServiceImpl method getOpcUaClientSSLConfig.
/**
* @param opcUaProperties opcUaProperties
* @return ssl client config
* @throws java.security.KeyStoreException KeyStore Exception
* @throws java.io.IOException IO Exception
* @throws java.security.cert.CertificateException Certificate Exception
* @throws java.security.NoSuchAlgorithmException NoSuchAlgorithm Exception
* @throws java.security.UnrecoverableKeyException UnrecoverableKey Exception
*/
private OpcUaSSLConfig getOpcUaClientSSLConfig(OpcUaProperties opcUaProperties) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
OpcUaSSLConfig sslConfig = new OpcUaSSLConfig();
// load keys from security dir
Path securityTempDir = Paths.get(System.getProperty("java.io.tmpdir"), "client", "security");
Files.createDirectories(securityTempDir);
if (!Files.exists(securityTempDir)) {
log.error("unable to create security dir: " + securityTempDir);
}
File pkiDir = securityTempDir.resolve("pki").toFile();
log.info("security dir: {}", securityTempDir.toAbsolutePath());
log.info("security pki dir: {}", pkiDir.getAbsolutePath());
KeyStore keyStore = KeyStore.getInstance(opcUaProperties.getClient().getSslCertificateType());
Path serverKeyStore = securityTempDir.resolve(opcUaProperties.getClient().getSslCertificateFile());
log.info("Loading KeyStore at {}", serverKeyStore);
try (InputStream in = Files.newInputStream(serverKeyStore)) {
keyStore.load(in, opcUaProperties.getClient().getSslCertificatePwd().toCharArray());
}
// setup certificate
Key clientPrivateKey = keyStore.getKey(opcUaProperties.getClient().getSslCertificateAlias(), opcUaProperties.getClient().getSslCertificatePwd().toCharArray());
if (clientPrivateKey instanceof PrivateKey) {
sslConfig.setCertificate((X509Certificate) keyStore.getCertificate(opcUaProperties.getClient().getSslCertificateAlias()));
sslConfig.setCertificateChain(Arrays.stream(keyStore.getCertificateChain(opcUaProperties.getClient().getSslCertificateAlias())).map(X509Certificate.class::cast).toArray(X509Certificate[]::new));
PublicKey serverPublicKey = sslConfig.getCertificate().getPublicKey();
sslConfig.setClientKeyPair(new KeyPair(serverPublicKey, (PrivateKey) clientPrivateKey));
}
// client validator
DefaultTrustListManager trustListManager = new DefaultTrustListManager(pkiDir);
sslConfig.setCertificateValidator(new DefaultClientCertificateValidator(trustListManager));
return sslConfig;
}
Also used :
Path(java.nio.file.Path)
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
DefaultTrustListManager(org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager)
InputStream(java.io.InputStream)
PublicKey(java.security.PublicKey)
OpcUaSSLConfig(tech.pdai.opcua.milo.client.config.OpcUaSSLConfig)
File(java.io.File)
KeyStore(java.security.KeyStore)
DefaultClientCertificateValidator(org.eclipse.milo.opcua.stack.client.security.DefaultClientCertificateValidator)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with DefaultClientCertificateValidator
use of org.eclipse.milo.opcua.stack.client.security.DefaultClientCertificateValidator in project milo by eclipse.
the class ClientExampleRunner method createClient.
private OpcUaClient createClient() throws Exception {
Path securityTempDir = Paths.get(System.getProperty("java.io.tmpdir"), "client", "security");
Files.createDirectories(securityTempDir);
if (!Files.exists(securityTempDir)) {
throw new Exception("unable to create security dir: " + securityTempDir);
}
File pkiDir = securityTempDir.resolve("pki").toFile();
LoggerFactory.getLogger(getClass()).info("security dir: {}", securityTempDir.toAbsolutePath());
LoggerFactory.getLogger(getClass()).info("security pki dir: {}", pkiDir.getAbsolutePath());
KeyStoreLoader loader = new KeyStoreLoader().load(securityTempDir);
trustListManager = new DefaultTrustListManager(pkiDir);
DefaultClientCertificateValidator certificateValidator = new DefaultClientCertificateValidator(trustListManager);
return OpcUaClient.create(clientExample.getEndpointUrl(), endpoints -> endpoints.stream().filter(clientExample.endpointFilter()).findFirst(), configBuilder -> configBuilder.setApplicationName(LocalizedText.english("eclipse milo opc-ua client")).setApplicationUri("urn:eclipse:milo:examples:client").setKeyPair(loader.getClientKeyPair()).setCertificate(loader.getClientCertificate()).setCertificateChain(loader.getClientCertificateChain()).setCertificateValidator(certificateValidator).setIdentityProvider(clientExample.getIdentityProvider()).setRequestTimeout(uint(5000)).build());
}
Also used :
Path(java.nio.file.Path)
DefaultTrustListManager(org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager)
File(java.io.File)
DefaultClientCertificateValidator(org.eclipse.milo.opcua.stack.client.security.DefaultClientCertificateValidator)
ExecutionException(java.util.concurrent.ExecutionException)
Aggregations
File (java.io.File)2
Path (java.nio.file.Path)2
DefaultClientCertificateValidator (org.eclipse.milo.opcua.stack.client.security.DefaultClientCertificateValidator)2
DefaultTrustListManager (org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager)2
InputStream (java.io.InputStream)1
Key (java.security.Key)1
KeyPair (java.security.KeyPair)1
KeyStore (java.security.KeyStore)1
PrivateKey (java.security.PrivateKey)1
PublicKey (java.security.PublicKey)1
X509Certificate (java.security.cert.X509Certificate)1
ExecutionException (java.util.concurrent.ExecutionException)1
OpcUaSSLConfig (tech.pdai.opcua.milo.client.config.OpcUaSSLConfig)1
