Example 1 with DefaultCertificateManager
use of org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager in project OpenMUC by isc-konstanz.
the class OpcServer method activate.
@Activate
public void activate() throws Exception {
logger.info("Activating OPC UA Server");
File securityTempDir = new File(System.getProperty("java.io.tmpdir"), "security");
if (!securityTempDir.exists() && !securityTempDir.mkdirs()) {
throw new Exception("Unable to create security temp dir: " + securityTempDir);
}
logger.debug("OPC UA security temp dir: {}", securityTempDir.getAbsolutePath());
KeyStoreLoader loader = new KeyStoreLoader().load(securityTempDir);
DefaultCertificateManager certificateManager = new DefaultCertificateManager(loader.getServerKeyPair(), loader.getServerCertificateChain());
File pkiDir = securityTempDir.toPath().resolve("pki").toFile();
DefaultTrustListManager trustListManager = new DefaultTrustListManager(pkiDir);
logger.debug("OPC UA pki dir: {}", pkiDir.getAbsolutePath());
DefaultServerCertificateValidator certificateValidator = new DefaultServerCertificateValidator(trustListManager);
KeyPair httpsKeyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);
SelfSignedHttpsCertificateBuilder httpsCertificateBuilder = new SelfSignedHttpsCertificateBuilder(httpsKeyPair);
httpsCertificateBuilder.setCommonName(HostnameUtil.getHostname());
HostnameUtil.getHostnames("0.0.0.0").forEach(httpsCertificateBuilder::addDnsName);
X509Certificate httpsCertificate = httpsCertificateBuilder.build();
// UsernameIdentityValidator identityValidator = new UsernameIdentityValidator(true, authChallenge -> {
// String username = authChallenge.getUsername();
// String password = authChallenge.getPassword();
//
// boolean userOk = "user".equals(username) && "password1".equals(password);
// boolean adminOk = "admin".equals(username) && "password2".equals(password);
//
// return userOk || adminOk;
// });
//
// X509IdentityValidator x509IdentityValidator = new X509IdentityValidator(c -> true);
// If you need to use multiple certificates you'll have to be smarter than this.
X509Certificate certificate = certificateManager.getCertificates().stream().findFirst().orElseThrow(() -> new UaRuntimeException(StatusCodes.Bad_ConfigurationError, "no certificate found"));
// The configured application URI must match the one in the certificate(s)
String applicationUri = CertificateUtil.getSanUri(certificate).orElseThrow(() -> new UaRuntimeException(StatusCodes.Bad_ConfigurationError, "certificate is missing the application URI"));
Set<EndpointConfiguration> endpointConfigurations = createEndpointConfigurations(certificate);
OpcUaServerConfig serverConfig = OpcUaServerConfig.builder().setApplicationUri(applicationUri).setApplicationName(LocalizedText.english("OpenMUC OPC UA Server")).setEndpoints(endpointConfigurations).setBuildInfo(new BuildInfo("urn:openmuc:server", "openmuc", "openmuc server", OpcUaServer.SDK_VERSION, "", new DateTime(System.currentTimeMillis()))).setCertificateManager(certificateManager).setTrustListManager(trustListManager).setCertificateValidator(certificateValidator).setHttpsKeyPair(httpsKeyPair).setHttpsCertificate(httpsCertificate).setProductUri("urn:openmuc:server").build();
server = new OpcUaServer(serverConfig);
server.startup();
}
Also used :
KeyPair(java.security.KeyPair)
OpcUaServer(org.eclipse.milo.opcua.sdk.server.OpcUaServer)
OpcUaServerConfig(org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfig)
UaRuntimeException(org.eclipse.milo.opcua.stack.core.UaRuntimeException)
UaException(org.eclipse.milo.opcua.stack.core.UaException)
X509Certificate(java.security.cert.X509Certificate)
DateTime(org.eclipse.milo.opcua.stack.core.types.builtin.DateTime)
UaRuntimeException(org.eclipse.milo.opcua.stack.core.UaRuntimeException)
DefaultTrustListManager(org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager)
SelfSignedHttpsCertificateBuilder(org.eclipse.milo.opcua.stack.core.util.SelfSignedHttpsCertificateBuilder)
DefaultCertificateManager(org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager)
BuildInfo(org.eclipse.milo.opcua.stack.core.types.structured.BuildInfo)
EndpointConfiguration(org.eclipse.milo.opcua.stack.server.EndpointConfiguration)
File(java.io.File)
DefaultServerCertificateValidator(org.eclipse.milo.opcua.stack.server.security.DefaultServerCertificateValidator)
Activate(org.osgi.service.component.annotations.Activate)
Example 2 with DefaultCertificateManager
use of org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager in project milo by eclipse.
the class TestServer method create.
public static OpcUaServer create(int port) throws Exception {
File securityTempDir = new File(System.getProperty("java.io.tmpdir"), "security");
if (!securityTempDir.exists() && !securityTempDir.mkdirs()) {
throw new Exception("unable to create security temp dir: " + securityTempDir);
}
LoggerFactory.getLogger(TestServer.class).info("security temp dir: {}", securityTempDir.getAbsolutePath());
KeyStoreLoader loader = new KeyStoreLoader().load(securityTempDir);
DefaultCertificateManager certificateManager = new DefaultCertificateManager(loader.getServerKeyPair(), loader.getServerCertificateChain());
File pkiDir = securityTempDir.toPath().resolve("pki").toFile();
DefaultTrustListManager trustListManager = new DefaultTrustListManager(pkiDir);
LoggerFactory.getLogger(TestServer.class).info("pki dir: {}", pkiDir.getAbsolutePath());
DefaultServerCertificateValidator certificateValidator = new DefaultServerCertificateValidator(trustListManager);
KeyPair httpsKeyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);
SelfSignedHttpsCertificateBuilder httpsCertificateBuilder = new SelfSignedHttpsCertificateBuilder(httpsKeyPair);
httpsCertificateBuilder.setCommonName(HostnameUtil.getHostname());
HostnameUtil.getHostnames("localhost", false).forEach(httpsCertificateBuilder::addDnsName);
X509Certificate httpsCertificate = httpsCertificateBuilder.build();
UsernameIdentityValidator identityValidator = new UsernameIdentityValidator(true, authChallenge -> {
String username = authChallenge.getUsername();
String password = authChallenge.getPassword();
boolean user1 = "user1".equals(username) && "password".equals(password);
boolean user2 = "user2".equals(username) && "password".equals(password);
boolean admin = "admin".equals(username) && "password".equals(password);
return user1 || user2 || admin;
});
// If you need to use multiple certificates you'll have to be smarter than this.
X509Certificate certificate = certificateManager.getCertificates().stream().findFirst().orElseThrow(() -> new UaRuntimeException(StatusCodes.Bad_ConfigurationError, "no certificate found"));
// The configured application URI must match the one in the certificate(s)
String applicationUri = CertificateUtil.getSanUri(certificate).orElseThrow(() -> new UaRuntimeException(StatusCodes.Bad_ConfigurationError, "certificate is missing the application URI"));
Set<EndpointConfiguration> endpointConfigurations = createEndpointConfigurations(certificate, port);
OpcUaServerConfig serverConfig = OpcUaServerConfig.builder().setApplicationUri(applicationUri).setApplicationName(LocalizedText.english("Eclipse Milo OPC UA Example Server")).setEndpoints(endpointConfigurations).setBuildInfo(new BuildInfo("urn:eclipse:milo:example-server", "eclipse", "eclipse milo example server", OpcUaServer.SDK_VERSION, "", DateTime.now())).setCertificateManager(certificateManager).setTrustListManager(trustListManager).setCertificateValidator(certificateValidator).setHttpsKeyPair(httpsKeyPair).setHttpsCertificate(httpsCertificate).setIdentityValidator(identityValidator).setProductUri("urn:eclipse:milo:example-server").build();
return new OpcUaServer(serverConfig);
}
Also used :
KeyPair(java.security.KeyPair)
OpcUaServer(org.eclipse.milo.opcua.sdk.server.OpcUaServer)
OpcUaServerConfig(org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfig)
UaRuntimeException(org.eclipse.milo.opcua.stack.core.UaRuntimeException)
X509Certificate(java.security.cert.X509Certificate)
UaRuntimeException(org.eclipse.milo.opcua.stack.core.UaRuntimeException)
DefaultTrustListManager(org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager)
SelfSignedHttpsCertificateBuilder(org.eclipse.milo.opcua.stack.core.util.SelfSignedHttpsCertificateBuilder)
UsernameIdentityValidator(org.eclipse.milo.opcua.sdk.server.identity.UsernameIdentityValidator)
DefaultCertificateManager(org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager)
BuildInfo(org.eclipse.milo.opcua.stack.core.types.structured.BuildInfo)
EndpointConfiguration(org.eclipse.milo.opcua.stack.server.EndpointConfiguration)
File(java.io.File)
DefaultServerCertificateValidator(org.eclipse.milo.opcua.stack.server.security.DefaultServerCertificateValidator)
Example 3 with DefaultCertificateManager
use of org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager in project milo by eclipse.
the class OpcUaServerConfigTest method testCopy.
@Test
public void testCopy() throws IOException {
DefaultTrustListManager trustListManager = new DefaultTrustListManager(Files.createTempDir());
ScheduledExecutorService scheduledExecutorService = Executors.newSingleThreadScheduledExecutor();
OpcUaServerConfig original = OpcUaServerConfig.builder().setCertificateManager(new DefaultCertificateManager()).setTrustListManager(trustListManager).setCertificateValidator(new DefaultServerCertificateValidator(trustListManager)).setIdentityValidator(AnonymousIdentityValidator.INSTANCE).setBuildInfo(new BuildInfo("a", "b", "c", "d", "e", DateTime.MIN_VALUE)).setLimits(new OpcUaServerConfigLimits() {
}).setScheduledExecutorService(scheduledExecutorService).build();
OpcUaServerConfig copy = OpcUaServerConfig.copy(original).build();
assertEquals(copy.getIdentityValidator(), original.getIdentityValidator());
assertEquals(copy.getBuildInfo(), original.getBuildInfo());
assertEquals(copy.getLimits(), original.getLimits());
assertEquals(copy.getScheduledExecutorService(), original.getScheduledExecutorService());
}
Also used :
ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService)
DefaultTrustListManager(org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager)
DefaultCertificateManager(org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager)
BuildInfo(org.eclipse.milo.opcua.stack.core.types.structured.BuildInfo)
DefaultServerCertificateValidator(org.eclipse.milo.opcua.stack.server.security.DefaultServerCertificateValidator)
Test(org.testng.annotations.Test)
Aggregations
DefaultCertificateManager (org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager)3
DefaultTrustListManager (org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager)3
BuildInfo (org.eclipse.milo.opcua.stack.core.types.structured.BuildInfo)3
DefaultServerCertificateValidator (org.eclipse.milo.opcua.stack.server.security.DefaultServerCertificateValidator)3
File (java.io.File)2
KeyPair (java.security.KeyPair)2
X509Certificate (java.security.cert.X509Certificate)2
OpcUaServer (org.eclipse.milo.opcua.sdk.server.OpcUaServer)2
OpcUaServerConfig (org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfig)2
UaRuntimeException (org.eclipse.milo.opcua.stack.core.UaRuntimeException)2
SelfSignedHttpsCertificateBuilder (org.eclipse.milo.opcua.stack.core.util.SelfSignedHttpsCertificateBuilder)2
EndpointConfiguration (org.eclipse.milo.opcua.stack.server.EndpointConfiguration)2
ScheduledExecutorService (java.util.concurrent.ScheduledExecutorService)1
UsernameIdentityValidator (org.eclipse.milo.opcua.sdk.server.identity.UsernameIdentityValidator)1
UaException (org.eclipse.milo.opcua.stack.core.UaException)1
DateTime (org.eclipse.milo.opcua.stack.core.types.builtin.DateTime)1
Activate (org.osgi.service.component.annotations.Activate)1
Test (org.testng.annotations.Test)1
