Search in sources :

Example 1 with OpcUaSSLConfig

use of tech.pdai.opcua.milo.client.config.OpcUaSSLConfig in project tech-pdai-spring-demos by realpdai.

the class OpcUaClientServiceImpl method getOpcUaClientSSLConfig.

/**
 * @param opcUaProperties opcUaProperties
 * @return ssl client config
 * @throws java.security.KeyStoreException         KeyStore Exception
 * @throws java.io.IOException                     IO Exception
 * @throws java.security.cert.CertificateException Certificate Exception
 * @throws java.security.NoSuchAlgorithmException  NoSuchAlgorithm Exception
 * @throws java.security.UnrecoverableKeyException UnrecoverableKey Exception
 */
private OpcUaSSLConfig getOpcUaClientSSLConfig(OpcUaProperties opcUaProperties) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
    OpcUaSSLConfig sslConfig = new OpcUaSSLConfig();
    // load keys from security dir
    Path securityTempDir = Paths.get(System.getProperty("java.io.tmpdir"), "client", "security");
    Files.createDirectories(securityTempDir);
    if (!Files.exists(securityTempDir)) {
        log.error("unable to create security dir: " + securityTempDir);
    }
    File pkiDir = securityTempDir.resolve("pki").toFile();
    log.info("security dir: {}", securityTempDir.toAbsolutePath());
    log.info("security pki dir: {}", pkiDir.getAbsolutePath());
    KeyStore keyStore = KeyStore.getInstance(opcUaProperties.getClient().getSslCertificateType());
    Path serverKeyStore = securityTempDir.resolve(opcUaProperties.getClient().getSslCertificateFile());
    log.info("Loading KeyStore at {}", serverKeyStore);
    try (InputStream in = Files.newInputStream(serverKeyStore)) {
        keyStore.load(in, opcUaProperties.getClient().getSslCertificatePwd().toCharArray());
    }
    // setup certificate
    Key clientPrivateKey = keyStore.getKey(opcUaProperties.getClient().getSslCertificateAlias(), opcUaProperties.getClient().getSslCertificatePwd().toCharArray());
    if (clientPrivateKey instanceof PrivateKey) {
        sslConfig.setCertificate((X509Certificate) keyStore.getCertificate(opcUaProperties.getClient().getSslCertificateAlias()));
        sslConfig.setCertificateChain(Arrays.stream(keyStore.getCertificateChain(opcUaProperties.getClient().getSslCertificateAlias())).map(X509Certificate.class::cast).toArray(X509Certificate[]::new));
        PublicKey serverPublicKey = sslConfig.getCertificate().getPublicKey();
        sslConfig.setClientKeyPair(new KeyPair(serverPublicKey, (PrivateKey) clientPrivateKey));
    }
    // client validator
    DefaultTrustListManager trustListManager = new DefaultTrustListManager(pkiDir);
    sslConfig.setCertificateValidator(new DefaultClientCertificateValidator(trustListManager));
    return sslConfig;
}
Also used : Path(java.nio.file.Path) KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) DefaultTrustListManager(org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager) InputStream(java.io.InputStream) PublicKey(java.security.PublicKey) OpcUaSSLConfig(tech.pdai.opcua.milo.client.config.OpcUaSSLConfig) File(java.io.File) KeyStore(java.security.KeyStore) DefaultClientCertificateValidator(org.eclipse.milo.opcua.stack.client.security.DefaultClientCertificateValidator) Key(java.security.Key) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) X509Certificate(java.security.cert.X509Certificate)

Aggregations

File (java.io.File)1 InputStream (java.io.InputStream)1 Path (java.nio.file.Path)1 Key (java.security.Key)1 KeyPair (java.security.KeyPair)1 KeyStore (java.security.KeyStore)1 PrivateKey (java.security.PrivateKey)1 PublicKey (java.security.PublicKey)1 X509Certificate (java.security.cert.X509Certificate)1 DefaultClientCertificateValidator (org.eclipse.milo.opcua.stack.client.security.DefaultClientCertificateValidator)1 DefaultTrustListManager (org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager)1 OpcUaSSLConfig (tech.pdai.opcua.milo.client.config.OpcUaSSLConfig)1