Skip to content

Commit

Permalink
Add pubk/prik option to bsserver-demo to set custom server RPK.
Browse files Browse the repository at this point in the history
  • Loading branch information
@sbernard31
sbernard31 committed May 4, 2020
1 parent dd19562 commit d334b30
Showing 1 changed file with 82 additions and 15 deletions.
97 changes: 82 additions & 15 deletions ...emo/src/main/java/org/eclipse/leshan/server/bootstrap/demo/LeshanBootstrapServerDemo.java
View file
Expand Up @@ -22,6 +22,7 @@
import java.net.BindException;
import java.net.InetSocketAddress;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.List;

Expand Down Expand Up @@ -66,6 +67,19 @@ public static void main(String[] args) {
// Define options for command line tools
Options options = new Options();

final StringBuilder RPKChapter = new StringBuilder();
RPKChapter.append("\n .");
RPKChapter.append("\n .");
RPKChapter.append("\n================================[ RPK ]=================================");
RPKChapter.append("\n| By default Leshan demo uses an embedded self-signed certificate and |");
RPKChapter.append("\n| trusts any client certificates allowing to use RPK or X509 |");
RPKChapter.append("\n| at client side. |");
RPKChapter.append("\n| To use RPK only with your own keys : |");
RPKChapter.append("\n| -pubk -prik options should be used together. |");
RPKChapter.append("\n| To get helps about files format and how to generate it, see : |");
RPKChapter.append("\n| See https://github.com/eclipse/leshan/wiki/Credential-files-format |");
RPKChapter.append("\n------------------------------------------------------------------------");

options.addOption("h", "help", false, "Display help information.");
options.addOption("lh", "coaphost", true, "Set the local CoAP address.\n Default: any local address.");
options.addOption("lp", "coapport", true,
Expand All @@ -78,8 +92,14 @@ public static void main(String[] args) {
options.addOption("m", "modelsfolder", true, "A folder which contains object models in OMA DDF(.xml) format.");
options.addOption("cfg", "configfile", true,
"Set the filename for the configuration.\nDefault: " + JSONFileBootstrapStore.DEFAULT_FILE + ".");
options.addOption("oc", "activate support of old/deprecated cipher suites.");
options.addOption("oc", "activate support of old/deprecated cipher suites." + RPKChapter);
options.addOption("pubk", true,
"The path to your server public key file.\n The public Key should be in SubjectPublicKeyInfo format (DER encoding).");
options.addOption("prik", true,
"The path to your server private key file.\nThe private key should be in PKCS#8 format (DER encoding).");

HelpFormatter formatter = new HelpFormatter();
formatter.setWidth(120);
formatter.setOptionComparator(null);

// Parse arguments
Expand All @@ -105,6 +125,26 @@ public static void main(String[] args) {
return;
}

// Abort if all RPK config is not complete
boolean rpkConfig = false;
if (cl.hasOption("pubk")) {
if (!cl.hasOption("prik")) {
System.err.println("pubk, prik should be used together to connect using RPK");
formatter.printHelp(USAGE, options);
return;
} else {
rpkConfig = true;
}
}
// Abort if prik is used without complete RPK
if (cl.hasOption("prik")) {
if (!rpkConfig) {
System.err.println("prik should be used with cert for X509 config OR pubk for RPK config");
formatter.printHelp(USAGE, options);
return;
}
}

// Get local address
String localAddress = cl.getOptionValue("lh");
if (localAddress == null)
Expand Down Expand Up @@ -142,9 +182,24 @@ public static void main(String[] args) {
configFilename = JSONFileBootstrapStore.DEFAULT_FILE;
}

// get RPK info
PublicKey publicKey = null;
PrivateKey privateKey = null;
if (rpkConfig) {
try {
privateKey = SecurityUtil.privateKey.readFromFile(cl.getOptionValue("prik"));
publicKey = SecurityUtil.publicKey.readFromFile(cl.getOptionValue("pubk"));
} catch (Exception e) {
System.err.println("Unable to load RPK files : " + e.getMessage());
e.printStackTrace();
formatter.printHelp(USAGE, options);
return;
}
}

try {
createAndStartServer(webAddress, webPort, localAddress, localPort, secureLocalAddress, secureLocalPort,
modelsFolderPath, configFilename, cl.hasOption("oc"));
modelsFolderPath, configFilename, cl.hasOption("oc"), publicKey, privateKey);
} catch (BindException e) {
System.err.println(String
.format("Web port %s is already in use, you can change it using the 'webport' option.", webPort));
Expand All @@ -156,7 +211,7 @@ public static void main(String[] args) {

public static void createAndStartServer(String webAddress, int webPort, String localAddress, int localPort,
String secureLocalAddress, int secureLocalPort, String modelsFolderPath, String configFilename,
boolean supportDeprecatedCiphers) throws Exception {
boolean supportDeprecatedCiphers, PublicKey publicKey, PrivateKey privateKey) throws Exception {
// Create Models
List<ObjectModel> models = ObjectLoader.loadDefault();
if (modelsFolderPath != null) {
Expand All @@ -176,19 +231,26 @@ public static void createAndStartServer(String webAddress, int webPort, String l
DtlsConnectorConfig.Builder dtlsConfig = new DtlsConnectorConfig.Builder();
dtlsConfig.setRecommendedCipherSuitesOnly(!supportDeprecatedCiphers);

// Create X509 credentials;
// Create credentials;
X509Certificate serverCertificate = null;
try {
PrivateKey privateKey = SecurityUtil.privateKey.readFromResource("credentials/bsserver_privkey.der");
serverCertificate = SecurityUtil.certificate.readFromResource("credentials/bsserver_cert.der");
if (publicKey != null) {
// use RPK
builder.setPublicKey(publicKey);
builder.setPrivateKey(privateKey);
builder.setCertificateChain(new X509Certificate[] { serverCertificate });

// Use a certificate verifier which trust all certificates by default.
builder.setTrustedCertificates(new X509Certificate[0]);
} catch (Exception e) {
LOG.error("Unable to load embedded X.509 certificate.", e);
System.exit(-1);
} else {
try {
PrivateKey embeddedPrivateKey = SecurityUtil.privateKey
.readFromResource("credentials/bsserver_privkey.der");
serverCertificate = SecurityUtil.certificate.readFromResource("credentials/bsserver_cert.der");
builder.setPrivateKey(embeddedPrivateKey);
builder.setCertificateChain(new X509Certificate[] { serverCertificate });

// Use a certificate verifier which trust all certificates by default.
builder.setTrustedCertificates(new X509Certificate[0]);
} catch (Exception e) {
LOG.error("Unable to load embedded X.509 certificate.", e);
System.exit(-1);
}
}

// Set DTLS Config
Expand Down Expand Up @@ -226,7 +288,12 @@ public static void createAndStartServer(String webAddress, int webPort, String l
ServletHolder bsServletHolder = new ServletHolder(new BootstrapServlet(bsStore));
root.addServlet(bsServletHolder, "/api/bootstrap/*");

ServletHolder serverServletHolder = new ServletHolder(new ServerServlet(bsServer, serverCertificate));
ServletHolder serverServletHolder;
if (publicKey != null) {
serverServletHolder = new ServletHolder(new ServerServlet(bsServer, publicKey));
} else {
serverServletHolder = new ServletHolder(new ServerServlet(bsServer, serverCertificate));
}
root.addServlet(serverServletHolder, "/api/server/*");

server.setHandler(root);
Expand Down

0 comments on commit d334b30

Please sign in to comment.