The OpenThread CoAPS APIs may be invoked via the OpenThread CLI.
Form a network with at least two devices.
CoAPS uses DTLS to establish a secure, end-to-end connection.
This example supports two ciphersuites:
-
TLS_PSK_WITH_AES_128_CCM_8
> coaps psk <your-psk> <your-psk-id> Done
-
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
> coaps x509 Done
The X.509 certificate stored in
core/cli/x509_cert_key.hpp
.
On node 1, setup CoAPS server with resource test-resource
.
> coaps start
Done
> coaps resource test-resource
Done
> coaps start
Done
> coaps connect <peer-ip6-address>
Done
coaps connected
> coaps get test-resource
Done
coaps response from fdde:ad00:beef:0:9903:14b:27e0:5744 with payload: 68656c6c6f576f726c6400
> coaps put test-resource con payload
Done
coaps response from fdde:ad00:beef:0:9903:14b:27e0:5744
On node 1, you should see output similar to below:
coaps request from fdde:ad00:beef:0:9e68:576f:714c:f395 GET
coaps response sent
coaps request from fdde:ad00:beef:0:9e68:576f:714c:f395 PUT with payload: 7061796c6f6164
coaps response sent
> openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem
> openssl req -x509 -new -key ec_private.pem -out x509_cert.pem -days 30
- help
- connect
- delete
- disconnect
- get
- isclosed
- isconnactive
- isconnected
- post
- psk
- put
- resource
- set
- start
- stop
- x509
> coaps help
connect
delete
disconnect
get
isclosed
isconnactive
isconnected
post
psk
put
resource
set
start
stop
x509
Done
List the CoAPS CLI commands.
Establish DTLS session.
- address: IPv6 address of the peer.
> coaps connect fdde:ad00:beef:0:9903:14b:27e0:5744
Done
coaps connected
- uri-path: URI path of the resource.
- type: "con" for Confirmable or "non-con" for Non-confirmable (default).
- payload: CoAPS request payload.
> coaps delete test-resource con payload
Done
> coaps disconnect
coaps disconnected
Done
- uri-path: URI path of the resource.
- type: "con" for Confirmable or "non-con" for Non-confirmable (default). Use "block-" if the response should be transferred block-wise. ("block-16","block-32","block-64","block-128","block-256","block-512","block-1024")
> coaps get test-resource
Done
> coaps get test-resource block-1024
Done
- uri-path: URI path of the resource.
- type: "con" for Confirmable or "non-con" for Non-confirmable (default). Use "block-" to send blocks with random payload. ("block-16","block-32","block-64","block-128","block-256","block-512","block-1024")
- payload: CoAP request payload. If [type] is "block-", the amount of blocks to be sent can be set here.
> coaps post test-resource con payload
Done
> coaps post test-resource block-1024 10
Done
Set DTLS ciphersuite to TLS_PSK_WITH_AES_128_CCM_8
.
- psk: pre-shared key
- pskid: pre-shared key identifier
> coaps psk 123 pskid
Done
- uri-path: URI path of the resource.
- type: "con" for Confirmable or "non-con" for Non-confirmable (default). Use "block-" to send blocks with random payload. ("block-16","block-32","block-64","block-128","block-256","block-512","block-1024")
- payload: CoAP request payload. If [type] is "block-", the amount of blocks to be sent can be set here.
> coaps put test-resource con payload
Done
> coaps put test-resource block-1024 10
Done
Sets the URI path for the test resource.
> coaps resource test-resource
Done
> coaps resource
test-resource
Done
Sets the content sent by the test resource.
> coaps set Testing123
Done
Starts the application coaps service.
The check-peer-cert
parameter determines if the peer-certificate check is enabled (default) or disabled. The max-conn-attempts
parameter sets the maximum number of allowed attempts, successful or failed, to connect to the CoAP Secure server. The default value of this parameter is 0, which means that there is no limit to the number of attempts. The check-peer-cert
and max-conn-attempts
parameters work together in the following combinations, even though you can only specify one argument:
- No argument specified: Defaults are used.
- Setting
check-peer-cert
totrue
: Has the same effect as as omitting the argument, which is that thecheck-peer-cert
value istrue
, and themax-conn-attempts
value is 0. - Setting
check-peer-cert
tofalse
:check-peer-cert
value isfalse
, and themax-conn-attempts
value is0
. - Specifying a number:
check-peer-cert
istrue
, and themax-conn-attempts
value is the number specified in the argument.
> coaps start
Done
Stops the application coaps service.
> coaps stop
Done
Indicates whether or not the CoAP secure service is connected.
> coaps isconnected
yes
Done
Indicates whether or not the CoAP secure service connection is active (already connected or establishing a connection).
> coaps isconnactive
yes
Done
Indicates whether or not the CoAP secure service is closed.
> coaps isclosed
no
Done
Set DTLS ciphersuite to TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
.
The X.509 certificate stored in src/cli/x509_cert_key.hpp
.
> coaps x509
Done