Timeout trying to connect to arm mbed remote server

[Karandev]

We tried to connect to remote server api.connector.mbed.com port 5694 but the connection was not happening and timeout exception was given with token also provided.
We tried in a Copper add-on for firefox, still the same timeout issue happens.
Is the server up and running? Please help.

[szysas]

There is nothing running on port 5694 you should use instead 5684. Note also, that it requires DTLS or TLS secure connection.

[Karandev]

Thanks for the reply.
Is the coap-core library making use of DTLS/TLS secure connection?

[szysas]

At the moment only TLS.

[Karandev]

`CoapClient client = null;
try {
client = CoapClientBuilder.newBuilder(new InetSocketAddress("api.connector.mbed.com",5684)).build();
} catch (IOException e) {

		e.printStackTrace();
	}

	CoapPacket coapResp;
	try {
		coapResp = client.resource("/Test/0/S").sync().get();
		System.out.println(coapResp.toString());
	} catch (CoapException e) {
		// TODO Auto-generated catch block
		e.printStackTrace();
	}`

We tried using this code piece with the port number as 5684. We got CoapTimeOutException.

Could you please let us know why the problem happens?

[szysas]

In your example, it is trying to connect with plain text.
For tls connection, you need to prepare keystore with proper certificates and setup transport similar as in this test class: https://github.com/ARMmbed/java-coap/blob/master/coap-core/src/test/java/com/mbed/coap/transport/javassl/SSLSocketClientTransportTest.java

[Karandev]

Thanks for the support!

We tried with this code:
SSLContext clientSslContext = SSLUtils.sslContext(CLI_KS, SECRET); InetSocketAddress serverAdr = new InetSocketAddress("api.connector.mbed.com",5683); CoapClient client = null; try { client = CoapClientBuilder.clientFor(serverAdr,CoapServer.builder().transport(new SSLSocketClientTransport(serverAdr, clientSslContext.getSocketFactory())).build().start()); CoapPacket coapResp; try { coapResp = client.resource("/Test/0/S").sync().get(); System.out.println(coapResp.toString()); } catch (CoapException e) { // TODO Auto-generated catch block e.printStackTrace(); } } catch (IllegalStateException | IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } client.close();

But got the following exception:

java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
at sun.security.ssl.SSLSocketImpl.(SSLSocketImpl.java:446)
at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:137)
at com.mbed.coap.transport.javassl.SSLSocketClientTransport.start(SSLSocketClientTransport.java:52)
at com.mbed.coap.server.CoapServer.start(CoapServer.java:169)
at MyTest.main(MyTest.java:92)

While creating the client. Please help.

[szysas]

Note the port, it should be 5684.

[Karandev]

Yes, we have tried it with 5684 too.

[szysas]

When you use correct address and port:

InetSocketAddress serverAdr = new InetSocketAddress("api.connector.mbed.com", 5684);
CoapClient client = CoapClientBuilder.clientFor(serverAdr,
                CoapServer.builder().transport(new SSLSocketClientTransport(serverAdr, clientSslContext.getSocketFactory())).build().start()
);

client.ping().get();

You should get error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

Next step is to create keystore from https://connector.mbed.com/#credentials and use this keystore to connect with mbed connector.

[Karandev]

Could you please share a reference link on how to create keystore from https://connector.mbed.com/#credentials ?
We are trying to connect to server from an Android application. We created a certificate using Keystore Explorer and added a certificate entry.
But we got the error : javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
Please help.

[szysas]

I created example client application, that uses keystore to register with mbed cloud. There is also instruction on how to create keystore:
https://github.com/ARMmbed/java-coap/tree/dev/example-client/example-client

[Karandev]

Thanks for the help again!
I used OpenSSL in Ubuntu and tried the full command as in the above link. I git a message that the usage is not correct. I split the command and executed the following:
openssl pkcs12 -export -in CERT.pem -inkey KEY.pem -out CERT_KEY.p12 -name device -password pass:secret keytool-keystore client.jks
But the same issue happens. Please help.

[szysas]

OK, there was formatting issue in readme file, try again:

openssl pkcs12 -export -in CERT.pem -inkey KEY.pem -out CERT_KEY.p12 -name device -password pass:secret
keytool -keystore client.jks -storepass secret  -importkeystore -srcstorepass secret -srckeystore CERT_KEY.p12 -srcstoretype PKCS12 -noprompt
keytool -keystore client.jks -storepass secret  -import -alias server-ca -file SERVER_CERT.pem -noprompt

[szysas]

You need to leave -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----

[Karandev]

I could create the keystore successfully, but got this error
"java.lang.RuntimeException: java.io.IOException: Wrong version of key store."

[szysas]

Did you get it when running example-client from your PC? (./run.sh 'coaps://api.connector.mbed.com:5684/rd?ep={MBED_ENDPOINT_NAME}' client.jks )

[Karandev]

I tried directly in the Android application created using Android Studio.

[szysas]

Can you verify that it works from PC?

[Karandev]

Okay

[szysas]

For Android, you might need to convert keystore type from JKS to BKS. You can do it with Keystore explorer: http://keystore-explorer.org.

[Karandev]

Trying to register we got the following error
"Didn't find class "java.time.Duration" on path: DexPathList[[zip file "/data/app/com.example.a20120672.coap-1/base.apk"],nativeLibraryDirectories=[/data/app/com.example.a20120672.coap-1/lib/arm64, /system/lib64, /vendor/lib64]]" in RegistrationManager constructor.
We are using JDK 1.8 and running on Android.

[Karandev]

We tried with:
String registrationUri = "coaps://api.connector.mbed.com:5684/rd?ep=<mbed_end_point_name_here>";
But got exception while registering. The previous issue i commented the Duration codes in the RegistrationManager class and hardcoded a delay of 5000.

Please help.

[szysas]

1. Have you tried to register with example-client from PC?
2. What kind of exception you've got?
3. About Android, I'm not sure how android support java 8, you could try to use coap-core-java7 from branch: java7-backport

[Karandev]

I got the exception No connection with api.connector.mbed.com/169.45.82.18:5684 while trying to register.

[szysas]

Can you be more specific, what exact exception, how did you run it?

[Karandev]

While registering, when debugging the sendPacket method in SSLSocketClientTransport class the following method gets called:
if(adr != this.destination) { throw new IllegalStateException("No connection with: " + adr); }
even though adr and destination are both api.connector.mbed.com/169.45.82.18:5684.

Should we be using .equals ?

[szysas]

Yes it should, and it is fixed. You need to pull for latest changes.

[Karandev]

How will we know that we have registered a device successfully to mbed connector? We checked for connected devices in https://connector.mbed.com/#endpoints but could not find our device end point name. Is register enough or should we do something else?

[szysas]

Good question. In the logs you should see response like CoAP received [ACK 201 .... I will have to improve logging in RegistrationManager class.

[Karandev]

Actually even though we could write to output stream, no callbacks are made to the register method in RegisterManager class.

[szysas]

Can you please, try first to use example client to register? Lets see if that works for you.

[Karandev]

Yes, we tried with the example client Java application. In that also we are not receiving any acknowledgement for register. Also, no exceptions are present. We used the same jks file and end point name as was used for the remote server.

[szysas]

Can you show logs?

[Karandev]

In the mbed portal, the end point name is now shown in connected devices. How can we know whether it is the Android app or the Java application which was the reason for the change? How to remove the registered device from the portal?

[szysas]

You need to check logs and see if your android app gets ACK 201. Device will get removed after registration lifetime expires or by sending remove registration message (for example by calling RegistrationManager.removeRegistration)

[Karandev]

Thanks szysas, we are able to see the endpoint name as active and the resources in the mbed portal console using Android application.
:)

[Karandev]

How do we update the LWM2M server about a change in some sensor value, for example temperature value obtained from device sensors, in the form of endpoints and resources?

[szysas]

Could you make a new ticket for you last question, and close this one?