You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by co...@apache.org on 2019/04/26 11:09:04 UTC
[camel] branch CAMEL-13402 updated: Supporting pre-shared keys
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch CAMEL-13402
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/CAMEL-13402 by this push:
new 4e3b76c Supporting pre-shared keys
4e3b76c is described below
commit 4e3b76cba91f1837738357205c8a5920135f7752
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Apr 26 12:08:13 2019 +0100
Supporting pre-shared keys
---
.../camel-coap/src/main/docs/coap-component.adoc | 3 +-
.../java/org/apache/camel/coap/CoAPEndpoint.java | 30 ++++++++++++---
.../apache/camel/coap/CoAPComponentTLSTest.java | 43 ++++++++++++++++++++++
3 files changed, 70 insertions(+), 6 deletions(-)
diff --git a/components/camel-coap/src/main/docs/coap-component.adoc b/components/camel-coap/src/main/docs/coap-component.adoc
index 1482ef6..5bcdb86 100644
--- a/components/camel-coap/src/main/docs/coap-component.adoc
+++ b/components/camel-coap/src/main/docs/coap-component.adoc
@@ -50,7 +50,7 @@ with the following path and query parameters:
|===
-==== Query Parameters (15 parameters):
+==== Query Parameters (16 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
@@ -61,6 +61,7 @@ with the following path and query parameters:
| *keystore* (common) | Sets the TLS key store. Alternatively, a KeyStoreParameters object can be configured instead. An alias and password should also be configured on the route definition. | | KeyStore
| *keyStoreParameters* (common) | The KeyStoreParameters object to use with TLS to configure the keystore. Alternatively, a keystore parameter can be directly configured instead. An alias and password should also be configured on the route definition. | | KeyStoreParameters
| *privateKey* (common) | Set the configured private key for use with Raw Public Key. | | PrivateKey
+| *pskStore* (common) | Set the PskStore to use for pre-shared key. | | PskStore
| *publicKey* (common) | Set the configured public key for use with Raw Public Key. | | PublicKey
| *trustedRpkStore* (common) | Set the TrustedRpkStore to use to determine trust in raw public keys. | | TrustedRpkStore
| *truststore* (common) | Sets the TLS trust store. Alternatively, a trustStoreParameters object can be configured instead. All certificates in the truststore are used to establish trust. | | KeyStore
diff --git a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
index b84a312..cbb7bf7 100644
--- a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
+++ b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
@@ -43,6 +43,7 @@ import org.eclipse.californium.core.CoapServer;
import org.eclipse.californium.scandium.DTLSConnector;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
+import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;
/**
@@ -77,6 +78,9 @@ public class CoAPEndpoint extends DefaultEndpoint {
private TrustedRpkStore trustedRpkStore;
@UriParam
+ private PskStore pskStore;
+
+ @UriParam
private String alias;
@UriParam(label = "security", javaType = "java.lang.String", secret = true)
@@ -228,7 +232,21 @@ public class CoAPEndpoint extends DefaultEndpoint {
public void setTrustedRpkStore(TrustedRpkStore trustedRpkStore) {
this.trustedRpkStore = trustedRpkStore;
}
-
+
+ /**
+ * Get the PskStore to use for pre-shared key.
+ */
+ public PskStore getPskStore() {
+ return pskStore;
+ }
+
+ /**
+ * Set the PskStore to use for pre-shared key.
+ */
+ public void setPskStore(PskStore pskStore) {
+ this.pskStore = pskStore;
+ }
+
/**
* Get the configured private key for use with Raw Public Key.
*/
@@ -347,22 +365,22 @@ public class CoAPEndpoint extends DefaultEndpoint {
DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder();
if (client) {
- if (trustedRpkStore == null && getTruststore() == null) {
+ if (trustedRpkStore == null && getTruststore() == null && pskStore == null) {
throw new IllegalStateException("A truststore must be configured to use TLS");
}
builder.setClientOnly();
} else {
- if (privateKey == null && getKeystore() == null) {
+ if (privateKey == null && getKeystore() == null && pskStore == null) {
throw new IllegalStateException("A keystore or private key must be configured to use TLS");
}
if (privateKey != null && publicKey == null) {
throw new IllegalStateException("A public key must be configured to use a Raw Public Key with TLS");
}
- if (privateKey == null && getAlias() == null) {
+ if (privateKey == null && pskStore == null && getAlias() == null) {
throw new IllegalStateException("An alias must be configured to use TLS");
}
- if (privateKey == null && getPassword() == null) {
+ if (privateKey == null && pskStore == null && getPassword() == null) {
throw new IllegalStateException("A password must be configured to use TLS");
}
if ((isClientAuthenticationRequired() || isClientAuthenticationWanted())
@@ -383,6 +401,8 @@ public class CoAPEndpoint extends DefaultEndpoint {
builder.setIdentity(privateKey, getKeystore().getCertificateChain(getAlias()));
} else if (privateKey != null) {
builder.setIdentity(privateKey, publicKey);
+ } else if (pskStore != null) {
+ builder.setPskStore(pskStore);
}
// Add all certificates from the truststore
diff --git a/components/camel-coap/src/test/java/org/apache/camel/coap/CoAPComponentTLSTest.java b/components/camel-coap/src/test/java/org/apache/camel/coap/CoAPComponentTLSTest.java
index a7389cb..fbbd54c 100644
--- a/components/camel-coap/src/test/java/org/apache/camel/coap/CoAPComponentTLSTest.java
+++ b/components/camel-coap/src/test/java/org/apache/camel/coap/CoAPComponentTLSTest.java
@@ -20,6 +20,8 @@ import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
+import javax.crypto.KeyGenerator;
+
import org.apache.camel.Exchange;
import org.apache.camel.Message;
import org.apache.camel.Processor;
@@ -30,6 +32,8 @@ import org.apache.camel.test.AvailablePortFinder;
import org.apache.camel.test.junit4.CamelTestSupport;
import org.eclipse.californium.core.coap.CoAP;
import org.eclipse.californium.core.coap.MediaTypeRegistry;
+import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
+import org.eclipse.californium.scandium.dtls.pskstore.StaticPskStore;
import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;
import org.junit.Test;
@@ -41,6 +45,7 @@ public class CoAPComponentTLSTest extends CamelTestSupport {
protected static final int PORT4 = AvailablePortFinder.getNextAvailable();
protected static final int PORT5 = AvailablePortFinder.getNextAvailable();
protected static final int PORT6 = AvailablePortFinder.getNextAvailable();
+ protected static final int PORT7 = AvailablePortFinder.getNextAvailable();
@Test
public void testSuccessfulCall() throws Exception {
@@ -148,6 +153,28 @@ public class CoAPComponentTLSTest extends CamelTestSupport {
assertMockEndpointsSatisfied();
}
+ @Test
+ public void testPreSharedKey() throws Exception {
+ MockEndpoint mock = getMockEndpoint("mock:result");
+ mock.expectedMinimumMessageCount(1);
+ mock.expectedBodiesReceived("Hello Camel CoAP");
+ mock.expectedHeaderReceived(Exchange.CONTENT_TYPE, MediaTypeRegistry.toString(MediaTypeRegistry.APPLICATION_OCTET_STREAM));
+ mock.expectedHeaderReceived(CoAPConstants.COAP_RESPONSE_CODE, CoAP.ResponseCode.CONTENT.toString());
+ sendBodyAndHeader("direct:psk", "Camel CoAP", CoAPConstants.COAP_METHOD, "POST");
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testPreSharedKeyCipherSuite() throws Exception {
+ MockEndpoint mock = getMockEndpoint("mock:result");
+ mock.expectedMinimumMessageCount(1);
+ mock.expectedBodiesReceived("Hello Camel CoAP");
+ mock.expectedHeaderReceived(Exchange.CONTENT_TYPE, MediaTypeRegistry.toString(MediaTypeRegistry.APPLICATION_OCTET_STREAM));
+ mock.expectedHeaderReceived(CoAPConstants.COAP_RESPONSE_CODE, CoAP.ResponseCode.CONTENT.toString());
+ sendBodyAndHeader("direct:pskciphersuite", "Camel CoAP", CoAPConstants.COAP_METHOD, "POST");
+ assertMockEndpointsSatisfied();
+ }
+
@Override
protected RouteBuilder createRouteBuilder() throws Exception {
KeyStoreParameters keystoreParameters = new KeyStoreParameters();
@@ -178,6 +205,8 @@ public class CoAPComponentTLSTest extends CamelTestSupport {
TrustedRpkStore trustedRpkStore = id -> { return true;};
TrustedRpkStore failedTrustedRpkStore = id -> { return false;};
+ KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
+ PskStore pskStore = new StaticPskStore("some-identity", keyGenerator.generateKey().getEncoded());
context.getRegistry().bind("keyParams", keystoreParameters);
context.getRegistry().bind("keyParams2", keystoreParameters2);
@@ -188,6 +217,7 @@ public class CoAPComponentTLSTest extends CamelTestSupport {
context.getRegistry().bind("publicKey", publicKey);
context.getRegistry().bind("trustedRpkStore", trustedRpkStore);
context.getRegistry().bind("failedTrustedRpkStore", failedTrustedRpkStore);
+ context.getRegistry().bind("pskStore", pskStore);
return new RouteBuilder() {
@Override
@@ -219,6 +249,10 @@ public class CoAPComponentTLSTest extends CamelTestSupport {
+ "trustedRpkStore=#trustedRpkStore", PORT6)
.transform(body().prepend("Hello "));
+ fromF("coaps://localhost:%d/TestResource?alias=service&password=security&"
+ + "pskStore=#pskStore", PORT7)
+ .transform(body().prepend("Hello "));
+
from("direct:start")
.toF("coaps://localhost:%d/TestResource?trustStoreParameters=#trustParams", PORT)
.to("mock:result");
@@ -266,6 +300,15 @@ public class CoAPComponentTLSTest extends CamelTestSupport {
.toF("coaps://localhost:%d/TestResource?trustedRpkStore=#trustedRpkStore&"
+ "privateKey=#privateKey&publicKey=#publicKey", PORT6)
.to("mock:result");
+
+ from("direct:psk")
+ .toF("coaps://localhost:%d/TestResource?pskStore=#pskStore", PORT7)
+ .to("mock:result");
+
+ from("direct:pskciphersuite")
+ .toF("coaps://localhost:%d/TestResource?pskStore=#pskStore&"
+ + "cipherSuites=TLS_PSK_WITH_AES_128_CBC_SHA256", PORT7)
+ .to("mock:result");
}
};
}