You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@plc4x.apache.org by ld...@apache.org on 2024/02/12 09:25:55 UTC
(plc4x) 06/12: Draft - read application uri from cert
This is an automated email from the ASF dual-hosted git repository.
ldywicki pushed a commit to branch pg/security-policy
in repository https://gitbox.apache.org/repos/asf/plc4x.git
commit 37835263972567e122835dcbe08b9cbb41d0bd9e
Author: PatrykGala <pa...@gmail.com>
AuthorDate: Wed Jul 19 23:28:20 2023 +0200
Draft - read application uri from cert
---
.../java/opcua/config/OpcuaConfiguration.java | 17 +++++++-----
.../java/opcua/context/CertificateKeyPair.java | 30 +++++++++++++++++++---
.../plc4x/java/opcua/context/SecureChannel.java | 2 +-
3 files changed, 38 insertions(+), 11 deletions(-)
diff --git a/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/config/OpcuaConfiguration.java b/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/config/OpcuaConfiguration.java
index 45c2161ac8..fb23044f2a 100644
--- a/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/config/OpcuaConfiguration.java
+++ b/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/config/OpcuaConfiguration.java
@@ -21,12 +21,10 @@ package org.apache.plc4x.java.opcua.config;
import org.apache.plc4x.java.api.exceptions.PlcConnectionException;
import org.apache.plc4x.java.opcua.context.CertificateGenerator;
import org.apache.plc4x.java.opcua.context.CertificateKeyPair;
-import org.apache.plc4x.java.opcua.protocol.OpcuaProtocolLogic;
import org.apache.plc4x.java.opcua.readwrite.PascalByteString;
import org.apache.plc4x.java.spi.configuration.Configuration;
import org.apache.plc4x.java.spi.configuration.annotations.ConfigurationParameter;
import org.apache.plc4x.java.spi.configuration.annotations.defaults.BooleanDefaultValue;
-import org.apache.plc4x.java.spi.configuration.annotations.defaults.IntDefaultValue;
import org.apache.plc4x.java.spi.configuration.annotations.defaults.StringDefaultValue;
import org.apache.plc4x.java.transport.tcp.TcpTransportConfiguration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -36,12 +34,13 @@ import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
-import java.io.IOException;
import java.nio.file.FileSystems;
-import java.nio.file.Path;
-import java.security.*;
-import java.security.cert.CertificateException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Security;
import java.security.cert.X509Certificate;
+import java.util.Optional;
public class OpcuaConfiguration implements Configuration, TcpTransportConfiguration {
@@ -85,6 +84,9 @@ public class OpcuaConfiguration implements Configuration, TcpTransportConfigurat
@ConfigurationParameter("keyStorePassword")
private String keyStorePassword;
+ @ConfigurationParameter("applicationUri")
+ private String applicationUri;
+
private CertificateKeyPair ckp;
public boolean isDiscovery() {
@@ -231,5 +233,8 @@ public class OpcuaConfiguration implements Configuration, TcpTransportConfigurat
public void setSenderCertificate(byte[] certificate) { this.senderCertificate = certificate; }
+ public Optional<String> getApplicationUri() {
+ return Optional.ofNullable(applicationUri).or(() -> ckp.getApplicationUri());
+ }
}
diff --git a/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/CertificateKeyPair.java b/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/CertificateKeyPair.java
index ae65d8368b..9133a68bf4 100644
--- a/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/CertificateKeyPair.java
+++ b/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/CertificateKeyPair.java
@@ -18,9 +18,15 @@
*/
package org.apache.plc4x.java.opcua.context;
+import io.vavr.control.Try;
+import org.bouncycastle.asn1.x509.GeneralName;
+
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.List;
+import java.util.Optional;
public class CertificateKeyPair {
@@ -28,16 +34,32 @@ public class CertificateKeyPair {
private final X509Certificate certificate;
private final byte[] thumbprint;
- public CertificateKeyPair(KeyPair keyPair, X509Certificate certificate) throws Exception{
+ public CertificateKeyPair(KeyPair keyPair, X509Certificate certificate) throws Exception {
this.keyPair = keyPair;
this.certificate = certificate;
MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
this.thumbprint = messageDigest.digest(this.certificate.getEncoded());
}
- public KeyPair getKeyPair() { return keyPair; }
+ public KeyPair getKeyPair() {
+ return keyPair;
+ }
+
+ public X509Certificate getCertificate() {
+ return certificate;
+ }
- public X509Certificate getCertificate() { return certificate; }
+ public byte[] getThumbPrint() {
+ return thumbprint;
+ }
- public byte[] getThumbPrint() { return thumbprint; }
+ public Optional<String> getApplicationUri() {
+ Try<Collection<List<?>>> lists = Try.of(certificate::getSubjectAlternativeNames);
+ return lists.toJavaStream()
+ .flatMap(Collection::stream)
+ .filter(l -> l.size() == 2)
+ .filter(name -> name.get(0).equals(GeneralName.uniformResourceIdentifier))
+ .map(t -> (String) t.get(1))
+ .findAny();
+ }
}
diff --git a/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/SecureChannel.java b/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/SecureChannel.java
index 798089ea25..e40f48befb 100644
--- a/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/SecureChannel.java
+++ b/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/SecureChannel.java
@@ -385,7 +385,7 @@ public class SecureChannel {
int noOfDiscoveryUrls = -1;
List<PascalString> discoveryUrls = new ArrayList<>(0);
- ApplicationDescription clientDescription = new ApplicationDescription(APPLICATION_URI,
+ ApplicationDescription clientDescription = new ApplicationDescription(configuration.getApplicationUri().map(PascalString::new).orElse(APPLICATION_URI),
PRODUCT_URI,
applicationName,
ApplicationType.applicationTypeClient,