Re: [PR] [CAMEL-19620] - upgrade californium-scandium [camel]

Thu, 18 Jan 2024 07:11:27 -0800 


boaks commented on code in PR #12769:
URL: https://github.com/apache/camel/pull/12769#discussion_r1457582490


##########
components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java:
##########
@@ -460,31 +482,40 @@ public DTLSConnector 
createDTLSConnector(InetSocketAddress address, boolean clie
                 }
 
                 PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, 
keyManagers.getKeyPassword().toCharArray());
-                builder.setIdentity(privateKey, 
keyStore.getCertificateChain(alias));
+                builder.setCertificateIdentityProvider(
+                        new SingleCertificateProvider(privateKey, 
keyStore.getCertificateChain(alias)));
+
             } else if (privateKey != null) {
-                builder.setIdentity(privateKey, publicKey);
+                builder.setCertificateIdentityProvider(new 
SingleCertificateProvider(privateKey, publicKey));
             }
 
-            if (pskStore != null) {
-                builder.setPskStore(pskStore);
+            if (advancedPskStore != null) {
+                builder.setAdvancedPskStore(advancedPskStore);
             }
 
             // Add all certificates from the truststore
-            Certificate[] certs = getTrustedCerts();
+            X509Certificate[] certs = getTrustedCerts();
             if (certs.length > 0) {
-                builder.setTrustStore(certs);
+                
certificateConfigurationHelper.addConfigurationDefaultsForTrusts(certs);
+                builder.setCertificateHelper(certificateConfigurationHelper);
+                NewAdvancedCertificateVerifier trust = 
StaticNewAdvancedCertificateVerifier
+                        .builder()
+                        .setTrustedCertificates(certs)
+                        .build();
+                builder.setAdvancedCertificateVerifier(trust);
             }
-            if (trustedRpkStore != null) {
-                
builder.setTrustCertificateTypes(CertificateType.RAW_PUBLIC_KEY);
-                builder.setRpkTrustStore(trustedRpkStore);
+            if (advancedCertificateVerifier != null) {
+                builder.set(DTLS_CERTIFICATE_TYPES, 
Arrays.asList(CertificateType.RAW_PUBLIC_KEY));

Review Comment:
   Using Raw Public Key requires to set the trusted keys explicitly in the 
certificate verifier. x509 certificates are not considered implicit as Raw 
Public Key trust.  



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to