This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch camel-2.x
in repository https://gitbox.apache.org/repos/asf/camel.git
commit bafb54369d674858730c63fd9c5eb800d30a7e03
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Fri Apr 26 12:08:13 2019 +0100
Supporting pre-shared keys
---
.../camel-coap/src/main/docs/coap-component.adoc | 3 +-
.../java/org/apache/camel/coap/CoAPEndpoint.java | 30 ++++++++++++---
.../apache/camel/coap/CoAPComponentTLSTest.java | 43 ++++++++++++++++++++++
3 files changed, 70 insertions(+), 6 deletions(-)
diff --git a/components/camel-coap/src/main/docs/coap-component.adoc
b/components/camel-coap/src/main/docs/coap-component.adoc
index 1c7f280..3cb957b 100644
--- a/components/camel-coap/src/main/docs/coap-component.adoc
+++ b/components/camel-coap/src/main/docs/coap-component.adoc
@@ -50,7 +50,7 @@ with the following path and query parameters:
|===
-==== Query Parameters (15 parameters):
+==== Query Parameters (16 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
@@ -61,6 +61,7 @@ with the following path and query parameters:
| *keystore* (common) | Sets the TLS key store. Alternatively, a
KeyStoreParameters object can be configured instead. An alias and password
should also be configured on the route definition. | | KeyStore
| *keyStoreParameters* (common) | The KeyStoreParameters object to use with
TLS to configure the keystore. Alternatively, a keystore parameter can be
directly configured instead. An alias and password should also be configured on
the route definition. | | KeyStoreParameters
| *privateKey* (common) | Set the configured private key for use with Raw
Public Key. | | PrivateKey
+| *pskStore* (common) | Set the PskStore to use for pre-shared key. | |
PskStore
| *publicKey* (common) | Set the configured public key for use with Raw Public
Key. | | PublicKey
| *trustedRpkStore* (common) | Set the TrustedRpkStore to use to determine
trust in raw public keys. | | TrustedRpkStore
| *truststore* (common) | Sets the TLS trust store. Alternatively, a
trustStoreParameters object can be configured instead. All certificates in the
truststore are used to establish trust. | | KeyStore
diff --git
a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
index add9aab..5186a96 100644
---
a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
+++
b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
@@ -43,6 +43,7 @@ import org.eclipse.californium.core.CoapServer;
import org.eclipse.californium.scandium.DTLSConnector;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
+import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;
/**
@@ -77,6 +78,9 @@ public class CoAPEndpoint extends DefaultEndpoint {
private TrustedRpkStore trustedRpkStore;
@UriParam
+ private PskStore pskStore;
+
+ @UriParam
private String alias;
@UriParam(label = "security", javaType = "java.lang.String", secret = true)
@@ -228,7 +232,21 @@ public class CoAPEndpoint extends DefaultEndpoint {
public void setTrustedRpkStore(TrustedRpkStore trustedRpkStore) {
this.trustedRpkStore = trustedRpkStore;
}
-
+
+ /**
+ * Get the PskStore to use for pre-shared key.
+ */
+ public PskStore getPskStore() {
+ return pskStore;
+ }
+
+ /**
+ * Set the PskStore to use for pre-shared key.
+ */
+ public void setPskStore(PskStore pskStore) {
+ this.pskStore = pskStore;
+ }
+
/**
* Get the configured private key for use with Raw Public Key.
*/
@@ -347,22 +365,22 @@ public class CoAPEndpoint extends DefaultEndpoint {
DtlsConnectorConfig.Builder builder = new
DtlsConnectorConfig.Builder();
if (client) {
- if (trustedRpkStore == null && getTruststore() == null) {
+ if (trustedRpkStore == null && getTruststore() == null && pskStore
== null) {
throw new IllegalStateException("A truststore must be
configured to use TLS");
}
builder.setClientOnly();
} else {
- if (privateKey == null && getKeystore() == null) {
+ if (privateKey == null && getKeystore() == null && pskStore ==
null) {
throw new IllegalStateException("A keystore or private key
must be configured to use TLS");
}
if (privateKey != null && publicKey == null) {
throw new IllegalStateException("A public key must be
configured to use a Raw Public Key with TLS");
}
- if (privateKey == null && getAlias() == null) {
+ if (privateKey == null && pskStore == null && getAlias() == null) {
throw new IllegalStateException("An alias must be configured
to use TLS");
}
- if (privateKey == null && getPassword() == null) {
+ if (privateKey == null && pskStore == null && getPassword() ==
null) {
throw new IllegalStateException("A password must be configured
to use TLS");
}
if ((isClientAuthenticationRequired() ||
isClientAuthenticationWanted())
@@ -383,6 +401,8 @@ public class CoAPEndpoint extends DefaultEndpoint {
builder.setIdentity(privateKey,
getKeystore().getCertificateChain(getAlias()));
} else if (privateKey != null) {
builder.setIdentity(privateKey, publicKey);
+ } else if (pskStore != null) {
+ builder.setPskStore(pskStore);
}
// Add all certificates from the truststore
diff --git
a/components/camel-coap/src/test/java/org/apache/camel/coap/CoAPComponentTLSTest.java
b/components/camel-coap/src/test/java/org/apache/camel/coap/CoAPComponentTLSTest.java
index b9d6b70..b6bd4ca 100644
---
a/components/camel-coap/src/test/java/org/apache/camel/coap/CoAPComponentTLSTest.java
+++
b/components/camel-coap/src/test/java/org/apache/camel/coap/CoAPComponentTLSTest.java
@@ -20,6 +20,8 @@ import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
+import javax.crypto.KeyGenerator;
+
import org.apache.camel.Exchange;
import org.apache.camel.Message;
import org.apache.camel.Processor;
@@ -33,6 +35,8 @@ import org.apache.camel.test.junit4.CamelTestSupport;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.eclipse.californium.core.coap.CoAP;
import org.eclipse.californium.core.coap.MediaTypeRegistry;
+import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
+import org.eclipse.californium.scandium.dtls.pskstore.StaticPskStore;
import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;
import org.junit.Test;
@@ -44,6 +48,7 @@ public class CoAPComponentTLSTest extends CamelTestSupport {
protected static final int PORT4 = AvailablePortFinder.getNextAvailable();
protected static final int PORT5 = AvailablePortFinder.getNextAvailable();
protected static final int PORT6 = AvailablePortFinder.getNextAvailable();
+ protected static final int PORT7 = AvailablePortFinder.getNextAvailable();
@Produce(uri = "direct:start")
protected ProducerTemplate sender;
@@ -154,6 +159,28 @@ public class CoAPComponentTLSTest extends CamelTestSupport
{
assertMockEndpointsSatisfied();
}
+ @Test
+ public void testPreSharedKey() throws Exception {
+ MockEndpoint mock = getMockEndpoint("mock:result");
+ mock.expectedMinimumMessageCount(1);
+ mock.expectedBodiesReceived("Hello Camel CoAP");
+ mock.expectedHeaderReceived(Exchange.CONTENT_TYPE,
MediaTypeRegistry.toString(MediaTypeRegistry.APPLICATION_OCTET_STREAM));
+ mock.expectedHeaderReceived(CoAPConstants.COAP_RESPONSE_CODE,
CoAP.ResponseCode.CONTENT.toString());
+ sendBodyAndHeader("direct:psk", "Camel CoAP",
CoAPConstants.COAP_METHOD, "POST");
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testPreSharedKeyCipherSuite() throws Exception {
+ MockEndpoint mock = getMockEndpoint("mock:result");
+ mock.expectedMinimumMessageCount(1);
+ mock.expectedBodiesReceived("Hello Camel CoAP");
+ mock.expectedHeaderReceived(Exchange.CONTENT_TYPE,
MediaTypeRegistry.toString(MediaTypeRegistry.APPLICATION_OCTET_STREAM));
+ mock.expectedHeaderReceived(CoAPConstants.COAP_RESPONSE_CODE,
CoAP.ResponseCode.CONTENT.toString());
+ sendBodyAndHeader("direct:pskciphersuite", "Camel CoAP",
CoAPConstants.COAP_METHOD, "POST");
+ assertMockEndpointsSatisfied();
+ }
+
@Override
protected JndiRegistry createRegistry() throws Exception {
JndiRegistry registry = super.createRegistry();
@@ -186,6 +213,8 @@ public class CoAPComponentTLSTest extends CamelTestSupport {
TrustedRpkStore trustedRpkStore = id -> { return true;};
TrustedRpkStore failedTrustedRpkStore = id -> { return false;};
+ KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
+ PskStore pskStore = new StaticPskStore("some-identity",
keyGenerator.generateKey().getEncoded());
registry.bind("keyParams", keystoreParameters);
registry.bind("keyParams2", keystoreParameters2);
@@ -196,6 +225,7 @@ public class CoAPComponentTLSTest extends CamelTestSupport {
registry.bind("publicKey", publicKey);
registry.bind("trustedRpkStore", trustedRpkStore);
registry.bind("failedTrustedRpkStore", failedTrustedRpkStore);
+ registry.bind("pskStore", pskStore);
return registry;
}
@@ -233,6 +263,10 @@ public class CoAPComponentTLSTest extends CamelTestSupport
{
+ "trustedRpkStore=#trustedRpkStore", PORT6)
.transform(body().prepend("Hello "));
+
fromF("coaps://localhost:%d/TestResource?alias=service&password=security&"
+ + "pskStore=#pskStore", PORT7)
+ .transform(body().prepend("Hello "));
+
from("direct:start")
.toF("coaps://localhost:%d/TestResource?trustStoreParameters=#trustParams",
PORT)
.to("mock:result");
@@ -280,6 +314,15 @@ public class CoAPComponentTLSTest extends CamelTestSupport
{
.toF("coaps://localhost:%d/TestResource?trustedRpkStore=#trustedRpkStore&"
+ "privateKey=#privateKey&publicKey=#publicKey",
PORT6)
.to("mock:result");
+
+ from("direct:psk")
+
.toF("coaps://localhost:%d/TestResource?pskStore=#pskStore", PORT7)
+ .to("mock:result");
+
+ from("direct:pskciphersuite")
+
.toF("coaps://localhost:%d/TestResource?pskStore=#pskStore&"
+ + "cipherSuites=TLS_PSK_WITH_AES_128_CBC_SHA256",
PORT7)
+ .to("mock:result");
}
};
}
