From commits-return-71297-archive-asf-public=cust-asf.ponee.io@camel.apache.org Tue Apr 9 15:02:00 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 91E37180784 for ; Tue, 9 Apr 2019 17:01:59 +0200 (CEST) Received: (qmail 4680 invoked by uid 500); 9 Apr 2019 14:42:21 -0000 Mailing-List: contact commits-help@camel.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@camel.apache.org Delivered-To: mailing list commits@camel.apache.org Received: (qmail 4597 invoked by uid 99); 9 Apr 2019 14:42:21 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Apr 2019 14:42:21 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id B55FE80B29; Tue, 9 Apr 2019 15:01:58 +0000 (UTC) Date: Tue, 09 Apr 2019 15:02:00 +0000 To: "commits@camel.apache.org" Subject: [camel] 02/02: Adding initial TLS support MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit From: coheigea@apache.org In-Reply-To: <155482211821.3250.4025450709852237928@gitbox.apache.org> References: <155482211821.3250.4025450709852237928@gitbox.apache.org> X-Git-Host: gitbox.apache.org X-Git-Repo: camel X-Git-Refname: refs/heads/CAMEL-13402 X-Git-Reftype: branch X-Git-Rev: d786b6d5dd601198df6b0da2fd50ae21604f0fef X-Git-NotificationType: diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated Message-Id: <20190409150158.B55FE80B29@gitbox.apache.org> This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch CAMEL-13402 in repository https://gitbox.apache.org/repos/asf/camel.git commit d786b6d5dd601198df6b0da2fd50ae21604f0fef Author: Colm O hEigeartaigh AuthorDate: Tue Apr 9 16:01:30 2019 +0100 Adding initial TLS support --- components/camel-coap/pom.xml | 5 ++ .../camel-coap/src/main/docs/coap-component.adoc | 3 +- .../java/org/apache/camel/coap/CoAPComponent.java | 66 ++++++++++++++++++++-- .../java/org/apache/camel/coap/CoAPEndpoint.java | 17 +++++- .../java/org/apache/camel/coap/CoAPProducer.java | 46 +++++++++++++++ .../services/org/apache/camel/component/coaps | 18 ++++++ 6 files changed, 147 insertions(+), 8 deletions(-) diff --git a/components/camel-coap/pom.xml b/components/camel-coap/pom.xml index e62d347..badedf1 100644 --- a/components/camel-coap/pom.xml +++ b/components/camel-coap/pom.xml @@ -46,6 +46,11 @@ californium-core ${californium-version} + + org.eclipse.californium + scandium + ${californium-version} + diff --git a/components/camel-coap/src/main/docs/coap-component.adoc b/components/camel-coap/src/main/docs/coap-component.adoc index 074744f..609f79e 100644 --- a/components/camel-coap/src/main/docs/coap-component.adoc +++ b/components/camel-coap/src/main/docs/coap-component.adoc @@ -50,12 +50,13 @@ with the following path and query parameters: |=== -==== Query Parameters (5 parameters): +==== Query Parameters (6 parameters): [width="100%",cols="2,5,^1,2",options="header"] |=== | Name | Description | Default | Type +| *keyStoreParameters* (common) | The KeyStoreParameters object to use with TLS | | KeyStoreParameters | *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored. | false | boolean | *coapMethodRestrict* (consumer) | Comma separated list of methods that the CoAP consumer will bind to. The default is to bind to all methods (DELETE, GET, POST, PUT). | | String | *exceptionHandler* (consumer) | To let the consumer use a custom ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this option is not in use. By default the consumer will deal with exceptions, that will be logged at WARN or ERROR level and ignored. | | ExceptionHandler diff --git a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPComponent.java b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPComponent.java index 8f759d6..3629e5d 100644 --- a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPComponent.java +++ b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPComponent.java @@ -16,7 +16,17 @@ */ package org.apache.camel.coap; +import java.io.IOException; +import java.net.InetSocketAddress; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Enumeration; import java.util.HashMap; +import java.util.List; import java.util.Locale; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; @@ -29,12 +39,15 @@ import org.apache.camel.spi.RestConfiguration; import org.apache.camel.spi.RestConsumerFactory; import org.apache.camel.spi.annotations.Component; import org.apache.camel.support.DefaultComponent; +import org.apache.camel.support.jsse.KeyStoreParameters; import org.apache.camel.util.FileUtil; import org.apache.camel.util.HostUtils; import org.apache.camel.util.ObjectHelper; import org.apache.camel.util.URISupport; import org.eclipse.californium.core.CoapServer; -import org.eclipse.californium.core.network.config.NetworkConfig; +import org.eclipse.californium.core.network.CoapEndpoint; +import org.eclipse.californium.scandium.DTLSConnector; +import org.eclipse.californium.scandium.config.DtlsConnectorConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -51,15 +64,56 @@ public class CoAPComponent extends DefaultComponent implements RestConsumerFacto public CoAPComponent() { } - public synchronized CoapServer getServer(int port) { + public synchronized CoapServer getServer(int port, KeyStoreParameters keyStoreParameters) { CoapServer server = servers.get(port); if (server == null && port == -1) { - server = getServer(DEFAULT_PORT); + server = getServer(DEFAULT_PORT, keyStoreParameters); } if (server == null) { - NetworkConfig config = new NetworkConfig(); - //FIXME- configure the network stuff - server = new CoapServer(config, port); + CoapEndpoint.Builder coapBuilder = new CoapEndpoint.Builder(); + InetSocketAddress address = new InetSocketAddress(port); + + if (keyStoreParameters != null) { + DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder(); + builder.setAddress(address); + + try { + KeyStore keyStore = keyStoreParameters.createKeyStore(); + // TODO + PrivateKey privateKey = (PrivateKey)keyStoreParameters.createKeyStore().getKey("ec", "security".toCharArray()); + builder.setIdentity(privateKey, keyStore.getCertificateChain("ec")); + + // Add all certificates from the truststore + Enumeration aliases = keyStore.aliases(); + List trustCerts = new ArrayList<>(); + while (aliases.hasMoreElements()) { + String alias = aliases.nextElement(); + X509Certificate cert = + (X509Certificate) keyStore.getCertificate(alias); + if (cert != null) { + trustCerts.add(cert); + } + } + builder.setTrustStore(trustCerts.toArray(new Certificate[0])); + + } catch (GeneralSecurityException | IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + builder.setClientAuthenticationRequired(false); //TODO + + builder.setSupportedCipherSuites(new String[] {"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}); //TODO + + DTLSConnector connector = new DTLSConnector(builder.build()); + coapBuilder.setConnector(connector); + } else { + coapBuilder.setInetSocketAddress(address); + } + + server = new CoapServer(); + server.addEndpoint(coapBuilder.build()); + servers.put(port, server); if (this.isStarted()) { server.start(); diff --git a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java index 4cb3772..62a38f6 100644 --- a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java +++ b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java @@ -25,6 +25,7 @@ import org.apache.camel.spi.UriEndpoint; import org.apache.camel.spi.UriParam; import org.apache.camel.spi.UriPath; import org.apache.camel.support.DefaultEndpoint; +import org.apache.camel.support.jsse.KeyStoreParameters; import org.eclipse.californium.core.CoapServer; /** @@ -36,6 +37,9 @@ public class CoAPEndpoint extends DefaultEndpoint { private URI uri; @UriParam(label = "consumer") private String coapMethodRestrict; + + @UriParam + private KeyStoreParameters keyStoreParameters; private CoAPComponent component; @@ -84,6 +88,17 @@ public class CoAPEndpoint extends DefaultEndpoint { } public CoapServer getCoapServer() { - return component.getServer(getUri().getPort()); + return component.getServer(getUri().getPort(), keyStoreParameters); + } + + /** + * The KeyStoreParameters object to use with TLS + */ + public KeyStoreParameters getKeyStoreParameters() { + return keyStoreParameters; + } + + public void setKeyStoreParameters(KeyStoreParameters keyStoreParameters) { + this.keyStoreParameters = keyStoreParameters; } } diff --git a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPProducer.java b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPProducer.java index 633eded..74af733 100644 --- a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPProducer.java +++ b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPProducer.java @@ -16,7 +16,15 @@ */ package org.apache.camel.coap; +import java.io.IOException; import java.net.URI; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; import org.apache.camel.Exchange; import org.apache.camel.Message; @@ -24,6 +32,9 @@ import org.apache.camel.support.DefaultProducer; import org.eclipse.californium.core.CoapClient; import org.eclipse.californium.core.CoapResponse; import org.eclipse.californium.core.coap.MediaTypeRegistry; +import org.eclipse.californium.core.network.CoapEndpoint; +import org.eclipse.californium.scandium.DTLSConnector; +import org.eclipse.californium.scandium.config.DtlsConnectorConfig; /** * The CoAP producer. @@ -91,6 +102,41 @@ public class CoAPProducer extends DefaultProducer { uri = endpoint.getUri(); } client = new CoapClient(uri); + + if (endpoint.getKeyStoreParameters() != null) { + DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder(); + builder.setClientOnly(); + + try { + // TODO Add client key config if specified + + KeyStore keyStore = endpoint.getKeyStoreParameters().createKeyStore(); + // Add all certificates from the truststore + Enumeration aliases = keyStore.aliases(); + List trustCerts = new ArrayList<>(); + while (aliases.hasMoreElements()) { + String alias = aliases.nextElement(); + X509Certificate cert = + (X509Certificate) keyStore.getCertificate(alias); + if (cert != null) { + trustCerts.add(cert); + } + } + builder.setTrustStore(trustCerts.toArray(new Certificate[0])); + } catch (GeneralSecurityException | IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + builder.setSupportedCipherSuites(new String[] {"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}); //TODO + + DTLSConnector connector = new DTLSConnector(builder.build()); + CoapEndpoint.Builder coapBuilder = new CoapEndpoint.Builder(); + coapBuilder.setConnector(connector); + + client.setEndpoint(coapBuilder.build()); + } + } return client; } diff --git a/components/camel-coap/src/main/resources/META-INF/services/org/apache/camel/component/coaps b/components/camel-coap/src/main/resources/META-INF/services/org/apache/camel/component/coaps new file mode 100644 index 0000000..e0129bc --- /dev/null +++ b/components/camel-coap/src/main/resources/META-INF/services/org/apache/camel/component/coaps @@ -0,0 +1,18 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class=org.apache.camel.coap.CoAPComponent