DeviceClient support for SSLSocketFactory

[MMaiero]

• OS and version used: Raspbian Buster

• Java runtime used: openjdk version "1.8.0_181"

• SDK version used: 0.22.0
  iot-device-client version 1.16.0

Description of the issue:

Is there any plan to extend the DeviceClient API to support the creation of a new DeviceClient passing an SSLSocketFactory? In this way, instead of passing the public and private keys as string everything could be managed in a simpler way using java primitives.

Code sample exhibiting the issue:

https://github.com/Azure/azure-iot-sdk-java/blob/master/device/iot-device-client/src/main/java/com/microsoft/azure/sdk/iot/device/DeviceClient.java#L207

Console log of the issue:

Need Support?

• Have a feature request for SDKs? Please post it on User Voice to help us prioritize.
• Have a technical question? Ask on Stack Overflow with tag “azure-iot-hub”
• Need Support? Every customer with an active Azure subscription has access to support with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team
• Found a bug? Please help us fix it by thoroughly documenting it and filing an issue on GitHub (C, Java, .NET, Node.js, Python).

[timtay-microsoft]

We currently don't have any plans to add this feature. Is there something preventing you from passing in the certificates as strings?

[MMaiero]

I see it as somewhat a security issue to have to keep a private key as string instead of having it in a keystore protected with a password. An passing that keystore as SSLSocketFactory to the Device Client.

[timtay-microsoft]

Right now, an SSLSocketFactory instance is not enough information for our AMQP stack to work correctly. It requires the SDK to pass along an SSLContext instance instead. Would it still be worthwhile to you if the device client allowed you to pass in an SSLContext instance rather than an SSLSocketFactory instance?

[MMaiero]

Hello, I think that would work too, in my case.

[timtay-microsoft]

This feature was just released in iot-device-client library version 1.19.0. Now you will be able to pass in an SSLContext to your client's constructor. This constructor allows for either SAS based auth, or x509 based auth depending on if your connection string has a device key or not. If no device key is present, the client will assume you loaded the necessary x509 certificates into the provided SSLContext

Since this issue has been released now, I'm closing this issue

[az-iot-builder-01]

@MMaiero, thank you for your contribution to our open-sourced project! Please help us improve by filling out this 2-minute customer satisfaction survey