Add a default certificate to server-demo and display it in security tab

eclipse-leshan · Nov 6, 2018 · 4fff2f7 · 4fff2f7
1 parent f2748e3
commit 4fff2f7
Show file tree

Hide file tree

Showing 13 changed files with 365 additions and 117 deletions.
diff --git a/.gitignore b/.gitignore
@@ -30,4 +30,6 @@ bin/
 **/src/test/**/logback*.xml
 
 # Credentials files #
-**/*.der
+**/*.der
+**/*.pem
+!**/src/**/*.der
diff --git a/...mo/src/main/java/org/eclipse/leshan/server/bootstrap/demo/BootstrapSecurityStoreImpl.java b/...mo/src/main/java/org/eclipse/leshan/server/bootstrap/demo/BootstrapSecurityStoreImpl.java
@@ -15,9 +15,9 @@
  *******************************************************************************/
 package org.eclipse.leshan.server.bootstrap.demo;
 
+import java.io.IOException;
 import java.nio.charset.StandardCharsets;
-import java.security.NoSuchAlgorithmException;
-import java.security.spec.InvalidKeySpecException;
+import java.security.GeneralSecurityException;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
@@ -83,9 +83,9 @@ public List<SecurityInfo> getAllByEndpoint(String endpoint) {
             else if (value.bootstrapServer && value.securityMode == SecurityMode.RPK) {
                 try {
                     SecurityInfo securityInfo = SecurityInfo.newRawPublicKeyInfo(endpoint,
-                            SecurityUtil.extractPublicKey(value.publicKeyOrId));
+                            SecurityUtil.publicKey.decode(value.publicKeyOrId));
                     return Arrays.asList(securityInfo);
-                } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+                } catch (IOException | GeneralSecurityException e) {
                     LOG.error("Unable to decode Client public key for {}", endpoint, e);
                     return null;
                 }

diff --git a/leshan-client-demo/src/main/java/org/eclipse/leshan/client/demo/LeshanClientDemo.java b/leshan-client-demo/src/main/java/org/eclipse/leshan/client/demo/LeshanClientDemo.java
@@ -192,9 +192,9 @@ public static void main(final String[] args) {
         PublicKey serverPublicKey = null;
         if (cl.hasOption("cpubk")) {
             try {
-                clientPrivateKey = SecurityUtil.extractPrivateKey(cl.getOptionValue("cprik"));
-                clientPublicKey = SecurityUtil.extractPublicKey(cl.getOptionValue("cpubk"));
-                serverPublicKey = SecurityUtil.extractPublicKey(cl.getOptionValue("spubk"));
+                clientPrivateKey = SecurityUtil.privateKey.readFromFile(cl.getOptionValue("cprik"));
+                clientPublicKey = SecurityUtil.publicKey.readFromFile(cl.getOptionValue("cpubk"));
+                serverPublicKey = SecurityUtil.publicKey.readFromFile(cl.getOptionValue("spubk"));
             } catch (Exception e) {
                 System.err.println("Unable to load RPK files : " + e.getMessage());
                 e.printStackTrace();

diff --git a/leshan-core/src/main/java/org/eclipse/leshan/core/credentials/CredentialsReader.java b/leshan-core/src/main/java/org/eclipse/leshan/core/credentials/CredentialsReader.java
@@ -0,0 +1,75 @@
+/*******************************************************************************
+ * Copyright (c) 2018 Sierra Wireless and others.
+ * 
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * and Eclipse Distribution License v1.0 which accompany this distribution.
+ * 
+ * The Eclipse Public License is available at
+ *    http://www.eclipse.org/legal/epl-v10.html
+ * and the Eclipse Distribution License is available at
+ *    http://www.eclipse.org/org/documents/edl-v10.html.
+ * 
+ * Contributors:
+ *     Sierra Wireless - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.leshan.core.credentials;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.GeneralSecurityException;
+
+/**
+ * An helper class to read credentials from various input. <br>
+ * To be used you MUST implement at least one method between decode(byte[]) and decode(InputStream).
+ */
+public abstract class CredentialsReader<T> {
+
+    /**
+     * Read credential from file
+     */
+    public T readFromFile(String fileName) throws IOException, GeneralSecurityException {
+        byte[] bytes = Files.readAllBytes(Paths.get(fileName));
+        return decode(bytes);
+    }
+
+    /**
+     * Read credential from resource (in a jar, war, ...)
+     * 
+     * @see java.lang.ClassLoader#getResourceAsStream(String)
+     */
+    public T readFromResource(String resourcePath) throws IOException, GeneralSecurityException {
+        try (InputStream in = ClassLoader.getSystemResourceAsStream(resourcePath)) {
+            return decode(in);
+        }
+    }
+
+    /**
+     * Decode credential from byte array.
+     */
+    public T decode(byte[] bytes) throws IOException, GeneralSecurityException {
+        try (ByteArrayInputStream in = new ByteArrayInputStream(bytes)) {
+            return decode(in);
+        }
+    }
+
+    /**
+     * Decode credential from an InputStream.
+     */
+    public T decode(InputStream in) throws IOException, GeneralSecurityException {
+        try (ByteArrayOutputStream buffer = new ByteArrayOutputStream()) {
+            int nRead;
+            byte[] data = new byte[1024];
+            while ((nRead = in.read(data, 0, data.length)) != -1) {
+                buffer.write(data, 0, nRead);
+            }
+            buffer.flush();
+
+            return decode(buffer.toByteArray());
+        }
+    }
+}
diff --git a/leshan-core/src/main/java/org/eclipse/leshan/util/SecurityUtil.java b/leshan-core/src/main/java/org/eclipse/leshan/util/SecurityUtil.java
@@ -15,47 +15,52 @@
  *******************************************************************************/
 package org.eclipse.leshan.util;
 
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Paths;
+import java.io.InputStream;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 
-public class SecurityUtil {
+import org.eclipse.leshan.core.credentials.CredentialsReader;
 
-    /**
-     * Extract Elliptic Curve private key in PKCS8 format from file (DER encoded).
-     */
-    public static PrivateKey extractPrivateKey(String fileName)
-            throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
-        byte[] keyBytes = Files.readAllBytes(Paths.get(fileName));
+public class SecurityUtil {
 
-        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
-        KeyFactory kf = KeyFactory.getInstance("EC");
-        return kf.generatePrivate(spec);
-    }
+    public static CredentialsReader<PrivateKey> privateKey = new CredentialsReader<PrivateKey>() {
+        @Override
+        public PrivateKey decode(byte[] bytes) throws InvalidKeySpecException, NoSuchAlgorithmException {
+            PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(bytes);
+            KeyFactory kf = KeyFactory.getInstance("EC");
+            return kf.generatePrivate(spec);
+        }
+    };
 
-    /**
-     * Extract Elliptic Curve public key in SubjectPublicKeyInfo format from file (DER encoded).
-     */
-    public static PublicKey extractPublicKey(String fileName)
-            throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
-        byte[] keyBytes = Files.readAllBytes(Paths.get(fileName));
-        return extractPublicKey(keyBytes);
-    }
+    public static CredentialsReader<PublicKey> publicKey = new CredentialsReader<PublicKey>() {
+        @Override
+        public PublicKey decode(byte[] bytes) throws NoSuchAlgorithmException, InvalidKeySpecException {
+            X509EncodedKeySpec spec = new X509EncodedKeySpec(bytes);
+            KeyFactory kf = KeyFactory.getInstance("EC");
+            return kf.generatePublic(spec);
+        }
+    };
 
-    /**
-     * Extract Elliptic Curve public key in SubjectPublicKeyInfo format from byteArray (DER encoded).
-     */
-    public static PublicKey extractPublicKey(byte[] subjectPublicKeyInfo)
-            throws NoSuchAlgorithmException, InvalidKeySpecException {
-        X509EncodedKeySpec spec = new X509EncodedKeySpec(subjectPublicKeyInfo);
-        KeyFactory kf = KeyFactory.getInstance("EC");
-        return kf.generatePublic(spec);
-    }
+    public static CredentialsReader<X509Certificate> certificate = new CredentialsReader<X509Certificate>() {
+        @Override
+        public X509Certificate decode(InputStream inputStream) throws CertificateException {
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+            Certificate certificate = cf.generateCertificate(inputStream);
+            if (certificate instanceof X509Certificate) {
+                return (X509Certificate) certificate;
+            }
+            throw new CertificateException(
+                    String.format("%s certificate format is not supported, Only X.509 certificate is supported",
+                            certificate.getType()));
+        }
+    };
 }