diff --git a/leshan-integration-tests/credentials/README.md b/leshan-integration-tests/credentials/README.md deleted file mode 100644 index 30a15ce433..0000000000 --- a/leshan-integration-tests/credentials/README.md +++ /dev/null @@ -1,52 +0,0 @@ -Key Stores passwords -==================== - -### Client Key Store -* File: clientKeyStore.jks -* Password: client -* Contains: client keys and certificate, signed by client CA - -### Server Key Store -* File: serverKeyStore.jks -* Password: server -* Contains: server keys and certificate, signed by server CA - - -The following instructions are from [Scandium documentation](https://github.com/eclipse/californium/blob/master/scandium-core/README.md) and describe the procedure to create the certificates and key stores in this credentials folder. - -In the following "entity" can be replaced by "client" of "server" for the set of instructions. - - -Create a self-signed certificate -================================ - -The client CA and server CA certificates are created with this method. - -``` -openssl ecparam -name prime256v1 -genkey -out entityCA.key -openssl req -new -key entityCA.key -x509 -sha256 -days 365 -out entityCA.crt -``` - - -Add root CAs to Java's trusted CAs -================================== - -This is done for client CA and server CA. - -``` -keytool -importcert -alias californium -file entityCA.crt -keystore "$JAVA_HOME/jre/lib/security/cacerts" -``` - - -Create client and server certificate and key store -================================================== - -This is done for the LWM2M client and server. - -``` -keytool -genkeypair -alias entity -keyalg EC -keystore entityKeyStore.jks -sigalg SHA256withECDSA -validity 365 -keytool -certreq -alias entity -keystore entityKeyStore.jks -file entity.csr -openssl x509 -req -in entity.csr -CA entityCA.crt -CAkey entityCA.key -out entity.crt -sha256 -days 365 -CAcreateserial -keytool -importcert -alias entityCA -file entityCA.crt -keystore entityKeyStore.jks -trustcacerts -keytool -importcert -alias entity -file entity.crt -keystore entityKeyStore.jks -trustcacerts -``` diff --git a/leshan-integration-tests/credentials/client.crt b/leshan-integration-tests/credentials/client.crt deleted file mode 100644 index c1411cde07..0000000000 --- a/leshan-integration-tests/credentials/client.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB8jCCAZgCCQCfu3R7I/CxLTAKBggqhkjOPQQDAjCBkzELMAkGA1UEBhMCRlIx -DzANBgNVBAgMBkZyYW5jZTERMA8GA1UEBwwIVG91bG91c2UxETAPBgNVBAoMCENs -aWVudENBMQ0wCwYDVQQLDARUZXN0MRYwFAYDVQQDDA1UZXN0IENsaWVudENBMSYw -JAYJKoZIhvcNAQkBFhd0ZXN0Y2xpZW50Y2FAeW9wbWFpbC5mcjAeFw0xNTA2MTgx -MjE1MDVaFw0xNjA2MTcxMjE1MDVaMG4xEDAOBgNVBAYTB1Vua25vd24xEDAOBgNV -BAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24x -EDAOBgNVBAsTB1Vua25vd24xEjAQBgNVBAMTCWtkZmZsd210bTBZMBMGByqGSM49 -AgEGCCqGSM49AwEHA0IABMoKJWa44q8Zdx57+fYSwsLyzrSjXCkOkUR0SFVYA7+P -xwB/eRAGmAY4ZhUryDj6B8aRZRHt3JIU1pvWTUoKRjgwCgYIKoZIzj0EAwIDSAAw -RQIhAOhGkKo5fcLKjPScq40bN91eu7DBTtZ/EjQXTDtWfmcKAiB0ItjEEJm4zUPq -oZ1nZLaeJ5nstwq5w38/lKo54lS/PQ== ------END CERTIFICATE----- diff --git a/leshan-integration-tests/credentials/client.csr b/leshan-integration-tests/credentials/client.csr deleted file mode 100644 index d414a62be8..0000000000 --- a/leshan-integration-tests/credentials/client.csr +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN NEW CERTIFICATE REQUEST----- -MIIBXDCCAQACAQAwbjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UE -BxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjESMBAGA1UEAxMJ -a2RmZmx3bXRtMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEygolZrjirxl3Hnv59hLCwvLOtKNc -KQ6RRHRIVVgDv4/HAH95EAaYBjhmFSvIOPoHxpFlEe3ckhTWm9ZNSgpGOKAwMC4GCSqGSIb3DQEJ -DjEhMB8wHQYDVR0OBBYEFEuWaQy/oNoE66248/MJdUt6UNXjMAwGCCqGSM49BAMCBQADSAAwRQIh -AMH3xUWWgV6WMVxd0pPMhCqgMKwPFrc0T71N0uuGmxgAAiAKWuiWjA37iU1Kd8vHOFkeWDjhL91Q -uEwQ8O+NQL0eBw== ------END NEW CERTIFICATE REQUEST----- diff --git a/leshan-integration-tests/credentials/clientCA.crt b/leshan-integration-tests/credentials/clientCA.crt deleted file mode 100644 index 361b8f1b56..0000000000 --- a/leshan-integration-tests/credentials/clientCA.crt +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICcDCCAhWgAwIBAgIJAMOX2A8QZiCSMAoGCCqGSM49BAMCMIGTMQswCQYDVQQG -EwJGUjEPMA0GA1UECAwGRnJhbmNlMREwDwYDVQQHDAhUb3Vsb3VzZTERMA8GA1UE -CgwIQ2xpZW50Q0ExDTALBgNVBAsMBFRlc3QxFjAUBgNVBAMMDVRlc3QgQ2xpZW50 -Q0ExJjAkBgkqhkiG9w0BCQEWF3Rlc3RjbGllbnRjYUB5b3BtYWlsLmZyMB4XDTE1 -MDUwNzA3NDUyN1oXDTE2MDUwNjA3NDUyN1owgZMxCzAJBgNVBAYTAkZSMQ8wDQYD -VQQIDAZGcmFuY2UxETAPBgNVBAcMCFRvdWxvdXNlMREwDwYDVQQKDAhDbGllbnRD -QTENMAsGA1UECwwEVGVzdDEWMBQGA1UEAwwNVGVzdCBDbGllbnRDQTEmMCQGCSqG -SIb3DQEJARYXdGVzdGNsaWVudGNhQHlvcG1haWwuZnIwWTATBgcqhkjOPQIBBggq -hkjOPQMBBwNCAATJ7DQPtiJdm+L/Yqqkfc1bfvRXloh1qgdBzlq/IcSpMivezfLr -xkaw7SO87i7OQHhOw/HZCaWM8Dh4FvviGFDCo1AwTjAdBgNVHQ4EFgQUsmuFv7xI -0KQRHsGzcJhDNWFl718wHwYDVR0jBBgwFoAUsmuFv7xI0KQRHsGzcJhDNWFl718w -DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAkKX8UhzJmMZHoiHiYkFs -D9PaPFYP3tvmhyDvmv6ftNoCIQDpkxQNJntRaJF+HqQ4hflbZ7F8Dy6gAI+crRHW -ixXuMw== ------END CERTIFICATE----- diff --git a/leshan-integration-tests/credentials/clientCA.key b/leshan-integration-tests/credentials/clientCA.key deleted file mode 100644 index d238300266..0000000000 --- a/leshan-integration-tests/credentials/clientCA.key +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN EC PARAMETERS----- -BggqhkjOPQMBBw== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIJu5fARTG7vZC2lztURDXGzc88XoYeqWR5LmmnEwJFxEoAoGCCqGSM49 -AwEHoUQDQgAEyew0D7YiXZvi/2KqpH3NW370V5aIdaoHQc5avyHEqTIr3s3y68ZG -sO0jvO4uzkB4TsPx2QmljPA4eBb74hhQwg== ------END EC PRIVATE KEY----- diff --git a/leshan-integration-tests/credentials/clientCA.srl b/leshan-integration-tests/credentials/clientCA.srl deleted file mode 100644 index d22e4138ab..0000000000 --- a/leshan-integration-tests/credentials/clientCA.srl +++ /dev/null @@ -1 +0,0 @@ -9FBB747B23F0B12D diff --git a/leshan-integration-tests/credentials/generate_credentials.sh b/leshan-integration-tests/credentials/generate_credentials.sh new file mode 100755 index 0000000000..7e95a26a33 --- /dev/null +++ b/leshan-integration-tests/credentials/generate_credentials.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +# Keystore parameters +CLIENT_STORE=clientKeyStore.jks +CLIENT_STORE_PWD=client +SERVER_STORE=serverKeyStore.jks +SERVER_STORE_PWD=server + +VALIDITY=36500 #days + +# Color output stuff +red=`tput setaf 1` +green=`tput setaf 2` +blue=`tput setaf 4` +bold=`tput bold` +H1=${green}${bold} +H2=${blue} +RESET=`tput sgr0` + +# Generation of the keystore needed for Leshan integration tests. +echo "${H1}Server Keystore : ${RESET}" +echo "${H1}==================${RESET}" +echo "${H2}Creating the trusted root CA key and certificate...${RESET}" +keytool -genkeypair -alias rootCA -keyalg EC -dname 'CN=Leshan root CA' \ + -validity $VALIDITY -keypass $SERVER_STORE_PWD -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD +echo +echo "${H2}Creating an untrusted root CA key and certificate...${RESET}" +keytool -genkeypair -alias untrustedrootCA -keyalg EC -dname 'CN=Leshan untrusted root CA' \ + -validity $VALIDITY -keypass $SERVER_STORE_PWD -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD +echo +echo "${H2}Creating server key and self-signed certificate ...${RESET}" +keytool -genkeypair -alias server -keyalg EC -dname 'CN=Leshan server self-signed' \ + -validity $VALIDITY -keypass $SERVER_STORE_PWD -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD +keytool -exportcert -alias server -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD | \ + keytool -importcert -alias server_self_signed -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD -noprompt + +echo +echo "${H2}Creating server certificate signed by root CA...${RESET}" +keytool -certreq -alias server -dname 'CN=Leshan server' -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD | \ + keytool -gencert -alias rootCA -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD -validity $VALIDITY | \ + keytool -importcert -alias server -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD + +echo +echo "${H1}Client Keystore : ${RESET}" +echo "${H1}==================${RESET}" +echo "${H2}Creating client key and self-signed certificate with expected CN...${RESET}" +keytool -genkeypair -alias client -keyalg EC -dname 'CN=leshan_integration_test' \ + -validity $VALIDITY -keypass $CLIENT_STORE_PWD -keystore $CLIENT_STORE -storepass $CLIENT_STORE_PWD +keytool -exportcert -alias client -keystore $CLIENT_STORE -storepass $CLIENT_STORE_PWD | \ + keytool -importcert -alias client_self_signed -keystore $CLIENT_STORE -storepass $CLIENT_STORE_PWD -noprompt +echo +echo "${H2}Import root certificate just to be able to import ned by root CA with expected CN...${RESET}" +keytool -exportcert -alias rootCA -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD | \ + keytool -importcert -alias rootCA -keystore $CLIENT_STORE -storepass $CLIENT_STORE_PWD -noprompt +echo +echo "${H2}Creating client certificate signed by root CA with expected CN...${RESET}" +keytool -certreq -alias client -keystore $CLIENT_STORE -storepass $CLIENT_STORE_PWD | \ + keytool -gencert -alias rootCA -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD -validity $VALIDITY | \ + keytool -importcert -alias client -keystore $CLIENT_STORE -storepass $CLIENT_STORE_PWD -noprompt +echo +echo "${H2}Creating client certificate signed by root CA with bad/unexpected CN...${RESET}" +keytool -certreq -alias client -dname 'CN=leshan_client_with_bad_cn' -keystore $CLIENT_STORE -storepass $CLIENT_STORE_PWD | \ + keytool -gencert -alias rootCA -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD -validity $VALIDITY | \ + keytool -importcert -alias client_bad_cn -keystore $CLIENT_STORE -storepass $CLIENT_STORE_PWD -noprompt +echo +echo "${H2}Creating client certificate signed by untrusted root CA with expected CN...${RESET}" +keytool -certreq -alias client -keystore $CLIENT_STORE -storepass $CLIENT_STORE_PWD | \ + keytool -gencert -alias untrustedrootCA -keystore $SERVER_STORE -storepass $SERVER_STORE_PWD -validity $VALIDITY | \ + keytool -importcert -alias client_not_trusted -keystore $CLIENT_STORE -storepass $CLIENT_STORE_PWD -noprompt diff --git a/leshan-integration-tests/credentials/server.crt b/leshan-integration-tests/credentials/server.crt deleted file mode 100644 index db3ce8fdc4..0000000000 --- a/leshan-integration-tests/credentials/server.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB9TCCAZoCCQDHQqcX+lVuzTAKBggqhkjOPQQDAjCBkzELMAkGA1UEBhMCRlIx -DzANBgNVBAgMBkZyYW5jZTERMA8GA1UEBwwIVG91bG91c2UxETAPBgNVBAoMCFNl -cnZlckNBMQ0wCwYDVQQLDARUZXN0MRYwFAYDVQQDDA1UZXN0IFNlcnZlckNBMSYw -JAYJKoZIhvcNAQkBFhd0ZXN0c2VydmVyY2FAeW9wbWFpbC5mcjAeFw0xNTA1MjUw -ODI5MTFaFw0xNjA1MjQwODI5MTFaMHAxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNV -BAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24x -EjAQBgNVBAsTCVRlc3QgVW5pdDESMBAGA1UEAxMJVGVzdCBUZXN0MFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAEEhN6jnA1hyq1RiIIAFGBI3kjAf5Xvw7V5tbyNrwO -0nw/q/N/pItZxoe41b5qrrc5L2zFGvYkR/grUDyLJ5nKZDAKBggqhkjOPQQDAgNJ -ADBGAiEA4DLes/fyFvBn2XQ9J7O/8UT5rsk92ReoQXZhVnv7R7ACIQDn2BPvjxcT -05igS8Ig3wo1XDeYFcWLjwMWCPZh38Nynw== ------END CERTIFICATE----- diff --git a/leshan-integration-tests/credentials/server.csr b/leshan-integration-tests/credentials/server.csr deleted file mode 100644 index 081cd08d3c..0000000000 --- a/leshan-integration-tests/credentials/server.csr +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN NEW CERTIFICATE REQUEST----- -MIIBXzCCAQICAQAwcDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UE -BxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjESMBAGA1UECxMJVGVzdCBVbml0MRIwEAYDVQQD -EwlUZXN0IFRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQSE3qOcDWHKrVGIggAUYEjeSMB -/le/DtXm1vI2vA7SfD+r83+ki1nGh7jVvmqutzkvbMUa9iRH+CtQPIsnmcpkoDAwLgYJKoZIhvcN -AQkOMSEwHzAdBgNVHQ4EFgQUXIdxWR/UA5vq8SFaYw+9CV5XGG4wDAYIKoZIzj0EAwIFAANJADBG -AiEArMUGnwI2tZFnNuBpOuboP3WAWtIvjZDZ/SHfDZVLaXkCIQDSjRc7Lh54MhJ+i2+UIN9yfohB -1j+CIA0DFxJjMsRVUQ== ------END NEW CERTIFICATE REQUEST----- diff --git a/leshan-integration-tests/credentials/serverCA.crt b/leshan-integration-tests/credentials/serverCA.crt deleted file mode 100644 index a0c68baef8..0000000000 --- a/leshan-integration-tests/credentials/serverCA.crt +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICbjCCAhWgAwIBAgIJAKinVkETVSMiMAoGCCqGSM49BAMCMIGTMQswCQYDVQQG -EwJGUjEPMA0GA1UECAwGRnJhbmNlMREwDwYDVQQHDAhUb3Vsb3VzZTERMA8GA1UE -CgwIU2VydmVyQ0ExDTALBgNVBAsMBFRlc3QxFjAUBgNVBAMMDVRlc3QgU2VydmVy -Q0ExJjAkBgkqhkiG9w0BCQEWF3Rlc3RzZXJ2ZXJjYUB5b3BtYWlsLmZyMB4XDTE1 -MDUwNzA3MjkyN1oXDTE2MDUwNjA3MjkyN1owgZMxCzAJBgNVBAYTAkZSMQ8wDQYD -VQQIDAZGcmFuY2UxETAPBgNVBAcMCFRvdWxvdXNlMREwDwYDVQQKDAhTZXJ2ZXJD -QTENMAsGA1UECwwEVGVzdDEWMBQGA1UEAwwNVGVzdCBTZXJ2ZXJDQTEmMCQGCSqG -SIb3DQEJARYXdGVzdHNlcnZlcmNhQHlvcG1haWwuZnIwWTATBgcqhkjOPQIBBggq -hkjOPQMBBwNCAATNxESoo6rD2KkSAiCFNQb9eaWhwm4Mumy34x3g4ZP1SfAIQQaO -Z9d8ge8EqvaAYwo6rFIW6vqlZ/L+d5tFevypo1AwTjAdBgNVHQ4EFgQUyDyMT8vQ -jLpbUEuuzmvCUM8hjtMwHwYDVR0jBBgwFoAUyDyMT8vQjLpbUEuuzmvCUM8hjtMw -DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAaQ0iu9+8jeujpDFyzQQdR -Lu4bhB08l4QHvUC3J2yIWwIgfabdosv8ELtkp/IC1PBb/wQfAo6b5LRRzkOYQ+gv -KAc= ------END CERTIFICATE----- diff --git a/leshan-integration-tests/credentials/serverCA.key b/leshan-integration-tests/credentials/serverCA.key deleted file mode 100644 index 8c6c29e299..0000000000 --- a/leshan-integration-tests/credentials/serverCA.key +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN EC PARAMETERS----- -BggqhkjOPQMBBw== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIFpat6uE6BAUWEcxiVg3xrDZn3Yvy5UJjRYsP7I08Y+roAoGCCqGSM49 -AwEHoUQDQgAEzcREqKOqw9ipEgIghTUG/XmlocJuDLpst+Md4OGT9UnwCEEGjmfX -fIHvBKr2gGMKOqxSFur6pWfy/nebRXr8qQ== ------END EC PRIVATE KEY----- diff --git a/leshan-integration-tests/credentials/serverCA.srl b/leshan-integration-tests/credentials/serverCA.srl deleted file mode 100644 index 6c06dd253d..0000000000 --- a/leshan-integration-tests/credentials/serverCA.srl +++ /dev/null @@ -1 +0,0 @@ -C742A717FA556ECD