Use the following commands to build FIDO Device Onboard (FDO) Protocol Reference Implementation (PRI) HTTP Device Component sample source.
For the instructions in this document, <fdo-pri-src> refers to the path of the FDO PRI folder 'pri-fidoiot'.
$ cd <fdo-pri-src>/component-samples/device/
$ mvn clean install
This will copy the required executables and libraries into /component-samples/demo/device/.
All the runtime configurations for the device is specified in service.yml file.
service.yml file is structured into multiple sections:
-
device:- This section contains the device specific runtime configurations including di-url, credential-file, key-type, key-enc, etc. -
system-properties:- This section contains the runtime environment variables. -
workers:The section contains the configuration to select desired functionality for the device. The deployer can pick and choose the functionality during runtime.
- To execute DI with mTLS, first uncomment the following lines from
<fdo-pri-src>/component-samples/demo/aio/WEB-INF/Web.xmlor<fdo-pri-src>/component-samples/demo/manufacturer/WEB-INF/Web.xmland start the sevices.
<security-constraint>
<web-resource-collection>
<web-resource-name>apis</web-resource-name>
<url-pattern>/api/v1/*</url-pattern>
<!-- <url-pattern>/fdo/101/msg/10</url-pattern>
<url-pattern>/fdo/101/msg/12</url-pattern> -->
</web-resource-collection>
<auth-constraint>
<role-name>api</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
- Copy
api-user.pemandca-cert.pemintodemo/device/app-datafolder. - Disable the following workers.
- org.fidoalliance.fdo.protocol.SelfSignedHttpClientSupplier - Enable the following workers.
- org.fidoalliance.fdo.protocol.StandardHttpClientSupplier - Then uncomment the following lines from
<fdo-pri-src>/component-samples/demo/device/service.yml
system-properties:
# javax.net.ssl.keyStorePassword: default
# javax.net.ssl.trustStorePassword: default
# javax.net.ssl.keyStore: ./app-data/api-user.pem
# javax.net.ssl.trustStore: ./app-data/ca-cert.pem
# javax.net.ssl.keyStoreType: PEM
# javax.net.ssl.trustStoreType: PEM
NOTE: Make sure that di-url is set to the correct address.
Open a terminal, change directory to <fdo-pri-src>/component-samples/demo/device/ and execute following command.
$ cd <fdo-pri-src>/component-samples/demo/device
$ java -jar device.jar
Open a terminal, change directory to <fdo-pri-src>/component-samples/demo/device/ and execute following command.
docker-compose up --build
In case you need super user access, prefix 'sudo -E' to above command.
The device.p12 must contain the following data:
- The device's private key
- The device's public key or certificate (PKCS12 format).
PS: If device.p12 file is not present, then the file is autogenerated during runtime.
The device will initialize and exit. A credentials.bin file will be created containing the device state.
Removing this file will make the device re-initialize the next time it runs.
During device initialization, Manufacturer server must be available.
Execute the following code the initiate TO1 and TO2.
$ cd <fdo-pri-src>/component-samples/demo/device
$ java -jar device.jar
Open a terminal, change directory to <fdo-pri-src>/component-samples/demo/device/ and execute following command.
docker-compose up --build
The device will be onboarded.
The rendezvous and owner servers must be available during this step.