From 7fe2960a958952c51cbce0dc26549700d18320dd Mon Sep 17 00:00:00 2001 From: Esko Dijk Date: Wed, 26 Jun 2024 16:03:38 +0200 Subject: [PATCH] removal of ACE, doc updates, src format updates, and new generic-main function WIP. --- .github/workflows/build.yml | 2 +- .gitignore | 17 +- AUTHORS | 1 + CONTRIBUTING.md | 24 ++- GUIDE.md | 2 +- README.md | 8 +- script/bootstrap.sh | 13 -- script/run | 38 ++++ .../openthread/main/OtRegistrarMain.java | 164 ++++++++++++++++++ .../openthread/registrar/Registrar.java | 115 ++++++------ .../registrar/RegistrarBuilder.java | 20 +-- .../openthread/registrar/FunctionalTest.java | 45 +++-- 12 files changed, 314 insertions(+), 135 deletions(-) create mode 100755 script/run create mode 100644 src/main/java/com/google/openthread/main/OtRegistrarMain.java diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bf1cf62..90f4fc4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,7 +43,7 @@ jobs: package-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Bootstrap run: script/bootstrap.sh - name: Package diff --git a/.gitignore b/.gitignore index 796d983..a8ca5db 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ -# Compiled class file +# Compiled class files *.class -# Log file +# Log files *.log logs @@ -11,7 +11,7 @@ logs # Mobile Tools for Java (J2ME) .mtj.tmp/ -# Package Files # +# Package Files *.jar *.war *.nar @@ -28,22 +28,15 @@ hs_err_pid* # maven target -# idea +# IDE files .idea .project *.iml - -# vscode .vscode - .settings -# utils +# auto-generated config files Californium.properties -thread-registrar.iml # Mac OS X .DS_Store - -# Thread Registrar Interface -tri diff --git a/AUTHORS b/AUTHORS index 3a4f4fb..d00e3fa 100644 --- a/AUTHORS +++ b/AUTHORS @@ -8,3 +8,4 @@ # Authors who wish to be recognized in this file should add themselves (or # their employer, as appropriate). Google Inc. +IoTconsultancy.nl diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1218a87..52c3046 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -12,15 +12,15 @@ Help us keep OpenThread open and inclusive. Please read and follow our [Code of ## Bugs -If you find a bug in the source code, you can help us by [submitting a GitHub Issue](https://github.com/openthread/ot-registrar/issues/new). Even better, you can [submit a Pull Request](#submitting-a-pull-request) with a fix. +If you find a bug in the source code, you can help us by [submitting a GitHub Issue](https://github.com/EskoDijk/ot-registrar/issues/new). Even better, you can [submit a Pull Request](#submitting-a-pull-request) with a fix. ## New features -You can request a new feature by [submitting a GitHub Issue](https://github.com/openthread/ot-registrar/issues/new). +You can request a new feature by [submitting a GitHub Issue](https://github.com/EskoDijk/ot-registrar/issues/new). If you would like to implement a new feature, please consider the scope of the new feature: -* *Large feature* — [Submit a GitHub Issue](https://github.com/openthread/ot-registrar/issues/new) with your proposal so that the community can review and provide feedback first. Early feedback helps to ensure your proposal is accepted by the community, better coordinate our efforts, and minimize duplicated work. +* *Large feature* — [Submit a GitHub Issue](https://github.com/EskoDijk/ot-registrar/issues/new) with your proposal so that the community can review and provide feedback first. Early feedback helps to ensure your proposal is accepted by the community, better coordinate our efforts, and minimize duplicated work. * *Small feature* — Can be implemented and directly [submitted as a Pull Request](#submitting-a-pull-request) without a proposal. @@ -32,17 +32,17 @@ The OpenThread Project follows the "Fork-and-Pull" model for accepting contribut Setup your GitHub fork and continuous integration services: -1. Fork the [OT Registrar repository](https://github.com/openthread/ot-registrar) by clicking **Fork** on the web UI. -2. Enable [Travis CI](https://travis-ci.org/) by logging into the respective service with your GitHub account and enabling your newly created fork. We use Travis CI for Linux-based continuous integration checks. All contributions must pass these checks to be accepted. +1. Fork the [OT Registrar repository](https://github.com/EskoDijk/ot-registrar) by clicking **Fork** on the web UI. +2. Enable GitHub CI by logging into your GitHub account and enabling it on your newly created fork. We use CI for Linux-based continuous integration checks. All contributions must pass these checks to be accepted. Setup your local development environment: ```bash # Clone your fork -git clone git@github.com:/ot-registrar.git +git clone https://@github.com/EskoDijk/ot-registrar.git # Configure upstream alias -git remote add upstream git@github.com:openthread/ot-registrar.git +git remote add upstream https://@github.com/EskoDijk/ot-registrar.git ``` ### Submitting a pull request @@ -99,11 +99,7 @@ This will open up a text editor where you can specify which commits to squash. #### Coding conventions and style -OT Registrar uses and enforces the [Google Java Style](https://google.github.io/styleguide/javaguide.html) on all code. OT Registrar will automatically reformat the code when building the project with [maven](https://maven.apache.org). Use command `mvn com.coveo:fmt-maven-plugin:format` and `mvn com.coveo:fmt-maven-plugin:check` to explicitly reformat code and check for code-style compliance, respectively. - -As part of the cleanup process, also run `mvn com.coveo:fmt-maven-plugin:check` to ensure that your code passes the baseline code style checks. - -Make sure to include any code format changes in your commits. +OT Registrar does not use the [Google Java Style](https://google.github.io/styleguide/javaguide.html) at this moment. The reason is that it introduces a very narrow line width, which makes code hard to read on normal-size desktop monitors that can handle long line lengths. #### Push and test @@ -115,8 +111,8 @@ git checkout git push origin ``` -This will trigger the Travis Continuous Integration (CI) checks. You can view the results in the respective services. Note that the integration checks will report failures on occasion. If a failure occurs, you may try rerunning the test using the Travis web UI. +This will trigger Github Continuous Integration (CI) checks. You can view the results in the respective services. #### Submit the pull request -Once you've validated the Travis CI results, go to the page for your fork on GitHub, select your development branch, and click the **Pull Request** button. If you need to make any adjustments to your pull request, push the updates to GitHub. Your pull request will automatically track the changes on your development branch and update. +Once you've validated the CI results, go to the page for your fork on GitHub, select your development branch, and click the **Pull Request** button. If you need to make any adjustments to your pull request, push the updates to GitHub. Your pull request will automatically track the changes on your development branch and update. diff --git a/GUIDE.md b/GUIDE.md index 0a8952b..7a3a1a8 100644 --- a/GUIDE.md +++ b/GUIDE.md @@ -30,7 +30,7 @@ All setup commands assume you are starting in the project's root directory. ## Run services -The OT Registrar JAR file includes the [Registrar](https://tools.ietf.org/id/draft-ietf-anima-bootstrapping-keyinfra-16.html#rfc.section.1.2), [MASA](https://tools.ietf.org/id/draft-ietf-anima-bootstrapping-keyinfra-16.html#rfc.section.1.2) server, and a simulated [Pledge](https://tools.ietf.org/id/draft-ietf-anima-bootstrapping-keyinfra-16.html#rfc.section.1.2). +The OT Registrar JAR file includes the Registrar, TBD [MASA](https://tools.ietf.org/id/draft-ietf-anima-bootstrapping-keyinfra-16.html#rfc.section.1.2) server, and a simulated [Pledge](https://tools.ietf.org/id/draft-ietf-anima-bootstrapping-keyinfra-16.html#rfc.section.1.2). ### Credentials diff --git a/README.md b/README.md index ce24910..7ea1e0a 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # OpenThread Registrar -Per [Thread](https://www.threadgroup.org/) 1.2 specification and [Bootstrapping Remote Secure Key Infrastructures (BRSKI)](https://tools.ietf.org/html/draft-ietf-anima-bootstrapping-keyinfra-16), a Domain Registrar securely registry new devices into a Thread Domain with zero-touch. +The [Constrained Bootstrapping Remote Secure Key Infrastructures (cBRSKI)](https://datatracker.ietf.org/doc/html/draft-ietf-anima-constrained-voucher) IETF draft defines a Domain Registrar for securely onboarding new IoT devices into a network domain with zero-touch. -OpenThread's implementation of a Domain Registrar is called OpenThread Registrar (OT Registrar). +OpenThread's implementation of a cBRSKI Domain Registrar, used for onboarding Thread devices, is called OpenThread Registrar (OT Registrar). > Note: OT Registrar is still under development. We do not recommend using it in production yet. @@ -18,10 +18,10 @@ Contributors are required to abide by our [Code of Conduct](CODE_OF_CONDUCT.md). ## Versioning -OT Registrar follows the [Semantic Versioning guidelines](http://semver.org/) for release cycle transparency and to maintain backwards compatibility. OT Registrar's versioning is independent of the Thread protocol specification version but will clearly indicate which version of the specification it currently supports. +OT Registrar follows the [Semantic Versioning guidelines](http://semver.org/) for release cycle transparency and to maintain backwards compatibility. OT Registrar's versioning is independent of the Thread protocol specification version. ## License OT Registrar is released under the [BSD 3-Clause license](LICENSE). See the [`LICENSE`](LICENSE) file for more information. -Please only use the OpenThread and OT Registrar name and marks when accurately referencing this software distribution. Do not use the marks in a way that suggests you are endorsed by or otherwise affiliated with Nest, Google, or The Thread Group. +Please only use the OpenThread and OT Registrar name and marks when accurately referencing this software distribution. Do not use the marks in a way that suggests you are endorsed by or otherwise affiliated with Nest, Google, or Thread Group. diff --git a/script/bootstrap.sh b/script/bootstrap.sh index 552adee..2c3f6a0 100755 --- a/script/bootstrap.sh +++ b/script/bootstrap.sh @@ -29,8 +29,6 @@ set -e -ACE_REPO=https://bitbucket.org/marco-tiloca-sics/ace-java - ## Test if we has the given command. ## Args: $1, the command. has_command() { @@ -61,15 +59,4 @@ install_toolchain() { mvn -verion } -install_ace() { - if [ ! -d ace ]; then - git clone $ACE_REPO ace - fi - cd ace - mvn -DskipTests install - cd - - rm -rf ace -} - install_toolchain -install_ace diff --git a/script/run b/script/run new file mode 100755 index 0000000..b6aa470 --- /dev/null +++ b/script/run @@ -0,0 +1,38 @@ +#!/bin/bash +# +# Copyright (c) 2024, The OpenThread Registrar Authors. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither the name of the copyright holder nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +readonly JAR_FILE=./target/ot-registrar-0.2-jar-with-dependencies.jar + +# test if Registrar JAR exists +if [ ! -f "${JAR_FILE}" ]; then + echo "Please build using 'mvn -DskipTests package' before running." + exit 1 +fi + +java -jar $JAR_FILE $@ diff --git a/src/main/java/com/google/openthread/main/OtRegistrarMain.java b/src/main/java/com/google/openthread/main/OtRegistrarMain.java new file mode 100644 index 0000000..b169655 --- /dev/null +++ b/src/main/java/com/google/openthread/main/OtRegistrarMain.java @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2024, The OpenThread Registrar Authors. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +package com.google.openthread.main; + +import com.google.openthread.Credentials; +import com.google.openthread.LoggerInitializer; +import com.google.openthread.domainca.DomainCA; +import com.google.openthread.registrar.Registrar; +import com.google.openthread.registrar.RegistrarBuilder; +import com.google.openthread.tools.CredentialGenerator; +import java.security.KeyStoreException; +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.CommandLineParser; +import org.apache.commons.cli.DefaultParser; +import org.apache.commons.cli.HelpFormatter; +import org.apache.commons.cli.Option; +import org.apache.commons.cli.Options; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public final class OtRegistrarMain { + + private static Logger logger = LoggerFactory.getLogger(OtRegistrarMain.class); + + public static void main(String args[]) { + + final String HELP_FORMAT = "[-registrar | -masa | -pledge] [-h] [-v] [-d ] [-f ] [-p ]"; + + HelpFormatter helper = new HelpFormatter(); + Options options = new Options(); + + Option registrarOpt = + Option.builder("registrar") + .desc("start as cBRSKI Registrar") + .build(); + + Option masaOpt = + Option.builder("masa") + .desc("start as cBRSKI/BRSKI MASA") + .build(); + + Option pledgeOpt = + Option.builder("pledge") + .desc("start as cBRSKI Pledge") + .build(); + + Option domainNameOpt = + Option.builder("d") + .longOpt("domainname") + .hasArg() + .argName("domain-name") + .desc("the domain name") + .build(); + + Option fileOpt = + Option.builder("f") + .longOpt("file") + .hasArg() + .argName("keystore-file") + .desc("the keystore file in PKCS#12 format") + .build(); + + Option optPort = + Option.builder("p") + .longOpt("port") + .hasArg() + .argName("udp-port") + .desc("the port to listen on") + .build(); + + Option optVerbose = + Option.builder("v") + .longOpt("verbose") + .desc("verbose mode with many logs") + .build(); + + Option optForceMasaUri = + Option.builder("m") + .longOpt("masa") + .hasArg() + .argName("force-masa-uri") + .desc("force the given MASA URI instead of the default one") + .build(); + + Option helpOpt = + Option.builder("h").longOpt("help").hasArg(false).desc("print this message").build(); + + options + .addOption(registrarOpt) + .addOption(masaOpt) + .addOption(pledgeOpt) + .addOption(domainNameOpt) + .addOption(fileOpt) + .addOption(optPort) + .addOption(optVerbose) + .addOption(optForceMasaUri) + .addOption(helpOpt); + + try { + CommandLineParser parser = new DefaultParser(); + CommandLine cmd = parser.parse(options, args); + + LoggerInitializer.Init(cmd.hasOption('v')); + + if (cmd.hasOption('h')) { + helper.printHelp(HELP_FORMAT, options); + return; + } + + String keyStoreFile = cmd.getOptionValue('f'); + if (keyStoreFile == null) { + keyStoreFile = "credentials/default.p12"; + } + + String port = cmd.getOptionValue('p'); + if (port == null) { + port = "5683"; + } + + String domainName = cmd.getOptionValue('d'); + if (domainName == null) { + domainName = "DefaultDomain"; + } + + if (cmd.hasOption('m')) { + // FIXME registrar.setForcedMasaUri(cmd.getOptionValue('m')); + } + + logger.info("using keystore: {}", keyStoreFile); + + } catch (Exception e) { + logger.error(e.getMessage(), e); + helper.printHelp(HELP_FORMAT, options); + return; + } + + } +} diff --git a/src/main/java/com/google/openthread/registrar/Registrar.java b/src/main/java/com/google/openthread/registrar/Registrar.java index 1361b24..e8e2220 100644 --- a/src/main/java/com/google/openthread/registrar/Registrar.java +++ b/src/main/java/com/google/openthread/registrar/Registrar.java @@ -112,14 +112,11 @@ public class Registrar extends CoapServer { /** * Constructing registrar with specified settings, credentials and listening port. * - * @param creds the credentials used to serve the DTLS connection from Pledge. Includes - * the certificate chain leading up to domain CA and including domain CA - * certificate. - * @param masaTrustAnchors pre-installed MASA trust anchors that are trusted only when given. If - * null, ALL MASAs will be trusted (for interop testing). - * @param masaClientCreds credentials to use towards MASA client in Credentials format - * @param port the CoAP port to listen on - * @param isHttpToMasa whether to use HTTP requests to MASA (true, default) or CoAP (false) + * @param creds the credentials used to serve the DTLS connection from Pledge. Includes the certificate chain leading up to domain CA and including domain CA certificate. + * @param masaTrustAnchors pre-installed MASA trust anchors that are trusted only when given. If null, ALL MASAs will be trusted (for interop testing). + * @param masaClientCreds credentials to use towards MASA client in Credentials format + * @param port the CoAP port to listen on + * @param isHttpToMasa whether to use HTTP requests to MASA (true, default) or CoAP (false) * @throws RegistrarException */ Registrar( @@ -170,11 +167,9 @@ public void setDomainCA(DomainCA domainCA) { } /** - * By default the Registrar mimics the Pledge's Voucher Request format, when requesting to MASA. - * This method changes that to force the Registrar to use one format only. + * By default the Registrar mimics the Pledge's Voucher Request format, when requesting to MASA. This method changes that to force the Registrar to use one format only. * - * @param mediaType one of Constants.HTTP_APPLICATION_VOUCHER_CMS_JSON or - * Constants.HTTP_APPLICATION_VOUCHER_COSE_CBOR, or "" to force nothing. + * @param mediaType one of Constants.HTTP_APPLICATION_VOUCHER_CMS_JSON or Constants.HTTP_APPLICATION_VOUCHER_COSE_CBOR, or "" to force nothing. * @return */ public void setForcedRequestFormat(String mediaType) { @@ -194,17 +189,18 @@ public void setForcedRequestFormat(String mediaType) { } /** - * Override the MASA URI encoded in a Pledge's IDevID certificate, by setting a forced MASA-URI - * that is always applied. Used typically for testing, or a deployment-specific override of the - * MASA-URI. By default, no particular URI is forced but rather the MASA URI is taken from the - * Pledge IDevID certificate. + * Override the MASA URI encoded in a Pledge's IDevID certificate, by setting a forced MASA-URI that is always applied. Used typically for testing, or a deployment-specific override of the MASA-URI. + * By default, no particular URI is forced but rather the MASA URI is taken from the Pledge IDevID certificate. * * @param uri new MASA URI to always use, or "" to not force any MASA URI. * @return */ public void setForcedMasaUri(String uri) { - if (uri.length() == 0) this.setForcedMasaUri = null; - else this.setForcedMasaUri = uri; + if (uri.length() == 0) { + this.setForcedMasaUri = null; + } else { + this.setForcedMasaUri = uri; + } } public int getListenPort() { @@ -407,9 +403,11 @@ public void handlePOST(CoapExchange exchange) { boolean isJsonRVR = (forcedVoucherRequestFormat == ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_CMS_JSON || forcedVoucherRequestFormat - == ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_COSE_JSON); + == ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_COSE_JSON); VoucherRequest req = new VoucherRequest(); - if (!isJsonRVR) req.setConstrained(true); + if (!isJsonRVR) { + req.setConstrained(true); + } req.assertion = pledgeReq.assertion; // assertion copied from PVR // Note, section 5.5: assertion MAY be omitted. @@ -475,8 +473,11 @@ pledgeReq.proximityRegistrarSPKI, getCertificate().getPublicKey().getEncoded())) byte[] content = null; // Uses CBOR or JSON voucher request format. - if (isJsonRVR) content = new JSONSerializer().serialize(req); - else content = new CBORSerializer().serialize(req); + if (isJsonRVR) { + content = new JSONSerializer().serialize(req); + } else { + content = new CBORSerializer().serialize(req); + } // store last sent RVR. lastRvr = req; @@ -486,17 +487,15 @@ pledgeReq.proximityRegistrarSPKI, getCertificate().getPublicKey().getEncoded())) boolean isCms = (forcedVoucherRequestFormat == ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_CMS_CBOR || forcedVoucherRequestFormat - == ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_CMS_JSON); + == ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_CMS_JSON); if (isCms) { // CMS signing. - requestMediaType = - isJsonRVR - ? Constants.HTTP_APPLICATION_VOUCHER_CMS_JSON - : Constants.HTTP_APPLICATION_VOUCHER_CMS_CBOR; - requestContentFormat = - isJsonRVR - ? ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_CMS_JSON - : ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_CMS_CBOR; + requestMediaType = isJsonRVR + ? Constants.HTTP_APPLICATION_VOUCHER_CMS_JSON + : Constants.HTTP_APPLICATION_VOUCHER_CMS_CBOR; + requestContentFormat = isJsonRVR + ? ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_CMS_JSON + : ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_CMS_CBOR; try { payload = SecurityUtils.genCMSSignedMessage( @@ -604,7 +603,9 @@ pledgeReq.proximityRegistrarSPKI, getCertificate().getPublicKey().getEncoded())) } } - /** CoAP-based MASA connector, acts as client towards MASA. */ + /** + * CoAP-based MASA connector, acts as client towards MASA. + */ public final class MASAConnector extends CoapClient { MASAConnector(X509Certificate[] trustAnchors) { @@ -612,12 +613,11 @@ public final class MASAConnector extends CoapClient { } /** - * Send new Voucher Request to MASA. Note that the present format used is not standardized, but - * custom to OT-Registrar and OT-Masa. + * Send new Voucher Request to MASA. Note that the present format used is not standardized, but custom to OT-Registrar and OT-Masa. * * @param requestContentFormat the CoAP content-format of the request - * @param payload the Voucher Request in cbor format - * @param masaURI the MASA URI (without URI path, without coaps:// scheme) to send it to + * @param payload the Voucher Request in cbor format + * @param masaURI the MASA URI (without URI path, without coaps:// scheme) to send it to * @return null if a timeout error happens */ public RestfulVoucherResponse requestVoucher( @@ -630,7 +630,9 @@ public RestfulVoucherResponse requestVoucher( payload, requestContentFormat, ExtendedMediaTypeRegistry.APPLICATION_VOUCHER_COSE_CBOR); - if (resp == null) return null; + if (resp == null) { + return null; + } return new RestfulVoucherResponse( resp.getCode(), resp.getPayload(), resp.getOptions().getContentFormat()); } @@ -643,7 +645,9 @@ private void initEndPoint(X509Certificate[] trustAnchors) { } } - /** HTTPS-based MASA connector, acts as client towards MASA. */ + /** + * HTTPS-based MASA connector, acts as client towards MASA. + */ public final class MASAConnectorHttp { protected SSLContext sc; @@ -656,8 +660,8 @@ public final class MASAConnectorHttp { * Send new Voucher Request to MASA. * * @param requestMediaType the media type string of the body - * @param body the Voucher Request in bytes - * @param masaURI the MASA URI (without URI path, without https:// scheme) to send it to + * @param body the Voucher Request in bytes + * @param masaURI the MASA URI (without URI path, without https:// scheme) to send it to * @return null if any error happens */ public RestfulVoucherResponse requestVoucher( @@ -698,11 +702,12 @@ private void initEndPoint(X509Certificate[] trustAnchors) throws Exception { KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(masaClientCredentials.getKeyStore(), CredentialGenerator.PASSWORD.toCharArray()); - sc.init(kmf.getKeyManagers(), new TrustManager[] {new DummyTrustManager()}, null); + sc.init(kmf.getKeyManagers(), new TrustManager[]{new DummyTrustManager()}, null); } } public class EnrollResource extends CoapResource { + public EnrollResource() { this(Constants.SIMPLE_ENROLL); } @@ -746,12 +751,14 @@ public void handlePOST(CoapExchange exchange) { } public final class ReenrollResource extends EnrollResource { + public ReenrollResource() { super(Constants.SIMPLE_REENROLL); } } public final class CrtsResource extends CoapResource { + public CrtsResource() { super(Constants.CA_CERTIFICATES); } @@ -773,6 +780,7 @@ public void handleGET(CoapExchange exchange) { } public final class WellknownCoreResource extends CoapResource { + public WellknownCoreResource() { super(Constants.CORE); } @@ -796,19 +804,20 @@ public Principal[] getKnownClients() { l.addAll(voucherLog.keySet()); l.addAll(voucherStatusLog.keySet()); l.addAll(enrollStatusLog.keySet()); - return l.toArray(new Principal[] {}); + return l.toArray(new Principal[]{}); } /** * get the last voucher-status telemetry that was sent by a specific client. * * @param client the secure client identifier - * @returns If available, the last voucher-status telemetry. If client did not send any - * voucher-status telemetry, it returns null. If client did send voucher-status telemetry, but - * in an unrecognized format, it returns StatusTelemetry.UNDEFINED. + * @returns If available, the last voucher-status telemetry. If client did not send any voucher-status telemetry, it returns null. If client did send voucher-status telemetry, but in an unrecognized + * format, it returns StatusTelemetry.UNDEFINED. */ public StatusTelemetry getVoucherStatusLogEntry(Principal client) { - if (voucherStatusLog.containsKey(client)) return voucherStatusLog.get(client); + if (voucherStatusLog.containsKey(client)) { + return voucherStatusLog.get(client); + } return null; } @@ -816,12 +825,13 @@ public StatusTelemetry getVoucherStatusLogEntry(Principal client) { * get the last enroll-status telemetry that was sent by a specific client. * * @param client the secure client identifier - * @returns If available, the last enroll-status telemetry. If client did not send any - * enroll-status telemetry, it returns null. If client did send enroll-status telemetry, but - * in an unrecognized format, it returns StatusTelemetry.UNDEFINED. + * @returns If available, the last enroll-status telemetry. If client did not send any enroll-status telemetry, it returns null. If client did send enroll-status telemetry, but in an unrecognized + * format, it returns StatusTelemetry.UNDEFINED. */ public StatusTelemetry getEnrollStatusLogEntry(Principal client) { - if (enrollStatusLog.containsKey(client)) return enrollStatusLog.get(client); + if (enrollStatusLog.containsKey(client)) { + return enrollStatusLog.get(client); + } return null; } @@ -901,13 +911,14 @@ private void initEndpoint() { trustAnchors.add(getDomainCertificate()); CertificateVerifier verifier; - if (this.masaTrustAnchors.length == 0) + if (this.masaTrustAnchors.length == 0) { verifier = new RegistrarCertificateVerifier(null); // trust all clients. - else + } else { verifier = new RegistrarCertificateVerifier( trustAnchors.toArray( new X509Certificate[trustAnchors.size()])); // trust only given MASA CAs. + } CoapEndpoint endpoint = SecurityUtils.genCoapServerEndPoint( diff --git a/src/main/java/com/google/openthread/registrar/RegistrarBuilder.java b/src/main/java/com/google/openthread/registrar/RegistrarBuilder.java index 7d96b9d..f27073e 100644 --- a/src/main/java/com/google/openthread/registrar/RegistrarBuilder.java +++ b/src/main/java/com/google/openthread/registrar/RegistrarBuilder.java @@ -48,12 +48,10 @@ public RegistrarBuilder() { } /** - * Supply the credentials to be used for Registrar in its role as MASA-client. By default, no - * separate credentials are used and rather the 'setCredentials()' credentials are used for - * authentication to MASA server as a client. + * Supply the credentials to be used for Registrar in its role as MASA-client. By default, no separate credentials are used and rather the 'setCredentials()' credentials are used for authentication + * to MASA server as a client. * - * @param cred Credentials to use in client role towards MASA server, or null to re-use the - * 'setCredentials()' credentials for this. + * @param cred Credentials to use in client role towards MASA server, or null to re-use the 'setCredentials()' credentials for this. * @return * @throws GeneralSecurityException */ @@ -113,8 +111,7 @@ public RegistrarBuilder setCertificateChain(X509Certificate[] certificateChain) } /** - * Add a MASA certificate of a trusted MASA server. Only needed if 'setTrustAllMasas(true)' is not - * enabled. + * Add a MASA certificate of a trusted MASA server. Only needed if 'setTrustAllMasas(true)' is not enabled. * * @param masaCertificate * @return @@ -125,8 +122,7 @@ public RegistrarBuilder addMasaCertificate(X509Certificate masaCertificate) { } /** - * Sets whether to trust ALL MASAs (true) or only MASAs for which certificates were added (false). - * By default, this is 'false'. + * Sets whether to trust ALL MASAs (true) or only MASAs for which certificates were added (false). By default, this is 'false'. * * @param status */ @@ -141,8 +137,7 @@ public RegistrarBuilder setPort(int port) { } /** - * Sets whether HTTPS is used to communicate with the MASA. This is usually the case (true). Only - * for testing situations HTTPS is set to 'false', in which case CoAP will be used. + * Sets whether HTTPS is used to communicate with the MASA. This is usually the case (true). Only for testing situations HTTPS is set to 'false', in which case CoAP will be used. * * @param isHttp true if HTTPS is to be used, false if COAPS is to be used. * @return @@ -153,8 +148,7 @@ public RegistrarBuilder setHttpToMasa(boolean isHttp) { } /** - * return the number of supported/trusted MASA servers. Use addMasaCertificate() to add more - * trusted MASA servers. + * return the number of supported/trusted MASA servers. Use addMasaCertificate() to add more trusted MASA servers. * * @return the number of MASA certificates that are considered trusted. */ diff --git a/src/test/java/com/google/openthread/registrar/FunctionalTest.java b/src/test/java/com/google/openthread/registrar/FunctionalTest.java index fc54ffe..bb89bae 100644 --- a/src/test/java/com/google/openthread/registrar/FunctionalTest.java +++ b/src/test/java/com/google/openthread/registrar/FunctionalTest.java @@ -51,8 +51,7 @@ public class FunctionalTest { - public static final String REGISTRAR_URI = - "coaps://[::1]:" + Constants.DEFAULT_REGISTRAR_COAPS_PORT; + public static final String REGISTRAR_URI = "coaps://[::1]:" + Constants.DEFAULT_REGISTRAR_COAPS_PORT; public static final String DEFAULT_DOMAIN_NAME = "Thread-Test"; @@ -67,7 +66,8 @@ public class FunctionalTest { private static Logger logger = LoggerFactory.getLogger(FunctionalTest.class); - @Rule public ExpectedException thrown = ExpectedException.none(); + @Rule + public ExpectedException thrown = ExpectedException.none(); @BeforeClass public static void setup() throws Exception { @@ -77,7 +77,8 @@ public static void setup() throws Exception { } @AfterClass - public static void tearDown() {} + public static void tearDown() { + } @Before public void init() throws Exception { @@ -233,8 +234,7 @@ public void testReenroll() throws Exception { } /** - * Test various status telemetry messages, stand-alone (not associated to enrollment/voucher - * request). Current Registrar is implemented to just accept/log these. + * Test various status telemetry messages, stand-alone (not associated to enrollment/voucher request). Current Registrar is implemented to just accept/log these. * * @throws Exception */ @@ -242,17 +242,14 @@ public void testReenroll() throws Exception { public void testStatusTelemetry() throws Exception { Assert.assertEquals( ResponseCode.CHANGED, - pledge.sendEnrollStatusTelemetry( - true, - "this message should not be here, but may be accepted by Registrar nevertheless.")); + pledge.sendEnrollStatusTelemetry(true, "this message should not be here, but may be accepted by Registrar nevertheless.")); Assert.assertEquals( ResponseCode.CHANGED, pledge.sendVoucherStatusTelemetry( true, "this message should not be here, but may be accepted by Registrar nevertheless.")); - byte[] wrongFormatTelemetry = - Hex.decode( - "a46776657273696f6e6131665374617475730166526561736f6e7822496e666f726d61746976652068756d616e207265616461626c65206d6573736167656e726561736f6e2d636f6e74657874764164646974696f6e616c20696e666f726d6174696f6e"); + byte[] wrongFormatTelemetry = Hex.decode( + "a46776657273696f6e6131665374617475730166526561736f6e7822496e666f726d61746976652068756d616e207265616461626c65206d6573736167656e726561736f6e2d636f6e74657874764164646974696f6e616c20696e666f726d6174696f6e"); Assert.assertEquals( ResponseCode.BAD_REQUEST, pledge.sendStatusTelemetry( @@ -271,9 +268,7 @@ public void testStatusTelemetry() throws Exception { Constants.VOUCHER_STATUS, wrongFormatTelemetry, ExtendedMediaTypeRegistry.APPLICATION_COSE_SIGN1)); - wrongFormatTelemetry = - Hex.decode( - "a36776657273696f6e0166737461747573f467726561736f6e787174686973206b65792069732077726f6e67"); + wrongFormatTelemetry = Hex.decode("a36776657273696f6e0166737461747573f467726561736f6e787174686973206b65792069732077726f6e67"); Assert.assertEquals( ResponseCode.BAD_REQUEST, pledge.sendStatusTelemetry( @@ -337,8 +332,7 @@ public void testMultiPledges() throws Exception { } /** - * In a thread, create a new Pledge and let it do voucher request and enrollment operations. Any - * error state is logged internally. + * In a thread, create a new Pledge and let it do voucher request and enrollment operations. Any error state is logged internally. */ private class PledgeThread extends Thread { @@ -365,7 +359,9 @@ public void run() { } catch (Throwable e) { errorState = e; } finally { - if (pledge != null) pledge.shutdown(); + if (pledge != null) { + pledge.shutdown(); + } } } } @@ -384,7 +380,7 @@ public void testRegistrarWithoutCmcRa() throws Exception { registrar = registrarBuilder .setCredentials(cg.getCredentials(CredentialGenerator.REGISTRAR_ALIAS)) - .setCertificateChain(new X509Certificate[] {cert, domainCaCert}) + .setCertificateChain(new X509Certificate[]{cert, domainCaCert}) .setTrustAllMasas(true) .build(); registrar.setDomainCA(domainCA); @@ -395,7 +391,8 @@ public void testRegistrarWithoutCmcRa() throws Exception { try { response = pledge.sayHello(); Assert.fail("Pledge mistakenly accepted Registrar without cmcRA"); - } catch (IOException ex) {; + } catch (IOException ex) { + ; } // try again without checking strictly for cmcRA @@ -423,11 +420,9 @@ public void testRegistrarUsingCmsJsonVoucherRequest() throws Exception { // create new Registrar that uses only CMS-signed JSON voucher requests towards MASA RegistrarBuilder registrarBuilder = new RegistrarBuilder(); - registrar = - registrarBuilder - .setCredentials(cg.getCredentials(CredentialGenerator.REGISTRAR_ALIAS)) - .setTrustAllMasas(true) - .build(); + registrar = registrarBuilder.setCredentials(cg.getCredentials(CredentialGenerator.REGISTRAR_ALIAS)) + .setTrustAllMasas(true) + .build(); registrar.setDomainCA(domainCA); registrar.setForcedRequestFormat(Constants.HTTP_APPLICATION_VOUCHER_CMS_JSON); registrar.start();