Hi,
I am trying to following the instructions at: https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.iotsdk.v0.9.0%2Fiot_sdk_user_guides_java_coaps.html
but the directory paths of Californium has deviated quite a bit since this was published. Do you have some updated instructions on how to use Californium with your IoT examples?
Thanks very much.
Hi thread_yoda and Achim Kraus,
I have now been able to get the guide to work with Californium 2.3.0.
I will do some more testing, update to 2.4.0 and write it down properly, but here are my notes on the changes, and my modified Nrf5xSecureServer/Client.java files (so you don't have to do the modifications to the files listed in the notes under the "Running a secure CoAP server/client):
nrf5 sdk 16, examples/iot/.....
californium + californium.tools tag 2.3.0
newest eclipse version. Seems to have th eplugins already
prepare workspace
1. same
2. copy to californium/demo-apps/cf-secure/src/main/java/org/eclipse/californium/examples
3. Do nothing? Everything is in demo-certs?
Import projects
1. same
2. same
3. californium, not californium-core
4. not needed
5. same
Change settings
1. Could not find any
2. californium\scandium-core\src\main\java\org\eclipse\californium\scandium\config
3. public static int DEFAULT_RETRANSMISSION_TIMEOUT_MS = 20000, line 123
4. californium/californium-core/....
5. line 197, 200000
6. same
Known limitations
Should not be any difference
Running a secure CoAP server
1. californium/demo-apps/cf-secure/......
2. same/Use address of local interface, line 101
3. Errors must be fixed, but it seems to be the same otherwise.
30: import org.slfj.Logger;
34: import org.eclipse.californium.core.network.CoapEndpoint;
40: remove
48/53: comment out. I don't think they are needed anymore
60: private static final String KEY_STORE_LOCATION = "../../demo-certs/src/main/resources/keyStore.jks";
61: private static final String TRUST_STORE_LOCATION = "../../demo-certs/src/main/resources/trustStore.jks";
101: DtlsConnectorConfig.Builder config = new DtlsConnectorConfig.Builder();
106/107: config.setIdentity((PrivateKey)keyStore.getKey("server", KEY_STORE_PASSWORD.toCharArray()),
keyStore.getCertificateChain("server"), CertificateType.RAW_PUBLIC_KEY, CertificateType.X_509);
111: CoapEndpoint.Builder endpointBuilder = new CoapEndpoint.Builder();
endpointBuilder.setNetworkConfig(NetworkConfig.getStandard());
endpointBuilder.setConnector(connector);
server.addEndpoint(endpointBuilder.build());
Running a secure CoAP client
1. same
2. same/Use address of local interface, line 224
3. same
4. same
32: remove
37: import org.eclipse.californium.core.network.CoapEndpoint;
44: remove
71/77: comment out. I don't think they are needed anymore
79: private static final String TRUST_STORE_LOCATION = "../../californium/demo-certs/src/main/resources/trustStore.jks";
82: private static final String KEY_STORE_LOCATION = "../../californium/demo-certs/src/main/resources/keyStore.jks";
226: insert builder.setAddress(myInetSocketAddr);
230: keyStore.getCertificateChain("client"), CertificateType.RAW_PUBLIC_KEY, CertificateType.X_509);
/*******************************************************************************
* Copyright (c) 2014 Institute for Pervasive Computing, ETH Zurich and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* and Eclipse Distribution License v1.0 which accompany this distribution.
*
* The Eclipse Public License is available at
* http://www.eclipse.org/legal/epl-v10.html
* and the Eclipse Distribution License is available at
* http://www.eclipse.org/org/documents/edl-v10.html.
*
* Contributors:
* Matthias Kovatsch - creator and main architect
******************************************************************************/
package org.eclipse.californium.examples;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.logging.Level;
import org.slf4j.Logger;
import org.eclipse.californium.core.CoapResource;
import org.eclipse.californium.core.CoapServer;
import org.eclipse.californium.core.coap.CoAP.ResponseCode;
import org.eclipse.californium.core.network.CoapEndpoint;
import org.eclipse.californium.core.network.Endpoint;
import org.eclipse.californium.core.network.config.NetworkConfig;
import org.eclipse.californium.core.network.interceptors.MessageTracer;
import org.eclipse.californium.core.server.resources.CoapExchange;
import org.eclipse.californium.scandium.DTLSConnector;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.pskstore.InMemoryPskStore;
public class Nrf5xSecureServer {
//static {
// Logger.initialize();
// CaliforniumLogger.setLevel(Level.CONFIG);
// ScandiumLogger.initialize();
// ScandiumLogger.setLevel(Level.FINER);
//}
// allows configuration via Californium.properties
public static final int DTLS_PORT = NetworkConfig.getStandard().getInt(NetworkConfig.Keys.COAP_SECURE_PORT);
private static final String TRUST_STORE_PASSWORD = "rootPass";
private final static String KEY_STORE_PASSWORD = "endPass";
private static final String KEY_STORE_LOCATION = "../../demo-certs/src/main/resources/keyStore.jks";
private static final String TRUST_STORE_LOCATION = "../../demo-certs/src/main/resources/trustStore.jks";
public static void main(String[] args) {
CoapServer server = new CoapServer();
// server.add(new CoapResource("secure") {
// @Override
// public void handleGET(CoapExchange exchange) {
// exchange.respond(ResponseCode.CONTENT, "hello security");
// }
// });
server.add(new CoapResource("lights").add(new DevKitResource("led3"), new DevKitResource("led4")));
// ETSI Plugtest environment
// server.addEndpoint(new CoAPEndpoint(new DTLSConnector(new InetSocketAddress("::1", DTLS_PORT)), NetworkConfig.getStandard()));
// server.addEndpoint(new CoAPEndpoint(new DTLSConnector(new InetSocketAddress("127.0.0.1", DTLS_PORT)), NetworkConfig.getStandard()));
// server.addEndpoint(new CoAPEndpoint(new DTLSConnector(new InetSocketAddress("2a01:c911:0:2010::10", DTLS_PORT)), NetworkConfig.getStandard()));
// server.addEndpoint(new CoAPEndpoint(new DTLSConnector(new InetSocketAddress("10.200.1.2", DTLS_PORT)), NetworkConfig.getStandard()));
try {
// Pre-shared secrets
InMemoryPskStore pskStore = new InMemoryPskStore();
pskStore.setKey("Client_identity", "secretPSK".getBytes()); // from ETSI Plugtest test spec
// load the trust store
KeyStore trustStore = KeyStore.getInstance("JKS");
InputStream inTrust = new FileInputStream(TRUST_STORE_LOCATION);
trustStore.load(inTrust, TRUST_STORE_PASSWORD.toCharArray());
// You can load multiple certificates if needed
Certificate[] trustedCertificates = new Certificate[1];
trustedCertificates[0] = trustStore.getCertificate("root");
// load the key store
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream in = new FileInputStream(KEY_STORE_LOCATION);
keyStore.load(in, KEY_STORE_PASSWORD.toCharArray());
InetAddress myIPv6Addr = Inet6Address.getByName("Your IPv6 address as string.");
InetSocketAddress myInetSocketAddr = new InetSocketAddress(myIPv6Addr, DTLS_PORT);
DtlsConnectorConfig.Builder config = new DtlsConnectorConfig.Builder();
config.setAddress(myInetSocketAddr);
config.setSupportedCipherSuites(new CipherSuite[]{CipherSuite.TLS_PSK_WITH_AES_128_CCM_8,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8});
config.setPskStore(pskStore);
config.setIdentity((PrivateKey)keyStore.getKey("server", KEY_STORE_PASSWORD.toCharArray()),
keyStore.getCertificateChain("server"), CertificateType.RAW_PUBLIC_KEY, CertificateType.X_509);
config.setTrustStore(trustedCertificates);
DTLSConnector connector = new DTLSConnector(config.build(), null);
CoapEndpoint.Builder endpointBuilder = new CoapEndpoint.Builder();
endpointBuilder.setNetworkConfig(NetworkConfig.getStandard());
endpointBuilder.setConnector(connector);
server.addEndpoint(endpointBuilder.build());
server.start();
} catch (GeneralSecurityException | IOException e) {
System.err.println("Could not load the keystore");
e.printStackTrace();
}
// add special interceptor for message traces
for (Endpoint ep : server.getEndpoints()) {
ep.addInterceptor(new MessageTracer());
}
System.out.println("Secure CoAP server powered by Scandium (Sc) is listening on port " + DTLS_PORT);
}
}
/*******************************************************************************
* Copyright (c) 2014 Institute for Pervasive Computing, ETH Zurich and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* and Eclipse Distribution License v1.0 which accompany this distribution.
*
* The Eclipse Public License is available at
* http://www.eclipse.org/legal/epl-v10.html
* and the Eclipse Distribution License is available at
* http://www.eclipse.org/org/documents/edl-v10.html.
*
* Contributors:
* Matthias Kovatsch - creator and main architect
******************************************************************************/
package org.eclipse.californium.tools;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.logging.Level;
import org.eclipse.californium.core.Utils;
import org.eclipse.californium.core.coap.CoAP;
import org.eclipse.californium.core.coap.MediaTypeRegistry;
import org.eclipse.californium.core.coap.Request;
import org.eclipse.californium.core.coap.Response;
import org.eclipse.californium.core.network.CoapEndpoint;
import org.eclipse.californium.core.network.Endpoint;
import org.eclipse.californium.core.network.EndpointManager;
import org.eclipse.californium.core.network.config.NetworkConfig;
import org.eclipse.californium.elements.RawData;
import org.eclipse.californium.elements.RawDataChannel;
import org.eclipse.californium.scandium.DTLSConnector;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.pskstore.InMemoryPskStore;
import org.eclipse.californium.scandium.dtls.pskstore.StaticPskStore;
/**
* This class implements a simple CoAP client for testing purposes. Usage:
* <p>
* {@code java -jar SampleClient.jar [-l] METHOD URI [PAYLOAD]}
* <ul>
* <li>METHOD: {GET, POST, PUT, DELETE, DISCOVER, OBSERVE}
* <li>URI: The URI to the remote endpoint or resource}
* <li>PAYLOAD: The data to send with the request}
* </ul>
* Options:
* <ul>
* <li>-l: Loop for multiple responses}
* </ul>
* Examples:
* <ul>
* <li>{@code SampleClient DISCOVER coap://localhost}
* <li>{@code SampleClient POST coap://someServer.org:5683 my data}
* </ul>
*/
public class Nrf5xConsoleClient {
//static {
// CaliforniumLogger.initialize();
// CaliforniumLogger.setLevel(Level.WARNING);
//
// ScandiumLogger.initialize();
// ScandiumLogger.setLevel(Level.FINER);
//}
// the trust store file used for DTLS server authentication
private static final String TRUST_STORE_LOCATION = "../../californium/demo-certs/src/main/resources/trustStore.jks";
private static final String TRUST_STORE_PASSWORD = "rootPass";
private static final String KEY_STORE_LOCATION = "../../californium/demo-certs/src/main/resources/keyStore.jks";
private static final String KEY_STORE_PASSWORD = "endPass";
// resource URI path used for discovery
private static final String DISCOVERY_RESOURCE = "/.well-known/core";
// indices of command line parameters
private static final int IDX_METHOD = 0;
private static final int IDX_URI = 1;
private static final int IDX_PAYLOAD = 2;
// exit codes for runtime errors
private static final int ERR_MISSING_METHOD = 1;
private static final int ERR_UNKNOWN_METHOD = 2;
private static final int ERR_MISSING_URI = 3;
private static final int ERR_BAD_URI = 4;
private static final int ERR_REQUEST_FAILED = 5;
private static final int ERR_RESPONSE_FAILED = 6;
// initialize parameters
static String method = null;
static URI uri = null;
static String payload = "";
static boolean loop = false;
static boolean usePSK = false;
static boolean useRaw = true;
// for coaps
private static Endpoint dtlsEndpoint;
private static DTLSConnector dtlsConnector;
/*
* Main method of this client.
*/
public static void main(String[] args) throws IOException, GeneralSecurityException {
// display help if no parameters specified
if (args.length == 0) {
printInfo();
return;
}
// input parameters
int i_all = 0;
int i_rep = -1;
int n_rep = 1;
int idx = 0;
for (String arg : args) {
i_all++;
if (arg.startsWith("-")) {
if (arg.equals("-l")) {
loop = true;
} else if (arg.equals("-psk")) {
usePSK = true;
} else if (arg.equals("-cert")) {
useRaw = false;
} else if (arg.equals("-rep")) {
i_rep = i_all;
} else {
System.out.println("Unrecognized option: " + arg);
}
} else {
if ((i_rep > 0) && (i_all == (i_rep + 1)))
{
n_rep = Integer.parseInt(arg);
}
else
{
switch (idx) {
case IDX_METHOD:
method = arg.toUpperCase();
break;
case IDX_URI:
try {
uri = new URI(arg);
} catch (URISyntaxException e) {
System.err.println("Failed to parse URI: " + e.getMessage());
System.exit(ERR_BAD_URI);
}
break;
case IDX_PAYLOAD:
payload = arg;
break;
default:
System.out.println("Unexpected argument: " + arg);
}
++idx;
}
}
}
// check if mandatory parameters specified
if (method == null) {
System.err.println("Method not specified");
System.exit(ERR_MISSING_METHOD);
}
if (uri == null) {
System.err.println("URI not specified");
System.exit(ERR_MISSING_URI);
}
for (int i=0; i<n_rep; i++)
{
// create request according to specified method
Request request = newRequest(method);
// set request URI
if (method.equals("DISCOVER") && (uri.getPath() == null || uri.getPath().isEmpty() || uri.getPath().equals("/"))) {
// add discovery resource path to URI
try {
uri = new URI(uri.getScheme(), uri.getAuthority(), DISCOVERY_RESOURCE, uri.getQuery());
} catch (URISyntaxException e) {
System.err.println("Failed to parse URI: " + e.getMessage());
System.exit(ERR_BAD_URI);
}
}
request.setURI(uri);
request.setPayload(payload);
request.getOptions().setContentFormat(MediaTypeRegistry.TEXT_PLAIN);
if (request.getScheme().equals(CoAP.COAP_SECURE_URI_SCHEME)) {
if (i == 0) {
try {
// load key store
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream in = new FileInputStream(KEY_STORE_LOCATION);
keyStore.load(in, KEY_STORE_PASSWORD.toCharArray());
// load trust store
KeyStore trustStore = KeyStore.getInstance("JKS");
InputStream inTrust = new FileInputStream(TRUST_STORE_LOCATION);
trustStore.load(inTrust, TRUST_STORE_PASSWORD.toCharArray());
// You can load multiple certificates if needed
Certificate[] trustedCertificates = new Certificate[1];
trustedCertificates[0] = trustStore.getCertificate("root");
InetAddress myIPv6Addr = Inet6Address.getByName("Your IPv6 address as string.");
InetSocketAddress myInetSocketAddr = new InetSocketAddress(myIPv6Addr, 5694);
DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder();
builder.setAddress(myInetSocketAddr);
builder.setPskStore(new StaticPskStore("Client_identity", "secretPSK".getBytes()));
builder.setIdentity((PrivateKey)keyStore.getKey("client", KEY_STORE_PASSWORD.toCharArray()),
keyStore.getCertificateChain("client"), CertificateType.RAW_PUBLIC_KEY, CertificateType.X_509);
builder.setTrustStore(trustedCertificates);
dtlsConnector = new DTLSConnector(builder.build(), null);
dtlsConnector.setRawDataReceiver(new RawDataChannelImpl());
} catch (GeneralSecurityException | IOException e) {
System.err.println("Could not load the keystore");
e.printStackTrace();
}
CoapEndpoint.Builder endpointBuilder = new CoapEndpoint.Builder();
endpointBuilder.setNetworkConfig(NetworkConfig.getStandard());
endpointBuilder.setConnector(dtlsConnector);
dtlsEndpoint = endpointBuilder.build();
dtlsEndpoint.start();
EndpointManager.getEndpointManager().setDefaultEndpoint(dtlsEndpoint);
}
}
// execute request
try {
request.send();
// loop for receiving multiple responses
do {
// receive response
Response response = null;
try {
response = request.waitForResponse();
} catch (InterruptedException e) {
System.err.println("Failed to receive response: " + e.getMessage());
System.exit(ERR_RESPONSE_FAILED);
}
// output response
if (response != null) {
System.out.println(Utils.prettyPrint(response));
System.out.println("Time elapsed (ms): " + response.getRTT());
// check of response contains resources
if (response.getOptions().isContentFormat(MediaTypeRegistry.APPLICATION_LINK_FORMAT)) {
String linkFormat = response.getPayloadString();
// output discovered resources
System.out.println("\nDiscovered resources:");
System.out.println(linkFormat);
} else {
// check if link format was expected by client
if (method.equals("DISCOVER")) {
System.out.println("Server error: Link format not specified");
}
}
} else {
// no response received
System.err.println("Request timed out");
break;
}
} while (loop);
} catch (Exception e) {
System.err.println("Failed to execute request: " + e.getMessage());
System.exit(ERR_REQUEST_FAILED);
}
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
/*
* Outputs user guide of this program.
*/
public static void printInfo() {
System.out.println("Californium (Cf) Console Client");
System.out.println("(c) 2014, Institute for Pervasive Computing, ETH Zurich");
System.out.println();
System.out.println("Usage: " + Nrf5xConsoleClient.class.getSimpleName() + " [-l] METHOD URI [PAYLOAD]");
System.out.println(" METHOD : {GET, POST, PUT, DELETE, DISCOVER, OBSERVE}");
System.out.println(" URI : The CoAP URI of the remote endpoint or resource");
System.out.println(" A coaps URI will automatically use CoAP over DTLS");
System.out.println(" PAYLOAD : The data to send with the request");
System.out.println("Options:");
System.out.println(" -rep N : Do a request N number of times with the same parameters, with 1 sec delay between requests.");
System.out.println(" -l : Loop for multiple responses");
System.out.println(" (automatic for OBSERVE and separate responses)");
System.out.println(" -psk : Use a pre-shared secrest for DTLS (is prompted)");
System.out.println(" -cert : Use full X.509 certificates instead of raw public keys");
System.out.println();
System.out.println("Examples:");
System.out.println(" " + Nrf5xConsoleClient.class.getSimpleName() + " DISCOVER coap://localhost");
System.out.println(" " + Nrf5xConsoleClient.class.getSimpleName() + " PUT coap://iot.eclipse.org:5683/large-put my data");
}
private static class RawDataChannelImpl implements RawDataChannel {
// @Override
public void receiveData(final RawData raw) {
System.out.println("Received response: " + new String(raw.getBytes()));
dtlsConnector.destroy();
}
}
/*
* Instantiates a new request based on a string describing a method.
*
* @return A new request object, or null if method not recognized
*/
private static Request newRequest(String method) {
if (method.equals("GET")) {
return Request.newGet();
} else if (method.equals("POST")) {
return Request.newPost();
} else if (method.equals("PUT")) {
return Request.newPut();
} else if (method.equals("DELETE")) {
return Request.newDelete();
} else if (method.equals("DISCOVER")) {
return Request.newGet();
} else if (method.equals("OBSERVE")) {
Request request = Request.newGet();
request.setObserve();
loop = true;
return request;
} else {
System.err.println("Unknown method: " + method);
System.exit(ERR_UNKNOWN_METHOD);
return null;
}
}
}
Best regards,
Didrik
I currently checked the nrf sdk's for that IoT support - the v16 from Okt 2019 seems to be the last one, the examples/iot has been removed on the v17. So, I'm not sure, if make sense to continue with that migration/update. Maybe "OpenThread" is now the favorite for Nordic, and so I would guess, it will pay more off, to use that.
Didrik Rokhaug This is really all kinds of awesome, thank you for your kind support and taking the initiative and extra efforts to update this guide. Achim Kraus I will be testing this with our CoAP + Thread example. The nice thing about this is everything flows through Thread as the sensor network backbone and pretty standard to setup using OpenThread border router setup either with standalone Raspberry Pi 3B/3B+ or Ubuntu environment.
Didrik Rokhaug Everything was fine until I tried to run the secure coap client. I got the following error message saying:
Could not load the keystore
java.io.FileNotFoundException: ..\..\demo-certs\src\main\resources\keyStore.jks (The system cannot find the path specified)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at org.eclipse.californium.tools.Nrf5xConsoleClient.main(Nrf5xConsoleClient.java:210)
Failed to execute request: URI scheme coaps requires a previous set connector!
Do you know how to fix this?
What OS are you using?
If you are using Linux or macOS, try to change the direction of the slashes, i.e. from \ to /.
I'm using Win 10. I downloaded the 2.4.1 tag zip of californium and californium tools to try this with. I did noticed that your screenshot above was with 2.3.0? Maybe it doesn't matter.
Got it to work. Think I was too sleepy last night. I had to copy the demo-certs folder to the californium.tools folder and update the path in the client to "../demo-certs .........."
Got it to work. Think I was too sleepy last night. I had to copy the demo-certs folder to the californium.tools folder and update the path in the client to "../demo-certs .........."
Didrik Rokhaug Would you be able to give me some pointers on how I would go about testing with the CoAP + Thread + Google iot cloud example that you guys have? I think that is a slightly different mode of operation since the "CoAP server" is actually the device and we are posting updates to the firebase records. What I would like to do is keep the same firmware and see the resource updates on the Californium side of things.
Hi thread_yoda,
I am happy to hear that you got it working.
I did most of the work on version 2.3.0, as that was what was available when I started. But I did also test it briefly with version 2.4.1, so that should work as well.
thread_yoda said:Would you be able to give me some pointers on how I would go about testing with the CoAP + Thread + Google iot cloud example that you guys have? I
As this thread has become quite long already, and the original issue has been resolved, may I suggest that you open a new ticket?
Best regards,
Didrik
Yup, I was thinking whether I should open another Thread already. We will continue the discussion in another post. :) Thanks for your help and Achim Kraus