| Re: [cf-dev] Scandium support for x509 certificates |
|
Hi Cecile, Scandium already supports usage of X.509 certificates. In order to use a cipher suite with X.509 certificates you simply need to use the DtlsConnectorConfig.Builder.setIdentity(PrivateKey, Certificate[],
Boolean) method to set the private key and the X.509 certificate chain asserting the public key’s identity. In your case you should also set the Boolean to “false” if you want to exchange X.509 certificates during the DTLS handshake with clients. Scandium does not include an explicit Principal implementation for X.509 certificates because Java already includes one: javax.security.auth.x500.X500Principal. Thus, when a client authenticates
by means of an X.509 certificate, the Principal object returned by org.eclipse.californium.core.coap.Request.getSenderIdentity() will be of this type and its getName() method will return the Distinguished Name from the client’s certificate. Regards, Kai From: cf-dev-bounces@xxxxxxxxxxx [mailto:cf-dev-bounces@xxxxxxxxxxx]
On Behalf Of Cécile Manset Hi all, As an intern at Sierra Wireless (Toulouse, France), I am implementing the x509 certificate security support in Leshan. Or at least trying. I tried to understand to what extent Scandium provided support for this authentication
process but I failed to have a clear list of features by myself. Would you mind explaining what is already done and what still needs to be done to have a full support? For instance, is it normal that there is no class implementing the Principal interface for x509 certificates while
there is one for PSK and RPK (org.eclipse.californium.scandium.auth)? Do I need to write one?
Thanks a lot for your help. Best regards, Cécile Manset |