From 9a8399510cb059e68554b107a6fed2bfed055df9 Mon Sep 17 00:00:00 2001 From: 1998-felix Date: Thu, 4 Apr 2024 12:49:26 +0300 Subject: [PATCH] feat: Add DTLS to coap Signed-off-by: 1998-felix --- cmd/coap/main.go | 6 +- docker/docker-compose.yml | 20 +++++++ docker/ssl/certs/ca.crt | 42 +++++++------- docker/ssl/certs/ca.key | 58 ++++++++++---------- docker/ssl/certs/magistrala-server.crt | 43 +++++++-------- docker/ssl/certs/magistrala-server.key | 76 +++++++++----------------- go.mod | 2 +- internal/server/coap/coap.go | 47 ++++++++++++++-- 8 files changed, 165 insertions(+), 129 deletions(-) diff --git a/cmd/coap/main.go b/cmd/coap/main.go index 036dcb6030..92963b36da 100644 --- a/cmd/coap/main.go +++ b/cmd/coap/main.go @@ -80,7 +80,11 @@ func main() { return } - coapServerConfig := server.Config{Port: defSvcCoAPPort} + coapServerConfig := server.Config{ + Port: defSvcCoAPPort, + CertFile: "./ssl/certs/magistrala-server.crt", + KeyFile: "./ssl/certs/magistrala-server.key", + } if err := env.ParseWithOptions(&coapServerConfig, env.Options{Prefix: envPrefix}); err != nil { logger.Error(fmt.Sprintf("failed to load %s CoAP server configuration : %s", svcName, err)) exitCode = 1 diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 3d2dbd7dcb..53ba40293e 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -627,6 +627,26 @@ services: target: /things-grpc-server-ca${MG_THINGS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true + - type: bind + source: ./ssl/certs/magistrala-server.crt + target: /ssl/certs/magistrala-server.crt + bind: + create_host_path: true + - type: bind + source: ./ssl/certs/magistrala-server.key + target: /ssl/certs/magistrala-server.key + bind: + create_host_path: true + - type: bind + source: ./ssl/certs/ca.crt + target: /ssl/certs/ca.crt + bind: + create_host_path: true + - type: bind + source: ./ssl/certs/ca.key + target: /ssl/certs/ca.key + bind: + create_host_path: true ws-adapter: image: magistrala/ws:${MG_RELEASE_TAG} diff --git a/docker/ssl/certs/ca.crt b/docker/ssl/certs/ca.crt index 34f07283e8..56baf61349 100644 --- a/docker/ssl/certs/ca.crt +++ b/docker/ssl/certs/ca.crt @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDyzCCArOgAwIBAgIUDIJg63dQVzoD9nmWi9YPscQwTgIwDQYJKoZIhvcNAQEN -BQAwdTEiMCAGA1UEAwwZTWFnaXN0cmFsYV9TZWxmX1NpZ25lZF9DQTETMBEGA1UE -CgwKTWFnaXN0cmFsYTEWMBQGA1UECwwNbWFnaXN0cmFsYV9jYTEiMCAGCSqGSIb3 -DQEJARYTaW5mb0BtYWdpc3RyYWxhLmNvbTAeFw0yMzEwMzAwODE5MDFaFw0yNjEw -MjkwODE5MDFaMHUxIjAgBgNVBAMMGU1hZ2lzdHJhbGFfU2VsZl9TaWduZWRfQ0Ex -EzARBgNVBAoMCk1hZ2lzdHJhbGExFjAUBgNVBAsMDW1hZ2lzdHJhbGFfY2ExIjAg -BgkqhkiG9w0BCQEWE2luZm9AbWFnaXN0cmFsYS5jb20wggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCWNIeGfo/SePOvviJE6UHJhBzWcPfNVbzSF6A42WgB -DEgI3KFr+/rgWMEaCOD4QzCl3Lqa89EgCA7xCgxcqFwEo33SyhAivwoHL2pRVHXn -oee3z9U757T63YLE0qrXQY2cbyChX/OU99rZxyd5l5jUGN7MCu+RYurfTIiYN+Uv -NZdl8a3X84g7fa70EOYas7cTunWUt9x64/jYDoYmn+XPXET1yEU1dQTnKY4cRjhv -HS1u2QsadHKi1hgeILyLbB4u1T5N+WfxFknhFHTu8PVPxfowrVv/xzmxOe0zSZFd -SbhtrmwT4S1wJ4PfUa3+tYZVtjEKKbyObsAW91WzOLS9AgMBAAGjUzBRMB0GA1Ud -DgQWBBQkE4koZctEZpTz9pq6a6s6xg+myTAfBgNVHSMEGDAWgBQkE4koZctEZpTz -9pq6a6s6xg+myTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQA7 -w/oh5U9loJsigf3X3T3jQM8PVmhsUfNMJ3kc1Yumr72S4sGKjdWwuU0vk+B3eQzh -zXAj65BHhs1pXcukeoLR7YcHABEsEMg6lar/E4A+MgAZfZFVSvPpsByIK8I5ARk+ -K1V/lWso+GJJM/lImPPnpvUWBdbntqC5WtjoMMGL9uyV3kVS6yT/kJ2ercnPzhPh -uBkL1ZH3ivDn/0JDY+T8Sfeq08vNWaTcoC7qpPwqXhuT0ytY7oaBS5wmPcvvzpZg -6zZYPZfhjhdEFYY1hDrrPYNYO72jncUnwQVp3X0DQpSvbxp681hVkcEtwHB2B8l0 -tBGhgoH+TqZs0AUjoXM0 +MIID3TCCAsWgAwIBAgIUJ7rTeCvycN8GF+nHwt3fXLTVSq4wDQYJKoZIhvcNAQEL +BQAwfjELMAkGA1UEBhMCS0UxEDAOBgNVBAgMB05haXJvYmkxETAPBgNVBAcMCC5O +YWlyb2JpMQswCQYDVQQKDAJVVjEQMA4GA1UECwwHVVYtY29yZTEOMAwGA1UEAwwF +b2gtdXYxGzAZBgkqhkiG9w0BCQEWDGZlbGl4QHV2LmNvbTAeFw0yNDA0MDQxMTQz +NDlaFw0yOTA0MDQxMTQzNDlaMH4xCzAJBgNVBAYTAktFMRAwDgYDVQQIDAdOYWly +b2JpMREwDwYDVQQHDAguTmFpcm9iaTELMAkGA1UECgwCVVYxEDAOBgNVBAsMB1VW +LWNvcmUxDjAMBgNVBAMMBW9oLXV2MRswGQYJKoZIhvcNAQkBFgxmZWxpeEB1di5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyL0+llXRRpkHxf+2U +s9bFew/foXNtubuH0jTqTAsOpoqsqDeaX6h5Dm9zPPe9Q4ozTh0A0qoJ2sJ0pT4i +8Ialg4QxKRSntmmRLSzQpXplu21SzUDzOCYudQn2bh9n+tf7meQkMVCo4wXPMKFL +tp+KIarSianzVi7Erdb49kYS/Lc17L77jFQ08VYGpdWcb+Yg213FLGae1BZfmFph +VLQyxbf/E0UCq9t6JP1ddMmkaMWdCEDoIw8pRouRWPz1OJsYRkTFKSA/TmM6Cgv5 +TDkTN1ZD3QmMV6lU3USbF+zqAuMQeZLGsipDcESn/QT4rAWNQldr/qgXnJlDqeXZ +c2e/AgMBAAGjUzBRMB0GA1UdDgQWBBSQIqr4eTsOnM6YUrEUbtXx/WSr2DAfBgNV +HSMEGDAWgBSQIqr4eTsOnM6YUrEUbtXx/WSr2DAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQArByYSz0rwMTeXUJ6KiqOvZwtgmqJ2z9dcxV4ngKBE +DVCFxmqGoRpK+rbtgqKb2qRUMqebpmUYcrUmRo+0Ga4dI4wNqDkV81SIznVPqaey +lL1FkU/KA1NEIiQYleb3CJmyiPdF9ao1lZnLoMAZ/BkE7Y8XBaBGhgNK27tuCYP2 +xIDB0V+I2wp3VlAVwFW2SDufJha4NA7Em9hdpXUjltyrzkjSsIW5X1CTDpxpzd7i +aEKH+z2zhD3KFLKTVrWEpJGCPpNqwJ14Fft5zoH3B0ucwm04VOXG6q2I5O23wcNg +zzmG5TS/ue/Wue1mu4SwC+kYPgRRmUWGwmEGnAPF0DSA -----END CERTIFICATE----- diff --git a/docker/ssl/certs/ca.key b/docker/ssl/certs/ca.key index 0ba786be53..8922e26539 100644 --- a/docker/ssl/certs/ca.key +++ b/docker/ssl/certs/ca.key @@ -1,28 +1,30 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCWNIeGfo/SePOv -viJE6UHJhBzWcPfNVbzSF6A42WgBDEgI3KFr+/rgWMEaCOD4QzCl3Lqa89EgCA7x -CgxcqFwEo33SyhAivwoHL2pRVHXnoee3z9U757T63YLE0qrXQY2cbyChX/OU99rZ -xyd5l5jUGN7MCu+RYurfTIiYN+UvNZdl8a3X84g7fa70EOYas7cTunWUt9x64/jY -DoYmn+XPXET1yEU1dQTnKY4cRjhvHS1u2QsadHKi1hgeILyLbB4u1T5N+WfxFknh -FHTu8PVPxfowrVv/xzmxOe0zSZFdSbhtrmwT4S1wJ4PfUa3+tYZVtjEKKbyObsAW -91WzOLS9AgMBAAECggEAEOxEq6jFO/WgIPgHROPR42ok1J1AMgx7nGEIjnciImIX -mJYBAtlOM+oUAYKoFBh/2eQTSyN2t4jo5AvZhjP6wBQKeE4HQN7supADRrwBF7KU -WI+MKvZpW81KrzG8CUoLsikMEFpu52UAbYJkZmznzVeq/GqsAKGYLEXjauD7S5Tu -GeGVKO4novus6t3AHnBvfalIQ1JUuJFvcd5ZDhPljlzPbbWdM4WpRPaFZIKmfXft -G7Izt58yPCYwhxohjrunRudyX3oKvmCBUOBXC8HdHzND/dLxwlrVu7OjmXprmC6P -8ggNpjAPeO8Y6+EKGne1fETNsKgODY/lXGOwECY4eQKBgQDSGi3WuoT/+DecVeSF -GfmavdGCQKOD0kdl7qCeQYAL+SPVz4157AtxZs3idapvlbrc7wvw4Ev1XT7ZmWUj -Lc4/UAITR8EkkFRVbxt2PvV86AiQtmXFguTNEX5vTszRwZ2+eqijZga5niBkqyAi -SRuTwR8WrDZau4mRNnF8bUl8dQKBgQC3BKYifRp4hHqBycHe9rSMZ8Xz+ZOy+IFA -vYap1Az+e8KuqlmD9Kfpp2Mjba1+HL5WKeTJGpFE7bhvb/xMPJgbMgtQ/cw4uDJ/ -fwv4m6arf76ebOhaZtkT1vD4NyiyB+z6xP0TRgQRr2Or98XBSvGAYDXIn5vL7fUg -KrDF0ePuKQKBgDfaOcFRiDW7uJzYwI0ZoJ8gQufLYyyR4+UXEJ/BbdbA/mPCbyuw -MkKNP8Ip4YsUVL6S1avNFKQ/i4uxGY/Gh4ORM1wIwTGFJMYpaTV/+yafUFeYBWoC -J+zT77aLTiucuuB+HwKBBtylSps4WqyCntAikK8oTLLGFAYEYRrgup5ZAoGAbQ8j -JNghxwFCs0aT9ZZTfnt0NW9auUJmWzrVHSxUVe1P1J+EWiKXUJ/DbuAzizv7nAK4 -57GiMU3rItS7pn5RMZt/rNKgOIhi5yDA9HNkPTwRTfyd9QjmgHEMBQ1xfa1FZSWv -nSWS1SsLnPU37XgIMzShuByMTVhOQs3NqwPo7AkCgYAf8AzQNjFCoTwU3SJezJ4H -9j1jvMO232hAl8UDNtqvJ1APn87tOtnfX48OMoRrP9kKI0oygE3pq7rFxu1qmTns -Zir0+KLeWGg58fSZkUEAp6kbO5CKwoeVAY9EMgd7BYBqlXLqUNfdH0L+KUOFKHha -7e82VxpgBeskzAqN1e7YRA== ------END PRIVATE KEY----- +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQInG42mOvawu8CAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAuU1ABpa2isBIIEyKB69SK25f+z +BDzPG2lHrp2LPoyEqgb4hiC2GTTTPI+wHgIqoIhy2SrMBJfNL+/DjgJGDlvSa0mi +gkY7gtapdYpLOavFQPOgeWcLsVHzuxriK36sXxirlPd5397slAH6zi4bzo19Qlaq +ZPKmC0/DPb3M9o1/MkvtRdFdWBv5CnfC+Cum8bRSqU/XBqI0926o0KpbVPF8JglM +mOT7bx44AzSAglDtmv5wjcgI6O98VdNYw5c3bDpT17hqPMmIUIEBvvt9h+qj2SUV +bC2Ev2lZhDf8TlpKG3Au4OmR9agLxCUSqdL4O2KtVekuu24V4fFX3etIwBt2qEbk +9iduHhZGSDNojHt3cAQMcscZu/PsgNZQJIrdnJzVvXjOS2Dhb5G90Bejl2RmfEtI +yDiT1iRQIVuP6P6hKWM4NhkaMoLEBpZ3y0vFSJaT2+P7IuhCZqRgeElXRrdBSBbM +bcOPhnKi9yPywifwCRnMP4a4Gx6xvHEn0Oppy2uyAZNYK3aamN/lGG+P/LCoucw/ +wypEHKJ0lx+VJcflPY5rzgI9t4rCF/24qJMxPTYTkd2ds+wFXtZg5OMRJKhnLVFp +dEfNplzOGw6NPQyMSoBJjao7dYjAG/M2jriuTyNfbNLa1CNtYl8z71PSC5hpY/3A +60Z7xlPrcwmdq4Cwld5PZz78a2q0QKYPgIWLzwwgUxDsGdxBIFGrPE3cSrNjz7r6 +GvO8+XjdixzByc3WqZqU9ZAtZHg5ieIPQj4iw0tgFtWjU9lCtnhT5bCR5VbwpY4x +CbAJs+r4z4+C9hjsGhLKUjzHAT6puvm6hnb9G2/7Nz3UC80tBPoFaTAT16wq/tBX +LX87bcKvbqbfeq9I0YPkJCVlgB2tfnhkfw/e4YdPEM82oul/iSdzGb2BEpX4HYGh +XRuPwfGsaTPyNxcOqhrQ6l25OQVAqCmX3Ik8YSCTek3iQGad2G917F4CehYIZg7B +OGqQLJG6DsdIqZ3peRavPif1HVTSqm6rb+EaN+nHXmY1vizWdVwxJmYUF9YcXQX4 +3/5p7YQ7yDNTznmEABtS0BEi81vYFjQpNJWpMx/0v1AK5+n0VrERQv23ElBOc0rJ +aEgswf5Qjz0lY79NJRYsEf5aCtdHiN0VPnFdp3pm0tROzkqmsL1T0QMJF5cymOqy +qq6hJ04V7hyhACKKilZ+CvqJhupGBWo4TfaHrK/Hk4v67XUYkkqR5L+dUZMpSG0O +aDY2+bersl9oWvz85uN6tMM94rjrcC10uAfL4UvVaioZtruHecB6H8JYY09kVrGU +vgxTL886scWporYrw5b3r27tR73hvjrFmk9GPlI+9mYlPVsk0Hqs5I+O1iXmclQF +wcWQHGdVptINRh+WVc7uyB2UGkG3Kvq1fS/3vt+fkWby4G8hV1Xf0175PoCQZ/ve +WMz9db1rfaVI0k4Jilby2kxcB6Y459s2fCk+xzCGTUq08PvRD+28JIMzWBJSjsIU +IIW0S1PbcUA8Fp4o4A8lI1RVASUqiIPtTHN7m4Ay1YM3tUwfjk1ZFwrAEc7QS/zA +/+ud/1Yb5iBp1ybwE9xx4ZU7ki1mmnrJ0qYn4ASs0cqol+UgnAlgoWOz8gs/+KPb +9deibQLreFdRra+QU3T5ig== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/docker/ssl/certs/magistrala-server.crt b/docker/ssl/certs/magistrala-server.crt index 4e893c1ec4..1bae7fbd0b 100644 --- a/docker/ssl/certs/magistrala-server.crt +++ b/docker/ssl/certs/magistrala-server.crt @@ -1,26 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIEYjCCA0oCFGXr7rfGAynaa4KMTG1+23EEF0lYMA0GCSqGSIb3DQEBCwUAMHUx -IjAgBgNVBAMMGU1hZ2lzdHJhbGFfU2VsZl9TaWduZWRfQ0ExEzARBgNVBAoMCk1h -Z2lzdHJhbGExFjAUBgNVBAsMDW1hZ2lzdHJhbGFfY2ExIjAgBgkqhkiG9w0BCQEW -E2luZm9AbWFnaXN0cmFsYS5jb20wHhcNMjMxMDMwMDgxOTA4WhcNMjYwNzI2MDgx -OTA4WjBmMRIwEAYDVQQDDAlsb2NhbGhvc3QxEzARBgNVBAoMCk1hZ2lzdHJhbGEx -FzAVBgNVBAsMDm1hZ2lzdHJhbGFfY3J0MSIwIAYJKoZIhvcNAQkBFhNpbmZvQG1h -Z2lzdHJhbGEuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAojas -t6M294uS5q8oFmYM6DULVQ1lY3K659VusJshjGvn8bi50vhKo8PpxL6ygVpjWcHG -+/gclQnTaYZumC1TUohibpBnrFx1PZUvGiryAPudFY2nC5af5BQnYGi845FcVWx5 -FNLq+IsedgSZf7FuGcZruXiukBCWVyWJRJh+8FDakc65BPeG9FpCxbeLZ1nrDpnQ -bhHbwEQrwwHk0FHZ/3cuVFJAjwqJSivJ9598eU0YWAsqsLM3uYyvOMd8alMs5vCZ -9tMCpO2v6xTdJ6kr68SwQQAiefRy6gsD5J5A4ySyCz7KX9fHCrqx1kdcDJ/CXZmh -mXxrCFKSjqjuSn2qtm+gxvAc26Zbt5z5eihpdISDUKrjW11+yapNZLATGBX8ktek -gW467V9DQYOsbA3fNkWgd5UcV5HIViUpqFMFvi1NpWc2INi/PTDWuAIBLUiVNk0W -qMtG7/HqFRPn6MrNGpvFpglgxXGNfjsggkK/3INtFnAou2rN9+ieeuzO7Zjrtwsq -sP64GVw/vLv3tgT6TIZmDnCDCqtEGEVutt7ldu3M0/fLm4qOUsZqFGrIOO1cfI4x -7FRnHwaTsTB1Og+I7lEujb4efHV+uRjKyrGh6L6hDt94IkGm6ZEj5z/iEmq16jRX -dUbYsu4f1KlfTYdHWGHp+6kAmDn0jGCwz2BBrnsCAwEAATANBgkqhkiG9w0BAQsF -AAOCAQEAKyg5kvDk+TQ6ZDCK7qxKY+uN9setYvvsLfde+Uy51a3zj8RIHRgkOT2C -LuuTtTYKu3XmfCKId0oTXynGuP+yDAIuVwuZz3S0VmA8ijoZ87LJXzsLjjTjQSzZ -ar6RmlRDH+8Bm4AOrT4TDupqifag4J0msHkNPo0jVK6fnuniqJoSlhIbbHrJTHhv -jKNXrThjr/irgg1MZ7slojieOS0QoZHRE9eunIR5enDJwB5pWUJSmZWlisI7+Ibi -06+j8wZegU0nqeWp4wFSZxKnrzz5B5Qu9SrALwlHWirzBpyr0gAcF2v7nzbWviZ/ -0VMyY4FGEbkp6trMxwJs5hGYhAiyXg== +MIIDhzCCAm8CFGxwHH9+uladlcjZknd53jbhIfVTMA0GCSqGSIb3DQEBCwUAMH4x +CzAJBgNVBAYTAktFMRAwDgYDVQQIDAdOYWlyb2JpMREwDwYDVQQHDAguTmFpcm9i +aTELMAkGA1UECgwCVVYxEDAOBgNVBAsMB1VWLWNvcmUxDjAMBgNVBAMMBW9oLXV2 +MRswGQYJKoZIhvcNAQkBFgxmZWxpeEB1di5jb20wHhcNMjQwNDA0MTE0NzUxWhcN +MjUwMzMwMTE0NzUxWjCBgTELMAkGA1UEBhMCS0UxEDAOBgNVBAgMB05haXJvYmkx +EDAOBgNVBAcMB05haXJvYmkxDTALBgNVBAoMBFVWLVgxETAPBgNVBAsMCFVWWC1j +b3JlMQ4wDAYDVQQDDAVvaC11djEcMBoGCSqGSIb3DQEJARYNZmVsaXgyQHV2LmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALE5pv5qjgj5ar9YFcS1 +TsezfCtAXVFFrjKhpVqXttLv+zqbQ3wDO4ZyZLIEEBdGYm+AjEHOg7XrIMiOiBMk +GSduUCNlbFyLUUanc9jfDqZzNgp/zekFEJ1LRSI6UF9olPJbRixX0noI/4somSTd +7KWcpNJGEh9HWbYxY5m1lgLBJVuD56g2tB2l6eBv4/iG9Ta6tr6NLdC28IsC4m/p +/pcmjyw5oazFVkehPbT4Ao4gV1Fljb4+3TrS2e6v1mNvJEQezJYm2c8Gv1s2Xr3p +jvW6twO5DtTHLLSEJBl8aIlXtPX2xRl73GbRIBrYr8v+rqCggEzYkWOi6pkaSmab +nVMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADrEKLkP+Sw9+Ci08ooK89mBAoT4u +2EUbdq+oXd+K2F22x8MGCRIyOhRkVD807fDhlxbWJxB1nhNj1rRMvpOT2yKdI3HV ++deKBieAvACsMD8ZT2L7oj6LzqUUVLJDclND9cb48c5bIKnkEDyGadJDfUB/BSkK +6QHjTNHB1AyN9BAifXFBQQ5VIcB69EruXeNETPzOBKUTJteMFaRdSj0Cdfo+OdR+ +XTdEqm9nfj/lyG+giTVRvHeEAi20LAWSKWPz642d3XgfYopszLCLT2yIsEqkudnd +87+zSB8ObZzdx6UTjgyF2luAFtpXP3mGV1CFqOrOdG4MT7bSwzer6FaVLg== -----END CERTIFICATE----- diff --git a/docker/ssl/certs/magistrala-server.key b/docker/ssl/certs/magistrala-server.key index f2b56f417a..764f7d42c7 100644 --- a/docker/ssl/certs/magistrala-server.key +++ b/docker/ssl/certs/magistrala-server.key @@ -1,52 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCiNqy3ozb3i5Lm -rygWZgzoNQtVDWVjcrrn1W6wmyGMa+fxuLnS+Eqjw+nEvrKBWmNZwcb7+ByVCdNp -hm6YLVNSiGJukGesXHU9lS8aKvIA+50VjacLlp/kFCdgaLzjkVxVbHkU0ur4ix52 -BJl/sW4Zxmu5eK6QEJZXJYlEmH7wUNqRzrkE94b0WkLFt4tnWesOmdBuEdvARCvD -AeTQUdn/dy5UUkCPColKK8n3n3x5TRhYCyqwsze5jK84x3xqUyzm8Jn20wKk7a/r -FN0nqSvrxLBBACJ59HLqCwPknkDjJLILPspf18cKurHWR1wMn8JdmaGZfGsIUpKO -qO5Kfaq2b6DG8Bzbplu3nPl6KGl0hINQquNbXX7Jqk1ksBMYFfyS16SBbjrtX0NB -g6xsDd82RaB3lRxXkchWJSmoUwW+LU2lZzYg2L89MNa4AgEtSJU2TRaoy0bv8eoV -E+foys0am8WmCWDFcY1+OyCCQr/cg20WcCi7as336J567M7tmOu3Cyqw/rgZXD+8 -u/e2BPpMhmYOcIMKq0QYRW623uV27czT98ubio5SxmoUasg47Vx8jjHsVGcfBpOx -MHU6D4juUS6Nvh58dX65GMrKsaHovqEO33giQabpkSPnP+ISarXqNFd1Rtiy7h/U -qV9Nh0dYYen7qQCYOfSMYLDPYEGuewIDAQABAoICACvgzTyJTkOMwipbQ+U3KpOf -UZbqnjvV23/9iEkGVX9V6vJETSOnnQ0KYBAjo0aBLDGpzIj41sZr13+KaR0J2amQ -EcwljJ2fjukfExQpfLfOV/HuFLr6Pfrkhrg57KpD9i13P5Nl8EBV5WH4IYtcc9NO -DHKpldKLYhdlpGllNKUNwenB+ONCj4NGbRxtZyyIMqCK88nqU76A0jOYLgw5r9W+ -J86QRz1KFNP231V3kyR+ubCLKLuOZuruhrE9qMZcBF/dwk/1SRhS4QyeYqopRSOr -2x9iCXFisbjkTOPI+PVYRj7rd7OQOxuIX7V+LQSPLHTEK2XItW0VZOZpBLgqoQP1 -Eu19LOOs77DI5FBia1qhSpjjVGOE6koQmCki8KSFZM+CzuflTPkWNVvTNzjKrhUj -Rbezx40VVFt+q38bsTjWJbimMSo1jChianwjtotGnGpC6pD0KnHsBmfceWaL7+eC -n9KtSeAbnXlFN/rHdK7ZeP/PTSjHa+6i1awGZxhwdVsERJy/2xwZzh3uMLS2ZhXM -Tuh1D5GzlUlkMP8K23rfaXnaOXkwYxHFGi23NmxHGSqzA3TVVreWLqRSZJd/Ar67 -9Pl4S9p9f+Xkvq8tQANfoaTbjc//dpK8rjCKnwdWA3cL7eekq9sm4+lTmik9Bn2v -Bo+3/89Fr1FvlkuQvktJAoIBAQDNuc2r/9sthHZg1hOCFd5XmnMX/mXNPs+SDPRW -/VZBHjxGApz+CoZS7qk0q7f/vzYFTB6N3778f7RsgwrZYSD4I4jumvSFNFsxsHCY -K3O4kkd2YaFaZPwUYbbAcBr6nVnW/9b1aagEfWIMQ18FHLaQ6u2OfUOcNDGZEqwj -YqJmZr8plhWLeKP2c673j6g/ztnL0w77y3LnIuLjFGex17l1lQzbUgOPSKyoQj03 -d5eRoJv2aQTaOXaBzGrDtBDDd3BpXrriJEMqSZbZFRLM28jD+VuHjfHOZRUMy1hw -vZCifRrBYA6Frko7ZweRxIkcOwQsQjV/tkzVkg9FHrVhMKQTAoIBAQDJ2r+lR73d -va1JjWoXKe5qAWtprRyI8DpJM/G2/V/V3+RVOGgBeRlu6WDiMpMd9hFB6bAmX+1y -S17svw1f4DQskkTKi9EWBsWRnh2Pnd4q91TjKFsBuci8/EtAXb7C0KV5nEtasEUJ -klMmO1evAXMhn7VzmE3Ic/ttcQHxQZ+TC4G5dGsYcideJ5zOeEIATtFypDNG/0Bw -rvmBbIIylY2KwUAx3UexRgH1hRSecTzkokT39WJbefUg952h7yZXrrhb71AfWLTC -A5MJeArqPK6z/RMxDyvnk7xW326dtBBgqYyTOIHCANRB1kAG0xEyia/WI94uyNfH -YfIHglDFGIj5AoIBAEVVNEqeXPi3Jso1+7cgtaFijR1uAFMusvfu474ZfSNPFFMn -+E7pryFuC5qTsNxBTex1HesEmDIyu9TCSTq/sEPQfgqkMHpgDcfuRdQS+NogenMc -Livv0sDvuY6beYwy0Z9S89gbtqNkulGVtwVbCvBGLK+T6eBP+tMy5s66JC9Mu2pB -iZtKmj+p9zK5uKNgjChURj138I6TRFHxg4z9PiSxifa0ajy06nN+d3ElHfDXZxih -hiAhs53FDcpM+kVWEI2CfotOW1B6IpugrYhbHgtmE4HYxcCgcnqwYWsFiCQq84Ru -YhaNibkBXRy0Vt0rypk76xnSj4x+wCS0V76cjP8CggEAHXdoaJlLdzY8OLODHDSL -0D+6zWdu9fKTn6IMlBjyx4byjxo33JcwBkfdU8fsQABuzn9trnxsbjXgepD9Q9S3 -6RXFIwg8EooUh0hcql1yVDVc1/hJKLxVOHlgBtpogYnxzgnp2ihHO7l3l+orx6lf -hDYLR/+gwzVjK7vGe9CHmfChFFCRXbU0WANSWbWmdOMMoj6kGaYjYw+37pPHgdjh -G7NQSrcxwwgkOxIdS2/eYsXpaYURwabRCOn8wenmYABqe0k5GgpaAMSCz2wNs9n9 -6tpz1cKQNzMS2F+vhygFCAdYNRmXn5l9YssC97wSE52T5J/BzHSXQ0ziBwSYA92s -CQKCAQAFPujh1HhOBtn3FOT3I2jNSTv9OJsmAeiFrhVfIw+Ij8XzzUf0aV04Et/R -/EetirP6WjNQuJ5/YYVUFWj07vSl20YP7NtDGFUlvWugJUvQByidHt5DkmehBWax -cfp5LWwZ4W/wm4F/DtPkgEXgEwY/TMXHvhvN6+JaQPO7iemWL7qsRAPea0oDLkMm -0phT3hKgcnbyewH6GU53KQgr2hUzhgGOKibAo+4ud9lY6M/X1axCepetKMl78Cz9 -rK2MgJOhDr6Nu/K2bKL8Q3zSB1n1WRNaTVnH6wY4j/FpeQvVv+qTAbZhJm7cRT5m -+C7JCqJGg66liqIMq6YyYXK//Ddl +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCxOab+ao4I+Wq/ +WBXEtU7Hs3wrQF1RRa4yoaVal7bS7/s6m0N8AzuGcmSyBBAXRmJvgIxBzoO16yDI +jogTJBknblAjZWxci1FGp3PY3w6mczYKf83pBRCdS0UiOlBfaJTyW0YsV9J6CP+L +KJkk3eylnKTSRhIfR1m2MWOZtZYCwSVbg+eoNrQdpengb+P4hvU2ura+jS3QtvCL +AuJv6f6XJo8sOaGsxVZHoT20+AKOIFdRZY2+Pt060tnur9ZjbyREHsyWJtnPBr9b +Nl696Y71urcDuQ7Uxyy0hCQZfGiJV7T19sUZe9xm0SAa2K/L/q6goIBM2JFjouqZ +Gkpmm51TAgMBAAECgf8CD1FjdTCo8BbPX58B2l8uMCtYWGWri9zU3MjBlqKc1GM4 +wbIJOx65elVVo4cGb3ehBfv8j3SPwxi9SScrcvJhtCEtpa1MLEfzKcW499pddVO6 +ZtNvf1klNK9tMhr8IhNSwqKjZ0Ul1cgkhcNl+nOyrIvoHlO8yxRF+rfCuPm0HdNJ +g7YmrzWtY4LdosDu4FYvJAt3H8lkNoC0idLd+M7nex602y2GW2KU5ji1KCVGJnrm +Oo+GyBPZdZ3XJkGfjO9oEVQ361Vs8PeSHlq9qs0RCR2SJfCqD6QHNV5T9VpsJHJu +QH4vU6C0CvgeLNHBZ2xdhLHHPtRDMO5te0hMSyECgYEA9irRtekSf9GDZ8+vfD+6 +Q3KwujNqlEIqCOLDvTD0cxIgHwioCPElJdvfIpMnoQT7q4xNz6YPFqeMTLf7G4Qt +M4wy72jEb0MSEihEojyl+90wBQgzmwKsQAsDgHrvWTild9DMEUu+bWpbkrv8HZV0 +skqVo1HqX+5Tw0t5P6dnXzMCgYEAuE3d6I73SrWL2qel3+2YCWC8aRsw11cVTeRA +N5ydnd0dIemP+hh+Q5d0NIVAm0lbQonvoMrCq2scLXBsYmkemZRlK1b3t35O7L0M +FW11BcaQ9egi6d3J7+T1W5+Hxhwiu7vA1OMRRvt3o4mLQRlP2ZC8yaSLXj7F9yA9 +3ESJSWECgYEAs1hg7xp+mtcG2KQsIua/CpLNhOse1CMcQtsLZpP7FLb45gNFgTZH +LTzyZVs2vQ5HWSVgL0+5oHSzN9W2wcZbtDmJhnka3EDOMqJZ1qU+/K+aY6AlEOMy +oXoks/9cz/EARLm/Yz5+33JkgxQoS1lu6tKCELoGepvFNPyQurp5CpcCgYB+RXMl +E1ZgTDPucfAWlK0Wt70+cc+rqdFB1YEd2OKwNr7v7hqjqcZQPuLx3N3fxomM8/5G +dsSbNz5N73mCjyzU4jPSVrpPcG1Yi0lNIPoNI/dLU2kgO8FP59kmlg0q8Tnmz4MV +GCFNNZrJY8IRrurjT+PYbzDBOFbfsqpPUHGS4QKBgC6+6+JN4UhhJOKtOnWO7F0R +8csWoDguBabCukm0kPYztPKqpjA93yCWp2aAsa3Btq7BsL/CU4dNQ4xtURihNdu6 +BuUHCrknjvHQBjFLZMcxS/9ggmTf/WyubgIpCa4A2QryVG0/8KFiMhKERUVOkLKm +F/rj65t1uPK92kZvcsMB -----END PRIVATE KEY----- diff --git a/go.mod b/go.mod index a3c7245ac4..ad4703c295 100644 --- a/go.mod +++ b/go.mod @@ -38,6 +38,7 @@ require ( github.com/oklog/ulid/v2 v2.1.0 github.com/ory/dockertest/v3 v3.10.0 github.com/pelletier/go-toml v1.9.5 + github.com/pion/dtls/v2 v2.2.10 github.com/plgd-dev/go-coap/v2 v2.6.0 github.com/prometheus/client_golang v1.19.0 github.com/rabbitmq/amqp091-go v1.9.0 @@ -143,7 +144,6 @@ require ( github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opencontainers/runc v1.1.12 // indirect github.com/pelletier/go-toml/v2 v2.2.0 // indirect - github.com/pion/dtls/v2 v2.2.10 // indirect github.com/pion/logging v0.2.2 // indirect github.com/pion/transport/v2 v2.2.4 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/internal/server/coap/coap.go b/internal/server/coap/coap.go index ddf1e6224c..3ef575af59 100644 --- a/internal/server/coap/coap.go +++ b/internal/server/coap/coap.go @@ -11,6 +11,7 @@ import ( "time" "github.com/absmach/magistrala/internal/server" + piondtls "github.com/pion/dtls/v2" gocoap "github.com/plgd-dev/go-coap/v2" "github.com/plgd-dev/go-coap/v2/mux" ) @@ -46,17 +47,48 @@ func (s *Server) Start() error { s.Logger.Info(fmt.Sprintf("%s service started using http, exposed port %s", s.Name, s.Address)) switch { case s.Config.CertFile != "" || s.Config.KeyFile != "": - s.Logger.Info(fmt.Sprintf("%s service %s server listening at %s with TLS cert %s and key %s", s.Name, s.Protocol, s.Address, s.Config.CertFile, s.Config.KeyFile)) + s.Logger.Info(fmt.Sprintf("%s service %s server listening at %s with DTLS cert %s and key %s", s.Name, s.Protocol, s.Address, s.Config.CertFile, s.Config.KeyFile)) certificate, err := tls.LoadX509KeyPair(s.Config.CertFile, s.Config.KeyFile) if err != nil { return fmt.Errorf("failed to load auth certificates: %w", err) } - tlsConfig := &tls.Config{ - Certificates: []tls.Certificate{certificate}, + dtlsConfig := &piondtls.Config{ + Certificates: []tls.Certificate{certificate}, + ExtendedMasterSecret: piondtls.RequireExtendedMasterSecret, + ClientAuth: piondtls.RequireAndVerifyClientCert, + ConnectContextMaker: func() (context.Context, func()) { + return context.WithTimeout(s.Ctx, 30*time.Second) + }, } + // // Loading Server CA file + // rootCA, err := loadCertFile(s.Config.ServerCAFile) + // if err != nil { + // return fmt.Errorf("failed to load root ca file: %w", err) + // } + // if len(rootCA) > 0 { + // if dtlsConfig.ClientCAs == nil { + // dtlsConfig.RootCAs = x509.NewCertPool() + // } + // if !dtlsConfig.ClientCAs.AppendCertsFromPEM(rootCA) { + // return fmt.Errorf("failed to append root ca to dtls.Config") + // } + // } + // // Loading Client CA file + // clientCA, err := loadCertFile(s.Config.ClientCAFile) + // if err != nil { + // return fmt.Errorf("failed to load client ca file: %w", err) + // } + // if len(clientCA) > 0 { + // if dtlsConfig.ClientCAs == nil { + // dtlsConfig.ClientCAs = x509.NewCertPool() + // } + // if !dtlsConfig.ClientCAs.AppendCertsFromPEM(clientCA) { + // return fmt.Errorf("failed to append client ca to dtls.Config") + // } + // } go func() { - errCh <- gocoap.ListenAndServeTCPTLS("udp", s.Address, tlsConfig, s.handler) + errCh <- gocoap.ListenAndServeDTLS("udp", s.Address, dtlsConfig, s.handler) }() default: s.Logger.Info(fmt.Sprintf("%s service %s server listening at %s without TLS", s.Name, s.Protocol, s.Address)) @@ -84,3 +116,10 @@ func (s *Server) Stop() error { s.Logger.Info(fmt.Sprintf("%s service shutdown of http at %s", s.Name, s.Address)) return nil } + +// func loadCertFile(certFile string) ([]byte, error) { +// if certFile != "" { +// return os.ReadFile(certFile) +// } +// return []byte{}, nil +// }