CODEWITHSUNDEEP
requestdtls
Aditya Keshri
Aditya Keshri

Reputation: 1

How to generate keyStore.jks and trustStore.jks from cer file for coap dtls client

I have cer file and want to generate trustStore.jks and keyStore.jks files which is going to use in coap client to send the dtls request.

I am using californium coap cf-secure module to call coaps://:/ Getting below response

    Usage: java -cp ... org.eclipse.californium.examples.SecureClient 
    [PSK|ECDHE_PSK] [RPK|RPK_TRUST] [X509|X509_TRUST]
    Default:            [PSK] [RPK] [X509]
    00:33:55.267 INFO [] [Configuration]: defaults added COAP.
    00:33:55.319 INFO [] [JceProviderUtil]: JCE default setup
    00:33:55.760 INFO [] [JceProviderUtil]: RSA: true, EC: true, AES: not restricted
    00:33:55.760 INFO [] [JceProviderUtil]: EdDSA not supported!
    00:33:55.760 INFO [] [JceProviderUtil]: JCE setup: null, ready.
    00:33:55.765 INFO [] [AeadBlockCipher]: AES/CBC/NoPadding is not restricted!
    00:33:56.014 INFO [] [AeadBlockCipher]: AES/CBC/NoPadding is not restricted!
    00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
    00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
    00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
    00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
    00:33:56.015 INFO [] [AeadBlockCipher]: AES/GCM/NoPadding is not restricted!
    00:33:56.015 INFO [] [AeadBlockCipher]: AES/GCM/NoPadding is not restricted!
    00:33:56.085 INFO [] [XECDHECryptography]: X25519/X448 not supported!
    00:33:56.434 INFO [] [Configuration]: defaults added DTLS.
    00:33:56.435 WARN [] [Configuration]: Add missing module DTLS.
    00:33:56.436 WARN [] [Configuration]: Add missing module COAP.
    00:33:56.437 INFO [] [Configuration]: loading properties from file C:\work\workspace\coaps-workspace\californium-master\demo-apps\cf-secure\Californium3SecureClient.properties
    00:33:56.441 WARN [] [Configuration]: Ignore SYS.HEALTH_STATUS_INTERVAL, no configuration definition available!
    00:33:56.565 INFO [] [InMemoryConnectionStore]: Created new InMemoryConnectionStore [capacity: 150000, connection expiration threshold: 1800s]
    00:33:56.574 INFO [] [Configuration]: defaults added SYS.
    00:33:56.591 INFO [] [RandomTokenGenerator]: using tokens of 8 bytes in length
    00:33:56.628 INFO [] [ban]: Started.
    00:33:56.631 INFO [] [CoapEndpoint]: coaps CoapEndpoint uses strict context
    00:33:56.649 INFO [] [BlockwiseLayer]: coaps BlockwiseLayer uses MAX_MESSAGE_SIZE=1024, PREFERRED_BLOCK_SIZE=512, BLOCKWISE_STATUS_LIFETIME=300000, MAX_RESOURCE_BODY_SIZE=8192, BLOCKWISE_STRICT_BLOCK2_OPTION=false
    00:33:56.669 INFO [] [CoapEndpoint]: coaps Endpoint [coaps://0.0.0.0:0] requires an executor to start, using default single-threaded daemon executor
    00:33:56.962 INFO [] [DTLSConnector]: multiple network interfaces, using smallest MTU [IPv4 1500, IPv6 1500]
    00:33:56.965 INFO [] [DTLSConnector]: DTLSConnector listening on 0.0.0.0/0.0.0.0:54326, recv buf = 65536, send buf = 64512, recv packet size = 16490, MTU = IPv4 1500 / IPv6 1500
    00:33:56.965 INFO [] [DTLSConnector]: Starting worker thread [DTLS-Receiver-0-0.0.0.0/0.0.0.0:54326]
    00:33:56.965 INFO [] [DTLSConnector]: Starting worker thread [DTLS-Receiver-1-0.0.0.0/0.0.0.0:54326]
    00:33:56.967 INFO [] [CoapEndpoint]: coaps Started endpoint at coaps://0.0.0.0:54326
    00:33:56.967 INFO [] [CoapClient]: started set client endpoint 0.0.0.0/0.0.0.0:54326
    Error occurred while sending request: java.io.IOException: org.eclipse.californium.scandium.dtls.DtlsHandshakeTimeoutException: Handshake flight 1 failed! Stopped by timeout after 4 retransmissions!

Upvotes: 0

Views: 205

Answers (1)

Achim Kraus
Achim Kraus

Reputation: 824

Handshake flight 1 failed! Stopped by timeout after 4 retransmissions!

Timeouts in flight 1 usually indicates a UDP communication problem. Try to create ip captures on the client and server side, see IP-Capturing

I have cer file and want to generate trustStore.jks and keyStore.jks files which is going to use in coap client to send the dtls request.

If you only want to use the cer with Californium, SslContextUtil will also load your .cer, at least if it's in PEM format. Currently I support .pem and .crt as ending, so just try to rename it and load it with:

Credentials credentials = SslContextUtil.loadCredentials("<your-file.crt>");
SingleCertificateProvider identity = new SingleCertificateProvider(credentials.getPrivateKey(),
                credentials.getCertificateChain(), CertificateType.X_509);
config.setCertificateIdentityProvider(identity);

If you prefer to have the cer in the keystore, create-keys.sh contains examples how to import it, e.g.

keytool -alias ca -importcert -keystore $TRUST_STORE -storepass $TRUST_STORE_PWD -file $CA_CER

Also Keystore Explore offers a import function. The Californium demo keystore uses "endPass" as password, the demo truststore uses "rootPass".

Upvotes: 0

Related Questions