Merge pull request #26 from OSGP/feature/FDP-1968-nieuwe-cipher-suite

FDP-1968: nieuwe cipher suite

application/src/integrationTest/kotlin/org/gxf/standalonenotifyinggateway/coaphttpproxy/IntegrationTestCoapClient.kt

@@ -30,6 +30,8 @@ class IntegrationTestCoapClient {
 
     @Value("\${config.psk.default-key}") private lateinit var defaultKey: String
 
+    @Value("\${config.coap.cipher-suites}") private lateinit var cipherSuites: List<CipherSuite>
+
     init {
         DtlsConfig.register()
         CoapConfig.register()
@@ -54,7 +56,7 @@ class IntegrationTestCoapClient {
         return Configuration.getStandard()
             .set(CoapConfig.COAP_SECURE_PORT, coapsPort.toInt())
             .set(DtlsConfig.DTLS_ROLE, DtlsConfig.DtlsRole.CLIENT_ONLY)
-            .set(DtlsConfig.DTLS_CIPHER_SUITES, listOf(CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256))
+            .set(DtlsConfig.DTLS_CIPHER_SUITES, cipherSuites)
     }
 
     private fun getUri(): String =

application/src/integrationTest/resources/application.yaml

@@ -6,13 +6,13 @@ config:
   coap:
     coaps-port: 55684
     path: "sng"
-
     deduplicator: NO_DEDUPLICATOR
     max-active-peers: 20000
     max-message-size: 1024
     max-peer-inactivity-period: 24h
     max-resource-body-size: 8192
     preferred-block-size: 1024
+    cipher-suites: TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_128_GCM_SHA256
 
   http:
     url: "http://localhost:9000"

application/src/main/kotlin/org/gxf/standalonenotifyinggateway/coaphttpproxy/coap/configuration/CoapConfiguration.kt

@@ -18,6 +18,7 @@ import org.eclipse.californium.scandium.config.DtlsConfig
 import org.eclipse.californium.scandium.config.DtlsConfig.DtlsRole
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig
 import org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256
+import org.eclipse.californium.scandium.dtls.cipher.CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256
 import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore
 import org.gxf.standalonenotifyinggateway.coaphttpproxy.coap.configuration.properties.CoapProperties
 import org.gxf.standalonenotifyinggateway.coaphttpproxy.coap.configuration.properties.UdpProperties
@@ -73,8 +74,10 @@ class CoapConfiguration(
         config
             .set(DtlsConfig.DTLS_ROLE, DtlsRole.SERVER_ONLY)
             .set(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY, false)
-            .set(DtlsConfig.DTLS_PRESELECTED_CIPHER_SUITES, listOf(TLS_PSK_WITH_AES_128_CBC_SHA256))
-            .set(DtlsConfig.DTLS_CIPHER_SUITES, listOf(TLS_PSK_WITH_AES_128_CBC_SHA256))
+            .set(
+                DtlsConfig.DTLS_PRESELECTED_CIPHER_SUITES,
+                listOf(TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_128_GCM_SHA256))
+            .set(DtlsConfig.DTLS_CIPHER_SUITES, coapProps.cipherSuites)
             .set(DtlsConfig.DTLS_CLIENT_AUTHENTICATION_MODE, CertificateAuthenticationMode.NONE)
     }
 

application/src/main/kotlin/org/gxf/standalonenotifyinggateway/coaphttpproxy/coap/configuration/properties/CoapProperties.kt

@@ -4,6 +4,7 @@
 package org.gxf.standalonenotifyinggateway.coaphttpproxy.coap.configuration.properties
 
 import java.time.Duration
+import org.eclipse.californium.scandium.dtls.cipher.CipherSuite
 import org.springframework.boot.context.properties.ConfigurationProperties
 
 @ConfigurationProperties(prefix = "config.coap")
@@ -16,4 +17,5 @@ class CoapProperties(
     val maxPeerInactivityPeriod: Duration,
     val maxResourceBodySize: Int,
     val preferredBlockSize: Int,
+    val cipherSuites: List<CipherSuite>
 )

application/src/main/resources/application-dev.yaml

@@ -17,7 +17,6 @@ config:
   coap:
     coaps-port: 55684
     path: "sng"
-
     de-duplicator: "NO_DEDUPLICATOR"
     max-active-peers: 20000
     max-message-size: 1024

application/src/main/resources/application.yaml

@@ -17,6 +17,8 @@ spring:
 config:
   http:
     ssl-bundle: "coap-http-proxy"
+  coap:
+    cipher-suites: TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_128_GCM_SHA256
 
 management:
   endpoints: