Remove certDirectory option.

Signed-off-by: Łukasz Dywicki <[email protected]>
apache · Dec 20, 2023 · 2e29e16 · 2e29e16
1 parent a504f77
commit 2e29e16
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 27 deletions.
diff --git a/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/config/OpcuaConfiguration.java b/plc4j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/config/OpcuaConfiguration.java
@@ -63,9 +63,6 @@ public class OpcuaConfiguration implements Configuration {
     @ConfigurationParameter("keyStoreFile")
     private String keyStoreFile;
 
-    @ConfigurationParameter("certDirectory")
-    private String certDirectory;
-
     @ConfigurationParameter("keyStorePassword")
     private String keyStorePassword;
     private X509Certificate serverCertificate;
@@ -109,10 +106,6 @@ public String getPassword() {
         return password;
     }
 
-    public String getCertDirectory() {
-        return certDirectory;
-    }
-
     public SecurityPolicy getSecurityPolicy() {
         return securityPolicy;
     }
@@ -165,7 +158,6 @@ public String toString() {
             ", password='" + (password != null ? "******" : null) + '\'' +
             ", securityPolicy='" + securityPolicy + '\'' +
             ", keyStoreFile='" + keyStoreFile + '\'' +
-            ", certDirectory='" + certDirectory + '\'' +
             ", keyStorePassword='" + (keyStorePassword != null ? "******" : null) + '\'' +
             ", limits=" + limits +
             '}';

diff --git a/...j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/CertificateKeyPair.java b/...j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/CertificateKeyPair.java
@@ -19,6 +19,7 @@
 package org.apache.plc4x.java.opcua.context;
 
 import io.vavr.control.Try;
+import java.security.GeneralSecurityException;
 import java.security.PrivateKey;
 import org.bouncycastle.asn1.x509.GeneralName;
 
@@ -35,7 +36,7 @@ public class CertificateKeyPair {
     private final X509Certificate certificate;
     private final byte[] thumbprint;
 
-    public CertificateKeyPair(KeyPair keyPair, X509Certificate certificate) throws Exception {
+    public CertificateKeyPair(KeyPair keyPair, X509Certificate certificate) throws GeneralSecurityException {
         this.keyPair = keyPair;
         this.certificate = certificate;
         MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");

diff --git a/...j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/OpcuaDriverContext.java b/...j/drivers/opcua/src/main/java/org/apache/plc4x/java/opcua/context/OpcuaDriverContext.java
@@ -19,6 +19,10 @@
 
 package org.apache.plc4x.java.opcua.context;
 
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.nio.file.Paths;
+import java.security.GeneralSecurityException;
 import java.util.Optional;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.plc4x.java.api.exceptions.PlcRuntimeException;
@@ -73,18 +77,21 @@ public class OpcuaDriverContext implements DriverContext, HasConfiguration<Opcua
     private X509Certificate serverCertificate;
     private PascalByteString thumbprint;
 
-    public void openKeyStore(OpcuaConfiguration configuration) throws Exception {
+    public void openKeyStore(OpcuaConfiguration configuration) throws IOException, GeneralSecurityException {
         this.isEncrypted = true;
-        String certDirectory = configuration.getCertDirectory();
-        File securityTempDir = new File(certDirectory, "security");
-        if (!securityTempDir.exists() && !securityTempDir.mkdirs()) {
-            throw new PlcRuntimeException("Unable to create directory please confirm folder permissions on " + certDirectory);
+
+        File serverKeyStore = null;
+        if (configuration.getKeyStoreFile() != null) {
+            serverKeyStore = Paths.get(configuration.getKeyStoreFile()).toFile();
+            if (!serverKeyStore.exists()) {
+                throw new FileNotFoundException("Invalid keyStoreFile parameter - specified file does not exist");
+            }
         }
-        KeyStore keyStore = KeyStore.getInstance("PKCS12");
-        File serverKeyStore = securityTempDir.toPath().resolve(configuration.getKeyStoreFile()).toFile();
 
+        KeyStore keyStore = KeyStore.getInstance("PKCS12");
         char[] password = configuration.getKeyStorePassword().toCharArray();
-        if (!serverKeyStore.exists()) {
+        if (serverKeyStore == null) {
+            serverKeyStore = File.createTempFile("plc4x_opcua_driver", "pfx");
             certificateKeyPair = CertificateGenerator.generateCertificate();
             LOGGER.info("Creating new KeyStore at {}", serverKeyStore);
             keyStore.load(null, password);
@@ -156,8 +163,8 @@ public void setConfiguration(OpcuaConfiguration configuration) {
         if (configuration.getSecurityPolicy() != null && configuration.getSecurityPolicy() != SecurityPolicy.NONE) {
             try {
                 openKeyStore(configuration);
-            } catch (Exception e) {
-                throw new PlcRuntimeException("Unable to open keystore, please confirm you have the correct permissions");
+            } catch (IOException | GeneralSecurityException e) {
+                throw new PlcRuntimeException("Unable to open keystore, please confirm you have the correct permissions", e);
             }
         }
     }

diff --git a/plc4j/drivers/opcua/src/test/java/org/apache/plc4x/java/opcua/OpcuaPlcDriverTest.java b/plc4j/drivers/opcua/src/test/java/org/apache/plc4x/java/opcua/OpcuaPlcDriverTest.java
@@ -19,6 +19,8 @@
 package org.apache.plc4x.java.opcua;
 
 import java.lang.reflect.Array;
+import java.net.URLEncoder;
+import java.nio.charset.Charset;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -521,21 +523,16 @@ private String getConnectionString(SecurityPolicy policy, MessageSecurity messag
             case Basic256Sha256:
             case Aes128_Sha256_RsaOaep:
             case Aes256_Sha256_RsaPss:
-                Path securityTempDir = Paths.get(System.getProperty("java.io.tmpdir"), "server");
-                String keyStoreFile = securityTempDir.resolve("security").resolve("example-server.pfx").toAbsolutePath().toString();
-
-                String certDirectory = securityTempDir.toAbsolutePath().toString();
+                Path keyStoreFile = Paths.get(System.getProperty("java.io.tmpdir"), "server", "security", "example-server.pfx");
                 String connectionParams = Stream.of(
-                        entry("keyStoreFile", keyStoreFile),
-                        entry("certDirectory", certDirectory),
+                        entry("keyStoreFile", keyStoreFile.toAbsolutePath().toString().replace("\\", "/")), // handle windows paths
                         entry("keyStorePassword", "password"),
                         entry("securityPolicy", policy.name()),
                         entry("messageSecurity", messageSecurity.name())
                     )
-                    .map(tuple -> tuple.getKey() + "=" + tuple.getValue())
+                    .map(tuple -> tuple.getKey() + "=" + URLEncoder.encode(tuple.getValue(), Charset.defaultCharset()))
                     .collect(Collectors.joining(paramDivider));
 
-
                 return tcpConnectionAddress + paramSectionDivider + connectionParams;
             default:
                 throw new IllegalStateException();