Help Center > > Developer Guide> SDK Usage Guide on the Application Side> Huawei IoT Platform Java SDK Usage Guide> Initializing and Configuring Certificates

Initializing and Configuring Certificates

Updated at: Aug 28, 2019 GMT+08:00

Create a NorthApiClient instance. Specify ClientInfo (including the IoT platform IP address, port number, application ID, and secret) to initialize the certificate.

  • In this example, the IoT platform IP address, port number, application ID, and secret are read from the configuration file ./src/main/resources/application.properties. Therefore, when the values change, you only need to modify the configuration file.
  • The certificate mentioned in this section is provided by the IoT platform for use when calling related APIs. Generally, this certificate is different from the one used for API callback.

Using a Test Certificate

If the test certificate is used:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
NorthApiClient northApiClient = new NorthApiClient();

PropertyUtil.init("./src/main/resources/application.properties");

ClientInfo clientInfo = new ClientInfo();
clientInfo.setPlatformIp(PropertyUtil.getProperty("platformIp"));
clientInfo.setPlatformPort(PropertyUtil.getProperty("platformPort"));
clientInfo.setAppId(PropertyUtil.getProperty("appId"));
clientInfo.setSecret(PropertyUtil.getProperty("secret"));

northApiClient.setClientInfo(clientInfo);
northApiClient.initSSLConfig();//The default certificate is a test certificate. The host name is not verified.

Using a Specified Certificate

If the test certificate is not used, you can manually specify a certificate (for example, a commercial certificate).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
NorthApiClient northApiClient = new NorthApiClient();

PropertyUtil.init("./src/main/resources/application.properties");

ClientInfo clientInfo = new ClientInfo();
clientInfo.setPlatformIp(PropertyUtil.getProperty("platformIp"));
clientInfo.setPlatformPort(PropertyUtil.getProperty("platformPort"));
clientInfo.setAppId(PropertyUtil.getProperty("appId"));
clientInfo.setSecret(getAesPropertyValue("secret"));

SSLConfig sslConfig= new SSLConfig();
sslConfig.setTrustCAPath(PropertyUtil.getProperty("newCaFile"));
slConfig.setTrustCAPwd(getAesPropertyValue("newCaPassword"));
slConfig.setSelfCertPath(PropertyUtil.getProperty("newClientCertFile"));
slConfig.setSelfCertPwd(getAesPropertyValue("newClientCertPassword"));

northApiClient.setClientInfo(clientInfo);
northApiClient.initSSLConfig(sslconfig); //Use the specified certificate. Strict host name verification is used by default.
If strict host name verification is not used when a specified certificate is used, you can define the host name verification method before calling northApiClient.initSSLConfig(sslconfig).
1
2
3
4
5
6
7
northApiClient.setHostnameVerifier(new HostnameVerifier() {
    public boolean verify(String arg0, SSLSession arg1) {
      //Customized host name verification
        ......
        return true;
    }
});

The method for host name verification should follow security-first principles. The value true should not be returned directly.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel