Initializing and Configuring Certificates

Create a NorthApiClient instance. Specify ClientInfo (including the IoT platform IP address, port number, application ID, and secret) to initialize the certificate.

In this example, the IoT platform IP address, port number, application ID, and secret are read from the configuration file ./src/main/resources/application.properties. Therefore, when the values change, you only need to modify the configuration file.
The certificate mentioned in this section is provided by the IoT platform for use when calling related APIs. Generally, this certificate is different from the one used for API callback.

Using a Test Certificate

If the test certificate is used:

NorthApiClient northApiClient = new NorthApiClient();

PropertyUtil.init("./src/main/resources/application.properties");

ClientInfo clientInfo = new ClientInfo();
clientInfo.setPlatformIp(PropertyUtil.getProperty("platformIp"));
clientInfo.setPlatformPort(PropertyUtil.getProperty("platformPort"));
clientInfo.setAppId(PropertyUtil.getProperty("appId"));
clientInfo.setSecret(PropertyUtil.getProperty("secret"));

northApiClient.setClientInfo(clientInfo);
northApiClient.initSSLConfig();//The default certificate is a test certificate. The host name is not verified.

Using a Specified Certificate

If the test certificate is not used, you can manually specify a certificate (for example, a commercial certificate).

NorthApiClient northApiClient = new NorthApiClient();

PropertyUtil.init("./src/main/resources/application.properties");

ClientInfo clientInfo = new ClientInfo();
clientInfo.setPlatformIp(PropertyUtil.getProperty("platformIp"));
clientInfo.setPlatformPort(PropertyUtil.getProperty("platformPort"));
clientInfo.setAppId(PropertyUtil.getProperty("appId"));
clientInfo.setSecret(getAesPropertyValue("secret"));

SSLConfig sslConfig= new SSLConfig();
sslConfig.setTrustCAPath(PropertyUtil.getProperty("newCaFile"));
slConfig.setTrustCAPwd(getAesPropertyValue("newCaPassword"));
slConfig.setSelfCertPath(PropertyUtil.getProperty("newClientCertFile"));
slConfig.setSelfCertPwd(getAesPropertyValue("newClientCertPassword"));

northApiClient.setClientInfo(clientInfo);
northApiClient.initSSLConfig(sslconfig); //Use the specified certificate. Strict host name verification is used by default.

If strict host name verification is not used when a specified certificate is used, you can define the host name verification method before calling northApiClient.initSSLConfig(sslconfig).

northApiClient.setHostnameVerifier(new HostnameVerifier() {
    public boolean verify(String arg0, SSLSession arg1) {
      //Customized host name verification
        ......
        return true;
    }
});

The method for host name verification should follow security-first principles. The value true should not be returned directly.

Parent topic: Huawei IoT Platform Java SDK Usage Guide

Previous topic: Importing the Java SDK Demo

Next topic: Calling Service APIs

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot