Updated on 2022-02-24 GMT+08:00

Initializing and Configuring Certificates

Create a NorthApiClient instance. Specify ClientInfo (including the IoT platform IP address, port number, application ID, and secret) to initialize the certificate.

  • In this example, the IoT platform IP address, port number, application ID, and secret are read from the configuration file ./src/main/resources/application.properties. Therefore, when the values change, you only need to modify the configuration file.
  • The certificate mentioned in this section is provided by the IoT platform for use when calling related APIs. Generally, this certificate is different from the one used for API callback.

Using a Test Certificate

If the test certificate is used:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
NorthApiClient northApiClient = new NorthApiClient();

PropertyUtil.init("./src/main/resources/application.properties");

ClientInfo clientInfo = new ClientInfo();
clientInfo.setPlatformIp(PropertyUtil.getProperty("platformIp"));
clientInfo.setPlatformPort(PropertyUtil.getProperty("platformPort"));
clientInfo.setAppId(PropertyUtil.getProperty("appId"));
clientInfo.setSecret(PropertyUtil.getProperty("secret"));

northApiClient.setClientInfo(clientInfo);
northApiClient.initSSLConfig();//The default certificate is a test certificate. The host name is not verified.

Using a Specified Certificate

If the test certificate is not used, you can manually specify a certificate (for example, a commercial certificate).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
NorthApiClient northApiClient = new NorthApiClient();

PropertyUtil.init("./src/main/resources/application.properties");

ClientInfo clientInfo = new ClientInfo();
clientInfo.setPlatformIp(PropertyUtil.getProperty("platformIp"));
clientInfo.setPlatformPort(PropertyUtil.getProperty("platformPort"));
clientInfo.setAppId(PropertyUtil.getProperty("appId"));
clientInfo.setSecret(getAesPropertyValue("secret"));

SSLConfig sslConfig= new SSLConfig();
sslConfig.setTrustCAPath(PropertyUtil.getProperty("newCaFile"));
slConfig.setTrustCAPwd(getAesPropertyValue("newCaPassword"));
slConfig.setSelfCertPath(PropertyUtil.getProperty("newClientCertFile"));
slConfig.setSelfCertPwd(getAesPropertyValue("newClientCertPassword"));

northApiClient.setClientInfo(clientInfo);
northApiClient.initSSLConfig(sslconfig); //Use the specified certificate. Strict host name verification is used by default.
If strict host name verification is not used when a specified certificate is used, you can define the host name verification method before calling northApiClient.initSSLConfig(sslconfig).
1
2
3
4
5
6
7
northApiClient.setHostnameVerifier(new HostnameVerifier() {
    public boolean verify(String arg0, SSLSession arg1) {
      //Customized host name verification
        ......
        return true;
    }
});

The method for host name verification should follow security-first principles. The value true should not be returned directly.