Secure Server on BGS5T | Telit Cinterion IoT Developer Community
November 13, 2018 - 5:35pm, 3553 views
Hello,
I have developed an application for the BGS5T in which I'm creating an webserver that listens for connections and acts accordingly to the requests it receives.I want to contact this webserver using the http protocol like this "https://5.10.20.1 (modem ip)"
I've looked into the java user manual, in the Security chapter, but I'm failing to chose the proper mode to do so. Is there any scenario that you could recommend, and perhaps a tutorial to do so?
Is there any tool/library that could be done like this?
https://docs.oracle.com/javame/8.1/me-dev-guide/encryptchapter.htm
(8.4 Configuring the Board as a Secure Server)
Any help would be great.
Thank you
Hello,
The provided Java API (and AT commands) only allows to create a socket listener without TLS. There is also no API for HTTP server connection (there's only for client connection).
So you would have to prepare or adopt some HTTP implementation to have an HTTP server on the module.
As for secure server maybe it could be possible to use BouncyCastle library to implement it. Here you can find an example of FTPS implementation with BouncyCastle: https://iot-developer.thalesgroup.com/showcase/java-explicit-ftps-implem...
Best regards,
Bartłomiej
Hello,
The standard application that I built implements an http server through the socket, parsing the information sent through the inputstream and responses through output stream.
So, if I understood correctly, in a scenario using a socket listener, the Java API doesn't allow to create a listener with TLS. Does this mean that even the SecureConnection interface from the javax.microedition.io wouldn't allow me to do this?
About the FTPS implementation with BouncyCastle: would this be a solution that could work for a permanent connection? (with timed hardware resets)
SecureConnection, HttpConnection, HttpsConnection interfaces can only be used for client connection.
As for BouncyCastle library it is open source - I have used it for preparing FTPS demo and I suppose that it should be possible to implement a secure server for Gemalto module with it. But we don't have any demo implementation so far. You'd have to do your own tests to prove if it is reliable enough. Anyway BouncyCastle would still be used in this scenario on top of SocketConnection implementation provided by Gemalto.
Regards,
Bartłomiej
Hello. Well, an FTPS implementation wouldnt fit our *****.
So there's no way with the BGS5T that i can create a secure socket so that I can contact the modem like this: "https://5.1.2.10"? Thanks
Hello,
Unfortunately BGS5 module itself does not provide a possibility to setup a secure server on it with the API it provides.
BouncyCastle is my idea at the moment as I know that it can transform the regular socket (which is the only option that can be returned by the provided ServerSocketConnection implementation) into a secure socket as it was done in FTPS demo application. That is why I suppose that it could be possible but of course you'd have to implement it from scratch without being sure what the effect will be.
Regards,
Bartłomiej
Hello,
But does any other module in Gemalto have that function?
What if I tried to change the way I'm implementing the system and I opened an HttpsConnection or SecureConnection, would I be able to receive data in that inputstream other than the response codes?
With something like:
connection = (SecureConnection)Connector.open(url);
or
connection = (HttpsConnection)Connector.open(url);
Wouldn't the information be encrypted?
Would I need to set certificates in both sides of the connection to make it transparent?
Thank you once again for you help.
Hello,
Currently it is not possible for any Gemalto module to setup a secure server.
But you can of course start a client connection to such server form the module. It can be secure socket or HTTPS. On socket or secure socket you can implement whatever logic/protocol you want. In case of HTTP/HTTPS connection it is implemented as client connection. GET, POST and HEAD request methods are supported. The default method is GET.
In case of secure socket and HTTPS the data transfer is always encrypted. Only server ***** to have a certificate.
In more advanced scenarios the client (BGS5 module) may validate the server certificate to be sure that it is the right server - in that case the server certificate ***** to be also installed on the module. It is also possible in even more advance scenario that the server may also require to validate the client certificate to be sure that only the authorized client can connect.
Best regards,
Bartłomiej
Hello again,
Is this last scenario,
Couldn't I open an Inputstream to receive data from the client connection that I'm creating (introducing some kind of timeout)? Or is it only possible to send information?
Hello,
You can always open input and output stream for any connection.
Please describe more details in case of a problem.
Regards,
Bartłomiej
Hello, thank you for the information once again.
So, to clear what I intend to do:
1. Server contacts the modem with a key.
2. Modem verifies that key and creates an HttpsConnection (or ssl) opening output and inputstream
3. Modem sends random genarated information to notify the server that channel is open and ready to receive info.
4. Server sends the information.
In this scenario, I only need a certificate on the server side in order to get the information without encryption?
Also, does the modem use (on httpsconnection or such) a certain version of TLS/SSL or is this define by the server certificate?
Thank you
Pages