Use Configuration for cipher suite, curves, and signature and hash

algorithms.

Signed-off-by: Achim Kraus <[email protected]>

californium-tests/californium-integration-tests/src/test/java/org/eclipse/californium/integration/test/NatTestHelper.java

@@ -296,7 +296,7 @@ CoapEndpoint createClientEndpoint(ConnectionIdGenerator cidGenerator) throws IOE
 				.setLoggingTag(tag)
 				.setHealthHandler(health)
 				.setConnectionIdGenerator(cidGenerator)
-				.setSupportedCipherSuites(CipherSuite.TLS_PSK_WITH_AES_128_CCM_8)
+				.setAsList(DtlsConfig.DTLS_CIPHER_SUITES, CipherSuite.TLS_PSK_WITH_AES_128_CCM_8)
 				.setAdvancedPskStore(new AdvancedSinglePskStore(IDENITITY + "." + size, KEY.getBytes())).build();
 
 		DebugConnectionStore connections = new DebugConnectionStore(clientDtlsConfig.getMaxConnections(),

californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/ConnectorUtil.java

@@ -190,7 +190,7 @@ public void build(InetSocketAddress bind, DtlsConnectorConfig.Builder dtlsBuilde
 				dtlsBuilder.setAdvancedCertificateVerifier(builder.build());
 			}
 		}
-		dtlsBuilder.setSupportedCipherSuites(suites);
+		dtlsBuilder.set(DtlsConfig.DTLS_CIPHER_SUITES, suites);
 		connector = new DTLSConnector(dtlsBuilder.build());
 		alertCatcher.resetAlert();
 		connector.setAlertHandler(alertCatcher);

californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/libcoap/LibCoapServerGnuTlsInteroperabilityTest.java

@@ -49,6 +49,7 @@
 import org.eclipse.californium.interoperability.test.ProcessUtil.ProcessResult;
 import org.eclipse.californium.interoperability.test.ScandiumUtil;
 import org.eclipse.californium.interoperability.test.ShutdownUtil;
+import org.eclipse.californium.scandium.config.DtlsConfig;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
 import org.eclipse.californium.scandium.dtls.AlertMessage;
 import org.eclipse.californium.scandium.dtls.AlertMessage.AlertDescription;
@@ -205,7 +206,7 @@ public void testLibCoapServerEcdsaRsaSigAlg() throws Exception {
 		processUtil.startupServer(ACCEPT, CHAIN, cipherSuite);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedSignatureAlgorithms(SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
+				.setAsList(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
 		californiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(true);
 		californiumUtil.assertPrincipalType(X509CertPath.class);
@@ -325,7 +326,7 @@ public void testLibCoapServerEcdsaRsaSigAlgTrust() throws Exception {
 
 		Configuration configuration = new Configuration();
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(configuration);
-		dtlsBuilder.setSupportedSignatureAlgorithms(SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
+		dtlsBuilder.setAsList(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
 		californiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(true);
 		californiumUtil.assertPrincipalType(X509CertPath.class);

californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/libcoap/LibCoapServerMbedTlsInteroperabilityTest.java

@@ -47,6 +47,7 @@
 import org.eclipse.californium.interoperability.test.ProcessUtil.ProcessResult;
 import org.eclipse.californium.interoperability.test.ScandiumUtil;
 import org.eclipse.californium.interoperability.test.ShutdownUtil;
+import org.eclipse.californium.scandium.config.DtlsConfig;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
 import org.eclipse.californium.scandium.dtls.AlertMessage;
 import org.eclipse.californium.scandium.dtls.AlertMessage.AlertDescription;
@@ -168,7 +169,7 @@ public void testLibCoapServerEcdsaRsaSigAlg() throws Exception {
 		processUtil.startupServer(ACCEPT, CHAIN, cipherSuite);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedSignatureAlgorithms(SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
+				.setAsList(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
 		californiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(true);
 		californiumUtil.assertPrincipalType(X509CertPath.class);
@@ -267,7 +268,7 @@ public void testLibCoapServerEcdsaRsaSigAlgTrust() throws Exception {
 		processUtil.startupServer(ACCEPT, TRUST, cipherSuite);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedSignatureAlgorithms(SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
+				.setAsList(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
 		californiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(true);
 		californiumUtil.assertPrincipalType(X509CertPath.class);

californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/libcoap/LibCoapServerOpensslInteroperabilityTest.java

@@ -54,6 +54,7 @@
 import org.eclipse.californium.interoperability.test.ProcessUtil.ProcessResult;
 import org.eclipse.californium.interoperability.test.ScandiumUtil;
 import org.eclipse.californium.interoperability.test.ShutdownUtil;
+import org.eclipse.californium.scandium.config.DtlsConfig;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
 import org.eclipse.californium.scandium.dtls.AlertMessage;
 import org.eclipse.californium.scandium.dtls.AlertMessage.AlertDescription;
@@ -207,7 +208,7 @@ public void testLibCoapServerEcdsaRsaSigAlg() throws Exception {
 		processUtil.startupServer(ACCEPT, CHAIN, cipherSuite);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedSignatureAlgorithms(SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
+				.setAsList(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
 		californiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(true);
 		californiumUtil.assertPrincipalType(X509CertPath.class);
@@ -309,7 +310,7 @@ public void testLibCoapServerEcdsaRsaSigAlgTrust() throws Exception {
 		processUtil.startupServer(ACCEPT, TRUST, cipherSuite);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedSignatureAlgorithms(SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
+				.setAsList(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
 		californiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(true);
 		californiumUtil.assertPrincipalType(X509CertPath.class);

californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/openssl/OpenSslClientAuthenticationInteroperabilityTest.java

@@ -251,7 +251,7 @@ public void testOpenSslClientEdDsaCertificatChain() throws Exception {
 		defaults.add(SignatureAndHashAlgorithm.INTRINSIC_WITH_ED25519);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedSignatureAlgorithms(defaults);
+				.set(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, defaults);
 		scandiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 
 		String cipher = processUtil.startupClient(DESTINATION, TRUST, "X25519:prime256v1",

californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/openssl/OpenSslServerAuthenticationInteroperabilityTest.java

@@ -191,7 +191,7 @@ public void testOpenSslServerX25519() throws Exception {
 		String cipher = processUtil.startupServer(ACCEPT, TRUST, cipherSuite);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedGroups(SupportedGroup.X25519, SupportedGroup.secp256r1);
+				.setAsList(DtlsConfig.DTLS_CURVES, SupportedGroup.X25519, SupportedGroup.secp256r1);
 
 		scandiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(cipher, "Shared Elliptic groups: X25519");
@@ -203,7 +203,7 @@ public void testOpenSslServerX448() throws Exception {
 		String cipher = processUtil.startupServer(ACCEPT, TRUST, cipherSuite);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedGroups(SupportedGroup.X448, SupportedGroup.secp256r1);
+				.setAsList(DtlsConfig.DTLS_CURVES, SupportedGroup.X448, SupportedGroup.secp256r1);
 
 		scandiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(cipher, "Shared Elliptic groups: X448");
@@ -214,7 +214,7 @@ public void testOpenSslServerPrime256v1() throws Exception {
 		String cipher = processUtil.startupServer(ACCEPT, TRUST, cipherSuite);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedGroups(SupportedGroup.secp256r1);
+				.setAsList(DtlsConfig.DTLS_CURVES, SupportedGroup.secp256r1);
 
 		scandiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(cipher, "Shared Elliptic (groups|curves): P-256");
@@ -225,7 +225,7 @@ public void testOpenSslServerSecP384r1() throws Exception {
 		String cipher = processUtil.startupServer(ACCEPT, TRUST, cipherSuite);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedGroups(SupportedGroup.secp384r1, SupportedGroup.secp256r1);
+				.setAsList(DtlsConfig.DTLS_CURVES, SupportedGroup.secp384r1, SupportedGroup.secp256r1);
 
 		scandiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(cipher, "Shared Elliptic (groups|curves): P-384");
@@ -239,8 +239,8 @@ public void testOpenSslServerBrainpoolP384r1() throws Exception {
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
 				.set(DtlsConfig.DTLS_RECOMMENDED_CURVES_ONLY, false)
-				.setSupportedGroups(SupportedGroup.brainpoolP384r1, SupportedGroup.secp256r1)
-				.setSupportedSignatureAlgorithms(SignatureAndHashAlgorithm.SHA384_WITH_ECDSA,
+				.setAsList(DtlsConfig.DTLS_CURVES, SupportedGroup.brainpoolP384r1, SupportedGroup.secp256r1)
+				.setAsList(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, SignatureAndHashAlgorithm.SHA384_WITH_ECDSA,
 						SignatureAndHashAlgorithm.SHA256_WITH_ECDSA);
 
 		scandiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
@@ -253,7 +253,7 @@ public void testOpenSslServerRsaTrustTrustRoot() throws Exception {
 				OpenSslProcessUtil.DEFAULT_CURVES, OpenSslProcessUtil.DEFAULT_SIGALGS, cipherSuite);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedSignatureAlgorithms(SignatureAndHashAlgorithm.SHA256_WITH_ECDSA,
+				.setAsList(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA,
 						SignatureAndHashAlgorithm.SHA256_WITH_RSA);
 		scandiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, cipherSuite);
 		connect(cipher);
@@ -266,7 +266,7 @@ public void testOpenSslServerRsaChainTrustRoot() throws Exception {
 		String cipher = processUtil.startupServer(ACCEPT, CHAIN, SERVER_CA_RSA_CERTIFICATE, null, null, ciphers);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedSignatureAlgorithms(SignatureAndHashAlgorithm.SHA256_WITH_ECDSA,
+				.setAsList(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA,
 						SignatureAndHashAlgorithm.SHA256_WITH_RSA);
 		scandiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, ciphers);
 		connect(cipher);
@@ -282,7 +282,7 @@ public void testOpenSslServerRsaTrustRoot() throws Exception {
 		String cipher = processUtil.startupServer(ACCEPT, CHAIN, SERVER_RSA_CERTIFICATE, null, null, ciphers);
 
 		DtlsConnectorConfig.Builder dtlsBuilder = DtlsConnectorConfig.builder(new Configuration())
-				.setSupportedSignatureAlgorithms(SignatureAndHashAlgorithm.SHA256_WITH_ECDSA,
+				.setAsList(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA,
 						SignatureAndHashAlgorithm.SHA256_WITH_RSA);
 		scandiumUtil.loadCredentials(ConnectorUtil.CLIENT_RSA_NAME);
 		scandiumUtil.start(BIND, dtlsBuilder, ScandiumUtil.TRUST_ROOT, ciphers);

cf-utils/cf-cli/src/main/java/org/eclipse/californium/cli/ClientInitializer.java

@@ -385,7 +385,7 @@ public static DtlsConnectorConfig.Builder createDtlsConfig(ClientBaseConfig clie
 			}
 			if (clientConfig.cipherSuites != null && !clientConfig.cipherSuites.isEmpty()) {
 				dtlsConfig.set(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY, false);
-				dtlsConfig.setSupportedCipherSuites(clientConfig.cipherSuites);
+				dtlsConfig.set(DtlsConfig.DTLS_CIPHER_SUITES, clientConfig.cipherSuites);
 				if (clientConfig.verbose) {
 					System.out.println("cipher suites:");
 					print("   ", 50, clientConfig.cipherSuites, System.out);

demo-apps/cf-proxy2/src/main/java/org/eclipse/californium/examples/util/SecureEndpointPool.java

@@ -108,7 +108,7 @@ public static DtlsConnectorConfig.Builder setup(Configuration config) throws IOE
 
 		List<CipherSuite> list = CipherSuite.getCipherSuitesByKeyExchangeAlgorithm(true,
 				KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN);
-		dtlsConfig.setSupportedCipherSuites(list);
+		dtlsConfig.set(DtlsConfig.DTLS_CIPHER_SUITES, list);
 		if (cidLength != null) {
 			dtlsConfig.setConnectionIdGenerator(new SingleNodeConnectionIdGenerator(cidLength));
 		}

demo-apps/cf-secure/src/main/java/org/eclipse/californium/examples/CredentialsUtil.java

@@ -357,7 +357,7 @@ else if (modes.contains(Mode.WANT_AUTH)) {
 			if (plainPsk) {
 				suites.addAll(CipherSuite.getCipherSuitesByKeyExchangeAlgorithm(false, KeyExchangeAlgorithm.PSK));
 			}
-			config.setSupportedCipherSuites(suites);
+			config.set(DtlsConfig.DTLS_CIPHER_SUITES, suites);
 		}
 	}
 }

demo-apps/cf-secure/src/main/java/org/eclipse/californium/examples/SecureClient.java

@@ -115,8 +115,10 @@ public static void main(String[] args) throws InterruptedException {
 		List<Mode> modes = CredentialsUtil.parse(args, CredentialsUtil.DEFAULT_CLIENT_MODES, SUPPORTED_MODES);
 		if (modes.contains(CredentialsUtil.Mode.PSK) || modes.contains(CredentialsUtil.Mode.ECDHE_PSK)) {
 			builder.setAdvancedPskStore(new AdvancedSinglePskStore(CredentialsUtil.OPEN_PSK_IDENTITY, CredentialsUtil.OPEN_PSK_SECRET));
+		} else if (CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.isSupported()){
+			builder.setAsList(DtlsConfig.DTLS_CIPHER_SUITES, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
 		} else {
-			builder.setSupportedCipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+			builder.setAsList(DtlsConfig.DTLS_CIPHER_SUITES, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
 		}
 		CredentialsUtil.setupCredentials(builder, CredentialsUtil.CLIENT_NAME, modes);
 		DTLSConnector dtlsConnector = new DTLSConnector(builder.build());

scandium-core/src/main/java/org/eclipse/californium/scandium/config/DtlsConfig.java

@@ -334,7 +334,7 @@ protected List<SignatureAndHashAlgorithm> parseValue(String value) {
 	 */
 	public static final IntegerDefinition DTLS_RETRANSMISSION_BACKOFF = new IntegerDefinition(
 			MODULE + "RETRANSMISSION_BACKOFF",
-			"DTLS number of flight retransmissions before switching to backoff mode using single handshake messages in single record datagrams.",
+			"Number of flight-retransmissions before switching to backoff mode using single handshake messages in single record datagrams.",
 			null, 0);
 
 	/**
@@ -377,7 +377,8 @@ protected List<SignatureAndHashAlgorithm> parseValue(String value) {
 	 */
 	public static final IntegerDefinition DTLS_MAX_FRAGMENTED_HANDSHAKE_MESSAGE_LENGTH = new IntegerDefinition(
 			MODULE + "MAX_FRAGMENTED_HANDSHAKE_MESSAGE_LENGTH",
-			"DTLS maximum length of reassembled fragmented handshake message.\nMust be large enough for used certificates.",
+			"DTLS maximum length of reassembled fragmented handshake message.\n" +
+			"Must be large enough for used certificates.",
 			DEFAULT_MAX_FRAGMENTED_HANDSHAKE_MESSAGE_LENGTH, 64);
 
 	/**
@@ -480,7 +481,8 @@ protected List<SignatureAndHashAlgorithm> parseValue(String value) {
 	 */
 	public static final TimeDefinition DTLS_STALE_CONNECTION_THRESHOLD = new TimeDefinition(
 			MODULE + "STALE_CONNECTION_THRESHOLD",
-			"DTLS threshold for state connections. Connections will only get removed for new ones, if at least for that threshold no messages are exchanged using that connection.",
+			"DTLS threshold for state connections. Connections will only get removed for new ones, "+
+			"if at least for that threshold no messages are exchanged using that connection.",
 			DEFAULT_STALE_CONNECTION_TRESHOLD_SECONDS, TimeUnit.SECONDS);
 
 	/**
@@ -766,7 +768,8 @@ protected List<SignatureAndHashAlgorithm> parseValue(String value) {
 	 */
 	public static final EnumListDefinition<CertificateKeyAlgorithm> DTLS_CERTIFICATE_KEY_ALGORITHMS = new EnumListDefinition<>(
 			MODULE + "CERTIFICATE_KEY_ALGORITHMS",
-			"List of DTLS certificate key algorithms.",
+			"List of DTLS certificate key algorithms.\n" +
+			"On the client side used to select the default cipher-suites, on the server side to negotiate the client's certificate.",
 			new CertificateKeyAlgorithm[] { CertificateKeyAlgorithm.EC, CipherSuite.CertificateKeyAlgorithm.RSA });
 
 	/**