A secured version of the inaetics wiring implementation by using short lived certificates with tls.
Link to the sub project
The certificate utilizing a (containerized) Cloudflare CFSSL PKI Toolkit and has a REST api.
This authority has to be deployed in an INAETICS cluster. Afterwards, the (secure) wiring has to be configured to know the host(s) of this certificate authority.
The configuration of the certificate authority can be modified to specify the time duration in which a certificate is valid.
Link to the cfssl project github
The Java implementation of the project consists of the following sub projects and bundles:
- Complete Java wiring main project
- INAETICS Trust Storage
- Is deployed on every node and manages all keys and certificates for this nodes within the INAETICS cluster.
- INAETICS Certificate Service
- Is deployed on every node and communicates with the Certificate Authority and obtains the certificates from the authority. This project has to be changed, once a different signing policy is implemented.
- INAETICS Trust Storage
Relevant for the java implementation:
- The bundles for the demonstrator cluster - /bundles
- The node agent to start the felix framework - /node-agent-java-secure
- The java node wiring - /node-wiring-secure-java
The C implementation of the project consists of the following sub projects and bundles:
- Complete C wiring main project
- INAETICS Trust Manager
- Is deployed on every node and manages all keys and certificates for this nodes within the INAETICS cluster. Requires a CloudFlare CFSSL CA.
- Documenatation can be found here
- INAETICS Trust Manager
Relevant for the C implementation:
- The bundles for the demonstrator cluster - /bundles
- The node agent to start the celix framework - /node-agent-java-secure
- The (secure) c node wiring - /node-wiring-secure-c