Java RSC API ‒ Custom security settings

Here you get information how to use a custom trust store, disable TLS verification and establish a non-secure local connection.

Note:
The Java RSC API will soon be replaced by a better solution. Therefore the support for this tool is already discontinued. If you decide to use the Java RSC API anyway you'll be on your own.

Custom trust store

If you want to use a custom trust store for the certificate validation, you can achieve this by setting the system propertyjavax.net.ssl.trustStore as shown in this example:

import com.phoenixcontact.arp.plc.domain.services.IPlcManagerService2;
import com.phoenixcontact.arp.plc.domain.services.PlcStates;
import com.phoenixcontact.arp.system.rsc.ConnectionInfo;
import com.phoenixcontact.arp.system.rsc.SecurityInfo;
import com.phoenixcontact.arp.system.rsc.ServiceManager;
import java.util.Arrays;
public class Example {
  public static void main(String[] args) throws Exception {
    String hostname = "192.168.1.10";
    int port = 41100;
    int connectTimeout = 10000;
    int readTimeout = 10000;
    ConnectionInfo connectionInfo = new ConnectionInfo(hostname, port, connectTimeout, readTimeout);
    String username = "admin";
    char[] password = new char[] { '1', '2', '3', '4' };
    SecurityInfo securityInfo = new SecurityInfo(username, password);
    try (ServiceManager serviceManager = new ServiceManager()) {
      boolean useSystemTrustStore = true;
      // if the trustStore is null the default java trust store will be used.
      System.setProperty("javax.net.ssl.trustStore", "path to your trust store");
      System.setProperty("javax.net.ssl.trustStorePassword", "password of your trust store");
      serviceManager.connect(connectionInfo, securityInfo, null, useSystemTrustStore);
      IPlcManagerService2 service = serviceManager.getService(IPlcManagerService2.class);
      PlcStates state = service.getPlcState();
      System.out.println(state.getFlags());
    } finally {
      Arrays.fill(password, '\0');
    }
  }
}

Disable TLS verification

In some cases during development you might like to disable the TLS verification. For this you just need to call serviceManager.connect(connectionInfo, securityInfo, false);
instead of
serviceManager.connect(connectionInfo, securityInfo);

Local connection without TLS

Warning: The following action results in an unsecure local communication channel. Root privileges on the device are needed. We do not recommend and support this.

If you want to establish a connection without TLS you have to use the constructor
new ConnectionInfo(hostname, port, connectTimeout, receiveTimeout, false);


Additionally you have to edit the /etc/plcnext/device/System/RscGateway/RscGateway.settings file on the target to allow insecure connections. Add a second TcpGatewaySettings like the following example. We recommend a port nearby the original port 41100.

...
<TcpGatewaySettings gatewayId="2" tcpPort="41110" sessionTimeout="300000" encrypted="false" ipAddress="127.0.0.1" />
...

 

 


•  Web browser recommendation: Chrome/Edge 88 or newer, Firefox ESR 90 or neweror Safari • 
• Published/reviewed: 2022-09-14 • Revision 046 •