[SOLVED] Bosch Smart Hhome Controller: Binding with Client SSL certificates for authentication

I have been starting to hack on a Binding for Bosch Smart Home products (https://www.bosch-smarthome.com/uk/en). Hurray!

I have the basic working environment set up now and I have started to port the NodeJS implementation I know is working to Java. I’m now at a point where I would like to issue the first HTTP call to the Bosch Smart Home Controller.

From the NodeJS implementation, I know that authentication is based on client-side certificates. I have a pair of private/public keys that I have been paired and succesfully used with NodeJS to interact with my Bosch Smart Home conroller. Now, I would like to use the same pair of certificates from Java.

As suggested in the documentation, I’m using the Jetty HttpClient. I also followed some documentation online to generate a keystore out of my certifictes, that I should be able to use from Jetty (see: https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html) and (https://www.eclipse.org/jetty/documentation/current/http-client.html). I think I have to use something like:

SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();

I don’t think I can used the shared HttpClient as described in the OpenHab documentation (https://www.openhab.org/docs/developer/guidelines.html#g-other-code-attributions), because the SSlContext is part of the constructor to the HttpClient.

In any case, I just wanted to make sure I’m not doing anything completely unnecessary here and there is a much easier way to go ahead, or other bindings I could have a look at? I’m not aware of any other bindings that use SSL certificates for client authentication?

If this looks good, I’m stuck on SslContextFactory.Client sslContextFactory = new SslContextFactory.Client(); not compiling for some reason I don’t understand as a Java / Maven noob. It says:

“Evaluates project setup fixes to resolve the reference to the missing element ‘SslContextFactory.Client’”

Any help and pointers are much appreciated :slight_smile:

For reference, the NodeJS TypeScript implementation does something like this:

    requestOptions.hostname = this.host;
    requestOptions.port = port;
    requestOptions.path = path;
    requestOptions.method = method;
    requestOptions.rejectUnauthorized = false; // self signed cert ignored of BSHC. Maybe we could add an option to set the caCert as well which would make it more secure.
    if (!requestOptions.headers) {
        requestOptions.headers = {};
    }

    requestOptions.headers['Content-Type'] = 'application/json';
    requestOptions.headers['Accept'] = 'application/json';

    if (options && options.requestOptions) {
        Object.keys(options.requestOptions).forEach(key => {
            requestOptions[key] = options.requestOptions[key];
        });
    }

    if(options && options.certificateStorage && options.identifier) {
        requestOptions.key = options.certificateStorage.getClientCertificateKey(options.identifier);
        requestOptions.cert = options.certificateStorage.getClientCertificate(options.identifier);
    }

    if (options && options.systemPassword) {
        requestOptions.headers['Systempassword'] = Buffer.from(options.systemPassword).toString('base64');
    }

    this.logger.fine('requestOptions: ', requestOptions);

    let postData: string | undefined = undefined;
    if (data) {
        if (typeof data === 'string') {
            postData = data;
        } else {
            postData = JSON.stringify(data);
        }
        requestOptions.headers['Content-Length'] = postData.length;
    }

    this.logger.fine('');
    this.logger.fine('call:\n' + requestOptions.method + ' | ' + requestOptions.hostname + ':' + requestOptions.port + requestOptions.path);
    this.logger.fine('headers:\n', requestOptions.headers);
    this.logger.fine('body:\n', postData ? postData : '');
    this.logger.fine('');

    return new Observable(observer => {
        const req = https.request(requestOptions, res => {

Note the part with requestOptions.key and requestOptions.cert.

Fixed the compilation error now by adding the following to the core pom.xml - not sure if that’s the desired way, but seems to be working for now

diff --git a/bom/runtime/pom.xml b/bom/runtime/pom.xml
index 1cce9643..68e8437d 100644
--- a/bom/runtime/pom.xml
+++ b/bom/runtime/pom.xml
@@ -899,6 +899,13 @@
       <!-- <scope>compile</scope> -->
     </dependency>
 
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-util</artifactId>
+      <version>${jetty.version}</version>
+      <scope>compile</scope>
+    </dependency>
+
   </dependencies>
 
 </project>

Hi Stefan,

are you finish with BSH binding? Is it possible to support you by testing of this binding? :slight_smile:

BR, Sergo

Hi Sergo,

I’m not finished :slight_smile:
I have a extremely basic version of the binding running in my OpenHab installation since around December, and it works really nicely.

However, there are a bunch of things that I really have to do before the binding is useful to anybody else:

  • Implement login on the Bosch Smart Home Controller. Currently, I’m using a key-pair generated with another software to connect to the BSHC. This will not work for anybody else’s SHC except mine :frowning:
  • I currently have support only for in-wall switches. That’s not really a technical limitation, since it should be relatively simply to add more devices, just didn’t have time to do so yet (I have a motion sensor, window/door sensor and also ordered a TwinGuard … so these one I will add sooner or later for certain :slight_smile: )

Sorry to keep you all waiting for such a long time, but I’m really quite busy these days.

If you want to contribute, I keep my code her: https://github.com/stefan-kaestle/openhab2-addons/commits/bosch-shc-2.5

p.s. I will be reporting on my progress here: Will there be a "Bosch Smart Home" binding?

1 Like

Hi Stefan,

that gives a hope, especially that Bosch Smart Home delivers really good hardware, which unfortunately cannot be used to the full extent at present, since integration is not possible.

I Personally use the door sensors and radiator thermostat which works really good (in a closed circle). I’m excited to see how the combination with the non Bosch products will look :slight_smile:

Many thanks in adwance for your input in the OpenHab zoo :wink:

Reards,
Sergo

1 Like