From 1d9132b0c65d8860219e310327e2b80e40a5532e Mon Sep 17 00:00:00 2001 From: nickAS21 Date: Wed, 10 Nov 2021 08:38:04 +0200 Subject: [PATCH] lwm2m - change bootstrapConfig --- .../secure/LwM2MBootstrapConfig.java | 39 ++++++++++--------- .../secure/LwM2MBootstrapSecurityStore.java | 23 +++++------ ...LwM2mCredentialsSecurityInfoValidator.java | 23 ++++++----- .../TbLwM2MDtlsCertificateVerifier.java | 4 +- .../lwm2m/secure/TbLwM2MSecurityInfo.java | 2 +- ...tials.java => LwM2MClientCredentials.java} | 2 +- 6 files changed, 47 insertions(+), 46 deletions(-) rename common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/{LwM2MCredentials.java => LwM2MClientCredentials.java} (96%) diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2MBootstrapConfig.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2MBootstrapConfig.java index 29024d8f8f..2340267926 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2MBootstrapConfig.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2MBootstrapConfig.java @@ -16,6 +16,7 @@ package org.thingsboard.server.transport.lwm2m.bootstrap.secure; import com.fasterxml.jackson.annotation.JsonIgnore; +import lombok.AllArgsConstructor; import lombok.Data; import lombok.Getter; import lombok.Setter; @@ -31,10 +32,10 @@ import java.nio.charset.StandardCharsets; import java.util.List; @Data +@AllArgsConstructor public class LwM2MBootstrapConfig implements Serializable { - List serversConfiguration; - LwM2MBootstrapClientCredential bootstrapClientCredential; + List serverConfiguration; /* interface BootstrapSecurityConfig servers: BootstrapServersSecurityConfig, @@ -49,9 +50,9 @@ public class LwM2MBootstrapConfig implements Serializable { * notifIfDisabled: boolean, * binding: string * */ - @Getter - @Setter - private LwM2MBootstrapServers servers; +// @Getter +// @Setter +// private LwM2MBootstrapServers servers; /** -bootstrapServer, lwm2mServer * interface ServerSecurityConfig @@ -68,15 +69,15 @@ public class LwM2MBootstrapConfig implements Serializable { * */ @Getter @Setter - private LwM2MServerBootstrap bootstrapServer; + private LwM2MBootstrapClientCredential bootstrapServer; @Getter @Setter - private LwM2MServerBootstrap lwm2mServer; + private LwM2MBootstrapClientCredential lwm2mServer; + + public LwM2MBootstrapConfig(List serverConfiguration, LwM2MBootstrapClientCredential bootstrapClientCredential) { + this.serverConfiguration = serverConfiguration; - public LwM2MBootstrapConfig(List serversConfiguration, LwM2MBootstrapClientCredential bootstrapClientCredential) { - this.serversConfiguration = serversConfiguration; - this.bootstrapClientCredential = bootstrapClientCredential; } @JsonIgnore @@ -87,17 +88,17 @@ public class LwM2MBootstrapConfig implements Serializable { configBs.toDelete.add("/1"); /* Server Configuration (object 1) as defined in LWM2M 1.0.x TS. */ BootstrapConfig.ServerConfig server0 = new BootstrapConfig.ServerConfig(); - server0.shortId = servers.getShortId(); - server0.lifetime = servers.getLifetime(); - server0.defaultMinPeriod = servers.getDefaultMinPeriod(); - server0.notifIfDisabled = servers.isNotifIfDisabled(); - server0.binding = BindingMode.parse(servers.getBinding()); +// server0.shortId = servers.getShortId(); +// server0.lifetime = servers.getLifetime(); +// server0.defaultMinPeriod = servers.getDefaultMinPeriod(); +// server0.notifIfDisabled = servers.isNotifIfDisabled(); +// server0.binding = BindingMode.parse(servers.getBinding()); configBs.servers.put(0, server0); /* Security Configuration (object 0) as defined in LWM2M 1.0.x TS. Bootstrap instance = 0 */ - this.bootstrapServer.setBootstrapServerIs(true); - configBs.security.put(0, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.bootstrapServer.isBootstrapServerIs(), this.bootstrapServer.getSecurityMode(), this.bootstrapServer.getClientPublicKeyOrId(), this.bootstrapServer.getServerPublicKey(), this.bootstrapServer.getClientSecretKey(), this.bootstrapServer.getServerId())); - /* Security Configuration (object 0) as defined in LWM2M 1.0.x TS. Server instance = 1 */ - configBs.security.put(1, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.lwm2mServer.isBootstrapServerIs(), this.lwm2mServer.getSecurityMode(), this.lwm2mServer.getClientPublicKeyOrId(), this.lwm2mServer.getServerPublicKey(), this.lwm2mServer.getClientSecretKey(), this.lwm2mServer.getServerId())); +// this.bootstrapServer.setBootstrapServerIs(true); +// configBs.security.put(0, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.bootstrapServer.isBootstrapServerIs(), this.bootstrapServer.getSecurityMode(), this.bootstrapServer.getClientPublicKeyOrId(), this.bootstrapServer.getServerPublicKey(), this.bootstrapServer.getClientSecretKey(), this.bootstrapServer.getServerId())); +// /* Security Configuration (object 0) as defined in LWM2M 1.0.x TS. Server instance = 1 */ +// configBs.security.put(1, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.lwm2mServer.isBootstrapServerIs(), this.lwm2mServer.getSecurityMode(), this.lwm2mServer.getClientPublicKeyOrId(), this.lwm2mServer.getServerPublicKey(), this.lwm2mServer.getClientSecretKey(), this.lwm2mServer.getServerId())); return configBs; } diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2MBootstrapSecurityStore.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2MBootstrapSecurityStore.java index 935e95c546..c2c32ca79c 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2MBootstrapSecurityStore.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2MBootstrapSecurityStore.java @@ -71,6 +71,7 @@ public class LwM2MBootstrapSecurityStore implements BootstrapSecurityStore { @Override public Iterator getAllByEndpoint(String endPoint) { + // TODO TbLwM2MSecurityInfo store = lwM2MCredentialsSecurityInfoValidator.getEndpointSecurityInfoByCredentialsId(endPoint, BOOTSTRAP); if (store.getBootstrapCredentialConfig() != null && store.getSecurityMode() != null) { /* add value to store from BootstrapJson */ @@ -125,20 +126,20 @@ public class LwM2MBootstrapSecurityStore implements BootstrapSecurityStore { switch (lwM2MBootstrapConfig.getBootstrapServer().getSecurityMode()) { /* Use RPK only */ case PSK: - store.setSecurityInfo(SecurityInfo.newPreSharedKeyInfo(store.getEndpoint(), - lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId(), - Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientSecretKey().toCharArray()))); +// store.setSecurityInfo(SecurityInfo.newPreSharedKeyInfo(store.getEndpoint(), +// lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId(), +// Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientSecretKey().toCharArray()))); store.setSecurityMode(SecurityMode.PSK); break; case RPK: - try { - store.setSecurityInfo(SecurityInfo.newRawPublicKeyInfo(store.getEndpoint(), - SecurityUtil.publicKey.decode(Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId().toCharArray())))); - store.setSecurityMode(SecurityMode.RPK); - break; - } catch (IOException | GeneralSecurityException e) { - log.error("Unable to decode Client public key for [{}] [{}]", store.getEndpoint(), e.getMessage()); - } +// try { +//// store.setSecurityInfo(SecurityInfo.newRawPublicKeyInfo(store.getEndpoint(), +//// SecurityUtil.publicKey.decode(Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId().toCharArray())))); +//// store.setSecurityMode(SecurityMode.RPK); +// break; +// } catch (IOException | GeneralSecurityException e) { +// log.error("Unable to decode Client public key for [{}] [{}]", store.getEndpoint(), e.getMessage()); +// } case X509: store.setSecurityInfo(SecurityInfo.newX509CertInfo(store.getEndpoint())); store.setSecurityMode(SecurityMode.X509); diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java index 64498645c8..8b343ab02f 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.java @@ -32,7 +32,7 @@ import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsRes import org.thingsboard.server.gen.transport.TransportProtos.ValidateDeviceLwM2MCredentialsRequestMsg; import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; -import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; +import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentials; import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportContext; import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException; import org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer; @@ -48,6 +48,7 @@ import static org.eclipse.leshan.core.SecurityMode.PSK; import static org.eclipse.leshan.core.SecurityMode.RPK; import static org.eclipse.leshan.core.SecurityMode.X509; import static org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer.BOOTSTRAP; +import static org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer.CLIENT; @Slf4j @Component @@ -87,25 +88,23 @@ public class LwM2mCredentialsSecurityInfoValidator { log.error("Failed to await credentials!", e); } - TbLwM2MSecurityInfo securityInfo = resultSecurityStore[0]; + return resultSecurityStore[0]; - if (securityInfo.getSecurityMode() == null) { - throw new LwM2MAuthException(); - } - - return securityInfo; +// if ((CLIENT.equals(keyValue) && securityInfo.getSecurityMode() == null) || +// (BOOTSTRAP.equals(keyValue) && securityInfo.getBootstrapCredentialConfig().getBootstrapServer()==null && securityInfo.getBootstrapCredentialConfig().getLwm2mServer()==null)){ +// throw new LwM2MAuthException(); +// } +// +// return securityInfo; } /** * Create new SecurityInfo - * @param endpoint - - * @param jsonStr - - * @param keyValue - * @return SecurityInfo */ private TbLwM2MSecurityInfo createSecurityInfo(String endpoint, String jsonStr, LwM2mTypeServer keyValue) { TbLwM2MSecurityInfo result = new TbLwM2MSecurityInfo(); - LwM2MCredentials credentials = JacksonUtil.fromString(jsonStr, LwM2MCredentials.class); + LwM2MClientCredentials credentials = JacksonUtil.fromString(jsonStr, LwM2MClientCredentials.class); if (credentials != null) { if (keyValue.equals(BOOTSTRAP)) { result.setBootstrapCredentialConfig(credentials.getBootstrap()); @@ -114,7 +113,7 @@ public class LwM2mCredentialsSecurityInfoValidator { endpoint = StringUtils.isNotEmpty(pskClientConfig.getEndpoint()) ? pskClientConfig.getEndpoint() : endpoint; } result.setEndpoint(endpoint); - result.setSecurityMode(credentials.getBootstrap().getBootstrapServer().getSecurityMode()); +// result.setSecurityMode(credentials.getBootstrap().getBootstrapServer().getSecurityMode()); } else { result.setEndpoint(credentials.getClient().getEndpoint()); switch (credentials.getClient().getSecurityConfigClientMode()) { diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java index 0ef0d93f27..e3bfe986c3 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java @@ -41,7 +41,7 @@ import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsRes import org.thingsboard.server.common.transport.util.SslUtil; import org.thingsboard.server.queue.util.TbLwM2mTransportComponent; import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; -import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials; +import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentials; import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException; import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore; import org.thingsboard.server.transport.lwm2m.server.store.TbMainSecurityStore; @@ -124,7 +124,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer } ValidateDeviceCredentialsResponse msg = securityInfo != null ? securityInfo.getMsg() : null; if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) { - LwM2MCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MCredentials.class); + LwM2MClientCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MClientCredentials.class); if (!credentials.getClient().getSecurityConfigClientMode().equals(LwM2MSecurityMode.X509)) { continue; } diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MSecurityInfo.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MSecurityInfo.java index bc45a77b58..61774228c0 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MSecurityInfo.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MSecurityInfo.java @@ -30,9 +30,9 @@ public class TbLwM2MSecurityInfo implements Serializable { private ValidateDeviceCredentialsResponse msg; private SecurityInfo securityInfo; private SecurityMode securityMode; + private DeviceProfile deviceProfile; /** bootstrap */ - private DeviceProfile deviceProfile; private LwM2MBootstrapConfig bootstrapCredentialConfig; private String endpoint; private BootstrapConfig bootstrapConfig; diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MCredentials.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MClientCredentials.java similarity index 96% rename from common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MCredentials.java rename to common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MClientCredentials.java index 878188bffc..a10e5ec231 100644 --- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MCredentials.java +++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/LwM2MClientCredentials.java @@ -20,7 +20,7 @@ import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCr import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapConfig; @Data -public class LwM2MCredentials { +public class LwM2MClientCredentials { private LwM2MClientCredential client; private LwM2MBootstrapConfig bootstrap; }