lwm2m - change bootstrapConfig
This commit is contained in:
nickAS21
Sergey Tarnavskiy
parent
9ec919f175
commit
1d9132b0c6
@ -16,6 +16,7 @@
|
|||||||
package org.thingsboard.server.transport.lwm2m.bootstrap.secure;
|
package org.thingsboard.server.transport.lwm2m.bootstrap.secure;
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||||
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.Data;
|
import lombok.Data;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.Setter;
|
import lombok.Setter;
|
||||||
@ -31,10 +32,10 @@ import java.nio.charset.StandardCharsets;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
@Data
|
@Data
|
||||||
|
@AllArgsConstructor
|
||||||
public class LwM2MBootstrapConfig implements Serializable {
|
public class LwM2MBootstrapConfig implements Serializable {
|
||||||
|
|
||||||
List<LwM2MBootstrapServerCredential> serversConfiguration;
|
List<LwM2MBootstrapServerCredential> serverConfiguration;
|
||||||
LwM2MBootstrapClientCredential bootstrapClientCredential;
|
|
||||||
/*
|
/*
|
||||||
interface BootstrapSecurityConfig
|
interface BootstrapSecurityConfig
|
||||||
servers: BootstrapServersSecurityConfig,
|
servers: BootstrapServersSecurityConfig,
|
||||||
@ -49,9 +50,9 @@ public class LwM2MBootstrapConfig implements Serializable {
|
|||||||
* notifIfDisabled: boolean,
|
* notifIfDisabled: boolean,
|
||||||
* binding: string
|
* binding: string
|
||||||
* */
|
* */
|
||||||
@Getter
|
// @Getter
|
||||||
@Setter
|
// @Setter
|
||||||
private LwM2MBootstrapServers servers;
|
// private LwM2MBootstrapServers servers;
|
||||||
|
|
||||||
/** -bootstrapServer, lwm2mServer
|
/** -bootstrapServer, lwm2mServer
|
||||||
* interface ServerSecurityConfig
|
* interface ServerSecurityConfig
|
||||||
@ -68,15 +69,15 @@ public class LwM2MBootstrapConfig implements Serializable {
|
|||||||
* */
|
* */
|
||||||
@Getter
|
@Getter
|
||||||
@Setter
|
@Setter
|
||||||
private LwM2MServerBootstrap bootstrapServer;
|
private LwM2MBootstrapClientCredential bootstrapServer;
|
||||||
|
|
||||||
@Getter
|
@Getter
|
||||||
@Setter
|
@Setter
|
||||||
private LwM2MServerBootstrap lwm2mServer;
|
private LwM2MBootstrapClientCredential lwm2mServer;
|
||||||
|
|
||||||
|
public LwM2MBootstrapConfig(List<LwM2MBootstrapServerCredential> serverConfiguration, LwM2MBootstrapClientCredential bootstrapClientCredential) {
|
||||||
|
this.serverConfiguration = serverConfiguration;
|
||||||
|
|
||||||
public LwM2MBootstrapConfig(List<LwM2MBootstrapServerCredential> serversConfiguration, LwM2MBootstrapClientCredential bootstrapClientCredential) {
|
|
||||||
this.serversConfiguration = serversConfiguration;
|
|
||||||
this.bootstrapClientCredential = bootstrapClientCredential;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@JsonIgnore
|
@JsonIgnore
|
||||||
@ -87,17 +88,17 @@ public class LwM2MBootstrapConfig implements Serializable {
|
|||||||
configBs.toDelete.add("/1");
|
configBs.toDelete.add("/1");
|
||||||
/* Server Configuration (object 1) as defined in LWM2M 1.0.x TS. */
|
/* Server Configuration (object 1) as defined in LWM2M 1.0.x TS. */
|
||||||
BootstrapConfig.ServerConfig server0 = new BootstrapConfig.ServerConfig();
|
BootstrapConfig.ServerConfig server0 = new BootstrapConfig.ServerConfig();
|
||||||
server0.shortId = servers.getShortId();
|
// server0.shortId = servers.getShortId();
|
||||||
server0.lifetime = servers.getLifetime();
|
// server0.lifetime = servers.getLifetime();
|
||||||
server0.defaultMinPeriod = servers.getDefaultMinPeriod();
|
// server0.defaultMinPeriod = servers.getDefaultMinPeriod();
|
||||||
server0.notifIfDisabled = servers.isNotifIfDisabled();
|
// server0.notifIfDisabled = servers.isNotifIfDisabled();
|
||||||
server0.binding = BindingMode.parse(servers.getBinding());
|
// server0.binding = BindingMode.parse(servers.getBinding());
|
||||||
configBs.servers.put(0, server0);
|
configBs.servers.put(0, server0);
|
||||||
/* Security Configuration (object 0) as defined in LWM2M 1.0.x TS. Bootstrap instance = 0 */
|
/* Security Configuration (object 0) as defined in LWM2M 1.0.x TS. Bootstrap instance = 0 */
|
||||||
this.bootstrapServer.setBootstrapServerIs(true);
|
// this.bootstrapServer.setBootstrapServerIs(true);
|
||||||
configBs.security.put(0, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.bootstrapServer.isBootstrapServerIs(), this.bootstrapServer.getSecurityMode(), this.bootstrapServer.getClientPublicKeyOrId(), this.bootstrapServer.getServerPublicKey(), this.bootstrapServer.getClientSecretKey(), this.bootstrapServer.getServerId()));
|
// configBs.security.put(0, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.bootstrapServer.isBootstrapServerIs(), this.bootstrapServer.getSecurityMode(), this.bootstrapServer.getClientPublicKeyOrId(), this.bootstrapServer.getServerPublicKey(), this.bootstrapServer.getClientSecretKey(), this.bootstrapServer.getServerId()));
|
||||||
/* Security Configuration (object 0) as defined in LWM2M 1.0.x TS. Server instance = 1 */
|
// /* Security Configuration (object 0) as defined in LWM2M 1.0.x TS. Server instance = 1 */
|
||||||
configBs.security.put(1, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.lwm2mServer.isBootstrapServerIs(), this.lwm2mServer.getSecurityMode(), this.lwm2mServer.getClientPublicKeyOrId(), this.lwm2mServer.getServerPublicKey(), this.lwm2mServer.getClientSecretKey(), this.lwm2mServer.getServerId()));
|
// configBs.security.put(1, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.lwm2mServer.isBootstrapServerIs(), this.lwm2mServer.getSecurityMode(), this.lwm2mServer.getClientPublicKeyOrId(), this.lwm2mServer.getServerPublicKey(), this.lwm2mServer.getClientSecretKey(), this.lwm2mServer.getServerId()));
|
||||||
return configBs;
|
return configBs;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -71,6 +71,7 @@ public class LwM2MBootstrapSecurityStore implements BootstrapSecurityStore {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Iterator<SecurityInfo> getAllByEndpoint(String endPoint) {
|
public Iterator<SecurityInfo> getAllByEndpoint(String endPoint) {
|
||||||
|
// TODO
|
||||||
TbLwM2MSecurityInfo store = lwM2MCredentialsSecurityInfoValidator.getEndpointSecurityInfoByCredentialsId(endPoint, BOOTSTRAP);
|
TbLwM2MSecurityInfo store = lwM2MCredentialsSecurityInfoValidator.getEndpointSecurityInfoByCredentialsId(endPoint, BOOTSTRAP);
|
||||||
if (store.getBootstrapCredentialConfig() != null && store.getSecurityMode() != null) {
|
if (store.getBootstrapCredentialConfig() != null && store.getSecurityMode() != null) {
|
||||||
/* add value to store from BootstrapJson */
|
/* add value to store from BootstrapJson */
|
||||||
@ -125,20 +126,20 @@ public class LwM2MBootstrapSecurityStore implements BootstrapSecurityStore {
|
|||||||
switch (lwM2MBootstrapConfig.getBootstrapServer().getSecurityMode()) {
|
switch (lwM2MBootstrapConfig.getBootstrapServer().getSecurityMode()) {
|
||||||
/* Use RPK only */
|
/* Use RPK only */
|
||||||
case PSK:
|
case PSK:
|
||||||
store.setSecurityInfo(SecurityInfo.newPreSharedKeyInfo(store.getEndpoint(),
|
// store.setSecurityInfo(SecurityInfo.newPreSharedKeyInfo(store.getEndpoint(),
|
||||||
lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId(),
|
// lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId(),
|
||||||
Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientSecretKey().toCharArray())));
|
// Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientSecretKey().toCharArray())));
|
||||||
store.setSecurityMode(SecurityMode.PSK);
|
store.setSecurityMode(SecurityMode.PSK);
|
||||||
break;
|
break;
|
||||||
case RPK:
|
case RPK:
|
||||||
try {
|
// try {
|
||||||
store.setSecurityInfo(SecurityInfo.newRawPublicKeyInfo(store.getEndpoint(),
|
//// store.setSecurityInfo(SecurityInfo.newRawPublicKeyInfo(store.getEndpoint(),
|
||||||
SecurityUtil.publicKey.decode(Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId().toCharArray()))));
|
//// SecurityUtil.publicKey.decode(Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId().toCharArray()))));
|
||||||
store.setSecurityMode(SecurityMode.RPK);
|
//// store.setSecurityMode(SecurityMode.RPK);
|
||||||
break;
|
// break;
|
||||||
} catch (IOException | GeneralSecurityException e) {
|
// } catch (IOException | GeneralSecurityException e) {
|
||||||
log.error("Unable to decode Client public key for [{}] [{}]", store.getEndpoint(), e.getMessage());
|
// log.error("Unable to decode Client public key for [{}] [{}]", store.getEndpoint(), e.getMessage());
|
||||||
}
|
// }
|
||||||
case X509:
|
case X509:
|
||||||
store.setSecurityInfo(SecurityInfo.newX509CertInfo(store.getEndpoint()));
|
store.setSecurityInfo(SecurityInfo.newX509CertInfo(store.getEndpoint()));
|
||||||
store.setSecurityMode(SecurityMode.X509);
|
store.setSecurityMode(SecurityMode.X509);
|
||||||
|
|||||||
@ -32,7 +32,7 @@ import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsRes
|
|||||||
import org.thingsboard.server.gen.transport.TransportProtos.ValidateDeviceLwM2MCredentialsRequestMsg;
|
import org.thingsboard.server.gen.transport.TransportProtos.ValidateDeviceLwM2MCredentialsRequestMsg;
|
||||||
import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
|
import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
|
||||||
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
|
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
|
||||||
import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials;
|
import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentials;
|
||||||
import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportContext;
|
import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportContext;
|
||||||
import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException;
|
import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException;
|
||||||
import org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer;
|
import org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer;
|
||||||
@ -48,6 +48,7 @@ import static org.eclipse.leshan.core.SecurityMode.PSK;
|
|||||||
import static org.eclipse.leshan.core.SecurityMode.RPK;
|
import static org.eclipse.leshan.core.SecurityMode.RPK;
|
||||||
import static org.eclipse.leshan.core.SecurityMode.X509;
|
import static org.eclipse.leshan.core.SecurityMode.X509;
|
||||||
import static org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer.BOOTSTRAP;
|
import static org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer.BOOTSTRAP;
|
||||||
|
import static org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer.CLIENT;
|
||||||
|
|
||||||
@Slf4j
|
@Slf4j
|
||||||
@Component
|
@Component
|
||||||
@ -87,25 +88,23 @@ public class LwM2mCredentialsSecurityInfoValidator {
|
|||||||
log.error("Failed to await credentials!", e);
|
log.error("Failed to await credentials!", e);
|
||||||
}
|
}
|
||||||
|
|
||||||
TbLwM2MSecurityInfo securityInfo = resultSecurityStore[0];
|
return resultSecurityStore[0];
|
||||||
|
|
||||||
if (securityInfo.getSecurityMode() == null) {
|
// if ((CLIENT.equals(keyValue) && securityInfo.getSecurityMode() == null) ||
|
||||||
throw new LwM2MAuthException();
|
// (BOOTSTRAP.equals(keyValue) && securityInfo.getBootstrapCredentialConfig().getBootstrapServer()==null && securityInfo.getBootstrapCredentialConfig().getLwm2mServer()==null)){
|
||||||
}
|
// throw new LwM2MAuthException();
|
||||||
|
// }
|
||||||
return securityInfo;
|
//
|
||||||
|
// return securityInfo;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create new SecurityInfo
|
* Create new SecurityInfo
|
||||||
* @param endpoint -
|
|
||||||
* @param jsonStr -
|
|
||||||
* @param keyValue -
|
|
||||||
* @return SecurityInfo
|
* @return SecurityInfo
|
||||||
*/
|
*/
|
||||||
private TbLwM2MSecurityInfo createSecurityInfo(String endpoint, String jsonStr, LwM2mTypeServer keyValue) {
|
private TbLwM2MSecurityInfo createSecurityInfo(String endpoint, String jsonStr, LwM2mTypeServer keyValue) {
|
||||||
TbLwM2MSecurityInfo result = new TbLwM2MSecurityInfo();
|
TbLwM2MSecurityInfo result = new TbLwM2MSecurityInfo();
|
||||||
LwM2MCredentials credentials = JacksonUtil.fromString(jsonStr, LwM2MCredentials.class);
|
LwM2MClientCredentials credentials = JacksonUtil.fromString(jsonStr, LwM2MClientCredentials.class);
|
||||||
if (credentials != null) {
|
if (credentials != null) {
|
||||||
if (keyValue.equals(BOOTSTRAP)) {
|
if (keyValue.equals(BOOTSTRAP)) {
|
||||||
result.setBootstrapCredentialConfig(credentials.getBootstrap());
|
result.setBootstrapCredentialConfig(credentials.getBootstrap());
|
||||||
@ -114,7 +113,7 @@ public class LwM2mCredentialsSecurityInfoValidator {
|
|||||||
endpoint = StringUtils.isNotEmpty(pskClientConfig.getEndpoint()) ? pskClientConfig.getEndpoint() : endpoint;
|
endpoint = StringUtils.isNotEmpty(pskClientConfig.getEndpoint()) ? pskClientConfig.getEndpoint() : endpoint;
|
||||||
}
|
}
|
||||||
result.setEndpoint(endpoint);
|
result.setEndpoint(endpoint);
|
||||||
result.setSecurityMode(credentials.getBootstrap().getBootstrapServer().getSecurityMode());
|
// result.setSecurityMode(credentials.getBootstrap().getBootstrapServer().getSecurityMode());
|
||||||
} else {
|
} else {
|
||||||
result.setEndpoint(credentials.getClient().getEndpoint());
|
result.setEndpoint(credentials.getClient().getEndpoint());
|
||||||
switch (credentials.getClient().getSecurityConfigClientMode()) {
|
switch (credentials.getClient().getSecurityConfigClientMode()) {
|
||||||
|
|||||||
@ -41,7 +41,7 @@ import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsRes
|
|||||||
import org.thingsboard.server.common.transport.util.SslUtil;
|
import org.thingsboard.server.common.transport.util.SslUtil;
|
||||||
import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
|
import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
|
||||||
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
|
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
|
||||||
import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials;
|
import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentials;
|
||||||
import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException;
|
import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException;
|
||||||
import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore;
|
import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore;
|
||||||
import org.thingsboard.server.transport.lwm2m.server.store.TbMainSecurityStore;
|
import org.thingsboard.server.transport.lwm2m.server.store.TbMainSecurityStore;
|
||||||
@ -124,7 +124,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer
|
|||||||
}
|
}
|
||||||
ValidateDeviceCredentialsResponse msg = securityInfo != null ? securityInfo.getMsg() : null;
|
ValidateDeviceCredentialsResponse msg = securityInfo != null ? securityInfo.getMsg() : null;
|
||||||
if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) {
|
if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) {
|
||||||
LwM2MCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MCredentials.class);
|
LwM2MClientCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MClientCredentials.class);
|
||||||
if (!credentials.getClient().getSecurityConfigClientMode().equals(LwM2MSecurityMode.X509)) {
|
if (!credentials.getClient().getSecurityConfigClientMode().equals(LwM2MSecurityMode.X509)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -30,9 +30,9 @@ public class TbLwM2MSecurityInfo implements Serializable {
|
|||||||
private ValidateDeviceCredentialsResponse msg;
|
private ValidateDeviceCredentialsResponse msg;
|
||||||
private SecurityInfo securityInfo;
|
private SecurityInfo securityInfo;
|
||||||
private SecurityMode securityMode;
|
private SecurityMode securityMode;
|
||||||
|
private DeviceProfile deviceProfile;
|
||||||
|
|
||||||
/** bootstrap */
|
/** bootstrap */
|
||||||
private DeviceProfile deviceProfile;
|
|
||||||
private LwM2MBootstrapConfig bootstrapCredentialConfig;
|
private LwM2MBootstrapConfig bootstrapCredentialConfig;
|
||||||
private String endpoint;
|
private String endpoint;
|
||||||
private BootstrapConfig bootstrapConfig;
|
private BootstrapConfig bootstrapConfig;
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCr
|
|||||||
import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapConfig;
|
import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapConfig;
|
||||||
|
|
||||||
@Data
|
@Data
|
||||||
public class LwM2MCredentials {
|
public class LwM2MClientCredentials {
|
||||||
private LwM2MClientCredential client;
|
private LwM2MClientCredential client;
|
||||||
private LwM2MBootstrapConfig bootstrap;
|
private LwM2MBootstrapConfig bootstrap;
|
||||||
}
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user