lwm2m - change bootstrapConfig
This commit is contained in:
nickAS21
Sergey Tarnavskiy
parent
9ec919f175
commit
1d9132b0c6
@ -16,6 +16,7 @@
|
||||
package org.thingsboard.server.transport.lwm2m.bootstrap.secure;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
@ -31,10 +32,10 @@ import java.nio.charset.StandardCharsets;
|
||||
import java.util.List;
|
||||
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
public class LwM2MBootstrapConfig implements Serializable {
|
||||
|
||||
List<LwM2MBootstrapServerCredential> serversConfiguration;
|
||||
LwM2MBootstrapClientCredential bootstrapClientCredential;
|
||||
List<LwM2MBootstrapServerCredential> serverConfiguration;
|
||||
/*
|
||||
interface BootstrapSecurityConfig
|
||||
servers: BootstrapServersSecurityConfig,
|
||||
@ -49,9 +50,9 @@ public class LwM2MBootstrapConfig implements Serializable {
|
||||
* notifIfDisabled: boolean,
|
||||
* binding: string
|
||||
* */
|
||||
@Getter
|
||||
@Setter
|
||||
private LwM2MBootstrapServers servers;
|
||||
// @Getter
|
||||
// @Setter
|
||||
// private LwM2MBootstrapServers servers;
|
||||
|
||||
/** -bootstrapServer, lwm2mServer
|
||||
* interface ServerSecurityConfig
|
||||
@ -68,15 +69,15 @@ public class LwM2MBootstrapConfig implements Serializable {
|
||||
* */
|
||||
@Getter
|
||||
@Setter
|
||||
private LwM2MServerBootstrap bootstrapServer;
|
||||
private LwM2MBootstrapClientCredential bootstrapServer;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
private LwM2MServerBootstrap lwm2mServer;
|
||||
private LwM2MBootstrapClientCredential lwm2mServer;
|
||||
|
||||
public LwM2MBootstrapConfig(List<LwM2MBootstrapServerCredential> serverConfiguration, LwM2MBootstrapClientCredential bootstrapClientCredential) {
|
||||
this.serverConfiguration = serverConfiguration;
|
||||
|
||||
public LwM2MBootstrapConfig(List<LwM2MBootstrapServerCredential> serversConfiguration, LwM2MBootstrapClientCredential bootstrapClientCredential) {
|
||||
this.serversConfiguration = serversConfiguration;
|
||||
this.bootstrapClientCredential = bootstrapClientCredential;
|
||||
}
|
||||
|
||||
@JsonIgnore
|
||||
@ -87,17 +88,17 @@ public class LwM2MBootstrapConfig implements Serializable {
|
||||
configBs.toDelete.add("/1");
|
||||
/* Server Configuration (object 1) as defined in LWM2M 1.0.x TS. */
|
||||
BootstrapConfig.ServerConfig server0 = new BootstrapConfig.ServerConfig();
|
||||
server0.shortId = servers.getShortId();
|
||||
server0.lifetime = servers.getLifetime();
|
||||
server0.defaultMinPeriod = servers.getDefaultMinPeriod();
|
||||
server0.notifIfDisabled = servers.isNotifIfDisabled();
|
||||
server0.binding = BindingMode.parse(servers.getBinding());
|
||||
// server0.shortId = servers.getShortId();
|
||||
// server0.lifetime = servers.getLifetime();
|
||||
// server0.defaultMinPeriod = servers.getDefaultMinPeriod();
|
||||
// server0.notifIfDisabled = servers.isNotifIfDisabled();
|
||||
// server0.binding = BindingMode.parse(servers.getBinding());
|
||||
configBs.servers.put(0, server0);
|
||||
/* Security Configuration (object 0) as defined in LWM2M 1.0.x TS. Bootstrap instance = 0 */
|
||||
this.bootstrapServer.setBootstrapServerIs(true);
|
||||
configBs.security.put(0, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.bootstrapServer.isBootstrapServerIs(), this.bootstrapServer.getSecurityMode(), this.bootstrapServer.getClientPublicKeyOrId(), this.bootstrapServer.getServerPublicKey(), this.bootstrapServer.getClientSecretKey(), this.bootstrapServer.getServerId()));
|
||||
/* Security Configuration (object 0) as defined in LWM2M 1.0.x TS. Server instance = 1 */
|
||||
configBs.security.put(1, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.lwm2mServer.isBootstrapServerIs(), this.lwm2mServer.getSecurityMode(), this.lwm2mServer.getClientPublicKeyOrId(), this.lwm2mServer.getServerPublicKey(), this.lwm2mServer.getClientSecretKey(), this.lwm2mServer.getServerId()));
|
||||
// this.bootstrapServer.setBootstrapServerIs(true);
|
||||
// configBs.security.put(0, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.bootstrapServer.isBootstrapServerIs(), this.bootstrapServer.getSecurityMode(), this.bootstrapServer.getClientPublicKeyOrId(), this.bootstrapServer.getServerPublicKey(), this.bootstrapServer.getClientSecretKey(), this.bootstrapServer.getServerId()));
|
||||
// /* Security Configuration (object 0) as defined in LWM2M 1.0.x TS. Server instance = 1 */
|
||||
// configBs.security.put(1, setServerSecurity(this.lwm2mServer.getHost(), this.lwm2mServer.getPort(), this.lwm2mServer.getSecurityHost(), this.lwm2mServer.getSecurityPort(), this.lwm2mServer.isBootstrapServerIs(), this.lwm2mServer.getSecurityMode(), this.lwm2mServer.getClientPublicKeyOrId(), this.lwm2mServer.getServerPublicKey(), this.lwm2mServer.getClientSecretKey(), this.lwm2mServer.getServerId()));
|
||||
return configBs;
|
||||
}
|
||||
|
||||
|
||||
@ -71,6 +71,7 @@ public class LwM2MBootstrapSecurityStore implements BootstrapSecurityStore {
|
||||
|
||||
@Override
|
||||
public Iterator<SecurityInfo> getAllByEndpoint(String endPoint) {
|
||||
// TODO
|
||||
TbLwM2MSecurityInfo store = lwM2MCredentialsSecurityInfoValidator.getEndpointSecurityInfoByCredentialsId(endPoint, BOOTSTRAP);
|
||||
if (store.getBootstrapCredentialConfig() != null && store.getSecurityMode() != null) {
|
||||
/* add value to store from BootstrapJson */
|
||||
@ -125,20 +126,20 @@ public class LwM2MBootstrapSecurityStore implements BootstrapSecurityStore {
|
||||
switch (lwM2MBootstrapConfig.getBootstrapServer().getSecurityMode()) {
|
||||
/* Use RPK only */
|
||||
case PSK:
|
||||
store.setSecurityInfo(SecurityInfo.newPreSharedKeyInfo(store.getEndpoint(),
|
||||
lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId(),
|
||||
Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientSecretKey().toCharArray())));
|
||||
// store.setSecurityInfo(SecurityInfo.newPreSharedKeyInfo(store.getEndpoint(),
|
||||
// lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId(),
|
||||
// Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientSecretKey().toCharArray())));
|
||||
store.setSecurityMode(SecurityMode.PSK);
|
||||
break;
|
||||
case RPK:
|
||||
try {
|
||||
store.setSecurityInfo(SecurityInfo.newRawPublicKeyInfo(store.getEndpoint(),
|
||||
SecurityUtil.publicKey.decode(Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId().toCharArray()))));
|
||||
store.setSecurityMode(SecurityMode.RPK);
|
||||
break;
|
||||
} catch (IOException | GeneralSecurityException e) {
|
||||
log.error("Unable to decode Client public key for [{}] [{}]", store.getEndpoint(), e.getMessage());
|
||||
}
|
||||
// try {
|
||||
//// store.setSecurityInfo(SecurityInfo.newRawPublicKeyInfo(store.getEndpoint(),
|
||||
//// SecurityUtil.publicKey.decode(Hex.decodeHex(lwM2MBootstrapConfig.getBootstrapServer().getClientPublicKeyOrId().toCharArray()))));
|
||||
//// store.setSecurityMode(SecurityMode.RPK);
|
||||
// break;
|
||||
// } catch (IOException | GeneralSecurityException e) {
|
||||
// log.error("Unable to decode Client public key for [{}] [{}]", store.getEndpoint(), e.getMessage());
|
||||
// }
|
||||
case X509:
|
||||
store.setSecurityInfo(SecurityInfo.newX509CertInfo(store.getEndpoint()));
|
||||
store.setSecurityMode(SecurityMode.X509);
|
||||
|
||||
@ -32,7 +32,7 @@ import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsRes
|
||||
import org.thingsboard.server.gen.transport.TransportProtos.ValidateDeviceLwM2MCredentialsRequestMsg;
|
||||
import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
|
||||
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
|
||||
import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials;
|
||||
import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentials;
|
||||
import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportContext;
|
||||
import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException;
|
||||
import org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer;
|
||||
@ -48,6 +48,7 @@ import static org.eclipse.leshan.core.SecurityMode.PSK;
|
||||
import static org.eclipse.leshan.core.SecurityMode.RPK;
|
||||
import static org.eclipse.leshan.core.SecurityMode.X509;
|
||||
import static org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer.BOOTSTRAP;
|
||||
import static org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer.CLIENT;
|
||||
|
||||
@Slf4j
|
||||
@Component
|
||||
@ -87,25 +88,23 @@ public class LwM2mCredentialsSecurityInfoValidator {
|
||||
log.error("Failed to await credentials!", e);
|
||||
}
|
||||
|
||||
TbLwM2MSecurityInfo securityInfo = resultSecurityStore[0];
|
||||
return resultSecurityStore[0];
|
||||
|
||||
if (securityInfo.getSecurityMode() == null) {
|
||||
throw new LwM2MAuthException();
|
||||
}
|
||||
|
||||
return securityInfo;
|
||||
// if ((CLIENT.equals(keyValue) && securityInfo.getSecurityMode() == null) ||
|
||||
// (BOOTSTRAP.equals(keyValue) && securityInfo.getBootstrapCredentialConfig().getBootstrapServer()==null && securityInfo.getBootstrapCredentialConfig().getLwm2mServer()==null)){
|
||||
// throw new LwM2MAuthException();
|
||||
// }
|
||||
//
|
||||
// return securityInfo;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create new SecurityInfo
|
||||
* @param endpoint -
|
||||
* @param jsonStr -
|
||||
* @param keyValue -
|
||||
* @return SecurityInfo
|
||||
*/
|
||||
private TbLwM2MSecurityInfo createSecurityInfo(String endpoint, String jsonStr, LwM2mTypeServer keyValue) {
|
||||
TbLwM2MSecurityInfo result = new TbLwM2MSecurityInfo();
|
||||
LwM2MCredentials credentials = JacksonUtil.fromString(jsonStr, LwM2MCredentials.class);
|
||||
LwM2MClientCredentials credentials = JacksonUtil.fromString(jsonStr, LwM2MClientCredentials.class);
|
||||
if (credentials != null) {
|
||||
if (keyValue.equals(BOOTSTRAP)) {
|
||||
result.setBootstrapCredentialConfig(credentials.getBootstrap());
|
||||
@ -114,7 +113,7 @@ public class LwM2mCredentialsSecurityInfoValidator {
|
||||
endpoint = StringUtils.isNotEmpty(pskClientConfig.getEndpoint()) ? pskClientConfig.getEndpoint() : endpoint;
|
||||
}
|
||||
result.setEndpoint(endpoint);
|
||||
result.setSecurityMode(credentials.getBootstrap().getBootstrapServer().getSecurityMode());
|
||||
// result.setSecurityMode(credentials.getBootstrap().getBootstrapServer().getSecurityMode());
|
||||
} else {
|
||||
result.setEndpoint(credentials.getClient().getEndpoint());
|
||||
switch (credentials.getClient().getSecurityConfigClientMode()) {
|
||||
|
||||
@ -41,7 +41,7 @@ import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsRes
|
||||
import org.thingsboard.server.common.transport.util.SslUtil;
|
||||
import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
|
||||
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
|
||||
import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials;
|
||||
import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentials;
|
||||
import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException;
|
||||
import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore;
|
||||
import org.thingsboard.server.transport.lwm2m.server.store.TbMainSecurityStore;
|
||||
@ -124,7 +124,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer
|
||||
}
|
||||
ValidateDeviceCredentialsResponse msg = securityInfo != null ? securityInfo.getMsg() : null;
|
||||
if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) {
|
||||
LwM2MCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MCredentials.class);
|
||||
LwM2MClientCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MClientCredentials.class);
|
||||
if (!credentials.getClient().getSecurityConfigClientMode().equals(LwM2MSecurityMode.X509)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -30,9 +30,9 @@ public class TbLwM2MSecurityInfo implements Serializable {
|
||||
private ValidateDeviceCredentialsResponse msg;
|
||||
private SecurityInfo securityInfo;
|
||||
private SecurityMode securityMode;
|
||||
private DeviceProfile deviceProfile;
|
||||
|
||||
/** bootstrap */
|
||||
private DeviceProfile deviceProfile;
|
||||
private LwM2MBootstrapConfig bootstrapCredentialConfig;
|
||||
private String endpoint;
|
||||
private BootstrapConfig bootstrapConfig;
|
||||
|
||||
@ -20,7 +20,7 @@ import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCr
|
||||
import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapConfig;
|
||||
|
||||
@Data
|
||||
public class LwM2MCredentials {
|
||||
public class LwM2MClientCredentials {
|
||||
private LwM2MClientCredential client;
|
||||
private LwM2MBootstrapConfig bootstrap;
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user