From 2d10409042aa372de0f34c5a75476b880ca38866 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Tue, 2 Nov 2021 13:31:17 +0200
Subject: [PATCH 1/2] lwm2m - authorization in Bootstrap session

---
 .../LwM2mDefaultBootstrapSessionManager.java  | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2mDefaultBootstrapSessionManager.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2mDefaultBootstrapSessionManager.java
index 0e6d2933e4..b12ae1c91f 100644
--- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2mDefaultBootstrapSessionManager.java
+++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2mDefaultBootstrapSessionManager.java
@@ -34,6 +34,7 @@ import org.eclipse.leshan.server.security.BootstrapSecurityStore;
 import org.eclipse.leshan.server.security.SecurityChecker;
 import org.eclipse.leshan.server.security.SecurityInfo;
 import org.thingsboard.server.common.transport.TransportService;
+import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException;
 
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -81,15 +82,19 @@ public class LwM2mDefaultBootstrapSessionManager extends DefaultBootstrapSession
     public BootstrapSession begin(BootstrapRequest request, Identity clientIdentity) {
         boolean authorized;
         Iterator<SecurityInfo> securityInfos;
-        if (bsSecurityStore != null && securityChecker != null) {
-            if (clientIdentity.isSecure() && clientIdentity.isPSK()) {
-                securityInfos = bsSecurityStore.getAllByEndpoint(clientIdentity.getPskIdentity());
+        try {
+            if (bsSecurityStore != null && securityChecker != null) {
+                if (clientIdentity.isSecure() && clientIdentity.isPSK()) {
+                    securityInfos = bsSecurityStore.getAllByEndpoint(clientIdentity.getPskIdentity());
+                } else {
+                    securityInfos = bsSecurityStore.getAllByEndpoint(request.getEndpointName());
+                }
+                authorized = securityChecker.checkSecurityInfos(request.getEndpointName(), clientIdentity, securityInfos);
             } else {
-                securityInfos = bsSecurityStore.getAllByEndpoint(request.getEndpointName());
+                authorized = true;
             }
-            authorized = securityChecker.checkSecurityInfos(request.getEndpointName(), clientIdentity, securityInfos);
-        } else {
-            authorized = true;
+        } catch (LwM2MAuthException e) {
+            authorized = false;
         }
         DefaultBootstrapSession session = new DefaultBootstrapSession(request, clientIdentity, authorized);
         if (authorized) {

From 934a03ea79c721b8b9a4fcf87bbbd97cb6b11316 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Tue, 2 Nov 2021 14:54:40 +0200
Subject: [PATCH 2/2] lwm2m - authorization in Bootstrap session default true

---
 .../bootstrap/secure/LwM2mDefaultBootstrapSessionManager.java | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2mDefaultBootstrapSessionManager.java b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2mDefaultBootstrapSessionManager.java
index b12ae1c91f..097b69f806 100644
--- a/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2mDefaultBootstrapSessionManager.java
+++ b/common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2mDefaultBootstrapSessionManager.java
@@ -80,7 +80,7 @@ public class LwM2mDefaultBootstrapSessionManager extends DefaultBootstrapSession
 
     @Override
     public BootstrapSession begin(BootstrapRequest request, Identity clientIdentity) {
-        boolean authorized;
+        boolean authorized = true;
         Iterator<SecurityInfo> securityInfos;
         try {
             if (bsSecurityStore != null && securityChecker != null) {
@@ -90,8 +90,6 @@ public class LwM2mDefaultBootstrapSessionManager extends DefaultBootstrapSession
                     securityInfos = bsSecurityStore.getAllByEndpoint(request.getEndpointName());
                 }
                 authorized = securityChecker.checkSecurityInfos(request.getEndpointName(), clientIdentity, securityInfos);
-            } else {
-                authorized = true;
             }
         } catch (LwM2MAuthException e) {
             authorized = false;