dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge with the new data structures

Browse Source
This commit is contained in:
Andrii Shvaika 2021-05-06 14:07:29 +03:00
parent 7ca626a086
commit 38843c839c
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/TbLwM2MDtlsCertificateVerifier.java
View File

@ -30,6 +30,7 @@ import org.eclipse.californium.scandium.dtls.HandshakeResultHandler;
import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier; import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier;
import org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier; import org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier;
import org.eclipse.californium.scandium.util.ServerNames; import org.eclipse.californium.scandium.util.ServerNames;
import org.eclipse.leshan.core.SecurityMode;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
@ -42,6 +43,8 @@ import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsRes
import org.thingsboard.server.common.transport.util.SslUtil; import org.thingsboard.server.common.transport.util.SslUtil;
import org.thingsboard.server.gen.transport.TransportProtos; import org.thingsboard.server.gen.transport.TransportProtos;
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig; import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MCredentials;
import org.thingsboard.server.transport.lwm2m.secure.credentials.X509ClientCredentialsConfig;
import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore; import org.thingsboard.server.transport.lwm2m.server.store.TbLwM2MDtlsSessionStore;
import javax.annotation.PostConstruct; import javax.annotation.PostConstruct;
@ -104,7 +107,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer
return new CertificateVerificationResult(cid, publicKey, null); return new CertificateVerificationResult(cid, publicKey, null);
} else { } else {
try { try {
String credentialsBody = null; boolean x509CredentialsFound = false;
CertPath certpath = message.getCertificateChain(); CertPath certpath = message.getCertificateChain();
X509Certificate[] chain = certpath.getCertificates().toArray(new X509Certificate[0]); X509Certificate[] chain = certpath.getCertificates().toArray(new X509Certificate[0]);
for (X509Certificate cert : chain) { for (X509Certificate cert : chain) {
@ -136,12 +139,15 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer
if (latch.await(10, TimeUnit.SECONDS)) { if (latch.await(10, TimeUnit.SECONDS)) {
ValidateDeviceCredentialsResponse msg = deviceCredentialsResponse[0]; ValidateDeviceCredentialsResponse msg = deviceCredentialsResponse[0];
if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) { if (msg != null && org.thingsboard.server.common.data.StringUtils.isNotEmpty(msg.getCredentials())) {
JsonNode credentialsJson = JacksonUtil.toJsonNode(msg.getCredentials()); LwM2MCredentials credentials = JacksonUtil.fromString(msg.getCredentials(), LwM2MCredentials.class);
String certBody = credentialsJson.get("cert").asText(); if(!credentials.getClient().getSecurityConfigClientMode().equals(SecurityMode.X509)){
String endpoint = credentialsJson.get("endpoint").asText(); continue;
}
X509ClientCredentialsConfig config = (X509ClientCredentialsConfig) credentials.getClient();
String certBody = config.getCert();
String endpoint = config.getEndpoint();
if (strCert.equals(certBody)) { if (strCert.equals(certBody)) {
//TODO: extract endpoint from credentials body and push to storage x509CredentialsFound = true;
credentialsBody = msg.getCredentials();
DeviceProfile deviceProfile = msg.getDeviceProfile(); DeviceProfile deviceProfile = msg.getDeviceProfile();
if (msg.hasDeviceInfo() && deviceProfile != null) { if (msg.hasDeviceInfo() && deviceProfile != null) {
sessionStorage.put(endpoint, new TbX509DtlsSessionInfo(cert.getSubjectX500Principal().getName(), msg)); sessionStorage.put(endpoint, new TbX509DtlsSessionInfo(cert.getSubjectX500Principal().getName(), msg));
@ -159,7 +165,7 @@ public class TbLwM2MDtlsCertificateVerifier implements NewAdvancedCertificateVer
log.error(e.getMessage(), e); log.error(e.getMessage(), e);
} }
} }
if (credentialsBody == null) { if (!x509CredentialsFound) {
if (staticCertificateVerifier != null) { if (staticCertificateVerifier != null) {
staticCertificateVerifier.verifyCertificate(message, session); staticCertificateVerifier.verifyCertificate(message, session);
} else { } else {

1
common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/secure/credentials/X509ClientCredentialsConfig.java
View File

@ -9,6 +9,7 @@ import static org.eclipse.leshan.core.SecurityMode.X509;
public class X509ClientCredentialsConfig implements LwM2MClientCredentialsConfig { public class X509ClientCredentialsConfig implements LwM2MClientCredentialsConfig {
private boolean allowTrustedOnly; private boolean allowTrustedOnly;
private String cert; private String cert;
private String endpoint;
@Override @Override
public SecurityMode getSecurityConfigClientMode() { public SecurityMode getSecurityConfigClientMode() {