diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java index 23c48098f5..e01dc22665 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/client/LwM2MTestClient.java @@ -169,70 +169,60 @@ public class LwM2MTestClient { public void onBootstrapStarted(ServerIdentity bsserver, BootstrapRequest request) { clientState = ON_BOOTSTRAP_STARTED; clientStates.add(clientState); -// log.info("ClientObserver -> onBootstrapStarted..."); } @Override public void onBootstrapSuccess(ServerIdentity bsserver, BootstrapRequest request) { clientState = ON_BOOTSTRAP_SUCCESS; clientStates.add(clientState); -// log.info("ClientObserver -> onBootstrapSuccess..."); } @Override public void onBootstrapFailure(ServerIdentity bsserver, BootstrapRequest request, ResponseCode responseCode, String errorMessage, Exception cause) { clientState = ON_BOOTSTRAP_FAILURE; clientStates.add(clientState); -// log.info("ClientObserver -> onBootstrapFailure..."); } @Override public void onBootstrapTimeout(ServerIdentity bsserver, BootstrapRequest request) { clientState = ON_BOOTSTRAP_TIMEOUT; clientStates.add(clientState); -// log.info("ClientObserver -> onBootstrapTimeout..."); } @Override public void onRegistrationStarted(ServerIdentity server, RegisterRequest request) { clientState = ON_REGISTRATION_STARTED; clientStates.add(clientState); -// log.info("ClientObserver -> onRegistrationStarted... EndpointName [{}]", request.getEndpointName()); } @Override public void onRegistrationSuccess(ServerIdentity server, RegisterRequest request, String registrationID) { clientState = ON_REGISTRATION_SUCCESS; clientStates.add(clientState); -// log.info("ClientObserver -> onRegistrationSuccess... EndpointName [{}] [{}]", request.getEndpointName(), registrationID); } @Override public void onRegistrationFailure(ServerIdentity server, RegisterRequest request, ResponseCode responseCode, String errorMessage, Exception cause) { clientState = ON_REGISTRATION_FAILURE; clientStates.add(clientState); -// log.info("ClientObserver -> onRegistrationFailure... ServerIdentity [{}]", server); } @Override public void onRegistrationTimeout(ServerIdentity server, RegisterRequest request) { clientState = ON_REGISTRATION_TIMEOUT; clientStates.add(clientState); -// log.info("ClientObserver -> onRegistrationTimeout... RegisterRequest [{}]", request); } @Override public void onUpdateStarted(ServerIdentity server, UpdateRequest request) { clientState = ON_UPDATE_STARTED; clientStates.add(clientState); -// log.info("ClientObserver -> onUpdateStarted... UpdateRequest [{}]", request); } @Override public void onUpdateSuccess(ServerIdentity server, UpdateRequest request) { clientState = ON_UPDATE_SUCCESS; clientStates.add(clientState); -// log.info("ClientObserver -> onUpdateSuccess... UpdateRequest [{}]", request); } @Override @@ -251,30 +241,24 @@ public class LwM2MTestClient { public void onDeregistrationStarted(ServerIdentity server, DeregisterRequest request) { clientState = ON_DEREGISTRATION_STARTED; clientStates.add(clientState); -// log.info("ClientObserver ->onDeregistrationStarted... DeregisterRequest [{}]", request.getRegistrationId()); - } @Override public void onDeregistrationSuccess(ServerIdentity server, DeregisterRequest request) { clientState = ON_DEREGISTRATION_SUCCESS; clientStates.add(clientState); -// log.info("ClientObserver ->onDeregistrationSuccess... DeregisterRequest [{}]", request.getRegistrationId()); - } @Override public void onDeregistrationFailure(ServerIdentity server, DeregisterRequest request, ResponseCode responseCode, String errorMessage, Exception cause) { clientState = ON_DEREGISTRATION_FAILURE; clientStates.add(clientState); -// log.info("ClientObserver ->onDeregistrationFailure... DeregisterRequest [{}] [{}]", request.getRegistrationId(), request.getRegistrationId()); } @Override public void onDeregistrationTimeout(ServerIdentity server, DeregisterRequest request) { clientState = ON_DEREGISTRATION_TIMEOUT; clientStates.add(clientState); -// log.info("ClientObserver ->onDeregistrationTimeout... DeregisterRequest [{}] [{}]", request.getRegistrationId(), request.getRegistrationId()); } @Override diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java index 0de6cd37a1..a82eb8d86c 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/AbstractSecurityLwM2MIntegrationTest.java @@ -21,6 +21,7 @@ import org.apache.commons.codec.binary.Base64; import org.eclipse.californium.elements.config.Configuration; import org.eclipse.leshan.client.object.Security; import org.eclipse.leshan.core.ResponseCode; +import org.eclipse.leshan.core.util.Hex; import org.junit.Assert; import org.springframework.test.web.servlet.MvcResult; import org.thingsboard.common.util.JacksonUtil; @@ -226,7 +227,6 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M expectedStatusesRegistrationBsSuccess, false, securityBs); - } private void basicTestConnectionBootstrapRequestTrigger(Security security, @@ -327,7 +327,8 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M protected LwM2MDeviceCredentials getDeviceCredentialsSecure(LwM2MClientCredential clientCredentials, PrivateKey privateKey, X509Certificate certificate, - LwM2MSecurityMode mode) { + LwM2MSecurityMode mode, + boolean privateKeyIsBad) { LwM2MDeviceCredentials credentials = new LwM2MDeviceCredentials(); credentials.setClient(clientCredentials); LwM2MBootstrapClientCredentials bootstrapCredentials; @@ -336,10 +337,10 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M bootstrapCredentials = getBootstrapClientCredentialsPsk(clientCredentials); break; case RPK: - bootstrapCredentials = getBootstrapClientCredentialsRpk(certificate, privateKey); + bootstrapCredentials = getBootstrapClientCredentialsRpk(certificate, privateKey, privateKeyIsBad); break; case X509: - bootstrapCredentials = getBootstrapClientCredentialsX509(certificate, privateKey); + bootstrapCredentials = getBootstrapClientCredentialsX509(certificate, privateKey, privateKeyIsBad); break; default: throw new IllegalStateException("Unexpected value: " + mode); @@ -360,25 +361,34 @@ public abstract class AbstractSecurityLwM2MIntegrationTest extends AbstractLwM2M return bootstrapCredentials; } - private LwM2MBootstrapClientCredentials getBootstrapClientCredentialsRpk(X509Certificate certificate, PrivateKey privateKey) { + private LwM2MBootstrapClientCredentials getBootstrapClientCredentialsRpk(X509Certificate certificate, PrivateKey privateKey, boolean privateKeyIsBad) { LwM2MBootstrapClientCredentials bootstrapCredentials = new LwM2MBootstrapClientCredentials(); RPKBootstrapClientCredential serverCredentials = new RPKBootstrapClientCredential(); if (certificate != null && certificate.getPublicKey() != null && privateKey != null) { serverCredentials.setClientPublicKeyOrId(Base64.encodeBase64String(certificate.getPublicKey().getEncoded())); - serverCredentials.setClientSecretKey(Base64.encodeBase64String(privateKey.getEncoded())); + if (privateKeyIsBad) { + serverCredentials.setClientSecretKey(Hex.encodeHexString(privateKey.getEncoded())); + } else { + serverCredentials.setClientSecretKey(Base64.encodeBase64String(privateKey.getEncoded())); + + } } bootstrapCredentials.setBootstrapServer(serverCredentials); bootstrapCredentials.setLwm2mServer(serverCredentials); return bootstrapCredentials; } - private LwM2MBootstrapClientCredentials getBootstrapClientCredentialsX509(X509Certificate certificate, PrivateKey privateKey) { + private LwM2MBootstrapClientCredentials getBootstrapClientCredentialsX509(X509Certificate certificate, PrivateKey privateKey, boolean privateKeyIsBad) { LwM2MBootstrapClientCredentials bootstrapCredentials = new LwM2MBootstrapClientCredentials(); X509BootstrapClientCredential serverCredentials = new X509BootstrapClientCredential(); if (certificate != null) { try { serverCredentials.setClientPublicKeyOrId(Base64.encodeBase64String(certificate.getEncoded())); - serverCredentials.setClientSecretKey(Base64.encodeBase64String(privateKey.getEncoded())); + if (privateKeyIsBad) { + serverCredentials.setClientSecretKey(Hex.encodeHexString(privateKey.getEncoded())); + } else { + serverCredentials.setClientSecretKey(Base64.encodeBase64String(privateKey.getEncoded())); + } } catch (CertificateEncodingException e) { log.error("Client`s certificate [{}] is bad. [{}]", certificate, e.getMessage()); } diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java index 475771d4c1..9db90a9fdb 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/PskLwm2mIntegrationTest.java @@ -53,7 +53,7 @@ public class PskLwm2mIntegrationTest extends AbstractSecurityLwM2MIntegrationTes identity.getBytes(StandardCharsets.UTF_8), Hex.decodeHex(keyPsk.toCharArray())); Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(PSK, NONE)); - LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, null, null, PSK); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, null, null, PSK, false); this.basicTestConnection(security, deviceCredentials, COAP_CONFIG, @@ -76,7 +76,7 @@ public class PskLwm2mIntegrationTest extends AbstractSecurityLwM2MIntegrationTes clientCredentials.setKey(keyPsk); Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(PSK, NONE)); createDeviceProfile(transportConfiguration); - LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, null, null, PSK); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, null, null, PSK, false); MvcResult result = createDeviceWithMvcResult(deviceCredentials, clientEndpoint); assertEquals(HttpServletResponse.SC_BAD_REQUEST, result.getResponse().getStatus()); String msgExpected = "Key must be HexDec format: 32, 64, 128 characters!"; @@ -98,7 +98,7 @@ public class PskLwm2mIntegrationTest extends AbstractSecurityLwM2MIntegrationTes identity.getBytes(StandardCharsets.UTF_8), Hex.decodeHex(keyPsk.toCharArray())); Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(PSK, BOTH)); - LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, null, null, PSK); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, null, null, PSK, false); this.basicTestConnection(securityBs, deviceCredentials, COAP_CONFIG, diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java index ed94443f03..082642690d 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/RpkLwM2MIntegrationTest.java @@ -17,17 +17,22 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import org.apache.commons.codec.binary.Base64; import org.eclipse.leshan.client.object.Security; +import org.eclipse.leshan.core.util.Hex; import org.junit.Test; +import org.springframework.test.web.servlet.MvcResult; import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials; import org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential; import org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration; import org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest; +import javax.servlet.http.HttpServletResponse; import java.security.PrivateKey; import java.security.cert.X509Certificate; import static org.eclipse.leshan.client.object.Security.rpk; import static org.eclipse.leshan.client.object.Security.rpkBootstrap; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; import static org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode.RPK; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.LwM2MClientState.ON_REGISTRATION_SUCCESS; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.LwM2MProfileBootstrapConfigType.BOTH; @@ -50,7 +55,7 @@ public class RpkLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTes privateKey.getEncoded(), serverX509Cert.getPublicKey().getEncoded()); Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(RPK, NONE)); - LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, RPK); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, RPK, false); this.basicTestConnection(securityBs, deviceCredentials, COAP_CONFIG, @@ -62,6 +67,40 @@ public class RpkLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTes ON_REGISTRATION_SUCCESS); } + @Test + public void testWithRpkValidationPublicKeyBase64format_BAD_REQUEST() throws Exception { + String clientEndpoint = CLIENT_ENDPOINT_RPK + "BadPublicKey"; + X509Certificate certificate = clientX509CertTrust; + PrivateKey privateKey = clientPrivateKeyFromCertTrust; + RPKClientCredential clientCredentials = new RPKClientCredential(); + clientCredentials.setEndpoint(clientEndpoint); + clientCredentials.setKey(Hex.encodeHexString(certificate.getPublicKey().getEncoded())); + Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(RPK, NONE)); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, RPK, false); + createDeviceProfile(transportConfiguration); + MvcResult result = createDeviceWithMvcResult(deviceCredentials, clientEndpoint); + assertEquals(HttpServletResponse.SC_BAD_REQUEST, result.getResponse().getStatus()); + String msgExpected = "LwM2M client RPK key must be in standard [RFC7250] and support only EC algorithm and then encoded to Base64 format!"; + assertTrue(result.getResponse().getContentAsString().contains(msgExpected)); + } + + @Test + public void testWithRpkValidationPrivateKeyBase64format_BAD_REQUEST() throws Exception { + String clientEndpoint = CLIENT_ENDPOINT_RPK + "BadPrivateKey"; + X509Certificate certificate = clientX509CertTrust; + PrivateKey privateKey = clientPrivateKeyFromCertTrust; + RPKClientCredential clientCredentials = new RPKClientCredential(); + clientCredentials.setEndpoint(clientEndpoint); + clientCredentials.setKey(Base64.encodeBase64String(certificate.getPublicKey().getEncoded())); + Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(RPK, NONE)); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, RPK, true); + createDeviceProfile(transportConfiguration); + MvcResult result = createDeviceWithMvcResult(deviceCredentials, clientEndpoint); + assertEquals(HttpServletResponse.SC_BAD_REQUEST, result.getResponse().getStatus()); + String msgExpected = "Bootstrap server client RPK secret key must be in PKCS#8 format (DER encoding, standard [RFC5958]) and then encoded to Base64 format!"; + assertTrue(result.getResponse().getContentAsString().contains(msgExpected)); + } + // Bootstrap + Lwm2m @Test public void testWithRpkConnectBsSuccess_UpdateTwoSectionsBootstrapAndLm2m_ConnectLwm2mSuccess() throws Exception { @@ -76,7 +115,7 @@ public class RpkLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegrationTes privateKey.getEncoded(), serverX509CertBs.getPublicKey().getEncoded()); Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(RPK, BOTH)); - LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, clientPrivateKeyFromCertTrust, certificate, RPK); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, clientPrivateKeyFromCertTrust, certificate, RPK, false); this.basicTestConnection(securityBs, deviceCredentials, COAP_CONFIG, diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java index b226bc1dad..76f5af8965 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_NoTrustLwM2MIntegrationTest.java @@ -16,18 +16,23 @@ package org.thingsboard.server.transport.lwm2m.security.sql; import org.eclipse.leshan.client.object.Security; +import org.eclipse.leshan.core.util.Hex; import org.junit.Test; +import org.springframework.test.web.servlet.MvcResult; import org.springframework.util.Base64Utils; import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MDeviceCredentials; import org.thingsboard.server.common.data.device.credentials.lwm2m.X509ClientCredential; import org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration; import org.thingsboard.server.transport.lwm2m.security.AbstractSecurityLwM2MIntegrationTest; +import javax.servlet.http.HttpServletResponse; import java.security.PrivateKey; import java.security.cert.X509Certificate; import static org.eclipse.leshan.client.object.Security.x509; import static org.eclipse.leshan.client.object.Security.x509Bootstrap; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; import static org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode.X509; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.LwM2MClientState.ON_REGISTRATION_SUCCESS; import static org.thingsboard.server.transport.lwm2m.Lwm2mTestHelper.LwM2MProfileBootstrapConfigType.BOTH; @@ -50,7 +55,7 @@ public class X509_NoTrustLwM2MIntegrationTest extends AbstractSecurityLwM2MInteg privateKey.getEncoded(), serverX509Cert.getEncoded()); Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(X509, NONE)); - LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509, false); this.basicTestConnection(security, deviceCredentials, COAP_CONFIG, @@ -62,6 +67,40 @@ public class X509_NoTrustLwM2MIntegrationTest extends AbstractSecurityLwM2MInteg ON_REGISTRATION_SUCCESS); } + @Test + public void testWithX509NoTrustValidationPublicKeyBase64format_BAD_REQUEST() throws Exception { + String clientEndpoint = CLIENT_ENDPOINT_X509_TRUST_NO + "BadPublicKey"; + X509Certificate certificate = clientX509CertTrustNo; + PrivateKey privateKey = clientPrivateKeyFromCertTrustNo; + X509ClientCredential clientCredentials = new X509ClientCredential(); + clientCredentials.setEndpoint(clientEndpoint); + clientCredentials.setCert(Hex.encodeHexString(certificate.getEncoded())); + Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(X509, NONE)); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509, false); + createDeviceProfile(transportConfiguration); + MvcResult result = createDeviceWithMvcResult(deviceCredentials, clientEndpoint); + assertEquals(HttpServletResponse.SC_BAD_REQUEST, result.getResponse().getStatus()); + String msgExpected = "LwM2M client X509 certificate must be in DER-encoded X509v3 format and support only EC algorithm and then encoded to Base64 format!"; + assertTrue(result.getResponse().getContentAsString().contains(msgExpected)); + } + + @Test + public void testWithX509NoTrustValidationPrivateKeyBase64format_BAD_REQUEST() throws Exception { + String clientEndpoint = CLIENT_ENDPOINT_X509_TRUST_NO + "BadPrivateKey"; + X509Certificate certificate = clientX509CertTrustNo; + PrivateKey privateKey = clientPrivateKeyFromCertTrustNo; + X509ClientCredential clientCredentials = new X509ClientCredential(); + clientCredentials.setEndpoint(clientEndpoint); + clientCredentials.setCert(Base64Utils.encodeToString(certificate.getEncoded())); + Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(X509, NONE)); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509, true); + createDeviceProfile(transportConfiguration); + MvcResult result = createDeviceWithMvcResult(deviceCredentials, clientEndpoint); + assertEquals(HttpServletResponse.SC_BAD_REQUEST, result.getResponse().getStatus()); + String msgExpected = "Bootstrap server client X509 secret key must be in PKCS#8 format (DER encoding, standard [RFC5958]) and then encoded to Base64 format!"; + assertTrue(result.getResponse().getContentAsString().contains(msgExpected)); + } + // Bootstrap + Lwm2m @Test public void testWithX509NoTrustConnectBsSuccess_UpdateTwoSectionsBootstrapAndLm2m_ConnectLwm2mSuccess() throws Exception { @@ -76,7 +115,7 @@ public class X509_NoTrustLwM2MIntegrationTest extends AbstractSecurityLwM2MInteg privateKey.getEncoded(), serverX509CertBs.getEncoded()); Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(X509, BOTH)); - LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509, false); this.basicTestConnection(security, deviceCredentials, COAP_CONFIG, diff --git a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java index e5e047ac0f..a7087bc072 100644 --- a/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java +++ b/application/src/test/java/org/thingsboard/server/transport/lwm2m/security/sql/X509_TrustLwM2MIntegrationTest.java @@ -49,7 +49,7 @@ public class X509_TrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegra privateKey.getEncoded(), serverX509Cert.getEncoded()); Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(X509, NONE)); - LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509, false); this.basicTestConnection(security, deviceCredentials, COAP_CONFIG, @@ -75,7 +75,7 @@ public class X509_TrustLwM2MIntegrationTest extends AbstractSecurityLwM2MIntegra privateKey.getEncoded(), serverX509CertBs.getEncoded()); Lwm2mDeviceProfileTransportConfiguration transportConfiguration = getTransportConfiguration(OBSERVE_ATTRIBUTES_WITHOUT_PARAMS, getBootstrapServerCredentialsSecure(X509, BOTH)); - LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509); + LwM2MDeviceCredentials deviceCredentials = getDeviceCredentialsSecure(clientCredentials, privateKey, certificate, X509, false); this.basicTestConnection(security, deviceCredentials, COAP_CONFIG,