dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use SSL credentials configuration to setup HTTPS. Enable Lwm2m credentials by default.

Browse Source
This commit is contained in:
Igor Kulikov 2021-10-27 14:19:50 +03:00
parent 330ff09437
commit 483a69fed1
12 changed files with 226 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
application/src/main/java/org/thingsboard/server/ThingsboardInstallApplication.java
View File

@ -31,6 +31,7 @@ import java.util.Arrays;
"org.thingsboard.server.service.install", "org.thingsboard.server.service.install",
"org.thingsboard.server.dao", "org.thingsboard.server.dao",
"org.thingsboard.server.common.stats", "org.thingsboard.server.common.stats",
"org.thingsboard.server.common.transport.config.ssl",
"org.thingsboard.server.cache"}) "org.thingsboard.server.cache"})
public class ThingsboardInstallApplication { public class ThingsboardInstallApplication {

50
application/src/main/resources/thingsboard.yml
View File

@ -23,14 +23,30 @@ server:
ssl: ssl:
# Enable/disable SSL support # Enable/disable SSL support
enabled: "${SSL_ENABLED:false}" enabled: "${SSL_ENABLED:false}"
# Path to the key store that holds the SSL certificate # Server SSL credentials
key-store: "${SSL_KEY_STORE:classpath:keystore/keystore.p12}" credentials:
# Password used to access the key store # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore)
key-store-password: "${SSL_KEY_STORE_PASSWORD:thingsboard}" type: "${SSL_CREDENTIALS_TYPE:PEM}"
# Type of the key store # PEM server credentials
key-store-type: "${SSL_KEY_STORE_TYPE:PKCS12}" pem:
# Alias that identifies the key in the key store # Path to the server certificate file (holds server certificate or certificate chain, may include server private key)
key-alias: "${SSL_KEY_ALIAS:tomcat}" cert_file: "${SSL_PEM_CERT:server.pem}"
# Path to the server certificate private key file (optional)
key_file: "${SSL_PEM_KEY:server_key.pem}"
# Server certificate private key password (optional)
key_password: "${SSL_PEM_KEY_PASSWORD:server_key_password}"
# Keystore server credentials
keystore:
# Type of the key store
type: "${SSL_KEY_STORE_TYPE:PKCS12}"
# Path to the key store that holds the SSL certificate
store_file: "${SSL_KEY_STORE:classpath:keystore/keystore.p12}"
# Password used to access the key store
store_password: "${SSL_KEY_STORE_PASSWORD:thingsboard}"
# Key alias
key_alias: "${SSL_KEY_ALIAS:tomcat}"
# Password used to access the key
key_password: "${SSL_KEY_PASSWORD:thingsboard}"
log_controller_error_stack_trace: "${HTTP_LOG_CONTROLLER_ERROR_STACK_TRACE:false}" log_controller_error_stack_trace: "${HTTP_LOG_CONTROLLER_ERROR_STACK_TRACE:false}"
ws: ws:
send_timeout: "${TB_SERVER_WS_SEND_TIMEOUT:5000}" send_timeout: "${TB_SERVER_WS_SEND_TIMEOUT:5000}"
@ -679,10 +695,10 @@ transport:
store_file: "${COAP_DTLS_KEY_STORE:coapserver.jks}" store_file: "${COAP_DTLS_KEY_STORE:coapserver.jks}"
# Password used to access the key store # Password used to access the key store
store_password: "${COAP_DTLS_KEY_STORE_PASSWORD:server_ks_password}" store_password: "${COAP_DTLS_KEY_STORE_PASSWORD:server_ks_password}"
# Password used to access the key
key_password: "${COAP_DTLS_KEY_PASSWORD:server_key_password}"
# Key alias # Key alias
key_alias: "${COAP_DTLS_KEY_ALIAS:serveralias}" key_alias: "${COAP_DTLS_KEY_ALIAS:serveralias}"
# Password used to access the key
key_password: "${COAP_DTLS_KEY_PASSWORD:server_key_password}"
x509: x509:
# Skip certificate validity check for client certificates. # Skip certificate validity check for client certificates.
skip_validity_check_for_client_cert: "${TB_COAP_X509_DTLS_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}" skip_validity_check_for_client_cert: "${TB_COAP_X509_DTLS_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"
@ -702,7 +718,7 @@ transport:
# Server X509 Certificates support # Server X509 Certificates support
credentials: credentials:
# Whether to enable LWM2M server X509 Certificate/RPK support # Whether to enable LWM2M server X509 Certificate/RPK support
enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:false}" enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:true}"
# Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore) # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore)
type: "${LWM2M_SERVER_CREDENTIALS_TYPE:PEM}" type: "${LWM2M_SERVER_CREDENTIALS_TYPE:PEM}"
# PEM server credentials # PEM server credentials
@ -721,10 +737,10 @@ transport:
store_file: "${LWM2M_SERVER_KEY_STORE:lwm2mserver.jks}" store_file: "${LWM2M_SERVER_KEY_STORE:lwm2mserver.jks}"
# Password used to access the key store # Password used to access the key store
store_password: "${LWM2M_SERVER_KEY_STORE_PASSWORD:server_ks_password}" store_password: "${LWM2M_SERVER_KEY_STORE_PASSWORD:server_ks_password}"
# Password used to access the key
key_password: "${LWM2M_SERVER_KEY_PASSWORD:server_key_password}"
# Key alias # Key alias
key_alias: "${LWM2M_SERVER_KEY_ALIAS:server}" key_alias: "${LWM2M_SERVER_KEY_ALIAS:server}"
# Password used to access the key
key_password: "${LWM2M_SERVER_KEY_PASSWORD:server_ks_password}"
# Only Certificate_x509: # Only Certificate_x509:
skip_validity_check_for_client_cert: "${TB_LWM2M_SERVER_SECURITY_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}" skip_validity_check_for_client_cert: "${TB_LWM2M_SERVER_SECURITY_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"
bootstrap: bootstrap:
@ -738,7 +754,7 @@ transport:
# Bootstrap server X509 Certificates support # Bootstrap server X509 Certificates support
credentials: credentials:
# Whether to enable LWM2M bootstrap server X509 Certificate/RPK support # Whether to enable LWM2M bootstrap server X509 Certificate/RPK support
enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:false}" enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:true}"
# Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore) # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore)
type: "${LWM2M_BS_CREDENTIALS_TYPE:PEM}" type: "${LWM2M_BS_CREDENTIALS_TYPE:PEM}"
# PEM server credentials # PEM server credentials
@ -757,15 +773,15 @@ transport:
store_file: "${LWM2M_BS_KEY_STORE:lwm2mserver.jks}" store_file: "${LWM2M_BS_KEY_STORE:lwm2mserver.jks}"
# Password used to access the key store # Password used to access the key store
store_password: "${LWM2M_BS_KEY_STORE_PASSWORD:server_ks_password}" store_password: "${LWM2M_BS_KEY_STORE_PASSWORD:server_ks_password}"
# Password used to access the key
key_password: "${LWM2M_BS_KEY_PASSWORD:server_key_password}"
# Key alias # Key alias
key_alias: "${LWM2M_BS_KEY_ALIAS:bootstrap}" key_alias: "${LWM2M_BS_KEY_ALIAS:bootstrap}"
# Password used to access the key
key_password: "${LWM2M_BS_KEY_PASSWORD:server_ks_password}"
security: security:
# X509 trust certificates # X509 trust certificates
trust-credentials: trust-credentials:
# Whether to load X509 trust certificates # Whether to load X509 trust certificates
enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:false}" enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:true}"
# Trust certificates store type (PEM - pem certificates file; KEYSTORE - java keystore) # Trust certificates store type (PEM - pem certificates file; KEYSTORE - java keystore)
type: "${LWM2M_TRUST_CREDENTIALS_TYPE:PEM}" type: "${LWM2M_TRUST_CREDENTIALS_TYPE:PEM}"
# PEM certificates # PEM certificates

83
common/data/src/main/java/org/thingsboard/server/common/data/ResourceUtils.java
View File

@ -27,26 +27,35 @@ import java.net.URL;
@Slf4j @Slf4j
public class ResourceUtils { public class ResourceUtils {
public static final String CLASSPATH_URL_PREFIX = "classpath:";
public static boolean resourceExists(Object classLoaderSource, String filePath) { public static boolean resourceExists(Object classLoaderSource, String filePath) {
return resourceExists(classLoaderSource.getClass().getClassLoader(), filePath); return resourceExists(classLoaderSource.getClass().getClassLoader(), filePath);
} }
public static boolean resourceExists(ClassLoader classLoader, String filePath) { public static boolean resourceExists(ClassLoader classLoader, String filePath) {
File resourceFile = new File(filePath); boolean classPathResource = false;
if (resourceFile.exists()) { String path = filePath;
if (path.startsWith(CLASSPATH_URL_PREFIX)) {
path = path.substring(CLASSPATH_URL_PREFIX.length());
classPathResource = true;
}
if (!classPathResource) {
File resourceFile = new File(path);
if (resourceFile.exists()) {
return true;
}
}
InputStream classPathStream = classLoader.getResourceAsStream(path);
if (classPathStream != null) {
return true; return true;
} else { } else {
InputStream classPathStream = classLoader.getResourceAsStream(filePath); try {
if (classPathStream != null) { URL url = Resources.getResource(path);
return true; if (url != null) {
} else { return true;
try { }
URL url = Resources.getResource(filePath); } catch (IllegalArgumentException e) {}
if (url != null) {
return true;
}
} catch (IllegalArgumentException e) {}
}
} }
return false; return false;
} }
@ -56,32 +65,40 @@ public class ResourceUtils {
} }
public static InputStream getInputStream(ClassLoader classLoader, String filePath) { public static InputStream getInputStream(ClassLoader classLoader, String filePath) {
boolean classPathResource = false;
String path = filePath;
if (path.startsWith(CLASSPATH_URL_PREFIX)) {
path = path.substring(CLASSPATH_URL_PREFIX.length());
classPathResource = true;
}
try { try {
InputStream keyStoreInputStream; if (!classPathResource) {
File keyStoreFile = new File(filePath); File resourceFile = new File(path);
if (keyStoreFile.exists()) { if (resourceFile.exists()) {
log.info("Reading key store from file {}", filePath); log.info("Reading resource data from file {}", filePath);
keyStoreInputStream = new FileInputStream(keyStoreFile); return new FileInputStream(resourceFile);
} else { }
InputStream classPathStream = classLoader.getResourceAsStream(filePath); }
if (classPathStream != null) { InputStream classPathStream = classLoader.getResourceAsStream(path);
log.info("Reading key store from class path {}", filePath); if (classPathStream != null) {
keyStoreInputStream = classPathStream; log.info("Reading resource data from class path {}", filePath);
} else { return classPathStream;
URI uri = Resources.getResource(filePath).toURI(); } else {
log.info("Reading key store from URI {}", filePath); URL url = Resources.getResource(path);
keyStoreInputStream = new FileInputStream(new File(uri)); if (url != null) {
URI uri = url.toURI();
log.info("Reading resource data from URI {}", filePath);
return new FileInputStream(new File(uri));
} }
} }
return keyStoreInputStream;
} catch (Exception e) { } catch (Exception e) {
if (e instanceof NullPointerException) { if (e instanceof NullPointerException) {
log.warn("Unable to find resource: " + filePath); log.warn("Unable to find resource: " + filePath);
} else { } else {
log.warn("Unable to find resource: " + filePath, e); log.warn("Unable to find resource: " + filePath, e);
} }
throw new RuntimeException("Unable to find resource: " + filePath);
} }
throw new RuntimeException("Unable to find resource: " + filePath);
} }
public static String getUri(Object classLoaderSource, String filePath) { public static String getUri(Object classLoaderSource, String filePath) {
@ -90,10 +107,10 @@ public class ResourceUtils {
public static String getUri(ClassLoader classLoader, String filePath) { public static String getUri(ClassLoader classLoader, String filePath) {
try { try {
File keyStoreFile = new File(filePath); File resourceFile = new File(filePath);
if (keyStoreFile.exists()) { if (resourceFile.exists()) {
log.info("Reading key store from file {}", filePath); log.info("Reading resource data from file {}", filePath);
return keyStoreFile.getAbsolutePath(); return resourceFile.getAbsolutePath();
} else { } else {
URL url = classLoader.getResource(filePath); URL url = classLoader.getResource(filePath);
return url.toURI().toString(); return url.toURI().toString();

BIN
common/transport/lwm2m/src/main/resources/lwm2mserver.jks
View File

Binary file not shown.

12
common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/config/ssl/AbstractSslCredentials.java
View File

@ -71,6 +71,7 @@ public abstract class AbstractSslCredentials implements SslCredentials {
String alias = e.nextElement(); String alias = e.nextElement();
privateKeyEntry = tryGetPrivateKeyEntry(this.keyStore, alias, this.keyPasswordArray); privateKeyEntry = tryGetPrivateKeyEntry(this.keyStore, alias, this.keyPasswordArray);
if (privateKeyEntry != null) { if (privateKeyEntry != null) {
this.updateKeyAlias(alias);
break; break;
} }
} }
@ -87,6 +88,11 @@ public abstract class AbstractSslCredentials implements SslCredentials {
} }
} }
@Override
public KeyStore getKeyStore() {
return this.keyStore;
}
@Override @Override
public PrivateKey getPrivateKey() { public PrivateKey getPrivateKey() {
return this.privateKey; return this.privateKey;
@ -123,12 +129,10 @@ public abstract class AbstractSslCredentials implements SslCredentials {
protected abstract boolean canUse(); protected abstract boolean canUse();
protected abstract String getKeyPassword();
protected abstract String getKeyAlias();
protected abstract KeyStore loadKeyStore(boolean isPrivateKeyRequired, char[] keyPasswordArray) throws IOException, GeneralSecurityException; protected abstract KeyStore loadKeyStore(boolean isPrivateKeyRequired, char[] keyPasswordArray) throws IOException, GeneralSecurityException;
protected abstract void updateKeyAlias(String keyAlias);
private static X509Certificate[] asX509Certificates(Certificate[] certificates) { private static X509Certificate[] asX509Certificates(Certificate[] certificates) {
if (null == certificates || 0 == certificates.length) { if (null == certificates || 0 == certificates.length) {
throw new IllegalArgumentException("certificates missing!"); throw new IllegalArgumentException("certificates missing!");

5
common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/config/ssl/KeystoreSslCredentials.java
View File

@ -49,4 +49,9 @@ public class KeystoreSslCredentials extends AbstractSslCredentials {
} }
return keyStore; return keyStore;
} }
@Override
protected void updateKeyAlias(String keyAlias) {
this.keyAlias = keyAlias;
}
} }

15
common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/config/ssl/PemSslCredentials.java
View File

@ -17,6 +17,7 @@ package org.thingsboard.server.common.transport.config.ssl;
import lombok.Data; import lombok.Data;
import lombok.EqualsAndHashCode; import lombok.EqualsAndHashCode;
import lombok.Getter;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
@ -48,10 +49,11 @@ import java.util.stream.Collectors;
@EqualsAndHashCode(callSuper = false) @EqualsAndHashCode(callSuper = false)
public class PemSslCredentials extends AbstractSslCredentials { public class PemSslCredentials extends AbstractSslCredentials {
private static final String DEFAULT_KEY_ALIAS = "server";
private String certFile; private String certFile;
private String keyFile; private String keyFile;
private String keyPassword; private String keyPassword;
private final String keyAlias = "serveralias";
@Override @Override
protected boolean canUse() { protected boolean canUse() {
@ -125,8 +127,17 @@ public class PemSslCredentials extends AbstractSslCredentials {
CertPath certPath = factory.generateCertPath(certificates); CertPath certPath = factory.generateCertPath(certificates);
List<? extends Certificate> path = certPath.getCertificates(); List<? extends Certificate> path = certPath.getCertificates();
Certificate[] x509Certificates = path.toArray(new Certificate[0]); Certificate[] x509Certificates = path.toArray(new Certificate[0]);
keyStore.setKeyEntry(this.keyAlias, privateKey, keyPasswordArray, x509Certificates); keyStore.setKeyEntry(DEFAULT_KEY_ALIAS, privateKey, keyPasswordArray, x509Certificates);
} }
return keyStore; return keyStore;
} }
@Override
public String getKeyAlias() {
return DEFAULT_KEY_ALIAS;
}
@Override
protected void updateKeyAlias(String keyAlias) {
}
} }

7
common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/config/ssl/SslCredentials.java
View File

@ -19,6 +19,7 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import java.io.IOException; import java.io.IOException;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException; import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey; import java.security.PrivateKey;
@ -30,6 +31,12 @@ public interface SslCredentials {
void init(boolean trustsOnly) throws IOException, GeneralSecurityException; void init(boolean trustsOnly) throws IOException, GeneralSecurityException;
KeyStore getKeyStore();
String getKeyPassword();
String getKeyAlias();
PrivateKey getPrivateKey(); PrivateKey getPrivateKey();
PublicKey getPublicKey(); PublicKey getPublicKey();

71
common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/config/ssl/SslCredentialsWebServerCustomizer.java Normal file
View File

@ -0,0 +1,71 @@
/**
* Copyright © 2016-2021 The Thingsboard Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.thingsboard.server.common.transport.config.ssl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.server.Ssl;
import org.springframework.boot.web.server.SslStoreProvider;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.stereotype.Component;
import java.security.KeyStore;
@Component
@ConditionalOnExpression("'${spring.main.web-environment:true}'=='true' && '${server.ssl.enabled:false}'=='true'")
public class SslCredentialsWebServerCustomizer implements WebServerFactoryCustomizer<ConfigurableServletWebServerFactory> {
@Bean
@ConfigurationProperties(prefix = "server.ssl.credentials")
public SslCredentialsConfig httpServerSslCredentials() {
return new SslCredentialsConfig("HTTP Server SSL Credentials", false);
}
@Autowired
@Qualifier("httpServerSslCredentials")
private SslCredentialsConfig httpServerSslCredentialsConfig;
private final ServerProperties serverProperties;
public SslCredentialsWebServerCustomizer(ServerProperties serverProperties) {
this.serverProperties = serverProperties;
}
@Override
public void customize(ConfigurableServletWebServerFactory factory) {
SslCredentials sslCredentials = this.httpServerSslCredentialsConfig.getCredentials();
Ssl ssl = serverProperties.getSsl();
ssl.setKeyAlias(sslCredentials.getKeyAlias());
ssl.setKeyPassword(sslCredentials.getKeyPassword());
factory.setSsl(ssl);
factory.setSslStoreProvider(new SslStoreProvider() {
@Override
public KeyStore getKeyStore() {
return sslCredentials.getKeyStore();
}
@Override
public KeyStore getTrustStore() {
return null;
}
});
}
}

4
transport/coap/src/main/resources/tb-coap-transport.yml
View File

@ -118,10 +118,10 @@ transport:
store_file: "${COAP_DTLS_KEY_STORE:coapserver.jks}" store_file: "${COAP_DTLS_KEY_STORE:coapserver.jks}"
# Password used to access the key store # Password used to access the key store
store_password: "${COAP_DTLS_KEY_STORE_PASSWORD:server_ks_password}" store_password: "${COAP_DTLS_KEY_STORE_PASSWORD:server_ks_password}"
# Password used to access the key
key_password: "${COAP_DTLS_KEY_PASSWORD:server_key_password}"
# Key alias # Key alias
key_alias: "${COAP_DTLS_KEY_ALIAS:serveralias}" key_alias: "${COAP_DTLS_KEY_ALIAS:serveralias}"
# Password used to access the key
key_password: "${COAP_DTLS_KEY_PASSWORD:server_key_password}"
x509: x509:
# Skip certificate validity check for client certificates. # Skip certificate validity check for client certificates.
skip_validity_check_for_client_cert: "${TB_COAP_X509_DTLS_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}" skip_validity_check_for_client_cert: "${TB_COAP_X509_DTLS_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"

28
transport/http/src/main/resources/tb-http-transport.yml
View File

@ -19,6 +19,34 @@ server:
address: "${HTTP_BIND_ADDRESS:0.0.0.0}" address: "${HTTP_BIND_ADDRESS:0.0.0.0}"
# Server bind port # Server bind port
port: "${HTTP_BIND_PORT:8081}" port: "${HTTP_BIND_PORT:8081}"
# Server SSL configuration
ssl:
# Enable/disable SSL support
enabled: "${SSL_ENABLED:false}"
# Server SSL credentials
credentials:
# Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore)
type: "${SSL_CREDENTIALS_TYPE:PEM}"
# PEM server credentials
pem:
# Path to the server certificate file (holds server certificate or certificate chain, may include server private key)
cert_file: "${SSL_PEM_CERT:server.pem}"
# Path to the server certificate private key file (optional)
key_file: "${SSL_PEM_KEY:server_key.pem}"
# Server certificate private key password (optional)
key_password: "${SSL_PEM_KEY_PASSWORD:server_key_password}"
# Keystore server credentials
keystore:
# Type of the key store
type: "${SSL_KEY_STORE_TYPE:PKCS12}"
# Path to the key store that holds the SSL certificate
store_file: "${SSL_KEY_STORE:classpath:keystore/keystore.p12}"
# Password used to access the key store
store_password: "${SSL_KEY_STORE_PASSWORD:thingsboard}"
# Key alias
key_alias: "${SSL_KEY_ALIAS:tomcat}"
# Password used to access the key
key_password: "${SSL_KEY_PASSWORD:thingsboard}"
# Zookeeper connection parameters. Used for service discovery. # Zookeeper connection parameters. Used for service discovery.
zk: zk:

14
transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml
View File

@ -114,7 +114,7 @@ transport:
# Server X509 Certificates support # Server X509 Certificates support
credentials: credentials:
# Whether to enable LWM2M server X509 Certificate/RPK support # Whether to enable LWM2M server X509 Certificate/RPK support
enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:false}" enabled: "${LWM2M_SERVER_CREDENTIALS_ENABLED:true}"
# Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore) # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore)
type: "${LWM2M_SERVER_CREDENTIALS_TYPE:PEM}" type: "${LWM2M_SERVER_CREDENTIALS_TYPE:PEM}"
# PEM server credentials # PEM server credentials
@ -133,10 +133,10 @@ transport:
store_file: "${LWM2M_SERVER_KEY_STORE:lwm2mserver.jks}" store_file: "${LWM2M_SERVER_KEY_STORE:lwm2mserver.jks}"
# Password used to access the key store # Password used to access the key store
store_password: "${LWM2M_SERVER_KEY_STORE_PASSWORD:server_ks_password}" store_password: "${LWM2M_SERVER_KEY_STORE_PASSWORD:server_ks_password}"
# Password used to access the key
key_password: "${LWM2M_SERVER_KEY_PASSWORD:server_key_password}"
# Key alias # Key alias
key_alias: "${LWM2M_SERVER_KEY_ALIAS:server}" key_alias: "${LWM2M_SERVER_KEY_ALIAS:server}"
# Password used to access the key
key_password: "${LWM2M_SERVER_KEY_PASSWORD:server_ks_password}"
# Only Certificate_x509: # Only Certificate_x509:
skip_validity_check_for_client_cert: "${TB_LWM2M_SERVER_SECURITY_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}" skip_validity_check_for_client_cert: "${TB_LWM2M_SERVER_SECURITY_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"
bootstrap: bootstrap:
@ -150,7 +150,7 @@ transport:
# Bootstrap server X509 Certificates support # Bootstrap server X509 Certificates support
credentials: credentials:
# Whether to enable LWM2M bootstrap server X509 Certificate/RPK support # Whether to enable LWM2M bootstrap server X509 Certificate/RPK support
enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:false}" enabled: "${LWM2M_BS_CREDENTIALS_ENABLED:true}"
# Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore) # Server credentials type (PEM - pem certificate file; KEYSTORE - java keystore)
type: "${LWM2M_BS_CREDENTIALS_TYPE:PEM}" type: "${LWM2M_BS_CREDENTIALS_TYPE:PEM}"
# PEM server credentials # PEM server credentials
@ -169,15 +169,15 @@ transport:
store_file: "${LWM2M_BS_KEY_STORE:lwm2mserver.jks}" store_file: "${LWM2M_BS_KEY_STORE:lwm2mserver.jks}"
# Password used to access the key store # Password used to access the key store
store_password: "${LWM2M_BS_KEY_STORE_PASSWORD:server_ks_password}" store_password: "${LWM2M_BS_KEY_STORE_PASSWORD:server_ks_password}"
# Password used to access the key
key_password: "${LWM2M_BS_KEY_PASSWORD:server_key_password}"
# Key alias # Key alias
key_alias: "${LWM2M_BS_KEY_ALIAS:bootstrap}" key_alias: "${LWM2M_BS_KEY_ALIAS:bootstrap}"
# Password used to access the key
key_password: "${LWM2M_BS_KEY_PASSWORD:server_ks_password}"
security: security:
# X509 trust certificates # X509 trust certificates
trust-credentials: trust-credentials:
# Whether to load X509 trust certificates # Whether to load X509 trust certificates
enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:false}" enabled: "${LWM2M_TRUST_CREDENTIALS_ENABLED:true}"
# Trust certificates store type (PEM - pem certificates file; KEYSTORE - java keystore) # Trust certificates store type (PEM - pem certificates file; KEYSTORE - java keystore)
type: "${LWM2M_TRUST_CREDENTIALS_TYPE:PEM}" type: "${LWM2M_TRUST_CREDENTIALS_TYPE:PEM}"
# PEM certificates # PEM certificates